Search Results

Search found 25758 results on 1031 pages for 'oracle security'.

Page 344/1031 | < Previous Page | 340 341 342 343 344 345 346 347 348 349 350 351 | Next Page >

Need suggestions on how to create a website with an encrypted database.

- by SFx

Hi guys, I want to create a website where a user enters content (say a couple of sentences) which eventually gets stored in a backend database (maybe MySQL). But before the content leaves the client side, I want it to get encrypted using something on client like maybe javascript. The data will travel over the web encrypted, but more importantly, will also be permanently stored in the backend database encrypted. Is JavaScript appropriate to use for this? Would 256 bit encryption take too long? Also, how do you query an encrypted database later on if you want to pull down the content that a user may have submitted over the past 2 months? I'm looking for tips, suggestions and any pointers you guys may have in how to go about learning about and accomplishing this. Thanks!

Read the article
Get phone number of (via mobile networks) browsing mobile device

- by TrialUser

I recently figured out, that the web site of my phone provider (mobile) mysteriously identifies me and automatically logs me into my account when I'm accessing with my android phone, as if it knew my phone number. (I used several browsers. When I'm using the phone as WLAN hotspot and access the same site from another device that doesn't happen.) How does my phone provider do that? On the one hand, as a programmer, I'd like to be able to do that too, but on the other hand, as a user, I'm kind of scared. What information do they have, such that they (believe they) are able to identify me just by my device? I hope this question isn't completely inappropriate for this site; feel free to add better tags — it's hard to find the right ones without knowing the Webmasters site at all.

Read the article
More than one way to skin an Audit

- by BuckWoody

I get asked quite a bit about auditing in SQL Server. By "audit", people mean everything from tracking logins to finding out exactly who ran a particular SELECT statement. In the really early versions of SQL Server, we didn't have a great story for very granular audits, so lots of workarounds were suggested. As time progressed, more and more audit capabilities were added to the product, and in typical database platform fashion, as we added a feature we didn't often take the others away. So now, instead of not having an option to audit actions by users, you might face the opposite problem - too many ways to audit! You can read more about the options you have for tracking users here: http://msdn.microsoft.com/en-us/library/cc280526(v=SQL.100).aspx In SQL Server 2008, we introduced SQL Server Audit, which uses Extended Events to really get a simple way to implement high-level or granular auditing. You can read more about that here: http://msdn.microsoft.com/en-us/library/dd392015.aspx As with any feature, you should understand what your needs are first. Auditing isn't "free" in the performance sense, so you need to make sure you're only auditing what you need to. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

Read the article
Did Microsoft Add Wiretapping Capability to Skype?

Ryan Gallagher, writing for Slate, put two and two together from a lot of no comments. He noted that back in 2007, German police forces said that they couldn't tap into Skype calls because of of its strong encryption and complicated peer-to-peer network connections; in fact, Skype bluntly stated at the time that, due to its encryption and architecture techniques, it couldn't conduct wiretaps. But that may have changed. Gallagher cited a Forbes article that claims the hacker community is talking about recent changes to Skype's architecture and whether they will allow users to be wiretapped. ...

Read the article
OpenJDK 6 B26 Available

- by user9158633

On September 21, 2012 the source bundle for OpenJDK 6 b26 was published at http://download.java.net/openjdk/jdk6/. The main changes in b26 are the latest round of security updates and a number of other fixes. For more information see the detailed list of all the changes in OpenJDK 6 B26. Test Results: All the jdk regression tests run with make test passed on linux. cd jdk6 make make test For the current list of excluded tests see jdk6/jdk/test/ProblemList.txt file: ProblemList.html in B26 | Latest ProblemList.txt (in the tip revision). Special thanks to Kelly O'Hair for his contributions to the project and Dave Katleman for his Release Engineering work.

Read the article
If you want to learn all about Exalogic in 6 minutes, watch this demo!

- by Michael Palmeter (Exalogic PM)

If you haven't seen the latest Exalogic demo, click here now. Our excellent marketing organization has recently produced a new 6-minute flash demo that describes the Exalogic Infrastructure-as-a-Service management UI. After years of investment in this product we are now in the final stages of delivering on the complete private-cloud-in-a-box vision that Larry Ellison announced back at Oracle OpenWorld 2010. This demo video (flash) does the best job yet of explaining what is so great about Exalogic and why it is going to drive transformation of our industry. If you haven't seen it yet, take a look. There's much more to Exalogic now than just blazing performance.

Read the article
How do you go about checking your open source libraries for keystroke loggers?

- by asd

A random person on the internet told me that a technology was secure(1), safe to use and didn't contain keyloggers because it is open source. While I can trivially detect the key stroke logger in this open source application, what can developers(2) do to protect themselves against rouge committers to open source projects? Doing a back of the envelope threat analysis, if I were a rogue developer, I'd fork a branch on git and promote it's download since it would have twitter support (and a secret key stroke logger). If it was an SVN repo, I'd create just create a new project. Even better would be to put the malicious code in the automatic update routines. (1) I won't mention which because I can only deal with one kind of zealot at a time. (2) Ordinary users are at the mercy of their virus and malware detection software-- it's absurd to expect grandma to read the source of code of their open source word processor's source code to find the keystroke logger.

Read the article
OpenJDK 6 B27 Available

- by user9158633

On October 26, 2012 the source bundle for OpenJDK 6 b27 was published at http://download.java.net/openjdk/jdk6/. The main changes in b27 are the latest round of security updates and a number of other fixes. For more information see the detailed list of all the changes in OpenJDK 6 B27. Test Results: All the jdk regression tests run with make test passed on linux_i586 cd jdk6 make make test Note: sun/tools/jinfo/Basic.sh test failed on linux_x64. For the current list of excluded tests see jdk6/jdk/test/ProblemList.txt file: ProblemList.html in B27 | Latest ProblemList.txt (in the tip revision). Special thanks to Kelly O'Hair for his contributions to the project and Dave Katleman for his Release Engineering work.

Read the article
DSS: SOA 11g (11.1.1.6) Solutions- End To End B2B Scenarios

- by JuergenKress

For access to the Oracle demo systems please visit OPN and talk to your Partner Expert Demo Highlights This demo showcases various features of Oracle B2B like Comprehensive document management and trading partner management Extensive B2B protocol support Secure and reliable message exchange B2B batching feature B2B Security & B2B Reports/Metrics Complete end-to-end processes tracking Demo Architecture & Bill of Materials & Demo Collateral & OFM Demos Corner & DSS Offerings & Scheduling Demos on DSS & DSS Support SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: SOA Suite,SOA demo,dss,SOA Community,Oracle SOA,Oracle BPM,BPM,Community,OPN,Jürgen Kress

Read the article
Welcome to the Database Cloud CoverAge blog

- by B R Clouse

Welcome to the Database Cloud CoverAge blog, brought to you by Oracle's Database Cloud Architecture Team. We've spent the past few years developing best practices for database consolidation projects, how to deliver Database as a Service, and for designing and driving corporate cloud initiatives. Many of our experiences and lessons learned are available in a growing collection of collateral that you can find on our OTN page.We decided to join the blogosphere to distill key concepts into short posts that you, our readers, can digest quickly. Also, this medium allows you to comment on our posts and collateral -- to share experiences, challenge our conclusions, critique our recipes, and help us choose topics to blog about. Watch for our next posting, which will start a series on your journey into cloud computing.

Read the article
Identify "non-secure" content IE warns about [on hold]

- by Doug Harris

As many know, if you serve a page over https and the content loads resources (images, stylesheets, js, SWF objects, etc) over http, older versions of Internet Explorer will show the user a warning saying "This page contains both secure and non-secure items". This is discomforting to many non-technical users. Usually, I can look at the HTML source and identify which item(s) are triggering this error. Sometimes a Flash object will load something else or some embedded javascript will put a new object in the DOM and trigger this. What tools are good for quickly tracking down the source of the warning?

Read the article
Are two database trips reasonable for a login system?

- by Randolph Potter

I am designing a login system for a project, and have an issue about it requiring two trips to the database when a user logs in. User types in username and password Database is polled and password hash is retrieved for comparative purposes (first trip) Code tests hash against entered password (and salt), and if verified, resets the session ID New session ID and username are sent back to the database to write a row to the login table, and generate a login ID for that session. EDIT: I am using a random salt. Does this design make sense? Am I missing something? Is my concern about two trips unfounded? Comments and suggestions are welcome.

Read the article
Webcast su Fusion CRM – il primo appuntamento è adesso on demand!

- by Silvia Valgoi

Se non hai potuto seguire il webcast su Fusion CRM (in italiano!) o se lo vuoi rivedere, ecco qui il link. Il webcast rappresenta il primo appuntamento dedicato ad approfondire le novità di Fusion CRM, il nuovo standard per gestire Vendite e Marketing e per scoprire in che modo una revisione dei processi commerciali possa garantire produttività del team di vendita ed una efficace integrazione con i processi di marketing. Il prossimo appuntamento è per il 3 luglio sempre alle 12:00. In quell’occasione ci si focalizzerà più su un modulo specifico di Fusion CRM: Oracle Fusion Territory Management che rappresenta la più completa soluzione per la gestiore dei territori e delle aree. Registrati qui. Non perdere l’ultimo appuntamento prima delle vacanze!

Read the article
Open World Day 4

- by Antony Reynolds

A Day in the Life of an OpenWorld Attendee Part V Last day at OpenWorld. The exhibits are closed, and the final few presentations are being given. I spent much of the day meeting with customers to talk about SOA/OSB and Coherence. Main event of the day was the farewell party which was loud and surprisingly well attended. I was able to have lunch with Dave Felcey, Coherence PM, who has a great blog and is always ready to share his expertise with people. So that was OpenWOrld for another year. I met a friend of a friend who attends OpenWorld every year and attends the Demo Grounds with a list of questions to ask people. I think that illustrates the point that everyone approaches OpenWorld in a different way and looks to get different things from it. For me OpenWorld is a great experience to feel the energy in Oracle and network with customers and partners. Hope to see you there next year!

Read the article
Keeping files private on the internet (.htaccess password or software/php/wordpress password)

- by jiewmeng

I was asked a while ago to setup a server such that only authenticated users can access files. It was like a test server for clients to view WIP sites. More recently, I want to do something similar for some of my files. Tho they are not very confidential, I wish that I am the only one viewing it. I thought of doing the same, Create a robots.txt User-agent: * Disallow: / Setup some password protection, .htpasswd seems like a very ugly way to do it. It will prompt me even when I log into FTP. I wonder if software method like password protected posts in Wordpress will do the trick of locking out the public and hiding content from Search Engines? Or some self made PHP script will do the trick?

Read the article
Is this safe? <a href=http://javascript:...>

- by KajMagnus

I wonder if href and src attributes on <a> and <img> tags are always safe w.r.t. XSS attacks, if they start with http:// or https://. For example, is it possible to append javascript: ... to the href and src attribute in some manner, to execute code? Disregarding whether or not the destination page is e.g. a pishing site, or the <img src=...> triggers a terribly troublesome HTTP GET request. Background: I'm processing text with markdown, and then I sanitize the resulting HTML (using Google Caja's JsHtmlSanitizer). Some sample code in Google Caja assumes all hrefs and srcs that start with http:// or https:// are safe -- I wonder if it's safe to use that sample code. Kind regards, Kaj-Magnus

Read the article
How to do a login page for third party service without letting them sign on?

- by AAA

We have a unique situation (at least for me, first time seeing this). We have a web form where accountants can fill in requests and that part is taken care of. But after their login we redirect them to a third-party website where we need more information from them. The process is crazy right now since we have to give our account login info to all people filing with us. So is there a way in PHP or any other solution where we can after that form on our website auto login with our information to that third party website in a way that our credentials are not visible to the users using the service?

Read the article
Java update

- by JuergenKress

Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers. These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547. These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software." (Read more at https://blogs.oracle.com/security/entry/security_alert_for_cve_20121) Updates are available at http://www.oracle.com/technetwork/java/javase/overview/index.html or Check your Java version online: http://www.java.com/de/download/testjava.jsp WebLogic Partner Community For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: Java,Java Security,Java update,WebLogic,WebLogic Community,Oracle,OPN,Jürgen Kress

Read the article
What Is the Experience Revolution – and Why Does it Matter?

- by Charles Knapp

Customer experience is how your customer perceives the sum of their interactions with your organization throughout their buying, service delivery, and ownership experiences. In our highly connected online, phone, social, and mobile interactions, it’s easy to lose a dissatisfied customer – who can readily dissuade future customers. Nevertheless, great brand experiences still deliver top margins and low-cost repeat business. The Experience Revolution seamlessly connects customer-facing interactions with employee-facing CRM transactions. While your organization has invested in some of these capabilities, how well do the pieces work for your customers? Is it time for your organization to join the Experience Revolution? We invite you to join Oracle President Mark Hurd for an incredible, educational evening on June 25, from 6:00 – 9:00 p.m. in New York City. Attend to see and learn: What leading brands do to win over customers How to unlock the value of customer experiences The bottom-line effect of great experiences Why doing nothing is not an option

Read the article
How to secure Ubuntu for a non-technical user? (your mom)

- by Gil

My mother will be traveling for a while and I need to provide her with a secure laptop so she can work. A windows laptop is out of the question because: she'll be logging into dodgy hotel wireless networks and conference networks price of the windows license to install on a netbook I've installed libreoffice, media players and skype on it. Also enabled SSH so I can intervene but I am worried that I might not be in a position to do so. Possible threats: web browsing USB sticks insecure networks prone to intrusions malware SSH/VNC vulnerabilites Skype vulnerabilities All the "securing Ubuntu" guides out there assume the user has a certain level of technical knowledge but this is not the case with moms in general. If a malware can gain even user level access it might compromise her files.

Read the article
client website compromised, found a strange .php file. any ideas?

- by Kevin Strong

I do support work for a web development company and I found a suspicious file today on the website of one of our clients called "hope.php" which contained several eval(gzuncompress(base64_decode('....'))) commands (which on a site like this, usually indicates that they've been hacked). Searching for the compromised site on google, we got a bunch of results which link to hope.php with various query strings that seem to generate different groups of seo terms like so: (the second result from the top is legitimate, all the rest are not) Here is the source of "hope.php": http://pastebin.com/7Ss4NjfA And here is the decoded version I got by replacing the eval()s with echo(): http://pastebin.com/m31Ys7q5 Any ideas where this came from or what it is doing? I've of course already removed the file from the server, but I've never seen code like this so I'm rather curious as to its origin. Where could I go to find more info about something like this?

Read the article
Python Web Applications: What is the way and the method to handle Registrations, Login-Logouts and Cookies? [on hold]

- by Phil

I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows: I would like to learn more about: User registration User Log-ins User Log-outs User auto-logins I have successfully handled items 1 and 3 due to their simple nature. However, I am confused with item 2 (log-ins) and item 4 (auto-logins). When a user enters username and password, and after hashing with salts and matching it in the DB; What information should I store in the cookies in order to keep the user logged in during the session? Do I keep username+password but encrypt them? Both or just password? Do I keep username and a generated key matching their password? If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies? I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is. I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process. Some information: I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.

Read the article
PeopleTools Collateral Available

- by Matthew Haavisto

We've posted a lot of documentation including presentations, white/red papers, data sheets, and other useful collateral on Oracle.com, a public site. If you are seeking detailed information on a particular topic, this is a good place to start. It's a bit hard to find so I'm posting it here. This resource library contains collateral on general PeopleTools, user experience and interaction--including the PeopleSoft Interaction Hub, platforms, security, life-cycle management, reporting and analytics, integration, and accessibility. There are also links to video feature overviews, viewlets, and appcasts, and the latest release information. There is much valuable information here, so if you need information about PeopleTools and related information, start here.

Read the article
Microsoft Office 2013 Takes New Approach

You can check out an article from Computerworld for a good look at the questions and answers about the new software. For instance, you've probably noticed that I'm not giving the full name. That's because Microsoft seems to be using several names. If you go the traditional route and pay the one-time upfront fee for the shrink-wrapped edition, it's Office 2013. There's also a tablet version called Office Home and Student 2013 RT - but that won't include the iPad, or at least not at first. The consumer preview, which I'll be linking to in a minute, is dubbed Office 365 Home Premium. There ...

Read the article
Site overthrown by Turkish hackers...

- by Jackson Gariety

Go ahead, laugh. I forgot to remove the default admin/admin account on my blog. SOmebody got in and has replaced my homepage with some internet graffiti. I've used .htaccess to replace the page with a 403 error, but no matter what I do, my wordpress homepage is this hacker thing. How can I setup my server so that ONLY MYSELF can view it while I'm fixing this via .htaccess? What steps should I take to eradicate them from my server? If I delete the ENTIRE website and change all the passwords, is he completely gone? Thanks.

Read the article

< Previous Page | 340 341 342 343 344 345 346 347 348 349 350 351 | Next Page >