Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/1021 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • mod_proxy security

    - by brad
    I'm on Debian Lenny using apache2. in my proxy.conf I tried adding Allow from localhost as suggested in some other forums to get proxying to work. Didn't work. It only worked if I say Allow from all My question is this. Are there any security implications to this Allow from all directive? Most people were saying to make this as limited as possible, but "all" is the client right? I want anyone regardless of their IP to be forwarded properly. Is there a better way to configure this?

    Read the article

  • Can't type into some text fields in any browser on Windows 7

    - by Zoltán
    I can't type into e.g. facebook's log in form with my computer. I hit my keys, but nothing happens. Special characters like c, c, š, etc. work. Backspace doesn't, delete does. This goes for Internet Explorer, Firefox and Chrome. This also happens with some other sites, sometimes even with gmail (or any google's log in form). I read somewhere that the solution is to reregister some dlls: regsvr32 mshtmled.dll regsvr32 jscript.dll regsvr32 /i mshtml.dll The first two work, the third one says The module "mshtml.dll" was loaded but the entry-point DllRegisterServer.dll was not found. And of course, running just the first two didn't help. Does anyone know how to fix this problem?

    Read the article

  • Setting Sql server security rights for multiple situations

    - by DanDan
    We have an application which uses an instance of Sql Server locally for its backend storage. The administrator windows login has had its sysadmin right revoked, and instead two sql logins have been created; one for the application with a secret password and one read only login we let users view the raw data with. This was working fine until we moved on FileStreams, which requires intergrated windows authentication. So now the sql server logins must be replaced. As a result, I am now reviewing all of our logins but I am not sure how it is possible. It seems that the application needs full read/write access, yet I still need to lock down writing to the tables so the user cannot login into the database and delete data randomly. Does anyone have any tips for setting multiple levels of security using intergrated windows logins, or can you direct me to any further reading? Thanks.

    Read the article

  • Security question pertaining web application deployment

    - by orokusaki
    I am about to deploy a web application (in a couple months) with the following set-up (perhaps anyways): Ubuntu Lucid Lynx with: IP Tables firewall (white-list style with only 3 ports open) Custom SSH port (like 31847 or something) No "root" SSH access Long, random username (not just "admin" or something) with a long password (65 chars) PostgreSQL which only listens to localhost 256 bit SSL Cert Reverse proxy from NGINX to my application server (UWSGI) Assume that my colo is secure (Physical access isn't my concern for the time being) Application-level security (SQL injection, XSS, Directory Traversal, CSRF, etc) Perhaps IP masquerading (but I don't really understand this yet) Does this sound like a secure setup? I hear about people's web apps getting hacked all the time, and part of me thinks, "maybe they're just neglecting something", but the other part of me thinks, "maybe there's nothing you can do to protect your server, and those things are just measures to make it a little harder for script kiddies to get in". If I told you all of this, gave you my IP address, and told you what ports were available, would it be possible for you to get in (assuming you have a penetration testing tool), or is this really protected well.

    Read the article

  • "Account locked out" security event at midnight

    - by Kev
    The last three midnights I've gotten an Event ID 539 in the log...about my own account: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 539 Date: 2010-04-26 Time: 12:00:20 AM User: NT AUTHORITY\SYSTEM Computer: SERVERNAME Description: Logon Failure: Reason: Account locked out User Name: MyUser Domain: MYDOMAIN Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: SERVERNAME Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - It's always within a half minute of midnight. There are no login attempts before it. Right after it (in the same second) there's a success audit entry: Logon attempt using explicit credentials: Logged on user: User Name: SERVERNAME$ Domain: MYDOMAIN Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: MyUser Target Domain: MYDOMAIN Target Logon GUID: - Target Server Name: servername.mydomain.lan Target Server Info: servername.mydomain.lan Caller Process ID: 2724 Source Network Address: - Source Port: - The process ID was the same on all three of them, so I looked it up, and right now at least it maps to TCP/IP Services (Microsoft). I don't believe I changed any policies or anything on Friday. How should I interpret this?

    Read the article

  • modsecurity apache mod-security.conf missing

    - by TechMedicNYC
    Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test server. I am trying to follow this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server. But at step 3: Now add these rules to Apache2. Open a terminal window and enter: sudo vi /etc/apache2/mods-available/mod-security.conf This file does not exist. Any suggestions?

    Read the article

  • Block a URL at browser level

    - by Farseeker
    Does anyone have a solution (that doesn't involve editing the hosts file) to block a particular URL from FireFox? Basic back story is that I'm trying to discipline myself. I'm spending FAR too much time over at Server Fault that I want to genuinely block the site from my work PC so that every time I find myself flicking to it during work time I can't see it, but I'd like to be able to disable it during my lunch break. (So I only spend 40 minutes a day there, rather than 4 hours). That said I don't want to block it at the router, nor for anyone else.

    Read the article

  • Typing the tab character in browser text boxes

    - by Rohit
    A lot of the time, when I want to format text within a web page's text box I'll hit the Tab key. Unfortunately, that doesn't insert the tab character but instead moves the control to the next form element (like a button or a check box). For browsers like Firefox/IE, is there a way to get the formatting behavior of a tab, within a text box, by typing a key combination?

    Read the article

  • Why is autologon in Windows 7 a security risk

    - by Phenom
    If I set my Windows 7 account to automatically logon so I don't have to type a password, and I don't have to click my username on the logon screen, I heard it's a security risk. From Windows 7 Auto Login: Although I don’t personally recommend this, there are some people out there who don’t want to bother with using a password to protect their Windows user account. Of course, using a password in Windows isn’t required, only suggested. But even if you don’t fill one in, you still have to click your user icon to start the login process. An easier way - although again much less secure - is to enable auto-logins for your Windows PC. This is possible in Windows 7, as it was in prior versions, but it takes a little finagling to do so. (And for good reason, darn it.) What is risky about it besides people being able to logon locally? Does it make it easier for hackers to logon remoately?

    Read the article

  • Running PHP scripts as the owner of the PHP file: security issues

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Apache security for multi-user development web server.

    - by mrmartinblue
    I've been searching and reading through documents all morning and understand that I need to use some combination of chown and probably 'jailing' to securely give programmers access to directories on my centos webserver. Here's the situation: I have an apache web server that has any number of virtual sites located in /var/www/site1 /var/www/site2 etc.. I have different developers that need full access both ssh and vsFTP to only the site they are working on. What is the best way to create and maintain security in this scenario. My thought would be to create a new user for each coder, jail that user to the website directory they are allowed to work in, add their user to a group and set the webroot's owner to that group. Any thoughts? Good, bad, ugly? Thanks!

    Read the article

  • Set security on pattern of sub folders (Server 2003)

    - by Mark Major
    I have a folder structure similar to the one shown below these paragraphs. How do I change security on every 'Photos' folder without clicking through each individually in Windows Explorer? There are about 50 top level folders (Bob, Jim, Eva, etc, etc) which have the same layout of folders inside. I am keen for any suggestions, either scripting or GUI. I am on Windows Server 2003. Cheap/free method would be good, as the company is part of a registered charity. Ideally I would like to do this via DFS path. E.G. \\mycompany.local\Shared\Staff\Bob\ Thanks for reading. Thanks for any info. Mark Bob Review Profile Photos Jim Review Profile Photos Eva Review Profile Photos

    Read the article

  • Browser caching is generating hugo I/O to server

    - by Rime
    Our users My Documents are stored on a Emc NAS. I have noticed huge traffic coming from users and I see that most of it is coming to cache directories of Internet Explorer and other browsers. One thing i suspect is Adobe Flash caching streams. We have various Windows clients and no restrictions on browsers. Is there any way to remove this traffic from our NAS by a group policy or whatever? Thanks Rime

    Read the article

  • Ultra-lightweight web browser?

    - by zildjohn01
    Are there any good super-lightweight graphical web browsers out there? I'd like to be able to browse the web on an old PC, but the mainstream crop of browsers is just too heavy, and I don't want to resort to something like Lynx. There must be something decent out there that'll fit in 16 or 32MB of RAM comfortably. 100% standards compliance isn't necessary, but I'd like something that supports the most widely used parts of CSS and JavaScript. The goal is to get 98% of sites usable in a nice, graphical format.

    Read the article

  • Using numerous IP addresses in a browser in linux

    - by BHare
    I own a dedicated server than runs Debian Linux. I have 64 IP addresses configured on the machine. I am looking to open a page (just has to access it with lynx or anything to read) with one of the non-default 64 IP addresses, besides just the default one. How can I do this?

    Read the article

  • Editing the Microsoft Security Essentials context-menu

    - by GPX
    As all MSE users would know, the context-menu item that it adds to Explorer is really long, with one whole sentence "Scan with Microsoft Security Essentials...". Is there a way to edit this and shorten it? I figured out the the file shellext.dll is responsible for registering the context menu. I used ResEdit to edit the DLL and changed the string table entry from Scan with ($BrandName) to Scan with MSE. But it still won't change. I've also tried de-registering the DLL and then registering it again. No luck! Any ideas? Or am I doing something wrong?

    Read the article

  • Security measures for CentOS

    - by cappuccinodrinker
    I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

    Read the article

  • Linux Security/Sysadmin Courses in London?

    - by mister k
    Hi, My employer has offered to send me on a couple of training courses and I'm just looking for some recommendations. I'm mainly looking to improve my security and general sysadmin skills. I would like to do something focused on UNIX as I mainly work with Linux boxes (but also a couple of FreeBSD boxes). I don't want to do a study-from-home course, so I would need to find somewhere based in London. It would be great to hear from anyone who has some experience with this kind of course. The courses I've found so far are: www.learningtree.co.uk/courses/uk433.htm www.city.ac.uk/cae/cfa/computing/systems_it/linux.html www.city.ac.uk/cae/cfa/computing/systems_it/unix_tools_ss.html I'm not sure the City University courses are advanced enough as I already have experience... Thanks!

    Read the article

  • control + enter in browser takes only .com?

    - by Abhilash M
    I have this strange problem, how exactly does control + enter decides the domain of a website?? If i type stackoverflow,then hit control+enter, it works and takes to homepage, but i type ubuntuforums, then hit control + enter, it does not recognise its ubuntuforums.org, but goes to ubuntuforums.com?? How does this exactly work? If i need to change this behaviour, how should i do it?

    Read the article

  • Security considerations for my first eStore.

    - by Rohit
    I have a website through which I am going to sell few products. It is hosted on a simple shared-hosting and does not have SSL. On the products page, each product has a Buy Now button created from my PayPal Merchant account. PayPal recommends to use it's Button Factory to create secure buttons and save it inside PayPal itself. I have followed the same advice and the code of any button is secure and does not disclose any information on either a product or it's price. When the user clicks on a Buy Now button, he/she is taken to PayPal site where a page is opened in SSL for the user to fill in the credit card and shipping details. After a successful transaction, the control is passed back to my site. I want to know whether there is still any chance when security could be compromised.

    Read the article

  • disable browser localization

    - by broiyan
    How do I get the websites that I visit to stop localizing the language probably according to my IP location? This is an website specific issue because, for example economist.com and superuser.com do not do it, but Google Checkout and craigslist.org are doing it. Is there a way to setup Ubuntu and Firefox so that English will always be used for all web pages displayed? Edit: Of course many webpages have a link to an English version, but sometimes they don't. For example I believe such links usually appear on the root resource but sometimes I see non-English languages on child resources where such links do not appear. Example: most Blogger.com blogs appear in English but when I go to the blogger's profile ("view my complete profile"), it appears in another language that matches my geographic location.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >