Search Results

Search found 11785 results on 472 pages for 'password protection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 205/472 | < Previous Page | 201 202 203 204 205 206 207 208 209 210 211 212  | Next Page >

  • Database Activity Monitoring Part 2 - SQL Injection Attacks

    If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational database along with all the other registered users on that web site. Hopefully your password will be encrypted and not stored in plain text.

    Read the article

  • Unable to list windows shares from terminal.

    - by karthick87
    I am unable to list windows shares from terminal. I am getting the following error, root@ITSTA2:~# smbclient -L 172.XX.XX.XX -U john params.c:Parameter() - Ignoring badly formed line in configuration file: # Samba config file WARNING: The "Share modes" option is deprecated Unknown parameter encountered: "read Size" Ignoring unknown parameter "read Size" Enter john's password: Unknown socket option SO_KEEPLIVE session setup failed: NT_STATUS_LOGON_FAILURE Someone sort out the problem pls..

    Read the article

  • how can I disable ssh prompt from kvm remote

    - by kamil
    when I upgraded my KVM virtual machine manager to the latest version I got a question prompt every time I try to connect remotely to my machines: The authenticity of host 'kvm.local (ip address)' can't be established. ECDSA key fingerprint is b5:fa:0a:d0:39:af:0a:60:fa:04:87:6c:31:1d:13:15. Are you sure you want to continue connecting (yes/no)? And when changing any setting on a VM I was obliged to type yes and then type the root password in another dialog using ubuntu 12.04 64bit

    Read the article

  • Self-signed certificates for a known community

    - by costlow
    Recently announced changes scheduled for Java 7 update 51 (January 2014) have established that the default security slider will require code signatures and the Permissions Manifest attribute. Code signatures are a common practice recommended in the industry because they help determine that the code your computer will run is the same code that the publisher created. This post is written to help users that need to use self-signed certificates without involving a public Certificate Authority. The role of self-signed certificates within a known community You may still use self-signed certificates within a known community. The difference between self-signed and purchased-from-CA is that your users must import your self-signed certificate to indicate that it is valid, whereas Certificate Authorities are already trusted by default. This works for known communities where people will trust that my certificate is mine, but does not scale widely where I cannot actually contact or know the systems that will need to trust my certificate. Public Certificate Authorities are widely trusted already because they abide by many different requirements and frequent checks. An example would be students in a university class sharing their public certificates on a mailing list or web page, employees publishing on the intranet, or a system administrator rolling certificates out to end-users. Managed machines help this because you can automate the rollout, but they are not required -- the major point simply that people will trust and import your certificate. How to distribute self-signed certificates for a known community There are several steps required to distribute a self-signed certificate to users so that they will properly trust it. These steps are: Creating a public/private key pair for signing. Exporting your public certificate for others Importing your certificate onto machines that should trust you Verify work on a different machine Creating a public/private key pair for signing Having a public/private key pair will give you the ability both to sign items yourself and issue a Certificate Signing Request (CSR) to a certificate authority. Create your public/private key pair by following the instructions for creating key pairs.Every Certificate Authority that I looked at provided similar instructions, but for the sake of cohesiveness I will include the commands that I used here: Generate the key pair.keytool -genkeypair -alias erikcostlow -keyalg EC -keysize 571 -validity 730 -keystore javakeystore_keepsecret.jks Provide a good password for this file. The alias "erikcostlow" is my name and therefore easy to remember. Substitute your name of something like "mykey." The sigalg of EC (Elliptical Curve) and keysize of 571 will give your key a good strong lifetime. All keys are set to expire. Two years or 730 days is a reasonable compromise between not-long-enough and too-long. Most public Certificate Authorities will sign something for one to five years. You will be placing your keys in javakeystore_keepsecret.jks -- this file will contain private keys and therefore should not be shared. If someone else gets these private keys, they can impersonate your signature. Please be cautious about automated cloud backup systems and private key stores. Answer all the questions. It is important to provide good answers because you will stick with them for the "-validity" days that you specified above.What is your first and last name?  [Unknown]:  First LastWhat is the name of your organizational unit?  [Unknown]:  Line of BusinessWhat is the name of your organization?  [Unknown]:  MyCompanyWhat is the name of your City or Locality?  [Unknown]:  City NameWhat is the name of your State or Province?  [Unknown]:  CAWhat is the two-letter country code for this unit?  [Unknown]:  USIs CN=First Last, OU=Line of Business, O=MyCompany, L=City, ST=CA, C=US correct?  [no]:  yesEnter key password for <erikcostlow>        (RETURN if same as keystore password): Verify your work:keytool -list -keystore javakeystore_keepsecret.jksYou should see your new key pair. Exporting your public certificate for others Public Key Infrastructure relies on two simple concepts: the public key may be made public and the private key must be private. By exporting your public certificate, you are able to share it with others who can then import the certificate to trust you. keytool -exportcert -keystore javakeystore_keepsecret.jks -alias erikcostlow -file erikcostlow.cer To verify this, you can open the .cer file by double-clicking it on most operating systems. It should show the information that you entered during the creation prompts. This is the file that you will share with others. They will use this certificate to prove that artifacts signed by this certificate came from you. If you do not manage machines directly, place the certificate file on an area that people within the known community should trust, such as an intranet page. Import the certificate onto machines that should trust you In order to trust the certificate, people within your known network must import your certificate into their keystores. The first step is to verify that the certificate is actually yours, which can be done through any band: email, phone, in-person, etc. Known networks can usually do this Determine the right keystore: For an individual user looking to trust another, the correct file is within that user’s directory.e.g. USER_HOME\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs For system-wide installations, Java’s Certificate Authorities are in JAVA_HOMEe.g. C:\Program Files\Java\jre8\lib\security\cacerts File paths for Mac and Linux are included in the link above. Follow the instructions to import the certificate into the keystore. keytool -importcert -keystore THEKEYSTOREFROMABOVE -alias erikcostlow -file erikcostlow.cer In this case, I am still using my name for the alias because it’s easy for me to remember. You may also use an alias of your company name. Scaling distribution of the import The easiest way to apply your certificate across many machines is to just push the .certs or cacerts file onto them. When doing this, watch out for any changes that people would have made to this file on their machines. Trusted.certs: When publishing into user directories, your file will overwrite any keys that the user has added since last update. CACerts: It is best to re-run the import command with each installation rather than just overwriting the file. If you just keep the same cacerts file between upgrades, you will overwrite any CAs that have been added or removed. By re-importing, you stay up to date with changes. Verify work on a different machine Verification is a way of checking on the client machine to ensure that it properly trusts signed artifacts after you have added your signing certificate. Many people have started using deployment rule sets. You can validate the deployment rule set by: Create and sign the deployment rule set on the computer that holds the private key. Copy the deployment rule set on to the different machine where you have imported the signing certificate. Verify that the Java Control Panel’s security tab shows your deployment rule set. Verifying an individual JAR file or multiple JAR files You can test a certificate chain by using the jarsigner command. jarsigner -verify filename.jar If the output does not say "jar verified" then run the following command to see why: jarsigner -verify -verbose -certs filename.jar Check the output for the term “CertPath not validated.”

    Read the article

  • Ubuntu boots to terminal on start up

    - by Jules
    For a long time I've been unable to get updates due to a "repositories not found" error. Yesterday someone fixed this for me but after installing 94 days worth of updates my system wanted to restart. It looks like it is booting normally but then it opens a terminal and asks for my login and password. I had tried Ctrl+ Alt +F7 and startx to no avail. Here is everything that appears on screen when I turn the computer on. Ubuntu 10.04.4 LTS box-o-doom tty1 box-o-doom login:julian password: last login: Sun Jul 8 10:28:02 BST tty1 Linux box-o-doom 2.6.32-41-generic-pae #91-Ubuntu SMP Wed Jun 13 12:00:09 UTC 20 12 i686 GNU/Linux Ubuntu 10.04.4 LTS Welcome to Ubuntu! *Documentation: http://help.ubuntu.com julian@box-o-doom:~$_ i then tried dmesg which produced hundreds of lines all very similar to the first line reproduced here [ 9.453119] type=1505 audit1341742405.022:10): operation="profile_replace" pid=743 name="/usr/lib/connman/scripts/dhclient-script" follwed by this at the end [ 9.475880] alloc irq_desc for 27 on node-1 [ 9.475883] alloc kstat_irqs on node-1 [ 9.475890]forcedeth 0000:00:07.0: irq27 for MSI/MSI-X [ 9.760031] hda_code:ALC662 rev1: BIOS auto-probing. [ 10.048095] input:HDA Digital PCBeep as /devices/pci 0000:00:05.o/inp ut/input6 [ 10.862278] ppdev: user-space parallel port driver [ 20.268018] eth0: no IPv6 routers present julian@box-o-doom:~$_ results of startx lots of text scrolls off the screen and i have no way of reading it. but everything i can see is reproduced below current version of pixman: 0.16.4 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version Markers: (--) probed, (**) from config file, (==) defult setting, (++) from command line, (!!) notice, (II) informational. (WW) Warning, (EE) error, (NI) not implemented, (??) unknown. (==) log file: "/var/log/Xorg.0.log", Time: SUn Jul 8 12:02:23 2012 (==) using config file: "/etc/X11/xorg.conf" (==)using config directory: "/usr/lib/X11/xorg.conf.d" FATAL: Module nvidia not found. (EE) NVIDIA: Failed to load the NVIDIA kernal module please check your (EE) NVIDIA: systems kernal log for aditional error messages. (EE) Failed to load module "nvidia" (module specific error, 0) (EE) No drivers available. Fatal server error: no screens found please consult the X.org foundation support at http://wiki.x.org for help please also check the log files at "/var/log/X.org.0.log" for aditional informati on ddxSigGiveUp: Closing log giving up xinit: No such file or directory (errno 2): unable to connect to X server xinit: No suck process (errno 3): server error julian@box-o-doom:~$_

    Read the article

  • Root username is different to admin username

    - by Chris Poole
    I have somehow changed my root username which seems to have caused my system to disallow me to mount USB, CDROM. My normal username is jenchris, however if I type: su root (and enter the password) then it shows root@jenchris-H55M-UD2H:/home/jenchris# (PLEASE NOTE THE HASH AT THE END OF THE USERNAME!) I think I accidentally hit the hash key at some point whilst typing my username.... This is causing huge problems as I have lost lots of permissions, please can someone help?

    Read the article

  • [MISC GEEKERY] How To Easily Access Your Home Network From Anywhere With DDNS

    - by YatriTrivedi
    Whether you’re hosting a web page or running a Minecraft server, it’s a pain to keep track of IP addresses. Using a free dynamic DNS, you can turn 174.45.19.242 into mygeekydns.dyndns.org and be free from changing IPs.How To Recover After Your Email Password Is CompromisedHow to Clean Your Filthy Keyboard in the Dishwasher (Without Ruining it)Learn How to Make HDR Images in Photoshop or GIMP With a Simple Trick

    Read the article

  • Automaticaly add virtual hosts in ubuntu

    - by user208202
    I want to create a simple web interface with username, password and domain. Once the users gives the information, a script will be executed creating the host with the name that the user has given and give permissions to access phpmyadmin, upload a file with filezilla. I use ubuntu, with apache and mysql installed. I found many web based interfaces and tutorials how to manually create virtual hosts but I want an automated self made solution. Can anyone help me? Thanks in advance

    Read the article

  • How to write Bash scribt to open two different terminals

    - by Ahmed Zain El Dein
    How to write Bash script to open two different taped terminal ,and write in both of them commands separately to be executed unrelationally for instance : Terminal number one open skype terminal number two open in the end , i want one more thing , can i write in the bash script my skype username and password to put them in skype when open it in terminal one automatically then login too Thanks

    Read the article

  • Part 1 Basic Webtrends REST Examples

    - by GeekAgilistMercenary
    In this entry I just want to cover some examples of how to connect to Webtrends DX Web Services.  The DX Web Services use REST as the architecture, providing simple URI based end points to connect to.  With the Webtrends SDK you can connect to these services with your account information.  Here are the basic steps to retrieve a profile list, the reports from one of those profiles, and then the report you want from that report list. First step is to create a Webtrends User. WebTrends.Sdk.Account.User webtrendsUser = new Account.User(); webtrendsUser.UserName = username; webtrendsUser.Password = password; webtrendsUser.AccountName = account; After you create the Webtrends User, simple request a profile list by getting list of ProfileDefinition Objects. List<WebTrends.Sdk.Profile.ProfileDefinition> profiles = WebTrends.Sdk.Factory.NavigationFactory.BuildListing(webtrendsUser); Next you will want to grab a report based on the profile you are in and your credentials. List<WebTrends.Sdk.Report.ReportDefinition> reports = WebTrends.Sdk.Factory.NavigationFactory.BuildListing(profiles[i], webtrendsUser); In the code above, i would equate to the specific profile you want from the retrieved list of profiles in the profiles list.  The common scenario is that one has pulled the profiles into a drop down, combo, or list box that the user can select.  Then when the user selects the specific profile that profile object can then be used to pull the List of ReportDefinitions. Once we have the report definitions, all sorts of criteria can be added together to query for a specific report.  This is also were things can get a little tricky.  For instance, take a look at the code below. WebTrends.Sdk.Factory.ReportFactory.CreateDimensionalReport( report.ID.ToString(), profiles[i].ID.ToString(), "2010m01", webtrendsUser); The CreateDimensionalReport takes 4 parameters for this particular overload.  The report ID, profile ID, the Webtrends Date Format, and the Webtrends User Object.  There are a number of other overloads available within this factory's method that allow for passing the specific REST URI, and other criteria to retrieve the report of your choice.  In the near future we will be adding some more to this method also, which will provide more flexibility without needing to use the full REST URI. I will have more on this, so all you Coders out there using Webtrends DX Services, I hope this is helpful!  Enjoy. Original Entry

    Read the article

  • Solving Inbound Refinery PDF Conversion Issues, Part 1

    - by Kevin Smith
    Working with Inbound Refinery (IBR)  and PDF Conversion can be very frustrating. When everything is working smoothly you kind of forgot it is even there. Documents are cheeked into WebCenter Content (WCC), sent to IBR for conversion, converted to PDF, returned to WCC, and viola your Office documents have a nice PDF rendition available for viewing. Then a user checks in a bunch of password protected Word files, the conversions fail, your IBR queue starts backing up, users start calling asking why their document have not been released yet, and your spend a frustrating afternoon trying to recover and get things back running properly again. Password protected documents are one cause of PDF conversion failures, and I will cover those in a future blog post, but there are many other problems that can cause conversions to fail, especially when working with the WinNativeConverter and using the native applications, e.g. Word, to convert a document to PDF. There are other conversion options like PDFExportConverter which uses Oracle OutsideIn to convert documents directly to PDF without the need for the native applications. However, to get the best fidelity to the original document the native applications must be used. Many customers have tried PDFExportConverter, but have stayed with the native applications for conversion since the conversion results from PDFExportConverter were not as good as when the native applications are used. One problem I ran into recently, that at least has a easy solution, are Word documents that display a Show Repairs dialog when the document is opened. If you open the problem document yourself you will see this dialog. This will cause the conversion to time out. Any time the native application displays a dialog that requires user input the conversion will time out. The solution is to set add a setting for BulletProofOnCorruption to the registry for the user running Word on the IBR server. See this support note from Microsoft for details. The support note says to set the registry key under HKEY_CURRENT_USER, but since we are running IBR as a service the correct location is under HKEY_USERS\.DEFAULT. Also since in our environment we were using Office 2007, the correct registry key to use was: HKEY_USERS\.DEFAULT\Software\Microsoft\Office\11.0\Word\Options Once you have done this restart the IBR managed server and resubmit your problem document. It should now be converted successfully. For more details on IBR see the Oracle® WebCenter Content Administrator's Guide for Conversion.

    Read the article

  • Week in Geek: Windows 8 Users at Risk Due to Missing IE 10 Flash Update

    - by Asian Angel
    This week’s edition of WIG is filled with news link goodness covering topics such as Windows 8 Pro downgrades to Windows 7 and Vista will be possible, the Ubuntu Live CD is now dead, Guild Wars 2 is suffering an ongoing password attack, and more. HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It HTG Explains: How Windows Uses The Task Scheduler for System Tasks

    Read the article

  • How do I reinstate my admin user privileges to global read/write

    - by Matt
    I am running Ubuntu 12.04 LTS. I only have the one user which I created when I installed Ubuntu. Everything has been fine - love it - until I updated a software package recently from the command line using sudo (not gksudo). I was having a little bother which did not make sense to me and in a fluff changed my user read/write privileges through the GUI (not even clear how I got there!). After restart I was stuck in a login loop - using the right login password but kept getting looped back to the login and could only login as Guest. I could still login with my user/password via ctrl + alt + f1 Eventually I was able to login again at start up. Not sure exactly what it was I changed that worked but it was one of/or a combination of installing latest security updates, changing login manager from LightDM to DGM and back again, removing the ICE/Xauthority and chown user. Current dilemma is my primary admin user privileges were read only. In the command line ls -ls /home/user returned this value: drwx------ 48 username username 20480 I have since changed this using sudo chmod 0755 /home/username (from my limited understanding 755 should return my user privileges to their original read/write glory). ls -ld /home/user currently shows my user privileges as: drwxr-xr-x 48 username username 20480 I still seem to have only read access permissions. I've been through lots of threads (and the help file) that talk about creating new users/groups permissions etc. but specific info on returning my existing global/admin/primary users privileges to what they were when I first created that user - baffling me. I feel this is something really simple I'm just not getting it. Please help! sudo mount /dev/sda1 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /proc type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/fuse/connections type fusect1 (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) udev on /dev type devtmpfs (rw,mode=07pe tmpfs55) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw, ,nosuid,nodev,size=5242880 none on /run/shm type tmpfs (rw,nosuid,nodev) gvfs-fuse-daemon on /home/meng/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=meng) none on /tmp/guest-1R2Fi5 type tmpsf (rw,mode=700)

    Read the article

  • How do I run (execute) a .bin file in Linux (Ubuntu) ?

    - by Paula DiTallo
    If you are on a desktop version of Ubuntu, you can right-click on the file icon, click the permissions tab and click on "allow execution". If you are on a server copy without the desktop bells and whistles (or you would rather work with a command line in a terminal window), then do the following: sudo chmod +x myProgram.bin after you enter your password and get the prompt back type: ./myProgram.bin

    Read the article

  • Swap is encrypted or not?

    - by Abhijit Navale
    I selected to encrypt home folder while install lubuntu 12.10 (64 bit) But after that 'sometimes' I get error that can not find /dev/mapper/cryptswap1 wait for mount or cancel at slpash screen. It then start the lubuntu without any problem. If i do sudo blkid | grep swap [sudo] password for abhijit: /dev/mapper/cryptswap1: UUID="fce3ef14-a9c6-45ac-81f5-18ff415851b0" TYPE="swap" That means swap is encrypted. But if i go to gparted it shows unknown partition with red exclamation mark for swap.

    Read the article

  • How often to authenticate iOS app in web service

    - by jeraldov
    I am trying to build an iOS app that connects to a PHP+MySQL web service. My question is how often should I check for user's authentication to get data from the web service. My app requires a login at start up, but I am wondering if how often should I check if he can still validly get data from the web service. Should I check for his username and password each time the user views a table view that get its data from the web service?

    Read the article

  • Week in Geek: LulzSec Hackers Calling it Quits

    - by Asian Angel
    This week we learned how to pin any file to the Windows 7 Taskbar, sync iTunes to an Android phone, create custom cover pages in Microsoft Word 2010, how you use the Command Line on your computers, got to indulge in some sweet Geek Deals, and more. Photo by pasukaru76.What is a Histogram, and How Can I Use it to Improve My Photos?How To Easily Access Your Home Network From Anywhere With DDNSHow To Recover After Your Email Password Is Compromised

    Read the article

  • Encrypted home won't mount automatically nor with ecryptfs-mount-private

    - by Patrik Swedman
    Up until recently my encrypted home worked great but after a reboot it didn't mount itself automatically and when I try to mount it manually I get a mount error: patrik@patrik-server:~$ ecryptfs-mount-private Enter your login passphrase: Inserted auth tok with sig [9af248791dd63c29] into the user session keyring mount: Invalid argument patrik@patrik-server:~$ I've also tried with sudo even though that shouldn't be necesary: patrik@patrik-server:/$ sudo ecryptfs-mount-private [sudo] password for patrik: Enter your login passphrase: Inserted auth tok with sig [9af248791dd63c29] into the user session keyring fopen: No such file or directory I'm using Ubuntu 10.04.4 LTS and I access it over SSH with putty.

    Read the article

  • Can throwing the iPhone high in the air launch my app or trigger desired function in iOS 7 or later

    - by aMother
    My app is an emergency app. It will be used by people in emergency and disasters. It's possible that they got stuck in situations where they just don't have the time to enter or draw their password, launch the appp and push a button. Is it possible that ask the OS to launch the app if user throw their iphone up in the air or shake it vigrously or something else. PS: I think it's possible with the accelerometer.

    Read the article

  • Combining Shared Secret and Username Token – Azure Service Bus

    - by Michael Stephenson
    As discussed in the introduction article this walkthrough will explain how you can implement WCF security with the Windows Azure Service Bus to ensure that you can protect your endpoint in the cloud with a shared secret but also flow through a username token so that in your listening WCF service you will be able to identify who sent the message. This could either be in the form of an application or a user depending on how you want to use your token. Prerequisites Before going into the walk through I want to explain a few assumptions about the scenario we are implementing but to keep the article shorter I am not going to walk through all of the steps in how to setup some of this. In the solution we have a simple console application which will represent the client application. There is also the services WCF application which contains the WCF service we will expose via the Windows Azure Service Bus. The WCF Service application in this example was hosted in IIS 7 on Windows 2008 R2 with AppFabric Server installed and configured to auto-start the WCF listening services. I am not going to go through significant detail around the IIS setup because it should not matter in relation to this article however if you want to understand more about how to configure WCF and IIS for such a scenario please refer to the following paper which goes into a lot of detail about how to configure this. The link is: http://tinyurl.com/8s5nwrz   The Service Component To begin with let's look at the service component and how it can be configured to listen to the service bus using a shared secret but to also accept a username token from the client. In the sample the service component is called Acme.Azure.ServiceBus.Poc.UN.Services. It has a single service which is the Visual Studio template for a WCF service when you add a new WCF Service Application so we have a service called Service1 with its Echo method. Nothing special so far!.... The next step is to look at the web.config file to see how we have configured the WCF service. In the services section of the WCF configuration you can see I have created my service and I have created a local endpoint which I simply used to do a little bit of diagnostics and to check it was working, but more importantly there is the Windows Azure endpoint which is using the ws2007HttpRelayBinding (note that this should also work just the same if your using netTcpRelayBinding). The key points to note on the above picture are the service behavior called MyServiceBehaviour and the service bus endpoints behavior called MyEndpointBehaviour. We will go into these in more detail later.   The Relay Binding The relay binding for the service has been configured to use the TransportWithMessageCredential security mode. This is the important bit where the transport security really relates to the interaction between the service and listening to the Azure Service Bus and the message credential is where we will use our username token like we have specified in the message/clientCrentialType attribute. Note also that we have left the relayClientAuthenticationType set to RelayAccessToken. This means that authentication will be made against ACS for accessing the service bus and messages will not be accepted from any sender who has not been authenticated by ACS.   The Endpoint Behaviour In the below picture you can see the endpoint behavior which is configured to use the shared secret client credential for accessing the service bus and also for diagnostic purposes I have included the service registry element. Hopefully if you are familiar with using Windows Azure Service Bus relay feature the above is very familiar to you and this is a very common setup for this section. There is nothing specific to the username token implementation here. The Service Behaviour Now we come to the bit with most of the username token bits in it. When you configure the service behavior I have included the serviceCredentials element and then setup to use userNameAuthentication and you can see that I have created my own custom username token validator.   This setup means that WCF will hand off to my class for validating the username token details. I have also added the serviceSecurityAudit element to give me a simple auditing of access capability. My UsernamePassword Validator The below picture shows you the details of the username password validator class I have implemented. WCF will hand off to this class when validating the token and give me a nice way to check the token credentials against an on-premise store. You have all of the validation features with a non-service bus WCF implementation available such as validating the username password against active directory or ASP.net membership features or as in my case above something much simpler.   The Client Now let's take a look at the client side of this solution and how we can configure the client to authenticate against ACS but also send a username token over to the service component so it can implement additional security checks on-premise. I have a console application and in the program class I want to use the proxy generated with Add Service Reference to send a message via the Azure Service Bus. You can see in my WCF client configuration below I have setup my details for the azure service bus url and am using the ws2007HttpRelayBinding. Next is my configuration for the relay binding. You can see below I have configured security to use TransportWithMessageCredential so we will flow the username token with the message and also the RelayAccessToken relayClientAuthenticationType which means the component will validate against ACS before being allowed to access the relay endpoint to send a message.     After the binding we need to configure the endpoint behavior like in the below picture. This is the normal configuration to use a shared secret for accessing a Service Bus endpoint.   Finally below we have the code of the client in the console application which will call the service bus. You can see that we have created our proxy and then made a normal call to a WCF service but this time we have also set the ClientCredentials to use the appropriate username and password which will be flown through the service bus and to our service which will validate them.     Conclusion As you can see from the above walkthrough it is not too difficult to configure a service to use both a shared secret and username token at the same time. This gives you the power and protection offered by the access control service in the cloud but also the ability to flow additional tokens to the on-premise component for additional security features to be implemented. Sample The sample used in this post is available at the following location: https://s3.amazonaws.com/CSCBlogSamples/Acme.Azure.ServiceBus.Poc.UN.zip

    Read the article

  • Installing a minimal GUI + VNC

    - by Malachi
    I have a fresh install of Ubuntu 10.04 Server on my VPS and would like to install a minimal GUI onto this and allow VNC access to. Please could someone outline the steps required to set this up so that I can VNC to my machine under a newly created user account. Create the user: useradd -m -s /bin/bash -p password -d /home/usera userA chown userA:users /home/usera Install the GUI sudo apt-get install --no-install-recommends ubuntu-desktop Setup VNC ?

    Read the article

  • Integration Patterns with Azure Service Bus Relay, Part 3: Anonymous partial-trust consumer

    - by Elton Stoneman
    This is the third in the IPASBR series, see also: Integration Patterns with Azure Service Bus Relay, Part 1: Exposing the on-premise service Integration Patterns with Azure Service Bus Relay, Part 2: Anonymous full-trust .NET consumer As the patterns get further from the simple .NET full-trust consumer, all that changes is the communication protocol and the authentication mechanism. In Part 3 the scenario is that we still have a secure .NET environment consuming our service, so we can store shared keys securely, but the runtime environment is locked down so we can't use Microsoft.ServiceBus to get the nice WCF relay bindings. To support this we will expose a RESTful endpoint through the Azure Service Bus, and require the consumer to send a security token with each HTTP service request. Pattern applicability This is a good fit for scenarios where: the runtime environment is secure enough to keep shared secrets the consumer can execute custom code, including building HTTP requests with custom headers the consumer cannot use the Azure SDK assemblies the service may need to know who is consuming it the service does not need to know who the end-user is Note there isn't actually a .NET requirement here. By exposing the service in a REST endpoint, anything that can talk HTTP can be a consumer. We'll authenticate through ACS which also gives us REST endpoints, so the service is still accessed securely. Our real-world example would be a hosted cloud app, where we we have enough room in the app's customisation to keep the shared secret somewhere safe and to hook in some HTTP calls. We will be flowing an identity through to the on-premise service now, but it will be the service identity given to the consuming app - the end user's identity isn't flown through yet. In this post, we’ll consume the service from Part 1 in ASP.NET using the WebHttpRelayBinding. The code for Part 3 (+ Part 1) is on GitHub here: IPASBR Part 3. Authenticating and authorizing with ACS We'll follow the previous examples and add a new service identity for the namespace in ACS, so we can separate permissions for different consumers (see walkthrough in Part 1). I've named the identity partialTrustConsumer. We’ll be authenticating against ACS with an explicit HTTP call, so we need a password credential rather than a symmetric key – for a nice secure option, generate a symmetric key, copy to the clipboard, then change type to password and paste in the key: We then need to do the same as in Part 2 , add a rule to map the incoming identity claim to an outgoing authorization claim that allows the identity to send messages to Service Bus: Issuer: Access Control Service Input claim type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier Input claim value: partialTrustConsumer Output claim type: net.windows.servicebus.action Output claim value: Send As with Part 2, this sets up a service identity which can send messages into Service Bus, but cannot register itself as a listener, or manage the namespace. RESTfully exposing the on-premise service through Azure Service Bus Relay The part 3 sample code is ready to go, just put your Azure details into Solution Items\AzureConnectionDetails.xml and “Run Custom Tool” on the .tt files.  But to do it yourself is very simple. We already have a WebGet attribute in the service for locally making REST calls, so we are just going to add a new endpoint which uses the WebHttpRelayBinding to relay that service through Azure. It's as easy as adding this endpoint to Web.config for the service:         <endpoint address="https://sixeyed-ipasbr.servicebus.windows.net/rest"                   binding="webHttpRelayBinding"                    contract="Sixeyed.Ipasbr.Services.IFormatService"                   behaviorConfiguration="SharedSecret">         </endpoint> - and adding the webHttp attribute in your endpoint behavior:           <behavior name="SharedSecret">             <webHttp/>             <transportClientEndpointBehavior credentialType="SharedSecret">               <clientCredentials>                 <sharedSecret issuerName="serviceProvider"                               issuerSecret="gl0xaVmlebKKJUAnpripKhr8YnLf9Neaf6LR53N8uGs="/>               </clientCredentials>             </transportClientEndpointBehavior>           </behavior> Where's my WSDL? The metadata story for REST is a bit less automated. In our local webHttp endpoint we've enabled WCF's built-in help, so if you navigate to: http://localhost/Sixeyed.Ipasbr.Services/FormatService.svc/rest/help - you'll see the uri format for making a GET request to the service. The format is the same over Azure, so this is where you'll be connecting: https://[your-namespace].servicebus.windows.net/rest/reverse?string=abc123 Build the service with the new endpoint, open that in a browser and you'll get an XML version of an HTTP status code - a 401 with an error message stating that you haven’t provided an authorization header: <?xml version="1.0"?><Error><Code>401</Code><Detail>MissingToken: The request contains no authorization header..TrackingId:4cb53408-646b-4163-87b9-bc2b20cdfb75_5,TimeStamp:10/3/2012 8:34:07 PM</Detail></Error> By default, the setup of your Service Bus endpoint as a relying party in ACS expects a Simple Web Token to be presented with each service request, and in the browser we're not passing one, so we can't access the service. Note that this request doesn't get anywhere near your on-premise service, Service Bus only relays requests once they've got the necessary approval from ACS. Why didn't the consumer need to get ACS authorization in Part 2? It did, but it was all done behind the scenes in the NetTcpRelayBinding. By specifying our Shared Secret credentials in the consumer, the service call is preceded by a check on ACS to see that the identity provided is a) valid, and b) allowed access to our Service Bus endpoint. By making manual HTTP requests, we need to take care of that ACS check ourselves now. We do that with a simple WebClient call to the ACS endpoint of our service; passing the shared secret credentials, we will get back an SWT: var values = new System.Collections.Specialized.NameValueCollection(); values.Add("wrap_name", "partialTrustConsumer"); //service identity name values.Add("wrap_password", "suCei7AzdXY9toVH+S47C4TVyXO/UUFzu0zZiSCp64Y="); //service identity password values.Add("wrap_scope", "http://sixeyed-ipasbr.servicebus.windows.net/"); //this is the realm of the RP in ACS var acsClient = new WebClient(); var responseBytes = acsClient.UploadValues("https://sixeyed-ipasbr-sb.accesscontrol.windows.net/WRAPv0.9/", "POST", values); rawToken = System.Text.Encoding.UTF8.GetString(responseBytes); With a little manipulation, we then attach the SWT to subsequent REST calls in the authorization header; the token contains the Send claim returned from ACS, so we will be authorized to send messages into Service Bus. Running the sample Navigate to http://localhost:2028/Sixeyed.Ipasbr.WebHttpClient/Default.cshtml, enter a string and hit Go! - your string will be reversed by your on-premise service, routed through Azure: Using shared secret client credentials in this way means ACS is the identity provider for your service, and the claim which allows Send access to Service Bus is consumed by Service Bus. None of the authentication details make it through to your service, so your service is not aware who the consumer is (MSDN calls this "anonymous authentication").

    Read the article

  • User Account Disabled After Upgrade to 12.04.1 LTS

    - by Five
    I upgraded from 10.xxx to 12.04.1 LTS using the upgrade feature within Ubuntu. System upgraded but after a reboot, the graphical interface comes up. When I try logging in using a user account that pre-existed on the system, the graphical interface screen disappears, screen goes blank and then reverts to the graphical interface prompting for a password. I have loads of data and installed programs under the particular user account. PLEASE HELP....

    Read the article

  • Preventing Users From Copying Text From and Pasting It Into TextBoxes

    Many websites that support user accounts require users to enter an email address as part of the registration process. This email address is then used as the primary communication channel with the user. For instance, if the user forgets her password a new one can be generated and emailed to the address on file. But what if, when registering, a user enters an incorrect email address? Perhaps the user meant to enter [email protected], but accidentally transposed the first two letters, entering [email protected]. How can such typos be prevented? The only foolproof way to ensure that the user's entered email address is valid is to send them a validation email upon registering that includes a link that, when visited, activates their account. (This technique is discussed in detail in Examining ASP.NET's Membership, Roles, and Profile - Part 11.) The downside to using a validation email is that it adds one more step to the registration process, which will cause some people to bail out on the registration process. A simpler approach to lessening email entry errors is to have the user enter their email address twice, just like how most registration forms prompt users to enter their password twice. In fact, you may have seen registration pages that do just this. However, when I encounter such a registration page I usually avoid entering the email address twice, but instead enter it once and then copy and paste it from the first textbox into the second. This behavior circumvents the purpose of the two textboxes - any typo entered into the first textbox will be copied into the second. Using a bit of JavaScript it is possible to prevent most users from copying text from one textbox and pasting it into another, thereby requiring the user to type their email address into both textboxes. This article shows how to disable cut and paste between textboxes on a web page using the free jQuery library. Read on to learn more! Read More >Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 201 202 203 204 205 206 207 208 209 210 211 212  | Next Page >