Search Results

Search found 17646 results on 706 pages for 'security warning'.

Page 35/706 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

  • Replay attacks for HTTPS requests

    - by MatthewMartin
    Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability. What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire? No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.

    Read the article

  • Database Security: The First Step in Pre-Emptive Data Leak Prevention

    - by roxana.bradescu
    With WikiLeaks raising awareness around information leaks and the harm they can cause, many organization are taking stock of their own information leak protection (ILP) strategies in 2011. A report by IDC on data leak prevention stated: Increasing database security is one of the most efficient and cost-effective measures an organization can take to prevent data leaks. By utilizing the data protection, access control, account management, encryption, log management, and other security controls inherent in the database management system, entities can institute first-level control over the widest range of protected information. As a central repository for unstructured data, which is growing at leaps and bounds, the database should be the first layer providing information leakage protection. Unfortunately, most organizations are not taking sufficient steps to protect their databases according to a survey of the Independent Oracle User Group. For example, any operating system administrator or database administrator can access the all the data stored in the database in most organizations. Without any kind of auditing or monitoring. And it's not just administrators, database users can typically access the database with ad-hoc query tools from their desktop and by-pass any application level controls. Despite numerous regulations calling for controls to limit the powers of insiders, most organizations still put too many privileges in the hands of their employees. Time and time again these excess privileges have backfired. Internal agents were implicated in almost half of data breaches according to the Verizon Data Breach Investigations Report and the rate is rising. Hackers also took advantage of these excess privileges very successfully using stolen credentials and SQL injection attacks. But back to the insiders. Who are these insiders and why do they do it? In 2002, the U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts formed the Insider Threat Study team to examine insider threat cases that occurred in US critical infrastructure sectors, and examined them from both a technical and a behavioral perspective. A series of fascinating reports has been published as a result of this work. You can learn more by watching the ISSA Insider Threat Web Conference. So as your organization starts to look at data leak prevention over the coming year, start off by protecting your data at the source - your databases. IDC went on to say: Any enterprise looking to improve its competitiveness, regulatory compliance, and overall data security should consider Oracle's offerings, not only because of their database management capabilities but also because they provide tools that are the first layer of information leak prevention. Learn more about Oracle Database Security solutions and get the whitepapers, demos, tutorials, and more that you need to protect data privacy from internal and external threats.

    Read the article

  • SQL SERVER – Windows File/Folder and Share Permissions – Notes from the Field #029

    - by Pinal Dave
    [Note from Pinal]: This is a 29th episode of Notes from the Field series. Security is the task which we should give it to the experts. If there is a small overlook or misstep, there are good chances that security of the organization is compromised. This is very true, but there are always devils’s advocates who believe everyone should know the security. As a DBA and Administrator, I often see people not taking interest in the Windows Security hiding behind the reason of not expert of Windows Server. We all often miss the important mission statement for the success of any organization – Teamwork. In this blog post Brian tells the story in very interesting lucid language. Read On! In this episode of the Notes from the Field series database expert Brian Kelley explains a very crucial issue DBAs and Developer faces on their production server. Linchpin People are database coaches and wellness experts for a data driven world. Read the experience of Brian in his own words. When I talk security among database professionals, I find that most have at least a working knowledge of how to apply security within a database. When I talk with DBAs in particular, I find that most have at least a working knowledge of security at the server level if we’re speaking of SQL Server. One area I see continually that is weak is in the area of Windows file/folder (NTFS) and share permissions. The typical response is, “I’m a database developer and the Windows system administrator is responsible for that.” That may very well be true – the system administrator may have the primary responsibility and accountability for file/folder and share security for the server. However, if you’re involved in the typical activities surrounding databases and moving data around, you should know these permissions, too. Otherwise, you could be setting yourself up where someone is able to get to data he or she shouldn’t, or you could be opening the door where human error puts bad data in your production system. File/Folder Permission Basics: I wrote about file/folder permissions a few years ago to give the basic permissions that are most often seen. Here’s what you must know as a minimum at the file/folder level: Read - Allows you to read the contents of the file or folder. Having read permissions allows you to copy the file or folder. Write  – Again, as the name implies, it allows you to write to the file or folder. This doesn’t include the ability to delete, however, nothing stops a person with this access from writing an empty file. Delete - Allows the file/folder to be deleted. If you overwrite files, you may need this permission. Modify - Allows read, write, and delete. Full Control - Same as modify + the ability to assign permissions. File/Folder permissions aggregate, unless there is a DENY (where it trumps, just like within SQL Server), meaning if a person is in one group that gives Read and antoher group that gives Write, that person has both Read and Write permissions. As you might expect me to say, always apply the Principle of Least Privilege. This likely means that any additional permission you might add does not need Full Control. Share Permission Basics: At the share level, here are the permissions. Read - Allows you to read the contents on the share. Change - Allows you to read, write, and delete contents on the share. Full control - Change + the ability to modify permissions. Like with file/folder permissions, these permissions aggregate, and DENY trumps. So What Access Does a Person / Process Have? Figuring out what someone or some process has depends on how the location is being accessed: Access comes through the share (\\ServerName\Share) – a combination of permissions is considered. Access is through a drive letter (C:\, E:\, S:\, etc.) – only the file/folder permissions are considered. The only complicated one here is access through the share. Here’s what Windows does: Figures out what the aggregated permissions are at the file/folder level. Figures out what the aggregated permissions are at the share level. Takes the most restrictive of the two sets of permissions. You can test this by granting Full Control over a folder (this is likely already in place for the Users local group) and then setting up a share. Give only Read access through the share, and that includes to Administrators (if you’re creating a share, likely you have membership in the Administrators group). Try to read a file through the share. Now try to modify it. The most restrictive permission is the Share level permissions. It’s set to only allow Read. Therefore, if you come through the share, it’s the most restrictive. Does This Knowledge Really Help Me? In my experience, it does. I’ve seen cases where sensitive files were accessible by every authenticated user through a share. Auditors, as you might expect, have a real problem with that. I’ve also seen cases where files to be imported as part of the nightly processing were overwritten by files intended from development. And I’ve seen cases where a process can’t get to the files it needs for a process because someone changed the permissions. If you know file/folder and share permissions, you can spot and correct these types of security flaws. Given that there are a lot of database professionals that don’t understand these permissions, if you know it, you set yourself apart. And if you’re able to help on critical processes, you begin to set yourself up as a linchpin (link to .pdf) for your organization. If you want to get started with performance tuning and database security with the help of experts, read more over at Fix Your SQL Server. Reference: Pinal Dave (http://blog.sqlauthority.com)Filed under: Notes from the Field, PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL

    Read the article

  • How to enable connection security for WMI firewall rules when using VAMT 2.0?

    - by Ondrej Tucny
    I want to use VAMT 2.0 to install product keys and active software in remote machines. Everything works fine as long as the ASync-In, DCOM-In, and WMI-In Windows Firewall rules are enabled and the action is set to Allow the connection. However, when I try using Allow the connection if it is secure (regardless of the connection security option chosen) VAMT won't connect to the remote machine. I tried using wbemtest and the error always is “The RPC server is unavailable”, error code 0x800706ba. How do I setup at least some level of connection security for remote WMI access for VAMT to work? I googled for correct VAMT setup, read the Volume Activation 2.0 Step-by-Step guide, but no luck finding anything about connection security.

    Read the article

  • Windows Server 2012 File Security Warning

    - by Technicolour
    I've mapped my domain users to a remote share, and I'm trying to get rid of the security warning that appears whenever a file is run from the remote share. I've tried adding the FQDN to the intranet list with no prevail and I'm starting to go crazy. I've also turned off IE Enhanced Security Configuration for both Admins and Users. The group policies are being applied, and I can see the FQDN in the intranet list in internet options. Relevant group policy: Relevant security warning:

    Read the article

  • Can not find the "variables.tcl" file in Varnish Security

    - by Vladimir
    Varnish Security main.vcl contains # clear all internal variables include "/etc/varnish/security/build/variables.vcl"; and # fallthrough: clear all internal variables on security.vcl_recv exit include "/etc/varnish/security/build/variables.vcl"; but /etc/varnish/security/build/variables.vcl is not included into the git. I commented it out, and it is working fine but where can I get that file?

    Read the article

  • If a user is part of two TFS security groups, why do they (appear to) receive the lesser security of the two?

    - by Jedidja
    Given two TFS security groups Admins: Contains a set of Windows users Friends: Contains a Windows Security Group (which is also used as a mailing list) However, the people listed as admins are also part of the security group. It appears that when I lock down the Friends group to certain directories in TFS, the people in Admin also lose their privileges. Is there any way for users to receive the maximum security allowed between multiple groups they are included in? Or have I perhaps setup my TFS security groups incorrectly?

    Read the article

  • yum security update - message indicating kernel version not up to date

    - by JMC
    Running yum --security check-update returns this message: Security: kernel-3.x.x-x.63 is an installed security update Security: kernel-3.x.x-x.29 is the currently running version I already ran the yum security update on the kernel, but it looks like it didn't change the version running on the system. What needs to be done to make it run the new kernel? Are there any concerns about why it didn't change during the installation process? The yum log just shows installed for the new kernel no error messages.

    Read the article

  • What security changes are necessary when connecting DSL modem directly to PC instead of router?

    - by Mike B
    Windows XP I have a user with a single PC that was connected to the internet via a standard home router. The router is now having hardware-related issues and to save money, they're considering connecting the PC directly to the DSL modem since they don't need to share the internet connection or need wireless functionality. If they decide to do that, I'm concerned that this will introduce additional security concerns. Is the Windows Firewall sufficient and Microsoft Security Essentials sufficient for protecting a computer directly connected to a DSL Modem? Or is other security software needed here? Ideally, I'd like to avoid having third-party firewall software constantly bringing up alerts and asking them to approve everything. Also, just to clarify, their use cases are just internet browsing and email.

    Read the article

  • How to sanely configure security policy in Tomcat 6

    - by Chas Emerick
    I'm using Tomcat 6.0.24, as packaged for Ubuntu Karmic. The default security policy of Ubuntu's Tomcat package is pretty stringent, but appears straightforward. In /var/lib/tomcat6/conf/policy.d, there are a variety of files that establish default policy. Worth noting at the start: I've not changed the stock tomcat install at all -- no new jars into its common lib directory(ies), no server.xml changes, etc. Putting the .war file in the webapps directory is the only deployment action. the web application I'm deploying fails with thousands of access denials under this default policy (as reported to the log thanks to the -Djava.security.debug="access,stack,failure" system property). turning off the security manager entirely results in no errors whatsoever, and proper app functionality What I'd like to do is add an application-specific security policy file to the policy.d directory, which seems to be the recommended practice. I added this to policy.d/100myapp.policy (as a starting point -- I would like to eventually trim back the granted permissions to only what the app actually needs): grant codeBase "file:${catalina.base}/webapps/ROOT.war" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/lib/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/classes/-" { permission java.security.AllPermission; }; Note the thrashing around attempting to find the right codeBase declaration. I think that's likely my fundamental problem. Anyway, the above (really only the first two grants appear to have any effect) almost works: the thousands of access denials are gone, and I'm left with just one. Relevant stack trace: java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat6/webapps/ROOT/WEB-INF/classes/com/foo/some-file-here.txt read) java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) java.security.AccessController.checkPermission(AccessController.java:546) java.lang.SecurityManager.checkPermission(SecurityManager.java:532) java.lang.SecurityManager.checkRead(SecurityManager.java:871) java.io.File.exists(File.java:731) org.apache.naming.resources.FileDirContext.file(FileDirContext.java:785) org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:206) org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:299) org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1937) org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:973) org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1108) java.lang.ClassLoader.getResource(ClassLoader.java:973) I'm pretty convinced that the actual file that's triggering the denial is irrelevant -- it's just some properties file that we check for optional configuration parameters. What's interesting is that: it doesn't exist in this context the fact that the file doesn't exist ends up throwing a security exception, rather than java.io.File.exists() simply returning false (although I suppose that's just a matter of the semantics of the read permission). Another workaround (besides just disabling the security manager in tomcat) is to add an open-ended permission to my policy file: grant { permission java.security.AllPermission; }; I presume this is functionally equivalent to turning off the security manager. I suppose I must be getting the codeBase declaration in my grants subtly wrong, but I'm not seeing it at the moment.

    Read the article

  • Windows Security Videos auf Channel 9

    - by Your DisplayName here!
    Ich habe vor ein paar Wochen mit Lori drei Videos zum Thema Windows Security für Entwickler aufgenommen – die sind nun Online. Der erste Teil beschäftigt sich mit den absoluten Grundlagen der Windows Sicherheit. Was ist ein Konto? Was ist eine SID? Was ist ein Windows Token? Weiterhin wird gezeigt, wie sich diese grundlegenden Windows Einrichtungen über Managed Code anprogrammieren lassen. Der Vortrag endet mit einem kleinen Einblick in die Vorgehensweise von UAC, und wie dieses programmatisch verwendet werden kann. http://channel9.msdn.com/Blogs/Lori/Windows-Security-fr-Developers-Teil-1 Teil zwei beschäfitgt sich mit Zugriffs-Kontrolllisten, und wie diese mit .NET Code gelesen und geschrieben werden können. Weiterhin werden die beiden verwandten Konzepte Logon Session und Impersonierung besprochen. Beide Einrichtungen erzeugen einen neuen Token, sind aber grundlegend verschieden in ihren Einsatzgebieten. http://channel9.msdn.com/Blogs/Lori/Windows-Security-fr-Developers-Teil-2 Teil drei stellt das Kerberos Netzwerk-Authentifizierungsprotokoll vor. Da dieses Protokoll standardmäßig in Active Directory verwendet wird, sollten man es in den Grundzügen kennen. Natürlich kann auch Kerberos aus Managed Code verwendet werden – die abschließende Demo zeigt wie dies funktioniert. http://channel9.msdn.com/Blogs/Lori/Windows-Security-fr-Developers-Teil-3 …und noch ein kleines Interview http://channel9.msdn.com/Blogs/Lori/Interview-mit-Dominick-Baier Viel Spaß ;)

    Read the article

  • MacBook Pro Late 2009 SATA Resets, Slowness (Is my motherboard dying on both machines?)

    - by A Student at a University
    My MacBook Pro runs slower the longer it's on. I am getting kernel warnings. Some, but not all, resets correlate with AC power connects and disconnects. I don't think the warnings do. (How do I tell?) What are these errors? What causes them? Can this damage the drive or corrupt data? What is it seeing that motivates these? 02:37:16[ 0.791992] ahci 0000:00:0b.0: PCI INT A -> Link[LSI0] -> GSI 20 (level, low) -> IRQ 20 02:37:16[ 0.792047] ahci 0000:00:0b.0: irq 43 for MSI/MSI-X 02:37:16[ 0.792053] ahci 0000:00:0b.0: controller can't do PMP, turning off CAP_PMP 02:37:16[ 0.792104] ahci 0000:00:0b.0: AHCI 0001.0200 32 slots 6 ports 1.5 Gbps 0x3 impl IDE mode 02:37:16[ 0.792107] ahci 0000:00:0b.0: flags: 64bit ncq sntf pm led pio slum part boh 02:37:16[ 0.792111] ahci 0000:00:0b.0: setting latency timer to 64 02:37:16[ 0.813473] scsi0 : ahci 02:37:16[ 0.823340] scsi1 : ahci 02:37:16[ 0.848164] ata1: SATA max UDMA/133 abar m8192@0xe7484000 port 0xe7484100 irq 43 02:37:16[ 0.848166] ata2: SATA max UDMA/133 abar m8192@0xe7484000 port 0xe7484180 irq 43 02:37:16[ 1.190132] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 1.190153] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 1.213568] ata1.00: ATA-8: OCZ-VERTEX2, 1.23, max UDMA/133 02:37:16[ 1.213572] ata1.00: 195371568 sectors, multi 1: LBA48 NCQ (depth 31/32) 02:37:16[ 1.227293] ata2.00: ATA-8: ST9500420ASG, 0002SDM1, max UDMA/133 02:37:16[ 1.227297] ata2.00: 976773168 sectors, multi 16: LBA48 NCQ (depth 31/32) 02:37:16[ 1.229570] ata2.00: configured for UDMA/133 02:37:16[ 1.240120] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:37:16[ 1.240123] ata2: irq_stat 0x00000040, connection status changed 02:37:16[ 1.240127] ata2: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:37:16[ 1.240133] ata2: hard resetting link 02:37:16[ 1.260738] ata1.00: configured for UDMA/133 02:37:16[ 1.280111] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:37:16[ 1.280114] ata1: irq_stat 0x00000040, connection status changed 02:37:16[ 1.280118] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:37:16[ 1.280122] ata1: hard resetting link 02:37:16[ 1.990101] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 1.994215] ata2.00: configured for UDMA/133 02:37:16[ 1.994220] ata2: EH complete 02:37:16[ 2.030097] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 2.090773] ata1.00: configured for UDMA/133 02:37:16[ 2.090778] ata1: EH complete 02:37:16[ 2.090931] scsi 0:0:0:0: Direct-Access ATA OCZ-VERTEX2 1.23 PQ: 0 ANSI: 5 02:37:16[ 2.091045] sd 0:0:0:0: Attached scsi generic sg0 type 0 02:37:16[ 2.091121] sd 0:0:0:0: [sda] 195371568 512-byte logical blocks: (100 GB/93.1 GiB) 02:37:16[ 2.091159] scsi 1:0:0:0: Direct-Access ATA ST9500420ASG 0002 PQ: 0 ANSI: 5 02:37:16[ 2.091163] sd 0:0:0:0: [sda] Write Protect is off 02:37:16[ 2.091165] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 02:37:16[ 2.091183] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA 02:37:16[ 2.091252] sd 1:0:0:0: Attached scsi generic sg1 type 0 02:37:16[ 2.091446] sd 1:0:0:0: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB) 02:37:16[ 2.091580] sd 1:0:0:0: [sdb] Write Protect is off 02:37:16[ 2.091582] sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00 02:37:16[ 2.091637] sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA 02:37:16[ 2.093140] sd 0:0:0:0: [sda] Attached SCSI disk 02:37:16[ 2.093773] sd 1:0:0:0: [sdb] Attached SCSI disk 02:37:16[ 2.693899] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null) 02:37:16[ 5.483492] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro 02:37:16[ 7.905040] EXT4-fs (dm-2): mounted filesystem with ordered data mode. Opts: (null) 02:37:25[ 19.553095] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:37:25[ 19.555266] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:37:25[ 19.641532] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:37:25[ 19.641532] ata1: irq_stat 0x00000040, connection status changed 02:37:25[ 19.641532] ata1: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:37:25[ 19.641533] ata1: hard resetting link 02:37:25[ 19.642076] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:37:25[ 19.642078] ata2: irq_stat 0x00000040, connection status changed 02:37:25[ 19.642081] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:37:25[ 19.642084] ata2: hard resetting link 02:37:26[ 20.392606] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:26[ 20.392610] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:26[ 20.396697] ata2.00: configured for UDMA/133 02:37:26[ 20.396703] ata2: EH complete 02:37:26[ 20.451491] ata1.00: configured for UDMA/133 02:37:26[ 20.451498] ata1: EH complete 02:37:30[ 24.563725] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:37:30[ 24.565939] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:37:30[ 24.627236] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5900000 action 0xe frozen t4 02:37:30[ 24.627240] ata1: irq_stat 0x00000040, connection status changed 02:37:30[ 24.627242] ata1: SError: { Dispar LinkSeq TrStaTrns DevExch } 02:37:30[ 24.627246] ata1: hard resetting link 02:37:30[ 24.632241] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:37:30[ 24.632244] ata2: irq_stat 0x00000040, connection status changed 02:37:30[ 24.632247] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:37:30[ 24.632250] ata2: hard resetting link 02:37:31[ 25.372582] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:31[ 25.382615] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:31[ 25.386782] ata2.00: configured for UDMA/133 02:37:31[ 25.386788] ata2: EH complete 02:37:31[ 25.431668] ata1.00: configured for UDMA/133 02:37:31[ 25.431674] ata1: EH complete 02:45:54[ 529.141844] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=0 02:45:55[ 529.544529] EXT4-fs (dm-2): re-mounted. Opts: commit=0 02:45:55[ 529.622561] ata1: limiting SATA link speed to 1.5 Gbps 02:45:55[ 529.622568] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:45:55[ 529.622572] ata1: irq_stat 0x00400040, connection status changed 02:45:55[ 529.622576] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:45:55[ 529.622583] ata1: hard resetting link 02:45:55[ 529.622609] ata2: limiting SATA link speed to 1.5 Gbps 02:45:55[ 529.622613] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen 02:45:55[ 529.622616] ata2: irq_stat 0x00000040, connection status changed 02:45:55[ 529.622620] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:45:55[ 529.622624] ata2: hard resetting link 02:45:56[ 530.380135] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:56[ 530.380157] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:56[ 530.384305] ata2.00: configured for UDMA/133 02:45:56[ 530.384314] ata2: EH complete 02:45:56[ 530.399225] ata1.00: configured for UDMA/133 02:45:56[ 530.399233] ata1: EH complete 02:45:58[ 532.395990] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:45:58[ 532.518270] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:45:58[ 532.590968] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5840000 action 0xe frozen t4 02:45:58[ 532.590973] ata1: irq_stat 0x00000040, connection status changed 02:45:58[ 532.590977] ata1: SError: { CommWake LinkSeq TrStaTrns DevExch } 02:45:58[ 532.590983] ata1: hard resetting link 02:45:58[ 532.591034] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:45:58[ 532.591037] ata2: irq_stat 0x00000040, connection status changed 02:45:58[ 532.591041] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:45:58[ 532.591045] ata2: hard resetting link 02:45:59[ 533.340147] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:59[ 533.340168] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:59[ 533.344416] ata2.00: configured for UDMA/133 02:45:59[ 533.344424] ata2: EH complete 02:45:59[ 533.360839] ata1.00: configured for UDMA/133 02:45:59[ 533.360847] ata1: EH complete 02:45:59[ 533.584449] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=0 02:45:59[ 533.586999] EXT4-fs (dm-2): re-mounted. Opts: commit=0 02:45:59[ 533.660117] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen 02:45:59[ 533.660122] ata2: irq_stat 0x00000040, connection status changed 02:45:59[ 533.660126] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:45:59[ 533.660132] ata2: hard resetting link 02:45:59[ 533.660141] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:45:59[ 533.660143] ata1: irq_stat 0x00000040, connection status changed 02:45:59[ 533.660147] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:45:59[ 533.660151] ata1: hard resetting link 02:46:00[ 534.412536] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:00[ 534.412562] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:00[ 534.416768] ata2.00: configured for UDMA/133 02:46:00[ 534.416777] ata2: EH complete 02:46:00[ 534.431396] ata1.00: configured for UDMA/133 02:46:00[ 534.431401] ata1: EH complete 02:46:03[ 537.384649] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:46:03[ 537.504214] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:46:03[ 537.585992] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5900000 action 0xe frozen t4 02:46:03[ 537.585996] ata1: irq_stat 0x00000040, connection status changed 02:46:03[ 537.585999] ata1: SError: { Dispar LinkSeq TrStaTrns DevExch } 02:46:03[ 537.586002] ata1: hard resetting link 02:46:03[ 537.586028] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:46:03[ 537.586030] ata2: irq_stat 0x00000040, connection status changed 02:46:03[ 537.586033] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:46:03[ 537.586036] ata2: hard resetting link 02:46:04[ 538.330147] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:04[ 538.330168] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:04[ 538.334389] ata2.00: configured for UDMA/133 02:46:04[ 538.334398] ata2: EH complete 02:46:04[ 538.343511] ata1.00: configured for UDMA/133 02:46:04[ 538.343519] ata1: EH complete 02:46:04[ 538.456413] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=0 02:46:04[ 538.459404] EXT4-fs (dm-2): re-mounted. Opts: commit=0 02:46:04[ 538.540138] ata1.00: limiting speed to UDMA/100:PIO4 02:46:04[ 538.540144] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:46:04[ 538.540148] ata1: irq_stat 0x00000040, connection status changed 02:46:04[ 538.540153] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:46:04[ 538.540159] ata1: hard resetting link 02:46:04[ 538.540202] ata2.00: limiting speed to UDMA/100:PIO4 02:46:04[ 538.540207] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen 02:46:04[ 538.540211] ata2: irq_stat 0x00000040, connection status changed 02:46:04[ 538.540215] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:46:04[ 538.540220] ata2: hard resetting link 02:46:05[ 539.290054] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:05[ 539.290041] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:05[ 539.294100] ata2.00: configured for UDMA/100 02:46:05[ 539.294106] ata2: EH complete 02:46:05[ 539.314125] ata1.00: configured for UDMA/100 02:46:05[ 539.314132] ------------[ cut here ]------------ 02:46:05[ 539.314140] WARNING: at /build/buildd/linux-2.6.35/drivers/ata/libata-eh.c:3638 ata_eh_finish+0xdf/0xf0() 02:46:05[ 539.314144] Hardware name: MacBookPro5,3 02:46:05[ 539.314146] Modules linked in: michael_mic arc4 xt_multiport binfmt_misc rfcomm sco bnep l2cap parport_pc ppdev nvidia(P) ipt_REJECT xt_recent snd_hda_codec_cirrus xt_limit xt_tcpudp ipt_addrtype xt_state snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi applesmc led_class ip6table_filter lib80211_crypt_tkip snd_rawmidi snd_seq_midi_event ip6_tables input_polldev hid_apple snd_seq wl(P) snd_timer snd_seq_device snd joydev bcm5974 usbhid mbp_nvidia_bl uvcvideo btusb videodev v4l1_compat v4l2_compat_ioctl32 nf_nat_irc hid nf_conntrack_irc soundcore snd_page_alloc i2c_nforce2 coretemp lib80211 bluetooth nf_nat_ftp nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack_ftp nf_conntrack lp parport iptable_filter ip_tables x_tables usb_storage firewire_ohci firewire_core forcedeth crc_itu_t ahci libahci 02:46:05[ 539.314221] Pid: 202, comm: scsi_eh_0 Tainted: P 2.6.35-25-generic #44-Ubuntu 02:46:05[ 539.314224] Call Trace: 02:46:05[ 539.314233] [<ffffffff8106091f>] warn_slowpath_common+0x7f/0xc0 02:46:05[ 539.314237] [<ffffffff8106097a>] warn_slowpath_null+0x1a/0x20 02:46:05[ 539.314242] [<ffffffff813dc77f>] ata_eh_finish+0xdf/0xf0 02:46:05[ 539.314246] [<ffffffff813e441e>] sata_pmp_error_handler+0x2e/0x40 02:46:05[ 539.314256] [<ffffffffa00021bf>] ahci_error_handler+0x1f/0x90 [libahci] 02:46:05[ 539.314261] [<ffffffff813dd6d2>] ata_scsi_error+0x492/0x5e0 02:46:05[ 539.314266] [<ffffffff813b24cd>] scsi_error_handler+0x10d/0x190 02:46:05[ 539.314270] [<ffffffff813b23c0>] ? scsi_error_handler+0x0/0x190 02:46:05[ 539.314275] [<ffffffff8107f266>] kthread+0x96/0xa0 02:46:05[ 539.314280] [<ffffffff8100aee4>] kernel_thread_helper+0x4/0x10 02:46:05[ 539.314284] [<ffffffff8107f1d0>] ? kthread+0x0/0xa0 02:46:05[ 539.314288] [<ffffffff8100aee0>] ? kernel_thread_helper+0x0/0x10 02:46:05[ 539.314291] ---[ end trace 76dbffc2d5d49d9b ]--- 02:46:05[ 539.314296] ata1: EH complete 02:46:12[ 547.040091] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen 02:46:12[ 547.040098] ata1.00: failed command: IDENTIFY DEVICE 02:46:12[ 547.040106] ata1.00: cmd ec/00:00:00:00:00/00:00:00:00:00/40 tag 0 pio 512 in 02:46:12[ 547.040108] res 40/00:01:00:00:00/00:00:00:00:00/e0 Emask 0x4 (timeout) 02:46:12[ 547.040111] ata1.00: status: { DRDY } 02:46:12[ 547.040117] ata1: hard resetting link 02:46:13[ 547.390144] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:13[ 547.408430] ata1.00: configured for UDMA/100 02:46:13[ 547.408438] ------------[ cut here ]------------ 02:46:13[ 547.408447] WARNING: at /build/buildd/linux-2.6.35/drivers/ata/libata-eh.c:3638 ata_eh_finish+0xdf/0xf0() 02:46:13[ 547.408451] Hardware name: MacBookPro5,3 02:46:13[ 547.408453] Modules linked in: michael_mic arc4 xt_multiport binfmt_misc rfcomm sco bnep l2cap parport_pc ppdev nvidia(P) ipt_REJECT xt_recent snd_hda_codec_cirrus xt_limit xt_tcpudp ipt_addrtype xt_state snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi applesmc led_class ip6table_filter lib80211_crypt_tkip snd_rawmidi snd_seq_midi_event ip6_tables input_polldev hid_apple snd_seq wl(P) snd_timer snd_seq_device snd joydev bcm5974 usbhid mbp_nvidia_bl uvcvideo btusb videodev v4l1_compat v4l2_compat_ioctl32 nf_nat_irc hid nf_conntrack_irc soundcore snd_page_alloc i2c_nforce2 coretemp lib80211 bluetooth nf_nat_ftp nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack_ftp nf_conntrack lp parport iptable_filter ip_tables x_tables usb_storage firewire_ohci firewire_core forcedeth crc_itu_t ahci libahci 02:46:13[ 547.408528] Pid: 202, comm: scsi_eh_0 Tainted: P W 2.6.35-25-generic #44-Ubuntu 02:46:13[ 547.408531] Call Trace: 02:46:13[ 547.408540] [<ffffffff8106091f>] warn_slowpath_common+0x7f/0xc0 02:46:13[ 547.408544] [<ffffffff8106097a>] warn_slowpath_null+0x1a/0x20 02:46:13[ 547.408549] [<ffffffff813dc77f>] ata_eh_finish+0xdf/0xf0 02:46:13[ 547.408553] [<ffffffff813e441e>] sata_pmp_error_handler+0x2e/0x40 02:46:13[ 547.408563] [<ffffffffa00021bf>] ahci_error_handler+0x1f/0x90 [libahci] 02:46:13[ 547.408567] [<ffffffff813dd6d2>] ata_scsi_error+0x492/0x5e0 02:46:13[ 547.408572] [<ffffffff813b24cd>] scsi_error_handler+0x10d/0x190 02:46:13[ 547.408577] [<ffffffff813b23c0>] ? scsi_error_handler+0x0/0x190 02:46:13[ 547.408582] [<ffffffff8107f266>] kthread+0x96/0xa0 02:46:13[ 547.408587] [<ffffffff8100aee4>] kernel_thread_helper+0x4/0x10 02:46:13[ 547.408591] [<ffffffff8107f1d0>] ? kthread+0x0/0xa0 02:46:13[ 547.408595] [<ffffffff8100aee0>] ? kernel_thread_helper+0x0/0x10 02:46:13[ 547.408598] ---[ end trace 76dbffc2d5d49d9c ]--- 02:46:13[ 547.408620] ata1: EH complete 02:46:13[ 547.562470] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:46:13[ 547.671380] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:46:13[ 547.738198] ata1.00: limiting speed to UDMA/33:PIO4 02:46:13[ 547.738204] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5800000 action 0xe frozen t4 02:46:13[ 547.738208] ata1: irq_stat 0x00000040, connection status changed 02:46:13[ 547.738212] ata1: SError: { LinkSeq TrStaTrns DevExch } 02:46:13[ 547.738218] ata1: hard resetting link 02:46:13[ 547.738262] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5900000 action 0xe frozen t4 02:46:13[ 547.738265] ata2: irq_stat 0x00000040, connection status changed 02:46:13[ 547.738269] ata2: SError: { Dispar LinkSeq TrStaTrns DevExch } 02:46:13[ 547.738274] ata2: hard resetting link 02:46:14[ 548.482561] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:14[ 548.484083] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:14[ 548.486809] ata2.00: configured for UDMA/100 02:46:14[ 548.486818] ata2: EH complete 02:46:14[ 548.498998] ata1.00: configured for UDMA/33 02:46:14[ 548.499004] ata1: EH complete 02:46:18[ 552.410499] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:46:18[ 552.522521] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:46:18[ 552.529674] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5800000 action 0xe frozen t4 02:46:18[ 552.529678] ata1: irq_stat 0x00000040, connection status changed 02:46:18[ 552.529680] ata1: SError: { LinkSeq TrStaTrns DevExch } 02:46:18[ 552.529684] ata1: hard resetting link 02:46:18[ 552.529716] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5800000 action 0xe frozen t4 02:46:18[ 552.529718] ata2: irq_stat 0x00000040, connection status changed 02:46:18[ 552.529720] ata2: SError: { LinkSeq TrStaTrns DevExch } 02:46:18[ 552.529723] ata2: hard resetting link 02:46:19[ 553.280059] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:19[ 553.280068] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:19[ 553.284141] ata2.00: configured for UDMA/100 02:46:19[ 553.284150] ata2: EH complete 02:46:19[ 553.301629] ata1.00: configured for UDMA/33 02:46:19[ 553.301637] ata1: EH complete

    Read the article

  • Oracle JDK 7u10 released with new security features

    - by Henrik Stahl
    A few days ago, we released JRE and JDK 7 update 10. This release adds support for the following new platforms: Windows 8 on x86-64. Note that Modern UI (aka Metro) mode is not supported. Internet Explorer 10 on Windows 8. Mac OS X 10.8 (Mountain Lion) This release also introduces new features that provide enhanced security for Java applet and webstart applications, specifically: The Java runtime tracks if it is updated to the latest security baseline. If you try to execute an unsigned applet with an outdated version of Java, a warning dialog will prompt you to update before running the applet. The Java runtime includes a hardcoded best before date. It is assumed that a new version will be released before this date. If the client has not been able to check for an update prior to this date, the Java runtime will assume that it is insecure and start warning the user prior to executing any applets. The Java control panel now includes an option to set the desired security level on a low-medium-high-very high scale, as well as an option to disable Java applets and webstart entirely. This level controls things such as if the Java runtime is allowed to execute unsigned code, and if so what type of warning will be displayed to the user. More details on the security settings can be found in the documentation. See below for a sample screenshot. The new update of the JRE and the JDK are available via OTN. To learn more about the release please visit the release notes.

    Read the article

  • MacBook Pro Late 2009 SATA Resets, Slowness (Is my motherboard dying on both machines?)

    - by A Student at a University
    My MacBook Pro runs slower the longer it's on. I am getting kernel warnings. Some, but not all, resets correlate with AC power connects and disconnects. I don't think the warnings do. (How do I tell?) What are these errors? What causes them? Can this damage the drive or corrupt data? What is it seeing that motivates these? 02:37:16[ 0.791992] ahci 0000:00:0b.0: PCI INT A -> Link[LSI0] -> GSI 20 (level, low) -> IRQ 20 02:37:16[ 0.792047] ahci 0000:00:0b.0: irq 43 for MSI/MSI-X 02:37:16[ 0.792053] ahci 0000:00:0b.0: controller can't do PMP, turning off CAP_PMP 02:37:16[ 0.792104] ahci 0000:00:0b.0: AHCI 0001.0200 32 slots 6 ports 1.5 Gbps 0x3 impl IDE mode 02:37:16[ 0.792107] ahci 0000:00:0b.0: flags: 64bit ncq sntf pm led pio slum part boh 02:37:16[ 0.792111] ahci 0000:00:0b.0: setting latency timer to 64 02:37:16[ 0.813473] scsi0 : ahci 02:37:16[ 0.823340] scsi1 : ahci 02:37:16[ 0.848164] ata1: SATA max UDMA/133 abar m8192@0xe7484000 port 0xe7484100 irq 43 02:37:16[ 0.848166] ata2: SATA max UDMA/133 abar m8192@0xe7484000 port 0xe7484180 irq 43 02:37:16[ 1.190132] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 1.190153] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 1.213568] ata1.00: ATA-8: OCZ-VERTEX2, 1.23, max UDMA/133 02:37:16[ 1.213572] ata1.00: 195371568 sectors, multi 1: LBA48 NCQ (depth 31/32) 02:37:16[ 1.227293] ata2.00: ATA-8: ST9500420ASG, 0002SDM1, max UDMA/133 02:37:16[ 1.227297] ata2.00: 976773168 sectors, multi 16: LBA48 NCQ (depth 31/32) 02:37:16[ 1.229570] ata2.00: configured for UDMA/133 02:37:16[ 1.240120] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:37:16[ 1.240123] ata2: irq_stat 0x00000040, connection status changed 02:37:16[ 1.240127] ata2: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:37:16[ 1.240133] ata2: hard resetting link 02:37:16[ 1.260738] ata1.00: configured for UDMA/133 02:37:16[ 1.280111] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:37:16[ 1.280114] ata1: irq_stat 0x00000040, connection status changed 02:37:16[ 1.280118] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:37:16[ 1.280122] ata1: hard resetting link 02:37:16[ 1.990101] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 1.994215] ata2.00: configured for UDMA/133 02:37:16[ 1.994220] ata2: EH complete 02:37:16[ 2.030097] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:16[ 2.090773] ata1.00: configured for UDMA/133 02:37:16[ 2.090778] ata1: EH complete 02:37:16[ 2.090931] scsi 0:0:0:0: Direct-Access ATA OCZ-VERTEX2 1.23 PQ: 0 ANSI: 5 02:37:16[ 2.091045] sd 0:0:0:0: Attached scsi generic sg0 type 0 02:37:16[ 2.091121] sd 0:0:0:0: [sda] 195371568 512-byte logical blocks: (100 GB/93.1 GiB) 02:37:16[ 2.091159] scsi 1:0:0:0: Direct-Access ATA ST9500420ASG 0002 PQ: 0 ANSI: 5 02:37:16[ 2.091163] sd 0:0:0:0: [sda] Write Protect is off 02:37:16[ 2.091165] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 02:37:16[ 2.091183] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA 02:37:16[ 2.091252] sd 1:0:0:0: Attached scsi generic sg1 type 0 02:37:16[ 2.091446] sd 1:0:0:0: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB) 02:37:16[ 2.091580] sd 1:0:0:0: [sdb] Write Protect is off 02:37:16[ 2.091582] sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00 02:37:16[ 2.091637] sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA 02:37:16[ 2.093140] sd 0:0:0:0: [sda] Attached SCSI disk 02:37:16[ 2.093773] sd 1:0:0:0: [sdb] Attached SCSI disk 02:37:16[ 2.693899] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null) 02:37:16[ 5.483492] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro 02:37:16[ 7.905040] EXT4-fs (dm-2): mounted filesystem with ordered data mode. Opts: (null) 02:37:25[ 19.553095] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:37:25[ 19.555266] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:37:25[ 19.641532] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:37:25[ 19.641532] ata1: irq_stat 0x00000040, connection status changed 02:37:25[ 19.641532] ata1: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:37:25[ 19.641533] ata1: hard resetting link 02:37:25[ 19.642076] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:37:25[ 19.642078] ata2: irq_stat 0x00000040, connection status changed 02:37:25[ 19.642081] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:37:25[ 19.642084] ata2: hard resetting link 02:37:26[ 20.392606] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:26[ 20.392610] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:26[ 20.396697] ata2.00: configured for UDMA/133 02:37:26[ 20.396703] ata2: EH complete 02:37:26[ 20.451491] ata1.00: configured for UDMA/133 02:37:26[ 20.451498] ata1: EH complete 02:37:30[ 24.563725] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:37:30[ 24.565939] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:37:30[ 24.627236] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5900000 action 0xe frozen t4 02:37:30[ 24.627240] ata1: irq_stat 0x00000040, connection status changed 02:37:30[ 24.627242] ata1: SError: { Dispar LinkSeq TrStaTrns DevExch } 02:37:30[ 24.627246] ata1: hard resetting link 02:37:30[ 24.632241] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:37:30[ 24.632244] ata2: irq_stat 0x00000040, connection status changed 02:37:30[ 24.632247] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:37:30[ 24.632250] ata2: hard resetting link 02:37:31[ 25.372582] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:31[ 25.382615] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300) 02:37:31[ 25.386782] ata2.00: configured for UDMA/133 02:37:31[ 25.386788] ata2: EH complete 02:37:31[ 25.431668] ata1.00: configured for UDMA/133 02:37:31[ 25.431674] ata1: EH complete 02:45:54[ 529.141844] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=0 02:45:55[ 529.544529] EXT4-fs (dm-2): re-mounted. Opts: commit=0 02:45:55[ 529.622561] ata1: limiting SATA link speed to 1.5 Gbps 02:45:55[ 529.622568] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:45:55[ 529.622572] ata1: irq_stat 0x00400040, connection status changed 02:45:55[ 529.622576] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:45:55[ 529.622583] ata1: hard resetting link 02:45:55[ 529.622609] ata2: limiting SATA link speed to 1.5 Gbps 02:45:55[ 529.622613] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen 02:45:55[ 529.622616] ata2: irq_stat 0x00000040, connection status changed 02:45:55[ 529.622620] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:45:55[ 529.622624] ata2: hard resetting link 02:45:56[ 530.380135] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:56[ 530.380157] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:56[ 530.384305] ata2.00: configured for UDMA/133 02:45:56[ 530.384314] ata2: EH complete 02:45:56[ 530.399225] ata1.00: configured for UDMA/133 02:45:56[ 530.399233] ata1: EH complete 02:45:58[ 532.395990] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:45:58[ 532.518270] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:45:58[ 532.590968] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5840000 action 0xe frozen t4 02:45:58[ 532.590973] ata1: irq_stat 0x00000040, connection status changed 02:45:58[ 532.590977] ata1: SError: { CommWake LinkSeq TrStaTrns DevExch } 02:45:58[ 532.590983] ata1: hard resetting link 02:45:58[ 532.591034] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:45:58[ 532.591037] ata2: irq_stat 0x00000040, connection status changed 02:45:58[ 532.591041] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:45:58[ 532.591045] ata2: hard resetting link 02:45:59[ 533.340147] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:59[ 533.340168] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:45:59[ 533.344416] ata2.00: configured for UDMA/133 02:45:59[ 533.344424] ata2: EH complete 02:45:59[ 533.360839] ata1.00: configured for UDMA/133 02:45:59[ 533.360847] ata1: EH complete 02:45:59[ 533.584449] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=0 02:45:59[ 533.586999] EXT4-fs (dm-2): re-mounted. Opts: commit=0 02:45:59[ 533.660117] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen 02:45:59[ 533.660122] ata2: irq_stat 0x00000040, connection status changed 02:45:59[ 533.660126] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:45:59[ 533.660132] ata2: hard resetting link 02:45:59[ 533.660141] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:45:59[ 533.660143] ata1: irq_stat 0x00000040, connection status changed 02:45:59[ 533.660147] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:45:59[ 533.660151] ata1: hard resetting link 02:46:00[ 534.412536] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:00[ 534.412562] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:00[ 534.416768] ata2.00: configured for UDMA/133 02:46:00[ 534.416777] ata2: EH complete 02:46:00[ 534.431396] ata1.00: configured for UDMA/133 02:46:00[ 534.431401] ata1: EH complete 02:46:03[ 537.384649] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:46:03[ 537.504214] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:46:03[ 537.585992] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5900000 action 0xe frozen t4 02:46:03[ 537.585996] ata1: irq_stat 0x00000040, connection status changed 02:46:03[ 537.585999] ata1: SError: { Dispar LinkSeq TrStaTrns DevExch } 02:46:03[ 537.586002] ata1: hard resetting link 02:46:03[ 537.586028] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen t4 02:46:03[ 537.586030] ata2: irq_stat 0x00000040, connection status changed 02:46:03[ 537.586033] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:46:03[ 537.586036] ata2: hard resetting link 02:46:04[ 538.330147] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:04[ 538.330168] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:04[ 538.334389] ata2.00: configured for UDMA/133 02:46:04[ 538.334398] ata2: EH complete 02:46:04[ 538.343511] ata1.00: configured for UDMA/133 02:46:04[ 538.343519] ata1: EH complete 02:46:04[ 538.456413] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=0 02:46:04[ 538.459404] EXT4-fs (dm-2): re-mounted. Opts: commit=0 02:46:04[ 538.540138] ata1.00: limiting speed to UDMA/100:PIO4 02:46:04[ 538.540144] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5850000 action 0xe frozen 02:46:04[ 538.540148] ata1: irq_stat 0x00000040, connection status changed 02:46:04[ 538.540153] ata1: SError: { PHYRdyChg CommWake LinkSeq TrStaTrns DevExch } 02:46:04[ 538.540159] ata1: hard resetting link 02:46:04[ 538.540202] ata2.00: limiting speed to UDMA/100:PIO4 02:46:04[ 538.540207] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5950000 action 0xe frozen 02:46:04[ 538.540211] ata2: irq_stat 0x00000040, connection status changed 02:46:04[ 538.540215] ata2: SError: { PHYRdyChg CommWake Dispar LinkSeq TrStaTrns DevExch } 02:46:04[ 538.540220] ata2: hard resetting link 02:46:05[ 539.290054] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:05[ 539.290041] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:05[ 539.294100] ata2.00: configured for UDMA/100 02:46:05[ 539.294106] ata2: EH complete 02:46:05[ 539.314125] ata1.00: configured for UDMA/100 02:46:05[ 539.314132] ------------[ cut here ]------------ 02:46:05[ 539.314140] WARNING: at /build/buildd/linux-2.6.35/drivers/ata/libata-eh.c:3638 ata_eh_finish+0xdf/0xf0() 02:46:05[ 539.314144] Hardware name: MacBookPro5,3 02:46:05[ 539.314146] Modules linked in: michael_mic arc4 xt_multiport binfmt_misc rfcomm sco bnep l2cap parport_pc ppdev nvidia(P) ipt_REJECT xt_recent snd_hda_codec_cirrus xt_limit xt_tcpudp ipt_addrtype xt_state snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi applesmc led_class ip6table_filter lib80211_crypt_tkip snd_rawmidi snd_seq_midi_event ip6_tables input_polldev hid_apple snd_seq wl(P) snd_timer snd_seq_device snd joydev bcm5974 usbhid mbp_nvidia_bl uvcvideo btusb videodev v4l1_compat v4l2_compat_ioctl32 nf_nat_irc hid nf_conntrack_irc soundcore snd_page_alloc i2c_nforce2 coretemp lib80211 bluetooth nf_nat_ftp nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack_ftp nf_conntrack lp parport iptable_filter ip_tables x_tables usb_storage firewire_ohci firewire_core forcedeth crc_itu_t ahci libahci 02:46:05[ 539.314221] Pid: 202, comm: scsi_eh_0 Tainted: P 2.6.35-25-generic #44-Ubuntu 02:46:05[ 539.314224] Call Trace: 02:46:05[ 539.314233] [<ffffffff8106091f>] warn_slowpath_common+0x7f/0xc0 02:46:05[ 539.314237] [<ffffffff8106097a>] warn_slowpath_null+0x1a/0x20 02:46:05[ 539.314242] [<ffffffff813dc77f>] ata_eh_finish+0xdf/0xf0 02:46:05[ 539.314246] [<ffffffff813e441e>] sata_pmp_error_handler+0x2e/0x40 02:46:05[ 539.314256] [<ffffffffa00021bf>] ahci_error_handler+0x1f/0x90 [libahci] 02:46:05[ 539.314261] [<ffffffff813dd6d2>] ata_scsi_error+0x492/0x5e0 02:46:05[ 539.314266] [<ffffffff813b24cd>] scsi_error_handler+0x10d/0x190 02:46:05[ 539.314270] [<ffffffff813b23c0>] ? scsi_error_handler+0x0/0x190 02:46:05[ 539.314275] [<ffffffff8107f266>] kthread+0x96/0xa0 02:46:05[ 539.314280] [<ffffffff8100aee4>] kernel_thread_helper+0x4/0x10 02:46:05[ 539.314284] [<ffffffff8107f1d0>] ? kthread+0x0/0xa0 02:46:05[ 539.314288] [<ffffffff8100aee0>] ? kernel_thread_helper+0x0/0x10 02:46:05[ 539.314291] ---[ end trace 76dbffc2d5d49d9b ]--- 02:46:05[ 539.314296] ata1: EH complete 02:46:12[ 547.040091] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen 02:46:12[ 547.040098] ata1.00: failed command: IDENTIFY DEVICE 02:46:12[ 547.040106] ata1.00: cmd ec/00:00:00:00:00/00:00:00:00:00/40 tag 0 pio 512 in 02:46:12[ 547.040108] res 40/00:01:00:00:00/00:00:00:00:00/e0 Emask 0x4 (timeout) 02:46:12[ 547.040111] ata1.00: status: { DRDY } 02:46:12[ 547.040117] ata1: hard resetting link 02:46:13[ 547.390144] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:13[ 547.408430] ata1.00: configured for UDMA/100 02:46:13[ 547.408438] ------------[ cut here ]------------ 02:46:13[ 547.408447] WARNING: at /build/buildd/linux-2.6.35/drivers/ata/libata-eh.c:3638 ata_eh_finish+0xdf/0xf0() 02:46:13[ 547.408451] Hardware name: MacBookPro5,3 02:46:13[ 547.408453] Modules linked in: michael_mic arc4 xt_multiport binfmt_misc rfcomm sco bnep l2cap parport_pc ppdev nvidia(P) ipt_REJECT xt_recent snd_hda_codec_cirrus xt_limit xt_tcpudp ipt_addrtype xt_state snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi applesmc led_class ip6table_filter lib80211_crypt_tkip snd_rawmidi snd_seq_midi_event ip6_tables input_polldev hid_apple snd_seq wl(P) snd_timer snd_seq_device snd joydev bcm5974 usbhid mbp_nvidia_bl uvcvideo btusb videodev v4l1_compat v4l2_compat_ioctl32 nf_nat_irc hid nf_conntrack_irc soundcore snd_page_alloc i2c_nforce2 coretemp lib80211 bluetooth nf_nat_ftp nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack_ftp nf_conntrack lp parport iptable_filter ip_tables x_tables usb_storage firewire_ohci firewire_core forcedeth crc_itu_t ahci libahci 02:46:13[ 547.408528] Pid: 202, comm: scsi_eh_0 Tainted: P W 2.6.35-25-generic #44-Ubuntu 02:46:13[ 547.408531] Call Trace: 02:46:13[ 547.408540] [<ffffffff8106091f>] warn_slowpath_common+0x7f/0xc0 02:46:13[ 547.408544] [<ffffffff8106097a>] warn_slowpath_null+0x1a/0x20 02:46:13[ 547.408549] [<ffffffff813dc77f>] ata_eh_finish+0xdf/0xf0 02:46:13[ 547.408553] [<ffffffff813e441e>] sata_pmp_error_handler+0x2e/0x40 02:46:13[ 547.408563] [<ffffffffa00021bf>] ahci_error_handler+0x1f/0x90 [libahci] 02:46:13[ 547.408567] [<ffffffff813dd6d2>] ata_scsi_error+0x492/0x5e0 02:46:13[ 547.408572] [<ffffffff813b24cd>] scsi_error_handler+0x10d/0x190 02:46:13[ 547.408577] [<ffffffff813b23c0>] ? scsi_error_handler+0x0/0x190 02:46:13[ 547.408582] [<ffffffff8107f266>] kthread+0x96/0xa0 02:46:13[ 547.408587] [<ffffffff8100aee4>] kernel_thread_helper+0x4/0x10 02:46:13[ 547.408591] [<ffffffff8107f1d0>] ? kthread+0x0/0xa0 02:46:13[ 547.408595] [<ffffffff8100aee0>] ? kernel_thread_helper+0x0/0x10 02:46:13[ 547.408598] ---[ end trace 76dbffc2d5d49d9c ]--- 02:46:13[ 547.408620] ata1: EH complete 02:46:13[ 547.562470] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:46:13[ 547.671380] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:46:13[ 547.738198] ata1.00: limiting speed to UDMA/33:PIO4 02:46:13[ 547.738204] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5800000 action 0xe frozen t4 02:46:13[ 547.738208] ata1: irq_stat 0x00000040, connection status changed 02:46:13[ 547.738212] ata1: SError: { LinkSeq TrStaTrns DevExch } 02:46:13[ 547.738218] ata1: hard resetting link 02:46:13[ 547.738262] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5900000 action 0xe frozen t4 02:46:13[ 547.738265] ata2: irq_stat 0x00000040, connection status changed 02:46:13[ 547.738269] ata2: SError: { Dispar LinkSeq TrStaTrns DevExch } 02:46:13[ 547.738274] ata2: hard resetting link 02:46:14[ 548.482561] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:14[ 548.484083] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:14[ 548.486809] ata2.00: configured for UDMA/100 02:46:14[ 548.486818] ata2: EH complete 02:46:14[ 548.498998] ata1.00: configured for UDMA/33 02:46:14[ 548.499004] ata1: EH complete 02:46:18[ 552.410499] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro,commit=600 02:46:18[ 552.522521] EXT4-fs (dm-2): re-mounted. Opts: commit=600 02:46:18[ 552.529674] ata1: exception Emask 0x10 SAct 0x0 SErr 0x5800000 action 0xe frozen t4 02:46:18[ 552.529678] ata1: irq_stat 0x00000040, connection status changed 02:46:18[ 552.529680] ata1: SError: { LinkSeq TrStaTrns DevExch } 02:46:18[ 552.529684] ata1: hard resetting link 02:46:18[ 552.529716] ata2: exception Emask 0x10 SAct 0x0 SErr 0x5800000 action 0xe frozen t4 02:46:18[ 552.529718] ata2: irq_stat 0x00000040, connection status changed 02:46:18[ 552.529720] ata2: SError: { LinkSeq TrStaTrns DevExch } 02:46:18[ 552.529723] ata2: hard resetting link 02:46:19[ 553.280059] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:19[ 553.280068] ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 310) 02:46:19[ 553.284141] ata2.00: configured for UDMA/100 02:46:19[ 553.284150] ata2: EH complete 02:46:19[ 553.301629] ata1.00: configured for UDMA/33 02:46:19[ 553.301637] ata1: EH complete

    Read the article

  • Data Source Security Part 3

    - by Steve Felts
    In part one, I introduced the security features and talked about the default behavior.  In part two, I defined the two major approaches to security credentials: directly using database credentials and mapping WLS user credentials to database credentials.  Now it's time to get down to a couple of the security options (each of which can use database credentials or WLS credentials). Set Client Identifier on Connection When "Set Client Identifier" is enabled on the data source, a client property is associated with the connection.  The underlying SQL user remains unchanged for the life of the connection but the client value can change.  This information can be used for accounting, auditing, or debugging.  The client property is based on either the WebLogic user mapped to a database user using the credential map Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} or is the database user parameter directly from the getConnection() method, based on the “use database credentials” setting described earlier. To enable this feature, select “Set Client ID On Connection” in the Console.  See "Enable Set Client ID On Connection for a JDBC data source" http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/EnableCredentialMapping.html in Oracle WebLogic Server Administration Console Help. The Set Client Identifier feature is only available for use with the Oracle thin driver and the IBM DB2 driver, based on the following interfaces. For pre-Oracle 12c, oracle.jdbc.OracleConnection.setClientIdentifier(client) is used.  See http://docs.oracle.com/cd/B28359_01/network.111/b28531/authentication.htm#i1009003 for more information about how to use this for auditing and debugging.   You can get the value using getClientIdentifier()  from the driver.  To get back the value from the database as part of a SQL query, use a statement like the following. “select sys_context('USERENV','CLIENT_IDENTIFIER') from DUAL”. Starting in Oracle 12c, java.sql.Connection.setClientInfo(“OCSID.CLIENTID", client) is used.  This is a JDBC standard API, although the property values are proprietary.  A problem with setClientIdentifier usage is that there are pieces of the Oracle technology stack that set and depend on this value.  If application code also sets this value, it can cause problems. This has been addressed with setClientInfo by making use of this method a privileged operation. A well-managed container can restrict the Java security policy grants to specific namespaces and code bases, and protect the container from out-of-control user code. When running with the Java security manager, permission must be granted in the Java security policy file for permission "oracle.jdbc.OracleSQLPermission" "clientInfo.OCSID.CLIENTID"; Using the name “OCSID.CLIENTID" allows for upward compatible use of “select sys_context('USERENV','CLIENT_IDENTIFIER') from DUAL” or use the JDBC standard API java.sql.getClientInfo(“OCSID.CLIENTID") to retrieve the value. This value in the Oracle USERENV context can be used to drive the Oracle Virtual Private Database (VPD) feature to create security policies to control database access at the row and column level. Essentially, Oracle Virtual Private Database adds a dynamic WHERE clause to a SQL statement that is issued against the table, view, or synonym to which an Oracle Virtual Private Database security policy was applied.  See Using Oracle Virtual Private Database to Control Data Access http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm for more information about VPD.  Using this data source feature means that no programming is needed on the WLS side to set this context; it is set and cleared by the WLS data source code. For the IBM DB2 driver, com.ibm.db2.jcc.DB2Connection.setDB2ClientUser(client) is used for older releases (prior to version 9.5).  This specifies the current client user name for the connection. Note that the current client user name can change during a connection (unlike the user).  This value is also available in the CURRENT CLIENT_USERID special register.  You can select it using a statement like “select CURRENT CLIENT_USERID from SYSIBM.SYSTABLES”. When running the IBM DB2 driver with JDBC 4.0 (starting with version 9.5), java.sql.Connection.setClientInfo(“ClientUser”, client) is used.  You can retrieve the value using java.sql.Connection.getClientInfo(“ClientUser”) instead of the DB2 proprietary API (even if set setDB2ClientUser()).  Oracle Proxy Session Oracle proxy authentication allows one JDBC connection to act as a proxy for multiple (serial) light-weight user connections to an Oracle database with the thin driver.  You can configure a WebLogic data source to allow a client to connect to a database through an application server as a proxy user. The client authenticates with the application server and the application server authenticates with the Oracle database. This allows the client's user name to be maintained on the connection with the database. Use the following steps to configure proxy authentication on a connection to an Oracle database. 1. If you have not yet done so, create the necessary database users. 2. On the Oracle database, provide CONNECT THROUGH privileges. For example: SQL> ALTER USER connectionuser GRANT CONNECT THROUGH dbuser; where “connectionuser” is the name of the application user to be authenticated and “dbuser” is an Oracle database user. 3. Create a generic or GridLink data source and set the user to the value of dbuser. 4a. To use WLS credentials, create an entry in the credential map that maps the value of wlsuser to the value of dbuser, as described earlier.   4b. To use database credentials, enable “Use Database Credentials”, as described earlier. 5. Enable Oracle Proxy Authentication, see "Configure Oracle parameters" in Oracle WebLogic Server Administration Console Help. 6. Log on to a WebLogic Server instance using the value of wlsuser or dbuser. 6. Get a connection using getConnection(username, password).  The credentials are based on either the WebLogic user that is mapped to a database user or the database user directly, based on the “use database credentials” setting.  You can see the current user and proxy user by executing: “select user, sys_context('USERENV','PROXY_USER') from DUAL". Note: getConnection fails if “Use Database Credentials” is not enabled and the value of the user/password is not valid for a WebLogic Server user.  Conversely, it fails if “Use Database Credentials” is enabled and the value of the user/password is not valid for a database user. A proxy session is opened on the connection based on the user each time a connection request is made on the pool. The proxy session is closed when the connection is returned to the pool.  Opening or closing a proxy session has the following impact on JDBC objects. - Closes any existing statements (including result sets) from the original connection. - Clears the WebLogic Server statement cache. - Clears the client identifier, if set. -The WebLogic Server test statement for a connection is recreated for every proxy session. These behaviors may impact applications that share a connection across instances and expect some state to be associated with the connection. Oracle proxy session is also implicitly enabled when use-database-credentials is enabled and getConnection(user, password) is called,starting in WLS Release 10.3.6.  Remember that this only works when using the Oracle thin driver. To summarize, the definition of oracle-proxy-session is as follows. - If proxy authentication is enabled and identity based pooling is also enabled, it is an error. - If a user is specified on getConnection() and identity-based-connection-pooling-enabled is false, then oracle-proxy-session is treated as true implicitly (it can also be explicitly true). - If a user is specified on getConnection() and identity-based-connection-pooling-enabled is true, then oracle-proxy-session is treated as false.

    Read the article

  • How to configure a WCF service to only accept a single client identified by a x509 certificate

    - by Johan Levin
    I have a WCF client/service app that relies on secure communication between two machines and I want to use use x509 certificates installed in the certificate store to identify the server and client to each other. I do this by configuring the binding as <security authenticationMode="MutualCertificate"/>. There is only client machine. The server has a certificate issued to server.mydomain.com installed in the Local Computer/Personal store and the client has a certificate issued to client.mydomain.com installed in the same place. In addition to this the server has the client's public certificate in Local Computer/Trusted People and the client has the server's public certificate in Local Computer/Trusted People. Finally the client has been configured to check the server's certificate. I did this using the system.servicemodel/behaviors/endpointBehaviors/clientCredentials/serviceCertificate/defaultCertificate element in the config file. So far so good, this all works. My problem is that I want to specify in the server's config file that only clients that identify themselves with the client.mydomain.com certificate from the Trusted People certificate store are allowed to connect. The correct information is available on the server using the ServiceSecurityContext, but I am looking for a way to specify in app.config that WCF should do this check instead of my having to check the security context from code. Is that possible? Any hints would be appreciated. By the way, my server's config file looks like this so far: <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service name="MyServer.Server" behaviorConfiguration="CertificateBehavior"> <endpoint contract="Contracts.IMyService" binding="customBinding" bindingConfiguration="SecureConfig"> </endpoint> <host> <baseAddresses> <add baseAddress="http://localhost/SecureWcf"/> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="CertificateBehavior"> <serviceCredentials> <serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="server.mydomain.com"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <customBinding> <binding name="SecureConfig"> <security authenticationMode="MutualCertificate"/> <httpTransport/> </binding> </customBinding> </bindings> </system.serviceModel> </configuration>

    Read the article

  • Cannot import resource > "app/config/security.yml" from "/app/config/config.yml"

    - by tirengarfio
    Im getting this error: FileLoaderLoadException: Cannot import resource "app/config/security.yml" from "/app/config/config.yml". The file security.yml is on the right path. This is my security.yml file: jms_sapp/confiapp/config/security.yml secure_all_services: false exprapp/confiapp/config/security.yml security: encoders: Symfony\Component\Security\Core\User\User: plaintext role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: in_memory: memory: users: user: { password: userpass, roles: [ 'ROLE_USER' ] } admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/demo/secured/login$ security: false secured_area: pattern: ^/demo/secured/ form_login: check_path: /demo/secured/login_check login_path: /demo/secured/login logout: path: /demo/secured/logout target: /demo/ #anonymous: ~ #http_basic: # realm: "Secured Demo Area" access_control: #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } #- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }

    Read the article

  • WCF security when it is used with sync services

    - by malik
    I am using following architecture for sync process. http://www.codeproject.com/KB/smart/sync_services.aspx And for server i use WCF service, can anybody guide me how can i secure my wcf service without using certificate that is hosted on IIS. Can i get a way to pass credential or some token to authenticate? I need to authenticate and encrypt the communication, when syncagent call synchronise method.

    Read the article

  • firefox addon security question

    - by rep_movsd
    I'm writing a firefox extension that logs some data and displays the result on a webpage... The webpage fires an event that the extension listens for and the extension can then add data to the page and fire an event back to the page to make it update itself. How do I ensure that the extension always sends data only to my page and not some other? Thanks V

    Read the article

  • Server Security

    - by mahatmanich
    I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server. What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ... This is what I have so far: iptables (for gen. packet filtering) fail2ban (brute force attack defense) ssh (chang default, port disable root access) modsecurity - is really clumsy and a pain (any alternative here?) ?Sudo why should I use it? what is the advantage to normal user handling thinking about greensql for mysql www.greensql.net is tripwire worth looking at? snort? What am I missing? What is hot and what is not? Best practices? I like "KISS" - Keep it simple secure, I know it would be nice! Thanks in advance ...

    Read the article

  • Salt, passwords and security

    - by Jonathan
    I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand. You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't someone gain access to the database, look for says the account called Admin or whatever and then work out the password from that?

    Read the article

  • .net 4.0 with Code Access Security NetFx40_LegacySecurityPolicy won't work

    - by user210903
    Hi- I'm trying to use an external library DevExpress.XtraTreeList.v8.1.dll in my vsto office addin built using VS2010 beta 2. I am getting the following compile time error: DevExpress.Utils.AppareanceObject threw an exception -- System.NotSupportedException. The error message goes on to say that for compatibility reasons I can use the NetFx40_LegacySecurityPolicy switch. I've tried putting this config variable in all of the following locations: 1) my applications config file. 2) C:\Windows\Microsoft.NET\Framework\v4.0.21006\msbuild.exe.config 3) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\dev.exe.config None of these have resolved the problem. Here were the references I've used. re-enable cas msdn.microsoft.com/en-us/library/ee191568(VS.100).aspx How do I get rid of this error so I can build the application in vs 2010?

    Read the article

  • Spring Security 3.0 and Active Directory LDAP: DOMAIN\user login

    - by Bernd Haug
    I would like to have users authenticate against an ActiveDirectory LDAP server using the DOMAIN\user.name syntax. I think that should be possible with SpringSec 3.0 since the docs mention an "alternative syntax" which I guess refers to the DOM\user syntax instead of a bind DN, but the docs don't elaborate further. Is there some way to configure Spring Sec 3 LDAP to use "the MS way" or do I have to write my own Authenticator implementation (against e.g. the java.naming.directory package, which I've tested to be able to use the MS syntax as its SECURITY_PRINCIPAL)?

    Read the article

  • PageMethods security

    - by TenaciousImpy
    Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

    Read the article

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >