Search Results

Search found 16554 results on 663 pages for 'programmers identity'.

Page 19/663 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • IT Optimization Plan Pays Off For UK Retailer

    - by Brian Dayton
    I caught this article in ComputerworldUK yesterday. The headline talks about UK-based supermarket chain Morrisons is increasing their IT spend...OK, sounds good. Even nicer that Oracle is a big part of that. But what caught my eye were three things: 1) Morrison's truly has a long term strategy for IT. In this case, modernizing and optimizing how they use IT for business advantage.   2) Even in a tough economic climate, Morrison's views IT investments as contributing to and improving the bottom line. Specifically, "The investment in IT contributed to a 21 percent increase in Morrison's underlying profit.."   3) The phased, 3-year "Optimization Plan" took a holistic approach to their business--from CRM and Supply Chain systems to the underlying application infrastructure. On the infrastructure front, adopting a more flexible Service-Oriented Architecture enabled them to be more agile and adapt their business and Identity Management helped with sometimes mundane (but costly) issues like lost passwords and being able to document who has access to what.   Things don't always turn out so rosy. And I know it was a long and difficult process...but it's nice to see a happy ending every once in a while.  

    Read the article

  • CSO Summit @ Executive Edge

    - by Naresh Persaud
    If you are attending the Executive Edge at Open World be sure to check out the sessions at the Chief Security Officer Summit. Former Sr. Counsel for the National Security Agency, Joel Brenner ,  will be speaking about his new book "America the Vulnerable". In addition, PWC will present a panel discussion on "Crisis Management to Business Advantage: Security Leadership". See below for the complete agenda. TUESDAY, October 2, 2012 Chief Security Officer Summit Welcome Dave Profozich, Group Vice President, Oracle 10:00 a.m.–10:15 a.m. America the Vulnerable Joel Brenner, former Senior Counsel, National Security Agency 10:15 a.m.–11:00 a.m. The Threats are Outside, the Risks are Inside Sonny Singh, Senior Vice President, Oracle 11:00 a.m.–11:20 a.m. From Crisis Management to Business Advantage: Security Leadership Moderator: David Burg, Partner, Forensic Technology Solutions, PwC Panelists: Charles Beard, CIO and GM of Cyber Security, SAIC Jim Doggett, Chief Information Technology Risk Officer, Kaiser Permanente Chris Gavin, Vice President, Information Security, Oracle John Woods, Partner, Hunton & Williams 11:20 a.m.–12:20 p.m. Lunch Union Square Tent 12:20 p.m.–1:30 p.m. Securing the New Digital Experience Amit Jasuja, Senior Vice President, Identity Management and Security, Oracle 1:30 p.m.–2:00 p.m. Securing Data at the Source Vipin Samar, Vice President, Database Security, Oracle 2:00 p.m.–2:30 p.m. Security from the Chairman’s Perspective Jeff Henley, Chairman of the Board, Oracle Dave Profozich, Group Vice President, Oracle 2:30 p.m.–3:00 p.m.

    Read the article

  • IT Optimization Plan Pays Off For UK Retailer

    - by [email protected]
    I caught this article in ComputerworldUK yesterday. The headline talks about UK-based supermarket chain Morrisons is increasing their IT spend...OK, sounds good. Even nicer that Oracle is a big part of that. But what caught my eye were three things: 1) Morrison's truly has a long term strategy for IT. In this case, modernizing and optimizing how they use IT for business advantage. 2) Even in a tough economic climate, Morrison's views IT investments as contributing to and improving the bottom line. Specifically, "The investment in IT contributed to a 21 percent increase in Morrison's underlying profit.." 3) The phased, 3-year "Optimization Plan" took a holistic approach to their business--from CRM and Supply Chain systems to the underlying application infrastructure. On the infrastructure front, adopting a more flexible Service-Oriented Architecture enabled them to be more agile and adapt their business and Identity Management helped with sometimes mundane (but costly) issues like lost passwords and being able to document who has access to what. Things don't always turn out so rosy. And I know it was a long and difficult process...but it's nice to see a happy ending every once in a while.

    Read the article

  • 2012 Oracle Fusion Middleware Innovation Awards Announced

    - by Tanu Sood
    Guest Contributor: Margaret Harrist. Originally posted on Oracle NewsCentral Companies from around the world were honored Tuesday for their innovative solutions using Oracle Fusion Middleware. This year’s 27 award winners, representing 11 countries and a wide span of industries, wowed the judges with a range of projects across eight product categories. A panel of judges scored each entry across multiple categories, including the uniqueness of their business case, business benefits, level of impact relative to the size of the organization, complexity and magnitude of implementation, and the architecture’s originality. In a general session just before the award presentation, Oracle Executive Vice President Hasan Rizvi highlighted a few of the winners’ original implementations, including Nike, Los Angeles Department of Water and Power, and Nintendo of America. Congratulations to the 2012 winners: Oracle Exalogic: Netshoes, Claro, UL, and Ingersoll Rand Oracle Cloud Application Foundation: Mazda Motor Corporation, HOTELBEDS Technology, Globalia, Nike, and Comcast Corporation Oracle SOA and Oracle BPM: NTT Docomo, Schneider National, Amadeus, and Motability Oracle WebCenter: News Limited, University of Louisville, China Mobile Jiangsu, Life Technologies Oracle Identity Management: Education Testing Service and Avea Oracle Data Integration: Raymond James and William Morrison Supermarkets Oracle Application Development Framework and Oracle Fusion Development: Qualcomm, Micros Systems, and Marfin Egnatia Bank Business Analytics (Oracle BI, Oracle EPM, Oracle Exalytics): INC Research, Experian, and Hologic

    Read the article

  • SQL SERVER – Maximize Database Performance with DB Optimizer – SQL in Sixty Seconds #054

    - by Pinal Dave
    Performance tuning is an interesting concept and everybody evaluates it differently. Every developer and DBA have different opinion about how one can do performance tuning. I personally believe performance tuning is a three step process Understanding the Query Identifying the Bottleneck Implementing the Fix While, we are working with large database application and it suddenly starts to slow down. We are all under stress about how we can get back the database back to normal speed. Most of the time we do not have enough time to do deep analysis of what is going wrong as well what will fix the problem. Our primary goal at that time is to just fix the database problem as fast as we can. However, here is one very important thing which we need to keep in our mind is that when we do quick fix, it should not create any further issue with other parts of the system. When time is essence and we want to do deep analysis of our system to give us the best solution we often tend to make mistakes. Sometimes we make mistakes as we do not have proper time to analysis the entire system. Here is what I do when I face such a situation – I take the help of DB Optimizer. It is a fantastic tool and does superlative performance tuning of the system. Everytime when I talk about performance tuning tool, the initial reaction of the people is that they do not want to try this as they believe it requires lots of the learning of the tool before they use it. It is absolutely not true with the case of the DB optimizer. It is a very easy to use and self intuitive tool. Once can get going with the product, in no time. Here is a quick video I have build where I demonstrate how we can identify what index is missing for query and how we can quickly create the index. Entire three steps of the query tuning are completed in less than 60 seconds. If you are into performance tuning and query optimization you should download DB Optimizer and give it a go. Let us see the same concept in following SQL in Sixty Seconds Video: You can Download DB Optimizer and reproduce the same Sixty Seconds experience. Related Tips in SQL in Sixty Seconds: Performance Tuning – Part 1 of 2 – Getting Started and Configuration Performance Tuning – Part 2 of 2 – Analysis, Detection, Tuning and Optimizing What would you like to see in the next SQL in Sixty Seconds video? Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Database, Pinal Dave, PostADay, SQL, SQL Authority, SQL in Sixty Seconds, SQL Interview Questions and Answers, SQL Query, SQL Scripts, SQL Server, SQL Tips and Tricks, T SQL, Technology, Video Tagged: Identity

    Read the article

  • Who would be the most efficacious Patron Saint of Programmers? [closed]

    - by Peter Turner
    The purpose of this question is to find someone out there to intercede for us and help our coding (not to magically align the bytes), to inspire our daily grind of software development by their lives of heroic virtue, to unite us under a common patron and to keep us on the straight and narrow path (i.e. don't be evil). In days of yore, the professional guilds had a patron saint. Regardless of whether we have a higher tendency to be atheists or not, who would you choose as the patron saint of programmers and what would be your criteria? Some people have chosen St. Isidore of Seville, but he's more like the patron saint of Wikipedia. If you're not Catholic please don't hesitate to nominate someone, just say what your criteria is. At the very least they should be dead and have lived a life of heroic virtue - or have died trying. It's a very pragmatic and noble custom which I heartily encourage. But if you find the practice off-putting, please don't be offended. I only mean to ask this question to other like minded programmers, which I have reason to believe exist. If you add a picture and a maybe make up a prayer that'd be excellent. It doesn't have to be gilded, illuminated and rhyme, although that would be sweet.

    Read the article

  • Why do programmers seem to be such bad spellers?

    - by Joel Etherton
    Programming languages are very precise tools based on explicit grammars. They're very picky, and when being used they require an exacting amount of detail. C#, for instance, is case sensitive so even getting the case of an argument wrong will cause an error. Questions asked all over the StackExchange are replete with misspellings, grammatical errors, and other problems that seem to indicate a lack of attention to detail when it comes to the language itself. Now, I understand there are a lot of programmers out there whose native language is not English, and I am not directing this question (rant one might say) at them. I'm referring to the individuals who are clearly from an English speaking background who refuse to pay attention to these simple details. I am not perfect by any means, but I try to use the language correctly so that my meaning will be understood correctly. I find programmers misspelling variable names, classes, and all manner of words in any kind of technical documentation they might write. I have had to withstand code where I am repeatedly referring to the subit[sic] button or HttpWebResponse reponse. The general complaint about bad spelling is one thing, and it will always be there. I accept that. But my question/comment is about the proclivity of bad spelling within the programming community. I would think that people who deal with such exacting tools to be more naturally predisposed towards proper spelling. Yet this doesn't seem to be the case.

    Read the article

  • Why do some programmers think there is a contrast between theory and practice?

    - by Giorgio
    Comparing software engineering with civil engineering, I was surprised to observe a different way of thinking: any civil engineer knows that if you want to build a small hut in the garden you can just get the materials and go build it whereas if you want to build a 10-storey house you need to do quite some maths to be sure that it won't fall apart. In contrast, speaking with some programmers or reading blogs or forums I often find a wide-spread opinion that can be formulated more or less as follows: theory and formal methods are for mathematicians / scientists while programming is more about getting things done. What is normally implied here is that programming is something very practical and that even though formal methods, mathematics, algorithm theory, clean / coherent programming languages, etc, may be interesting topics, they are often not needed if all one wants is to get things done. According to my experience, I would say that while you do not need much theory to put together a 100-line script (the hut), in order to develop a complex application (the 10-storey building) you need a structured design, well-defined methods, a good programming language, good text books where you can look up algorithms, etc. So IMO (the right amount of) theory is one of the tools for getting things done. So my question is why do some programmers think that there is a contrast between theory (formal methods) and practice (getting things done)? Is software engineering (building software) perceived by many as easy compared to, say, civil engineering (building houses)? Or are these two disciplines really different (apart from mission-critical software, software failure is much more acceptable than building failure)?

    Read the article

  • Is Linq having a mind-numbing effect on .NET programmers?

    - by Aaronaught
    A lot of us started seeing this phenomenon with jQuery about a year ago when people started asking how to do absolutely insane things like retrieve the query string with jQuery. The difference between the library (jQuery) and the language (JavaScript) is apparently lost on many programmers, and results in a lot of inappropriate, convoluted code being written where it is not necessary. Maybe it's just my imagination, but I swear I'm starting to see an uptick in the number of questions where people are asking to do similarly insane things with Linq, like find ranges in a sorted array. I can't get over how thoroughly inappropriate the Linq extensions are for solving that problem, but more importantly the fact that the author just assumed that the ideal solution would involve Linq without actually thinking about it (as far as I can tell). It seems that we are repeating history, breeding a new generation of .NET programmers who can't tell the difference between the language (C#/VB.NET) and the library (Linq). What is responsible for this phenomenon? Is it just hype? Magpie tendencies? Has Linq picked up a reputation as a form of magic, where instead of actually writing code you just have to utter the right incantation? I'm hardly satisfied with those explanations but I can't really think of anything else. More importantly, is it really a problem, and if so, what's the best way to help enlighten these people?

    Read the article

  • Advice for Future Programmers?

    - by Nate Zaugg
    I have a buddy that is going to be giving some presentations to high-schoolers. Specifically he asked: What would you be looking for if they approached you about work? Perhaps you are in that age group right now. What do you want to know? Perhaps you are just a few years into the workforce. What do you wish someone had told you but never did? Perhaps you have children, relatives or friends in or soon to be in that age group. What are you worried they don't know about? I'm sure there are other perspectives and questions I'm not even thinking about. I'd like to hear what you have to say about it. Here was my list: Don't be afraid to try! Don't let the perception that something is too difficult stop you from experimenting. Curiosity may have killed the cat, but an un-inquisitive person is mostly useless. Stolen from Einstein: You don't really understand something until you can explain it to your grandmother. It's never enough to be smart, you also have to work well with others. Before you can be really smart, you must learn how to learn. There will always be someone smarter than you are -- Become their buddy! Get to know great minds and learn all you can. Some knowledge can only be expressed this way. Communication, Communication, Communication! Projects rarely fail because of technical reasons and the difference between good programmers and outstanding programmers is how well they communicate. A good work ethic never goes unnoticed. Know when to ask for help and when to figure something out for yourself.

    Read the article

  • Linq to SQL with INSTEAD OF Trigger and an Identity Column

    - by Bob Horn
    I need to use the clock on my SQL Server to write a time to one of my tables, so I thought I'd just use GETDATE(). The problem is that I'm getting an error because of my INSTEAD OF trigger. Is there a way to set one column to GETDATE() when another column is an identity column? This is the Linq-to-SQL: internal void LogProcessPoint(WorkflowCreated workflowCreated, int processCode) { ProcessLoggingRecord processLoggingRecord = new ProcessLoggingRecord() { ProcessCode = processCode, SubId = workflowCreated.SubId, EventTime = DateTime.Now // I don't care what this is. SQL Server will use GETDATE() instead. }; this.Database.Add<ProcessLoggingRecord>(processLoggingRecord); } This is the table. EventTime is what I want to have as GETDATE(). I don't want the column to be null. And here is the trigger: ALTER TRIGGER [Master].[ProcessLoggingEventTimeTrigger] ON [Master].[ProcessLogging] INSTEAD OF INSERT AS BEGIN SET NOCOUNT ON; SET IDENTITY_INSERT [Master].[ProcessLogging] ON; INSERT INTO ProcessLogging (ProcessLoggingId, ProcessCode, SubId, EventTime, LastModifiedUser) SELECT ProcessLoggingId, ProcessCode, SubId, GETDATE(), LastModifiedUser FROM inserted SET IDENTITY_INSERT [Master].[ProcessLogging] OFF; END Without getting into all of the variations I've tried, this last attempt produces this error: InvalidOperationException Member AutoSync failure. For members to be AutoSynced after insert, the type must either have an auto-generated identity, or a key that is not modified by the database after insert. I could remove EventTime from my entity, but I don't want to do that. If it was gone though, then it would be NULL during the INSERT and GETDATE() would be used. Is there a way that I can simply use GETDATE() on the EventTime column for INSERTs? Note: I do not want to use C#'s DateTime.Now for two reasons: 1. One of these inserts is generated by SQL Server itself (from another stored procedure) 2. Times can be different on different machines, and I'd like to know exactly how fast my processes are happening.

    Read the article

  • Do ruby on rails programmers refactor?

    - by JoaoHornburg
    I'm a Java programmer who started programming Ruby on Rails one year ago. I like the language, rails itself and the principles behind them. But something that bothers me is that Ruby programmers don't seem to refactor. I noticed that there is a big lack of tools for refactoring in Ruby / Rails. Some IDE's, like Aptana and RubyMine seem to offer some very basic refactoring, but nothing really big compared to Eclipse's Java refactorings. Then there is another fact: most railers (even the pros) prefer some lightweight editors, like VIM or TextMate, instead of IDEs. Well, with these tools you just get zero refactoring (only regex with find/replace). This leaves me this impression that rails programmers don't refactor. It might be just a false impression, of course, but I would like to hear the opinion of people who work professionally with ruby on rails. Do you refactor? If you do, how do you do it,with which tools? If not, why not?

    Read the article

  • WordPerfect programmers refusing to use anything but assembler

    - by Totophil
    There is a version (popularised by Joel Spolsky) attributing the demise of WordPerfect to a refusal of its programmers to use anything but assembler that led to delay of the first WPwin release and as result eventually to losing the all important battle with Microsoft. There are a few references to programming work being done using assembler in the autobiographical book "Almost Perfect" by W. E. Pete Peterson who used to have a major influence at running the corporation. But these references go back to early 80's when WordPerfect was trying to gain a significant market share by defeating WordStar and not early nineties when the battle with MS took place. I am looking for a second independent source to confirm the assumption. Maybe someone who worked for WordPerfect Corporation at a time, who was close to the company, or had a chance to see the source could clarify the issue. Your help is much appreciated, thanks! Please note that this question is not about any other theories or reasons behind WordPerfect demise. I really just need to clarify whether they used assembler as a primary language for WPwin and (as a bonus really) whether there were discussions held within the corporation about assembler being the right choice. Concisely: Did WPCorp use assembler as a primary language for WPwin? Were discussions held at a time amongst WP Corp staff about assembler being the right choice (was it management or programmers decision)?

    Read the article

  • value of Identity column returning null when retrieved by value in dataGridView

    - by Raven Dreamer
    Greetings. I'm working on a windows forms application that interacts with a previously created SQL database. Specifically, I'm working on implementing an "UPDATE" query. for (int i = 0; i < dataGridView1.RowCount; i++) { string firstName = (string)dataGridView1.Rows[i].Cells[0].Value; string lastName = (string)dataGridView1.Rows[i].Cells[1].Value; string phoneNo = (string)dataGridView1.Rows[i].Cells[2].Value; short idVal = (short)dataGridView1.Rows[i].Cells[3].Value; this.contactInfoTableAdapter.UpdateQuery(firstName, lastName, phoneNo, idVal); } The dataGridView has 4 columns, First Name, Last Name, Phone Number, and ID (which was created as an identity column when I initially formed the table in SQL). When I try to run this code, the three strings are returned properly, but dataGridView1.Rows[i].Cells[3].Value is returning "null". I'm guessing this is because it was created as an identity column rather than a normal column. What's a better way to retrieve the relevant ID value for my UpdateQuery?

    Read the article

  • BYOD is not a fashion statement; it’s an architectural shift - by Indus Khaitan

    - by Greg Jensen
    Ten years ago, if you asked a CIO, “how mobile is your enterprise?”. The answer would be, “100%, we give Blackberry to all our employees.”Few things have changed since then: 1.    Smartphone form-factors have matured, especially after the launch of iPhone. 2.    Rapid growth of productivity applications and services that enable creation and consumption of digital content 3.    Pervasive mobile data connectivityThere are two threads emerging from the change. Users are rapidly mingling their personas of an individual as well as an employee. In the first second, posting a picture of a fancy dinner on Facebook, to creating an expense report for the same meal on the mobile device. Irrespective of the dual persona, a user’s personal and corporate lives intermingle freely on a single hardware and more often than not, it’s an employees personal smartphone being used for everything. A BYOD program enables IT to “control” an employee owned device, while enabling productivity. More often than not the objective of BYOD programs are financial; instead of the organization, an employee pays for it.  More than a fancy device, BYOD initiatives have become sort of fashion statement, of corporate productivity, of letting employees be in-charge and a show of corporate empathy to not force an archaic form-factor in a world of new device launches every month. BYOD is no longer a means of effectively moving expense dollars and support costs. It does not matter who owns the device, it has to be protected.  BYOD brings an architectural shift.  BYOD is an architecture, which assumes that every device is vulnerable, not just what your employees have brought but what organizations have purchased for their employees. It's an architecture, which forces us to rethink how to provide productivity without comprising security.Why assume that every device is vulnerable? Mobile operating systems are rapidly evolving with leading upgrade announcement every other month. It is impossible for IT to catch-up. More than that, user’s are savvier than earlier.  While IT could install locks at the doors to prevent intruders, it may degrade productivity—which incentivizes user’s to bypass restrictions. A rapidly evolving mobile ecosystem have moving parts which are vulnerable. Hence, creating a mobile security platform, which uses the fundamental blocks of BYOD architecture such as identity defragmentation, IT control and data isolation, ensures that the sprawl of corporate data is contained. In the next post, we’ll dig deeper into the BYOD architecture. Normal 0 false false false EN-US JA X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Cambria","serif"; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin;}

    Read the article

  • Excel for programmers

    - by Rohit
    Recently as part of my job I have had to edit and create a lot of excel spreadsheets. I am familiar with some Excel formulas but while editing the spreadsheets I don't feel that I'm using the full potential of excel. Are there any books/online resources which guide someone with a programming background in Excel?

    Read the article

  • Best console based text editor not only for programmers [closed]

    - by robo
    I need console based text editor for writing both source codes and human readable texts such as emails. I need it to be user friendly. It mean for me: You can use it the same way as the notepad or gedit. You can use mouse there. If you need your mother of girlfriend or somebody to edit your text they will know what to do, they will not realize it is a console and will have only a feeling it is something like a notepad. copy, paste, undo works as usual with usual key combinations (Ctrl-C, Ctrl-V, Ctrl-Z). shift and arrows works as usual. They select the text. And when I return to the computer I want to use the text editor for programming. I expect: Syntax highliting auto indenting replacing spaces with tabs keyboard shortcuts for compiling possibility to configure it to use a debugger autocompletions for c#, java, c++ and other languages other things I expect from IDE's. I was working and configuring vim for a few years. But It never fulfilled all of my expectations (but it almost did). I thing I could get vim configured perfectly if I had few more weeks time for configurating it. Unfortunately I cannot afford to be configuring vim forever. Is there other alternative? Hopefully some editor I once set up and it will works forever? What do you use? I often hear people are using emacs. Is it worth learning?

    Read the article

  • how to spoof compelte browser identity

    - by Greenleader
    I found question on how to spoof user agent. I dont' want to spoof only user agent. I want to spoof everything from user agent, to Accept headers to http headers and also the information javascript can tell about browser - screen resolution and depth, class cpu, platform, device name, etc. Do you know of a way to achieve this in any browser out there ? I don't want 10 plugins to achieve this. I'd like unified way.

    Read the article

  • The Unintended Consequences of Sound Security Policy

    - by Tanu Sood
    v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Author: Kevin Moulton, CISSP, CISM Meet the Author: Kevin Moulton, Senior Sales Consulting Manager, Oracle Kevin Moulton, CISSP, CISM, has been in the security space for more than 25 years, and with Oracle for 7 years. He manages the East Enterprise Security Sales Consulting Team. He is also a Distinguished Toastmaster. Follow Kevin on Twitter at twitter.com/kevin_moulton, where he sometimes tweets about security, but might also tweet about running, beer, food, baseball, football, good books, or whatever else grabs his attention. Kevin will be a regular contributor to this blog so stay tuned for more posts from him. When I speak to a room of IT administrators, I like to begin by asking them if they have implemented a complex password policy. Generally, they all nod their heads enthusiastically. I ask them if that password policy requires long passwords. More nodding. I ask if that policy requires upper and lower case letters – faster nodding – numbers – even faster – special characters – enthusiastic nodding all around! I then ask them if their policy also includes a requirement for users to regularly change their passwords. Now we have smiles with the nodding! I ask them if the users have different IDs and passwords on the many systems that they have access to. Of course! I then ask them if, when they walk around the building, they see something like this: Thanks to Jake Ludington for the nice example. Can these administrators be faulted for their policies? Probably not but, in the end, end-users will find a way to get their job done efficiently. Post-It Notes to the rescue! I was visiting a business in New York City one day which was a perfect example of this problem. First I walked up to the security desk and told them where I was headed. They asked me if they should call upstairs to have someone escort me. Is that my call? Is that policy? I said that I knew where I was going, so they let me go. Having the conference room number handy, I wandered around the place in a search of my destination. As I walked around, unescorted, I noticed the post-it note problem in abundance. Had I been so inclined, I could have logged in on almost any machine and into any number of systems. When I reached my intended conference room, I mentioned my post-it note observation to the two gentlemen with whom I was meeting. One of them said, “You mean like this,” and he produced a post it note full of login IDs and passwords from his breast pocket! I gave him kudos for not hanging the list on his monitor. We then talked for the rest of the meeting about the difficulties faced by the employees due to the security policies. These policies, although well-intended, made life very difficult for the end-users. Most users had access to 8 to 12 systems, and the passwords for each expired at a different times. The post-it note solution was understandable. Who could remember even half of them? What could this customer have done differently? I am a fan of using a provisioning system, such as Oracle Identity Manager, to manage all of the target systems. With OIM, and email could be automatically sent to all users when it was time to change their password. The end-users would follow a link to change their password on a web page, and then OIM would propagate that password out to all of the systems that the user had access to, even if the login IDs were different. Another option would be an Enterprise Single-Sign On Solution. With Oracle eSSO, all of a user’s credentials would be stored in a central, encrypted credential store. The end-user would only have to login to their machine each morning and then, as they moved to each new system, Oracle eSSO would supply the credentials. Good-bye post-it notes! 3M may be disappointed, but your end users will thank you. I hear people say that this post-it note problem is not a big deal, because the only people who would see the passwords are fellow employees. Do you really know who is walking around your building? What are the password policies in your business? How do the end-users respond?

    Read the article

  • XSD: how to use 'unique' & 'key'/'keyref' with element values?

    - by Koohoolinn
    I trying to use and / with element values but I just can't get it to work. If I do it with attrubute values it works like a charm. Test.xml <test:config xmlns:test="http://www.example.org/Test" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.example.org/Test Test.xsd "> <test:location id="id1" path="/path2"> <test:roles> <test:role>role1</test:role> <test:role>role2</test:role> <test:role>role2</test:role> <!-- DUPLICATE: FAIL VALIDATION --> </test:roles> <test:action name="action1"> <test:roles> <test:role>role1</test:role> <test:role>role1</test:role> <!-- DUPLICATE: FAIL VALIDATION --> <test:role>role3</test:role> <!-- NOT DEFINED: FAIL VALIDATION --> </test:roles> </test:action> </test:location> </test:config> I want ensure that roles are only defined once and that the roles defined under the action element are only those defined at the upper level. Test.xsd <xs:element name="config"> <xs:complexType> <xs:sequence> <xs:element ref="test:location" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="location" type="test:LocationType"> <xs:key name="keyRole"> <xs:selector xpath="test:roles" /> <xs:field xpath="test:role" /> </xs:key> <xs:keyref name="keyrefRole" refer="test:keyRole"> <xs:selector xpath="test:action/test:roles" /> <xs:field xpath="test:role" /> </xs:keyref> </xs:element> <xs:complexType name="LocationType"> <xs:sequence> <xs:element ref="test:roles" minOccurs="0" /> <xs:element name="action" type="test:ActionType" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="id" type="xs:string" use="required"/> <xs:attribute name="path" type="xs:string" use="required"/> </xs:complexType> <xs:element name="roles" type="test:RolesType"> <xs:unique name="uniqueRole"> <xs:selector xpath="." /> <xs:field xpath="test:role" /> </xs:unique> </xs:element> <xs:complexType name="RolesType"> <xs:sequence> <xs:element name="role" type="xs:string" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:complexType name="ActionType"> <xs:sequence> <xs:element ref="test:roles" /> </xs:sequence> <xs:attribute name="name" type="xs:string" use="required" /> </xs:complexType> The validation fails with these messages: Description Resource Path Location Type cvc-identity-constraint.3: Field "./test:role" of identity constraint "keyrefRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 15 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "keyrefRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 16 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "keyRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 9 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "keyRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 10 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "uniqueRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 9 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "uniqueRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 10 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "uniqueRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 15 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "uniqueRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 16 XML Problem cvc-identity-constraint.4.1: Duplicate unique value [role1] declared for identity constraint "uniqueRole" of element "roles". Test.xml /filebrowser-ejb/src/test/resources line 9 XML Problem cvc-identity-constraint.4.1: Duplicate unique value [role1] declared for identity constraint "uniqueRole" of element "roles". Test.xml /filebrowser-ejb/src/test/resources line 15 XML Problem cvc-identity-constraint.4.2.2: Duplicate key value [role1] declared for identity constraint "keyRole" of element "location". Test.xml /filebrowser-ejb/src/test/resources line 9 XML Problem cvc-identity-constraint.4.3: Key 'keyrefRole' with value 'role3' not found for identity constraint of element 'location'. Test.xml /filebrowser-ejb/src/test/resources line 19 XML Problem If I comment out the lines that should fail, validation still fails now with these messages: Description Resource Path Location Type cvc-identity-constraint.3: Field "./test:role" of identity constraint "keyRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 10 XML Problem cvc-identity-constraint.3: Field "./test:role" of identity constraint "uniqueRole" matches more than one value within the scope of its selector; fields must match unique values. Test.xml /filebrowser-ejb/src/test/resources line 10 XML Problem What am I doing wrong?

    Read the article

  • Grow Your Business with Security

    - by Darin Pendergraft
    Author: Kevin Moulton Kevin Moulton has been in the security space for more than 25 years, and with Oracle for 7 years. He manages the East EnterpriseSecurity Sales Consulting Team. He is also a Distinguished Toastmaster. Follow Kevin on Twitter at twitter.com/kevin_moulton, where he sometimes tweets about security, but might also tweet about running, beer, food, baseball, football, good books, or whatever else grabs his attention. Kevin will be a regular contributor to this blog so stay tuned for more posts from him. It happened again! There I was, reading something interesting online, and realizing that a friend might find it interesting too. I clicked on the little email link, thinking that I could easily forward this to my friend, but no! Instead, a new screen popped up where I was asked to create an account. I was expected to create a User ID and password, not to mention providing some personally identifiable information, just for the privilege of helping that website spread their word. Of course, I didn’t want to have to remember a new account and password, I didn’t want to provide the requisite information, and I didn’t want to waste my time. I gave up, closed the web page, and moved on to something else. I was left with a bad taste in my mouth, and my friend might never find her way to this interesting website. If you were this content provider, would this be the outcome you were looking for? A few days later, I had a similar experience, but this one went a little differently. I was surfing the web, when I happened upon some little chotcke that I just had to have. I added it to my cart. When I went to buy the item, I was again brought to a page to create account. Groan! But wait! On this page, I also had the option to sign in with my OpenID account, my Facebook account, my Yahoo account, or my Google Account. I have all of those! No new account to create, no new password to remember, and no personally identifiable information to be given to someone else (I’ve already given it all to those other guys, after all). In this case, the vendor was easy to deal with, and I happily completed the transaction. That pleasant experience will bring me back again. This is where security can grow your business. It’s a differentiator. You’ve got to have a presence on the web, and that presence has to take into account all the smart phones everyone’s carrying, and the tablets that took over cyber Monday this year. If you are a company that a customer can deal with securely, and do so easily, then you are a company customers will come back to again and again. I recently had a need to open a new bank account. Every bank has a web presence now, but they are certainly not all the same. I wanted one that I could deal with easily using my laptop, but I also wanted 2-factor authentication in case I had to login from a shared machine, and I wanted an app for my iPad. I found a bank with all three, and that’s who I am doing business with. Let’s say, for example, that I’m in a regular Texas Hold-em game on Friday nights, so I move a couple of hundred bucks from checking to savings on Friday afternoons. I move a similar amount each week and I do it from the same machine. The bank trusts me, and they trust my machine. Most importantly, they trust my behavior. This is adaptive authentication. There should be no reason for my bank to make this transaction difficult for me. Now let's say that I login from a Starbucks in Uzbekistan, and I transfer $2,500. What should my bank do now? Should they stop the transaction? Should they call my home number? (My former bank did exactly this once when I was taking money out of an ATM on a business trip, when I had provided my cell phone number as my primary contact. When I asked them why they called my home number rather than my cell, they told me that their “policy” is to call the home number. If I'm on the road, what exactly is the use of trying to reach me at home to verify my transaction?) But, back to Uzbekistan… Should my bank assume that I am happily at home in New Jersey, and someone is trying to hack into my account? Perhaps they think they are protecting me, but I wouldn’t be very happy if I happened to be traveling on business in Central Asia. What if my bank were to automatically analyze my behavior and calculate a risk score? Clearly, this scenario would be outside of my typical behavior, so my risk score would necessitate something more than a simple login and password. Perhaps, in this case, a one-time password to my cell phone would prove that this is not just some hacker half way around the world. But, what if you're not a bank? Do you need this level of security? If you want to be a business that is easy to deal with while also protecting your customers, then of course you do. You want your customers to trust you, but you also want them to enjoy doing business with you. Make it easy for them to do business with you, and they’ll come back, and perhaps even Tweet about it, or Like you, and then their friends will follow. How can Oracle help? Oracle has the technology and expertise to help you to grown your business with security. Oracle Adaptive Access Manager will help you to prevent fraud while making it easier for your customers to do business with you by providing the risk analysis I discussed above, step-up authentication, and much more. Oracle Mobile and Social Access Service will help you to secure mobile access to applications by expanding on your existing back-end identity management infrastructure, and allowing your customers to transact business with you using the social media accounts they already know. You also have device fingerprinting and metrics to help you to grow your business securely. Security is not just a cost anymore. It’s a way to set your business apart. With Oracle’s help, you can be the business that everyone’s tweeting about. Image courtesy of Flickr user shareski

    Read the article

  • Securing an ADF Application using OES11g: Part 1

    - by user12587121
    Future releases of the Oracle stack should allow ADF applications to be secured natively with Oracle Entitlements Server (OES). In a sequence of postings here I explore one way to achive this with the current technology, namely OES 11.1.1.5 and ADF 11.1.1.6. ADF Security Basics ADF Bascis The Application Development Framework (ADF) is Oracle’s preferred technology for developing GUI based Java applications.  It can be used to develop a UI for Swing applications or, more typically in the Oracle stack, for Web and J2EE applications.  ADF is based on and extends the Java Server Faces (JSF) technology.  To get an idea, Oracle provides an online demo to showcase ADF components. ADF can be used to develop just the UI part of an application, where, for example, the data access layer is implemented using some custom Java beans or EJBs.  However ADF also has it’s own data access layer, ADF Business Components (ADF BC) that will allow rapid integration of data from data bases and Webservice interfaces to the ADF UI component.   In this way ADF helps implement the MVC  approach to building applications with UI and data components. The canonical tutorial for ADF is to open JDeveloper, define a connection to a database, drag and drop a table from the database view to a UI page, build and deploy.  One has an application up and running very quickly with the ability to quickly integrate changes to, for example, the DB schema. ADF allows web pages to be created graphically and components like tables, forms, text fields, graphs and so on to be easily added to a page.  On top of JSF Oracle have added drag and drop tooling with JDeveloper and declarative binding of the UI to the data layer, be it database, WebService or Java beans.  An important addition is the bounded task flow which is a reusable set of pages and transitions.   ADF adds some steps to the page lifecycle defined in JSF and adds extra widgets including powerful visualizations. It is worth pointing out that the Oracle Web Center product (portal, content management and so on) is based on and extends ADF. ADF Security ADF comes with it’s own security mechanism that is exposed by JDeveloper at development time and in the WLS Console and Enterprise Manager (EM) at run time. The security elements that need to be addressed in an ADF application are: authentication, authorization of access to web pages, task-flows, components within the pages and data being returned from the model layer. One  typically relies on WLS to handle authentication and because of this users and groups will also be handled by WLS.  Typically in a Dev environment, users and groups are stored in the WLS embedded LDAP server. One has a choice when enabling ADF security (Application->Secure->Configure ADF Security) about whether to turn on ADF authorization checking or not: In the case where authorization is enabled for ADF one defines a set of roles in which we place users and then we grant access to these roles to the different ADF elements (pages or task flows or elements in a page). An important notion here is the difference between Enterprise Roles and Application Roles. The idea behind an enterprise role is that is defined in terms of users and LDAP groups from the WLS identity store.  “Enterprise” in the sense that these are things available for use to all applications that use that store.  The other kind of role is an Application Role and the idea is that  a given application will make use of Enterprise roles and users to build up a set of roles for it’s own use.  These application roles will be available only to that application.   The general idea here is that the enterprise roles are relatively static (for example an Employees group in the LDAP directory) while application roles are more dynamic, possibly depending on time, location, accessed resource and so on.  One of the things that OES adds that is that we can define these dynamic membership conditions in Role Mapping Policies. To make this concrete, here is how, at design time in Jdeveloper, one assigns these rights in Jdeveloper, which puts them into a file called jazn-data.xml: When the ADF app is deployed to a WLS this JAZN security data is pushed to the system-jazn-data.xml file of the WLS deployment for the policies and application roles and to the WLS backing LDAP for the users and enterprise roles.  Note the difference here: after deploying the application we will see the users and enterprise roles show up in the WLS LDAP server.  But the policies and application roles are defined in the system-jazn-data.xml file.  Consult the embedded WLS LDAP server to manage users and enterprise roles by going to the domain console and then Security Realms->myrealm->Users and Groups: For production environments (or in future to share this data with OES) one would then perform the operation of “reassociating” this security policy and application role data to a DB schema (or an LDAP).  This is done in the EM console by reassociating the Security Provider.  This blog posting has more explanations and references on this reassociation process. If ADF Authentication and Authorization are enabled then the Security Policies for a deployed application can be managed in EM.  Our goal is to be able to manage security policies for the applicaiton rather via OES and it's console. Security Requirements for an ADF Application With this package tour of ADF security we can see that to secure an ADF application with we would expect to be able to take care of at least the following items: Authentication, including a user and user-group store Authorization for page access Authorization for bounded Task Flow access.  A bounded task flow has only one point of entry and so if we protect that entry point by calling to OES then all the pages in the flow are protected.  Authorization for viewing data coming from the data access layer In the next posting we will describe a sample ADF application and required security policies. References ADF Dev Guide: Fusion Middleware Fusion Developer's Guide for Oracle Application Development Framework: Enabling ADF Security in a Fusion Web Application Oracle tutorial on securing a sample ADF application, appears to require ADF 11.1.2 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

    Read the article

  • VS2010 Publish (Web Deployment) fails with "Some or all identity references could not be translated"

    - by jonhilt
    Deploying ASP.NET 3.5 Web Service to local IIS (on Windows 7) I get this error message... The account 'ASPNET' does not appear to be valid. The account was obtained from this location: 'AspNetWorkerProcessIdentityName'. Some or all identity references could not be translated. Publish failed to deploy. I've tried making the site use a specific Application Pool, and the Network Service user (which also has full rights to the deployment folder) but to no avail.

    Read the article

  • Scala for Junior Programmers?

    - by Traldin
    Hi, we are considering Scala for a new Project within our company. We have some Junior Programmers with only PHP knowledge, and we are in doubt that they can handle Scala. What are your opinions? Some say: "Scala is a complicated beast!", some say: "It's easy once you got it." Maybe someone has real-world experience?

    Read the article

  • Entrepreneur Needs Programmers, Architects, or Engineers?

    - by brand-newbie
    Hi guys (Ladies included). I posted on a related site, but THIS is the place to be. I want to build a specialized website. I am an entrepreneur and refining valuations now for venture capitalsists: i.e., determining how much cash I will need. I need help in understanding what human resources I need (i.e., Software Programmers, Architects, Engineers, etc.)??? Trust me, I have read most--if not all--of the threads here on the subject, and I can tell you I am no closer to the answer than ever. Here's my technology problem: The website will include (2) main components: a search engine (web crawler)...and a very large database. The search engine will not be a competitor to google, obviously; however, it "will" require bots to scour the web. The website will be, basically, a statistical database....where users should be able to pull up any statistic from "numerous" fields. Like any entrepreneur with a web-based vision, I'm "hoping" to get 100+ million registered users eventually. However, practically, we will start as small as feasible. As regards the technology (database architecture, servers, etc.), I do want quality, quality, quality. My priorities are speed, and the capaility to be scalable...so that if I "did" get globally large, we could do it without having to re-engineer anything. In other words, I want the back-end and the "infrastructure" to be scalable and professional....with emphasis on quality. I am not an IT professional. Although I've built several Joomla-based websites, I'm just a rookie who's only used minor javascript coding to modify a few plug-ins and components. The business I'm trying to create requires specialization and experts. I want to define the problem and let a capable team create the final product, and I will stay totally hands off. So who do you guys suggest I hire to run this thing? A software engineer? I was thinking I would need a "database engineer," a "systems security engineer", and maybe 2 or 3 "programmers" for the search engine. Also a web designer...and maybe a part-time graphic designer...everyone working under a single software engineer. What do you guys think? Who should I hire?...I REALLY need help from some people in the industry (YOU guys) on this. Is this project do-able in 6 months? If so, how many people will I need? Who exactly needs to head up this thing?...Senior software engineer, an embedded engineer, a CC++ engineer, a java engineer, a database engineer? And do I build this thing is Ruby or Java?

    Read the article

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >