Search Results

Search found 4187 results on 168 pages for 'secure erase'.

Page 26/168 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • How would you secure a home router with a self-signed certificate?

    - by jldugger
    littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

    Read the article

  • How would you secure a home router with a self-signed certificate?

    - by jldugger
    littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

    Read the article

  • How to secure postfix to find out whether the emails are coming really from the sender?

    - by codeworxx
    Is it possible to secure postfix in a way, that incoming emails are checked on whether the email comes really from the sender? Is that possible to write php script and chose a sender, like the mail is really coming from the sender and what are the possibilities for postfix to find out that this mail is not actually coming from the real sender? What I have found out and activated are the options smtpd_sender_restrictions = reject_unknown_sender_domain unknown_address_reject_code = 554 smtpd_client_restrictions = reject_unknown_client unknown_client_reject_code = 554 Please mention, whether I have missed out on any points!

    Read the article

  • why does text from socket server erase previously written text?

    - by mix
    This is strange enough I'm not sure how to search for an answer. I have a program in Python that communicates via TCP/IP sockets to a telnet-based server. If I telnet in manually and type commands like this: SET MDI G0 X0 Y0 the server will spit back a line like this: SET MDI ACK Pretty standard stuff. Here's the weird part. If, in my code, I precede my printing of each of these lines with some text, the returned line erases what I'm trying to print before it. So for example, if I write the code so it should look like this: SENT: SET MDI G0 X0 Y0 READ: SET MDI ACK What I get instead is: SENT: SET MDI G0 X0 Y0 SET MDI ACK Now, if I make the "READ: " text a bit longer, I can get a better idea of what's happening. Let's say I change READ: to 12345678901234567890, so that it should read as: 12345678901234567890: SET MDI ACK What I get instead is: SET MDI ACK234567890: So it seems like whatever text I'm getting back from the server is somehow deleting what I'm trying to precede it with. I tried saving all of my saved lines in a list, and then printing them out at the end, but it does exactly the same thing. Any ideas on what's going on, or even on how to debug this? Is there a way to get Python to show me any hidden chars in a string, for example? thx!

    Read the article

  • Linux rpm installs but cannot erase. Why?

    - by rmosley
    My Perl code installed several (4) rpm files as root. the next install removes them (rpm -e) before installing a newer version. One does not remove, with rpm -e giving the error that it is not installed. However, later when the updated file is installed, the message is given that it is already installed. Manual attempts to remove give the same results. My questions are how to force removal something from the rpm database, and why does this contradication exist (not installed from rpm -e and already installed from rpm -Uvh and rpm -ivh)?

    Read the article

  • How to secure access to SWF file using ASP.NET?

    - by elsharpo
    hi guys, We have a swf file that we want to secure and make available only to authorized users. I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example. However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure. Any help would be greatly appreciated! Thanks!

    Read the article

  • How to configure grails and shiro to mark cookies secure?

    - by j4y
    I'm using Grails 2.2.4 with the Shiro plugin (v1.1.4) and would like to mark the cookies as secure so the session information won't be sent over http. This is the attribute I want to set: securityManager.sessionManager.sessionIdCookie.secure = true The shiro source says to use the Grails bean property override mechanism, which is grails-app/conf/spring/resources.groovy How can I override just the one setting? // If the legacy 'security.shiro.filter.config' option is set, // use our custom INI-based filter... if (application.config.security.shiro.filter.config) { log.warn "security.shiro.filter.config option is deprecated. Use Grails' bean property override mechanism instead." 'filter-class'('org.apache.shiro.grails.LegacyShiroFilter') 'init-param' { 'param-name'('securityManagerBeanName') 'param-value'('shiroSecurityManager') }

    Read the article

  • Best practice to send secure information over e-mail?

    - by Zolomon
    I have to send sensitive information (name, address, social security number etc.) collected from a website, that has been entered by a user, to an e-mail address. What is the best course of action to make the information secure and easy to extract on the receiver side? Edit: I will be using ASP.NET for the website, not sure what it has for capabilities on this matter. Edit: If I decide to store the information in a database and just send a mail when a new entry has been made, would this be better? And create some secure way to dump the information instead.

    Read the article

  • How to use separat block caches for secure and unsecure shop access in Magento?

    - by Uwe Mesecke
    I use the Magento block cache for the top navigation block. The problem is the block has to generate some urls for files in the skin directory that cannot be put into css files as the file names depend on category model data. Now when I open magento using a secure connection (https://) the navigation block is fetched from the cache and is sent to the browser but with the http:// urls resulting in a warning in most browsers about unsecure elements on the page. I'd like the have separat caches for secure and unsecure connections. The navigation block extends the class Mage_Catalog_Block_Navigation and therefore has the following cache configuration: $this->addData(array( 'cache_lifetime' => false, 'cache_tags' => array(Mage_Catalog_Model_Category::CACHE_TAG, Mage_Core_Model_Store_Group::CACHE_TAG), ));

    Read the article

  • Secure way to run other people code (sandbox) on my server?

    - by amikazmi
    I want to make a web service that run other people code locally... Naturally, I want to limit their code access to certain "sandbox" directory, and that they wont be able to connect to other parts of my server (DB, main webserver, etc) Whats the best way to do it? Run VMware/Virtualbox: (+) I guess it's as secure as it gets.. even if someone manage to "hack".. they only hack the guest machine (+) can limit the cpu & memory the process uses (+) easy to setup.. just create the VM (-) harder to "connect" the sandbox directory from the host to the guest (-) wasting extra memory and cpu for managing the VM Run underprivileged user: (+) doesnt waste extra resources (+) sandbox directory is just a plain directory (?) cant limit cpu and memory? (?) dont know if it's secure enough... Any other way? Server running Fedora Core 8, the "other" codes written in Java & C++

    Read the article

  • iPhone / ios development - best way to check if password is secure enough?

    - by Pranoy C
    what is the best way to check the strength of a password in iOS development? I came across this post: What is the best way to check the strength of a password? but this is not iOS specific. My question is - Does Apple or third party libraries provide any libraries by default which I can use to check if the user entered a secure password? If not, then as the above post says, is using regular expressions the best way? Does Apple have any requirements which our app needs to implement to make sure user has a secure password? I am planning on using the keychain to store the password.

    Read the article

  • How can I provide secure web content to mobile devices that can't access an intranet?

    - by evanmcd
    I'm working with a client on development web content for their intranet. We want users to be able to access a version of the content on their mobile devices, but most of them don't have the VPN capability to get on to their intranet. I'm wondering if anyone has had experience with this and can recommend a solution. One other thing to consider is that the content is not mission critically secure. If someone outside the company gained access to it, it would not represent a major issue, only a minor annoyance. Thanks for any advice.

    Read the article

  • Which is the most independent and secure email service? [closed]

    - by Rafal
    I'm looking for a provider with a secure transfer protocol (like https) Secured (as much as it is possible) from being hacked or spied on. One that won't scan my email in order to display more accurate ads. One that won't sell my personal information. One that won't disclose my emails to some sort of government (it probably must be based outside of US or Chinese jurisdiction I reckon) Encrypted if possible. It can be simple and without huge storage. If you know/use any similar service I would be really grateful if you could point me there. Cheerz

    Read the article

  • How to secure Firefox traffic (+DNS) through SOCKS proxy under Ubuntu 10.04?

    - by Maarx
    I'm using Ubuntu 10.04, and starting a SOCKS proxy with 'ssh -D', and setting Ubuntu to use it with "System - Preferences - Network Proxy". Firefox uses the proxy, and the proxy's IP appears when I visit a site like http://www.whatismyip.com/. My question is, is Firefox resolving DNS requests through this proxy? Is my web-browsing truly secure? (That is, until I exit the other end of the proxy. I know it's insecure after that.) (And I've verified the keys, I'm not being man-in-the-middled) (And--screw it. You know what I mean. Is it resolving DNS requests through the proxy?) I don't know how I would go about verifying such a thing for myself. Using additional hardware such as another debugging proxy is not an option. If Firefox isn't resolving my DNS requests through the SOCKS proxy, how do I go about fixing it?

    Read the article

  • How to secure both root domain and wildcard subdomains with one SSL cert?

    - by Question Overflow
    I am trying to generate a self-signed SSL certificate to secure both example.com and *.example.com. Looking at the answers to this and this questions, there seems to be an equal number of people agreeing and disagreeing whether this could be done. However, the website from a certification authority seems to suggest that it could be done. Currently, these are the changes added to my openssl configuration file: [req] req_extensions = v3_req [req_distinguished_name] commonName = example.com [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = example.com DNS.2 = *.example.com I tried the above configuration and generated a certificate. When navigating to https://example.com, it produces the usual warning that the cert is "self-signed". After acceptance, I navigate to https://abc.example.com and an additional warning is produced, saying that the certificate is only valid for example.com. The certificate details only listed example.com in the certificate hierarchy with no signs of any wildcard subdomain being present. I am not sure whether this is due to a misconfiguration or that the common name should have a wildcard or that this could not be done.

    Read the article

  • Is there anyway I can secure my connection when I try to log in to my router remotely?

    - by HardwareMuch
    I'm trying to configure my desktop to be accessed remotely. Here's what I've done so far: enabled wake on lan / remote wake up on all interfaces. I'm using logmein as my remote desktop application. setup DDNS so that I can log in to my router. When I try to remotely log in to my router it says that it is not encrypted there anyone can see my log in information. What can I do to make this a more secure setup? Any other suggestions or different methods will be greatly appreciated.

    Read the article

  • Is there anyway I can secure my connection when I try to log in to my router from remotely?

    - by HardwareMuch
    I'm trying to configure my desktop to be accessed remotely. Here's what I've done so far: enabled wake on lan / remote wake up on all interfaces. I'm using logmein as my remote desktop application. setup DDNS so that I can log in to my router. When I try to remotely log in to my router it says that it is not encrypted there anyone can see my log in information. What can I do to make this a more secure setup? Any other suggestions or different methods will be greatly appreciated.

    Read the article

  • Is visiting HTTPS websites on a public hotspot secure?

    - by Calmarius
    It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of years to decrypt if using brute force in theory. Let's assume I'm on a public wifi and there is a malicious user on the same wifi who sniffs every packet. Now let's assume I'm trying to access my gmail account using this wifi. My browser does a SSL/TLS handshake with the server and gets the keys to use for encryption and decryption. If that malicious user sniffed all my incoming and outgoing packets. Can he calculate the same keys and read my encrypted traffic too or even send encrypted messages to the server in my name?

    Read the article

  • File/folder Write/Delete wise, is my server secure?

    - by acidzombie24
    I wanted to know if someone got access to my server by using a nonroot account, how much damage can he do? After i su someuser I used this command to find all files and folders that are writeable. find / -writable >> list.txt Here is the result. Its most /dev/something and /proc/something and these /var/lock /var/run/mysqld/mysqld.sock /var/tmp /var/lib/php5 Is my system secure? /var/tmp makes sense but i am unsure why this user has write access to those folders. Should i change them? stat /var/lib/php5 gives me 1733 which is odd. Why write access? why no read? is this some kind of weird use of a temp file?

    Read the article

  • Reasonably Secure Alternative to Poptop PPTP Server for Ubuntu server and Windows clients?

    - by wag2639
    I have a poptp server running on a old Fedora server but I'm upgrading to an Ubuntu 10.04 server. I was wondering if there are any good, reasonable secure alternatives to poptop that in can install on our new Ubuntu server as a way to get VPN access from Windows clients (XP and 7) to get remote access into our Intranet. We only use the VPN to access files located inside the network; we do not need to use it as a proxy/gateway. I've looked into openVPN but it seemed way too complicated and I would prefer something built into Windows. A Windows 7 only solution is OK.

    Read the article

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >