Search Results

Search found 12926 results on 518 pages for 'security risks'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 206/518 | < Previous Page | 202 203 204 205 206 207 208 209 210 211 212 213  | Next Page >

  • how do I allow mysql connections through selinux

    - by xivix
    I'd like to for once leave selinux running on a server for the alleged increased security. I usually disable selinux to get anything to work. How do I tell selinux to allow mysql connections? The most documentation I've found is this line from mysql.com: If you are running under Linux and Security-Enhanced Linux (SELinux) is enabled, make sure you have disabled SELinux protection for the mysqld process. wow ... that's really helpful.

    Read the article

  • Chroot for Mysql running on Ubuntu 10.10?

    - by Calvin Froedge
    Prompted from a question about MySQL server security best practices, I've been running through this list (with a few minor alterations) to properly secure my server database server: http://www.greensql.net/publications/mysql-security-best-practices On step 10, I'm told to change the root directory for the mysql user using chroot, but very few specifics are provided and I'm not sure where to start. Does anyone know of a good resource for walking me through the steps to properly create a chrooted environment for Ubuntu 10.10?

    Read the article

  • how do I allow mysql connections through selinux

    - by xivix
    I'd like to for once leave selinux running on a server for the alleged increased security. I usually disable selinux to get anything to work. How do I tell selinux to allow mysql connections? The most documentation I've found is this line from mysql.com: If you are running under Linux and Security-Enhanced Linux (SELinux) is enabled, make sure you have disabled SELinux protection for the mysqld process. wow ... that's really helpful.

    Read the article

  • Problem install phpmyadmin on amazon ec2?

    - by yoko
    I googled on how to install phpmyadmin on ec2, and i got this syntax: sudo yum install phpmyadmin But i keep getting this: Loaded plugins: fastestmirror, priorities, security Loading mirror speeds from cached hostfile amzn-main | 2.1 kB 00:00 amzn-updates | 2.1 kB 00:00 Setting up Install Process No package phpmyadmin available. Error: Nothing to do I tried to go my website, its not installed. Please help EDIT: My Server OS: Amazon Linux AMI 64 bit I tried: yum install phpmyadmin --enablerepo=development, but still I got this error: Loaded plugins: fastestmirror, priorities, security Error getting repository data for development, repository not found

    Read the article

  • restore admin share C$

    - by woodelf
    My admin share C$ has been removed causing our server managed security - Sophos Endpoint Security and Control, to stop updating this client because it is unable to create local tasks. I've searched for two days now, lots of stuff about disabling C$ or allowing network access via a regedit - but nothing about restoring a missing "default admin share C$". OK I can recreate C$ from the mmc but it's removed on a reboot. System is Win7 Pro 64-bit on a domain Very grateful for any help... Nick

    Read the article

  • Backup & Restore Group Policy of Workgroup Window XP

    - by Param
    I have around 20 system in Workgroup, I have configured a Group policy along with Administrative Template on one system. Do you know, how to transfer this Group Policy along with Administrative template to other system, without re-configuring it manually on all other systems. I have exported the Security setting in .inf file ( as Security Template ), but how to export setting related to Administrative template?

    Read the article

  • What does "Flush the Firewall" mean?

    - by Qasim
    I know this is a real newbie question but what does it mean when someone says they "flushed the firewall". I got locked out of my server a few times due to the enhanced security configuration I had done and when I contacted my server management company, they said both times that they flushed the firewall and I was allowed back in. I hope "flushing the firewall" doesn't mean they reduced the security settings at all.

    Read the article

  • Where do I find Apache's configtest declaration?

    - by user1438038
    I want to improve security of my Apache webserver. Open: /etc/apache2/conf.d/security Edit: ServerTokens Prod ServerSignature Off Reload/Restart: /etc/init.d/apache2 reload /etc/init.d/apache2 restart The values Prod and Off should be fine, but I get these errors: ServerTokens takes one argument, Determine tokens displayed in the Server: header - Min(imal), OS or Full Action 'configtest' failed. ServerSignature takes one argument, En-/disable server signature (on|off|email) Action 'configtest' failed. Where do I find Apache's configtest declaration, so I can tell it to accept Prod and Off?

    Read the article

  • What's the best approach when it comes to updating a production(on ec2) machine that can't go down?

    - by Ryan Detzel
    We have three main servers on ec2, web, database, and search. I logged in today to find: 77 packages can be updated. 45 updates are security updates. which scares the crap out of me so I want to update these machines asap but I'm scared to just run the updates on a live running system. Is this safe to do, what's the best approach when it comes to doing security updates on production machines?

    Read the article

  • Using AES encryption in .NET - CryptographicException saying the padding is invalid and cannot be removed

    - by Jake Petroules
    I wrote some AES encryption code in C# and I am having trouble getting it to encrypt and decrypt properly. If I enter "test" as the passphrase and "This data must be kept secret from everyone!" I receive the following exception: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at System.IO.Stream.Dispose() ... And if I enter something less than 16 characters I get no output. I believe I need some special handling in the encryption since AES is a block cipher, but I'm not sure exactly what that is, and I wasn't able to find any examples on the web showing how. Here is my code: using System; using System.IO; using System.Security.Cryptography; using System.Text; public static class DatabaseCrypto { public static EncryptedData Encrypt(string password, string data) { return DatabaseCrypto.Transform(true, password, data, null, null) as EncryptedData; } public static string Decrypt(string password, EncryptedData data) { return DatabaseCrypto.Transform(false, password, data.DataString, data.SaltString, data.MACString) as string; } private static object Transform(bool encrypt, string password, string data, string saltString, string macString) { using (AesManaged aes = new AesManaged()) { aes.Mode = CipherMode.CBC; aes.Padding = PaddingMode.PKCS7; int key_len = aes.KeySize / 8; int iv_len = aes.BlockSize / 8; const int salt_size = 8; const int iterations = 8192; byte[] salt = encrypt ? new Rfc2898DeriveBytes(string.Empty, salt_size).Salt : Convert.FromBase64String(saltString); byte[] bc_key = new Rfc2898DeriveBytes("BLK" + password, salt, iterations).GetBytes(key_len); byte[] iv = new Rfc2898DeriveBytes("IV" + password, salt, iterations).GetBytes(iv_len); byte[] mac_key = new Rfc2898DeriveBytes("MAC" + password, salt, iterations).GetBytes(16); aes.Key = bc_key; aes.IV = iv; byte[] rawData = encrypt ? Encoding.UTF8.GetBytes(data) : Convert.FromBase64String(data); using (ICryptoTransform transform = encrypt ? aes.CreateEncryptor() : aes.CreateDecryptor()) using (MemoryStream memoryStream = encrypt ? new MemoryStream() : new MemoryStream(rawData)) using (CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, encrypt ? CryptoStreamMode.Write : CryptoStreamMode.Read)) { if (encrypt) { cryptoStream.Write(rawData, 0, rawData.Length); return new EncryptedData(salt, mac_key, memoryStream.ToArray()); } else { byte[] originalData = new byte[rawData.Length]; int count = cryptoStream.Read(originalData, 0, originalData.Length); return Encoding.UTF8.GetString(originalData, 0, count); } } } } } public class EncryptedData { public EncryptedData() { } public EncryptedData(byte[] salt, byte[] mac, byte[] data) { this.Salt = salt; this.MAC = mac; this.Data = data; } public EncryptedData(string salt, string mac, string data) { this.SaltString = salt; this.MACString = mac; this.DataString = data; } public byte[] Salt { get; set; } public string SaltString { get { return Convert.ToBase64String(this.Salt); } set { this.Salt = Convert.FromBase64String(value); } } public byte[] MAC { get; set; } public string MACString { get { return Convert.ToBase64String(this.MAC); } set { this.MAC = Convert.FromBase64String(value); } } public byte[] Data { get; set; } public string DataString { get { return Convert.ToBase64String(this.Data); } set { this.Data = Convert.FromBase64String(value); } } } static void ReadTest() { Console.WriteLine("Enter password: "); string password = Console.ReadLine(); using (StreamReader reader = new StreamReader("aes.cs.txt")) { EncryptedData enc = new EncryptedData(); enc.SaltString = reader.ReadLine(); enc.MACString = reader.ReadLine(); enc.DataString = reader.ReadLine(); Console.WriteLine("The decrypted data was: " + DatabaseCrypto.Decrypt(password, enc)); } } static void WriteTest() { Console.WriteLine("Enter data: "); string data = Console.ReadLine(); Console.WriteLine("Enter password: "); string password = Console.ReadLine(); EncryptedData enc = DatabaseCrypto.Encrypt(password, data); using (StreamWriter stream = new StreamWriter("aes.cs.txt")) { stream.WriteLine(enc.SaltString); stream.WriteLine(enc.MACString); stream.WriteLine(enc.DataString); Console.WriteLine("The encrypted data was: " + enc.DataString); } }

    Read the article

  • LinkDemand error on webserver when using TraceSource

    - by robertpnl
    Hi, On a webserver (shared hosting provider) I published a website with a ADO.Net Framework model in use with MySql Connector 6.3.1. When I request a page, a Security Exception will be happen with this error messages: "LinkDemand The type of the first permission that failed was: System.Security.Permissions.SecurityPermission The Zone of the assembly that failed was: MyComputer ". This exception raised when code collect the listeners of a tracksource: public class MySqlTrace { private static TraceSource source = new TraceSource("mysql"); static MySqlTrace() { foreach (TraceListener listener in source.Listeners) // <-- Exception throw here { // ... } } } The web.config doesn't have any trace data or system.diagnostics. My question is, why will a get a LinkDemand security exception during collecting the source listeners. What can maybe be wrong in here?

    Read the article

  • Microsoft flexgrid Control : Run-time error '438' Object doesnt support this property or method

    - by Dan
    I am maintaining a legacy Microsoft Access application that is using the Microsoft Flexgrid 6.0. It recently started causing the following error: Run-time error '438' Object doesn't support this property or method People say that this error can be caused by the KB960715 security update being applied, which sets killbits on various ActiveX control methods which were deemed a security risk. But this or no other security update has been applied recently. Others say that installing Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update will update the flex grid. This requires VB6 to be installed as a prerequisite so I installed that on my PC and then the update, and retrieved the updated MsFlxGrd.ocx file(Version: 6.1.98.12) and copied to the application machine, but the error still prevails. Someone here says you can disable the killbit in the registry. But there are afew hundred nodes in the location they suggest, none of which has the same guid as the one they point out. Any ideas?

    Read the article

  • Java Web Start: unsigned cglib

    - by Pticed
    I am using hibernate on the server side with a client application started via Java Web Start. I can't sign the jars (I'd like to but I can't). I get a permission exception when I get a POJO with lazy fields. Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission cglib.debugLocation read) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) at java.lang.System.getProperty(Unknown Source) at net.sf.cglib.core.DebuggingClassWriter.(DebuggingClassWriter.java:35) ... 44 more How can I avoid that? I thought about setting the collection to null before returning the pojo to the client but I'd like to find a better solution.

    Read the article

  • java enterprise project

    - by darko petreski
    Hi All, All the time we are hearing that java is enterprise. We have read many books about jpa, entity beans and other stuff. All this books explain this technology with some dummy examples. I have not seen a book that explains real problems with enterprise beans, java clients and security! I mean real book not some imaginated stupid examples . Is there any book that describes completely some enterprise system, Its architecture, communication, security, of course the client that uses the distributed components ? I need a book that will cover the flowing: server side components (ejb, jpa) client side java desktop application security (authentication and authorization) web services with complete authentication clustering (we can find for all of this a book, but there is no book that covers all this things in one piece. Also all the books are with dummy samples.) Or may be some project that is documented. Regards, Darko

    Read the article

  • Java JMS = HornetQ = javax.jms.JMSSecurityException: Unable to validate user: null ?

    - by jens
    Hello Experts, I am trying for several hours to get the HornetQ Examples running in Eclipse. Using the Standalone Examples everything works fine, but when I run the examples in Eclipse I get the following error: javax.jms.JMSSecurityException: Unable to validate user: null What could this error mean? Where do I have to specify the user? Maybe HornetQ tries to look this user up in "Some Context/Properties" etc , but I do not know where and how to specifiy the user HornetQ is running under. What i did: 1.)Started Default HornetQ Server with the start.sh Script in the ./bin directory 2.)Copied the QueueExample over to eclpise 3.)Did some minor changes in the config files (to have the same Queue Names...) (I also tried to disable security completely by setting: <security-enabled>false</security-enabled> but with no success, always getting the same error. Also when trying to programmatically instance HornetQ only via classes I get this error too). Thank you very much!! Jens

    Read the article

  • How to get roles with JSR 196 authentification in GlassFish?

    - by deamon
    I want to use a custom authentication module conforming to JSR 196 in GlassFish 3. The interface javax.security.auth.message.ServerAuth has the method: AuthStatus validateRequest( MessageInfo messageInfo, javax.security.auth.Subject clientSubject, javax.security.auth.Subject serviceSubject ) AuthStatus can be one of several constants like FAILURE or SUCCESS. The question is: How can I get the roles from a "role datebase" with JSR 196? Example: The server receives a request with a SSO token (CAS token for example), checks whether the token is valid, populates the remote user object with roles fetches from a database via JDBC or from REST service via http. Is the role fetching in the scope of JSR 196? How could that be implemented? Do I have to use JSR 196 together with JSR 115 to use custom authentication and a custom role source?

    Read the article

  • How do I fix this JBoss EJB client authentication issue?

    - by Rich
    I have an EJB deployed under JBoss (we're moving a project to it from Weblogic), I can get an EJBHome reference to the EJB via a JNDI lookup. The login-config.xml is set to use the module org.jboss.security.auth.spi.BaseCertLoginModule. When my client code tries to invoke the create method via reflection, calling invoke, I get an InvocationException which wraps an AccessException, which wraps a final exception of javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213).... Am I missing some client code to use BaseCertLoginModule instead of UsernamePasswordLoginModule? Thanks in advance, any suggestions appreciated, apologies for not posting the entire stacktrace but it's on a secured network without internet access.

    Read the article

  • List of Selenium RC browser launchers

    - by jacksenechal
    I am trying to find a full list of Selenium RC browser launchers. So far I've not been able to find any documentation that lists them all. I've gathered the following ones from various sources. *iexplore - Launches IE *firefox - Launches Firefox *safari - Launches Safari *opera - Launches Opera *chrome - Launches special Firefox profile with elevated security privileges, to bypass Javascript security errors *iehta - Launches IE with elevated security privileges *piiexplore - Launches IE in proxy injection mode *pifirefox - Launches Firefox in proxy injection mode *custom - Launches your own custom browser executable Are there any others lurking out there? Is there any source of documentation on how each one is used?

    Read the article

  • Google App Engine modifyThreadGroup problem

    - by Frank
    I'm using Google App Engine to process Paypal IPN messages, when my servlet starts I use the following lines to start another process to process massages : public class PayPal_Monitor_Servlet extends HttpServlet { PayPal_Message_To_License_File_Worker PayPal_message_to_license_file_worker; public void init(ServletConfig config) throws ServletException // Initializes the servlet. { super.init(config); PayPal_message_to_license_file_worker=new PayPal_Message_To_License_File_Worker(); } public void doGet(HttpServletRequest request,HttpServletResponse response) throws IOException { } ... } public class PayPal_Message_To_License_File_Worker implements Runnable { static Thread PayPal_Message_To_License_File_Thread; ... PayPal_Message_To_License_File_Worker() { start(); } void start() { if (PayPal_Message_To_License_File_Thread==null) { PayPal_Message_To_License_File_Thread=new Thread(this); PayPal_Message_To_License_File_Thread.setPriority(Thread.MIN_PRIORITY); PayPal_Message_To_License_File_Thread.start(); } ... } But "PayPal_Message_To_License_File_Thread=new Thread(this);" is causing the following error : javax.servlet.ServletContext log: unavailable java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355) at java.security.AccessController.checkPermission(AccessController.java:567) Why, how to fix it ? Frank

    Read the article

  • running an RMI server in command line and eclipse

    - by Noona
    I need to run my RMI server using the command line, my class files reside in this folder: C:\workspace\distributedhw2\AgencyServers\RmiEncodingServer\RmiServerClasses in package hw2.rmi.server The code base reside in this folder: C:\workspace\distributedhw2\AgencyServers\RmiEncodingServer\RmiServerCodeBase in package hw2.rmi.server I use the command line: java –classpath C:\workspace\distributedhw2\AgencyServers\RmiEncodingServer\RmiServerClasses\ -Djava.rmi.server.codebase=file:/C:\workspace\distributedhw2\AgencyServers\RmiEncodingServer\ Djava.security.policy=c:\HW2\permissions.policy hw2.rmi.server.RmiEncodingServer but I get a "class not found" exception as follows: Exception in thread "main" java.lang.NoClassDefFoundError: ûclasspath Caused by: java.lang.ClassNotFoundException: ûclasspath at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) Could not find the main class: GÇôclasspath. Program will exit. where have I gone wrong? also, if you can provide instructions on how to run the server in eclipse, I added the following as a VM argument, but I get a class not found exception to a class that is in the RmiServerCodeBase: -Djava.security.policy=C:\workspace\distributedhw2\permissions.policy -Djava.rmi.server.codebase=file:/C:\workspace\distributedhw2\AgencyServers\RmiEncodingServer thanks

    Read the article

  • Watin File Download Problem

    - by EmrahIlker
    When I clicked button with mouse, File Download Dialog opens directly. But when Watin Button Click methods click the vert same button on same ie window this message appears and wait my confirm To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for options. I turned off the Information bar for file downloads,(Internet Options-Security-Custom Level-Downloads-Automatic prompting for file downloads--Enable),allow active x content, lower security level for internet etc.. but didn't work. I'm using Win 7, IE8.

    Read the article

  • Why is my Extension Method not showing up in my test class?

    - by Robert Harvey
    I created an extension method called HasContentPermission on the System.Security.Principal.IIdentity interface: namespace System.Security.Principal { public static bool HasContentPermission (this IIdentity itentity, int contentID) { // I do stuff here return result; } } And I call it like this: bool hasPermission = User.Identity.HasPermission(contentID); Works like a charm. Now I want to unit test it. To do that, all I really need to do is call the extension method directly, so: using System.Security.Principal; namespace MyUnitTests { [TestMethod] public void HasContentPermission_PermissionRecordExists_ReturnsTrue() { IIdentity identity; bool result = identity.HasContentPermission(... But HasContentPermission won't intellisense. I tried creating a stub class that inherits from IIdentity, but that didn't work either. Why? Or am I going about this the wrong way?

    Read the article

  • Possible Performance Considerations using Linq to SQL Repositories

    - by Robert Harvey
    I have an ASP.NET MVC application that uses Linq to SQL repositories for all interactions with the database. To deal with data security, I do trimming to filter data to only those items to which the user has access. This occurs in several places: Data in list views Links in a menu bar A treeview on the left hand side containing links to content Role-based security A special security attribute, inheriting from AuthorizeAttribute, that implements content-based authorization on every controller method. Each of these places instantiates a repository, which opens a Linq to Sql DataContext and accesses the database. So, by my count, each request for a page access opens at least six separate Linq to SQL DataContexts. Should I be concerned about this from a performance perspective, and if so, what can be done to mitigate it?

    Read the article

  • AS3 Camera denied if loaded in a parent SWF

    - by teepusink
    Hi, I have a child SWF file that has the Camera functionality. It works fine if I run the child SWF by itself. However, when I load the child SWF into a parent SWF, the Camera functionality does not work. Doing some tracing it says that Camera access is denied. That happens without me even clicking on the deny button and in fact the usual security popup does not even show up. I have added import flash.system.Security; flash.system.Security.allowDomain("*"); to both parent and child SWF. What am I missing? It's Flash 10 player. Thank you, Tee

    Read the article

  • Windows authetication with Silverlight custom binding.

    - by sfx
    Hello, I am trying to set up security within a web.config file for a WCF service hosted in IIS but keep getting the error message: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. I have read Nicholas Allen’s blog (link text) and it appears that this is the route that I need to take. However, I am using “binaryMessageEncoding” in a customBinding for my Silverlight service, and as such, I’m not sure how to apply this type of security to such an element. This is how my custom binding looks in config at present: <customBinding> <binding name="silverlightBinaryBinding"> <binaryMessageEncoding /> <httpTransport /> </binding> </customBinding> Has anyone had any experience getting Windows authentication to work with a custom binding using binaryMessageEncoding? Cheers, sfx

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 202 203 204 205 206 207 208 209 210 211 212 213  | Next Page >