Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 192/529 | < Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >

HTML submit form using a CAPCHA image or a security question which one is more secure?

- by Roland

I've seen developers use various methods to prevent spam on a basic html contact form Method 1 is where the developer uses a Captcha image and Method 2 where only a Question is asked eg. Are you Human? with a radio button. Which one is the better one to use and why?

Read the article
Linq to SQL: how get row security between write access??

- by Francisco

I would like to allow two threads to write in a table at the same time (I know the problem of updating the same row, but this would be a story apart). I need that in behalf of speed up the operations in my aplication (one thread could write in row X while another could do the same in row X+n instead of waiting the first to finalize). So, can I block rows instead of tables with Linq to SQL? Thanks.

Read the article
How to change security configutarion in IE8 for Intranet pages, such that Javascript can close a Win

- by Martín Fixman

I am developing a system that uses a little Internet page as a front-end for the whole program. Since I need to use ActiveX (sigh), the page must work on Internet Explorer. However, after some actions have been done the page needs to close itself. Using window.close() on Javascript it works, but before closing it prompts the user if it wants to close the Window. The ideal would be that it closes automatically. Is there any way to make IE8 (changing an option on the browser, not a code-only solution) not to prompt before closing the Window?

Read the article
Is this method of static file serving safe in node.js? (potential security hole?)

- by MikeC8

I want to create the simplest node.js server to serve static files. Here's what I came up with: fs = require('fs'); server = require('http').createServer(function(req, res) { res.end(fs.readFileSync(__dirname + '/public/' + req.url)); }); server.listen(8080); Clearly this would map http://localhost:8080/index.html to project_dir/public/index.html, and similarly so for all other files. My one concern is that someone could abuse this to access files outside of project_dir/public. Something like this, for example: http://localhost:8080/../../sensitive_file.txt I tried this a little bit, and it wasn't working. But, it seems like my browser was removing the ".." itself. Which leads me to believe that someone could abuse my poor little node.js server. I know there are npm packages that do static file serving. But I'm actually curious to write my own here. So my questions are: Is this safe? If so, why? If not, why not? And, if further, if not, what is the "right" way to do this? My one constraint is I don't want to have to have an if clause for each possible file, I want the server to serve whatever files I throw in a directory.

Read the article
How best to present a security vulnerability to a web development team in your own company?

- by BigCoEmployee

Imagine the following scenario: You work at Big Co. and your coworkers down the hall are on the web development team for Big Co's public blog system, which a lot of Big Co employees and some public people use. The blog system allows any HTML and JavaScript, and you've been told that it was a choice (not by accident) but you aren't sure if they realize the implications of this. So you want to convince them that this is a bad idea. You write some demonstration code and plant a XSS script in your own blog, and then write some blog posts. Soon after, the head blog admin (down the hall) visits your blog post and the XSS sends his cookies to you. You copy them into your browser and you are now logged in as him. Okay, now you're logged in as him... And you start realizing that it maybe wasn't such a good idea to go ahead and 'hack' the blog system. But you are a good guy! You don't touch his account after logging into it, and you definitely don't plan on publicizing this weakness; you just maybe want to show them that the public is able to do this, so that they can fix it before someone malicious realizes the same thing! What is the best course of action from here?

Read the article
TinyMCE security question: How do you prevent malicious input?

- by Walker

How do you prevent malicious input in WYSIWYG editors like TinyMCE? I have a system with users who are not "tech savvy" (so no WMD) and need a rich text editor that posts its content into a database. I'm worried about scripting attacks and malicious input code.

Read the article
.NET security mechanism to restrict access between two Types in the same Website project?

- by jdk

Question: Is there a mechanism in the .NET Framework to hide one custom Type from another without using separate projects/assemblies? I'm using C# with ASP.NET in a Website project (Note: Not a Web Application). Obviously there's not a way to enforce this restriction using language-specific OO keywords so I am looking for something else, for example: maybe a permission framework or code access mechanism, maybe something that uses meta data like Attributes. I'm unsure. I don't really care whether the solution actually hides classes from each other or just makes them inaccessible, etc. A runtime or design time answer will suffice. Looking for something easy to implement otherwise it's not worth the effort ... Background: I'm working in an ASP.NET Website project and the team has decided not to use separate project assemblies for different software layers. Therefore I'm looking for a way to have, for example, a DataAccess/ folder of which I disallow its classes to access other Types in the ASP.NET Website project.

Read the article
Getting rails to execute root level file edits on system files without compromising security.

- by voxobscuro

I'm writing a Rails 3 application that needs to be able to trigger modifications to unix system config files. I'd like to insulate the file modifications from the consumer side by running them in a background process. I've considered writing out a temp file in rails and then copying the file with a bash script but that doesn't really insulate the system. I've also considered pulling from the database manually with a cron based script and updating the configs. But what I would really like is a component that can hook into the rails environment, read out what is needed from the database, and update the config files. This process needs to be run as root because the config files mostly live in /etc/whatever. Any suggestions? Thanks!

Read the article
Regression testing with Selenium GRID

- by Ben Adderson

A lot of software teams out there are tasked with supporting and maintaining systems that have grown organically over time, and the web team here at Red Gate is no exception. We're about to embark on our first significant refactoring endeavour for some time, and as such its clearly paramount that the code be tested thoroughly for regressions. Unfortunately we currently find ourselves with a codebase that isn't very testable - the three layers (database, business logic and UI) are currently tightly coupled. This leaves us with the unfortunate problem that, in order to confidently refactor the code, we need unit tests. But in order to write unit tests, we need to refactor the code :S To try and ease the initial pain of decoupling these layers, I've been looking into the idea of using UI automation to provide a sort of system-level regression test suite. The idea being that these tests can help us identify regressions whilst we work towards a more testable codebase, at which point the more traditional combination of unit and integration tests can take over. Ending up with a strong battery of UI tests is also a nice bonus :) Following on from my previous posts (here, here and here) I knew I wanted to use Selenium. I also figured that this would be a good excuse to put my xUnit [Browser] attribute to good use. Pretty quickly, I had a raft of tests that looked like the following (this particular example uses Reflector Pro). In a nut shell the test traverses our shopping cart and, for a particular combination of number of users and months of support, checks that the price calculations all come up with the correct values. [BrowserTheory] [Browser(Browsers.Firefox3_6, "http://www.red-gate.com")] public void Purchase1UserLicenceNoSupport(SeleniumProvider seleniumProvider) { //Arrange _browser = seleniumProvider.GetBrowser(); _browser.Open("http://www.red-gate.com/dynamic/shoppingCart/ProductOption.aspx?Product=ReflectorPro"); //Act _browser = ShoppingCartHelpers.TraverseShoppingCart(_browser, 1, 0, ".NET Reflector Pro"); //Assert var priceResult = PriceHelpers.GetNewPurchasePrice(db, "ReflectorPro", 1, 0, Currencies.Euros); Assert.Equal(priceResult.Price, _browser.GetText("ctl00_content_InvoiceShoppingItemRepeater_ctl01_Price")); Assert.Equal(priceResult.Tax, _browser.GetText("ctl00_content_InvoiceShoppingItemRepeater_ctl02_Tax")); Assert.Equal(priceResult.Total, _browser.GetText("ctl00_content_InvoiceShoppingItemRepeater_ctl02_Total")); } These tests are pretty concise, with much of the common code in the TraverseShoppingCart() and GetNewPurchasePrice() methods. The (inevitable) problem arose when it came to execute these tests en masse. Selenium is a very slick tool, but it can't mask the fact that UI automation is very slow. To give you an idea, the set of cases that covers all of our products, for all combinations of users and support, came to 372 tests (for now only considering purchases in dollars). In the world of automated integration tests, that's a very manageable number. For unit tests, it's a trifle. However for UI automation, those 372 tests were taking just over two hours to run. Two hours may not sound like a lot, but those cases only cover one of the three currencies we deal with, and only one of the many different ways our systems can be asked to calculate a price. It was already pretty clear at this point that in order for this approach to be viable, I was going to have to find a way to speed things up. Up to this point I had been using Selenium Remote Control to automate Firefox, as this was the approach I had used previously and it had worked well. Fortunately, the guys at SeleniumHQ also maintain a tool for executing multiple Selenium RC tests in parallel: Selenium Grid. Selenium Grid uses a central 'hub' to handle allocation of Selenium tests to individual RCs. The Remote Controls simply register themselves with the hub when they start, and then wait to be assigned work. The (for me) really clever part is that, as far as the client driver library is concerned, the grid hub looks exactly the same as a vanilla remote control. To create a new browser session against Selenium RC, the following C# code suffices: new DefaultSelenium("localhost", 4444, "*firefox", "http://www.red-gate.com"); This assumes that the RC is running on the local machine, and is listening on port 4444 (the default). Assuming the hub is running on your local machine, then to create a browser session in Selenium Grid, via the hub rather than directly against the control, the code is exactly the same! Behind the scenes, the hub will take this request and hand it off to one of the registered RCs that provides the "*firefox" execution environment. It will then pass all communications back and forth between the test runner and the remote control transparently. This makes running existing RC tests on a Selenium Grid a piece of cake, as the developers intended. For a more detailed description of exactly how Selenium Grid works, see this page. Once I had a test environment capable of running multiple tests in parallel, I needed a test runner capable of doing the same. Unfortunately, this does not currently exist for xUnit (boo!). MbUnit on the other hand, has the concept of concurrent execution baked right into the framework. So after swapping out my assembly references, and fixing up the resulting mismatches in assertions, my example test now looks like this: [Test] public void Purchase1UserLicenceNoSupport() { //Arrange ISelenium browser = BrowserHelpers.GetBrowser(); var db = DbHelpers.GetWebsiteDBDataContext(); browser.Start(); browser.Open("http://www.red-gate.com/dynamic/shoppingCart/ProductOption.aspx?Product=ReflectorPro"); //Act browser = ShoppingCartHelpers.TraverseShoppingCart(browser, 1, 0, ".NET Reflector Pro"); var priceResult = PriceHelpers.GetNewPurchasePrice(db, "ReflectorPro", 1, 0, Currencies.Euros); //Assert Assert.AreEqual(priceResult.Price, browser.GetText("ctl00_content_InvoiceShoppingItemRepeater_ctl01_Price")); Assert.AreEqual(priceResult.Tax, browser.GetText("ctl00_content_InvoiceShoppingItemRepeater_ctl02_Tax")); Assert.AreEqual(priceResult.Total, browser.GetText("ctl00_content_InvoiceShoppingItemRepeater_ctl02_Total")); } This is pretty much the same as the xUnit version. The exceptions are that the attributes have changed, the //Arrange phase now has to handle setting up the ISelenium object, as the attribute that previously did this has gone away, and the test now sets up its own database connection. Previously I was using a shared database connection, but this approach becomes more complicated when tests are being executed concurrently. To avoid complexity each test has its own connection, which it is responsible for closing. For the sake of readability, I snipped out the code that closes the browser session and the db connection at the end of the test. With all that done, there was only one more step required before the tests would execute concurrently. It is necessary to tell the test runner which tests are eligible to run in parallel, via the [Parallelizable] attribute. This can be done at the test, fixture or assembly level. Since I wanted to run all tests concurrently, I marked mine at the assembly level in the AssemblyInfo.cs using the following: [assembly: DegreeOfParallelism(3)] [assembly: Parallelizable(TestScope.All)] The second attribute marks all tests in the assembly as [Parallelizable], whilst the first tells the test runner how many concurrent threads to use when executing the tests. I set mine to three since I was using 3 RCs in separate VMs. With everything now in place, I fired up the Icarus* test runner that comes with MbUnit. Executing my 372 tests three at a time instead of one at a time reduced the running time from 2 hours 10 minutes, to 55 minutes, that's an improvement of about 58%! I'd like to have seen an improvement of 66%, but I can understand that either inefficiencies in the hub code, my test environment or the test runner code (or some combination of all three most likely) contributes to a slightly diminished improvement. That said, I'd love to hear about any experience you have in upping this efficiency. Ultimately though, it was a saving that was most definitely worth having. It makes regression testing via UI automation a far more plausible prospect. The other obvious point to make is that this approach scales far better than executing tests serially. So if ever we need to improve performance, we just register additional RC's with the hub, and up the DegreeOfParallelism. *This was just my personal preference for a GUI runner. The MbUnit/Gallio installer also provides a command line runner, a TestDriven.net runner, and a Resharper 4.5 runner. For now at least, Resharper 5 isn't supported.

Read the article
Using SQL Source Control with Fortress or Vault – Part 2

- by AjarnMark

In Part 1, I started talking about using Red-Gate’s newest version of SQL Source Control and how I really like it as a viable method to source control your database development. It looks like this is going to turn into a little series where I will explain how we have done things in the past, and how life is different with SQL Source Control. I will also explain some of my philosophy and methodology around deployment with these tools. But for now, let’s talk about some of the good and the bad of the tool itself. More Kudos and Features I mentioned previously how impressed I was with the responsiveness of Red-Gate’s team. I have been having an ongoing email conversation with Gyorgy Pocsi, and as I have run into problems or requested things behave a little differently, it has not been more than a day or two before a new Build is ready for me to download and test. Quite impressive! I’m sure much of the requests I put in were already in the plans, so I can’t really take credit for them, but throughout this conversation, Red-Gate has implemented several features that were not in the first Early Access version. Those include: Honoring the Fortress configuration option to require Work Item (Bug) IDs on check-ins. Adding the check-in comment text as a comment to the Work Item. Adding the list of checked-in files, along with the Fortress links for automatic History and DIFF view Updating the status of a Work Item on check-in (e.g. setting the item to Complete or, in our case “Dev-Complete”) Support for the Fortress 2.0 API, and not just the Vault Pro 5.1 API. (See later notes regarding support for Fortress 2.0). These were all features that I felt we really needed to have in-place before I could honestly consider converting my team to using SQL Source Control on a regular basis. Now that I have those, my only excuse is not wanting to switch boats on the team mid-stream. So when we wrap up our current release in a few weeks, we will make the jump. In the meantime, I will continue to bang on it to make sure it is stable. It passed one test for stability when I did a test load of one of our larger database schemas into Fortress with SQL Source Control. That database has about 150 tables, 200 User-Defined Functions and nearly 900 Stored Procedures. The initial load to source control went smoothly and took just a brief amount of time. Warnings Remember that this IS still in pre-release stage and while I have not had any problems after that first hiccup I wrote about last time, you still need to treat it with a healthy respect. As I understand it, the RTM is targeted for February. There are a couple more features that I hope make it into the final release version, but if not, they’ll probably be coming soon thereafter. Those are: A Browse feature to let me lookup the Work Item ID instead of having to remember it or look back in my Item details. This is just a matter of convenience. I normally have my Work Item list open anyway, so I can easily look it up, but hey, why not make it even easier. A multi-line comment area. The current space for writing check-in comments is a single-line text box. I would like to have a multi-line space as I sometimes write lengthy commentary. But I recognize that it is a struggle to get most developers to put in more than the word “fixed” as their comment, so this meets the need of the majority as-is, and it’s not a show-stopper for us. Merge. SQL Source Control currently does not have a Merge feature. If two or more people make changes to the same database object, you will get a warning of the conflict and have to choose which one wins (and then manually edit to include the others’ changes). I think it unlikely you will run into actual conflicts in Stored Procedures and Functions, but you might with Views or Tables. This will be nice to have, but I’m not losing any sleep over it. And I have multiple tools at my disposal to do merges manually, so really not a show-stopper for us. Automation has its limits. As cool as this automation is, it has its limits and there are some changes that you will be better off scripting yourself. For example, if you are refactoring table definitions, and want to change a column name, you can write that as a quick sp_rename command and preserve the data within that column. But because this tool is looking just at a before and after picture, it cannot tell that you just renamed a column. To the tool, it looks like you dropped one column and added another. This is not a knock against Red-Gate. All automated scripting tools have this issue, unless the are actively monitoring your every step to know exactly what you are doing. This means that when you go to Deploy your changes, SQL Compare will script the change as a column drop and add, or will attempt to rebuild the entire table. Unfortunately, neither of these approaches will preserve the existing data in that column the way an sp_rename will, and so you are better off scripting that change yourself. Thankfully, SQL Compare will produce warnings about the potential loss of data before it does the actual synchronization and give you a chance to intercept the script and do it yourself. Also, please note that the current official word is that SQL Source Control supports Vault Professional 5.1 and later. Vault Professional is the new name for what was previously known as Fortress. (You can read about the name change on SourceGear’s site.) The last version of Fortress was 2.x, and the API for Fortress 2.x is different from the API for Vault Pro. At my company, we are currently running Fortress 2.0, with plans to upgrade to Vault Pro early next year. Gyorgy was able to come up with a work-around for me to be able to use SQL Source Control with Fortress 2.0, even though it is not officially supported. If you are using Fortress 2.0 and want to use SQL Source Control, be aware that this is not officially supported, but it is working for us, and you can probably get the work-around instructions from Red-Gate if you’re really, really nice to them. Upcoming Topics Some of the other topics I will likely cover in this series over the next few weeks are: How we used to do source control back in the old days (a few weeks ago) before SQL Source Control was available to Vault users What happens when you restore a database that is linked to source control Handling multiple development branches of source code Concurrent Development practices and handling Conflicts Deployment Tips and Best Practices A recap after using the tool for a while

Read the article
Cisco ASA (Client VPN) to LAN - through second VPN to second LAN

- by user50855

We have 2 site that is linked by an IPSEC VPN to remote Cisco ASAs: Site 1 1.5Mb T1 Connection Cisco(1) 2841 Site 2 1.5Mb T1 Connection Cisco 2841 In addition: Site 1 has a 2nd WAN 3Mb bonded T1 Connection Cisco 5510 that connects to same LAN as Cisco(1) 2841. Basically, Remote Access (VPN) users connecting through Cisco ASA 5510 needs access to a service at the end of Site 2. This is due to the way the service is sold - Cisco 2841 routers are not under our management and it is setup to allow connection from local LAN VLAN 1 IP address 10.20.0.0/24. My idea is to have all traffic from Remote Users through Cisco ASA destined for Site 2 to go via the VPN between Site 1 and Site 2. The end result being all traffic that hits Site 2 has come via Site 1. I'm struggling to find a great deal of information on how this is setup. So, firstly, can anyone confirm that what I'm trying to achieve is possible? Secondly, can anyone help me to correct the configuration bellow or point me in the direction of an example of such a configuration? Many Thanks. interface Ethernet0/0 nameif outside security-level 0 ip address 7.7.7.19 255.255.255.240 interface Ethernet0/1 nameif inside security-level 100 ip address 10.20.0.249 255.255.255.0 object-group network group-inside-vpnclient description All inside networks accessible to vpn clients network-object 10.20.0.0 255.255.255.0 network-object 10.20.1.0 255.255.255.0 object-group network group-adp-network description ADP IP Address or network accessible to vpn clients network-object 207.207.207.173 255.255.255.255 access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit icmp any any source-quench access-list outside_access_in extended permit icmp any any unreachable access-list outside_access_in extended permit icmp any any time-exceeded access-list outside_access_in extended permit tcp any host 7.7.7.20 eq smtp access-list outside_access_in extended permit tcp any host 7.7.7.20 eq https access-list outside_access_in extended permit tcp any host 7.7.7.20 eq pop3 access-list outside_access_in extended permit tcp any host 7.7.7.20 eq www access-list outside_access_in extended permit tcp any host 7.7.7.21 eq www access-list outside_access_in extended permit tcp any host 7.7.7.21 eq https access-list outside_access_in extended permit tcp any host 7.7.7.21 eq 5721 access-list acl-vpnclient extended permit ip object-group group-inside-vpnclient any access-list acl-vpnclient extended permit ip object-group group-inside-vpnclient object-group group-adp-network access-list acl-vpnclient extended permit ip object-group group-adp-network object-group group-inside-vpnclient access-list PinesFLVPNTunnel_splitTunnelAcl standard permit 10.20.0.0 255.255.255.0 access-list inside_nat0_outbound_1 extended permit ip 10.20.0.0 255.255.255.0 10.20.1.0 255.255.255.0 access-list inside_nat0_outbound_1 extended permit ip 10.20.0.0 255.255.255.0 host 207.207.207.173 access-list inside_nat0_outbound_1 extended permit ip 10.20.1.0 255.255.255.0 host 207.207.207.173 ip local pool VPNPool 10.20.1.100-10.20.1.200 mask 255.255.255.0 route outside 0.0.0.0 0.0.0.0 7.7.7.17 1 route inside 207.207.207.173 255.255.255.255 10.20.0.3 1 crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 288000 crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set reverse-route crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto map outside_dyn_map 20 match address acl-vpnclient crypto map outside_dyn_map 20 set security-association lifetime seconds 28800 crypto map outside_dyn_map 20 set security-association lifetime kilobytes 4608000 crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 20 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 group-policy YeahRightflVPNTunnel internal group-policy YeahRightflVPNTunnel attributes wins-server value 10.20.0.9 dns-server value 10.20.0.9 vpn-tunnel-protocol IPSec password-storage disable pfs disable split-tunnel-policy tunnelspecified split-tunnel-network-list value acl-vpnclient default-domain value YeahRight.com group-policy YeahRightFLVPNTunnel internal group-policy YeahRightFLVPNTunnel attributes wins-server value 10.20.0.9 dns-server value 10.20.0.9 10.20.0.7 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value YeahRightFLVPNTunnel_splitTunnelAcl default-domain value yeahright.com tunnel-group YeahRightFLVPN type remote-access tunnel-group YeahRightFLVPN general-attributes address-pool VPNPool tunnel-group YeahRightFLVPNTunnel type remote-access tunnel-group YeahRightFLVPNTunnel general-attributes address-pool VPNPool authentication-server-group WinRadius default-group-policy YeahRightFLVPNTunnel tunnel-group YeahRightFLVPNTunnel ipsec-attributes pre-shared-key *

Read the article
Juju Zookeeper & Provisioning Agent Not Deployed

- by Keith Tobin

I am using juju with the openstack provider, i expected that when i bootstrap that zookeeper and provisioning agent would get deployed on the bootstrap vm in openstack. This dose not seem to be the case. the bootstrap vm gets deployed but it seems that nothing gets deployed to the VM. See logs below, I may be missing something, also how is it possible to log on the bootstrap vm. Could I manual deploy, if so what do I need to do. Juju Bootstrap commend root@cinder01:/home/cinder# juju -v bootstrap 2012-10-12 03:21:20,976 DEBUG Initializing juju bootstrap runtime 2012-10-12 03:21:20,982 WARNING Verification of xxxxS certificates is disabled for this environment. Set 'ssl-hostname-verification' to ensure secure communication. 2012-10-12 03:21:20,982 DEBUG openstack: using auth-mode 'userpass' with xxxx:xxxxxx.10:35357/v2.0/ 2012-10-12 03:21:21,064 DEBUG openstack: authenticated til u'2012-10-13T08:21:13Z' 2012-10-12 03:21:21,064 DEBUG openstack: GET 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors' 2012-10-12 03:21:21,091 DEBUG openstack: 200 '{"flavors": [{"id": "3", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/3", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/3", "rel": "bookmark"}], "name": "m1.medium"}, {"id": "4", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/4", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/4", "rel": "bookmark"}], "name": "m1.large"}, {"id": "1", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/1", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/1", "rel": "bookmark"}], "name": "m1.tiny"}, {"id": "5", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/5", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/5", "rel": "bookmark"}], "name": "m1.xlarge"}, {"id": "2", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/2", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/2", "rel": "bookmark"}], "name": "m1.small"}]}' 2012-10-12 03:21:21,091 INFO Bootstrapping environment 'openstack' (origin: ppa type: openstack)... 2012-10-12 03:21:21,091 DEBUG access object-store @ xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/provider-state 2012-10-12 03:21:21,092 DEBUG openstack: GET 'xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/provider-state' 2012-10-12 03:21:21,165 DEBUG openstack: 200 '{}\n' 2012-10-12 03:21:21,165 DEBUG Verifying writable storage 2012-10-12 03:21:21,165 DEBUG access object-store @ xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/bootstrap-verify 2012-10-12 03:21:21,166 DEBUG openstack: PUT 'xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/bootstrap-verify' 2012-10-12 03:21:21,251 DEBUG openstack: 201 '201 Created\n\n\n\n ' 2012-10-12 03:21:21,251 DEBUG Launching juju bootstrap instance. 2012-10-12 03:21:21,271 DEBUG access object-store @ xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/juju_master_id 2012-10-12 03:21:21,273 DEBUG access compute @ xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-security-groups 2012-10-12 03:21:21,273 DEBUG openstack: GET 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-security-groups' 2012-10-12 03:21:21,321 DEBUG openstack: 200 '{"security_groups": [{"rules": [{"from_port": -1, "group": {}, "ip_protocol": "icmp", "to_port": -1, "parent_group_id": 1, "ip_range": {"cidr": "0.0.0.0/0"}, "id": 7}, {"from_port": 22, "group": {}, "ip_protocol": "tcp", "to_port": 22, "parent_group_id": 1, "ip_range": {"cidr": "0.0.0.0/0"}, "id": 38}], "tenant_id": "d5f52673953f49e595279e89ddde979d", "id": 1, "name": "default", "description": "default"}]}' 2012-10-12 03:21:21,322 DEBUG Creating juju security group juju-openstack 2012-10-12 03:21:21,322 DEBUG openstack: POST 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-security-groups' 2012-10-12 03:21:21,401 DEBUG openstack: 200 '{"security_group": {"rules": [], "tenant_id": "d5f52673953f49e595279e89ddde979d", "id": 48, "name": "juju-openstack", "description": "juju group for openstack"}}' 2012-10-12 03:21:21,401 DEBUG openstack: POST 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-security-group-rules' 2012-10-12 03:21:21,504 DEBUG openstack: 200 '{"security_group_rule": {"from_port": 22, "group": {}, "ip_protocol": "tcp", "to_port": 22, "parent_group_id": 48, "ip_range": {"cidr": "0.0.0.0/0"}, "id": 54}}' 2012-10-12 03:21:21,504 DEBUG openstack: POST 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-security-group-rules' 2012-10-12 03:21:21,647 DEBUG openstack: 200 '{"security_group_rule": {"from_port": 1, "group": {"tenant_id": "d5f52673953f49e595279e89ddde979d", "name": "juju-openstack"}, "ip_protocol": "tcp", "to_port": 65535, "parent_group_id": 48, "ip_range": {}, "id": 55}}' 2012-10-12 03:21:21,647 DEBUG openstack: POST 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-security-group-rules' 2012-10-12 03:21:21,791 DEBUG openstack: 200 '{"security_group_rule": {"from_port": 1, "group": {"tenant_id": "d5f52673953f49e595279e89ddde979d", "name": "juju-openstack"}, "ip_protocol": "udp", "to_port": 65535, "parent_group_id": 48, "ip_range": {}, "id": 56}}' 2012-10-12 03:21:21,792 DEBUG Creating machine security group juju-openstack-0 2012-10-12 03:21:21,792 DEBUG openstack: POST 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-security-groups' 2012-10-12 03:21:21,871 DEBUG openstack: 200 '{"security_group": {"rules": [], "tenant_id": "d5f52673953f49e595279e89ddde979d", "id": 49, "name": "juju-openstack-0", "description": "juju group for openstack machine 0"}}' 2012-10-12 03:21:21,871 DEBUG access compute @ xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/detail 2012-10-12 03:21:21,871 DEBUG openstack: GET 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/detail' 2012-10-12 03:21:21,906 DEBUG openstack: 200 '{"flavors": [{"vcpus": 2, "disk": 10, "name": "m1.medium", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/3", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/3", "rel": "bookmark"}], "rxtx_factor": 1.0, "OS-FLV-EXT-DATA:ephemeral": 40, "ram": 4096, "id": "3", "swap": ""}, {"vcpus": 4, "disk": 10, "name": "m1.large", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/4", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/4", "rel": "bookmark"}], "rxtx_factor": 1.0, "OS-FLV-EXT-DATA:ephemeral": 80, "ram": 8192, "id": "4", "swap": ""}, {"vcpus": 1, "disk": 0, "name": "m1.tiny", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/1", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/1", "rel": "bookmark"}], "rxtx_factor": 1.0, "OS-FLV-EXT-DATA:ephemeral": 0, "ram": 512, "id": "1", "swap": ""}, {"vcpus": 8, "disk": 10, "name": "m1.xlarge", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/5", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/5", "rel": "bookmark"}], "rxtx_factor": 1.0, "OS-FLV-EXT-DATA:ephemeral": 160, "ram": 16384, "id": "5", "swap": ""}, {"vcpus": 1, "disk": 10, "name": "m1.small", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/flavors/2", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/2", "rel": "bookmark"}], "rxtx_factor": 1.0, "OS-FLV-EXT-DATA:ephemeral": 20, "ram": 2048, "id": "2", "swap": ""}]}' 2012-10-12 03:21:21,907 DEBUG access compute @ xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers 2012-10-12 03:21:21,907 DEBUG openstack: POST 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers' 2012-10-12 03:21:22,284 DEBUG openstack: 202 '{"server": {"OS-DCF:diskConfig": "MANUAL", "id": "a598b402-8678-4447-baeb-59255409a023", "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023", "rel": "bookmark"}], "adminPass": "SuFp48cZzdo4"}}' 2012-10-12 03:21:22,284 DEBUG access object-store @ xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/juju_master_id 2012-10-12 03:21:22,285 DEBUG openstack: PUT 'xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/juju_master_id' 2012-10-12 03:21:22,375 DEBUG openstack: 201 '201 Created\n\n\n\n ' 2012-10-12 03:21:27,379 DEBUG Waited for 5 seconds for networking on server u'a598b402-8678-4447-baeb-59255409a023' 2012-10-12 03:21:27,380 DEBUG access compute @ xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023 2012-10-12 03:21:27,380 DEBUG openstack: GET 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023' 2012-10-12 03:21:27,556 DEBUG openstack: 200 '{"server": {"OS-EXT-STS:task_state": "networking", "addresses": {"private": [{"version": 4, "addr": "10.0.0.8"}]}, "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023", "rel": "bookmark"}], "image": {"id": "5bf60467-0136-4471-9818-e13ade75a0a1", "links": [{"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/images/5bf60467-0136-4471-9818-e13ade75a0a1", "rel": "bookmark"}]}, "OS-EXT-STS:vm_state": "building", "OS-EXT-SRV-ATTR:instance_name": "instance-00000060", "flavor": {"id": "1", "links": [{"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/1", "rel": "bookmark"}]}, "id": "a598b402-8678-4447-baeb-59255409a023", "user_id": "01610f73d0fb4922aefff09f2627e50c", "OS-DCF:diskConfig": "MANUAL", "accessIPv4": "", "accessIPv6": "", "progress": 0, "OS-EXT-STS:power_state": 0, "config_drive": "", "status": "BUILD", "updated": "2012-10-12T08:21:23Z", "hostId": "1cdb25708fb8e464d83a69fe4a024dcd5a80baf24a82ec28f9d9f866", "OS-EXT-SRV-ATTR:host": "nova01", "key_name": "", "OS-EXT-SRV-ATTR:hypervisor_hostname": null, "name": "juju openstack instance 0", "created": "2012-10-12T08:21:22Z", "tenant_id": "d5f52673953f49e595279e89ddde979d", "metadata": {}}}' 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 2012-10-12 03:21:27,557 DEBUG access compute @ xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-floating-ips 2012-10-12 03:21:27,557 DEBUG openstack: GET 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/os-floating-ips' 2012-10-12 03:21:27,815 DEBUG openstack: 200 '{"floating_ips": [{"instance_id": "a0e0df11-91c0-4801-95b3-62d910d729e9", "ip": "xxxx.35", "fixed_ip": "10.0.0.5", "id": 447, "pool": "nova"}, {"instance_id": "b84f1a42-7192-415e-8650-ebb1aa56e97f", "ip": "xxxx.36", "fixed_ip": "10.0.0.6", "id": 448, "pool": "nova"}, {"instance_id": null, "ip": "xxxx.37", "fixed_ip": null, "id": 449, "pool": "nova"}, {"instance_id": null, "ip": "xxxx.38", "fixed_ip": null, "id": 450, "pool": "nova"}, {"instance_id": null, "ip": "xxxx.39", "fixed_ip": null, "id": 451, "pool": "nova"}, {"instance_id": null, "ip": "xxxx.40", "fixed_ip": null, "id": 452, "pool": "nova"}, {"instance_id": null, "ip": "xxxx.41", "fixed_ip": null, "id": 453, "pool": "nova"}]}' 2012-10-12 03:21:27,815 DEBUG access compute @ xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023/action 2012-10-12 03:21:27,816 DEBUG openstack: POST 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023/action' 2012-10-12 03:21:28,356 DEBUG openstack: 202 '' 2012-10-12 03:21:28,356 DEBUG access object-store @ xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/provider-state 2012-10-12 03:21:28,357 DEBUG openstack: PUT 'xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/provider-state' 2012-10-12 03:21:28,446 DEBUG openstack: 201 '201 Created\n\n\n\n ' 2012-10-12 03:21:28,446 INFO 'bootstrap' command finished successfully Juju Status Command root@cinder01:/home/cinder# juju -v status 2012-10-12 03:23:28,314 DEBUG Initializing juju status runtime 2012-10-12 03:23:28,320 WARNING Verification of xxxxS certificates is disabled for this environment. Set 'ssl-hostname-verification' to ensure secure communication. 2012-10-12 03:23:28,320 DEBUG openstack: using auth-mode 'userpass' with xxxx:xxxxxx.10:35357/v2.0/ 2012-10-12 03:23:28,320 INFO Connecting to environment... 2012-10-12 03:23:28,403 DEBUG openstack: authenticated til u'2012-10-13T08:23:20Z' 2012-10-12 03:23:28,403 DEBUG access object-store @ xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/provider-state 2012-10-12 03:23:28,403 DEBUG openstack: GET 'xxxx:xx10.49.113.11:8080/v1/AUTH_d5f52673953f49e595279e89ddde979d/juju-hpc-az1-cb/provider-state' 2012-10-12 03:23:35,480 DEBUG openstack: 200 'zookeeper-instances: [a598b402-8678-4447-baeb-59255409a023]\n' 2012-10-12 03:23:35,480 DEBUG access compute @ xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023 2012-10-12 03:23:35,480 DEBUG openstack: GET 'xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023' 2012-10-12 03:23:35,662 DEBUG openstack: 200 '{"server": {"OS-EXT-STS:task_state": null, "addresses": {"private": [{"version": 4, "addr": "10.0.0.8"}, {"version": 4, "addr": "xxxx.37"}]}, "links": [{"href": "xxxx:xxxxxx.15:8774/v1.1/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023", "rel": "self"}, {"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/servers/a598b402-8678-4447-baeb-59255409a023", "rel": "bookmark"}], "image": {"id": "5bf60467-0136-4471-9818-e13ade75a0a1", "links": [{"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/images/5bf60467-0136-4471-9818-e13ade75a0a1", "rel": "bookmark"}]}, "OS-EXT-STS:vm_state": "active", "OS-EXT-SRV-ATTR:instance_name": "instance-00000060", "flavor": {"id": "1", "links": [{"href": "xxxx:xxxxxx.15:8774/d5f52673953f49e595279e89ddde979d/flavors/1", "rel": "bookmark"}]}, "id": "a598b402-8678-4447-baeb-59255409a023", "user_id": "01610f73d0fb4922aefff09f2627e50c", "OS-DCF:diskConfig": "MANUAL", "accessIPv4": "", "accessIPv6": "", "progress": 0, "OS-EXT-STS:power_state": 1, "config_drive": "", "status": "ACTIVE", "updated": "2012-10-12T08:21:40Z", "hostId": "1cdb25708fb8e464d83a69fe4a024dcd5a80baf24a82ec28f9d9f866", "OS-EXT-SRV-ATTR:host": "nova01", "key_name": "", "OS-EXT-SRV-ATTR:hypervisor_hostname": null, "name": "juju openstack instance 0", "created": "2012-10-12T08:21:22Z", "tenant_id": "d5f52673953f49e595279e89ddde979d", "metadata": {}}}' 2012-10-12 03:23:35,663 DEBUG Connecting to environment using xxxx.37... 2012-10-12 03:23:35,663 DEBUG Spawning SSH process with remote_user="ubuntu" remote_host="xxxx.37" remote_port="2181" local_port="45859". 2012-10-12 03:23:36,173:4355(0x7fd581973700):ZOO_INFO@log_env@658: Client environment:zookeeper.version=zookeeper C client 3.3.5 2012-10-12 03:23:36,173:4355(0x7fd581973700):ZOO_INFO@log_env@662: Client environment:host.name=cinder01 2012-10-12 03:23:36,174:4355(0x7fd581973700):ZOO_INFO@log_env@669: Client environment:os.name=Linux 2012-10-12 03:23:36,174:4355(0x7fd581973700):ZOO_INFO@log_env@670: Client environment:os.arch=3.2.0-23-generic 2012-10-12 03:23:36,174:4355(0x7fd581973700):ZOO_INFO@log_env@671: Client environment:os.version=#36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 2012-10-12 03:23:36,174:4355(0x7fd581973700):ZOO_INFO@log_env@679: Client environment:user.name=cinder 2012-10-12 03:23:36,174:4355(0x7fd581973700):ZOO_INFO@log_env@687: Client environment:user.home=/root 2012-10-12 03:23:36,175:4355(0x7fd581973700):ZOO_INFO@log_env@699: Client environment:user.dir=/home/cinder 2012-10-12 03:23:36,175:4355(0x7fd581973700):ZOO_INFO@zookeeper_init@727: Initiating client connection, host=localhost:45859 sessionTimeout=10000 watcher=0x7fd57f9146b0 sessionId=0 sessionPasswd= context=0x2c1dab0 flags=0 2012-10-12 03:23:36,175:4355(0x7fd577fff700):ZOO_ERROR@handle_socket_error_msg@1579: Socket [127.0.0.1:45859] zk retcode=-4, errno=111(Connection refused): server refused to accept the client 2012-10-12 03:23:39,512:4355(0x7fd577fff700):ZOO_ERROR@handle_socket_error_msg@1579: Socket [127.0.0.1:45859] zk retcode=-4, errno=111(Connection refused): server refused to accept the client 2012-10-12 03:23:42,848:4355(0x7fd577fff700):ZOO_ERROR@handle_socket_error_msg@1579: Socket [127.0.0.1:45859] zk retcode=-4, errno=111(Connection refused): server refused to accept the client ^Croot@cinder01:/home/cinder#

Read the article
Spring maven error

- by benaissa

Hello, I'm using spring MVC with maven to develop a web application, but when i update dependencies maven i get this message: 5/6/10 10:09:50 AM CEST: Build errors for amundsen.web; org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:2.4.1:resources (default-resources) on project amundsen.web: Execution default-resources of goal org.apache.maven.plugins:maven-resources-plugin:2.4.1:resources failed: Plugin org.apache.maven.plugins:maven-resources-plugin:2.4.1 or one of its dependencies could not be resolved: Unable to get dependency information for org.apache.maven.plugins:maven-resources-plugin:maven-plugin:2.4.1: Failed to process POM for org.apache.maven.plugins:maven-resources-plugin:maven-plugin:2.4.1: Non-resolvable parent POM org.apache:apache:6 for org.apache.maven:maven-parent:13: Failed to resolve POM for org.apache:apache:6 due to The repository system is offline and the requested artifact is not locally available at /home/waleed/.m2/repository/org/apache/apache/6/apache-6.pom org.apache:apache:pom:6 from the specified remote repositories: plexus.snapshots (http://oss.repository.sonatype.org/content/repositories/plexus-snapshots, releases=false, snapshots=true), central (http://repo1.maven.org/maven2, releases=true, snapshots=false) my Maven dependencies are:  <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>${junit.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>cglib</groupId> <artifactId>cglib</artifactId> <version>2.2</version> </dependency> <dependency> <groupId>commons-lang</groupId> <artifactId>commons-lang</artifactId> <version>2.3</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>com.springsource.javax.servlet.jsp.jstl</artifactId> <version>${servlet.jstl.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>${servlet-api.version}</version> </dependency> <dependency> <groupId>org.apache.taglibs</groupId> <artifactId>com.springsource.org.apache.taglibs.standard</artifactId> <version>${standard-taglib.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>${spring.version}</version> </dependency>  <dependency> <groupId>org.apache.commons</groupId> <artifactId>com.springsource.org.apache.commons.collections</artifactId> </dependency>  <dependency> <groupId>org.apache.log4j</groupId> <artifactId>com.springsource.org.apache.log4j</artifactId> </dependency>  <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.core</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.aop</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.expression</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.context</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.context.support</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.beans</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.orm</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>org.springframework.transaction</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> </dependency>  <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <exclusions> <exclusion> <artifactId>spring-aop</artifactId> <groupId>org.springframework</groupId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core-tiger</artifactId> <version>${spring-security-core-tiger.version}</version> <exclusions>  <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-support</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-acl</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <version>${commons-dbc.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-core</artifactId> <version>3.3.1.GA</version> </dependency>  <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-annotations</artifactId> <version>3.4.0.GA</version> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-validator</artifactId> <version>3.1.0.GA</version> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-commons-annotations</artifactId> <version>3.3.0.ga</version> <exclusions> <exclusion> <groupId>org.hibernate</groupId> <artifactId>hibernate</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>hibernate</groupId> <artifactId>hibernate-entitymanager</artifactId> <version>3.4.0.GA</version> </dependency> <dependency> <groupId>hibernate</groupId> <artifactId>hibernate-tools</artifactId> <version>3.2.3.GA</version> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>ejb3-persistence</artifactId> <version>1.0.2.GA</version> </dependency> <dependency> <groupId>commons-collections</groupId> <artifactId>commons-collections</artifactId> <version>3.2.1</version> </dependency> <dependency> <groupId>javax.transaction</groupId> <artifactId>jta</artifactId> <version>${jta.version}</version> </dependency> <dependency> <groupId>antlr</groupId> <artifactId>antlr</artifactId> <version>${antlr.version}</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql-connector-java.version}</version> </dependency>  <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.5.6</version> </dependency> <dependency> <groupId>javax.mail</groupId> <artifactId>mail</artifactId> <version>1.4</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.5.11</version> </dependency> </dependencies>

Read the article
Week in Geek: US Govt E-card Scam Siphons Confidential Data Edition

- by Asian Angel

This week we learned how to “back up photos to Flickr, automate repetitive tasks, & normalize MP3 volume”, enable “stereo mix” in Windows 7 to record audio, create custom papercraft toys, read up on three alternatives to Apple’s flaky iOS alarm clock, decorated our desktops & app docks with Google icon packs, and more. Photo by alexschlegel. Random Geek Links It has been a busy week on the security & malware fronts and we have a roundup of the latest news to help keep you updated. Photo by TopTechWriter.US. US govt e-card scam hits confidential data A fake U.S. government Christmas e-card has managed to siphon off gigabytes of sensitive data from a number of law enforcement and military staff who work on cybersecurity matters, many of whom are involved in computer crime investigations. Security tool uncovers multiple bugs in every browser Michal Zalewski reports that he discovered the vulnerability in Internet Explorer a while ago using his cross_fuzz fuzzing tool and reported it to Microsoft in July 2010. Zalewski also used cross_fuzz to discover bugs in other browsers, which he also reported to the relevant organisations. Microsoft to fix Windows holes, but not ones in IE Microsoft said that it will release two security bulletins next week fixing three holes in Windows, but it is still investigating or working on fixing holes in Internet Explorer that have been reportedly exploited in attacks. Microsoft warns of Windows flaw affecting image rendering Microsoft has warned of a Windows vulnerability that could allow an attacker to take control of a computer if the user is logged on with administrative rights. Windows 7 Not Affected by Critical 0-Day in the Windows Graphics Rendering Engine While confirming that details on a Critical zero-day vulnerability have made their way into the wild, Microsoft noted that customers running the latest iteration of Windows client and server platforms are not exposed to any risks. Microsoft warns of Office-related malware Microsoft’s Malware Protection Center issued a warning this week that it has spotted malicious code on the Internet that can take advantage of a flaw in Word and infect computers after a user does nothing more than read an e-mail. *Refers to a flaw that was addressed in the November security patch releases. Make sure you have all of the latest security updates installed. Unpatched hole in ImgBurn disk burning application According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user’s system. Hole in VLC Media Player Virtual Security Research (VSR) has identified a vulnerability in VLC Media Player. In versions up to and including 1.1.5 of the VLC Media Player. Flash Player sandbox can be bypassed Flash applications run locally can read local files and send them to an online server – something which the sandbox is supposed to prevent. Chinese auction site touts hacked iTunes accounts Tens of thousands of reportedly hacked iTunes accounts have been found on Chinese auction site Taobao, but the company claims it is unable to take action unless there are direct complaints. What happened in the recent Hotmail outage Mike Schackwitz explains the cause of the recent Hotmail outage. DOJ sends order to Twitter for Wikileaks-related account info The U.S. Justice Department has obtained a court order directing Twitter to turn over information about the accounts of activists with ties to Wikileaks, including an Icelandic politician, a legendary Dutch hacker, and a U.S. computer programmer. Google gets court to block Microsoft Interior Department e-mail win The U.S. Federal Claims Court has temporarily blocked Microsoft from proceeding with the $49.3 million, five-year DOI contract that it won this past November. Google Apps customers get email lockdown Companies and organisations using Google Apps are now able to restrict the email access of selected users. LibreOffice Is the Default Office Suite for Ubuntu 11.04 Matthias Klose has announced some details regarding the replacement of the old OpenOffice.org 3.2.1 packages with the new LibreOffice 3.3 ones, starting with the upcoming Ubuntu 11.04 (Natty Narwhal) Alpha 2 release. Sysadmin Geek Tips Photo by Filomena Scalise. How to Setup Software RAID for a Simple File Server on Ubuntu Do you need a file server that is cheap and easy to setup, “rock solid” reliable, and has Email Alerting? This tutorial shows you how to use Ubuntu, software RAID, and SaMBa to accomplish just that. How to Control the Order of Startup Programs in Windows While you can specify the applications you want to launch when Windows starts, the ability to control the order in which they start is not available. However, there are a couple of ways you can easily overcome this limitation and control the startup order of applications. Random TinyHacker Links Using Opera Unite to Send Large Files A tutorial on using Opera Unite to easily send huge files from your computer. WorkFlowy is a Useful To-do List Tool A cool to-do list tool that lets you integrate multiple tasks in one single list easily. Playing Flash Videos on iOS Devices Yes, you can play flash videos on jailbroken iPhones. Here’s a tutorial. Clear Safari History and Cookies On iPhone A tutorial on clearing your browser history on iPhone and other iOS devices. Monitor Your Internet Usage Here’s a cool, cross-platform tool to monitor your internet bandwidth. Super User Questions See what the community had to say on these popular questions from Super User this week. Why is my upload speed much less than my download speed? Where should I find drivers for my laptop if it didn’t come with a driver disk? OEM Office 2010 without media – how to reinstall? Is there a point to using theft tracking software like Prey on my laptop, if you have login security? Moving an “all-in-one” PC when turned on/off How-To Geek Weekly Article Recap Get caught up on your HTG reading with our hottest articles from this past week. How to Combine Rescue Disks to Create the Ultimate Windows Repair Disk How To Boot 10 Different Live CDs From 1 USB Flash Drive What is Camera Raw, and Why Would a Professional Prefer it to JPG? Did You Know Facebook Has Built-In Shortcut Keys? The How-To Geek Guide to Audio Editing: The Basics One Year Ago on How-To Geek Enjoy looking through our latest gathering of retro article goodness. Learning Windows 7: Create a Homegroup & Join a New Computer To It How To Disconnect a Machine from a Homegroup Use Remote Desktop To Access Other Computers On a Small Office or Home Network How To Share Files and Printers Between Windows 7 and Vista Allow Users To Run Only Specified Programs in Windows 7 The Geek Note That is all we have for you this week and we hope your first week back at work or school has gone very well now that the holidays are over. Know a great tip? Send it in to us at [email protected]. Photo by Pamela Machado. Latest Features How-To Geek ETC HTG Projects: How to Create Your Own Custom Papercraft Toy How to Combine Rescue Disks to Create the Ultimate Windows Repair Disk What is Camera Raw, and Why Would a Professional Prefer it to JPG? The How-To Geek Guide to Audio Editing: The Basics How To Boot 10 Different Live CDs From 1 USB Flash Drive The 20 Best How-To Geek Linux Articles of 2010 Arctic Theme for Windows 7 Gives Your Desktop an Icy Touch Install LibreOffice via PPA and Receive Auto-Updates in Ubuntu Creative Portraits Peek Inside the Guts of Modern Electronics Scenic Winter Lane Wallpaper to Create a Relaxing Mood Access Your Web Apps Directly Using the Context Menu in Chrome The Deep – Awesome Use of Metal Objects as Deep Sea Creatures [Video]

Read the article
The challenge of communicating externally with IRM secured content

- by Simon Thorpe

I am often asked by customers about how they handle sending IRM secured documents to external parties. Their concern is that using IRM to secure sensitive information they need to share outside their business, is troubled with the inability for third parties to install the software which enables them to gain access to the information. It is a very legitimate question and one i've had to answer many times in the past 10 years whilst helping customers plan successful IRM deployments. The operating system does not provide the required level of content security The problem arises from what IRM delivers, persistent security to your sensitive information where ever it resides and whenever it is in use. Oracle IRM gives customers an array of features that help ensure sensitive information in an IRM document or email is always protected and only accessed by authorized users using legitimate applications. Examples of such functionality are; Control of the clipboard, either by disabling completely in the opened document or by allowing the cut and pasting of information between secured IRM documents but not into insecure applications. Protection against programmatic access to the document. Office documents and PDF documents have the ability to be accessed by other applications and scripts. With Oracle IRM we have to protect against this to ensure content cannot be leaked by someone writing a simple program. Securing of decrypted content in memory. At some point during the process of opening and presenting a sealed document to an end user, we must decrypt it and give it to the application (Adobe Reader, Microsoft Word, Excel etc). This process must be secure so that someone cannot simply get access to the decrypted information. The operating system alone just doesn't have the functionality to deliver these types of features. This is why for every IRM technology there must be some extra software installed and typically this software requires administrative rights to do so. The fact is that if you want to have very strong security and access control over a document you are going to send to someone who is beyond your network infrastructure, there must be some software to provide that functionality. Simple installation with Oracle IRM The software used to control access to Oracle IRM sealed content is called the Oracle IRM Desktop. It is a small, free piece of software roughly about 12mb in size. This software delivers functionality for everything a user needs to work with an Oracle IRM solution. It provides the functionality for all formats we support, the storage and transparent synchronization of user rights and unique to Oracle, the ability to search inside sealed files stored on the local computer. In Oracle we've made every technical effort to ensure that installing this software is a simple as possible. In situations where the user's computer is part of the enterprise, this software is typically deployed using existing technologies such as Systems Management Server from Microsoft or by using Active Directory Group Policies. However when sending sealed content externally, you cannot automatically install software on the end users machine. You need to rely on them to download and install themselves. Again we've made every effort for this manual install process to be as simple as we can. Starting with the small download size of the software itself to the simple installation process, most end users are able to install and access sealed content very quickly. You can see for yourself how easily this is done by walking through our free and easy self service demonstration of using sealed content. How to handle objections and ensure there is value However the fact still remains that end users may object to installing, or may simply be unable to install the software themselves due to lack of permissions. This is often a problem with any technology that requires specialized software to access a new type of document. In Oracle, over the past 10 years, we've learned many ways to get over this barrier of getting software deployed by external users. First and I would say of most importance, is the content MUST have some value to the person you are asking to install software. Without some type of value proposition you are going to find it very difficult to get past objections to installing the IRM Desktop. Imagine if you were going to secure the weekly campus restaurant menu and send this to contractors. Their initial response will be, "why on earth are you asking me to download some software just to access your menu!?". A valid objection... there is no value to the user in doing this. Now consider the scenario where you are sending one of your contractors their employment contract which contains their address, social security number and bank account details. Are they likely to take 5 minutes to install the IRM Desktop? You bet they are, because there is real value in doing so and they understand why you are doing it. They want their personal information to be securely handled and a quick download and install of some software is a small task in comparison to dealing with the loss of this information. Be clear in communicating this value So when sending sealed content to people externally, you must be clear in communicating why you are using an IRM technology and why they need to install some software to access the content. Do not try and avoid the issue, you must be clear and upfront about it. In doing so you will significantly reduce the "I didn't know I needed to do this..." responses and also gain respect for being straight forward. One customer I worked with, 6 months after the initial deployment of Oracle IRM, called me panicking that the partner they had started to share their engineering documents with refused to install any software to access this highly confidential intellectual property. I explained they had to communicate to the partner why they were doing this. I told them to go back with the statement that "the company takes protecting its intellectual property seriously and had decided to use IRM to control access to engineering documents." and if the partner didn't respect this decision, they would find another company that would. The result? A few days later the partner had made the Oracle IRM Desktop part of their approved list of software in the company. Companies are successful when sending sealed content to third parties We have many, many customers who send sensitive content to third parties. Some customers actually sell access to Oracle IRM protected content and therefore 99% of their users are external to their business, one in particular has sold content to hundreds of thousands of external users. Oracle themselves use the technology to secure M&A documents, payroll data and security assessments which go beyond the traditional enterprise security perimeter. Pretty much every company who deploys Oracle IRM will at some point be sending those documents to people outside of the company, these customers must be successful otherwise Oracle IRM wouldn't be successful. Because our software is used by a wide variety of companies, some who use it to sell content, i've often run into people i'm sharing a sealed document with and they already have the IRM Desktop installed due to accessing content from another company. The future In summary I would say that yes, this is a hurdle that many customers are concerned about but we see much evidence that in practice, people leap that hurdle with relative ease as long as they are good at communicating the value of using IRM and also take measures to ensure end users can easily go through the process of installation. We are constantly developing new ideas to reducing this hurdle and maybe one day the operating systems will give us enough rich security functionality to have no software installation. Until then, Oracle IRM is by far the easiest solution to balance security and usability for your business. If you would like to evaluate it for yourselves, please contact us.

Read the article
Finding the groups of a user in WLS with OPSS

- by user12587121

How to find the group memberships for a user from a web application running in Weblogic server ? This is useful for building up the profile of the user for security purposes for example. WLS as a container offers an identity store service which applications can access to query and manage identities known to the container. This article for example shows how to recover the groups of the current user, but how can we find the same information for an arbitrary user ? It is the Oracle Platform for Securtiy Services (OPSS) that looks after the identity store in WLS and so it is in the OPSS APIs that we can find the way to recover this information. This is explained in the following documents. Starting from the FMW 11.1.1.5 book list, with the Security Overview document we can see how WLS uses OPSS: Proceeding to the more detailed Application Security document, we find this list of useful references for security in FMW. We can follow on into the User/Role API javadoc. The Application Security document explains how to ensure that the identity store is configured appropriately to allow the OPSS APIs to work. We must verify that the jps-config.xml file where the application is deployed has it's identity store configured--look for the following elements in that file: <serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider"> <description>LDAP-based IdentityStore Provider</description> </serviceProvider> <serviceInstance name="idstore.ldap" provider="idstore.ldap.provider"> <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/> <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/></serviceInstance> <serviceInstanceRef ref="idstore.ldap"/> The document contains a code sample for using the identity store here. Once we have the identity store reference we can recover the user's group memberships using the RoleManager interface: RoleManager roleManager = idStore.getRoleManager(); SearchResponse grantedRoles = null; try{ System.out.println("Retrieving granted WLS roles for user " + userPrincipal.getName()); grantedRoles = roleManager.getGrantedRoles(userPrincipal, false); while( grantedRoles.hasNext()){ Identity id = grantedRoles.next(); System.out.println(" disp name=" + id.getDisplayName() + " Name=" + id.getName() + " Principal=" + id.getPrincipal() + "Unique Name=" + id.getUniqueName()); // Here, we must use WLSGroupImpl() to build the Principal otherwise // OES does not recognize it. retSubject.getPrincipals().add(new WLSGroupImpl(id.getPrincipal().getName())); } }catch(Exception ex) { System.out.println("Error getting roles for user " + ex.getMessage()); ex.printStackTrace(); } }catch(Exception ex) { System.out.println("OESGateway: Got exception instantiating idstore reference"); } This small JDeveloper project has a simple servlet that executes a request for the user weblogic's roles on executing a get on the default URL. The full code to recover a user's goups is in the getSubjectWithRoles() method in the project.

Read the article
"An internal error occurred." when loading pfx file with X509Certificate2

- by tmp3128

I'm trying use self-signed certificate (c#): X509Certificate2 cert = new X509Certificate2(Server.MapPath("~/App_Data/myhost.pfx"), "pass"); on a shared web hosting server and I got an error: System.Security.Cryptography.CryptographicException: An internal error occurred. stack trace ends with System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr) +33 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0 System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237 System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) +131 On my dev machine it loads ok. The reason I load *.pfx not a *.cer file because I need a private key access (cer file loads Ok). I made pfx on my dev mochine like that: makecert -r -n "CN=myhost.com, [email protected]" -sky exchange -b 01/01/2009 -pe -sv myhost.pvk myhost.cer pvk2pfx -pvk myhost.pvk -spc myhost.cer -pfx myhost.pfx -po pass Please assist; PS: makecert is a v5.131.3790.0

Read the article
Kernel, dpkg, sudo and apt-get corrupted

- by TECH4JESUS

Here are some errors that I am getting: 1) A proper configuration for Firestarter was not found. If you are running Firestarter from the directory you built it in, run make install-data-local to install a configuration, or simply make install to install the whole program. Firestarter will now close. root@p:/# firestarter ** (firestarter:5890): WARNING **: The connection is closed (firestarter:5890): GnomeUI-WARNING **: While connecting to session manager: None of the authentication protocols specified are supported. (firestarter:5890): GConf-WARNING **: Client failed to connect to the D-BUS daemon: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (firestarter:5890): GConf-WARNING **: Client failed to connect to the D-BUS daemon: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (firestarter:5890): GConf-WARNING **: Client failed to connect to the D-BUS daemon: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (firestarter:5890): GConf-WARNING **: Client failed to connect to the D-BUS daemon: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (firestarter:5890): GConf-WARNING **: Client failed to connect to the D-BUS daemon: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (firestarter:5890): GConf-WARNING **: Client failed to connect to the D-BUS daemon: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (firestarter:5890): GConf-WARNING **: Client failed to connect to the D-BUS daemon: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. ^C 2) Also I cannot apt-get install sudo root@p:/# apt-get install sudo Reading package lists... Done Building dependency tree Reading state information... Done sudo is already the newest version. The following packages were automatically installed and are no longer required: gir1.2-rb-3.0 gir1.2-gstreamer-0.10 libntfs10 python-mako libdmapsharing-3.0-2 rhythmbox-data libx264-116 rhythmbox libiso9660-7 librhythmbox-core5 libvpx0 libmatroska4 gir1.2-gst-plugins-base-0.10 rhythmbox-mozilla rhythmbox-plugin-zeitgeist libattica0 libgpac0.4.5 python-markupsafe libmusicbrainz4c2a rhythmbox-plugin-cdrecorder rhythmbox-plugins libaudiofile0 Use 'apt-get autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded. 9 not fully installed or removed. Need to get 0 B/76.3 MB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue [Y/n]? Y /bin/sh: 1: /usr/sbin/dpkg-preconfigure: not found (Reading database ... 495741 files and directories currently installed.) Preparing to replace linux-image-3.2.0-24-generic 3.2.0-24.39 (using .../linux-image-3.2.0-24-generic_3.2.0-24.39_amd64.deb) ... dpkg (subprocess): unable to execute old pre-removal script (/var/lib/dpkg/info/linux-image-3.2.0-24-generic.prerm): No such file or directory dpkg: warning: subprocess old pre-removal script returned error exit status 2 dpkg - trying script from the new package instead ... dpkg (subprocess): unable to execute new pre-removal script (/var/lib/dpkg/tmp.ci/prerm): No such file or directory dpkg: error processing /var/cache/apt/archives/linux-image-3.2.0-24-generic_3.2.0-24.39_amd64.deb (--unpack): subprocess new pre-removal script returned error exit status 2 dpkg (subprocess): unable to execute installed post-installation script (/var/lib/dpkg/info/linux-image-3.2.0-24-generic.postinst): No such file or directory dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 2 Preparing to replace linux-image-3.2.0-25-generic 3.2.0-25.40 (using .../linux-image-3.2.0-25-generic_3.2.0-25.40_amd64.deb) ... dpkg (subprocess): unable to execute old pre-removal script (/var/lib/dpkg/info/linux-image-3.2.0-25-generic.prerm): No such file or directory dpkg: warning: subprocess old pre-removal script returned error exit status 2 dpkg - trying script from the new package instead ... dpkg (subprocess): unable to execute new pre-removal script (/var/lib/dpkg/tmp.ci/prerm): No such file or directory dpkg: error processing /var/cache/apt/archives/linux-image-3.2.0-25-generic_3.2.0-25.40_amd64.deb (--unpack): subprocess new pre-removal script returned error exit status 2 dpkg (subprocess): unable to execute installed post-installation script (/var/lib/dpkg/info/linux-image-3.2.0-25-generic.postinst): No such file or directory dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/linux-image-3.2.0-24-generic_3.2.0-24.39_amd64.deb /var/cache/apt/archives/linux-image-3.2.0-25-generic_3.2.0-25.40_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)

Read the article
It is possible to override a plugin's Controller from another plugin?

- by fabschu

I'm developing a plugin (MyPlugin) which combines some security functions to use it as a standard plugin for my next Grails application. It integrates the Spring-Security-Core and Spring-Security-UI plugins, and by its installation all dependencies should be installed automatically by adding the dependencies in the BuildConfig like: plugins { compile: ...} So far everything works fine, but in MyPlugin I'm changing the behaviour of the Spring-Security-UI plugin (password encoding in User Domain), by overwriting the UserController. Executing MyPlugin leads to the expected behaviour and new Users are created using the correct Controller. However, when installing MyPlugin in another Grails application, this behaviour fails and the original UserController of the Spring-Security-Ui plugin is used. I tried to solve this by configuring the dependsOn and loadAfter properties in the GrailsPlugin file, but without any success. Is it possible to fix this? Or is it only possible to overwrite behaviour/controllers in the main application?

Read the article
Cisco ASA: How to route PPPoE-assigned subnet?

- by Martijn Heemels

We've just received a fiber uplink, and I'm trying to configure our Cisco ASA 5505 to properly use it. The provider requires us to connect via PPPoE, and I managed to configure the ASA as a PPPoE client and establish a connection. The ASA is assigned an IP address by PPPoE, and I can ping out from the ASA to the internet, but I should have access to an entire /28 subnet. I can't figure out how to get that subnet configured on the ASA, so that I can route or NAT the available public addresses to various internal hosts. My assigned range is: 188.xx.xx.176/28 The address I get via PPPoE is 188.xx.xx.177/32, which according to our provider is our Default Gateway address. They claim the subnet is correctly routed to us on their side. How does the ASA know which range it is responsible for on the Fiber interface? How do I use the addresses from my range? To clarify my config; The ASA is currently configured to default-route to our ADSL uplink on port Ethernet0/0 (interface vlan2, nicknamed Outside). The fiber is connected to port Ethernet0/2 (interface vlan50, nicknamed Fiber) so I can configure and test it before making it the default route. Once I'm clear on how to set it all up, I'll fully replace the Outside interface with Fiber. My config (rather long): : Saved : ASA Version 8.3(2)4 ! hostname gw domain-name example.com enable password ****** encrypted passwd ****** encrypted names name 10.10.1.0 Inside-dhcp-network description Desktops and clients that receive their IP via DHCP name 10.10.0.208 svn.example.com description Subversion server name 10.10.0.205 marvin.example.com description LAMP development server name 10.10.0.206 dns.example.com description DNS, DHCP, NTP ! interface Vlan2 description Old ADSL WAN connection nameif outside security-level 0 ip address 192.168.1.2 255.255.255.252 ! interface Vlan10 description LAN vlan 10 Regular LAN traffic nameif inside security-level 100 ip address 10.10.0.254 255.255.0.0 ! interface Vlan11 description LAN vlan 11 Lab/test traffic nameif lab security-level 90 ip address 10.11.0.254 255.255.0.0 ! interface Vlan20 description LAN vlan 20 ISCSI traffic nameif iscsi security-level 100 ip address 10.20.0.254 255.255.0.0 ! interface Vlan30 description LAN vlan 30 DMZ traffic nameif dmz security-level 50 ip address 10.30.0.254 255.255.0.0 ! interface Vlan40 description LAN vlan 40 Guests access to the internet nameif guests security-level 50 ip address 10.40.0.254 255.255.0.0 ! interface Vlan50 description New WAN Corporate Internet over fiber nameif fiber security-level 0 pppoe client vpdn group KPN ip address pppoe ! interface Ethernet0/0 switchport access vlan 2 speed 100 duplex full ! interface Ethernet0/1 switchport trunk allowed vlan 10,11,30,40 switchport trunk native vlan 10 switchport mode trunk ! interface Ethernet0/2 switchport access vlan 50 speed 100 duplex full ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 switchport access vlan 20 ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! boot system disk0:/asa832-4-k8.bin ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns domain-lookup inside dns server-group DefaultDNS name-server dns.example.com domain-name example.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network inside-net subnet 10.10.0.0 255.255.0.0 object network svn.example.com host 10.10.0.208 object network marvin.example.com host 10.10.0.205 object network lab-net subnet 10.11.0.0 255.255.0.0 object network dmz-net subnet 10.30.0.0 255.255.0.0 object network guests-net subnet 10.40.0.0 255.255.0.0 object network dhcp-subnet subnet 10.10.1.0 255.255.255.0 description DHCP assigned addresses on Vlan 10 object network Inside-vpnpool description Pool of assignable addresses for VPN clients object network vpn-subnet subnet 10.10.3.0 255.255.255.0 description Address pool assignable to VPN clients object network dns.example.com host 10.10.0.206 description DNS, DHCP, NTP object-group service iscsi tcp description iscsi storage traffic port-object eq 3260 access-list outside_access_in remark Allow access from outside to HTTP on svn. access-list outside_access_in extended permit tcp any object svn.example.com eq www access-list Insiders!_splitTunnelAcl standard permit 10.10.0.0 255.255.0.0 access-list iscsi_access_in remark Prevent disruption of iscsi traffic from outside the iscsi vlan. access-list iscsi_access_in extended deny tcp any interface iscsi object-group iscsi log warnings ! snmp-map DenyV1 deny version 1 ! pager lines 24 logging enable logging timestamp logging asdm-buffer-size 512 logging monitor warnings logging buffered warnings logging history critical logging asdm errors logging flash-bufferwrap logging flash-minimum-free 4000 logging flash-maximum-allocation 2000 mtu outside 1500 mtu inside 1500 mtu lab 1500 mtu iscsi 9000 mtu dmz 1500 mtu guests 1500 mtu fiber 1492 ip local pool DHCP_VPN 10.10.3.1-10.10.3.20 mask 255.255.0.0 ip verify reverse-path interface outside no failover icmp unreachable rate-limit 10 burst-size 5 asdm image disk0:/asdm-635.bin asdm history enable arp timeout 14400 nat (inside,outside) source static any any destination static vpn-subnet vpn-subnet ! object network inside-net nat (inside,outside) dynamic interface object network svn.example.com nat (inside,outside) static interface service tcp www www object network lab-net nat (lab,outside) dynamic interface object network dmz-net nat (dmz,outside) dynamic interface object network guests-net nat (guests,outside) dynamic interface access-group outside_access_in in interface outside access-group iscsi_access_in in interface iscsi route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa-server SBS2003 protocol radius aaa-server SBS2003 (inside) host 10.10.0.204 timeout 5 key ***** aaa authentication enable console SBS2003 LOCAL aaa authentication ssh console SBS2003 LOCAL aaa authentication telnet console SBS2003 LOCAL http server enable http 10.10.0.0 255.255.0.0 inside snmp-server host inside 10.10.0.207 community ***** version 2c snmp-server location Server room snmp-server contact [email protected] snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart snmp-server enable traps syslog crypto ipsec transform-set TRANS_ESP_AES-256_SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set TRANS_ESP_AES-256_SHA mode transport crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs group5 crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_AES-256_SHA crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 10.10.0.0 255.255.0.0 inside telnet timeout 5 ssh scopy enable ssh 10.10.0.0 255.255.0.0 inside ssh timeout 5 ssh version 2 console timeout 30 management-access inside vpdn group KPN request dialout pppoe vpdn group KPN localname INSIDERS vpdn group KPN ppp authentication pap vpdn username INSIDERS password ***** store-local dhcpd address 10.40.1.0-10.40.1.100 guests dhcpd dns 8.8.8.8 8.8.4.4 interface guests dhcpd update dns interface guests dhcpd enable guests ! threat-detection basic-threat threat-detection scanning-threat threat-detection statistics host number-of-rate 2 threat-detection statistics port number-of-rate 3 threat-detection statistics protocol number-of-rate 3 threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server dns.example.com source inside prefer webvpn group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec group-policy Insiders! internal group-policy Insiders! attributes wins-server value 10.10.0.205 dns-server value 10.10.0.206 vpn-tunnel-protocol IPSec l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value Insiders!_splitTunnelAcl default-domain value example.com username martijn password ****** encrypted privilege 15 username marcel password ****** encrypted privilege 15 tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key ***** tunnel-group Insiders! type remote-access tunnel-group Insiders! general-attributes address-pool DHCP_VPN authentication-server-group SBS2003 LOCAL default-group-policy Insiders! tunnel-group Insiders! ipsec-attributes pre-shared-key ***** ! class-map global-class match default-inspection-traffic class-map type inspect http match-all asdm_medium_security_methods match not request method head match not request method post match not request method get ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map type inspect http http_inspection_policy parameters protocol-violation action drop-connection policy-map global-policy class global-class inspect dns inspect esmtp inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect icmp inspect icmp error inspect mgcp inspect netbios inspect pptp inspect rtsp inspect snmp DenyV1 ! service-policy global-policy global smtp-server 123.123.123.123 prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily hpm topN enable Cryptochecksum:a76bbcf8b19019771c6d3eeecb95c1ca : end asdm image disk0:/asdm-635.bin asdm location svn.example.com 255.255.255.255 inside asdm location marvin.example.com 255.255.255.255 inside asdm location dns.example.com 255.255.255.255 inside asdm history enable

Read the article
Token based Authentication for WCF HTTP/REST Services: Authentication

- by Your DisplayName here!

This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only possible approach to tackle the problem. Based on customer feedback and requirements the code has gone through several iterations to a point where we think it is ready to handle most of the situations. Goals and requirements The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication The framework should allow adding new supported token types Should work with WCF web programming model either self-host or IIS hosted Service code can rely on an IClaimsPrincipal on Thread.CurrentPrincipal that describes the client using claims-based identity Implementation overview In WCF the main extensibility point for this kind of security work is the ServiceAuthorizationManager. It gets invoked early enough in the pipeline, has access to the HTTP protocol details of the incoming request and can set Thread.CurrentPrincipal. The job of the SAM is simple: Check the Authorization header of the incoming HTTP request Check if a “registered” token (more on that later) is present If yes, validate the token using a security token handler, create the claims principal (including claims transformation) and set Thread.CurrentPrincipal If no, set an anonymous principal on Thread.CurrentPrincipal. By default, anonymous principals are denied access – so the request ends here with a 401 (more on that later). To wire up the custom authorization manager you need a custom service host – which in turn needs a custom service host factory. The full object model looks like this: Token handling A nice piece of existing WIF infrastructure are security token handlers. Their job is to serialize a received security token into a CLR representation, validate the token and turn the token into claims. The way this works with WS-Security based services is that WIF passes the name/namespace of the incoming token to WIF’s security token handler collection. This in turn finds out which token handler can deal with the token and returns the right instances. For HTTP based services we can do something very similar. The scheme on the Authorization header gives the service a hint how to deal with an incoming token. So the only missing link is a way to associate a token handler (or multiple token handlers) with a scheme and we are (almost) done. WIF already includes token handler for a variety of tokens like username/password or SAML 1.1/2.0. The accompanying sample has a implementation for a Simple Web Token (SWT) token handler, and as soon as JSON Web Token are ready, simply adding a corresponding token handler will add support for this token type, too. All supported schemes/token types are organized in a WebSecurityTokenHandlerCollectionManager and passed into the host factory/host/authorization manager. Adding support for basic authentication against a membership provider would e.g. look like this (in global.asax): var manager = new WebSecurityTokenHandlerCollectionManager(); manager.AddBasicAuthenticationHandler((username, password) => Membership.ValidateUser(username, password)); Adding support for Simple Web Tokens with a scheme of Bearer (the current OAuth2 scheme) requires passing in a issuer, audience and signature verification key: manager.AddSimpleWebTokenHandler( "Bearer", "http://identityserver.thinktecture.com/trust/initial", "https://roadie/webservicesecurity/rest/", "WFD7i8XRHsrUPEdwSisdHoHy08W3lM16Bk6SCT8ht6A="); In some situations, SAML token may be used as well. The following configures SAML support for a token coming from ADFS2: var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer( "d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add( new Uri("https://roadie/webservicesecurity/rest/")); adfsConfig.IssuerNameRegistry = registry; adfsConfig.CertificateValidator = X509CertificateValidator.None; // token decryption (read from config) adfsConfig.ServiceTokenResolver = IdentityModelConfiguration.ServiceConfiguration.CreateAggregateTokenResolver(); manager.AddSaml11SecurityTokenHandler("SAML", adfsConfig); Transformation The custom authorization manager will also try to invoke a configured claims authentication manager. This means that the standard WIF claims transformation logic can be used here as well. And even better, can be also shared with e.g. a “surrounding” web application. Error handling A WCF error handler takes care of turning “access denied” faults into 401 status codes and a message inspector adds the registered authentication schemes to the outgoing WWW-Authenticate header when a 401 occurs. The next post will conclude with authorization as well as the source code download. (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

Read the article
WebLogic JDBC Use of Oracle Wallet for SSL

- by Steve Felts

Introduction Secure Sockets Layer (SSL) can be used to secure the connection between the middle tier “client”, WebLogic Server (WLS) in this case, and the Oracle database server. Data between WLS and database can be encrypted. The server can be authenticated so you have proof that the database can be trusted by validating a certificate from the server. The client can be authenticated so that the database only accepts connections from clients that it trusts. Similar to the discussion in an earlier article about using the Oracle wallet for database credentials, the Oracle wallet can also be used with SSL to store the keys and certificates. By using it correctly, clear text passwords can be eliminated from the JDBC configuration and client/server configuration can be simplified by sharing the wallet across multiple datasources. There is a very good Oracle Technical White Paper on using SSL with the Oracle thin driver at http://www.oracle.com/technetwork/database/enterprise-edition/wp-oracle-jdbc-thin-ssl-130128.pdf [LINK1]. The link http://www.oracle.com/technetwork/middleware/weblogic/index-087556.html [LINK2] describes how to use WebLogic Server with Oracle JDBC Driver SSL. The information in this article is a guide on what steps need to be taken in the variety of available options; use the links above for details. SSL from the driver to the database server is basically turned on by specifying a protocol of “tcps” in the URL. However, there is a fair amount of setup needed. Also remember that there is an overhead in performance. Creating the wallets The common use cases are 1. “data encryption and server-only authentication”, requiring just a trust store, or 2. “data encryption and authentication of both tiers” (client and server), requiring a trust store and a key store. It is recommended to use the auto-login wallet type so that clear text passwords are not needed in the datasource configuration to open the wallet. The store type for an auto-login wallet is “SSO” (Single Sign On), not “JKS” or “PKCS12” as in [LINK2]. The file name is “cwallet.sso”. Wallets are created using the orapki tool. They need to be created based on the usage (encryption and/or authentication). This is discussed in detail in [LINK1] in Appendix B or in the Advanced Security Administrator’s Guide of the Database documentation. Database Server Configuration It is necessary to update the sqlnet.ora and listener.ora files with the directory location of the wallet using WALLET_LOCATION. These files also indicate whether or not SSL_CLIENT_AUTHENTICATION is being used (true or false). The Oracle Listener must also be configured to use the TCPS protocol. The recommended port is 2484. LISTENER = (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcps)(HOST=servername)(PORT=2484))) WebLogic Server Classpath The WebLogic Server CLASSPATH must have three additional security files. The files that need to be added to the WLS CLASSPATH are $MW_HOME/modules/com.oracle.osdt_cert_1.0.0.0.jar $MW_HOME/modules/com.oracle.osdt_core_1.0.0.0.jar $MW_HOME/modules/com.oracle.oraclepki_1.0.0.0.jar One way to do this is to add them to PRE_CLASSPATH environment variable for use with the standard WebLogic scripts. Setting the Oracle Security Provider It’s necessary to enable the Oracle PKI provider on the client side. This can either be done statically by updating the java.security file under the JRE or dynamically by setting it in a WLS startup class using java.security.Security.insertProviderAt(new oracle.security.pki.OraclePKIProvider (), 3); See the full example of the startup class in [LINK2]. Datasource Configuration When creating a WLS datasource, set the PROTOCOL in the URL to tcps as in the following. jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=host)(PORT=port))(CONNECT_DATA=(SERVICE_NAME=myservice))) For encryption and server authentication, use the datasource connection properties: - javax.net.ssl.trustStore=location of wallet file on the client - javax.net.ssl.trustStoreType=”SSO” For client authentication, use the datasource connection properties: - javax.net.ssl.keyStore=location of wallet file on the client - javax.net.ssl.keyStoreType=”SSO” Note that the driver connection properties for the wallet require a file name, not a directory name. Active GridLink ONS over SSL For completeness, there is another SSL usage for WLS datasources. The communication with the Oracle Notification Service (ONS) for load balancing information and node up/down events can use SSL also. Create an auto-login wallet and use the wallet on the client and server. The following is a sample sequence to create a test wallet for use with ONS. orapki wallet create -wallet ons -auto_login -pwd ONS_Wallet orapki wallet add -wallet ons -dn "CN=ons_test,C=US" -keysize 1024 -self_signed -validity 9999 -pwd ONS_Wallet orapki wallet export -wallet ons -dn "CN=ons_test,C=US" -cert ons/cert.txt -pwd ONS_Wallet On the database server side, it’s necessary to define the walletfile directory in the file $CRS_HOME/opmn/conf/ons.config and run onsctl stop/start. When configuring an Active GridLink datasource, the connection to the ONS must be defined. In addition to the host and port, the wallet file directory must be specified. By not giving a password, a SSO wallet is assumed. Summary To use SSL with the Oracle thin driver without any clear text passwords, use an SSO Oracle Wallet. SSL support in the Oracle thin driver is available starting in 10g Release 2.

Read the article
Using Transaction Logging to Recover Post-Archived Essbase data

- by Keith Rosenthal

Data recovery is typically performed by restoring data from an archive. Data added or removed since the last archive took place can also be recovered by enabling transaction logging in Essbase. Transaction logging works by writing transactions to a log store. The information in the log store can then be recovered by replaying the log store entries in sequence since the last archive took place. The following information is recorded within a transaction log entry: Sequence ID Username Start Time End Time Request Type A request type can be one of the following categories: Calculations, including the default calculation as well as both server and client side calculations Data loads, including data imports as well as data loaded using a load rule Data clears as well as outline resets Locking and sending data from SmartView and the Spreadsheet Add-In. Changes from Planning web forms are also tracked since a lock and send operation occurs during this process. You can use the Display Transactions command in the EAS console or the query database MAXL command to view the transaction log entries. Enabling Transaction Logging Transaction logging can be enabled at the Essbase server, application or database level by adding the TRANSACTIONLOGLOCATION essbase.cfg setting. The following is the TRANSACTIONLOGLOCATION syntax: TRANSACTIONLOGLOCATION [appname [dbname]] LOGLOCATION NATIVE ENABLE | DISABLE Note that you can have multiple TRANSACTIONLOGLOCATION entries in the essbase.cfg file. For example: TRANSACTIONLOGLOCATION Hyperion/trlog NATIVE ENABLE TRANSACTIONLOGLOCATION Sample Hyperion/trlog NATIVE DISABLE The first statement will enable transaction logging for all Essbase applications, and the second statement will disable transaction logging for the Sample application. As a result, transaction logging will be enabled for all applications except the Sample application. A location on a physical disk other than the disk where ARBORPATH or the disk files reside is recommended to optimize overall Essbase performance. Configuring Transaction Log Replay Although transaction log entries are stored based on the LOGLOCATION parameter of the TRANSACTIONLOGLOCATION essbase.cfg setting, copies of data load and rules files are stored in the ARBORPATH/app/appname/dbname/Replay directory to optimize the performance of replaying logged transactions. The default is to archive client data loads, but this configuration setting can be used to archive server data loads (including SQL server data loads) or both client and server data loads. To change the type of data to be archived, add the TRANSACTIONLOGDATALOADARCHIVE configuration setting to the essbase.cfg file. Note that you can have multiple TRANSACTIONLOGDATALOADARCHIVE entries in the essbase.cfg file to adjust settings for individual applications and databases. Replaying the Transaction Log and Transaction Log Security Considerations To replay the transactions, use either the Replay Transactions command in the EAS console or the alter database MAXL command using the replay transactions grammar. Transactions can be replayed either after a specified log time or using a range of transaction sequence IDs. The default when replaying transactions is to use the security settings of the user who originally performed the transaction. However, if that user no longer exists or that user's username was changed, the replay operation will fail. Instead of using the default security setting, add the REPLAYSECURITYOPTION essbase.cfg setting to use the security settings of the administrator who performs the replay operation. REPLAYSECURITYOPTION 2 will explicitly use the security settings of the administrator performing the replay operation. REPLAYSECURITYOPTION 3 will use the administrator security settings if the original user’s security settings cannot be used. Removing Transaction Logs and Archived Replay Data Load and Rules Files Transaction logs and archived replay data load and rules files are not automatically removed and are only removed manually. Since these files can consume a considerable amount of space, the files should be removed on a periodic basis. The transaction logs should be removed one database at a time instead of all databases simultaneously. The data load and rules files associated with the replayed transactions should be removed in chronological order from earliest to latest. In addition, do not remove any data load and rules files with a timestamp later than the timestamp of the most recent archive file. Partitioned Database Considerations For partitioned databases, partition commands such as synchronization commands cannot be replayed. When recovering data, the partition changes must be replayed manually and logged transactions must be replayed in the correct chronological order. If the partitioned database includes any @XREF commands in the calc script, the logged transactions must be selectively replayed in the correct chronological order between the source and target databases. References For additional information, please see the Oracle EPM System Backup and Recovery Guide. For EPM 11.1.2.2, the link is http://docs.oracle.com/cd/E17236_01/epm.1112/epm_backup_recovery_1112200.pdf

Read the article
SSL connection using Java standalone app

- by Marquinio

I have created a standalone executable JAR program that needs to send private information over a SSL connection. I was not able to establish the SSL connection using certificates. Was getting this: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path `building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target` So I found some code somewhere that creates a trust manager that does not validate certificate chains: // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } } }; That did the trick and I was able to establish SSL connection without any certificates. My concern is if the data will still be encrypted when exchanging private information. This is an execute JAR file that clients will be downloading to their computers. So is a certificate really necessary for this case? Thanks.

Read the article
JAAS tutorial - how to force application to run with policy

- by wuntee

I just went through this tutorial: http://java.sun.com/docs/books/tutorial/security/tour2/index.html And was curios about the basic concept of JAAS... If every applcation needs to be run with the '-Djava.security.manager -Djava.security.policy=...' flags, what is enforcing security? Is it up to the end user to know when any Java application is being run, and modify the executable/script/whatever to include those flags? Or, how does a developer enforce that an application is run with the security manager enabled? The whole concept doesnt seem very functional to me - as it is by default not enabled... Am I missing something?

Read the article

Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 192/529 | < Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >

- by Roland

- by Francisco

- by Martín Fixman

- by MikeC8

- by BigCoEmployee

- by Walker

- by jdk

- by voxobscuro

- by Ben Adderson

- by AjarnMark

- by user50855

- by Keith Tobin

- by benaissa

- by Asian Angel

- by Simon Thorpe

- by user12587121

- by tmp3128

- by TECH4JESUS

- by fabschu

- by Martijn Heemels

- by Your DisplayName here!

- by Steve Felts

- by Keith Rosenthal

- by Marquinio

- by wuntee

< Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >