Search Results

Search found 13196 results on 528 pages for 'security audit'.

Page 28/528 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Security-Active Application in background-Does it store image of current screen

    - by user1509593
    Is this a probable security flaw. A user in public (lets say Starbucks) tries to log in to iOS application. He enters user id and password [Password is hidden using xxxxxxxx (not exposed)] and a call comes in or he presses home and the application goes to background. a) Does iOS store an image of current screen b) A malicious hacker with intent takes control of the device. Can he read the password ? Do we have to clear out sensitive information while going to background

    Read the article

  • File System and security (PHP)

    - by Felicita
    Consider a simple file upload system written in php. Customer has access only in admin panel. (Not FTP). He may change folder option from 707 to 755 for security issue. How can do this? Can we do this from upload script ? If yes is this a secure application?

    Read the article

  • Thread pool stack security issue

    - by elmatador
    In a naive implementation of a thread pool, can a piece of code that is being executed read the data left by some previous code on the stack (if it was running on the same thread instance)? Also, are there any other inherent security issues connected to thread pools?

    Read the article

  • Security Resources Defining, Static/Dynamic

    - by mmontalvo
    I am implementing a simple(hopefully) security manager within an application. Is it better to have predefined(static) roles, custom roles(dynamic)? I am leaning more towards dynamic groups or roles only because then it would not require a redeploy to update the system. Also, what would be the best approach to define resources in general? The application has a database that can hold either the static or dynamic values.

    Read the article

  • spring-security and jsf

    - by Mike
    Hi! i am developing in JSF a Spring Security application. the login form is fine. however, when i try to retrieve the authentication object, in future code, i always get the authentication pricipal as anonymous. i try to fetch is like this: Authentication auth = SecurityContextHolder.getContext().getAuthentication();

    Read the article

  • What is New in ASP.NET 4.0 Code Access Security

    - by HosamKamel
    ASP.NET Code Access Security (CAS) is a feature that helps protect server applications on hosting multiple Web sites, ASP.NET lets you assign a configurable trust level that corresponds to a predefined set of permissions. ASP.NET has predefined ASP.NET Trust Levels and Policy Files that you can assign to applications, you also can assign custom trust level and policy files. Most web hosting companies run ASP.NET applications in Medium Trust to prevent that one website affect or harm another site etc. As .NET Framework's Code Access Security model has evolved, ASP.NET 4.0 Code Access Security also has introduced several changes and improvements.   A Full post addresses the new changes in ASP.NET 4.0 is published at Asp.Net QA Team Here http://weblogs.asp.net/asptest/archive/2010/04/23/what-is-new-in-asp-net-4-0-code-access-security.aspx

    Read the article

  • Oracle Database Security Protecting the Oracle IRM Schema

    - by Simon Thorpe
    Acquiring the Information Rights Management technology in 2006 was part of Oracle's strategic security vision and IRM compliments nicely the overall Oracle security set of solutions. A year ago I spoke about how Oracle has solutions that can help companies protect information throughout its entire life cycle. With our acquisition of Sun this set of solutions has solidified and has even extended down to the operating system and hardware level. Oracle can now offer customers technology that protects their data from the disk, through the database to documents on the desktop! With the recent release of Oracle IRM 11g I was tasked to configure demonstration and evaluation environments and I thought it would make a nice story to leverage some of the security features in the latest release of the Oracle Database. After building these environments I thought I would put together a simple video demonstrating how both Database Advanced Security and Information Rights Management combined can provide a very secure platform for protecting your information. Have a look at the following which highlights these database security options.Transparent Data Encryption protecting the communication from the Oracle IRM server to the Database server. Encryption techniques provide confidentiality and integrity of the data passing to and from the IRM service on the back end. Transparent Data Encryption protecting the Oracle IRM database schema. Encryption is used to provide confidentiality of the IRM data whilst it resides at rest in the database table space. Database Vault is used to ensure only the Oracle IRM service has access to query and update the information that resides in the database. This is an excellent method of ensuring that database administrators cannot look at or make changes to the Oracle IRM database whilst retaining their ability to administrate the database. The last thing you want after deploying an IRM solution is for a curious or unhappy DBA to run a query that grants them rights to your company financial data or documents pertaining to a merger or acquisition.

    Read the article

  • Best way to fix security problems caused by windows updates?

    - by Chris Lively
    I have a laptop running Windows 7 32-bit. Last nights security updates caused my logitech mouse to stop working (specifically, it caused several USB ports to stop altogether). After reviewing the system event log I found that the IPBusEnum component was failing due to an activation security error. A little more research and I found that this was caused by the TrustedInstaller replacing the security permissions on those keys and generally mucking them up. To fix this I had to open regedit, take ownership of ALL the keys related to IPBusEnum and force it to use the inherited permissions from the tree. Is there a better way to fix this when MS screws up the updates? I would hate to have to walk around to a number of machines and manually fix the registry key security settings.

    Read the article

  • Plugging the Cisco ASA Security Hole

    Cisco dominates the networking hardware market, and with its Adaptive Security Appliance it is extending its reach into network security. The ASA, however, can introduce a security issue. Learn how to resolve it so you can get the most out of this powerful tool.

    Read the article

  • Security exception in Twitterizer [closed]

    - by Raghu
    Possible Duplicate: Security exception in Twitterizer Hi, We are using Twitterizer for Twitter integration to get the Tweets details. When making call to the method OAuthUtility.GetRequestToken, following exception is coming. System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. When the application is hosted on IIS 5, the application works fine and the above error is coming only when the application is hosted in IIS 7 on Windows 2008 R2. and the method OAuthUtility.GetRequestToken throws above exception. It seems the issue is something with code access security. Please suggest what kind of permissions should be given to fix the security exception. The application has the Full Trust and I have even tried by registering the Twitterizer DLL in GAC and still the same error is coming. I am not sure what makes the difference between IIS 5 and IIS 7 with regards to code access security to cause that exception. Any help would be greatly appreciated. Thanks in advance. Regards, Raghu

    Read the article

  • Is it possible to create a read-only user account for security auditing purposes?

    - by user2529583
    An organization requires several administrators to have a role of a security auditor. They must have read-only (via network/remote) access to Windows Server 2008 / R2 systems and have permissions to view the server configuration. They must not be able to make any other changes to the server or the network, like restarting or making any configuration chanages. However I can't find any built-in settings for a user like this. The closest thing is the "Users" user group [1], however from my understanding every user in the domain is in this group and cannot view the domain server's configuration. So, what are other options of implementing a read-only user account in Windows Server 2008? [1] http://technet.microsoft.com/en-us/library/cc771990.aspx

    Read the article

  • What are the "must " security tools for small organizations ?

    - by Berkay
    One of my friend has started a company, it's a small-scale company that has a 40 workers.There is two guys also responsible for the security and IT related issues.He is managing the LAN, Webpage of the company, e-mail configuration, printer hardware modification, application deployment etc. In this point, to provide the security measures including access controls, authentication, web server security etc. Which tools do you use for securing, monitoring and controlling the system ? Are you paying for these tools or are they open source? This question is due to the security administrators requests to my friend.He offers to get some tools for the company and my friend hesitates to pay that much on them (what he mentioned me.)

    Read the article

  • June 17, 2010 Webcast - 5 Security Tips To Reduce Cost Using Oracle Directory Services

    - by mark.wilcox
    We're delivering another webcast on June 17 (next week!): 5 Security Tips To Reduce Cost Using Oracle Directory Services  Organizations with business units spread around the world face costly and time consuming security concerns. However, many of these companies are forced to deal with increased scrutiny and security demands while resources are reduced. This live webcast focuses on concrete ways IT organizations can use directory services to do more with less.  Posted via email from Virtual Identity Dialogue

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >