Search Results

Search found 18715 results on 749 pages for 'website attack'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 176/749 | < Previous Page | 172 173 174 175 176 177 178 179 180 181 182 183  | Next Page >

  • DNS setup problems with Windows Azure VPS

    - by jbigelow
    What is the proper to setup the A record (or CNAME) for a Windows Azure VPS? I can't connect to my website after setting up IIS and believe I don't have the correct DNS setup. I created a small VPS instance with the default Windows Server 2012 configuration. I RDP'd in and added the Webserver role. In my DNSMadeEasy control panel I added an A record with my Public Virtual IP Address. In IIS I went to the default website and added bindings for the hostname of my website, so I should be able to type mywebsite.com and see the IIS 8 splash screen, but instead my browser cannot connect. I attempted to navigate to the site by typing in my Virtual IP address into the browser and still cannot connect. I RDP'd back into the machine and turned off Windows Firewall. No change, still cannot navigate to my website. From within IIS I double checked my binding. If I click "browse *:80" I can bring up my website in IE with the http:// localhost address. If I click "browse mywebsite on *.80" IE says "This page cannot be displayed.", from within the RDP session I can view the site if I navigate to http:// 127.0.0.1 but not if I navigate to my Virtual IP, nor can I view the page if I try navigating to http:// mywebservername.cloudapp.net I'm thinking I must be fundamentally not understanding how do DNS setup with Azure VPS but my initial Google searches aren't turning up any helpful information. (spaces added after the http:// so serverfault doesn't try and render them as valid urls.)

    Read the article

  • "File does not exist" in apache error log.

    - by Samuurai
    Hi, This is an example of an error in out log file: File does not exist: /var/www/website/female, referer: http://www.website.com/female/dresses/A-Dress-Black "/female" doesn't exist, because we use friendly urls via our .htaccess file which looks like this: RewriteEngine On # Turn on the rewriting engine RewriteBase / RewriteCond %{http_host} !^www.website.com$ [nc] RewriteRule ^(.*)$ http://www.website.com/$1 [r=301,nc,L] RewriteRule ^News/?$ news.php [NC,L] RewriteRule ^About/?$ about.php [NC,L] RewriteRule ^Contact/?$ contact.php [NC,L] RewriteRule ^Sign-In/Create-Account?$ sign_up_in.php [NC,L] RewriteRule ^Logout?$ sign_up_in.php?l=1 [NC,L] RewriteRule ^Your-Bag?$ your_bag.php [NC,L] RewriteRule ^Help?$ help.php [NC,L] RewriteRule ^Profile?$ profile.php [NC,L] RewriteRule ^Create-Profile?$ profile_create.php [NC,L] # ITEM RewriteRule ^([A-Za-z-]+)/([A-Za-z-]+)/([A-Za-z0-9-]+)/?$ store_focus.php?sex=$1catName=$2&permalink=$3 [NC,L] # PAGE RewriteRule ^([A-Za-z-]+)/([A-Za-z-]+)/page/([0-9]+)/?$ store.php?sex=$1&catName=$2&page=$3 [NC,L] # CATEGORY RewriteRule ^([A-Za-z-]+)/([A-Za-z-]+)/?$ store.php?sex=$1&catName=$2 [NC,L] # SEX RewriteRule ^([A-Za-z-]+)/?$ store.php?sex=$1 [NC,L] Every request for a page results in an error. Has anyone encountered this before? Thanks! Beren

    Read the article

  • Godaddy hosting with dynamic ip?

    - by Razor Storm
    I bought a domain name on godaddy.com let's call it www.website.com, but my server has a dynamic ip, how do I resolve this issue? What I've tried: get a dns account at dyndns.com let's call it dns.dyndns.com, so I set up godaddy to forward the domain to dns.dyndns.com. problem: When the user goes to www.website.com, they see dns.dyndns.com in the url bar. Bad So then I set up the forwarding on godaddy to forward with domain masking, but then the problem is now that users can't even see url paths/get queries/ or hash marks anymore! `www.website.com/folder/search?id=4#ajax=4` becomes just www.website.com in the url bar. bad! What do I do?

    Read the article

  • DNS Server Spoofed Request Amplification DDoS - Prevention

    - by Shackrock
    I've been conducting security scans, and a new one popped up for me: DNS Server Spoofed Request Amplification DDoS The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server. General Solution: Restrict access to your DNS server from public network or reconfigure it to reject such queries. I'm hosting my own DNS for my website. I'm not sure what the solution is here... I'm really looking for some concrete detailed steps to patch this, but haven't found any yet. Any ideas? CentOS5 with WHM and CPanel. Also see: http://securitytnt.com/dns-amplification-attack/

    Read the article

  • It's Not TV- It's OTN: Top 10 Videos on the OTN YouTube Channel

    - by Bob Rhubart
    It's been a while since we checked in on what people are watching on the Oracle Technology Network YouTube Channel. Here are the Top 10 video for the last 30 days. Tom Kyte: Keeping Up with the Latest in Database Technology Tom Kyte expands on his keynote presentation at the Great Lakes Oracle Conference with tips for developers, DBAs and others who want to make sure they are prepared to work with the latest database technologies. That Jeff Smith: Oracle SQL Developer Oracle SQL Developer product manager Jeff Smith (yeah, that Jeff Smith) talks about his presentations at the Great Lakes Oracle Conference and shares his reaction to keynote speaker C.J. Date's claim that "SQL dropped the ball." Gwen Shapira: Hadoop and Oracle Database Oracle ACE Director Gwen Shapira @gwenshap talks about the fit between Hadoop and Oracle Database and dives into the details of why Oracle Loader for Hadoop is 5x faster. Kai Yu: Virtualization and Cloud Oracle ACE Director Kai Yu talks about the questions he is most frequently asked when he does presentations on cloud computing and virtualization. Mark Sewtz: APEX 4.2 Mobile App Development Application Express developer Marc Sewtz demos the new features he built into APEX4.2 to support Mobile App Development. Jeremy Schneider: RAC Attack Oracle ACE Jeremy Schneider @jer_s describes what you can expect when you come to a RAC (Real Application Cluster) Attack. Frits Hoogland: Exadata Under the Hood Oracle ACE Director Frits Hoogland (@fritshoogland) talks about the secret sauce under Exadata's hood. David Peake: APEX 4.2 New Features David Peake, PM for Oracle Application Express, gives a quick overview of some of the new APEX features. Greg Marsden: Hugepages = Huge Performance on Linux Greg Marsden of Oracle's Linux Kernel Engineering Team talks about some common customer performance questions and making the most of Oracle Linux 6 and Transparent HugePages. John Hurley: NEOOUG and GLOC 2013 Northeast Ohio Oracle User Group president John Hurley talks about the background and success of the 2013 Great Lakes Oracle Conference.

    Read the article

  • What response should be made to a continued web-app crack attempt?

    - by Tchalvak
    I've issues with a continuous, concerted cracking attempt on a website (coded in php). The main problem is sql-injection attempts, running on a Debian server. A secondary effect of the problem is being spidered or repeatedly spammed with urls that, though a security hole has been closed, are still obviously related attempts to crack the site, and continue to add load to the site, and thus should be blocked. So what measures can I take to: A: Block known intruders/known attack machines (notably making themselves anonymous via botnet or relaying servers) to prevent their repeated, continuous, timed access from affecting the load of the site, and B: report & respond to the attack (I'm aware that the reporting to law enforcement is almost certainly futile, as may be reporting to the ip/machine where the attacks are originating, but other responses to take would be welcome).

    Read the article

  • ISA 2006 SP1 - SSL Client Certificate Authentication in Workgroup Environment

    - by JoshODBrown
    We have an IIS6 website that was previously published using an ISA 2006 SP1 standard server publishing rule. In IIS we had required a client certificate be provided before the website could be accessed... this all worked fine and dandy. Now we wish to use a web publishing rule on ISA 2006 SP1 for this same website. However, it seems the client certificate doesn't get processed now, so of course the user can't access the website. I've read a few articles stating the CA for the certificate needs to be installed in the trusted root certificate authorities store on the ISA Server (i have done this), as well as installing the client certificate on the ISA Server (done as well). I have also verified that the ISA Server is able to access the CRL for our CA no problem... In the listener properties for the web publishing rule, under Authentication, and Client Authentication Method, there is an option for SSL Client Certificate Authentication... i select this, but it appears the only Authentication Validation Method selectable is Windows (Active Directory).... there is no Active Directory in this environment. When i configure the rule with the defaults, I then try to hit my website and it prompts for my certificate, i choose it and hit ok... then I'm given the following error Error Code: 500 Internal Server Error. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) I check the event logs on the ISA Server and in Security Logs, i see Event ID 536, Failure Aud. The reason: The NetLogon component is not active. I think this is pretty obvious since there is no active directory available. Is there a way to make this web publishing rule work using client certificates in this workgroup environment? Any suggestions or links to helpful documents would be greatly appreciated!

    Read the article

  • Web authentication using LDAP and Apache?

    - by Stephen R
    I am working on a project of setting up a web administered inventory database for my work (or if they don't want it then i'll enjoy learning about it) and hit the problem of allowing only authorized users to access the website (In its testing/development phase, I allow all people to navigate to the website to add entries to the database and query it). I am trying to make it so only particular users in the domain (Active Directory) are allowed to access the website after they are queried about their credentials. I read that Apache (I am using a LAMP server) has a means of asking visitors to the website to provide LDAP credentials in order to gain access to the site, but I wasn't sure if that was exactly what I was looking for. If anyone has experience in the LDAP configurations for Apache that I mentioned or any other means of securely authenticating with websites I would greatly appreciate advice or a direction to go Thank you!

    Read the article

  • iptables port forwarding works only for localhost

    - by Venki
    Below is my iptables config. I used this for my accessing a node js website running in port 9000 through port 80. This works fine only if access the website through local host / loop back. When I try to use the ip of eth0, which is assigned by my router through dcp. this does not work, when I use ip like 192.168.0.103 to access the website. I am not able to figure what is wrong here, Already burnt a day in this, still not able to figure out :( Edit: ( more information) Earlier, I was using this configuration to develop the website, i had configured the domain name to point to 127.0.0.1 in the /etc/hosts file. It was working fine, but now I am trying to deploy the website in a vps with static ip, This configuration does not work with both static IP. # redirect port 80 to port 9000 *nat :PREROUTING ACCEPT [57:3896] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [4229:289686] :POSTROUTING ACCEPT [4239:290286] -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9000 -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9000 COMMIT # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL). -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT -A INPUT -p tcp --dport 9000 -j ACCEPT -A INPUT -j REJECT

    Read the article

  • Bypass IIS Basic Authentication for localhost

    - by George
    I'd like to have a website authenticated with basic auth, but then also allow the website to access itself locally. That is, I want to allow unauthenticated access only from localhost. In IIS I have only basic authentication enabled (not worrying about SSL for now), and I have the correct file system permissions such that outside users can login successfully and view the website. I have tried setting IIS_IUSR as owner of the directory, and added IUSR with modify permissions, however I'm still getting a 401 error when the website tries to access itself. Anyone have any idea how to get this to work?

    Read the article

  • Thoughts on web development architecture through integrating C++ in the future to a web application

    - by Holland
    I'm looking to build a website (it's actually going to be a commercial startup) I saw this question and it really shed some light on a few things that I was hoping to understand (kudos to the op). After seeing that, it would make sense that, unless the website were required to actually have millions of hits per day, it wouldn't be a viable solution to write a C++ backend on the server side. But this got me thinking. what if it in the (unlikely) events of the future, it does go that route? The problem is that, while I'm thinking of starting this all using .Net (in the beginning) just to get something quick and easy up without a lot of hassle (in terms of learning), and then moving towards something more Open Source (such as Python/Django or RoR) later to save money and to support OSS, I'm wondering IFF the website actually becomes big, will it be a good idea to integrate a C++ backend, and use Python ontop of C++ for a strong foundation, and then mitigate HTML/CSS/AJAX/etc ontop of the backend's foundation? I guess, what I'd like to know is that, given the circumstance, if this were to happen, would it be a proper approach in terms of architecture? I'd definitely be supporting MVC as that seems to be a great way to implement a website. All in all, would one consider this rational, or are there other alternatives? I like .Net, and I'd like to use it in the beginning, because I have much more experience with that than, say, Python or PHP, and I prefer it in general, but I really do want to support OSS in the future. I suppose the sentence I'm looking for is, "is this pragmatic?"

    Read the article

  • Implement service layer in MVC

    - by Dan H
    We have a defined service layer hosted in WCF. We are now building a website that will need to use the services functionality. The website is being written in ASP.NET MVC 4 and I'm trying to decide how to reference the WCF service from the MVC app. It's a large complex website and it will be changing on a weekly basis. My first reaction is to abstract out the service references (About 7 services on this one WCF host) and create a service ref facade library with which the website interacts. But, I don't know exactly how to use the service facade in MVC. I'm starting to think the Models will be responsible for it because when the controller gets a model, that model should call the service (if needed) and return what the controller asked. I'm trying to avoid having the MVC app know details of the service references. So, I could have a model factory that creates whatever model the controllers need and they can use the service facade to accomplish it. Is this a good plan, or am I off track?

    Read the article

  • How do I restart MySQL in monit when page contains specific text?

    - by Tyler
    How do I check if a web page contains the text "Error connecting to database" and if the text exists in the page restart the database? Here's what I have so far but it isn't working: check host website.com with address website.com group database start program = "/usr/bin/service mysql start" stop program = "/usr/bin/service mysql stop" if url http://website.com content == "Error connecting to database" then restart

    Read the article

  • Insert Special Characters & Coding in Online Forms in Firefox

    - by Asian Angel
    If you are active in forums or comment areas on different websites then you most likely use some type of special characters, HTML, or other code throughout the day. Now you can easily insert commonly used “items” with the SKeys extension for Firefox. Your New Special Text Edit Bar After installing the extension you will see the new toolbar that has been added to your browser. These are the kinds of text that can be added to online comment areas, forums, or other website areas that allow their use: Special characters HTML tags BB codes Wiki characters All that you will need to do is click on the appropriate special character or code to insert it into the website text area. The first two toolbar items are each singular in their function and insert the following types of text. A look at the special characters available for your use. The wiki code menu. The HTML menu… And the BB code menu. Here is a quick sample using the HTML menu…much better than doing it manually. This should definitely help speed things up throughout the day. Our only disappointment during testing was not being able to add additional items (i.e. characters, tags) to the toolbar at this time. Conclusion While a new toolbar may not be for everyone this extension can certainly prove useful when you need to quickly add special characters or coding in website text areas. Links Download the SKeys extension (Mozilla Add-ons) Similar Articles Productive Geek Tips Quick Tip: Use Tab Characters in Textarea Boxes in FirefoxUse Special Characters in WindowsUsing Password Phrases For Better SecuritySearch For Rows With Special Characters in SQL ServerExpand Text Areas in Web Forms in Firefox TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Enable Check Box Selection in Windows 7 OnlineOCR – Free OCR Service Betting on the Blind Side, a Vanity Fair article 30 Minimal Logo Designs that Say More with Less LEGO Digital Designer – Free Create a Personal Website Quickly using Flavors.me

    Read the article

  • Insert Special Characters & Coding in Online Forms in Firefox

    - by Asian Angel
    If you are active in forums or comment areas on different websites then you most likely use some type of special characters, HTML, or other code throughout the day. Now you can easily insert commonly used “items” with the SKeys extension for Firefox. Your New Special Text Edit Bar After installing the extension you will see the new toolbar that has been added to your browser. These are the kinds of text that can be added to online comment areas, forums, or other website areas that allow their use: Special characters HTML tags BB codes Wiki characters All that you will need to do is click on the appropriate special character or code to insert it into the website text area. The first two toolbar items are each singular in their function and insert the following types of text. A look at the special characters available for your use. The wiki code menu. The HTML menu… And the BB code menu. Here is a quick sample using the HTML menu…much better than doing it manually. This should definitely help speed things up throughout the day. Our only disappointment during testing was not being able to add additional items (i.e. characters, tags) to the toolbar at this time. Conclusion While a new toolbar may not be for everyone this extension can certainly prove useful when you need to quickly add special characters or coding in website text areas. Links Download the SKeys extension (Mozilla Add-ons) Similar Articles Productive Geek Tips Quick Tip: Use Tab Characters in Textarea Boxes in FirefoxUse Special Characters in WindowsUsing Password Phrases For Better SecuritySearch For Rows With Special Characters in SQL ServerExpand Text Areas in Web Forms in Firefox TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Enable Check Box Selection in Windows 7 OnlineOCR – Free OCR Service Betting on the Blind Side, a Vanity Fair article 30 Minimal Logo Designs that Say More with Less LEGO Digital Designer – Free Create a Personal Website Quickly using Flavors.me

    Read the article

  • Apache server in raspberry PI not visible from outside( public IP)

    - by Kronos
    I have made a fresh install of Arch Linux ARM into a Raspberry PI and I mounted there a LAMP, all fresh. I have another Arch(x86) in my laptop with Apache also there, and as far as I know, two web servers cannot run in the same network segment so, the problem is as follows. I my laptop, having Apache running, if I enter via the public ip of my network everything turns ok and I can see my website but, (obviously turning this server down) if I enter from the public IP with the Apache running in the raspberry pi( yes, only that Apache running) i cannot see my website in there. Also, if I access via local network it is a normal success, I can see my website. So, I can enter my raspberry website only via local but in my other web server i can enter it via local and public. I have the same conf files in both of them so what is the difference? I was planning in making the rpi as a development server. Thanks in advance

    Read the article

  • Proftpd: only allow one address

    - by tomkeim
    Hello, I am searching for it on Google, but i didn't find anything. Is there a way tho set up proftpd that it will only accept a connection on ftp.website.ext and not on website.ext or test.website.ext I am running proftpd on Debian 5 Tom

    Read the article

  • virtual directories in iis7.0 got deleted in windows 2008

    - by subash
    hi , After installing iis6.0 metabase compatibility and iis6.0 console in the iis7.0 ,i am not able to create new virtual directory in Default website( which is marked with a small red mark). when i right click on" Default website",it generates following message box "there was an error while performing this operation...the application '/' does not exist." and i am working in the windows 2008 environment .can any one help me in getting back my old virtual directories in default website?

    Read the article

  • Bot strategy in an arena

    - by joulesm
    I am writing the player's behavior for an arena game, and I'm wondering if you could offer some strategies. I'm writing it in Python, but I'm just interested in the high level game play. Here are the game aspects: Arena is a circle of a given size. The arena's size shrinks every round to help break any ties. Players are much smaller circles, and can be on teams of 1 or 2 players. Players attack by colliding with other players, and based on the physics of the collision (speed of both players, angle), one could force another player out of the arena. Once a player is out of the arena, they are out of the game (for that round). The goal is to be on the only team with players left in the arena. All other players have been pushed (through collisions or mistakes) out of the arena. It is possible for there to be no winner if the last two players exit the arena at the same time. Once the player has been programmed, the game just runs. There is no human intervention in the game. I'm thinking it's easiest to implement a few simple programmatic rules for my player to follow. For example, stay close to center of the arena, attack opponents from the inner side of the arena, etc. Are there any good simple game strategies? Would adding a random aspect to the game help? For example, to avoid predictability by the other team or something. Thanks in advance.

    Read the article

  • Is this form of cloaking likely to be penalised?

    - by Flo
    I'm looking to create a website which is considerably javascript heavy, built with backbone.js and most content being passed as JSON and loaded via backbone. I just needed some advice or opinions on likely hood of my website being penalised using the method of serving plain HTML (text, images, everything) to search engine bots and an js front-end version to normal users. This is my basic plan for my site: I plan on having the first request to any page being html which will only give about 1/4 of the page and there after load the last 3/4 with backbone js. Therefore non javascript users get a 'bit' of the experience. Once that new user has visited and detected to have js will have a cookie saved on their machine and requests from there after will be AJAX only. Example If (AJAX || HasJSCookie) { // Pass JSON } Search Engine server content: That entire experience of loading via AJAX will be stripped if a google bot for example is detected, the same content will be servered but all html. I thought about just allowing search engines to index the first 1/4 of content but as I'm considered about inner links and picking up every bit of content I thought it would be better to give search engines the entire content. I plan to do this by just detected a list of user agents and knowing if it's a bot or not. If (Bot) { //server plain html } In addition I plan to make clean URLs for the entire website despite full AJAX, therefore providing AJAX content to www.example.com/#/page and normal html to www.example.com/page is kind of our of the question. Would rather avoid the practice of using # when there are technology such as HTML 5 push state is around. So my question is really just asking the opinion of the masses on if it's likely that my website will be penalised? And do you suggest an alternative which avoids 'noscript' method

    Read the article

  • Procmail Postfix issue

    - by Blucreation
    Our server is using CENTOS uses postfix: Nov 1 11:31:52 webserver postfix/smtpd[30424]: 822A91872F: client=unknown[5.133.168.42], sasl_method=PLAIN, [email protected] Nov 1 11:31:52 webserver postfix/cleanup[30427]: 822A91872F: message-id=<[email protected]> Nov 1 11:31:52 webserver postfix/qmgr[1067]: 822A91872F: from=<[email protected]>, size=620, nrcpt=1 (queue active) Nov 1 11:31:52 webserver postfix/virtual[30505]: 822A91872F: to=<[email protected]>, relay=virtual, delay=0.12, delays=0.12/0/0/0, dsn=2.0.0, status=sent (delivered to maildir) Nov 1 11:31:52 webserver postfix/qmgr[1067]: 822A91872F: removed Nov 1 11:31:52 webserver postfix/smtpd[30424]: disconnect from unknown[5.133.168.42] I have this in my etc/postfix/main.cf: mailbox_command = /usr/bin/procmail -a "$EXTENSION" My etc/procmailrc contains: PATH="/usr/bin" SHELL="/bin/bash" LOGFILE="/var/log/procmail.log" VERBOSE="YES" LOG="#TEST#" I don't think procmail is picking up on my procmailrc as nothing ever gets logged from normal emails. If i type this: procmail DEFAULT=/dev/null VERBOSE=yes LOGFILE=/var/log/procmail.log /dev/null </dev/null I get entries in my log file so i know procmail is working Am i doing something wrong? am i missing something? I eventually want my rule to call a php script only if the subject contains "SUPPORT TICKET" and the to is "[email protected]" but that's once i this issue solved.

    Read the article

  • Oracle Inroduces a New Line of Defense for Databases

    - by roxana.bradescu
    Today at the 2011 RSA Conference, we announced the immediate availability of our new Oracle Database Firewall, the latest addition to a comprehensive portfolio of database security solutions. Oracle Database Firewall is a network-based software solution that monitors database traffic, and can detect and block SQL injection and other attacks from reaching Oracle and non-Oracle databases. According to the 2010 Verizon Data Breach Investigations Report, SQL injection attacks against databases are responsible for 89% of all breached data. SQL injection attacks are a technique for controlling responses from the database server through applications. This attack exploits the inherent trust between application layer and the back-end database. Previously the only way organizations had to safeguard against SQL injection attacks was a complete overhaul of their application code. Obviously a very costly, complex, and often impossible undertaking for most organizations. Enter the new Oracle Database Firewall. It can help prevent SQL injection attacks by establishing a defensive perimeter around your databases. The Oracle Database Firewall uses an innovative SQL grammar analysis to inspect the database traffic against pre-defined policies. Normal expected traffic is allowed to pass (and can be optionally logged to demonstrate regulatory compliance), ensuring no false positives or disruption to your business. SQL statements that are explicitly forbidden or unknown SQL statements can either pass, be logged, alert, block or be substitute with pre-defined SQL statements. Being able to substitute an unknown potentially harmful SQL statement with a harmless statement is especially powerful since it foils an attack while allowing the application to operate normally and preventing DoS attacks. So, if you're at RSA, stop by our booth or attend the session with Steve Moyle, Oracle Database Firewall CTO. Or if you want to learn more immediately, please watch our on-demand webcast and download the new Oracle Database Firewall Resource Kit with everything you need to get started today.

    Read the article

  • The PATRIOT Act and how it relates to the Internet

    The subject of the Internet and anonymity is a very sticky situation for me because I primarily develop web applications for a living.  As a part of my job I have to track users as they enter, navigate and leave specific applications. The level of tracking depends on where the user goes within a website.  The basic information that I capture includes the user’s IP address, browser type, operating system, the date/time they entered the site and the URL from which the user was referred to the website. In addition to the custom logging that is placed on the website, web servers also have methods of logging built-in as well. Web server logging allows companies to have a central repository to store all user activity across the entire server. Not to mention that they can also create a central repository that allows multiple servers to store log files in one location. This allows users to be tracked across multiple servers as they browse website located on a specific collection of servers that host multiple websites. All this being said there are methods to attempt to protect your privacy by using proxy servers and increasing your browser security levels, but that will only limit the amount of logging not eliminate it. I have to agree with Traynor when he states that the PATRIOT Act eviscerates the constitutional protections of anonymous communication on the Internet. Therefore, given the recent passage and implementation of the PATRIOT Act, the constitutional guarantees of the right to anonymity have been severely compromised. I think that the PATRIOT Act is a direct violation of our first amendment rights because it allows for the government to directly monitor any and all activity on the internet including communications, usage, and transactions that can occur.  This opens the door to scrutiny and persecution of individuals who are not in line with the government’s beliefs and actions. If England had this type of monitoring capabilities during the revolutionary war, I believe it would have been almost impossible to succeed from England.

    Read the article

  • Passenger 2.2.4, nginx 0.7.61 and SSL

    - by boompa
    Has anyone had any luck configuring Passenger and nginx with SSL? I've spent hours trying to get this configuration working as I'd like, using what few resources there are out there on the net, and I can't get any of the supposedly forwarded headers to show up in the Rails controller. For example, with a conf file of the following (and multiple variations thereof): server { listen 3000; server_name .example.com; root /Users/website/public; passenger_enabled on; rails_env development; } server { listen 3443; root /Users/website/public; rails_env development; passenger_enabled on; ssl on; #ssl_verify_client on; ssl_certificate /Users/website/ssl/server.crt; ssl_certificate_key /Users/website/ssl/server.key; #ssl_client_certificate /Users/website/ssl/CA.crt; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-SSL-Subject $ssl_client_s_dn; #proxy_set_header X-SSL-Issuer $ssl_client_i_dn; proxy_redirect off; proxy_max_temp_file_size 0; } and Rails code in the controller like this: request.headers.each { |k, v| RAILS_DEFAULT_LOGGER.error "Header #{k} Val #{v}" } other headers appear, but not those set in nginx, e.g.: Header rack.multithread Val false Header REQUEST_URI Val /login/new Header REMOTE_PORT Val 64021 Header rack.multiprocess Val true Header PASSENGER_USE_GLOBAL_QUEUE Val false Header PASSENGER_APP_TYPE Val rails Header SCGI Val 1 Header SERVER_PORT Val 3443 Header HTTP_ACCEPT_CHARSET Val ISO-8859-1,utf-8;q=0.7,*;q=0.7 Header rack.request.query_hash Val Header DOCUMENT_ROOT Val /Users/website/public I've even gone so far as to modify Passenger's abstract_request_handler's main_loop method, i.e., headers, input = parse_request(client) if headers if headers[REQUEST_METHOD] == PING process_ping(headers, input, client) else headers.each { |h,v| log.unknown "abstract_request_handler: #{h} = #{v}" } process_request(headers, input, client) end end only to find that the supposedly added headers do not exist there either: abstract_request_handler: HTTP_KEEP_ALIVE = 300 abstract_request_handler: HTTP_USER_AGENT = Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 abstract_request_handler: PASSENGER_SPAWN_METHOD = smart-lv2 abstract_request_handler: CONTENT_LENGTH = 0 abstract_request_handler: HTTP_IF_NONE_MATCH = "b6e8b9afbc1110ee3bf0c87e119252ad" abstract_request_handler: HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5 abstract_request_handler: SERVER_PROTOCOL = HTTP/1.1 abstract_request_handler: HTTPS = on abstract_request_handler: REMOTE_ADDR = 127.0.0.1 abstract_request_handler: SERVER_SOFTWARE = nginx/0.7.61 abstract_request_handler: SERVER_ADDR = 127.0.0.1 abstract_request_handler: SCRIPT_NAME = abstract_request_handler: PASSENGER_ENVIRONMENT = development abstract_request_handler: REMOTE_PORT = 64021 abstract_request_handler: REQUEST_URI = /login/new abstract_request_handler: HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7 abstract_request_handler: SERVER_PORT = 3443 abstract_request_handler: SCGI = 1 abstract_request_handler: PASSENGER_APP_TYPE = rails abstract_request_handler: PASSENGER_USE_GLOBAL_QUEUE = false I'm tired of banging my head against the wall, so I'd truly appreciate any help I can get!

    Read the article

  • Simultaneous AI in turn based games

    - by Eduard Strehlau
    I want to hack together a roguelike. Now I thought about entity and world representation and got to a quite big problem. If you want all the AI to act simultaneously you would normally(in cellular automa for examble) just copy the cell buffer and let all action of indiviual cells depend on the copy. Actions which are not valid anymore after some cell before the cell you are currently operating on changed the original enviourment(blocking the path) are just ignored or reapplied with the "current"(between turns) environment. After all cells have acted you copy the current map to the buffer again. Now for an environment with complex AI and big(datawise) entities the copying would take too long. So I thought you could put every action and entity makes into a que(make no changes to the environment) and execute the whole que after everyone took their move. Every interaction on this que are realy interacting entities, so if a entity tries to attack another entity it sends a message to it, the consequences of the attack would be visible next turn, either by just examining the entity or asking the entity for data. This would remove problems like what happens if an entity dies middle in the cue but got actions or is messaged later on(all messages would go to null, and the messages from the entity would either just be sent or deleted(haven't decided yet) But what would happen if a monster spawns a fireball which by itself tracks the player(in the same turn). Should I add the fireball to the enviourment beforehand, so make a change to the environment before executing the action list or just add the ball to the "need updated" list as a special case so it doesn't exist in the environment and still operates on it, spawing after evaluating the action list? Are there any solutions or papers on this subject which I can take a look at? EDIT: I don't need information on writing a roguelike I need information on turn based ai in respective to a complex enviourment.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 172 173 174 175 176 177 178 179 180 181 182 183  | Next Page >