Search Results

Search found 15558 results on 623 pages for 'basic authentication'.

Page 204/623 | < Previous Page | 200 201 202 203 204 205 206 207 208 209 210 211  | Next Page >

• How do I secure a .NET Web Service for use by an iPhone application?

  - by David A Gibson

  Hello, The title says it all, I have a Web Service written in .NET that provides data for an iPhone application. It will also allow the application make a "reservation." Currently it's all internal to the corporate network but obviously when the iPhone application is published I will need ensure the Web Service is available externally. How would I go about securing the Web Service? There are two aspects I'm looking into: Authentication for accessing the web service Protection for the data being transferred I'm no so bothered about the data being passed back and forth as it will be viewable in the application anyway (which will be free). The key issue for me is preventing users from accessing the Web Service and making reservations themselves. At the moment I am considering encrypting any strings in the XML data passed back and forth so only the client can effectively use the web service sidestepping the need for authentication and providing protection for the data. This is the only model I have seen but I think the overheads on the iPhone and even for the web service make for a poor user experience. Any solutions at all would be most welcome? Thanks

  Read the article

• IBM WESB/WAS JCA security configuration

  - by user594883

  I'm working with IBM tools. I have a Websphere ESB (WESB) and a CICS transaction gateway (CTG). The basic set-up is as follows: A SOAP service needs data from CICS. The SOAP-service is connecting to service bus (WESB) to handle data and protocol transformation and then WESB calls the CTG which in turn calls CICS and the reply is handled vice verse (synchronously). WESB calls the CTG using Resource Adapter and JCA connector (or CICS adapter as it is called in WESB). Now, I have all the pieces in place and working. My question is about the security, and even though I'm working with WESB, the answer is probably the same as in Websphere Application Server (WAS). The Resource Adaper is secured using JAAS - J2C authentication data. I have configured the security using J2C authentication data entry, so basically I have a reference in the application I'm running and at runtime the application does a lookup for the security attributes from the server. So basically I'm always accessing the CICS adapter with the same security reference. My problem is that I need to access the resource in more dynamic way in the future. The security cannot be welded into the application anymore but instead given as a parameter. Could some WESB or WAS guru help me out, how this could be done in WESB/WAS exactly?

  Read the article

• Kohana 3.2 - Database Session losing data on new Page Request

  - by reado

  I've setup my dev Kohana server to use an encrypted database as the default Session type. I'm also using this in combination with Auth to implement user authentication. Right now my user's are able to authenticate correctly and the authentication keys are being stored in the session. I'm also storing additional data like the user's firstname and businessname during the login procedure. When my login function is ready to redirect the user to the user dashboard, I'm able to see all the data correctly when I do $session::instance()->as_array(); (Array ( [auth_user] => NRyk6lA8 [businessname] => Dudetown [firstname] => Matt )) As soon as I redirect the user to another page, $session::instance()->as_array(); is empty. By dumping out the Session::instance() object, I can see that the Session id's are still the same. When I look at my database table though, i dont see any session records being saved and my session table is empty. My bootstrap.php contains: Session::$default = 'database'; Cookie::$salt = 'asdfasdf'; Cookie::$expiration = 1209600; Cookie::$domain = FALSE; and my session.php config file looks like: return array( 'database' => array( 'name' => 'auth_user', 'encrypted' => TRUE, 'lifetime' => 24 * 3600, 'group' => 'default', 'table' => 'sessions', 'columns' => array( 'session_id' => 'session_id', 'last_active' => 'last_active', 'contents' => 'contents' ), 'gc' => 500, ), ); I've looked high and low for an answer.. if anyone has any suggestions, i'm all ears! Thanks!

  Read the article

• Inserting default "admin" user into database during Rails App startup

  - by gbc

  I'm building my first real rails application for a little in-house task. Most of the application tasks require authentication/authorization. The first time the app starts up (or starts with a wiped db), I'd like the process to be: User logs into the admin panel using "admin" & "admin" for authentication info. User navigates to admin credentials editing page and changes name and password to something safer so that "admin" & "admin" is no longer a valid login. To achieve this result, I'd like to stuff a default username & password combination into the database on if the application starts up and detects that there are no user credentials in the 'users' table. For example: if User.count == 0 User.create(:name => "admin", :password => "admin") end However, I'm unsure where to place that code. I tried adding an initializer script in the config/initializers, but the error I received appeared to indicate that the model classes weren't yet loaded into the application. So I'm curious to know at what point I can hook into the application startup cycle and insert data into the database through ActiveRecord before requests are dispatched.

  Read the article

• #1146 - Table 'phpmyadmin.pma_recent' doesn't exist

  - by Mumin Ali

  Solution Guys... FYI i am using xampp to use phpmyadmin. and this error happens during the process of creating a database on localhost. Below is the code for config.inc file under phpmyadmin directory: <?php /* * This is needed for cookie based authentication to encrypt password in * cookie */ $cfg['blowfish_secret'] = 'xampp'; /* YOU SHOULD CHANGE THIS FOR A MORE SECURE COOKIE AUTH! */ /* * Servers configuration */ $i = 0; /* * First server */ $i++; /* Authentication type and info */ $cfg['Servers'][$i]['auth_type'] = 'HTTP'; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = 'password'; $cfg['Servers'][$i]['extension'] = 'mysql'; $cfg['Servers'][$i]['AllowNoPassword'] = true; $cfg['Lang'] = ''; /* Bind to the localhost ipv4 address and tcp */ $cfg['Servers'][$i]['host'] = 'localhost'; $cfg['Servers'][$i]['connect_type'] = 'tcp'; /* User for advanced features */ $cfg['Servers'][$i]['controluser'] = 'pma'; $cfg['Servers'][$i]['controlpass'] = ''; /* Advanced phpMyAdmin features */ $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; $cfg['Servers'][$i]['relation'] = 'pma_relation'; $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; $cfg['Servers'][$i]['history'] = 'pma_history'; $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig'; $cfg['Servers'][$i]['recent'] = 'pma_recent'; $cfg['Servers'][$i]['table_uiprefs'] = 'pma_table_uiprefs'; /* * End of servers configuration */ ?>

  Read the article

• SpringFramework3.0: How to create interceptors that only apply to requests that map to certain contr

  - by Fusion2004

  In it's simplest form, I want an interceptor that checks session data to see if a user is logged in, and if not redirects them to the login page. Obviously, I wouldn't want this interceptor to be used on say the welcome page or the login page itself. I've seen a design that uses a listing of every url to one of two interceptors, one doing nothing and the other being the actual interceptor you want implemented, but this design seems very clunky and limits the ease of extensibility of the application. It makes sense to me that there should be an annotation-based way of using interceptors, but this doesn't seem to exist. My friend has the idea of actually modifying the handler class so that during each request it checks the Controller it is mapping the request to for a new annotation we would create (ex @Interceptor("loginInterceptor") ). A major point of my thinking is the extensibility, because I'd like to later implement similar interceptors for role-based authentication and/or administration authentication. Does it sound like my friend's approach would work for this? Or what is a proper way of going about doing this?

  Read the article

• IIS7.5 and MVC 2 : Implementing HTTP(S) security

  - by Program.X

  This is my first ASP.NET MVC application, and my first on an IIS 7.x installation whereby I have to do anything over and above the standard. I need to enforce Windows authentication on the /Index and /feeds/xxx.svc pages/services. In ASP.NET Web Forms, I would apply the Windows permissions on the files and remove Anonymous authentication in IIS 6. This needs to work over HTTP/S, but don't worry about that, that's in hand. What happens in MVC/IIS 7? I have tried modifying the permissions on the /Index.aspx view, which seems to block access. It asks me for a username/password, but does not grant access when I enter a valid username/password. Pressing Escape gives me an exception "*Access to the path 'E:\dev\xxx\xxx.ConsultantRegistration.Web.Admin\Views\ConsultantRegistration\index.aspx' is denied. *", which does get sent as a 401. So although the username/password does exist on the Index.aspx view, I can't use those credentials to access said view. I have in my web.config: What am I missing?

  Read the article

• How do I refer to a client_deploy.wsdd file that's in WEB-INF?

  - by Paul

  A basic question, but I can't seem to find the answer. I have an Axis-generated web service that also calls another web service (for which the stubs are also generated with Axis). It's deployed in weblogic 9.2 That called web service requires authentication. I've googled for the code to set up authentication. It requires that I set up a client_deploy.wsdd file which I've done, and added it to WEB-INF. I need to specify this flle to Axis. There seem to be several ways of doing this, including System.setProperty("axis.ClientConfigFile", "client_deploy.wsdd") or EngineConfiguration config = new FileProvider("client_deploy.wsdd"); but these aren't working for me. Is the issue the path for the client_deploy.wsdd file? How do I refer to a file that's at the top level of the WEB-INF directory? Googling tells me how to access it as a stream, but I don't want that, I need to pass a file name to these functions... Please point out the obvious that I have missed

  Read the article

• getting windows username with javascript

  - by jbkkd

  I have a site which is built in ASP.net and C#. Let's call it webapp. it uses a Form system to log on into it, and cannot be changed easliy. I got a request to change the log in to some kind of windows authentication. I'll explain. Our windows login uses active directory for users to log into their windows account. their login name is sXXXXXXX. X are numbers. in my webapp, I want to take the users numbers from their active directory login, and check if those exist in the webapp database. if it exists, they will automatically log in. If it doesn't, they will be referred to the regular login page for the webapp system which is currently in use. I tried changing my IIS to disable anonymous login and enabling windows authentication, therefore making the user browser to send it's current logged in user name to my webapp. I changed the web config as well from "Forms" to "Windows", which made my whole webapp obsolete as the whole forms system did not work. My question is this - is there a different way for the browser only to send the username to my webapp? I thought maybe javascript, I just don't know how to implement that, if it's even possible. I know it's not very secure, but all this platform and system is built outside the internet, it's on a private network.

  Read the article

• PHP Mailer Class - Securing Email Credentials

  - by Alan A

  I am using the php mailer class to send email via my scripts. The structure is as follows: $mail = new PHPMailer; $mail->IsSMTP(); // Set mailer to use SMTP $mail->Host = 'myserver.com'; // Specify main and backup server $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = '[email protected]'; // SMTP username $mail->Password = 'user123'; // SMTP password $mail->SMTPSecure = 'pass123'; It seems to me to be a bit of a security hole having the mailbox credentials in plain view. So I thought I might put these in an external file outside of the web root. My question is how would I then assign the $mail object these values. I of course no how to use include and/or requires... would it simple be a case of.... $mail->IsSMTP(); // Set mailer to use SMTP $mail->Host = 'myserver.com'; // Specify main and backup server $mail->SMTPAuth = true; // Enable SMTP authentication includes '../locationOutsideWebroot/emailCredntials.php'; $mail->SMTPSecure = 'pass123'; Then emailCredentails.php: <?php $mail->Username = '[email protected]'; $mail->Password = 'user123'; ?> Would this be sufficient and secure enough? Thanks, Alan.

  Read the article

• Problem with using PHPMailer for SMTP

  - by Frozenfire

  I have used PHPMailer for SMTP and there is problem in sending mail with error "Mailer Error: The following From address failed: [email protected]" My code is as follows: $mail = new PHPMailer(); $mail->IsSMTP(); // send via SMTP $mail->Host = "localhost;"; // SMTP servers $mail->SMTPAuth = true; // turn on SMTP authentication $mail->Username = ""; // SMTP username $mail->Password = ""; // SMTP password $mail->From = $email_address; $mail->FromName = $email_address; $mail->AddAddress($arrStudent[0]["email"]); $mail->WordWrap = 50; // set word wrap $mail->IsHTML(true); // send as HTML $mail->Subject = "Subject"; $theData = str_replace("\n", "<BR>", $stuff); $mail->Body = $theData; // "This is the <b>HTML body</b>"; $mail->AltBody = $stuff; if (!$mail->Send()) { $sent = 0; echo "Mailer Error: " . $mail->ErrorInfo; exit; } i researched everything and when i debug inside class.smtp.php i found error the function "get_lines()" is returning error value "550 Authentication failed" The code was working fine previously, i am wondering how this problem came suddenly. Desperate for some help. Thanks, Biplab

  Read the article

• How to set up WebLogic 10.3.3. security for JAX_WS web services?

  - by Roman Kagan

  I have quite simple task to accomplish - I have to set up the security for web services ( basic authentication with hardcoded in WLES user id and password). I set the web.xml (see code fragment below) but I have tough time configuring WebLogic. I added IdentityAssertionAuthenticator Authentication Provider, set it as Required, modified DefaultAuthenticator as Optional and I went to deployed application's security and set the role to "thisIsUser" and at some point it worked, but not anymore (I redeployed war file and set web service security the same way but no avail.) I'd greatly appreciate for all your help. <security-constraint> <display-name>SecurityConstraint</display-name> <web-resource-collection> <web-resource-name>ABC</web-resource-name> <url-pattern>/ABC</url-pattern> </web-resource-collection> <auth-constraint> <role-name>thisIsUser</role-name> </auth-constraint> </security-constraint>

  Read the article

• Can't authenticate mobile client with node.js (using passport.js)

  - by Pazinio

  I'm trying to build some CRUD application with node.js as a back-end API (express) and web-app (backbone) and mobile client (native android) as front-ends.(I'm node.js beginner) My server solution is based on the following great tutorial 'easy-node-authentication'. In my android app I have managed to get the user Google-Token after I completed the authentication step with Google Plus SDK.(mobile to google-plus directly request). I'm trying to understand and find right and elegant way to re-use a given google-token and authenticate again my android user through Google-Plus account to ensure the mobile client holds real token, then add a new entry (id, token, email, name) to my users table DB within my node back-end. The question is: what should be my next step in case I want to keep my back-end without changes? should I send a GET request with the token as a cookie to /auth/google? maybe to /auth/google/callback? another URL? Does this make sense at all? Please note: I'm aware to the fact the mentioned above 'easy-node-auth' solution is based on sessions and cookies. having said that, i'm still trying to understand if there is a convenient way to integrate both (android and node) as it works good for my web-app and node. Thanks in advance.

  Read the article

• Is OpenID too complicated?

  - by John Leidegren

  I'm beginning to seriously doubt the OpenID community despite that fact that it works. I'm in the process of currently evaluating OpenID as an authentication service for 'this' site and while the promises are great, I just can't get it to work. And I'm really lost. I ask of the SO community to help me out here. Give me answers and show me examples so I can leverage this in the way it was meant to be. My scenario is very typical. I want to authenticate users through a specific Google Apps domain. If you have access to this Google Apps domain, then you have access to my web application. Where I get lost, is all the prerequisites and dependencies involved. What is XRD? What is Yadis? Why do I need XRD and Yadis? What do I need to do to deploy OpenID authentication on my website? Also, this is really important to me. When I login to SO, I use my Google Account. When I click the login button I'm presented with this confirmation page. Where I'm granting SO the right to use my Google Account credentials. Somehow, Google knows that it's "Stackoverflow.com" that's asking me if it's okay to login. And I wish to know what manner of control I have over this little text. I intend to deploy OpenID on several different domains but I would prefer if they would all work without having to be individually configured with special parameters, such as secret API keys and what not. However, I don't know for sure if this is a prerequisite of OpenID, that or the Federated Login API that Google provides.

  Read the article

• Using Read-Only Fields in a C# WebBrowser

  - by TheDramaLlama

  I'm currently using a WebBrowser control in a C# WinForms application, and attempting to control some variability presented with this control. Basically, my users log in to a separate UI provided by my application, which then displays the WebBrowser control, navigates to a predetermined log-in URL, and then auto-fills the username and password fields on that page. However, in order to prevent unpredictable behavior in this WebBrowser control, I want to make these username and password text boxes read-only after they are auto-populated. Essentially, I want the user to see a browser page that has been filled out for them, and that cannot be edited. (This is so that any authentication errors can be handled by my application as opposed to the browser.) The code I'm currently using to populate the text fields and make them read only is as follows: webBrowser1.Document.GetElementById("username").InnerText = username; webBrowser1.Document.GetElementById("password").InnerText = password; webBrowser1.Document.GetElementById("username").Enabled = false; webBrowser1.Document.GetElementById("password").Enabled = false; Unfortunately, when I try to make the fields read-only, the authentication server acts like the password field was not filled out, and prompts the user to fill it out again after the "Submit" button is clicked. Is this expected behavior, and if so, what other methods can I try to prevent users from changing the credentials that the browser was auto-populated with?

  Read the article

• Joomla User Login Question

  - by user277127

  I would like to enable users of my existing web app to login to Joomla with the credentials already stored in my web app's database. By using the Joomla 1.5 authentication plugin system -- http://docs.joomla.org/Tutorial:Creating_an_Authentication_Plugin_for_Joomla_1.5 -- I would like to bypass the Joomla registration process and bypass creating users in the Joomla database altogether. My thought had been that I could simply populate a User object, which would be stored in the Session, and that this would replace the need to store a user in the Joomla database. After looking through the code surrounding user management in Joomla, it seems like any time you interact with the User object, the database is being queried. It therefore seems like my initial idea won't work. Is that right? It looks like, in order to achieve the effect I want, I will have to actually register a user from within the authentication plugin at the time they first login. This is not ideal, so before I go forward with it, I wanted to check with Joomla developers whether it is possible to do what I described above. Thanks in advance -- I am new to Joomla and greatly appreciate your help!

  Read the article

• Why does LogonUser place user profiles in c:\users of the server?

  - by Lalit_M

  We have developed a ASP.NET web application and has implemented a custom authentication solution using active directory as the credentials store. Our front end application uses a normal login form to capture the user name and password and leverages the Win32 LogonUser method to authenticate the user’s credentials. When we are calling the LogonUser method, we are using the LOGON32_LOGON_NETWORK as the logon type. The issue we have found is that user profile folders are being created under the C:\Users folder of the web server. The folder seems to be created when a new user who has never logged on before is logging in for the first time. As the number of new users logging into the application grows, disk space is shrinking due to the large number of new user folders getting created. Has anyone seen this behavior with the Win32 LogonUser method? Does anyone know how to disable this behavior? I have tried LOGON32_LOGON_BATCH but it was giving an error 1385 in authentication user. I need either of the solution 1) Is there any way to stop the folder generation. 2) What parameter I need to pass this to work? Thanks

  Read the article

• WIN32 API question - Looking for answer asap

  - by Lalit_M

  We have developed a ASP.NET web application and has implemented a custom authentication solution using active directory as the credentials store. Our front end application uses a normal login form to capture the user name and password and leverages the Win32 LogonUser method to authenticate the user’s credentials. When we are calling the LogonUser method, we are using the LOGON32_LOGON_NETWORK as the logon type. The issue we have found is that user profile folders are being created under the C:\Users folder of the web server. The folder seems to be created when a new user who has never logged on before is logging in for the first time. As the number of new users logging into the application grows, disk space is shrinking due to the large number of new user folders getting created. Has anyone seen this behavior with the Win32 LogonUser method? Does anyone know how to disable this behavior? I have tried LOGON32_LOGON_BATCH but it was giving an error 1385 in authentication user. I need either of the solution 1) Is there any way to stop the folder generation. 2) What parameter I need to pass this to work? Thanks

  Read the article

• Site to Site VPN with Fault Tolerence

  - by Nordberg

  Hello, I have a situation where I require an IPSEC tunnel between two sites. Site 2 is a small branch office with basic (ADSL) connectivity and Site 1 is the "main" office with SDSL and ADSL for redundancy should the SDSL fail. From Site 1, all traffic bound for the 172.0.0.0 network will then be sent down another IPSEC tunnel to a supplier's Remote Server. See this page for the basic premise (this is a rough idea and things can be moved about etc...) I am considering specifying Cisco ASA devices as the firewalls for both sites for all connections. Would it be possible to employ something like HSRC to provide a backup at Site 1 should the SDSL go down? I suppose the key aims here are that Site 2 can somehow failover to initiate a VPN to the ASA behind the ADSL at Site 1. I will have a 21 subnet mask on all internet connections so can play with Class C routing if need be... If I'm barking up the wrong tree with HSRC, is there another way I can acheive this without massive expenditure on Barracuda routers et al? Many Thanks.

  Read the article

• Configure ApacheDS 1.5 with accessControlEnabled=true for authenticated access

  - by cmyers

  I need to set up an apacheDS instance. I am using standalone 1.5.5 on Linux. I have removed the example partition and added two of my own, each with their own suffixes. I have imported LDIFs for the two partitions and everything looks correct data-wise. I need to configure ApacheDS to disallow anonymous access. I was able to do that by following some of the directions here: http://directory.apache.org/apacheds/1.5/145-enable-and-disable-anonymous-access.html http://directory.apache.org/apacheds/1.5/32-basic-authorization.html Now only the administrator account (uid=admin,ou=system) can log in and make queries. I need to establish an admin account, and a "regular user" account which can read and write only certain entries within each partition. I tried to read the above docs and I got nuthin'. The second page "basic authorization" is completely incomprehensible to me. When I tried to add a "prescriptiveACI" to it using Apache Directory Studio, I get: Administration point 2.5.4.11=abc,2.5.4.10=efg does not contain an administrativeRole attribute! An administrativeRole attribute in the administrative point is required to add a subordinate subentry. where my partition is "ou=abc,o=def". I have no clue what is going on and the docs are really not helping, I am at a complete loss here. How can it possibly be this hard to just restrict access? P.S. can someone with proper rep please change the tag "apache" to the new tag "ApacheDS"?

  Read the article

• HP ProCurve & Cisco switches interoperability

  - by Kamil Z

  I have a couple of questions regarding Cisco and HP ProCurve interoperability. Here's a link to pdf with my network topology. Can someone help me with basic VLAN configuration in such topology? Below there are some details of my configuration: # m_management_2 interface FastEthernet0/43 switchport access vlan 250 switchport mode access spanning-tree port-priority 32 spanning-tree cost 100 # MTA2-swmgmt1 vlan 1 name "DEFAULT_VLAN" untagged 1-48 ip address 10.10.249.190 255.255.255.128 exit # MTA2-swtr1 vlan 1 name "DEFAULT_VLAN" untagged 1-14,16-48 no ip address no untagged 15 exit vlan 100 name "MTA Mgmt" untagged 15 ip address 10.10.249.188 255.255.255.128 exit # MTA2-swtr2 vlan 1 name "DEFAULT_VLAN" untagged 1-14,16-48 no ip address no untagged 15 exit vlan 100 name "MTA Mgmt" untagged 15 ip address 10.10.249.189 255.255.255.128 exit I don't post MTA2-bcsw[12] configuration, because I wasn's successfull in this one yet. Every time I configure VLANs on MTA2-bcsw[12] Fa0/24 interface on m_management_2 goes down bacause of receiving tagged BPDUs on access port (there are no VLANs configured on MTA2-swmgmt1 because of fact that only 250 VLAN is allowed in this switch. Is it correct?). Can someone provide me some basic configuration for this topology? Second thing I want to ask is concept of connection from MTA2-swmgmt1 to MTA2-swtr[12] HP switches for the sake of management. How to configure such ports on HP switches (managed switch and manager switch). Is my actual configuration correct?

  Read the article

• Error with Apache, Nagios and Snorby integration

  - by user1428366

  I'm trying to use apache to serve two different websites (Nagios and Snorby). The problem is that when I try to see the "/snorby" website, apache sends me the "It works" page. If I try to access to "/nagios" it works perfectly. Snorby is running under ruby passenger .This are the config files. <VirtualHost *:80> ScriptAlias /nagios/cgi-bin "/srv/nagios/sbin" <Directory "/srv/nagios/sbin"> # SSLRequireSSL Options ExecCGI AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AuthUserFile /srv/nagios/etc/htpasswd.users Require valid-user </Directory> Alias /nagios "/srv/nagios/share" <Directory "/srv/nagios/share"> # SSLRequireSSL Options None AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AuthUserFile /srv/nagios/etc/htpasswd.users Require valid-user </Directory> </VirtualHost> And the other one is this: <VirtualHost *:80> #Alias /snorby "/var/www/snorby-2.6.0/public" # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /var/www/snorby-2.6.0/public <Directory /var/www/snorby-2.6.0/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost> If I disable the Nagios webpage, the Snorby webpage works. I think the problem is Snorby because when I try to access to the Ip address with Nagios page disable, the webapplication redirects me to http:// myserverip/dashboard. Can anyone help me please? Thank you so much! Regards

  Read the article

• Resolving "JBoss Web Console is Accessible to Unauthenticated Remote Users" vulnerability

  - by IAmJeff

  Our security team has determined there is a vulnerability in one of our systems. We are using version JBoss 5.1.0GA on RHEL 5.10. Vulnerability description: JBoss Web Console is Accessible to Unauthenticated Remote Users Yes, this looks familiar. Refer to Question 501417. I do not find the answer there complete. Can someone (or multiple someones) answer Does a newer version of JBoss fix this vulnerability? Are there links describing, in more detail, manual modification of JBoss configuration files to resolve the issue? Are there others options to remediate this vulnerability? Why don't I find the other answer complete? I'm not at all familiar with JBoss, so this answer seems a bit too simple. The web-console.war contains commented-out templates for basic security in its WEB-INF/web.xml as well as commented-out setup for a security domain in WEB-INF/jboss-web.xml. Just uncomment those basic security blocks and restart? Is there anything else I need to include? This seems generic. Do I need to include anything about my environment, such as absolute paths, etc.? Am I making this too complicated?

  Read the article

• Nagios 403 forbidden, indexes?

  - by Georgi

  installed nagios under freebsd 9, but can't get the right way to be public in browser (from other pc's). I think that the problem is in the indexes or that there is not index file (instead main.php). Apache says that syntax is ok. The permissions of the dir are 777. The logs print Directory index forbidden by Options directive: /usr/local/www/nagios/. This is my configuration: ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/ Alias /nagios /usr/local/www/nagios/ <Directory /usr/local/www/nagios> Options +Indexes FollowSymLinks +ExecCGI AllowOverride Indexes AuthConfig FileInfo Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUSerFile /usr/local/etc/nagios/htpasswd.users Require valid-user </Directory> <Directory /usr/local/www/nagios/cgi-bin> Options +ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUSerFile /usr/local/etc/nagios/htpasswd.users Require valid-user </Directory> I think that the problem is in idexes, maybe? When I remove the options it's public and available but lists the files and says that idnexes are forbidden..

  Read the article

• SVN and WebSVN with different users access restriction on multiple repositories on linux

  - by user55658

  and first of all sorry for my english. I've installed an ubuntu server 10.04.1 with apache2, subversion, svn_dav and websvn. (and others services of course, like php5, mysql 5.1, etc). I've configured my svn with multiple repositories, and each one with differents groups and users, like: /var/myrepos/repo1 group: mygroup1 /var/myrepos/repo2 group: mygroup2 /var/myrepos/repo3 user: johndoe With an easy access on svn_dav, works perfectly, ie: http://myserver/svnrepo1 accesibly only for users on mygroup1 with theirs users of linux and passwords of svn. Also works for the other repos with their users and groups. But when i tried with websvn, shows all repos without take care than if user on mygroup1 can view repo2 (that's i dont want do). You can login as any user on mygroup1, mygroup2, or johndoe, and you login into all repositories. I'll try to find a solution and I'll post the news, if anyone can helpme with this I'll preciated so much!!! Thanks for all I show my files: /etc/apache2/mods-available/dav_svn.conf <Location /svnrepo1> DAV svn SVNPath /var/myrepos/repo1 AuthType Basic AuthName "Repositorio Subversion de MD" AuthUserFile /etc/apache2/dav_svn.passwd Require valid-user </Location> <Location /websvn/> Options FollowSymLinks order allow,deny allow from all AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd Require valid-user </Location>

  Read the article

< Previous Page | 200 201 202 203 204 205 206 207 208 209 210 211  | Next Page >