Search Results

Search found 13256 results on 531 pages for 'password policy'.

Page 28/531 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • ADF page security - the untold password rule

    - by ankuchak
    I'm kinda new to Oracle ADF. So, in this blog post I'm going to share something with you that I faced (and recovered from) recently. Initially I thought if I should at all put a blog post on this, because it's totally simple. Still, simplicity is a relative term. So without wasting further time, let's kick off.    I was exploring the ADF security aspect to secure a page through html basic authentication. The idea is very simple and the credential store etc. come into picture. But I was not able to run a successful test of this phenomenally simple thing even after trying for over 30 minutes. This is what I did.   I created a simple jsf page and put a panel in it. And I put a simple el to show the current user name.  Next I created a user that I should test with. I named the password as myuser, just to keep it simple. Then I created an enterprise role and mapped the user that I just created. Then I created an application role and mapped the enterprise role to it. Then I mapped the resource, the simple jsf page in this case, to this application role. This way, only users with the given application role can only access this page (as if you didn't know this duh!).  Of course, I had to create the page definition for the page before I could map it to an application role. What else! done! Then I hit the run menu item and it all went well...   Until... I got this message. I put the correct credentials repeatedly 2-3 times. Still I got the same error. Why? I didn't get any error message during the deployment. nope.  Then, as I said before, I spent over 30 minutes trying different things out, things like mapping only the user(not the role) to the page, changing the context root etc. Nothing worked!  Then of course, I bothered to look at the logs and found this. See the first red line. That says it all. So the problem was with that password. The password must have at least one special character and one digit in it. I think I was misled by the missing password hint/rule and the fact that the deployment didn't fail even if the user was not created properly. Well, yes, I agree that I was fool enough not to look at the logs.  Later I changed the password to something like myuser123# . And it worked. I hope it helped.

    Read the article

  • Session Update from IASA 2010

    - by [email protected]
    Below: Tom Kristensen, senior vice president at Marsh US Consumer, and Roger Soppe, CLU, LUTCF, senior director of insurance strategy, Oracle Insurance. Tom and Roger participated in a panel discussion on policy administration systems this week at IASA 2010. This week was the 82nd Annual IASA Educational Conference & Business Show held in Grapevine, Texas. While attending the conference, I had the pleasure of serving as a panelist in one of many of the outstanding sessions conducted this year. The session - entitled "Achieving Business Agility and Promoting Growth with a Modern Policy Administration System" - included industry experts Steve Forte from OneShield, Mike Sciole of IFG Companies, and Tom Kristensen, senior vice president at Marsh US Consumer. The session was conducted as a panel discussion and focused on how insurers can leverage best practices to mitigate risk while enabling rapid product innovation through a modern policy administration system. The panelists offered insight into business and technical challenges for both Life & Annuity and Property & Casualty carriers. The session had three primary learning objectives: Identifying how replacing a legacy system with a more modern policy administration solution can deliver agility and growth Identifying how processes and system should be re-engineered or replaced in order to improve speed-to-market and product support Uncovering how to leverage best practices to mitigate risk during a migration to a new platform Tom Kristensen, who is an industry veteran with over 20 years of experience, was able was able to offer a unique perspective as a business process outsourcer (BPO). Marsh US Consumer is currently implementing both the Oracle Insurance Policy Administration solution and the Oracle Revenue Management and Billing platform while at the same time implementing a new BPO customer. Tom offered insight on the need to replace their aging systems and Marsh's ability to drive new products and processes with a modern solution. As a best practice, their current project has empowered their business users to play a major role in both the requirements gathering and configuration phases. Tom stated that working with a modern solution has also enabled his organization to use a more agile implementation methodology and get hands-on experience with the software earlier in the project. He also indicated that Marsh was encouraged by how quickly it will be able to implement new products, which is another major advantage of a modern rules-based system. One of the more interesting issues was raised by an audience member who asked, "With all the vendor solutions available in North American and across Europe, what is going to make some of them more successful than others and help ensure their long term success?" Panelist Mike Sciole, IFG Companies suggested that carriers do their due diligence and follow a structured evaluation process focusing on vendors who demonstrate they have the "cash to invest in long term R&D" and evaluate audited annual statements for verification. Other panelists suggested that the vendor space will continue to evolve and those with a strong strategy focused on the insurance industry and a solid roadmap will likely separate themselves from the rest. The session concluded with the panelists offering advice about not being afraid to evaluate new modern systems. While migrating to a new platform can be challenging and is typically only undertaken every 15+ years by carriers, the ability to rapidly deploy and manage new products, create consistent processes to better service customers, and the ability to manage their business more effectively, transparently and securely are well worth the effort. Roger A.Soppe, CLU, LUTCF, is the Senior Director of Insurance Strategy, Oracle Insurance.

    Read the article

  • Simple way to encode a string according to a password?

    - by RexE
    Does Python have a built-in, simple way of encoding/decoding strings using a password? Something like this: >>> encode('John Doe', password = 'mypass') 'sjkl28cn2sx0' >>> decode('sjkl28cn2sx0', password = 'mypass') 'John Doe' I would like to use these encrypted strings as URL parameters. My goal is obfuscation, not strong security. I realize I could use a database table to store keys and values, but am trying to be minimalist.

    Read the article

  • How do I specify a keys password with MSBuild for the purpose of using Hudson?

    - by Brett Ryan
    We have just setup our hudson server to build .NET projects which seems to be working fine, however for projects that require a password when signing the assemblies I can not figure out how to tell hudson what the password is? For us the password is asked the first time a developer checks out the source code and they open with visual studio, how is this stored? Can we just place a secret file somewhere on the server?

    Read the article

  • System recognizes admin password on the Welcome screen but not when elevating

    - by Lee C.
    I set up Windows 7 with a couple of standard accounts, and an administrator account (called Odin). I can log in to Odin just fine from the Welcome screen. While logged into Odin I can do anything that requires administrator privileges without a password: just hit Yes in the User Account Control dialog. If I am logged into one of the other accounts and I do something that requires elevation (e.g. most installers, and some control panel functionality), then Windows presents me with a User Account Control dialog asking "Do you want to allow the following program to make changes to this computer? To continue, type an administrator password, and then click Yes." The account shown in this dialog is Odin, so I enter Odin's password. But Windows redisplays the dialog with the message "Logon failure: unknown user name or bad password." This always happens, and has done so for many months, probably since I first got the computer. Why does Odin's password work from the Welcome screen, but not when elevating? Please note that I am not asking how to recover Odin's password. I remember the password I originally set for Odin, and it works as it should from the Welcome screen, but is not recognized when elevating. The password has no funny characters, just letters and digits. Thanks!

    Read the article

  • What is the best way to password protect folder/page using php without a db or username

    - by Salt Packets
    What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way. It would be nice if the password is remembered for a while once user entered it correctly.

    Read the article

  • Is sending a hashed password over the wire a security hole?

    - by Ubiquitous Che
    I've come across a system that is in use by a company that we are considering partnering with on a medium-sized (for us, not them) project. They have a web service that we will need to integrate with. My current understanding of proper username/password management is that the username may be stored as plaintext in the database. Every user should have a unique pseudo-random salt, which may also be stored in plaintext. The text of their password must be concatenated with the salt and then this combined string may be hashed and stored in the database in an nvarchar field. So long as passwords are submitted to the website (or web service) over plaintext, everything should be just lovely. Feel free to rip into my understanding as summarized above if I'm wrong. Anyway, back to the subject at hand. The WebService run by this potential partner doesn't accept username and password, which I had anticipated. Instead, it accepts two string fields named 'Username' and 'PasswordHash'. The 'PasswordHash' value that I have been given does indeed look like a hash, and not just a value for a mis-named password field. This is raising a red flag for me. I'm not sure why, but I feel uncomfortable sending a hashed password over the wire for some reason. Off the top of my head I can't think of a reason why this would be a bad thing... Technically, the hash is available on the database anyway. But it's making me nervous, and I'm not sure if there's a reason for this or if I'm just being paranoid.

    Read the article

  • How to overcome Local Group Policy Editor's 1023 character limit?

    - by Louis
    I want to reorder the SSL Cipher Suite Order applied as part of KB2919355, prioritizing the forward secrecy suites above all else. Trying to do this with gpedit at Computer Configuration Administrative Templates Network SSL Configuration Settings SSL Cipher Suite Order is a problem because the new list goes over the tool's character limit. Is there anyway to overcome this limit so I don't have to keep the current priority or omit something from the list?

    Read the article

  • How secure is a bluetooth keyboard against password sniffing?

    - by jhs
    In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system?

    Read the article

  • How can i recover a zip password using CUDA (GPU) ?

    - by marc
    How can i recover a zip password on linux using CUDA (GPU). For the past two days i tried using "fcrackzip" but it's too slow Few months back i saw some application that can use GPU / CUDA and get large performance boost in comparison to CPU. If brute-force using cuda is not possible, please tell me what's the best application for performing a dictionary attack, and where can i find best (largest) dictionary. Regards

    Read the article

  • repeated request for wireless password, no wireless connection

    - by Tris
    whenever i try to connect to a wireless network, ubuntu (11.10) asks for the password. when i enter this it thinks for a couple of minutes, then asks for the password again. This happens repeatedly. (it isn't a problem with the wireless modem itself, as i can connect to wireless from the windows 7 opererating system i have running along side ubuntu. If anyone has any ideas about how to fix this they would be much appreciated! Thanks

    Read the article

  • ATI Radeon HD 6870 Driver fails to install default-policy.sh does not support version

    - by Rogue Coder
    I'm running Ubuntu 11.04 Beta, with everything updated completely. I'm using Ubuntu Classic, because Unity fails to run, supposedly because of my video card. The drivers for the Radeon HD 6870 series is apparently lacking, but I found a post stating the newest version has full support for Ubuntu Natty Narwhal. That post is slightly old, so i grabbed 11.3 for Ubuntu x86 off the ATI website. When I run the installation program, I receive the following error: > ./ati-driver-installer-11-3-x86.x86_64.run Created directory fglrx-install.uREFoO Verifying archive integrity... All good. Uncompressing ATI Catalyst(TM) Proprietary Driver-8.831.2......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ===================================================================== ATI Technologies Catalyst(TM) Proprietary Driver Installer/Packager ===================================================================== Error: ./default_policy.sh does not support version default:v2:i686:lib::none:2.6.38-8-generic-pae:; make sure that the version is being correctly set by --iscurrentdistro ===================================================================== ATI Technologies Catalyst(TM) Proprietary Driver Installer/Packager ===================================================================== Error: ./default_policy.sh does not support version default:v2:i686:lib::none:2.6.38-8-generic-pae:; make sure that the version is being correctly set by --iscurrentdistro Removing temporary directory: fglrx-install.uREFoO > I would love to get the latest ATI drivers working so that I can try out Unity!

    Read the article

  • Apply Group Policy to Remote Desktop Services users but not when they log on to their local system

    - by Kevin Murray
    Running Windows Server 2008 Service Pack 2 with Remote Desktop Services role. I want to hide the servers drives using a GPO, but not the users local drives when they are logged on to their local system. Using a GPO, I went to "User Configuration - Policies - Administrative Template - Windows Components - Windows Explorer" and enabled "Hide these specified drives in My Computer" and "Prevent access to drives from My Computer" and in both used "Restrict all drives". Then under "Security Filtering" for the GPO, I restricted it to the system running Remote Desktop Services and the specific users who will be using RDS. I then applied the GPO to our domain and it worked a little too well. Not only was I successful in getting the GPO to work for RDS users, but it also affected those same users at their local systems as well. I've tried everything I can think of, but can't figure out how to apply this just to the RDS but not at their local system. What am I missing?

    Read the article

  • When is a domain computer account scheduled to change the password?

    - by Jason Stangroome
    I understand domain-joined computers have machine accounts in AD and these accounts have passwords that expire (apparently every 30 days by default) and those passwords are automatically changed without user intervention. Given that this is known to cause issues when restoring snapshots of domain-joined virtual machines, is it possible to query the domain-joined computer or AD to determine when the machine account password is next scheduled to be changed?

    Read the article

  • How to Reset Your Forgotten Domain Admin Password on Server 2008 R2

    - by Taylor Gibb
    Forgetting your password is always a pain, but luckily there’s an easy way to reset your Domain Administrator password. All you need is a copy of the Windows Server 2008 R2 installation disk and one simple command line trick. HTG Explains: What Is Windows RT and What Does It Mean To Me? HTG Explains: How Windows 8′s Secure Boot Feature Works & What It Means for Linux Hack Your Kindle for Easy Font Customization

    Read the article

  • Using a saved password for remote desktop access from Windows 7

    - by TATWORTH
    This past week I have been accessing a remote server by remote desktop access from a Windows 7 PC. Whilst I could save the password, windows 7 will not use it if the remote system is not fully verified. The fix is excellently documented at http://www.perceptible.net/post/2009/02/03/How-To-Enable-Use-of-Saved-Credentials-with-Remote-Desktop-to-Almost-Fully-Authenticated-Machines.aspx I used it and the connection process stopped asking for the password to be re-entered! (n.b. no gpedit -force is required)

    Read the article

  • Package version updates policy

    - by Sandman4
    Not sure if here it's the right place to ask, if not - please point me to the right direction. Let's say there's a package, for the sake of real-world example - bind9. In Precise and in Quantal it's version 9.8.1. The original developer (ISC) currently provide versions 9.8.4 which is a bugfix release in the 9.8 line, and 9.9.2 which is a "new features" branch. It looks like when a security issue is encountered, the specific bugfix is backported into 9.8.1. Now the question: Why maintainers don't just update to the latest bugfix release ? Why to backport only certain patches ? Is it intentionally or just there's no maintaner who would take the effort to update to the latest bugfix release ?

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >