Search Results

Search found 13256 results on 531 pages for 'password policy'.

Page 29/531 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

  • Facebook contest policy no-no?

    - by Fred
    I would like to post a link on a Facebook page where it will exit Facebook entirely and go to a client's website, where people will be on a page (client's) where they can enter their e-mail address to be entered in a temporary database file with rules and disclosures etc., for a draw once the number of entries reaches 100 for instance. Once the number of entries reaches 100, a random winner is picked and notified via E-mail. The functionality is as follows: A link is place on a Facebook page leading to an external page The page is a form to merely enter their email address for a contest The email is placed in a temporary file An automatic E-mail is sent to the address used for confirmation using SHAH-256 hash The person receives the Email saying something to the affect "Please confirm your Email address etc. - If you did not authorize this, simply ignore this message and no further action will be taken". If the person clicks on the confirmation link, the Email is then stored in the database and the person is again notified saying "Thank you for signing up etc." Once others do the same process and the database reaches a certain number, the form is no longer accessible and automatically picks a random Email. Once picked, an Email is automatically sent to the winner stating the instructions, and notifying me also. Once that person clicks yet another confirmation link, the database is then automatically deleted. I have built this myself and have no intentions of breaking any rules, nor jeopardize the work/time/energy I have put into this project. Is this allowed?

    Read the article

  • How do I password protect my printer in Windows 7?

    - by Dillie-O
    I have two young kids who have gotten rather computer saavy. They love playing their games, especially when it allows them to print out awards or coloring pages. Unfortunately this means that in the time it takes to refresh my cup of coffee, they can easily drop a 10 page document into the printer queue, and my printer ink runs out rather fast. How would I setup some kind of password protection on the printing, so that I would have to do some kind of final approval before they get their printouts?

    Read the article

  • Require password to login to Nexus 7

    - by gnudoc
    The default behavior in the Nexus 7 Image is to log straight in to the default user's desktop, bypassing the lightdm greeter. This seems like an acceptable behavior for testing the core but it's clearly insecure. I've changed the default password and would like lightdm to actually require the password to be entered, rather than just having a button that says "login". I've turned automatic login on and off in System Settings ? User Accounts but this doesn't help. Any suggestions?

    Read the article

  • WINDOWS - Deleting Temporary Internet Files through Group Policy

    - by Muhammad Ali
    I have a domain controller running on Windows 2008 Server R2 and users login to application servers on which Windows 2003 Server SP2 is installed. I have applied a Group Policy to clean temporary internet files on exit i.e to delete all temporary internet files when users close the browser. But the group policy doesn't seem to work as user profile size keeps on increasing and the major space is occupied by temporary internet files therefore increasing the disk usage. How can i enforce automatic deletion of temporary internet files?

    Read the article

  • Time until Members added to Group Policy is Replicated

    - by Kyle Brandt
    If I have a group policy, and add a group/user/machine etc to that group policy, how long is it until all domain controllers have that change in effect? This is a Windows 2003 Domain set up with controllers at different geographic locations (Each with a different L3 network). I realize it probably depends, but how do I figure out how long it generally takes for my given setup? Also, is there an event I can check to see if it has a reached a particular domain controller?

    Read the article

  • Configure non-destructive Amazon S3 bucket policy

    - by Assaf
    There's a bucket into which some users may write their data for backup purposes. They use s3cmd to put new files into their bucket. I'd like to enforce a non-destruction policy on these buckets - meaning, it should be impossible for users to destroy data, they should only be able to add data. How can I create a bucket policy that only lets a certain user put a file if it doesn't already exist, and doesn't let him do anything else with the bucket.

    Read the article

  • Help needed in grokking password hashes and salts

    - by javafueled
    I've read a number of SO questions on this topic, but grokking the applied practice of storing a salted hash of a password eludes me. Let's start with some ground rules: a password, "foobar12" (we are not discussing the strength of the password). a language, Java 1.6 for this discussion a database, postgreSQL, MySQL, SQL Server, Oracle Several options are available to storing the password, but I want to think about one (1): Store the password hashed with random salt in the DB, one column Found on SO and elsewhere is the automatic fail of plaintext, MD5/SHA1, and dual-columns. The latter have pros and cons MD5/SHA1 is simple. MessageDigest in Java provides MD5, SHA1 (through SHA512 in modern implementations, certainly 1.6). Additionally, most RDBMSs listed provide methods for MD5 encryption functions on inserts, updates, etc. The problems become evident once one groks "rainbow tables" and MD5 collisions (and I've grokked these concepts). Dual-column solutions rest on the idea that the salt does not need to be secret (grok it). However, a second column introduces a complexity that might not be a luxury if you have a legacy system with one (1) column for the password and the cost of updating the table and the code could be too high. But it is storing the password hashed with a random salt in single DB column that I need to understand better, with practical application. I like this solution for a couple of reasons: a salt is expected and considers legacy boundaries. Here's where I get lost: if the salt is random and hashed with the password, how can the system ever match the password? I have theory on this, and as I type I might be grokking the concept: Given a random salt of 128 bytes and a password of 8 bytes ('foobar12'), it could be programmatically possible to remove the part of the hash that was the salt, by hashing a random 128 byte salt and getting the substring of the original hash that is the hashed password. Then re hashing to match using the hash algorithm...??? So... any takers on helping. :) Am I close?

    Read the article

  • Library to fake intermittent failures according to tester-defined policy?

    - by crosstalk
    I'm looking for a library that I can use to help mock a program component that works only intermittently - usually, it works fine, but sometimes it fails. For example, suppose I need to read data from a file, and my program has to avoid crashing or hanging when a read fails due to a disk head crash. I'd like to model that by having a mock data reader function that returns mock data 90% of the time, but hangs or returns garbage otherwise. Or, if I'm stress-testing my full program, I could turn on debugging code in my real data reader module to make it return real data 90% of the time and hang otherwise. Now, obviously, in this particular example I could just code up my mock manually to test against a random() routine. However, I was looking for a system that allows implementing any failure policy I want, including: Fail randomly 10% of the time Succeed 10 times, fail 4 times, repeat Fail semi-randomly, such that one failure tends to be followed by a burst of more failures Any policy the tester wants to define Furthermore, I'd like to be able to change the failure policy at runtime, using either code internal to the program under test, or external knobs or switches (though the latter can be implemented with the former). In pig-Java, I'd envision a FailureFaker interface like so: interface FailureFaker { /** Return true if and only if the mocked operation succeeded. Implementors should override this method with versions consistent with their failure policy. */ public boolean attempt(); } And each failure policy would be a class implementing FailureFaker; for example there would be a PatternFailureFaker that would succeed N times, then fail M times, then repeat, and a AlwaysFailFailureFaker that I'd use temporarily when I need to simulate, say, someone removing the external hard drive my data was on. The policy could then be used (and changed) in my mock object code like so: class MyMockComponent { FailureFaker faker; public void doSomething() { if (faker.attempt()) { // ... } else { throw new RuntimeException(); } } void setFailurePolicy (FailureFaker policy) { this.faker = policy; } } Now, this seems like something that would be part of a mocking library, so I wouldn't be surprised if it's been done before. (In fact, I got the idea from Steve Maguire's Writing Solid Code, where he discusses this exact idea on pages 228-231, saying that such facilities were common in Microsoft code of that early-90's era.) However, I'm only familiar with EasyMock and jMockit for Java, and neither AFAIK have this function, or something similar with different syntax. Hence, the question: Do such libraries as I've described above exist? If they do, where have you found them useful? If you haven't found them useful, why not?

    Read the article

  • In Puppet, how would I secure a password variable (in this case a MySQL password)?

    - by Beaming Mel-Bin
    I am using Puppet to provision MySQL with a parameterised class: class mysql::server( $password ) { package { 'mysql-server': ensure => installed } package { 'mysql': ensure => installed } service { 'mysqld': enable => true, ensure => running, require => Package['mysql-server'], } exec { 'set-mysql-password': unless => "mysqladmin -uroot -p$password status", path => ['/bin', '/usr/bin'], command => "mysqladmin -uroot password $password", require => Service['mysqld'], } } How can I protect $password? Currently, I removed the default world readable permission from the node definition file and explicitly gave puppet read permission via ACL. I'm assuming others have come across a similar situation so perhaps there's a better practice.

    Read the article

  • How to create a password-less service account in AD?

    - by Andrew White
    Is it possible to create domain accounts that can only be accessed via a domain administrator or similar access? The goal is to create domain users that have certain network access based on their task but these users are only meant for automated jobs. As such, they don't need passwords and a domain admin can always do a run-as to drop down to the correct user to run the job. No password means no chance of someone guessing it or it being written down or lost. This may belong on SuperUser ServerFault but I am going to try here first since it's on the fuzzy border to me. I am also open to constructive alternatives.

    Read the article

  • How secure is a bluetooth keyboard against password sniffing?

    - by jhs
    In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system? Edit: Final Summary All answers are excellent. I accepted that which links to the most directly applicable information however I also encourage you to read Nathan Adams's response and discussion about security trade-offs.

    Read the article

  • WinXP password messed up after reset

    - by Mark Flint
    I changed my winXP logon password - but could not get in. Obviously I made the some mistake twice... caps lock or something but couldn't get the password. So I booted into safe mode, when into Users and changed the password. Now I when I restart I can get in at logon with my new password, but the standard screensaver - which used to be the same as my user logon - now is something different. I think it's still the previous one which I couldn't get right. Now when I go into Users (not in safe mode) and try and change the password I can't. It won't accept my new user logon which works fine when logging on. I think this too is still the previous one which I couldn't get right. How can I definitely reset the password so it works at logon, in the control panel/users, and the screensaver?

    Read the article

  • Issue changing mysql password on Debian

    - by Sean
    I installed mysql on my Debian server. I couldn't get into the database because it kept saying I put in the wrong password so I looked on the internet and found that I could log onto mysql using the command sudo mysql --defaults-file=/etc/mysql/debian.cnf From there I went typed use mysql;then mysql> UPDATE user SET password=PASSWORD('password') WHERE user='root'; Which I know switched the password because I typed the command select Host, User, Password from user; And it showed the encrypted characters had changed for all three of the root user categories. But I am still not able to login to mysql using mysql -u root -p

    Read the article

  • How can I restore the stored password in firefox 15.0.1 when deleted by error?

    - by Bob Legringe
    I, by error, deleted my stored passwords, using the "Wise disc cleaner 7" program. As I saw on another thread, the passwords are stored in 2 files signons.sqlite and the encryption key file key3.db When opening the file signons.sqlite with the text editor, I can see that the web adresses of the sites belonging to the passwords are still there. They have not been deleted by the "Wise disc cleaner 7" program, and adding a stored password on Firefox just modifies the file. However, Firefox will not display my old stored passwords and neither their respective sites. Is there any way to "undelete" the passwords?

    Read the article

  • Keyring no longer prompts for password when SSH-ing

    - by Lie Ryan
    I remember that I used to be able to do ssh [email protected] and have a prompt asks me for a password to unlock the keyring for the whole GNOME session so subsequent ssh wouldn't need to enter the keyring password any longer (not quite sure if this is in Ubuntu or other distro). But nowadays doing ssh [email protected] would ask me, in the terminal, my keyring password every single time; which defeats the purpose of using SSH keys. I checked $ cat /etc/pam.d/lightdm | grep keyring auth optional pam_gnome_keyring.so session optional pam_gnome_keyring.so auto_start which looks fine, and $ pgrep keyring 1784 gnome-keyring-d so the keyring daemon is alive. I finally found that SSH_AUTH_SOCK variable (and GNOME_KEYRING_CONTROL and GPG_AGENT_INFO and GNOME_KEYRING_PID) are not being set properly. What is the proper way to set this variable and why aren't they being set in my environment (i.e. shouldn't they be set in default install)? I guess I can set it in .bashrc, but then the variables would only be defined in bash session, while that is fine for ssh, I believe the other environment variables are necessary for GUI apps to use keyring.

    Read the article

  • Group policy waited for the network subsystem

    - by the-wabbit
    In an AD domain with Windows Server 2008 R2 DCs users are complaining about delays in the bootup process of the clients. The group policy log reveals that the client is waiting ~ 20-50 seconds for "the network subsystem": Event 5322, GroupPolicy Group policy waited for 29687 milliseconds for the network subsystem at computer boot. This appears to be domain-specific as machines joining a different domain from the same network do not experience any delays and Event 5322 reports <1000 ms wait times at startup. It happens on virtual and physical machines alike, so it does not look like a hardware- or driver-related issue. Further investigation has shown that the client is taking its time before issuing DHCP requests. In the network traces, I can see IPv6 router solicitations and multicast DNS name registrations as soon as the network driver is loaded and the network connection is reported "up" in the event log (e1cexpress/36). Yet, the DHCPv4 client service seems to take another 15-50 seconds to start (Dhcp-Client/50036), so the IPv4 address remains unconfigured for a while. The DHCP client's messages in the event log are succeeding the service start of the "Sophos Anti-Virus" service (Sophos AV 10.3 package), which I suspect to be the culprit - the DHCP client service dependencies include the TDI Support driver which might be what Sophos is using to intercept network traffic: Network Location Awareness seems to break at startup as a side-effect, I see that off-site DCs are contacted due to what seems like a race condition between the GP client and the DHCP client / NLA service startup. I could set the Group Policy Client service to depend on NLA, yet this still would not eliminate the delay. Also, I am not all that sure that this is a good idea. Is there a known resolution which would eliminate the startup delay?

    Read the article

  • Windows Server 2008 Create Symbolic Link, updated Security Policy still gives privilege error

    - by Matt
    Windows Server 2008, RC2. I am trying to create a symbolic/soft link using the mklink command: mklink /D LinkName TargetDir e.g. c:\temp\>mklink /D foo bar This works fine if I run the command line as Administrator. However, I need it to work for regular users as well, because ultimately I need another program (executing as a user) to be able to do this. So, I updated the Local Security Policy via secpol.msc. Under "Local Policies" "User Rights Management" "Create symbolic links", I added "Users" to the security setting. I rebooted the machine. It still didn't work. So I added "Everyone" to the policy. Rebooted. And STILL it didn't work. What on earth am I doing wrong here? I think my user is even an Administrator on this box, and running plain command line even with this updated policy in place still gives me: You do not have sufficient privilege to perform this operation.

    Read the article

  • SQLAuthority News – Wireless Router Security and Attached Devices – Complex Password

    - by pinaldave
    In the last four days (April 21-24), I have received calls from friends who told me that they have got strange emails from me. To my surprise, I did not send them any emails. I was not worried until my wife complained that she was not able to find one of the very important folders containing our daughter’s photo that is located in our shared drive. This was alarming in my par, so I started a search around my computer’s folders. Again, please note that I am by no means a security expert. I checked my entire computer with virus and spyware, and strangely, there I found nothing. I tried to think what can cause this happening. I suddenly realized that there was a power outage in my area for about two hours during the days I have mentioned. Back then, my wireless router needed to be reset, and so I did. I had set up my WPA-PSK [TKIP] + WPA2-PSK [AES] very well. My key was very simple ( ‘SQLAuthority1′), and I never thought of changing it. (It is now replaced with a very complex one). While checking the Attached Devices, I found out that there was another very strange computer name and IP attached to my network. And so as soon as I found out that there is strange device attached to my computer, I shutdown my local network. Afterwards, I reconfigured my wireless router with a more complex security key. Since I created the complex password, I noticed that the user is no more connecting to my machine. Subsequently, I figured out that I can also set up Access Control List. I added my networked computer to that list as well. When I tried to connect from an external laptop which was not in the list but with a valid security key, I was not able to access the network, neither able to connect to it. I wasn’t also able to connect using a remote desktop, so I think it was good. If you have received any nasty emails from me (from my gmail account) during the afore-mentioned days, I want to apologize. I am already paying for my negligence of not putting a complex password; by way of losing the important photos of my daughter. I have already checked with my client, whose password I saved in SSMS, so there was no issue at all. In fact, I have decided to never leave any saved password of production server in my SSMS. Here is the tip SQL SERVER – Clear Drop Down List of Recent Connection From SQL Server Management Studio to clean them. I think after doing all this, I am feeling safe right now. However, I believe that safety is an illusion of many times. I need your help and advice if there is anymore I can do to stop unauthorized access. I am seeking advice and help through your comments. Reference : Pinal Dave (http://www.SQLAuthority.com) Filed under: SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, SQLAuthority News, T SQL, Technology

    Read the article

  • How can I cache a Subversion password on a server, without storing it in unencrypted form?

    - by Zilk
    My Subversion server only provides access via HTTPS; support for svn+ssh has been dropped because we wanted to avoid creating system users on that machine just for SVN access. Now I'm trying to provide a way for users to cache their passwords for a while, without leaving them stored on the filesystem in unencrypted form. This is no problem for Gnome or KDE users, because they can use gnome-keyring and kwallet, respectively. IIRC, TortoiseSVN has a similar caching mechanism, too. But what about users on a non-GUI system? Some context: in this case, we have a development/testing server where one project has been checked out into the Apache htdocs directory. Development for this project is almost complete, and only minor text/layout changes are performed directly on this server. Nevertheless, the changes should be checked into the repository. There's no kwallet and no gnome-keyring on this system, and the ssh-agent can't help because the repository is accessed via https instead of svn+ssh. As far as I know, that leaves them the choice of entering the password every time they talk to the SVN server, or storing it in an insecure way. Is there any way to get something like what gnome-keyring and kwallet provide in a non-GUI environment?

    Read the article

  • Welcome Relief

    - by michael.seback
    Government organizations are experiencing unprecedented demand for social services. The current economy continues to put immense stress on social service organizations. Increased need for food assistance, employment security, housing aid and other critical services is keeping agencies busier than ever. ... The Kansas Department of Labor (KDOL) uses Oracle's social services solution in its employment security program. KDOL has used Siebel Customer Relationship Management (CRM) for nearly a decade, and recently purchased Oracle Policy Automation to improve its services even further. KDOL implemented Siebel CRM in 2002, and has expanded its use of it over the years. The agency started with Siebel CRM in the call center and later moved it into case management. Siebel CRM has been a strong foundation for KDOL in the face of rising demand for unemployment benefits, numerous labor-related law changes, and an evolving IT environment. ... The result has been better service for constituents. "It's really enabled our staff to be more effective in serving clients," said Hubka. That's a trend the department plans to continue. "We're 100 percent down the path of Siebel, in terms of what we're doing in the future," Hubka added. "Their vision is very much in line with what we're planning on doing ourselves." ... Community Services is the leading agency responsible for the safety and well-being of children and young people within Australia's New South Wales (NSW) Government. Already a longtime Oracle Case Management user, Community Services recently implemented Oracle Policy Automation to ensure accurate, consistent decisions in the management of child safety. "Oracle Policy Automation has helped to provide a vehicle for the consistent application of the Government's 'Keep Them Safe' child protection action plan," said Kerry Holling, CIO for Community Services. "We believe this approach is a world-first in the structured decisionmaking space for child protection and we believe our department is setting an example that other child protection agencies will replicate." ... Read the full case study here.

    Read the article

  • Why is GPO Tool reporting a GPO version mismatch when the GPO version #'s do match?

    - by SturdyErde
    Any ideas why the group policy diagnostic utility GPOTool would report a GPO version mismatch between two domain controllers if the version numbers are a match? Policy {GUID} Error: Version mismatch on dc1.domain.org, DS=65580, sysvol=65576 Friendly name: Default Domain Controllers Policy Error: Version mismatch on dc2.domain.org, DS=65580, sysvol=65576 Details: ------------------------------------------------------------ DC: dc1.domain.org Friendly name: Default Domain Controllers Policy Created: 7/7/2005 6:39:33 PM Changed: 6/18/2012 12:33:04 PM DS version: 1(user) 44(machine) Sysvol version: 1(user) 40(machine) Flags: 0 (user side enabled; machine side enabled) User extensions: not found Machine extensions: [{GUID}] Functionality version: 2 ------------------------------------------------------------ DC: dc2.domain.org Friendly name: Default Domain Controllers Policy Created: 7/7/2005 6:39:33 PM Changed: 6/18/2012 12:33:05 PM DS version: 1(user) 44(machine) Sysvol version: 1(user) 40(machine) Flags: 0 (user side enabled; machine side enabled) User extensions: not found Machine extensions: [{GUID}] Functionality version: 2

    Read the article

  • Firewall GPO not applying despite being enumerated by gpresult

    - by jshin47
    I have a need to open up the admin$ share on all of my domain's client PC's and I am trying to do so using group policy. I defined computer policy for Windows Firewall with Advanced Security in a policy object linked to the appropriate container and added the appropriate rules. However, they are not being applied! I feel like I have tried all of the obvious steps: I've checked gpresult and the resulting set of policy is the way that I would expect it to look. I've gpupdate /force and gpupdate /sync on a few client computers, but no matter what I do they don't seem to respond to my changes. I know that other computer policies in the GPO are being applied so it is strange that these are not. I have also disabled exceptions on clients in the firewall GPO, but that doesn't seem to be applying either. Here is a screenshot of the firewall.cpl from a client: Basically, although other options in the same GPO ARE applied for computer policy, the firewall settings seem to be ignored.

    Read the article

  • How to create column of type password in gridview?

    - by Preeti
    Hi, I am creating an application in which user selects files and provides credentials to open that file. For that i have created three columns in a gridview. User enters password in password column. I want to display '*' in place of characters like we can create a textbox of password type. I have tried this code on 'GridView_CellClick' event : if (GridView.Columns[e.ColumnIndex].HeaderText == "Password") { txtPassword[e.RowIndex] = new TextBox(); txtPassword[e.RowIndex].Name = "txtPassword"+e.RowIndex; txtPassword[e.RowIndex].PasswordChar = '*'; txtPassword[e.RowIndex].Visible = true; txtPassword[e.RowIndex].TextChanged += new if (GridView.CurrentCell.Value == null) txtPassword[e.RowIndex].Text = ""; else txtPassword[e.RowIndex].Text = GridView.CurrentCell.Value.ToString(); txtPassword[e.RowIndex].Location = GridView.GetCellDisplayRectangle(e.ColumnIndex, e.RowIndex + 1, false).Location; txtPassword[e.RowIndex].Size = GridView.GetCellDisplayRectangle(e.ColumnIndex, e.RowIndex + 1, false).Size; txtPassword[e.RowIndex].Visible = true; txtPassword[e.RowIndex].Focus(); } But in above solution characters are displayed. How can i solve this problem???

    Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >