Search Results

Search found 25758 results on 1031 pages for 'oracle security'.

Page 299/1031 | < Previous Page | 295 296 297 298 299 300 301 302 303 304 305 306  | Next Page >

• What am I missing in this ASP.NET XSS Security Helper class?

  - by smartcaveman

  I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

  Read the article

• Have I found a security problem in an API or do I just not understand SSL?

  - by jamieb

  I'm working on building a set of Python bindings around an XML-based API provided by a vendor. The vendor requires that all transactions be conducted over SSL. Using a Linux box, I created a key file and a CSR for my application. Using their self-service web portal, I then generate a certificate using that CSR. Both the key file and the certificate are used when making the SSL request to the API. I'm now working on designing exception classes to make error messages more verbose (and, hopefully, more useful to developers using my bindings). Part of my testing has included altering the key file: transpose a couple characters here, replace 4 or 5 with random characters there, etc. To my surprise, altering the key file had no effect! As long as I didn't change the total length of it, the API didn't complain about a bad key file. The only way I was able to throw an error was by swapping in a completely different key from another application. At that point, the API complained about the Common Name not matching. Is this normal behavior or has the vendor not properly implemented SSL?

  Read the article

• How do I copy security information when creating a new folder?

  - by dhh

  In my app I'm creating folders for archiving old stuff from a harddisc. When creating a new folder I must copy all NTFS rights (Groups / Users) from the source folder to the newly created destination folder. Here is what I've written so far: FileSecurity fileSecurity = File.GetAccessControl(filenameSource, AccessControlSections.All); FileAttributes fileAttributes = File.GetAttributes(filenameSource); File.SetAccessControl(filenameDest, fileSecurity); File.SetAttributes(filenameDest, fileAttributes); Is this really all I ought to do or am I missing something important?

  Read the article

• How do I get the security details for a long path?

  - by Biff MaGriff

  Hello, I am doing a file server migration and I'm writing a small C# app to help me map the user permissions so we can put them in user groups. I'm currently using Directory.GetAccessControl(path); However it fails when it get to this 263 char file path. Invalid name. Parameter name: name I get the same error when I use DirectoryInfo.GetAccessControl(); Is there a work around or alternative to this method? Thanks!

  Read the article

• ASP.NET MVC security: how to check if a controller method is allowed to execute under current user's

  - by Gart

  Given an ASP.NET MVC Controller class declaration: public class ItemController : Controller { public ActionResult Index() { // ... } public ActionResult Details() { // ... } [Authorize(Roles="Admin, Editor")] public ActionResult Edit() { // ... } [Authorized(Roles="Admin")] public ActionResult Delete() { // .. } } I need to reflect a list of methods in this class which may be invoked with the current user's permissions. Please share some ideas of what could be done in this case.

  Read the article

• How to use Grails Spring Security Plugin to require logging in before access an action?

  - by Hoàng Long

  Hi all, I know that I can use annotation or Request mapping to restrict access to an ACTION by some specific ROLES. But now I have a different circumstance. My scenario is: every user of my site can create posts, and they can make their own post public, private, or only share to some other users. I implement sharing post by a database table PERMISSION, which specify if a user have the right to view a post or not. The problem arises here is that when a customer access a post through a direct link, how can I determine he/she have the privilege to view it? There's 3 circumstances: The post is public, so it can be viewed by anyone (include not-login user) The post is private, so only the login-owner can view it The post is sharing, it means only the login-user that is shared and the owner can view it. I want to process like this: If the requested post is public: ok. If the requested post is private/sharing: I want to redirect the customer to the login page; after logging in, the user will be re-direct to the page he wants to see. The problem here is that I can redirect the user to login controller/ auth action, but after that I don't know how to redirect it back. The link to every post is different by post_id, so I can't use SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl Could anyone know a way to do this?

  Read the article

• Is sending a hashed password over the wire a security hole?

  - by Ubiquitous Che

  I've come across a system that is in use by a company that we are considering partnering with on a medium-sized (for us, not them) project. They have a web service that we will need to integrate with. My current understanding of proper username/password management is that the username may be stored as plaintext in the database. Every user should have a unique pseudo-random salt, which may also be stored in plaintext. The text of their password must be concatenated with the salt and then this combined string may be hashed and stored in the database in an nvarchar field. So long as passwords are submitted to the website (or web service) over plaintext, everything should be just lovely. Feel free to rip into my understanding as summarized above if I'm wrong. Anyway, back to the subject at hand. The WebService run by this potential partner doesn't accept username and password, which I had anticipated. Instead, it accepts two string fields named 'Username' and 'PasswordHash'. The 'PasswordHash' value that I have been given does indeed look like a hash, and not just a value for a mis-named password field. This is raising a red flag for me. I'm not sure why, but I feel uncomfortable sending a hashed password over the wire for some reason. Off the top of my head I can't think of a reason why this would be a bad thing... Technically, the hash is available on the database anyway. But it's making me nervous, and I'm not sure if there's a reason for this or if I'm just being paranoid.

  Read the article

• Do I have to use Stored Procedures to get query level security or can I still do this with Dynamic S

  - by Peter Smith

  I'm developing an application where I'm concerned about locking down access to the database. I know I can develop stored procedures (and with proper parameter checking) limit a database user to an exact set of queries to execute. It's imperative that no other queries other then the ones I created in the stored procedures be allowed to execute under that user. Ideally even if a hacker gained access to the database connection (which only accepts connections from certain computers) they would only be able to execute the predefined stored procedures. Must I choose stored procedures for this or can I use Dynamic Sql with these fine grain permissions?

  Read the article

• What are the best security measures to take for making certain directories private?

  - by Sattvic

  I have a directory on my server that I do not want Search Engines to crawl and I already set this rule in robots.txt I do want people that have logged in to be able to have access to this directory without having to enter a password or anything. I am thinking that a cookie is the best thing to put on users computers after they login, and if they have a cookie, they can access the directory. Is this possible, or is there a better way? I want people without this cookie to not have access to this directory - access for members only Any suggestions on the best design for this?

  Read the article

• How to avoid security warning in IE when landing an HTTPS page ?

  - by Shyju

  In IE 8, I am getting the below error message when trying to land on a https from a http page in an online store web portal.If i change the settings in my IE,It will not prompt the message.But since its a browser setting,we can ask each customers to do so . Is there anything which we can do for not showing this message in IE. ?

  Read the article

• Rails: Obfuscating Image URLs on Amazon S3? (security concern)

  - by neezer

  To make a long explanation short, suffice it to say that my Rails app allows users to upload images to the app that they will want to keep in the app (meaning, no hotlinking). So I'm trying to come up with a way to obfuscate the image URLs so that the address of the image depends on whether or not that user is logged in to the site, so if anyone tried hotlinking to the image, they would get a 401 access denied error. I was thinking that if I could route the request through a controller, I could re-use a lot of the authorization I've already built into my app, but I'm stuck there. What I'd like is for my images to be accessible through a URL to one of my controllers, like: http://railsapp.com/images/obfuscated?member_id=1234&pic_id=7890 If the user where to right-click on the image displayed on the website and select "Copy Address", then past it in, it would be the SAME url (as in, wouldn't betray where the image is actually hosted). The actual image would be living on a URL like this: http://s3.amazonaws.com/s3username/assets/member_id/pic_id.extension Is this possible to accomplish? Perhaps using Rails' render method? Or something else? I know it's possible for PHP to return the correct headers to make the browser think it's an image, but I don't know how to do this in Rails... UPDATE: I want all users of the app to be able to view the images if and ONLY if they are currently logged on to the site. If the user does not have a currently active session on the site, accessing the images directly should yield a generic image, or an error message.

  Read the article

• Authentication and Security in my website - need advice please.

  - by Ichirichi

  Hi, I am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password. When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing). My question/problems are: Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue? Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2. If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load? Advice and answers much appreciated. L

  Read the article

• when i start my emmbedt web server on port 8080 i get windows security alert , can i avoid it ?

  - by user63898

  is there any way to avoid this when using embedded web server in windows? i don't want users to be scare

  Read the article

• JMS Step 1 - How to Create a Simple JMS Queue in Weblogic Server 11g

  - by John-Brown.Evans

  JMS Step 1 - How to Create a Simple JMS Queue in Weblogic Server 11g ol{margin:0;padding:0} .c5{vertical-align:top;width:156pt;border-style:solid;border-color:#000000;border-width:1pt;padding:0pt 2pt 0pt 2pt} .c7{list-style-type:disc;margin:0;padding:0} .c4{background-color:#ffffff} .c14{color:#1155cc;text-decoration:underline} .c6{height:11pt;text-align:center} .c13{color:inherit;text-decoration:inherit} .c3{padding-left:0pt;margin-left:36pt} .c0{border-collapse:collapse} .c12{text-align:center} .c1{direction:ltr} .c8{background-color:#f3f3f3} .c2{line-height:1.0} .c11{font-style:italic} .c10{height:11pt} .c9{font-weight:bold} .title{padding-top:24pt;line-height:1.15;text-align:left;color:#000000;font-size:36pt;font-family:"Arial";font-weight:bold;padding-bottom:6pt}.subtitle{padding-top:18pt;line-height:1.15;text-align:left;color:#666666;font-style:italic;font-size:24pt;font-family:"Georgia";padding-bottom:4pt} li{color:#000000;font-size:10pt;font-family:"Arial"} p{color:#000000;font-size:10pt;margin:0;font-family:"Arial"} h1{padding-top:0pt;line-height:1.15;text-align:left;color:#666;font-size:18pt;font-family:"Arial";font-weight:normal;padding-bottom:0pt} h2{padding-top:0pt;line-height:1.15;text-align:left;color:#666;font-size:14pt;font-family:"Arial";font-weight:normal;padding-bottom:0pt} h3{padding-top:0pt;line-height:1.15;text-align:left;color:#666;font-size:12pt;font-family:"Arial";font-weight:normal;padding-bottom:0pt} h4{padding-top:0pt;line-height:1.15;text-align:left;color:#666;font-style:italic;font-size:11pt;font-family:"Arial";padding-bottom:0pt} h5{padding-top:0pt;line-height:1.15;text-align:left;color:#666;font-size:10pt;font-family:"Arial";font-weight:normal;padding-bottom:0pt} h6{padding-top:0pt;line-height:1.15;text-align:left;color:#666;font-style:italic;font-size:10pt;font-family:"Arial";padding-bottom:0pt} This example shows the steps to create a simple JMS queue in WebLogic Server 11g for testing purposes. For example, to use with the two sample programs QueueSend.java and QueueReceive.java which will be shown in later examples. Additional, detailed information on JMS can be found in the following Oracle documentation: Oracle® Fusion Middleware Configuring and Managing JMS for Oracle WebLogic Server 11g Release 1 (10.3.6) Part Number E13738-06 http://docs.oracle.com/cd/E23943_01/web.1111/e13738/toc.htm 1. Introduction and Definitions A JMS queue in Weblogic Server is associated with a number of additional resources: JMS Server A JMS server acts as a management container for resources within JMS modules. Some of its responsibilities include the maintenance of persistence and state of messages and subscribers. A JMS server is required in order to create a JMS module. JMS Module A JMS module is a definition which contains JMS resources such as queues and topics. A JMS module is required in order to create a JMS queue. Subdeployment JMS modules are targeted to one or more WLS instances or a cluster. Resources within a JMS module, such as queues and topics are also targeted to a JMS server or WLS server instances. A subdeployment is a grouping of targets. It is also known as advanced targeting. Connection Factory A connection factory is a resource that enables JMS clients to create connections to JMS destinations. JMS Queue A JMS queue (as opposed to a JMS topic) is a point-to-point destination type. A message is written to a specific queue or received from a specific queue. The objects used in this example are: Object Name Type JNDI Name TestJMSServer JMS Server TestJMSModule JMS Module TestSubDeployment Subdeployment TestConnectionFactory Connection Factory jms/TestConnectionFactory TestJMSQueue JMS Queue jms/TestJMSQueue 2. Configuration Steps The following steps are done in the WebLogic Server Console, beginning with the left-hand navigation menu. 2.1 Create a JMS Server Services > Messaging > JMS Servers Select New Name: TestJMSServer Persistent Store: (none) Target: soa_server1  (or choose an available server) Finish The JMS server should now be visible in the list with Health OK. 2.2 Create a JMS Module Services > Messaging > JMS Modules Select New Name: TestJMSModule Leave the other options empty Targets: soa_server1  (or choose the same one as the JMS server)Press Next Leave “Would you like to add resources to this JMS system module” unchecked and  press Finish . 2.3 Create a SubDeployment A subdeployment is not necessary for the JMS queue to work, but it allows you to easily target subcomponents of the JMS module to a single target or group of targets. We will use the subdeployment in this example to target the following connection factory and JMS queue to the JMS server we created earlier. Services > Messaging > JMS Modules Select TestJMSModule Select the Subdeployments  tab and New Subdeployment Name: TestSubdeployment Press Next Here you can select the target(s) for the subdeployment. You can choose either Servers (i.e. WebLogic managed servers, such as the soa_server1) or JMS Servers such as the JMS Server created earlier. As the purpose of our subdeployment in this example is to target a specific JMS server, we will choose the JMS Server option. Select the TestJMSServer created earlier Press Finish 2.4  Create a Connection Factory Services > Messaging > JMS Modules Select TestJMSModule  and press New Select Connection Factory  and Next Name: TestConnectionFactory JNDI Name: jms/TestConnectionFactory Leave the other values at default On the Targets page, select the Advanced Targeting  button and select TestSubdeployment Press Finish The connection factory should be listed on the following page with TestSubdeployment and TestJMSServer as the target. 2.5 Create a JMS Queue Services > Messaging > JMS Modules Select TestJMSModule  and press New Select Queue and Next Name: TestJMSQueueJNDI Name: jms/TestJMSQueueTemplate: NonePress Next Subdeployments: TestSubdeployment Finish The TestJMSQueue should be listed on the following page with TestSubdeployment and TestJMSServer. Confirm the resources for the TestJMSModule. Using the Domain Structure tree, navigate to soa_domain > Services > Messaging > JMS Modules then select TestJMSModule You should see the following resources The JMS queue is now complete and can be accessed using the JNDI names jms/TestConnectionFactory andjms/TestJMSQueue. In the following blog post in this series, I will show you how to write a message to this queue, using the WebLogic sample Java program QueueSend.java.

  Read the article

• Running OWSM WLST commands - 11g

  - by Prakash Yamuna

  It has been sometime since I posted some materials. I hope to have more tips, best practices - but here is a quick thing that people seem to trip up on..."How to Run OWSM related WLST commands" The most common issue people seem to run into is trying to run the OWSM WLST commands from the wrong location. You need to run the WLST commands from "oracle_common/common/bin/wlst.sh" (ex: /home/Oracle/Middleware/oracle_common/common/bin/wlst.sh) This is documented in the OWSM doc (Security And Administrator's Guide) under the section "Accessing the Web Services Custom WLST Commands". Note: This location is different from the location from where you run the SOA WLST commands. If you try to run the OWSM WLST command from the wrong location - you will see errors like the following: "The MBean ,@ oracle.wsm:*,name=WSMDocumentManager,type=Repository was not found"

  Read the article

• New Whitepaper: Upgrading EBS 11i Forms + OA Framework Personalizations to EBS 12

  - by Sara Woodhull

  Personalizations are -- and have always been -- one of the safest and most upgradable ways to "customize" your Oracle E-Business Suite screens, both for Oracle Forms-based screens and for Oracle Application Framework-based pages. However, the upgrade from Release 11i to Release 12.1 spans many years of EBS evolution, during which time Oracle has actively been building many new features and modules. A lot has changed in Oracle E-Business Suite that may affect upgrading your personalizations from 11i to 12.1. We have published a new note on My Oracle Support that discusses ways to evaluate your existing personalizations:Upgrading Form Personalizations and OA Framework Personalizations from Oracle E-Business Suite Release 11i to 12.1 (Note 1292611.1)Two distinct types of personalizations There are two distinct types of personalizations: Form Personalization OA Framework Personalization. Both types of personalization are completely metadata-based. The personalizations are stored as data in database tables. However, because the underlying technologies (Oracle Forms and OA Framework) are very different, Forms personalizations and OA Framework personalizations are not equivalent and cannot be converted or migrated from one to the other.

  Read the article

• Steve Miranda is the Next Guest on The Bill Kutik Radio Show®

  - by Jay Richey, HCM Product Marketing

  Be sure to catch Steve Miranda, Senior Vice President for Oracle Fusion Development, tomorrow on The Bill Kutik Radio Show®.  Bill will be asking the tough questions once again and Steve will be answering.  It is sure to be a lively discussion, with more details on Fusion and Oracle's co-existence strategy with PeopleSoft, E-Business Suite, and JD Edwards HCM applications.  Wednesday, March 28, at noon ET, 9 am PT.  Listen live, afterward to the replay, or download from iTunes. http://www.knowledgeinfusion.com/ondemand/docs/DOC-9903 Produced by Knowledge Infusion and hosted by independent industry analyst Bill Kutik, the bi-weekly interview show provides leading HR business content and insight into up-to-the-minute trends.

  Read the article

• Bye Bye Year of the Dragon, Hello BPM

  - by Michelle Kimihira

  As CNN asks you to vote for most intriguing person of the year, what technologies do you think were most intriguing in 2012? Was it Social, Mobile, BPM or were you most captivated by Customer Experience? Well, we too observed these technology trends on the upswing and foresee that these will remain in limelight for 2013. What if we told you that there is a solution that brings these technologies together and helps not only to create efficient business processes but also an engaging customer experience. As we transition into 2013 let’s take a look at some of the top trending topics in BPM.  Ajay Khanna discusses these trends in OracleBPM blog, Bye Bye Year of the Dragon, Hello BPM.  Additional Information Product Information on Oracle.com: Oracle Fusion Middleware Follow us on Twitter and Facebook and YouTube Subscribe to our regular Fusion Middleware Newsletter

  Read the article

• New Whitepaper: Advanced Compression 11gR1 Benchmarks with EBS 12

  - by Steven Chan

  In my opinion, if there's any reason to upgrade an E-Business Suite environment to the 11gR1 or 11gR2 database, it's the Advanced Compression database option.  Oracle Advanced Compression was introduced in Oracle Database 11g, and allows you to compress structured data (numbers, characters) as well as unstructured data (documents, spreadsheets, XML and other files).  It provides enhanced compression for database backups and also includes network compression for faster synchronization with standby databases.In other words, the promise of Advanced Compression is that it can make your E-Business Suite database smaller and faster.  But how well does it actually deliver on that promise?Apps 12 + Advanced Compression Benchmarks now availableThree of my colleagues, Uday Moogala, Lester Gutierrez, and Andy Tremayne, have been benchmarking Oracle E-Business Suite Release 12 with Advanced Compression 11gR1.  They've just released a detailed whitepaper with their benchmarking results and recommendations.This whitepaper is available in two locations:Oracle E-Business Suite Release 12.1 with Oracle Database 11g Advanced Compression (Note 1110648.1) (requires My Oracle Support access)Oracle E-Business Suite Release 12.1 with Oracle Database 11g Advanced Compression (Applications Benchmark website, PDF, 500K)

  Read the article

• Webcast Replay Available: Performance Tuning E-Business Suite Concurrent Manager (Performance Series Part 2 of 3)

  - by BillSawyer

  I am pleased to release the replay and presentation for the latest ATG Live Webcast: Performance Tuning E-Business Suite Concurrent Manager (Performance Series Part 2 of 3) (Presentation)Andy Tremayne, Senior Architect, Applications Performance, and co-author of Oracle Applications Performance Tuning Handbook from Oracle Press, and Uday Moogala, Senior Principal Engineer, Applications Performance discussed two major components of E-Business Suite performance tuning:  concurrent management and tracing. They dispel some myths surrounding these topics, and shared with you the recommended best practices that you can use on your own E-Business Suite instance.Finding other recorded ATG webcastsThe catalog of ATG Live Webcast replays, presentations, and all ATG training materials is available in this blog's Webcasts and Training section.

  Read the article

• The “AfterDark” reception is back!

  - by rituchhibber

  This year, the OPN Exchange “AfterDark” Reception is moving to new heights! Join us on the 5th floor of the Metreon building in San Francisco for this exclusive ‘VIP’ event. The reception will be held from 7:30 p.m. – 10 p.m. on Sunday, September 30th. Enjoy the smooth sounds of Macy Gray over a cocktail, as you network the night away and watch the 2012 live Music Festival performances from above! Best of all, this event is exclusive and free to all Oracle PartnerNetwork Exchange attendees! So come mix and mingle with us as we kick-off Oracle OpenWorld 2012 with great conversation and music! See You After Dark! The OPN Communications Team

  Read the article

• SQL SERVER – Beginning of SQL Server Architecture – Terminology – Guest Post

  - by pinaldave

  SQL Server Architecture is a very deep subject. Covering it in a single post is an almost impossible task. However, this subject is very popular topic among beginners and advanced users.  I have requested my friend Anil Kumar who is expert in SQL Domain to help me write  a simple post about Beginning SQL Server Architecture. As stated earlier this subject is very deep subject and in this first article series he has covered basic terminologies. In future article he will explore the subject further down. Anil Kumar Yadav is Trainer, SQL Domain, Koenig Solutions. Koenig is a premier IT training firm that provides several IT certifications, such as Oracle 11g, Server+, RHCA, SQL Server Training, Prince2 Foundation etc. In this Article we will discuss about MS SQL Server architecture. The major components of SQL Server are: Relational Engine Storage Engine SQL OS Now we will discuss and understand each one of them. 1) Relational Engine: Also called as the query processor, Relational Engine includes the components of SQL Server that determine what your query exactly needs to do and the best way to do it. It manages the execution of queries as it requests data from the storage engine and processes the results returned. Different Tasks of Relational Engine: Query Processing Memory Management Thread and Task Management Buffer Management Distributed Query Processing 2) Storage Engine: Storage Engine is responsible for storage and retrieval of the data on to the storage system (Disk, SAN etc.). to understand more, let’s focus on the following diagram. When we talk about any database in SQL server, there are 2 types of files that are created at the disk level – Data file and Log file. Data file physically stores the data in data pages. Log files that are also known as write ahead logs, are used for storing transactions performed on the database. Let’s understand data file and log file in more details: Data File: Data File stores data in the form of Data Page (8KB) and these data pages are logically organized in extents. Extents: Extents are logical units in the database. They are a combination of 8 data pages i.e. 64 KB forms an extent. Extents can be of two types, Mixed and Uniform. Mixed extents hold different types of pages like index, System, Object data etc. On the other hand, Uniform extents are dedicated to only one type. Pages: As we should know what type of data pages can be stored in SQL Server, below mentioned are some of them: Data Page: It holds the data entered by the user but not the data which is of type text, ntext, nvarchar(max), varchar(max), varbinary(max), image and xml data. Index: It stores the index entries. Text/Image: It stores LOB ( Large Object data) like text, ntext, varchar(max), nvarchar(max),  varbinary(max), image and xml data. GAM & SGAM (Global Allocation Map & Shared Global Allocation Map): They are used for saving information related to the allocation of extents. PFS (Page Free Space): Information related to page allocation and unused space available on pages. IAM (Index Allocation Map): Information pertaining to extents that are used by a table or index per allocation unit. BCM (Bulk Changed Map): Keeps information about the extents changed in a Bulk Operation. DCM (Differential Change Map): This is the information of extents that have modified since the last BACKUP DATABASE statement as per allocation unit. Log File: It also known as write ahead log. It stores modification to the database (DML and DDL). Sufficient information is logged to be able to: Roll back transactions if requested Recover the database in case of failure Write Ahead Logging is used to create log entries Transaction logs are written in chronological order in a circular way Truncation policy for logs is based on the recovery model SQL OS: This lies between the host machine (Windows OS) and SQL Server. All the activities performed on database engine are taken care of by SQL OS. It is a highly configurable operating system with powerful API (application programming interface), enabling automatic locality and advanced parallelism. SQL OS provides various operating system services, such as memory management deals with buffer pool, log buffer and deadlock detection using the blocking and locking structure. Other services include exception handling, hosting for external components like Common Language Runtime, CLR etc. I guess this brief article gives you an idea about the various terminologies used related to SQL Server Architecture. In future articles we will explore them further. Guest Author  The author of the article is Anil Kumar Yadav is Trainer, SQL Domain, Koenig Solutions. Koenig is a premier IT training firm that provides several IT certifications, such as Oracle 11g, Server+, RHCA, SQL Server Training, Prince2 Foundation etc. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, SQL Training, T SQL, Technology

  Read the article

• Look Inside WebLogic Server Embedded LDAP with an LDAP Explorer

  - by james.bayer

  Today a question came up on our internal WebLogic Server mailing lists about an issue deleting a Group from WebLogic Server.  The group had a special character in the name. The WLS console refused to delete the group with the message a java.net.MalformedURLException and another message saying “Errors must be corrected before proceeding.” as shown below. The group aa:bb is the one with the issue.  Click to enlarge. WebLogic Server includes an embedded LDAP server that can be used for managing users and groups for “reasonably small environments (10,000 or fewer users)”.  For organizations scaling larger or using more high-end features, I recommend looking at one of Oracle’s very popular enterprise directory services products like Oracle Internet Directory or Oracle Directory Server Enterprise Edition.  You can configure multiple authenicators in WebLogic Server so that you can use multiple directories at the same time. I am not sure WebLogic Server supports special characters in group names for the Embedded LDAP server, but in this case both the console and WLST reported the same issue deleting the group with the special character in the name.  Here’s the WLST output: wls:/hotspot_domain/serverConfig/SecurityConfiguration/hotspot_domain/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator> cmo.removeGroup('aa:bb') Traceback (innermost last): File "<console>", line 1, in ? weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090296]invalid URL ldap:///ou=people,ou=myrealm,dc=hotspot_domain??sub?(&(objectclass=person)(wlsMemberOf=cn=aa:bb,ou=groups,ou=myrealm,dc=hotspot_domain)) at weblogic.security.providers.authentication.LDAPAtnGroupMembersNameList.advance(LDAPAtnGroupMembersNameList.java:254) at weblogic.security.providers.authentication.LDAPAtnGroupMembersNameList.<init>(LDAPAtnGroupMembersNameList.java:119) at weblogic.security.providers.authentication.LDAPAtnDelegate.listGroupMembers(LDAPAtnDelegate.java:1392) at weblogic.security.providers.authentication.LDAPAtnDelegate.removeGroup(LDAPAtnDelegate.java:1989) at weblogic.security.providers.authentication.DefaultAuthenticatorImpl.removeGroup(DefaultAuthenticatorImpl.java:242) at weblogic.security.providers.authentication.DefaultAuthenticatorMBeanImpl.removeGroup(DefaultAuthenticatorMBeanImpl.java:407) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449) at java.security.AccessController.doPrivileged(Native Method) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447) at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:263) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449) at java.security.AccessController.doPrivileged(Native Method) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447) at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444) at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323) at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663) at java.security.AccessController.doPrivileged(Native Method) at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654) at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427) at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72) at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265) at java.security.AccessController.doPrivileged(Native Method) at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367) at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788) at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source) at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667) at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146) at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518) at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) at weblogic.work.ExecuteThread.run(ExecuteThread.java:176) Caused by: java.net.MalformedURLException at netscape.ldap.LDAPUrl.readNextConstruct(LDAPUrl.java:651) at netscape.ldap.LDAPUrl.parseUrl(LDAPUrl.java:277) at netscape.ldap.LDAPUrl.<init>(LDAPUrl.java:114) at weblogic.security.providers.authentication.LDAPAtnGroupMembersNameList.advance(LDAPAtnGroupMembersNameList.java:224) ... 41 more It’s fairly clear that in order to work that the : character needs to be URL encoded to %3A or similar.  But all is not lost, there is another way.  You can configure an LDAP Explorer like JXplorer to WebLogic Server Embedded LDAP and browse/edit the entries. Follow the instructions here, being sure to change the authentication credentials to the Embedded LDAP server to some value you know, as by default they are some unknown value.  You’ll need to reboot the WebLogic Server Admin Server after making this change. Now configure JXplorer to connect as described in the documentation.  I’ve circled the important inputs.  In this example, my domain name is “hotspot_domain” which listens on the localhost listen address and port 7001.  The cn=Admin user name is a constant identifier for the Administrator of the embedded LDAP and that does not change, but you need to know what it is so you can enter it into the tool you use. Once you connect successfully, you can explore the entries and in this case delete the group that is no longer desired.

  Read the article

• Die “AfterDark Reception” ist wieder da!

  - by A&C Redaktion

  In diesem Jahr erreicht die OPN Exchange “AfterDark” Reception neue Höhen! Denn diesmal findet der exklusive VIP-Event im 5. Stock des Metreon Building in San Francisco statt. Und zwar am Sonntag, 30. September, von 19.30 bis 22 Uhr. Genießen Sie in tollem Ambiente und bei einem Cocktail den sanften Sound von Macy Gray, während Sie den Tag beim Networking ausklingen lassen - mit Blick auf das 2012 live Music Festival. Und das Beste ist: Als Oracle PartnerNetwork Exchange Teilnehmer können Sie exklusiv und kostenlos dabei sein! Begleiten Sie uns, wenn wir die Oracle OpenWorld 2012 mit guten Gesprächen und toller Musik beginnen. Wir sehen uns - nach Sonnenuntergang! Ihr OPN Communications Team

  Read the article

• Help Protect Your Children with the CEOP Enhanced Internet Explorer 8

  - by Asian Angel

  Do you want to make Internet Explorer safer and more helpful for you and family? Then join us as we look at the CEOP (Child Exploitation and Online Protection Centre) enhanced version of Internet Explorer 8. Setting CEOP Up We chose to install the whole CEOP pack in order to have access to complete set of CEOP Tools. The install process will be comprised of two parts…it will begin with CEOP branded windows showing the components being installed… Note: The components can be downloaded separately for those who only want certain CEOP components added to their browser. Then it will move to the traditional Microsoft Internet Explorer 8 install windows. One thing that we did notice is that here you will be told that you will need to restart your computer but in other windows a log off/log on process is mentioned. Just to make certain that everything goes smoothly we recommend restarting your computer when the installation process is complete. In the EULA section you can see the versions of Windows that the CEOP Pack works with. Once you get past the traditional Microsoft install windows you will be dropped back into the CEOP branded windows. CEOP in Action After you have restarted your computer and opened Internet Explorer you will notice that your homepage has been changed. When it comes to your children that is not a bad thing in this instance. It will also give you an opportunity to look through the CEOP online resources. For the moment you may be wondering where everything is but do not worry. First you can find the two new search providers in the drop-down menu for your “Search Bar” and select a new default if desired. The second thing to look for are the new links that have been added to your “Favorites Menu”. These links can definitely be helpful for you and your family. The third part will require your “Favorites Bar” to be visible in order to see the “Click CEOP Button”. If you have not previously done so you will need to turn on subscribing for “Web Slices”. Click on “Yes” to finish the subscription process. Clicking on the “CEOP Button” again will show all kinds of new links to help provide information for you and your children. Notice that the top part is broken down into “topic categories” while the bottom part is set up for “age brackets”…very nice for helping you focus on the information that you want and/or need. Looking for information and help on a particular topic? Clicking on the “Cyberbullying Link” for example will open the following webpage with information about cyberbullying and a link to get help with the problem. Need something that is focused on your child’s age group? Clicking on the “8-10? Link” as an example opened this page. Want information that is focused on you? The “Parent? Link” leads to this page. The “topic categories & age brackets” make the CEOP Button a very helpful and “family friendly” addition to Internet Explorer. Perhaps you (or your child) want to conduct a search for something that is affecting your child. As you type in a “search term” both of the search providers will provide helpful suggestions for dealing with the problem. We felt that these were very nice suggestions in both instances here… Conclusion We have been able to give you a good peek at what the CEOP Tools can do but the best way to see how helpful it can be for you and your family is try it for yourself. Your children’s safety and happiness is worth it. Links Download the Internet Explorer CEOP Pack (link at bottom of webpage) Note: If you are interested in a singular component or only some use these links. Download the Click CEOP Button Download Search CEOP Download Internet Safety and Security Search Similar Articles Productive Geek Tips Mysticgeek Blog: A Look at Internet Explorer 8 Beta 1 on Windows XPWhen to Use Protect Tab vs Lock Tab in FirefoxMake Ctrl+Tab in Internet Explorer 7 Use Most Recent OrderRemove ISP Text or Corporate Branding from Internet Explorer Title BarQuick Hits: 11 Firefox Tab How-Tos TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Download Microsoft Office Help tab The Growth of Citibank Quickly Switch between Tabs in IE Windows Media Player 12: Tweak Video & Sound with Playback Enhancements Own a cell phone, or does a cell phone own you? Make your Joomla & Drupal Sites Mobile with OSMOBI

  Read the article

< Previous Page | 295 296 297 298 299 300 301 302 303 304 305 306  | Next Page >