Search Results

Search found 6427 results on 258 pages for 'customer protection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 23/258 | < Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • Windows Server 2008 R2 Customer Experience Tasks

    - by ulrichb
    Can I disable the CEIP and Application Experience Tasks in the task scheduler without hesitation? I'm talkin about: \Microsoft\Windows\Application Experience: "AitAgent" and "ProgramDataUpdater" \Microsoft\Windows\Autochk: "Proxy" \Microsoft\Windows\Customer Experience Improvement Program: "Consolidator", "KernelCeipTask" and "UsbCeip" \Microsoft\Windows\Customer Experience Improvement Program\Server: "ServerCeipAssistant", "ServerRoleCollector" and "ServerRoleUsageCollector"

    Read the article

  • Oracle Data Protection: How Do You Measure Up? - Part 1

    - by tichien
    This is the first installment in a blog series, which examines the results of a recent database protection survey conducted by Database Trends and Applications (DBTA) Magazine. All Oracle IT professionals know that a sound, well-tested backup and recovery strategy plays a foundational role in protecting their Oracle database investments, which in many cases, represent the lifeblood of business operations. But just how common are the data protection strategies used and the challenges faced across various enterprises? In January 2014, Database Trends and Applications Magazine (DBTA), in partnership with Oracle, released the results of its “Oracle Database Management and Data Protection Survey”. Two hundred Oracle IT professionals were interviewed on various aspects of their database backup and recovery strategies, in order to identify the top organizational and operational challenges for protecting Oracle assets. Here are some of the key findings from the survey: The majority of respondents manage backups for tens to hundreds of databases, representing total data volume of 5 to 50TB (14% manage 50 to 200 TB and some up to 5 PB or more). About half of the respondents (48%) use HA technologies such as RAC, Data Guard, or storage mirroring, however these technologies are deployed on only 25% of their databases (or less). This indicates that backups are still the predominant method for database protection among enterprises. Weekly full and daily incremental backups to disk were the most popular strategy, used by 27% of respondents, followed by daily full backups, which are used by 17%. Interestingly, over half of the respondents reported that 10% or less of their databases undergo regular backup testing.  A few key backup and recovery challenges resonated across many of the respondents: Poor performance and impact on productivity (see Figure 1) 38% of respondents indicated that backups are too slow, resulting in prolonged backup windows. In a similar vein, 23% complained that backups degrade the performance of production systems. Lack of continuous protection (see Figure 2) 35% revealed that less than 5% of Oracle data is protected in real-time.  Management complexity 25% stated that recovery operations are too complex. (see Figure 1)  31% reported that backups need constant management. (see Figure 1) 45% changed their backup tools as a result of growing data volumes, while 29% changed tools due to the complexity of the tools themselves. Figure 1: Current Challenges with Database Backup and Recovery Figure 2: Percentage of Organization’s Data Backed Up in Real-Time or Near Real-Time In future blogs, we will discuss each of these challenges in more detail and bring insight into how the backup technology industry has attempted to resolve them.

    Read the article

  • How to efficiently protect part of an application with a license

    - by Patrick
    I am working on an application that has many functional parts. When a customer buys the application, he buys the standard functionality, but he can also buy some additional elements of the application for an additional price. All of the elements are part of the same application executable. A license key is used to indicate which of the elements should be accessible in the application. Some of the elements can be easily disabled if the user didn't pay for it. These are typically the modules that you can access via the application's menu. However, some elements give more problems: What if a part of the data model is related to an optional part? Do I build up these data structures in my application so the rest of my application can just assume they're always there? Or do I don't build them, and add checks in the rest of may application? What if some optional part is still useful to perform some internal tasks, but I don't want to expose it to the user externally? What if the marketing responsible wants to make a standard part now an optional part? In all of my application I assume that that part is present, but if it becomes optional, I should add checks on it everywhere in the application. I have some ideas on how to solve some of the problems (e.g. interfaces with dual implementations: one working implementation, and one that is activated if the optional part is not activated). Do you know of any patterns that can be used to solve this kind of problem? Or do you have any suggestions on how to handle this licensing problem? Thanks.

    Read the article

  • "Expecting A Different Result?" (2 of 3 in 'No Customer Left Behind' Series)

    - by Kathryn Perry
    A guest post by David Vap, Group Vice President, Oracle Applications Product Development Many companies already have some type of customer experience initiative in process or one that could be framed as such. The challenge is that the initiatives too often are started in a department silo, don't have the right level of executive sponsorship, or have been initiated without the necessary insight and strategic business alignment. You can't keep doing the same things, give it a customer experience name, and expect a different result. You can't continue to just compete on price or features - that is not sustainable in commoditized markets. And ultimately, investing in technology alone doesn't solve customer experience problems; it just adds to the complexity of them. You need a customer experience strategy and approach on how to execute a customer-centric worldview within your business. To develop this, you must take an outside in journey on how your customers are interacting with your business to establish a benchmark of your customers' experiences. Then you must get cross-functional alignment on what you are trying to achieve, near, mid, and long term. Your execution of that strategy should be based on a customer experience approach: Understand your customer: You need to capture the insights across interactions, channels (including social), and personas to better understand whom to serve, how to serve them, and when to serve them. Not all experiences or customers are equal, so leverage this insight to understand the strategic business objectives you need to address. Then determine which experiences can be improved immediately and which over time to get the result you need. Empower your ecosystem: You need to align your front-line employees with your strategy and give them the power, insight, and tools that allow them to cultivate a culture around strengthening the relationships with your customers. You also need to provide the transparency, access, and collaboration that enable your customers and partners to self serve and self solve and to share with ease. Adapt your business: You need to enable the discipline of agility within your organization and infrastructure so that you can innovate, tailor, and personalize experiences. This needs to be done both reactively from insight and proactively in real time so you can stay ahead of shifting market trends and evolving consumer behaviors. No longer will the old approaches provide the same returns. To compete, differentiate, and win in a world where the customer has the power, you must execute a strategy that is sure to deliver a better brand experience for your customers. Note: This is Part 2 in a three-part series. Part 1 is here. Stop back for Part 3 on November 28.

    Read the article

  • Best Practice for captcha based protection against D.O.S to Nginx Proxy

    - by user325320
    The idea is explained here In simple words, Nginx Proxy plays the role of load balance and transmits the HTTP/HTTPS requests to servers. If the number of request times within a certain period from an individual IP exceeds a threshold, it will trigger a captcha for the upcoming requests. And the end-user must input the correct captcha code before he can continue to access the site. Do you know any open source / free NGINX module for this usage? I searched on the Internet and here is one of them: https://github.com/snbuback/nginx seems it needs modification. Any suggestion / experience is welcome, thank you

    Read the article

  • Trying to use Digest Authentication for Folder Protection

    - by Jon Hazlett
    StackOverflow users suggested I try my question here. I'm using Server 2008 EE and IIS 7. I've got a site that I've migrated over from XP Pro using IIS 5. On the old system, I was using IIS Password to use simple .htaccess files to control a couple of folders that I didn't want to be publicly viewable. Now that I'm running a full-blown DC with a more powerful version of IIS, I decided it'd be a good idea to start using something slightly more sophisticated. After doing my research and trying to keep things as cheap as possible with a touch of extra security, I decided that Digest Authentication would be the best way to go. My issue is this: With Anon access disabled and Digest enabled, I am never prompted for credentials. when on the server, viewing domain[dot]com/example will simply show my 401.htm page without prompting me for credentials. when on a different network/computer, viewing domain[dot]com/example again shows my 401.htm without prompting for credentials. At the site level I only have Anon enabled. Every subfolder, unless I want it protected, has just Anon enabled. Only the folders I want protected have Anon disabled and Digest enabled. I have tried editing the bindings to see if that would spark any kind of change... www.domain.com, domain.com, and localhost have all been tried. There was never a change in behavior at any permutation (aside from the page not being found when I un-bound localhost to the site). I might have screwed up when I deleted the default site from IIS. I didn't think I'd actually need it for anything, but some of what I have read online is telling me otherwise now. As for Digest settings, I have it pointed to local.domain.com, which is the name assigned to my AD Domain. I'm guessing that's right, but honestly have no clue about what a realm actually is. Would it matter that I have an A record for local.domain.com pointing to my IP address? I had problems initially with an absolute link for 401.htm pages, but have since resolved that. Instead of D:\HTTP\401.htm I've used /401.htm and all is well. I used to get error 500's because it couldn't find the custom 401.htm file, but now it loads just fine. As for some data, I was getting entries like this from access logs: 2009-07-10 17:34:12 10.0.0.10 GET /example/ - 80 - [workip] Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 401 2 5 132 But after correcting my 401.htm links now get logs like this: 2009-07-10 18:56:25 10.0.0.10 GET /example - 80 - [workip] Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.11)+Gecko/2009060215+Firefox/3.0.11 200 0 0 146 I don't know if that means anything or not. I still don't get any credential challenges, regardless of where I try to sign in from ( my workstation, my server, my cellphone even ). The only thing that's seemed to work is viewing localhost and I donno what could be preventing authentication from finding it's way out of the server. Thanks for any help! Jon

    Read the article

  • htaccess password protection error

    - by nute
    I have an HTACCESS as follows: AuthUserFile /home/nasht00/.htmydomain AuthName "EnterPassword" AuthType Basic Require valid-user When I try it, the password pop-up appears. Whatever I enter in it, I get a 500 Internal Server Error. My password file is under /home/nasht00/.htmydomain . Its owner is nasht00:www-data (nasht00 is my user, www-data is the group that apache2 belongs to). File permissions on that file is 775. What am I missing? If I try without the htaccess it works fine of course. I have Ubuntu 9.10 with apache2.

    Read the article

  • pfSense + DDoS Protection

    - by Jeremy
    I run a gaming community on a colo with a 100Mbps port. I want to buy a very cheap 35 dollar server with the same 100Mbps port, and run pfSense to use as a hardware firewall. I'm dealing with a bunch of 14 year old kids that have access to botnets, so it can become a bit necessary to get something like this. My overall question, is using pfSense on a cheap identical datacenter/port speed server worth it to actually block DDoS attacks? A bit more into detail since I assume you will ask this, the attacks we receive are normally around 1Gbps. We currently run CentOS using CSF Firewall, and even when using a software firewall, we block 500Mbps UDP floods, or just generic attacks pretty easily. Thanks, - Necro

    Read the article

  • iptables rules for botnet (UDP flood) protection

    - by Petar Simeonov
    I'm currently experiencing a massive UDP attack on my server. I host a couple of gameservers, mainly Tf2, CS:GO, CS 1.6 and CS:Source, and my 1.6 server is being flooded. I tried different rules in iptables, but none of them seemed to work. I'm on a 100mbps bandwidth tariff, but the flood i receive is 500+mbps. This is the log of the latest tcpdump - http://pastebin.com/HSgFVeBs Packet length varies throughout the day. Only my gameserver ports are being flooded - 27015, 27016, 27018 via UDP packets. Are there any iptables rules, that might prevent this?

    Read the article

  • Remove Write Protection from USB

    - by Vasile Marian Falama?
    My flash USB is write protected and I've tried every possible methods I've encountered over the internet, to get rid of this. Accessing the usb is not working. Format from my computer, is not working. Clear attributes with DiskPart is not working (can't be cleaned, Current Read-only State is Yes but Readonly is set to false... With Disk Management, I can't delete the partition... Is there any other method... With a specific software or somehow? Edit : I tried this on Windows 8.1.

    Read the article

  • Burn the CD or DVD for one time use

    - by kumar
    I want to burn the CD or DVD for one-time use, that is - CD or DVD copy protection, like CD to CD or CD to hard disc copy protection. The CD has a setup. After setup process is finished the setup file will destroy automatically or disable the CD contents. How to create like this. Please give me some ideas

    Read the article

  • Motherboard jumper setting: BIOS flash write protection.

    - by Wesley
    I have an ECS P4M800PRO-M478 motherboard and I'm just setting up the jumpers right now, of which there are only two sets. One is the CLR_CMOS jumper, which is set to Normal, of course. However, there is another set called BIOS_WP which controls whether BIOS flash writing is protected or unprotected. Which setting should I have it set at and would this affect any BIOS flashes in the future?

    Read the article

  • Do Windows Vista/7 have memory protection?

    - by winnewb
    Is it possible for a program to access another program's memory directly and read from (or write to) it, or to "inherit" the old contents of memory reclaimed from another program? (ie if it doesn't zero out memory before using it and just reads from unitialized memory directly)

    Read the article

  • "save the changes" message after removing the protection from workbook Excel 2010

    - by abbasi
    Some time ago I protected the Excel 2010 file from the path File Protect workbook Encrypt with password and gave it a password. Now that I removed that password via below method: Open the workbook and use Save As In the lower right of the file window will be "Tools" Choose "General Options" Clear the password. Save over your old file. the file is openable without wanting a password. But the problem is when I open it and close it immediately, even without moving the active cell, the message "Do you want to save the changes you made to 'test.lsx'?" appears. While there hasn't occurred any changes to that file so why I face this message any time I want to close the file? Hasn't the file been corrupted?

    Read the article

  • Unix Server Protection from Physical Access?

    - by Isabella Wilcox
    I'm working to license our software to some buyer. Our software will be ran from an unix server that is physically controlled by the buyer. Is there any way to prevent the buyer who have physical access to your server to access contents on the drive? We want to protect our intellectual property because if the buyer steals our software, we won't have enough legal resources to pursue a claim internationally.

    Read the article

  • Force password protection in the iPad

    - by fragsworth
    I am unable to find out how to force the iPad ask for my password when I want to use certain applications (e.g. e-mail) I want to be able to share the iPad but I don't want anyone to have access to my e-mail account. The only way I can see to do this is to create and delete the account every time I use it, but this is an extreme hassle. Ideally it should simply ask for my password whenever I want to access my e-mail. How can I do this?

    Read the article

  • USB Permission - Write protection

    - by dekhadmai
    I have an external harddisk and my friends asked for it. The point is I don't trust in his anti-virus software. Is there anyway to allow some folders (I prepare hdd space for him) to write-able and all others is read-only ? or is there a software that can do like this ? And it would be great if I can have full access on my computer ONLY (may be with some specific software on my PC) and without having to modify anything. I don't ask for hdd-encryption since I only want to limit the area of write-able folder (and allow my friend to read through all my data), later I can scan for virus myself only in that area ... scanning entire hdd with 500gb/friend is not fun at all ! Sorry if this doesn't seems like the programming questions. Any help would be appreciate, Thank you.

    Read the article

  • Banco Espírito Santo Increases Sales Campaign Success Rate with Siebel CRM

    - by Tony Berk
    Banco Espírito Santo (BES), founded in 1869, is the second-largest private financial institution in Portugal with a 20.3% domestic market share, 2.1 million customers, and more than 700 in-country branches. It also has a strong international presence with operations in 23 countries and four continents. With strong growth in its major markets, BES needed a modern, cost-effective, scalable, and reliable customer relationship management (CRM) solution for its retail operations. The bank wanted to optimize client relationship management and integrate all customer touch points and service channels to improve the success of its sales and marketing initiatives. BES implemented the same CRM solution as many other leading banks: Oracle's Siebel CRM. With Siebel CRM 8.1 and other Oracle solutions, BES significantly increased sales of its new financial products across all channels by up to 25%, and it expects to increase annual revenue by up US$4 million annually. It also improved the success rate of bank branch sales, marketing, and lead generation campaigns by nearly 10%. “We are very happy with Oracle’s Siebel CRM applications. We already knew that this was the best solution available, but it has surpassed our best expectations,” said João Manaças, Customer Relationship Management Manager, Personal Marketing Department, Banco Espírito Santo. Click here to learn more about BES's use of Siebel CRM.

    Read the article

  • Is it possible to transfer a domain without a "gap" in Whois privacy protection?

    - by Guest
    I currently own several domains on which I am using a Whois privacy protection service to hide my personal details. In the near future, I would like to transfer some of these domains to a different registrar. It has been many years since I last performed domain transfers, so I am no longer knowledgeable about what it involves. However, I have read from several registrars that they ask their customers to disable Whois protection before effecting a domain transfer. Since there are several websites out there that publish archived versions of Whois information (and ask handsome money for the information to be hidden, of course), I would prefer to avoid having such a "gap" in my privacy protection. I figured that these websites would fetch Whois information mainly when a query is effected through their own website. However, I have found out that at least one of these sites had a copy of the Whois information for a new domain up on their site within hours after I registered it, so they must have some other source (of course I used a Google search to find that out, not their own site). What that tells me is that the time it takes for the domain transfers to go through would be more than enough for these rogue websites to cache my information. If my new registrar offers privacy protection for domains right from the point of registration as well, is there no way to transfer the domain between the two without reverting to my default Whois information in between?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >