Search Results

Search found 29513 results on 1181 pages for 'microsoft security essent'.

Page 246/1181 | < Previous Page | 242 243 244 245 246 247 248 249 250 251 252 253  | Next Page >

• Cannot install Apache Web Server on Ubuntu, Amazon WS

  - by Eugene Retunsky

  I enter command apt-get install apache2 --fix-missing (under the root user) and this is what I receive: Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap ssl-cert Suggested packages: apache2-doc apache2-suexec apache2-suexec-custom openssl-blacklist The following NEW packages will be installed: apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap ssl-cert 0 upgraded, 10 newly installed, 0 to remove and 36 not upgraded. Need to get 2,945 kB/3,141 kB of archives. After this operation, 10.4 MB of additional disk space will be used. Do you want to continue [Y/n]? y Err http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2.2-bin i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 10.161.51.124 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2.2-bin i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2-utils i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2.2-common i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2-mpm-worker i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2 i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Unable to correct missing packages. E: Aborting install. Any help is appreciated.

  Read the article

• Tools to test softwares against any attacks for programmers ?

  - by berkay

  in these days, i'm interested in software security. As i'm reading papers i see that there are many attacks and researchers are trying to invent new methods for softwares to get more secure systems. this question can be a general including all types of attacks.There are many experienced programmers in SO, i just want to learn what are using to check your code against these attacks ? Is there any tools you use or you don't care ? For example i heard about,static,dynamic code analysis, fuzz testing. SQL injection attacks Cross Site Scripting Bufferoverflow attacks Logic errors Any kind of Malwares Covert Channels ... ... thanks

  Read the article

• Need advice to design 'crack-proof' software

  - by alee

  I am currently working on a project where i need to create some architecture, framework or any standards by which i can "at least" increase the cracking method for a software, i.e, to add to software security. There are already different ways to activate a software which includes online activation, keys etc. I am currently studying few research papers as well. But there are still lot of things that i want to discuss. Could someone guide me to some decent forum, mailing list or something like that? or any other help would be appreciated.

  Read the article

• Web Services: Secure? Asp.net

  - by Jacques

  Hey there, Something I can't wrap my head around is how secure web services are. For example we're writing a desktop application that will interact with data on one of our websites as well as local data. This data is sensitive though and the last thing we want is anybody calling the web services. I've not yet found anything that says web services has some kind of authentication methods and the only security I've seen people talk about is using certificates to encrypt the message. I'm no guru on this and would appreciate anyone's input and perhaps a link to somewhere that will explain this in simple terms. Thanks Jacques

  Read the article

• How dangerous can javascript be?

  - by CrazyJugglerDrummer

  I have recently started using noscript (in addition to ABP). It took a little while to get used to it and can occasionally require some clicking when visiting a new site to investigate why the site's not working and where I need to allow javascript from. Is the extra security worth it? Some of the controversy is discussed here. I suppose it boils down to a matter of whether javascript is a genuine threat to your computer or not. Any thoughts on this?

  Read the article

• Crossdomain file edit

  - by Misiur

  Hi there. I need to know, where from is my script used (it's for sale, and i don't want any thiefs). I want to write on my server in file, IP of user, domain where from script has been runned, date, etc. I've tried fopen, fwrite, but is_file_writable returned that it isn't. File CHmods are 777, it parent catalog has too 777 chmods. Now i'm trying something like that: <?php $file = 'http://www.misiur.com/security/seal.txt'; $data = date("Y-m-d H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; $svr = $_SERVER['SERVER_NAME']; $str = "[$data] Loaded by $ip at $svr\r\n"; $current = file_get_contents($file); $current .= $str; file_put_contents($file, $current); ?> However - nothing happens. What i've got to do?

  Read the article

• How dangerous can javascript be? (is noscript worth the trouble)?

  - by CrazyJugglerDrummer

  I have recently started using noscript (in addition to ABP). It took a little while to get used to it and can occasionally require some clicking when visiting a new site to investigate why the site's not working and where I need to allow javascript from. Is the extra security worth it? Some of the controversy is discussed here. I suppose it boils down to a matter of whether javascript is a genuine threat to your computer or not. Any thoughts on this?

  Read the article

• How to create Encryption Key for Encryption Algorithms?

  - by Akash Kava

  I want to use encryption algorithm available in .Net Security namespace, however I am trying to understand how to generate the key, for example AES algorithm needs 256 bits, that 16 bytes key, and some initialization vector, which is also few bytes. Can I use any combination of values in my Key and IV? e.g. all zeros in Key and IV are valid or not? I know the detail of algorithm which does lots of xors, so zero wont serve any good, but are there any restrictions by these algorithms? Or Do I have to generate the key using some program and save it permanently somewhere?

  Read the article

• Is Rails default CSRF protection insecure

  - by schickb

  By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

  Read the article

• LocalUser access for WCF hosted in IIS

  - by Eugarps

  I have tried every combination to allow unauthenticated access to WCF as in "LocalUser" accounts, in IIS without success. Here is what I've most recently tried: wsHttpBinding with Message security and mode set to "None". IIS anonymous access enabled, all others disabled, folder level access at default (but granted read access to "Users" which is all users in our domain). I understand I may not have provided enough information to solve the issue, but perhaps somebody can point me in the right direction - is this likely to be a IIS configuration issue or a WCF configuration issue... if WCF, is it likely to be a client level or server level issue? The error I get when attempting to access here is "User is not authenticated". We have ASMX services in the domain which are behaving properly, I am the first developer using WCF here.

  Read the article

• Problem Linking Boost Filesystem Library in Microsoft Visual C++

  - by Scott

  Hello. I am having trouble getting my project to link to the Boost (version 1.37.0) Filesystem lib file in Microsoft Visual C++ 2008 Express Edition. The Filesystem library is not a header-only library. I have been following the Getting Started on Windows guide posted on the official boost web page. Here are the steps I have taken: I used bjam to build the complete set of lib files using: bjam --build-dir="C:\Program Files\boost\build-boost" --toolset=msvc --build-type=complete I copied the /libs directory (located in C:\Program Files\boost\build-boost\boost\bin.v2) to C:\Program Files\boost\boost_1_37_0\libs. In Visual C++, under Project Properties Additional Library Directories I added these paths: C:\Program Files\boost\boost_1_37_0\libs C:\Program Files\boost\boost_1_37_0\libs\filesystem\build\msvc-9.0express\debug\link-static\threading-multi I added the second one out of desperation. It is the exact directory where libboost_system-vc90-mt-gd-1_37.lib resides. In Configuration Properties C/C++ General Additional Include Directories I added the following path: C:\Program Files\boost\boost_1_37_0 Then, to put the icing on the cake, under Tools Options VC++ Directories Library files, I added the same directories mentioned in step 3. Despite all this, when I build my project I get the following error: fatal error LNK1104: cannot open file 'libboost_system-vc90-mt-gd-1_37.lib' Additionally, here is the code that I am attempting to compile as well as a screen shot of the aformentioned directory where the (assumedly correct) lib file resides: #include "boost/filesystem.hpp" // includes all needed Boost.Filesystem declarations #include <iostream> // for std::cout using boost::filesystem; // for ease of tutorial presentation; // a namespace alias is preferred practice in real code using namespace std; int main() { cout << "Hello, world!" << endl; return 0; } Can anyone help me out? Let me know if you need to know anything else. As always, thanks in advance.

  Read the article

• Microsoft Detours - DetourUpdateThread?

  - by pault543

  Hi, I have a few quick questions about the Microsoft Detours Library. I have used it before (successfully), but I just had a thought about this function: LONG DetourUpdateThread(HANDLE hThread); I read elsewhere that this function will actually suspend the thread until the transaction completes. This seems odd since most sample code calls: DetourUpdateThread(GetCurrentThread()); Anyway, apparently this function "enlists" threads so that, when the transaction commits (and the detours are made), their instruction pointers are modified if they lie "within the rewritten code in either the target function or the trampoline function." My questions are: When the transaction commits, is the current thread's instruction pointer going to be within the DetourTransactionCommit function? If so, why should we bother enlisting it to be updated? Also, if the enlisted threads are suspended, how can the current thread continue executing (given that most sample code calls DetourUpdateThread(GetCurrentThread());)? Finally, could you suspend all threads for the current process, avoiding race conditions (considering that threads could be getting created and destroyed at any time)? Perhaps this is done when the transaction begins? This would allow us to enumerate threads more safely (as it seems less likely that new threads could be created), although what about CreateRemoteThread()? Thanks, Paul For reference, here is an extract from the simple sample: // DllMain function attaches and detaches the TimedSleep detour to the // Sleep target function. The Sleep target function is referred to // through the TrueSleep target pointer. BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (dwReason == DLL_PROCESS_ATTACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueSleep, TimedSleep); DetourTransactionCommit(); } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)TrueSleep, TimedSleep); DetourTransactionCommit(); } return TRUE; }

  Read the article

• Flash not interacting with Javascripts in browser inside my app

  - by Shivaprasad

  Hi , I have an application which embeds a xulrunner based browser. I have to load some flash content in it which talks to some javascripts to update the browser title. The flash content works fine when launched from Firefox but not inside my app. I tried a sample html file which has some javascripts and they work fine. It even works when I have the flash content on a server. It is only when I try to run js through flash present on my local machine that I see this problem. I guess it must have something to do with some security settings in xulrunner. Could somebody help me figure out what the problem might be? Thanks jbsp72

  Read the article

• How to manually query LDAP through Acegi's beans?

  - by Veggen Skrikk

  I have an application using Acegi (earlier version of Spring Security) and LDAP for logins. Now, a specific scenario requires me to discover user's LDAP groups at arbitrary time (not at login time). Is it possible to use already set up Acegi to handle this situation? I'm thinking of using the configured LdapAuthProvider (or LdapAuthPopulator or whatever's appropriate) to get all the groups associated with a given username. Is this possible? If yes, please, please, give some hints how it should be done...

  Read the article

• Microsoft JScript runtime error: '(function name)' is undefined

  - by Velika2

  Microsoft JScript runtime error: 'txtGivenName_OnFocus' is undefined After adding what I thought was unrelated javascript code to a web page, I am suddenly getting errors that suggest that the browser cannot locate a javascript function that, to me, appears plain as day in design mode. I'm thinking that this is a load sequence order problem of some sort. Originally, my script was at the bottom of the page. I did this with the intent of helping my site's SEO ranking. When I moved the function to the top of the web page, the error went away. Now it is back. I have a feeling someone is going to suggest a jQuery solution to execute some code only when the page is fully loaded. I'm I ignorant of jQuery. IfjQuery is given in the answer, please explain what I need to do (references, placement of script files) for VS 2010 RTM. I am trying to set the focus to the first textbox on the webpage and preselect all of the text in the textbox More info: If I disable this Validator, the problem goes away: <asp:CustomValidator ID="valSpecifyOccupation" runat="server" ErrorMessage="Required" ClientValidationFunction="txtSpecifyOccupation_ClientValidate" Display="Dynamic" Enabled="False"></asp:CustomValidator> function txtSpecifyOccupation_ClientValidate(source, args) { var optOccupationRetired = document.getElementById("<%=optOccupationRetired.ClientID %>"); if (optOccupationRetired.checked) { args.IsValid = true; } else { var txtSpecifyOccupation = document.getElementById("<%=txtSpecifyOccupation.ClientID %>"); args.IsValid = ValidatorTrim(txtSpecifyOccupation.value) != ""; } }

  Read the article

• Centralized Credentials Service For Various Apps

  - by Vlad

  We are researching the possibility to build a centralized credentials storage for internal applications. These apps (vb6, vb.net, web apps in asp.net, etc) are using various instances of SQL servers and iSeries. We want to implement a central credentials facility that would act as a security broker. Basically it should work like this: Client app supplies AppID (I am Sales Application) and EnvironmentID (I am running in QA environment) and in return will get either a connection object (preferred) or encrypted connection string that will allow said application to connect to resources it needs. There will be cases when application needs to connect to two (or more) database resources (i.e. to SQL and iSeries). What are looking at DP API at the moment, but I am not convinced that DP API is the solution as it tied in with machine key. In our case using machine key isn't feasible, so I want to know if there are other approaches available.

  Read the article

• Verify my form workflow

  - by Shackrock

  I have a form, with some sensitive info (CC numbers). My work flow is: One page to take all form items Upon submission, values are validated. If all is well, all data is stored in a session variable, and the page reloads and displays this info from the session variable. If everything is ok on the review page, the user clicks submit and the session variable is sent to another form for processing (sending payment). Upon success, the session is destroyed. Upon failure (bad CC number, for example) - the user is sent back to the form, with all of the fields filled in just like before, so that they can check for errors and try again (session is NOT destroyed). Does anyone see anything wrong with this, from a security or best practices stand point? UPDATE I'm thinking I can get rid of a step - storing the info in a session EVER. Just have a one page checkout, no review page... makes sense.

  Read the article

• Adobe Socket Policy File Server Problems

  - by Matt

  Has anyone been able to successfully implement a service to serve the required socket policy file to FlashPlayer? I am running the Python implementation of the service provided by Adobe at http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html and using the following policy file: <?xml version="1.0" encoding="UTF-8"?> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*" to-ports="*" secure="false"/> </cross-domain-policy> and receiving this message from Flash: [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://www.mapopolis.com/family/Tree.swf cannot load data from www.mapopolis.com:1900."] Thanks.

  Read the article

• Ipad, closed environment and threat to privacy

  - by Akshay Bhat

  I had an unusual question about ipad, Since ipad environment is closed and does not allows installation of diagnostic and security related programs. How can then we be sure that any of the software installed on ipad is not infringing upon our privacy by doing stuff such as homing back information, etc. We cant install a packet tracer or any other software to check for attacks on privacy. Also given Apples poor track record (the safari browser was broken in one day), I don't think trusting apple solely would be a good idea. This might not seem to be a big issue but for business users it would be a significant concern.

  Read the article

• Saving data to server with user accounts.

  - by AKRamkumar

  Ok, so for an app I am making, I want the user to be able to save data online. On my website, I will provide a web server with tables of UserName/Password/SaveData. How can I do this without crashing the server load? How can I guarantee security ? Is there a Design Pattern for this?Is there a better way of doing this? This is going to be a free application, available to the public and I would like for their settings to be available, no matter the computer they are using. Is there a better way of doing this? I am using MEF for plugins so is there a way I can save plugin data as well?

  Read the article

• Label on the Chart using Microsoft Chart controls

  - by azamsharp

  I am creating a 3d chart using Microsoft Chart controls. Here is the image: I want to show the point on the top of each bar graph. Like for Exam 1 on top of bar chart it should show 2 (as in 2 points) etc. Here is the code: private void BindData() { var exams = new List<Exam>() { new Exam() { Name = "Exam 1", Point = 10 }, new Exam() { Name = "Exam 2", Point = 12 }, new Exam() { Name = "Exam 3", Point = 15 }, new Exam() { Name = "Exam 4", Point = 2 } }; var series = ExamsChart.Series["ExamSeries"]; series.YValueMembers = "Point"; series.XValueMember = "Name"; //series.MarkerStyle = System.Web.UI.DataVisualization.Charting.MarkerStyle.Circle; //series.MarkerSize = 20; //series.LegendText = "hellow"; //series.Label = "something"; var chartAreas = ExamsChart.ChartAreas["ChartArea1"]; ExamsChart.DataSource = exams; ExamsChart.DataBind(); } and here is the html code: <asp:Chart ID="ExamsChart" Width="600" Height="320" runat="server"> <Titles> <asp:Title Text="Exam Report" /> </Titles> <Series> <asp:Series Name="ExamSeries" ChartType="Column"> </asp:Series> </Series> <ChartAreas> <asp:ChartArea Name="ChartArea1"> <Area3DStyle Enable3D="true" WallWidth="10" /> </asp:ChartArea> </ChartAreas> </asp:Chart>

  Read the article

• Roles / Permissions framework for c#?

  - by mark smith

  Hi there, Does anyone know of a good framework to allow me design permission and roles against users. Basically allowing me to automatically check a user can do a certain thing, and then disabling or enabling menu items etc I am not really looking for asp.net security ... as i need to use it in my own service layer and clients both WEB and WPF will use it. I was hoping for something that allows me to create new roles and groups against users and then check what type of permissions a user has or a group has Any help really appreciated.. I am sure some kind of open source framework is available, well i was hoping not having to create my own Thanks

  Read the article

• Potential for SQL injection here?

  - by Matt Greer

  This may be a really dumb question but I figure why not... I am using RIA Services with Entity Framework as the back end. I have some places in my app where I accept user input and directly ask RIA Services (and in turn EF and in turn my database) questions using their data. Do any of these layers help prevent security issues or should I scrub my data myself? For example, whenever a new user registers with the app, I call this method: [Query] public IEnumerable<EmailVerificationResult> VerifyUserWithEmailToken(string token) { using (UserService userService = new UserService()) { // token came straight from the user, am I in trouble here passing it directly into // my DomainService, should I verify the data here (or in UserService)? User user = userService.GetUserByEmailVerificationToken(token); ... } } (and whether I should be rolling my own user verification system is another issue altogether, we are in the process of adopting MS's membership framework. I'm more interested in sql injection and RIA services in general)

  Read the article

• Microsoft Solver Foundation constraint

  - by emaster70

  Hello, I'm trying to use Microsoft Solver Foundation 2 to solve a fairly complicated situation, however I'm stuck with an UnsupportedModelException even when I dumb down the model as much as possible. Does anyone have an idea of what I'm doing wrong? Following is the least example required to reproduce the problematic behavior. var ctx = SolverContext.GetContext(); var model = ctx.CreateModel(); var someConstant = 1337.0; var decisionA = new Decision(Domain.Real, "decisionA"); var decisionB = new Decision(Domain.Real, "decisionB"); var decisionC = new Decision(Domain.Real, "decisionC"); model.AddConstraint("ca", decisionA <= someConstant); model.AddConstraint("cb", decisionB <= someConstant); model.AddConstraint("cc", decisionC <= someConstant); model.AddConstraint("mainConstraint", Model.Equal(Model.Sum(decisionA, decisionB, decisionC), someConstant)) model.AddGoal("myComplicatedGoal", GoalKind.Minimize, decisionC); var solution = ctx.Solve(); solution.GetReport().WriteTo(Console.Out); Console.ReadKey(); Please consider that my actual model should include, once complete, a few constraints in the form of a*a+b*a <= someValue, so if what I'm willing to do ultimately isn't supported, please let me know in advance. If that's the case I'd also appreciate a suggestion of some other solver with a .NET friendly interface that I could use (only well-known commercial packages, please). Thanks in advance

  Read the article

• Grails LDAP authentication failed

  - by Leo

  Hi, guys I am developing a web app by using Grails and using Grails LDAP as my Authentication mechanism. However, i always get following error: {Error 500: Cannot pass null or empty values to constructor Servlet: default URI: /ldap-app/j_spring_security_check Exception Message: Cannot pass null or empty values to constructor Caused by: Cannot pass null or empty values to constructor Class: GrailsAuthenticationProcessingFilter } My SecurityConfig.groovy file is : security { // see DefaultSecurityConfig.groovy for all settable/overridable properties active = true loginUserDomainClass = "User" authorityDomainClass = "Role" requestMapClass = "Requestmap" useLdap = true ldapRetrieveDatabaseRoles = false ldapRetrieveGroupRoles = false ldapServer = 'ldap://worf-mi.dapc.kao.au:389' ldapManagerDn = 'CN=sa-ldap-its,OU=Unix Servers for Kerberos,OU=Information Technology Services,OU=Special Accounts,DC=nexus,DC=dpac,DC=cn' ldapManagerPassword = 'Asdf1234' ldapSearchBase = 'OU=People,DC=nexus,DC=dpac,DC=cn' ldapSearchFilter = '(&(cn={0})(objectClass=user))' }

  Read the article

< Previous Page | 242 243 244 245 246 247 248 249 250 251 252 253  | Next Page >