Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 224/763 | < Previous Page | 220 221 222 223 224 225 226 227 228 229 230 231  | Next Page >

  • Grails LDAP authentication failed

    - by Leo
    Hi, guys I am developing a web app by using Grails and using Grails LDAP as my Authentication mechanism. However, i always get following error: {Error 500: Cannot pass null or empty values to constructor Servlet: default URI: /ldap-app/j_spring_security_check Exception Message: Cannot pass null or empty values to constructor Caused by: Cannot pass null or empty values to constructor Class: GrailsAuthenticationProcessingFilter } My SecurityConfig.groovy file is : security { // see DefaultSecurityConfig.groovy for all settable/overridable properties active = true loginUserDomainClass = "User" authorityDomainClass = "Role" requestMapClass = "Requestmap" useLdap = true ldapRetrieveDatabaseRoles = false ldapRetrieveGroupRoles = false ldapServer = 'ldap://worf-mi.dapc.kao.au:389' ldapManagerDn = 'CN=sa-ldap-its,OU=Unix Servers for Kerberos,OU=Information Technology Services,OU=Special Accounts,DC=nexus,DC=dpac,DC=cn' ldapManagerPassword = 'Asdf1234' ldapSearchBase = 'OU=People,DC=nexus,DC=dpac,DC=cn' ldapSearchFilter = '(&(cn={0})(objectClass=user))' }

    Read the article

  • What's the difference between the 'DES' class and The 'DESCryptoServiceProvider' class?

    - by IbrarMumtaz
    All I can make out is that one of them is the BC for all 'DES' algorithms to be derived from and the later is a wrapper for the Cryptographic service provider implementation of the DES algorithm. The reason why I ask is that I am going over .Net Security and the MS official training book simply refers to the DES class but the another official MS book refers to the DESCrypto' class. What's the difference between these two? When would you use either of them? What do I need to know as far as the 70-536 exam is concerned. I am asking my question from an educational P.O.V as far as the 70-536 exam is concerned. Thanks In Advance. Ibrar

    Read the article

  • Should I persist images on EBS or S3?

    - by javanes
    I am migrating my Java,Tomcat, Mysql server to AWS EC2. I have already attached EBS volume for storing MySql data. In my web application people may upload images. So I should persist them. There are 2 alternatives in my mind: Save uploaded images to EBS volume. Use the S3 service. The followings are my notes, please be skeptic about them, as my expertise is not on servers, but software development. EBS plus: S3 storage is more expensive. (0.15 $/Gb 0.1$/Gb) S3 plus: Serving statics from EBS may influence my web server's performance negatively. Is this true? Does Serving images affect server performance notably? For S3 my server will not be responsible for serving statics. S3 plus: Serving statics from EBS may result I/O cost, probably it will be minor. EBS plus: People say EBS is faster. S3 plus: People say S3 is more safe for persistence. EBS plus: No need to learn API, it is straight forward to save the images to EBS volume. Namely I can not decide, will be happy if you guide. Thanks

    Read the article

  • Django with custom authentication backends, is Csrf middleware really required ?

    - by Hellnar
    Hello, Under Django 1.1.1, I am using several authentication backends such as social-registration for facebook connect and django-emailauth for email based authentication instead of user names. I am curious if the Csrf middleware is an essential security measure as it seems like it sometimes generates problems, especially with facebook connect. My project is rather simple. Each user have a profile which they can fill and a purchase page where they fill the payment for to do purchases. Either of these pages are protected via @login_required.

    Read the article

  • Virtualized data centre&ndash;Part four: The design

    - by marc dekeyser
    Welcome back to the fourth post in this series! Today we will have a look at what Microsoft recommends as a “private cloud design” and what I will make of it. Whilst my own solution is based of the reference architecture, it is quite different indeed! An important thing to know is that, whilst I am using the private cloud as a reference, I am skipping most of the steps in designing a private cloud. If that is why you are here, please read the links at the end of the article and skim through my own content. A private cloud is much more process driven than just building a virtual infrastructure… The architecture of it all… So imagine for a minute that you have unlimited funds to build this lab of yours… You’d want redundancy on all levels and separation of each network where possible! Unfortunately we don’t have that luxury and, as you saw me hinting at in the previous article, our own design will be more limited but still quite capable! Networking From the networking perspective I will not have a fully redundant network, after all, this is but a lab environment! Thanks to Server 2012 I will be able to use bonding on my NIC’s and use LACP to improve the performance on that part. Storage As I mentioned in the previous article a Synology DS1218+ will be used for iSCSI provisioning. This device has 2 NICs on-board which can be bonded in to one 2 Gbps interface giving me a decent throughput and making the disks the most limiting factor in the storage design. Domain controllers and extra infrastructure Server 2012 completely supports running domain controllers virtualized and has no need to actually have a reachable DC when booting… That being said I need a remote access machine to power on the hosts (I have no need for them running 24/7) and a possible System Center VMM 2012 box (although server 2012 is not supported until SP1 :( ). Undecided on if I am to install those boxes separately or as a virtual machine… Which amounts to… Something like this pretty picture!                   Sources Microsoft Private Cloud Solutions Repository (en-US) http://social.technet.microsoft.com/wiki/contents/articles/12131.microsoft-private-cloud-solutions-repository-en-us.aspx Reference  Architecture: http://social.technet.microsoft.com/wiki/contents/articles/3819.reference-architecture-for-private-cloud.aspx Private Cloud Reference Model: http://social.technet.microsoft.com/wiki/contents/articles/4399.private-cloud-reference-model.aspx

    Read the article

  • piece of php code for prevent hacking.

    - by artmania
    Hi friends, I have a php file at my site, and I connect to db, get some records and list them in same file. mysql_connect("localhost", "blabla", "blabla") or die(mysql_error()); mysql_select_db("blabla") or die(mysql_error()); $blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1"); $blabla2 = mysql_query("SELECT * FROM gallery WHERE id_cat=2"); $blabla3 = mysql_query("SELECT * FROM gallery WHERE id_cat=3"); So, is there anything I need to do for security? :/ like sql-injection or anything else. there is nothing going to url. it is just www.blabla.com/gallery.php appreciate advises!!! thanks a lot!

    Read the article

  • Use DLL and have it be as trusted as my own application is

    - by Binary255
    Hi, I am using a port of GNU GetOpts, to be specific I am using the one at: http://getopt.codeplex.com I have added the DLL as a reference. But when I run my application I receive an exception: System.IO.FileLoadException was unhandled Message="Could not load file or assembly 'Gnu.Getopt, Version=0.9.1.24287, Culture=neutral, PublicKeyToken=d014b4ccdc53511a' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418)" If it is possible I would like my application to say, "trust this DLL as much as you trust me". Is there a way to do that so I won't have to fiddle with security settings? And if there is not. What is the cleanest way to get the DLL working?

    Read the article

  • How can I monitor if a cookie is being sent to a domain other than the one it originated from?

    - by Brendan Salt
    I am trying to write a program that will verify that all cookies sent out from the machine are in fact going to the domain they came from. This is part of a larger security project to detect cookie based malicious attacks (such as XSS). The main snag for this project is actually detecting the out-going cookies. Can someone point me in the right direction for monitoring out-going HTTP traffic for cookie information? Other information about the project: This is a windows application written in C and numerous scripting languages. Thanks so much for the help.

    Read the article

  • IIS reveals internal IP address in content-location field - fix

    - by saille
    Referring: http://support.microsoft.com/kb/q218180/, there is a known issue in IIS4/5/6 whereby it will reveal the internal IP of a web server in the content-location field of the HTTP header. We have IIS 6. I have tried the fix suggested, but it has not worked. The website is configured to send all requests to ASP.NET, and I am wondering if this is why the fix, which addresses IIS configuration, has not worked for us. If this is the case, how would we fix this in ASP.NET? We need to fix this issue in order to pass a security audit.

    Read the article

  • Why Shouldn't I Programmatically Submit Username/Password to Facebook/Twitter/Amazon/etc?

    - by viatropos
    I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)... I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time. But I keep wondering, not being an authentication guru, why couldn't I just have a sleek login page saying "Enter username and password, and check your login service", and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn't have to go through popups and redirects and they could use any previously existing accounts. My question is: What are the reasons why I shouldn't do something like that? I don't know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!

    Read the article

  • What are good ways to guarantee business continuity with a SaaS product?

    - by tommyvdz
    For my Bachelor Thesis I am researching how SaaS providers can arrange some sort of business continuity guarantee. You probably know the Source Code Escrow arrangements for 'shrink-wrapped' software. They give customers access to the source code and all applicable documentation whenever the software supplier gets into (financial) trouble. This clearly does not work for SaaS, because customers have no use for just the source code, and customers probably can not afford not being able to login to their CRM system for a couple weeks because the SaaS provider went bankrupt. I am currently researching different methods to solve this problem. Do you know good and practical solutions to solve this continuity problem? Or companies that already offer a good solution? Thanks!

    Read the article

  • Are there cross-platform tools to write XSS attacks directly to the database?

    - by Joachim Sauer
    I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications. I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development). Is anyone aware of a similar tool? Preferably it should be: cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok) open source (I really like being able to audit my security tools) able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)

    Read the article

  • cheap way to scale a rails application

    - by VP
    I have an application, that is becoming big, but until now, its not giving me a good revenue. That means, short money to re-invest on that. In this scenario, i found a way to make a "cheap distributed rails" deployment. I've got 4 VPS. All of them are in the same physical server. I added a load balance server running HAproxy in one dedicated VPS. There i pointed my virtual ip address where my domain name is associated. Behind this HAproxy i have more two VPS running my rails APP, passenger and memcache. Both apps servers are looking to the same database server, my 4th VPS. So with $44/month, i mounted a distributed environment. It won't be my final choice, but now, that the budget is short, is that a good way to deploy a rails application? Any pros or cons? It worth my $44/month?

    Read the article

  • Prevent Method call without Exception using @PreAuthorize Annotation

    - by Chepech
    Hi all. We are using Spring Security 3. We have a custom implementation of PermissionEvaluator that has this complex algorithm to grant or deny access at method level on the application. To do that we add a @PreAuthorize annotation to the method we want to protect (obviously). Everything is fine on that. However the behavior that we are looking for is that if a hasPermission call is denied, the protected method call only needs to be skipped, instead we are getting a 403 error each time that happens. Any ideas how to prevent that? You can find a different explanation of the problem here; AccessDeniedException handling during methodSecurityInterception

    Read the article

  • Detecting if a browser is using Private Browsing mode

    - by Steve
    I'm building an extranet for a company paranoid about security. They want to make sure that (among other things) their users are browsing the site with the Private Browsing mode switched on in their web browser so that no cookies or history is kept. I found only this http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html and http://serverfault.com/questions/18966/force-safari-to-operate-in-private-mode-and-detect-that-state-from-a-webserver The ideal solution would use no or minimal javascript. Would attempting to set a unique cookie work for all browsers and platforms? Anyone done this before? thanks!

    Read the article

  • Use Tomcat with Java SecurityManager?

    - by pauline
    I'm writing a web application that is supposed to run on Tomcat on Ubuntu. On Ubuntu, Tomcat is per default configured to run with the Java SecurityManager. Besides my own web application, there will only be some well known third party web applications related to my own, like the BIRT report engine. If one of the web applications fails or gets compromised, it may take down all the others without harm, because they all belong together. What I don't wont to happen is that a compromised web app compromises the system itself, like calling rm -r / Do I need to use the java security manager to achieve this? Or is it only necessary to protect one web app from the other? I'd really like to prevent the effort to create .policy files for all the 3rd party web applications I intend to use.

    Read the article

  • PVM terminates after Adding Host

    - by Tyug
    On Ubuntu 9.10 using PVM 3.4.5-12 (the PVM package when you use apt-get) The program terminates after adding a host. laptop> pvm pvm> add bowtie-slave add bowtie-slave terminated laptop> Current Configuration only $PVM_RSH = bin/usr/ssh I can ssh perfectly fine into the slave without a password, and run commands on it. Any ideas? Thanks in advance! Here are the sample logs: Laptop log [t80040000] 02/11 10:23:32 laptop (127.0.1.1:xxxxx) LINUX 3.4.5 [t80040000] 02/11 10:23:32 ready Thu Feb 11 10:23:32 2010 [t80040000] 02/11 10:23:32 netoutput() sendto: errno=22 [t80040000] 02/11 10:23:32 em=0x2c24f0 [t80040000] 02/11 10:23:32 [49/à][6e/à][76/à][61/à][6c/à][69/à][64/à][20/à][61/à][72/à] [t80040000] 02/11 10:23:32 netoutput() sendto: Invalid argument [t80040000] 02/11 10:23:32 pvmbailout(0) bowtie-log [t80080000] 02/11 10:23:25 bowtie-slave (xxx.x.x.xxx:xxxxx) LINUX64 3.4.5 [t80080000] 02/11 10:23:25 ready Thu Feb 11 10:23:25 2010 [t80080000] 02/11 10:28:26 work() run = STARTUP, timed out waiting for master [t80080000] 02/11 10:28:26 pvmbailout(0)

    Read the article

  • What is the sense of permiting the user to use no passwords longer than xx chars?

    - by reox
    Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

    Read the article

  • When do you trust the data / variables

    - by Wizzard
    We all know that all user data, GET/POST/Cookie etc etc needs to be validated for security. But when do you stop, once it's converted into a local variable? eg if (isValidxxx($_GET['foo']) == false) { throw InvalidArgumentException('Please enter a valid foo!'); } $foo = $_GET['foo']; fooProcessor($foo); function fooProcessor($foo) { if (isValidxxx($foo) == false) { throw Invalid...... } //other stuff } To me thats over the top. But what if you load the value from the database... I hope I make sense :)

    Read the article

  • How to make an Asp.net MVC 2 website have a Private Beta Mode.

    - by Mark Kitz
    I am creating an ASP.Net MVC website that I am launching soon in private beta. What I am using. ASP.NET MVC 2 ASP.NET Sql Membership Provider Authorization Attributes on ActionMethods. ex. [EditorsOnly] What I am trying to accomplish: During the private Beta period of my website, I want no anonymous users to access my site. Only Beta Testers of my site should be able to login and use my site as normal. After the private beta period people can access it using the security structure I already have set up. I am hoping I do not have to recompile but can have a setting in the webconfig to switch between Private Beta mode to Normal mode. Thanks for your suggestions.

    Read the article

  • Websphere exception handling

    - by Benjamin
    Hi all, From a security standpoint, what is the best solution to handle application errors with Websphere? I've been thinking of creating a class that is called every time an application error is generated, log the error and display a generic error message to the users. In PHP this can be achieved using the set_exception_handler() function. Is there something similar for websphere that could be configured in the web.xml? I've found codes like this on the internet: <error-page> <error-code>500</error-code> <location>/servlet/ExceptionHandlerServlet</location> </error-page> But that would only work with "500" HTTP error codes. I really want something generic that catches everything. Something like a class that implements a certain interface which can have access to all information about the error. Thanks for your time.

    Read the article

  • session is lost after successful login?

    - by sword101
    greetings all um using spring security 3.0.2,all the application pages are secured to see them you must be authenticated um using https protocol i have a strange problem that after successful login and got to the requested page when try to open any link to other pages in the application the session is invalidated or lost or what happened i don't know and the user become anonymous,and redirected to the login page and i got this from debugging: No HttpSession currently exists No SecurityContext was available from the HttpSession: null. A new one will be created. after reviewing the coe many times,nothing in the code is invalidating the session,any ideas why something like this might happen?

    Read the article

  • Azure scalability over XML File

    - by dayscott
    What is the best practise solution for programmaticaly changing the XML file where the number of instances are definied ? I know that this is somehow possible with this csmanage.exe for the Windows Azure API. How can i measure which Worker Role VMs are actually working? I asked this question on MSDN Community forums as well: http://social.msdn.microsoft.com/Forums/en-US/windowsazure/thread/02ae7321-11df-45a7-95d1-bfea402c5db1

    Read the article

  • Detect IE setting: check for newer versions of stored pages "never"

    - by xx
    I understand there isn't a way to interrogate a users IE settings directly due to security reasons, but is there a way to derive this answer with some other mechanism? I would like to stop a user from using my site if the setting "Check for newer versions of stored pages" is set to "Never". Any suggestions? Is there a way I could test for this using javascript? An example of what I am trying to accomplish is this: While it is not possible to check IE settings to see if you are running a popup blocker, that is a way to "test" for a popup blocker via javascript. I am looking for something similiar but for the cache setting, not the popup blocker.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 220 221 222 223 224 225 226 227 228 229 230 231  | Next Page >