Search Results

Search found 120608 results on 4825 pages for 'code access security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 28/4825 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Oracle OpenWorld 2012: Focus On Database Security

    - by Troy Kitch
    Oracle OpenWorld 2012 is going to be the place to learn about Oracle Database Security solutions including Oracle Advanced Security with transparent data encryption, Database Vault, Audit Vault and Database Firewall, Label Security, and more. We've put together this Focus On Database Security document so you'll know when and where to attend the key database security sessions, and not miss a thing. 

    Read the article

  • Howt to grant network access to LocalSystem account?

    - by Ian Boyd
    How do you grant access to network resources of the LocalSystem (NT AUTHORITY\SYSTEM) account? When accessing the network, the LocalSystem account acts as the computer on the network: ...and acts as the computer on the network. Or to say the same thing again: The LocalSystem account acts as the computer on the network: When a service runs under the LocalSystem account on a computer that is a domain member, the service has whatever network access is granted to the computer account, or to any groups of which the computer account is a member. How does one grant a "computer" access to a shared folder and files? Note: Computer accounts typically have few privileges and do not belong to groups. So how would i grant a computer access to one of my shares; considering that "Everyone" already has access? Note: workgroup

    Read the article

  • 2012 Independent Oracle Users Group Survey: Closing the Security Gap

    - by jgelhaus
    What Security Gaps Do You Have? The latest survey report from the Independent Oracle Users Group (IOUG) uncovers trends in IT security among IOUG members and offers recommendations for securing data stored in enterprise databases. According to the report, “despite growing threats and enterprise data security risks, organizations that do implement appropriate detective, preventive, and administrative controls are seeing significant results.” Download a free copy of the 2012 IOUG Data Security Survey Report and find out what your business can do to close the security gap. 

    Read the article

  • UNIX-Security Advise

    - by Phoibe
    Hello, I want to build a quite secure UNIX-Server. Mechanisms I already implemented: SNORT + fwsnort for banning psad to block network-scanning attempts Portknocking to start+open SSH (key-based login - no password) hourly update of IP-Tables-Rules from a Security-Subscription Fail2Ban ClamAV & Rootkithunter + Logwatch What service-independent security mechanism would you add to this? What mechanism are you using? The server will run Apache&Postfix. For Apache hiding the server-information ofc. and nothing I can think of for Postfix. Thanks

    Read the article

  • Linux EC2 Instance Security Consideration

    - by Amzath
    I am going to host a web site in Amazon EC2 instance which would be a Linux instance. My web application will be developed using PHP, Apache and MySql. As I am new to Linux and Amazon EC2 environment, what are key areas in security should I consider to protect my server? This may be very very generic question as the security itself a vast area. But I need to kick start with most imporant points. That way I would be able to track down all those areas one by one.

    Read the article

  • Security and Windows Login

    - by Mimisbrunnr
    I'm not entirely sure this is the right place for the is question but I cannot think of another so here goes. In order to login to the windows machines at my office one must press the almighty CTRL-ALT-DELETE command combo first. I, finding this very frustrating, decided to look into why and found claims from both my sys and Microsoft stating that it's a security feature and that "Because only windows could read the CTRL-ALT-DELETE it helped to ensure that an automated program cannot log in. Now I'm not a master of the windows operating system ( as I generally use *nix ) but I cannot believe that "Only windows can send that signal" bull. It just doesn't sit right. Is there a good reason for the CTRL-ALT-DELETE to login thing? is it something I'm missing? or is it another example of antiquated legacy security measures?

    Read the article

  • VMware Workstation 9 Security Best Practice Guides

    - by slickboy
    Could someone please point me in the direction of where I could find some best practice securiy guides for VMware Workstation 9 please? I've searched the VMware site and to say it's badly organised is an understatement! I've been able to find general setup guides but nothing with a specific focus on security. I'm also wondering is there any best practice guides that I should follow when installing Windows 7 Professional and Windows Server 2008 R2 on VMware Workstation 9? I obviously will be implementing Microsofts recommended security best practices but I'd be very interested in any recommendations for virtualizing these operating systems. Any help is much appreciated.

    Read the article

  • Need help on implementing corporate network security solution and coming up with time lines to test it

    - by abc
    I have to come up with a proposal to implement corporate network security. Once I have done that I also have to come up with estimates on the time / money needed to test (QA) the implementation. What I need help with: What should I keep in mind while coming up with this proposal? I have already considered: Routers, Firewalls, VPN, Wireless, Server System, Web Apps etc. I know I am missing quite a lot. What else should I include? This the most challenging part I feel: How should I estimate the time needed for testing these security implementations? I guess I need to understand how can I test these security implementations first...right? Can you help me?

    Read the article

  • windows 7 security settings for non-admins

    - by Wasi
    I was recently modifying the security settings for my drive C. I did not notice that i was logged in as a user and changed the permissions for users to "read". Later i realized that there was no admin set up on the pc (when switching user). Now with the security settings changed I can't do anything on the computer. I can only read the files that previously existed. And this applies to every drive on my computer. Now the user accounts do not have the privileges to change the permissions. How can i allow users to have full control without having admin on my pc

    Read the article

  • Windows 7 Open File Security Warning

    - by Lucy
    I downloaded something and now, it is show this open file security warning. I have searched but I have only found how to disable security warnings globally. I only want to say NO forever to this warning, but it keeps showing up whenever Windows starts. The "Name" and "From" are: "C:/Users/MyUser/AppData/Local/Temp/Windows-Update.exe" I cannot even find that folder and file! I don't really know what was downloaded, I am helping someone else. (I am not a Windows user, so I am very lost here)

    Read the article

  • What's the best language combo for code generation?

    - by Peter Turner
    I read through Code Generation in Action but never bothered to make anything of it because Ruby just doesn't fit with my lifestyle at this juncture. The book came out more on the cusp of the C# revolution, and it said that C# "was a language designed to be generated", apparently using Ruby as the generator language. In your experience, what is the ideal combination of languages to generate the most useful code?

    Read the article

  • Need Help in Pointing to focus on the Key elements in Code Review Phase?

    - by Sankar Ganesh
    Hi Friends, Let us share your views on the Code Review process, If someone gave a code snippet and ask you to review that code, then what are the major things you will focus on that code Review process. For Instance: I will check any dead code is available in that code, other than Checking Dead Code, what are the key elements to be focused on CODE REVIEW PROCESS. Thanks For Sharing Your Views Sankar Ganesh.S

    Read the article

  • Running PHP scripts as the owner of the PHP file: security issues

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Using SQL Server specific code in Access linked to SQL Server database

    - by Brennan Vincent
    Hi, I have an access file that is linked (through an ODBC connection) to a SQL Server 2008 database. I am trying to write some reports against this database. However, Access chokes when I write the select query of the report with SQL syntax specific to SQL Server that doesn't exist in access. Shouldn't this work, since it's the SQL Server engine running the queries and just sending the data back to Access to display? Is there any way to get this to work? Need this to work on any combination of Access 2007 and 2010, and SQL Server 2005 and 2008. Edit Note: I cannot create a SQL Server stored procedure or function, or otherwise modify the original (SQL Server) schema in any way.

    Read the article

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Improving server security [closed]

    - by Vicenç Gascó
    I've been developing webapps for a while ... and I always had a sysadmin which made the environment perfect to run my apps with no worries. But now I am starting a project on myself, and I need to set up a server, knowing near to nothing about it. All I need to do is just have a Linux, with a webserver (I usually used Apache), PHP and MySQL. I'll also need SSH, SSL to run https:// and FTP to transfer files. I know how to install almost everything (need advice about SSL) with Ubuntu Server, but I am concerned about the security topic ... say: firewall, open/closed ports, php security, etc ... Where can I found a good guide covering this topics? Everything else in the server... I don't need it, and I wanna know how to remove it, to avoid resources consumption. Final note: I'll be running the webapp at amazon-ec2 or rackspace cloud servers. Thanks in advance!!

    Read the article

  • Quality of Code in unit tests?

    - by m3th0dman
    Is it worth to spend time when writing unit tests in order that the code written there has good quality and is very easy to read? When writing this kinds of tests I break very often the Law of Demeter, for faster writing and not using so many variables. Technically, unit tests are not reused directly - are strictly bound to the code so I do not see any reason for spending much time on them; they only need to be functionaly.

    Read the article

  • What should come first: testing or code review?

    - by Silver Light
    Hello! I'm quite new to programming design patterns and life cycles and I was wondering, what should come first, code review or testing, regarding that those are done by separate people? From the one side, why bother reviewing code if nobody checked if it even works? From the other, some errors can be found early, if you do the review before testing. Which approach is recommended and why? Thank you!

    Read the article

  • Business layer access to the data layer

    - by rerun
    I have a Business layer (BL) and a Data layer (DL). I have an object o with a child objects collection of Type C. I would like to provide a semantics like the following o.Children.Add("info"). In the BL I would like to have a static CLASS that all of business layer classes uses to get a reference to the current datalayer instance. Is there any issue with that or must I use the factory pattern to limit creation to A class in the BL that knows the DL instance.

    Read the article

  • How to prevent code from leaking outside work?

    - by AeroCross
    I'm working on an institution that has a really strong sense of "possession" - each line of software we write should be only ours. Ironically, I'm the only programmer (ATM), but we're planning in hiring others. Since my bosses wouldn't count the new programmers as people they can trust, they have an issue with the copies of the source code. We use Git, so they would have a entire copy of each of the projects they work on, when they clone the repository. We can restrict access to them to a single key with Gitolite and bind that to their PC's, but they can copy those keys to another computer and they would have the repository access in another PC. Also (and the most obvious method) they could just upload the files somewhere else, add another remote, or just copy the files to an USB drive. Is there any (perhaps clever) way to prevent events like these?

    Read the article

  • Remote desktop Client versus Web based access to reports and limited data entry

    - by Voyager
    We have a requirement from management to give limited access of our Application to Distributors \ Dealers to look at their account statements in our books of account, enter their purchase requirements (sales order for us). We have given a few of them the RDC who connect to our terminal server and access the reports. This involves licensing of TS Client per each distributor. Is it more better, secure and less costly if a web based application is made to only enter the orders and retrive reports like pending orders, ledgers, receivables etc. Also which is more secure as far as database access is concerened...browser based access or RDC access. Please answer.

    Read the article

  • WCF fails to deserialize correct(?) response message security headers (Security header is empty)

    - by Soeteman
    I'm communicating with an OC4J webservice, using a WCF client. The client is configured as follows: <basicHttpBinding> <binding name="MyBinding"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> <message clientCredentialType="UserName" algorithmSuite="Default"/> </security> </binding> My clientcode looks as follows: ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy(); string username = ConfigurationManager.AppSettings["user"]; string password = ConfigurationManager.AppSettings["pass"]; // client instance maken WebserviceClient client = new WebserviceClient(); client.Endpoint.Binding = new BasicHttpBinding("MyBinding"); // credentials toevoegen client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; //uitvoeren request var response = client.Ping(); I've altered the CertificatePolicy to accept all certificates, because I need to insert Charles (ssl proxy) in between client and server to intercept the actual Xml that is sent across te wire. My request looks as follows: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2010-04-01T09:47:01.161Z</u:Created> <u:Expires>2010-04-01T09:52:01.161Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-9b39760f-d504-4e53-908d-6125a1827aea-21"> <o:Username>user</o:Username> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username- token-profile-1.0#PasswordText">pass</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <getPrdStatus xmlns="http://mynamespace.org/wsdl"> <request xmlns="" xmlns:a="http://mynamespace.org/wsdl" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> <a:IsgrStsRequestTypeUser> <a:prdCode>LEPTO</a:prdCode> <a:sequenceNumber i:nil="true" /> <a:productionType i:nil="true" /> <a:statusDate>2010-04-01T11:47:01.1617641+02:00</a:statusDate> <a:ubn>123456</a:ubn> <a:animalSpeciesCode>RU</a:animalSpeciesCode> </a:IsgrStsRequestTypeUser> </request> </getPrdStatus> </s:Body> </s:Envelope> In return, I receive the following response: <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://mynamespace.org/wsdl"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1" /> </env:Header> <env:Body> <ns0:getPrdStatusResponse> <result> <ns0:IsgrStsResponseTypeUser> <ns0:prdCode>LEPTO</ns0:prdCode> <ns0:color>green</ns0:color> <ns0:stsCode>LEP1</ns0:stsCode> <ns0:sequenceNumber xsi:nil="1" /> <ns0:productionType xsi:nil="1" /> <ns0:IAndRCode>00</ns0:IAndRCode> <ns0:statusDate>2010-04-01T00:00:00.000+02:00</ns0:statusDate> <ns0:description>Gecertificeerd vrij</ns0:description> <ns0:ubn>123456</ns0:ubn> <ns0:animalSpeciesCode>RU</ns0:animalSpeciesCode> <ns0:name>gecertificeerd vrij</ns0:name> <ns0:ranking>17</ns0:ranking> </ns0:IsgrStsResponseTypeUser> </result> </ns0:getPrdStatusResponse> </env:Body> </env:Envelope> Why can't WCF deserialize this response header? I'm getting a "Security header is empty" exception: Server stack trace: at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout) at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Who knows what is going on here? I've already tried Rick Strahl's suggestion and removed the timestamp from the request header. Any help greatly appreciated!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >