Search Results

Search found 4187 results on 168 pages for 'secure erase'.

Page 22/168 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • How to make MAMP PRO / XAMPP secure enough to serve as production webserver? Is it possible?

    - by Andrei
    Hi, my task is to setup a MAMP webserver for our website in the easiest way so it can be managed by my colleagues without experience in server administration. MAMP PRO is an excellent solution, but some guys don't suggest to use it for serving external requests. Could you explain why it is bad (in details if possible) and how to make it secure enough to be a full-scale and not-only-local webserver? Is there a better solution? Update There is a discussion on the MAMP website. XAMPP developers say that one can make their product secure: The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment. Since LAMPP 0.9.5 you can make your XAMPP installation secure by calling »/opt/lampp/lampp security«. Could you comment it?

    Read the article

  • Which is more secure: Tomcat standalone or Tomcat behind Apache?

    - by NoozNooz42
    This question is not about performance, nor about load-balancing, etc. Which would be more secure: running Tomcat in standalone mode or running Tomcat behind apache? The thing is, Tomcat is written in Java and hence it is pretty much immune to buffer overrun/overflow (unless a buffer overrun in a C-written lib used by Tomcat can be triggered, but they're rare [the last I remember was in zlib, many many moons ago] and one heck of a hack to actually exploit), which gets rid of a lot of potential exploits. This page: http://wiki.apache.org/tomcat/FAQ/Security has this to say: There have been no public cases of damage done to a company, organization, or individual due to a Tomcat security issue... there have been only theoretical vulnerabilities found. All of those were addressed even though there were no documented cases of actual exploitation of these vulnerabilities. This, combined with the fact that buffer overrun/overflow are pretty much non-existent in Java, makes me believe that Tomcat in standalone mode is pretty secure. In addition to that, I can install both Java and Tomcat on Linux without needing to be root. The only moment I need to be root is to set up a transparent port 8080 to port 80 forwarding (and 8443 to 443). Two iptables line as root, that's all root is needed for. (I don't know for Apache). Apache is much more used than Tomcat and definitely does not have a security track record as good as Tomcat. What would make Tomcat + Apache more secure? What would make Tomcat + Apache less secure? In short: which is more secure, Tomcat standalone or Tomcat with Apache? (remembering that performance aren't an issue here)

    Read the article

  • How should I store and secure self-signed certificates?

    - by Anthony Mastrean
    I'm fairly certain I shouldn't commit certificates into source control. Even if the repository is private and only authenticated coworkers (for example) have access to it. That would allow for accidental exposure (thumb drives, leaked credentials, whatever). But, how should I store and secure certificates? I don't suppose I should just plop them on the network file server, for some of the same reasons I wouldn't put them into source control, right? Is there some kind of secure certificate store that I can run? Does the Java "keystore" do that generally or is it specific for like weblogic servers or something?

    Read the article

  • Le logiciel de protection de F-Secure a pris des fichiers Mac pour des malwares, le problème est heureusement corrigé

    La version bêta du logiciel de protection de F-Secure a pris des fichiers Mac pour des malwares, le problème est heureusement corrigé Un petit rien peu parfois se transformer en quelque chose de gigantesque, avec un effet boule de neige. C'est ce qu'est en train de constater actuellement F-Secure. La firme spécialisée dans la sécurité informatique a rencontré un bogue sur son programme anti-virus qui provoque l'indignation d'un grand nombre d'internautes. En effet, le logiciel, qui est actuellement en version bêta pour Mac OS X a de "sérieux problèmes de fausse alarme". Sur les Macs sur lesquels il est installé, il a par accident supprimé des fichiers sains en les prenant pour des malwares. Des erreurs de ...

    Read the article

  • La Linux Foundation arrache une solution pour le Secure Boot de Windows 8, qui empêche le démarrage d'autres systèmes

    La Linux Fondation arrache une solution de contournement pour le Secure Boot de Windows 8 Qui empêche le démarrage d'autres systèmes sur les PC certifiés Depuis que Microsoft a opté pour le ?Secure Boot? pour les PC sous Windows 8, un grand désarroi règne dans la communauté Linux. Cette fonctionnalité de démarrage sécurisé, directement intégrée à l'UEFI (interface micrologicielle extensible unifiée), empêche de facto l'installation de tout autre système d'exploitation. Microsoft transmet en effet une signature numérique aux constructeurs de cartes mères certifiées Windows 8. [IMG]http://upload.wikimedia.org/wikipedia/commons/thumb/d/df/Uefi_logo.svg/150px-Uefi_logo.svg.png[/IM...

    Read the article

  • Is the php method md5() secure? Can it be used for passwords? [migrated]

    - by awiebe
    So executing a php script causes the form values to be sent to the server, and then they are processed. If you want to store a password in your db than you want it to be a cryptographic hash(so your client side is secure, can you generate an md5 using php securely( without submitting the user:password pair in the clear), or is there an alternative standard method of doing this, without having the unecrypted pasword leaving the clients machine? Sorry if this is a stupid question I'm kind of new at this. I think this can be done somehow using https, and on that note if a site's login page does not use https, does that mean that while the databse storage is secure, the transportation is not?

    Read the article

  • Canonical détaille ses plans pour le support de l'UEFI Secure Boot, GRUB 2 ne sera plus utilisé par défaut sur les futures versions d'Ubuntu

    Canonical détaille ses plans pour le support de l'UEFI Secure Boot GRUB 2 ne sera plus utilisé par défaut sur les futures versions d'Ubuntu Pour son futur système d'exploitation Windows 8, Microsoft a opté pour l'utilisation de l'UEFI ( Unified Extensible Firmware Interface) en remplacement du BIOS. Les constructeurs désireux de proposer des dispositifs sous l'OS seront donc obligés de passer à l'UEFI, avec une activation par défaut de la fonction Secure Boot. Cette fonctionnalité de sécurité offrira au système d'exploitation un processus de démarrage signé et mesuré, qui aide à protéger le PC en détectant les logiciels malveillants au démarrage, et en empêchant le chargement de c...

    Read the article

  • Prerequisites for Account management via an IPhone App?

    - by Icky
    Hello. I have been reading a couple of threads for this topic on this site. I want to create an App, which communicates with a server and has the following features: the User can create/manage an account on the server the App communicates with the server via a secure connection the User is updated about important news through messages From what I understood so far, I need to take care of the following: establish a secure connection with the server send account information(user data, password) to the server and authenticate the client side management and encryption of account data/information is handled by the server, so the App only sends data, the server stores/encrypts (no need for me to take care of anything) So far, I think, I have covered the most important features. I have read, that NSURLConnection can be used, to send the authentication data. But how is further communication ensured? And how is the encryption managed? Are there any useful tutorials on this, because this is the first time I delve into this topic, and any guidance is greatly appreciated! Also, if I have missed anything important (e.g. with managing accounts) please tell me.

    Read the article

  • SOS, i erased a disk,1T.by mistake

    - by gabriel
    i tried to make bootable a flash drive from the startup disk creator, and i wanted to copy an iso of the 11.10 ubuntu, and when i tried to erase the flash drive i pressed erase on another removable drive 1T storage by mistake, VVVery very very quickly less than one second and with no warning everything was erased i suppose.Is that thing possible?When i tried before theis to erase the flash drive it took around a minute to erase the 8GB.But now less than a second for 1T? Please help, Gabriel

    Read the article

  • Is Movable Type among the most secure PHP blogs? How secure are the various PHP blog applications?

    - by user6025
    Basically I'm trying to find a blog for a website, and security is the highest priority in our case. We don't need any features that I would imagine are special. Wordpress was our first idea, but its reputation precedes it, and though it may have cleaned up its act lately, I'm not seeing much solid evidence. I get the impression that Movable Type (at least the Perl version) has a much better reputation for security than Wordpress (historically at least). I'm not sure I want to take a chance with Wordpress at this point, but is there some objective source I can got to to back up (or counter) the notion that MT is at least among the best? Secunia doesn't recommend using their stats for comparisons, and securityfocus.com doesn't have stats at all that I can see. Searching here http://web.nvd.nist.gov makes MT look way better than WP (at least in 2007), but this site was referenced by MT's own page boasting about their security, so I don't know how relevant it is or how seriously people take it. Any suggestions on sites where I could/should make a somewhat objective comparison?

    Read the article

  • SOHO Netflix and network security

    - by TW
    I want to use WIFI for HiDef video, but I don't trust it for my office PC's. I've heard of VLANs but I have no idea how to set it up or what (SOHO) hardware to buy. Other than getting 2 different DSL lines, how can I be absolutely sure that the PC side doesn't get hacked? What if I want to use MS Home server as a backup device for both sides? Can I make it "read only" for the PC side, and physically change the cable if I need to restore? TW

    Read the article

  • How do I connect to MySQL when it's setting behind 2 layers of ssh?

    - by David Corley
    I have a MySQL server sitting behind a bastion server that I wish to connect to from my local machine. Ideally I want to port-forward the MySQL port (3316 in this case) to a local port on my machine. I've tried plink -ssh -L 3306:my.sql.ip.address:3316 my.bastion.server ,but this is not working. I've got one ssh login for the bastion server and another login for the machine mysql server is running on.

    Read the article

  • Synergy client drops and reconnects at UAC dialog

    - by sidran32
    I've been using Synergy for a while at work to connect my XP machine (the host) to my Win 7 laptop (the client). I previously was having issues with using Synergy and the UAC prompt, as described in this question, and have had no issues since, until recently. I upgraded to Synergy 1.4.10 and now am seeing odd behavior whenever a UAC prompt appears on my laptop. When the UAC prompt appears on my laptop, Synergy momentarily drops its connection to my laptop, causing my mouse and keyboard focus to revert to my host machine (the XP machine). After about a second or so, though, the connection gets re-established and I am able to type and use the mouse buttons in the UAC prompt. Once the prompt clears, the connection drops again for a second, and then gets re-established again. Is this something to do with configuration or perhaps should I just chalk it up to a change in behavior in version 1.4.10?

    Read the article

  • Set up SSL/HTTPS in zend application via .htaccess

    - by davykiash
    I have been battling with .htaccess rules to get my SSL setup working right for the past few days.I get a requested URL not found error whenever I try access any requests that does not do through the index controller. For example this URL would work fine if I enter the it manually https://www.example.com/index.php/auth/register However my application has been built in such a way that the url should be this https://www.example.com/auth/register and that gives the requested URL not found error My other URLs such as https://www.example.com/index/faq https://www.example.com/index/blog https://www.example.com/index/terms work just fine. What rule do I need to write in my htaccess to get the URL https://www.example.com/auth/register working? My htaccess file looks like this RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] I posted an almost similar question in stackoverflow

    Read the article

  • Cloudfront - How to invalidate objects in a distribution that was transformed from secured to public?

    - by Gil
    The setting I have an Amazon Cloudfront distribution that was originally set as secured. Objects in this distribution required a URL signing. For example, a valid URL used to be of the following format: https://d1stsppuecoabc.cloudfront.net/images/TheImage.jpg?Expires=1413119282&Signature=NLLRTVVmzyTEzhm-ugpRymi~nM2v97vxoZV5K9sCd4d7~PhgWINoTUVBElkWehIWqLMIAq0S2HWU9ak5XIwNN9B57mwWlsuOleB~XBN1A-5kzwLr7pSM5UzGn4zn6GRiH-qb2zEoE2Fz9MnD9Zc5nMoh2XXwawMvWG7EYInK1m~X9LXfDvNaOO5iY7xY4HyIS-Q~xYHWUnt0TgcHJ8cE9xrSiwP1qX3B8lEUtMkvVbyLw__&Key-Pair-Id=APKAI7F5R77FFNFWGABC The distribution points to an S3 bucket that also used to be secured (it only allowed access through the cloudfront). What happened At some point, the URL singing expired and would return a 403. Since we no longer need to keep the same security level, I recently changed the setting of the cloudfront distribution and of the S3 bucket it is pointing to, both to be public. I then tried to invalidate objects in this distribution. Invalidation did not throw any errors, however the invalidation did not seem to succeed. Requests to the same cloudfront URL (with or without the query string) still return 403. The response header looks like: HTTP/1.1 403 Forbidden Server: CloudFront Date: Mon, 18 Aug 2014 15:16:08 GMT Content-Type: text/xml Content-Length: 110 Connection: keep-alive X-Cache: Error from cloudfront Via: 1.1 3abf650c7bf73e47515000bddf3f04a0.cloudfront.net (CloudFront) X-Amz-Cf-Id: j1CszSXz0DO-IxFvHWyqkDSdO462LwkfLY0muRDrULU7zT_W4HuZ2B== Things I tried I tried to set another cloudfront distribution that points to the same S3 as origin server. Requests to the same object in the new distribution were successful. The question Did anyone encounter the same situation where a cloudfront URL that returns 403 cannot be invalidated? Is there any reason why wouldn't the object get invalidated? Thanks for your help!

    Read the article

  • How to securly join two networks together over the Internet?

    - by Pyrolistical
    Let's say there are two locations. Both locations have their own fast Internet connections. How do you join these two networks together such that every computer can see every other computer? Do you need a domain controller, or can you do this with workgroups? EDIT The obvious solution seems to be VPN, but can VPN be implemented on the routers only? Can the computers on the network be configuration free?

    Read the article

  • Linux - Block ssh users from accessing other machines on the network

    - by Sam
    I have set up a virtual machine on my network for uni project development. I have 6 team members and I don't want them to SSH in and start sniffing my network traffic. I already have set the firewall on my W7 pcs to ignore any connection attempts from the Virtual Machine, but would like to go a step further and not allow any network access from the VM to other machines on my network. Team members will be access the VM by SSH. The only external port forwarded is to vm:22. The VM is running in VirtualBox on a bridged network connection. Running latest Debian. If someone could tell me how to do this I would be much obliged.

    Read the article

  • Windows 8 to 8.1 Pro Upgrade SecureBoot Error

    - by Alexandru
    I upgraded from Windows 8 to Windows 8.1. I have an Alienware Aurora R4 with the latest BIOS firmware version, A09. Ever since I did the upgrade, I get a watermark on my desktop saying, "SecureBoot isn't configured correctly"...I would like to get rid of this watermark the correct way (not by hacking system DLLs). My BIOS shows me booting in UEFI mode, and I see that SecureBoot is actually disabled from there. I cannot enable SecureBoot, in either UEFI mode or Legacy Boot mode. Note, I can't even get Legacy Boot mode working without re-formatting my system which I really don't plan on doing, so my question is this...what has changed in the way Windows handles SecureBoot? As far as I can tell, I do not have SecureBoot enabled, and it is trying to tell me that it isn't configured correctly. Why does it even care to check if my BIOS doesn't have it on anyways?! Its so frustrating!

    Read the article

  • Windows 8 Secureboot: How do you bootup from another device such as cd/dvd drive or usb flash etc.?

    - by Victor T.
    On PC's and laptops running an older OS, this is just a simple matter of going into the BIOS and setting the boot sequence and putting the boot cd/dvd in the drive. In many cases you can even just hit one of the F* function keys to bring up the boot sequence menu on-the-fly during POST. The main problem I'm running into is that other devices besides the primary HD is disabled when SecureBoot is enabled. So far the only way I've gotten it to work is to disable SecureBoot and enable something called legacy mode. Needless to say this make it difficult to boot things like OS recovery tools, PartitionHD backups, Linux LiveCD's and a bunch of others. Is there another procedure for doing this since it seems to mess up the Windows 8 install? By mess up I mean that after re-enabling SecureBoot and starting Windows 8 normally, the OS goes into a 'preping repair phase' for some reason that takes forever to complete before getting into a usable desktop.

    Read the article

  • cPanel configuration appears to allow unauthenticated SMTP - how to fix?

    - by ttsiodras
    One of my clients is using a cPanel-based Virtual Dedicated Server that appears to allow unauthenticated SMTP: bash$ echo EHLO | nc mail.clientscompany.com 25 ... 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP It therefore appears that anyone (esp. spammers) can use his mail server to send whatever - I just connected from my DSL connection at home, and... bash$ nc mail.clientscompany.com 25 HELO clientscompany.com MAIL FROM: [email protected] RCPT TO: [email protected] DATA From: <[email protected]> To: <[email protected]> Date: ... Subject: ... Blah . QUIT I just tested this, and sure enough, it sent a mail from "[email protected]". Since I am not familiar with cPanel and WHM, can someone provide pointers to configure his mail server to (a) only accept TLS connections and (b) only authenticated ones (i.e. with user/password, not just plain connections). Thanks for any help.

    Read the article

  • USB token with certificate

    - by Frengo
    Hi all! Someone could explain me how the USB token works? I have to implement that secure layer in a java application, but i don't know very well how it works! I know only the mecanism of a normal token key generator! Thanks a lot!

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >