Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

Page 38/1238 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • How can you become a competent web application security expert without breaking the law?

    - by hal10001
    I find this to be equivalent to undercover police officers who join a gang, do drugs and break the law as a last resort in order to enforce it. To be a competent security expert, I feel hacking has to be a constant hands-on effort. Yet, that requires finding exploits, testing them on live applications, and being able to demonstrate those exploits with confidence. For those that consider themselves "experts" in Web application security, what did you do to learn the art without actually breaking the law? Or, is this the gray area that nobody likes to talk about because you have to bend the law to its limits?

    Read the article

  • How do I get security updates for restricted/partner packages?

    - by laramichaels
    I want to perform just security updates on Ubuntu 12.04 LTS, keeping the rest of the system unchanged. I need to do this from the command line, no the GUI update manager. I have implemented the solution described here, which seems to work great for this purpose. I merely substituted 'precise' for 'lucid' given that I am on 12.04. My question is: by using apt pinning as described in that answer, will I still receive security updates for packages distributed through the "other" repositories - partner, restricted, multiverse, etc? Or will it only get me updates for the packages in the "core" distribution? thanks! ~l

    Read the article

  • Are there commercially deployed and used .NET CAS (Code Access Security) based applications?

    - by Dinis Cruz
    I've seen a couple threads here on SO that ask about what CAS is and how to use it.My specific is specifically focused on real-world usages of CAS. For example: DotNetNuke did some efforts in the past to be able to run under Medium Trust: is that still true? what is the % of DNN that run in partial trust (i.e. not full trust)? what & of DNN modules run in partial trust?) Sharepoint defaults to a Partially-Trusted environment on dlls executed from the bin folder: How many 'commercially' available WebParts can run in this bin folder (without changing the policy)? The key here is to be able to point to CAS success stories, so that other companies feel that they should also invest in writing CAS-enabled apps

    Read the article

  • Are all "Important security updates", updates to already installed packages?

    - by Omnicomment
    I'm running 12.04, and I've never downloaded any drivers for the installation of any peripheral devices. Yet, I noticed a fair few "Important security updates" involving drivers/utilities for HP devices/software. I understand if the default installation of Ubuntu came with a set of drivers for these devices - and the update manager, having noticed that they live on my system, went and found newer versions, but still - given I don't use any devices - I'm either forced to download an irrelevant update, sift through the updates to check applicability, or turn off Update Manager altogether: none of which are desirable. First; the obvious - can someone confirm that the list of "Important security updates" on the server that Update manager connects to, is not actually populated with every patch ever written (i.e. for all Ubuntu packages regardless of whether they're installed or not)? Unlikely, but..

    Read the article

  • Which Project Management Software is adequate for Software & Non-Software Projects?

    - by cusack
    PMS = (Project Management Software) I used trac for software development some time ago. Right now I'm searching for a new more powerful (scheduling, gantt charts, ...) free solution (as in free beer ;-) and free to install on my server) for my current software project. Besides the current software project, abstract project management features like issue-tracking & scheduling would be great for coordinating a group of volunteers for real-life projects as well. I would want one solution for both purposes, so that I have the hassle of installation, getting used to the system and administration only once. So I tried redmine but the problem is it seems to be designed for software projects only. I can't suggest such a solution for the volunteer-group if tickets/issues would have to be of type bug, feature, ... I shortlisted the following six PMS from the wikipedia comparison http://en.wikipedia.org/wiki/List_of_project_management_software Project.net Project-Open Redmine Trac Endeavour Software Project Management eGroupWare I guess they are all more or less fine for software development but would you consider any of these to be good for the non-software project as well? Cliff Notes: I would want a start page situation like in trac. The start-page is a wiki presenting the project and not the PMS. But you can log into the PMS from there. Feature-wish list: wiki, Issue tracking, revision control, scheduling & gantt charts, forums (least important) (Btw: I'm very aware that I can't expect everything to be perfect ;-) 1.)Do you know a suitable solution for software and real-life projects or a highly customizable PMS where I can easily remove sth. like "browse source"(trac) and rename things like ticket/issue-types "bug", "feature"? 2.)Any experience good/bad with the above mentioned six PMS? I would personally guess that "Redmine" and "Endeavour Software Project Management" are too focused on software projects.

    Read the article

  • What's the best project management software for internal dev. 5 man shop

    - by P.Brian.Mackey
    I work for a large corporation, but we do small intranet web application development. Our project management tracking sucks. Its custom software built by a jr. intern. For what its worth, our development style is akin to agile, but there's nothing set in stone...very customer oriented approach. I need project tracking that meets the criteria: Intranet, internal products. Mostly maintenance, some new development. 5 developers 12 products 1 hands-off manager. He really just wants to know estimated man hours, due date for dev, QA and release. Along with a short description of the project. Free or super cheap. Bonus Simple pretty UI. Think pretty charts. Hope I covered everything. Please ask for any clarification. If you read dreaming in code, the company uses some project tracking software that sounds pretty sweet. Note, we do have Team Foundation Server. I already tried pushing its use as PM tracking, but its too complicated. I can't get people to sit and train. So this software has to be easy.

    Read the article

  • Is it possible to set a VPN through Tor? and have functionality for Software Updates?

    - by moazhmi
    Gday, I have been trying to do a software update on Trusty both on terminal and software update app but that hasnt been successful, apparently my ISP has a broken transparent proxy. moazhmi@moazhmi-K52F:~$ wget -S http://extras.ubuntu.com/ubuntu/dists/trusty/InRelease --2014-06-04 17:34:52-- http://extras.ubuntu.com/ubuntu/dists/trusty/InRelease Resolving extras.ubuntu.com (extras.ubuntu.com)... 91.189.92.152 Connecting to extras.ubuntu.com (extras.ubuntu.com)|91.189.92.152|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Content-Length: 213 Date: Wed, 04 Jun 2014 14:34:52 GMT Server: Apache/2.2.22 (Ubuntu) Connection: Keep-Alive Vary: Accept-Encoding Length: 213 [text/html] Saving to: ‘InRelease’ 100%[======================================>] 213 --.-K/s in 0s 2014-06-04 17:34:52 (22.1 MB/s) - ‘InRelease’ saved [213/213] I was advised to refer back to the ISP with a complaint but that has returned with peanuts. My Question is - Is it possible to set a VPN through TOR , i.e whereas I can run software updates through terminals or the app . the browsing is out of question here as I need to update which I am not able to do / only on 12.04.

    Read the article

  • Which skills would you expect and appreciate in a Junior Software Engineer??

    - by Bartzilla
    Hi StackOverflow community! I would like to receive some advices from all of you. I know in here there are superb programmers, with outstanding careers, people working for amazing and important companies in the industry so I am very excited to read the replies I could get. I recently finished my Msc.in Software Engineering, and I am about to start my professional career in two weeks. My role will be as a Junior Developer for a company which develops e-commerce software using Java & related technologies (among them Spring, Hibernate). To be honest I am really excited about what is coming specially because I really want to develop my career as a Java developer plus I am also very interested in gaining experience in the e-commerce field. Additionally, this is going to be my first work experience as a professional developer so I really want to do my best from the very beginning. I know many of you probably have manager roles or are team leaders, so basically I would like to know which skills and abilities would you judge and appreciate in a new professional (Junior Developer) that could be part of your team(Soft and Technical Skills) and in which skills I should focus on to achieve a successful career as a Software Engineer. Of course there are many things everybody should expect like good technical knowledge of the technologies you are going to use and so on.. But, I would like to hear your opinions, I will really appreciate advises from experienced developers and hear different perspectives other than mines.. Thanks in advance!

    Read the article

  • Will people respect a Masters of Science in IT w/software engineering concentration from RPI?

    - by twneale
    Here's my thing: I got my undergraduate degree in political science, then a law degree. Then I figured out that I love programming and I'm pretty good at it too. It's fun and rewarding enough for me that I'd prefer to do it for a living over almost any form of pure law practice. So I'm looking at getting a masters degree to put some weight behind a possible career switch. If I actually want to develop software (web, in particular), would people in programming circles respect a master's of science in IT? Specifically, consider as an example the MS in IT from Rensselaer Polytechnic Institute (with a concentration in software engineering). Here's the home page: http://www.rpi.edu/IT/graduate/masters_program.html In particular, I mean to draw a contrast between IT as specifically contemplated by the RPI masters program (an interdisciplinary tech/business program) and other MS degrees in computer science or software engineering that focus more on the science and technical aspects. I guess I want to make sure that other programmers would respect my credentials and not consider me as different or underqualified based on the connotations of the phrase "IT". I believe RPI has an unimpeachable reputation for hard science, and the program seems excellent, but it still matters to me how people in industry would perceive it.

    Read the article

  • How to learn what the industry standards/expectations are, particularly with security?

    - by Aerovistae
    For instance, I was making my first mobile web-application about a year ago, and half-way through, someone pointed me to jQuery Mobile. Obviously this induced a total revolution in my app. Rewrote everything. Now, if you're in the field long enough, maybe that seems like common knowledge, but I was totally new to it. But this set me wondering: there are so many libraries and extensions and frameworks. This seems particularly crucial in the category of security. I'm afraid I'm going to find myself doing something in a professional setting eventually (I'm still a student) and someone's going to walk over and be like, My god, you're trying to secure user data that way? Don't you know about the Gordon-Wokker crypto-magic-hash-algorithms library? Without it you may as well go plaintext. How do you know what the best ways are to maximize security? Especially if you're trying to develop something on your own...

    Read the article

  • What is the career path for a software developer/ programmer? [closed]

    - by Lo Wai Lun
    I've been working as a programmer for a few months and I often study CCNA , CISSP for future. Besides simple coding I was working on specs, designing applications, and all those around-like things. My question is, I want to be a information / system security specialist. what's the career path I should be aiming for? Is it like working on code for the rest of my life? :) Restart my career from the network engineer ? Or do programmers make a good manager-position people ? I know it's very subjective. Thing is, lately I find myself much more into the designing/working on specs part of the development project then the coding itself. How do you see it? Would you like to go from development to information security? Would you like to work on a project with a manager that used to be a coder?

    Read the article

  • How to justify rewriting/revamping legacy software in a business case?

    - by sxthomson
    I work for a great little software company which makes good revenue from our main software package. The problem for me is that it's almost unmaintainable. It's written in Delphi 7 (has upgraded versions over time) and has been worked on by a lot of developers over the past 20 or so years. The software lacks any meaningful architecture - there's no object orientation whatsoever, horrible amounts of cyclical dependencies and an over-reliance on global variables to name just a few things. Another huge thing for me is Delphi 7 does NOT support 64-bit. The problem here for me is that my management team don't care about technical things, they want to know why they should care. Obviously that's expected, so what I'm asking here is for some guidance, or tales, or pitfalls about this kind of thing. There's a few things I would love to include, namely for me, the length of time taken to debug/write a feature in "legacy" code, versus coherent, well structured OO code. Does anyone know of any blog posts or the like where this is talked about? For us in the company this is a huge reason. Despite being decent developers we feel like writing a new feature is just piling more rubbish on top. On top of that, even for me who has a decent level of understanding of the code, changing things is infuriating - a small change can have a ridiculous domino effect. Anyone have any experiences they'd like to share?

    Read the article

  • Would security be comprimised if I install a gui (e.g. zPanel) for LAMP?

    - by Kirk
    I am an Ubuntu/Linux noob. There are many questions I have regarding the use of my system as a server. First and foremost is security. I want to install a simple GUI (zPanel appears the most user friendly) that will allow others to log into the server and database with ease, similar to a hosting service, though my intent is for the development of one site. Upon looking at the instructions of numerous GUI's, they require installation as root. This makes me uneasy, as my thoughts spiral to the possibilities of the developers creating the elusive 'back-door', thereby giving them root access to my entire system. Am I just being paranoid or is that theoretically possible? If it is possible, what steps are necessary to ensure security?

    Read the article

  • What are the security implications of running untrusted code on my server?

    - by rahmu
    I would like to set up an app that allows users to send their code and execute it on my server. The thought of running untrusted code makes me cringe, so I am trying to set up an exhaustive list of security threats that should be addressed. I am assuming I should strip down certain features of the language executed, like file access or (maybe) networking. I also come across terms like sandboxing or chroot. I know what they mean, but how should I actually use them? In short: What security threats should I address before allowing users to run their code on my machine, and how do I do it?

    Read the article

  • Can't connect to SSL web service with WS-Security using PHP SOAP extension - certificate, complex WSDL

    - by BillF
    Using the PHP5 SOAP extension I have been unable to connect to a web service having an https endpoint, with client certificate and using WS-Security, although I can connect using soapUI with the exact same wsdl and client certificate, and obtain the normal response to the request. There is no HTTP authentication and no proxy is involved. The message I get is 'Could not connect to host'. Have been able to verify that I am NOT hitting the host server. (Earlier I wrongly said that I was hitting the server.) The self-signed client SSL certificate is a .pem file converted by openssl from a .p12 keystore which in turn was converted by keytool from a .jks keystore having a single entry consisting of private key and client certificate. In soapUI I did not need to supply a server private certificate, the only two files I gave it were the wdsl and pem. I did have to supply the pem and its passphrase to be able to connect. I am speculating that despite the error message my problem might actually be in the formation of the XML request rather than the SSL connection itself. The wsdl I have been given has nested complex types. The php server is on my Windows XP laptop with IIS. The code, data values and WSDL extracts are shown below. (The WSSoapClient class simply extends SoapClient, adding a WS-Security Username Token header with mustUnderstand = true and including a nonce, both of which the soapUI call had required.) Would so much appreciate any help. I'm a newbie thrown in at the deep end, and how! Have done vast amounts of Googling on this over many days, following many suggestions and have read Pro PHP by Kevin McArthur. An attempt to use classmaps in place of nested arrays also fell flat. The Code class STEeService { public function invokeWebService(array $connection, $operation, array $request) { try { $localCertificateFilespec = $connection['localCertificateFilespec']; $localCertificatePassphrase = $connection['localCertificatePassphrase']; $sslOptions = array( 'ssl' => array( 'local_cert' => $localCertificateFilespec, 'passphrase' => $localCertificatePassphrase, 'allow_self-signed' => true, 'verify_peer' => false ) ); $sslContext = stream_context_create($sslOptions); $clientArguments = array( 'stream_context' => $sslContext, 'local_cert' => $localCertificateFilespec, 'passphrase' => $localCertificatePassphrase, 'trace' => true, 'exceptions' => true, 'encoding' => 'UTF-8', 'soap_version' => SOAP_1_1 ); $oClient = new WSSoapClient($connection['wsdlFilespec'], $clientArguments); $oClient->__setUsernameToken($connection['username'], $connection['password']); return $oClient->__soapCall($operation, $request); } catch (exception $e) { throw new Exception("Exception in eServices " . $operation . " ," . $e->getMessage(), "\n"); } } } $connection is as follows: array(5) { ["username"]=> string(8) "DFU00050" ["password"]=> string(10) "Fabricate1" ["wsdlFilespec"]=> string (63) "c:/inetpub/wwwroot/DMZExternalService_Concrete_WSDL_Staging.xml" ["localCertificateFilespec"]=> string(37) "c:/inetpub/wwwroot/ClientKeystore.pem" ["localCertificatePassphrase"]=> string(14) "password123456" } $clientArguments is as follows: array(7) { ["stream_context"]=> resource(8) of type (stream-context) ["local_cert"]=> string(37) "c:/inetpub/wwwroot/ClientKeystore.pem" ["passphrase"]=> string(14) "password123456" ["trace"]=> bool(true) ["exceptions"]=> bool(true) ["encoding"]=> string(5) "UTF-8" ["soap_version"]=> int(1) } $operation is as follows: 'getConsignmentDetails' $request is as follows: array(1) { [0]=> array(2) { ["header"]=> array(2) { ["source"]=> string(9) "customerA" ["accountNo"]=> string(8) "10072906" } ["consignmentId"]=> string(11) "GKQ00000085" } } Note how there is an extra level of nesting, an array wrapping the request which is itself an array. This was suggested in a post although I don't see the reason, but it seems to help avoid other exceptions. The exception thrown by ___soapCall is as follows: object(SoapFault)#6 (9) { ["message":protected]=> string(25) "Could not connect to host" ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(43) "C:\Inetpub\wwwroot\eServices\WSSecurity.php" ["line":protected]=> int(85) ["trace":"Exception":private]=> array(5) { [0]=> array(6) { ["file"]=> string(43) "C:\Inetpub\wwwroot\eServices\WSSecurity.php" ["line"]=> int(85) ["function"]=> string(11) "__doRequest" ["class"]=> string(10) "SoapClient" ["type"]=> string(2) "->" ["args"]=> array(4) { [0]=> string(1240) " DFU00050 Fabricate1 E0ByMUA= 2010-10-28T13:13:52Z customerA10072906GKQ00000085 " [1]=> string(127) "https://services.startrackexpress.com.au:7560/DMZExternalService/InterfaceServices/ExternalOps.serviceagent/OperationsEndpoint1" [2]=> string(104) "/DMZExternalService/InterfaceServices/ExternalOps.serviceagent/OperationsEndpoint1/getConsignmentDetails" [3]=> int(1) } } [1]=> array(4) { ["function"]=> string(11) "__doRequest" ["class"]=> string(39) "startrackexpress\eservices\WSSoapClient" ["type"]=> string(2) "->" ["args"]=> array(5) { [0]=> string(1240) " DFU00050 Fabricate1 E0ByMUA= 2010-10-28T13:13:52Z customerA10072906GKQ00000085 " [1]=> string(127) "https://services.startrackexpress.com.au:7560/DMZExternalService/InterfaceServices/ExternalOps.serviceagent/OperationsEndpoint1" [2]=> string(104) "/DMZExternalService/InterfaceServices/ExternalOps.serviceagent/OperationsEndpoint1/getConsignmentDetails" [3]=> int(1) [4]=> int(0) } } [2]=> array(6) { ["file"]=> string(43) "C:\Inetpub\wwwroot\eServices\WSSecurity.php" ["line"]=> int(70) ["function"]=> string(10) "__soapCall" ["class"]=> string(10) "SoapClient" ["type"]=> string(2) "->" ["args"]=> array(4) { [0]=> string(21) "getConsignmentDetails" [1]=> array(1) { [0]=> array(2) { ["header"]=> array(2) { ["source"]=> string(9) "customerA" ["accountNo"]=> string(8) "10072906" } ["consignmentId"]=> string(11) "GKQ00000085" } } [2]=> NULL [3]=> object(SoapHeader)#5 (4) { ["namespace"]=> string(81) "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ["name"]=> string(8) "Security" ["data"]=> object(SoapVar)#4 (2) { ["enc_type"]=> int(147) ["enc_value"]=> string(594) " DFU00050 Fabricate1 E0ByMUA= 2010-10-28T13:13:52Z " } ["mustUnderstand"]=> bool(true) } } } [3]=> array(6) { ["file"]=> string(42) "C:\Inetpub\wwwroot\eServices\eServices.php" ["line"]=> int(87) ["function"]=> string(10) "__soapCall" ["class"]=> string(39) "startrackexpress\eservices\WSSoapClient" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> string(21) "getConsignmentDetails" [1]=> array(1) { [0]=> array(2) { ["header"]=> array(2) { ["source"]=> string(9) "customerA" ["accountNo"]=> string(8) "10072906" } ["consignmentId"]=> string(11) "GKQ00000085" } } } } [4]=> array(6) { ["file"]=> string(58) "C:\Inetpub\wwwroot\eServices\EnquireConsignmentDetails.php" ["line"]=> int(44) ["function"]=> string(16) "invokeWebService" ["class"]=> string(38) "startrackexpress\eservices\STEeService" ["type"]=> string(2) "->" ["args"]=> array(3) { [0]=> array(5) { ["username"]=> string(10) "DFU00050 " ["password"]=> string(12) "Fabricate1 " ["wsdlFilespec"]=> string(63) "c:/inetpub/wwwroot/DMZExternalService_Concrete_WSDL_Staging.xml" ["localCertificateFilespec"]=> string(37) "c:/inetpub/wwwroot/ClientKeystore.pem" ["localCertificatePassphrase"]=> string(14) "password123456" } [1]=> string(21) "getConsignmentDetails" [2]=> array(1) { [0]=> array(2) { ["header"]=> array(2) { ["source"]=> string(9) "customerA" ["accountNo"]=> string(8) "10072906" } ["consignmentId"]=> string(11) "GKQ00000085" } } } } } ["previous":"Exception":private]=> NULL ["faultstring"]=> string(25) "Could not connect to host" ["faultcode"]=> string(4) "HTTP" } Here are some WSDL extracts (TIBCO BusinessWorks): <xsd:complexType name="TransactionHeaderType"> <xsd:sequence> <xsd:element name="source" type="xsd:string"/> <xsd:element name="accountNo" type="xsd:integer"/> <xsd:element name="userId" type="xsd:string" minOccurs="0"/> <xsd:element name="transactionId" type="xsd:string" minOccurs="0"/> <xsd:element name="transactionDatetime" type="xsd:dateTime" minOccurs="0"/> </xsd:sequence> </xsd:complexType> <xsd:element name="getConsignmentDetailRequest"> <xsd:complexType> <xsd:sequence> <xsd:element name="header" type="prim:TransactionHeaderType"/> <xsd:element name="consignmentId" type="prim:ID" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> </xsd:element> <xsd:element name="getConsignmentDetailResponse"> <xsd:complexType> <xsd:sequence> <xsd:element name="consignment" type="freight:consignmentType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> </xsd:element> <xsd:element name="getConsignmentDetailRequest"> <xsd:complexType> <xsd:sequence> <xsd:element name="header" type="prim:TransactionHeaderType"/> <xsd:element name="consignmentId" type="prim:ID" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> </xsd:element> <xsd:element name="getConsignmentDetailResponse"> <xsd:complexType> <xsd:sequence> <xsd:element name="consignment" type="freight:consignmentType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> </xsd:element> <wsdl:operation name="getConsignmentDetails"> <wsdl:input message="tns:getConsignmentDetailsRequest"/> <wsdl:output message="tns:getConsignmentDetailsResponse"/> <wsdl:fault name="fault1" message="tns:fault"/> </wsdl:operation> <wsdl:service name="ExternalOps"> <wsdl:port name="OperationsEndpoint1" binding="tns:OperationsEndpoint1Binding"> <soap:address location="https://services.startrackexpress.com.au:7560/DMZExternalService/InterfaceServices/ExternalOps.serviceagent/OperationsEndpoint1"/> </wsdl:port> </wsdl:service> And here in case it's relevant is the WSSoapClient class: <?PHP namespace startrackexpress\eservices; use SoapClient, SoapVar, SoapHeader; class WSSoapClient extends SoapClient { private $username; private $password; /*Generates a WS-Security header*/ private function wssecurity_header() { $timestamp = gmdate('Y-m-d\TH:i:s\Z'); $nonce = mt_rand(); $passdigest = base64_encode(pack('H*', sha1(pack('H*', $nonce).pack('a*', $timestamp).pack('a*', $this->password)))); $auth = ' <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>' . $this->username . '</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">' . $this->password . '</wsse:Password> <wsse:Nonce>' . base64_encode(pack('H*', $nonce)).'</wsse:Nonce> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">' . $timestamp . '</wsu:Created> </wsse:UsernameToken> </wsse:Security> '; $authvalues = new SoapVar($auth, XSD_ANYXML); $header = new SoapHeader("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security",$authvalues, true); return $header; } // Sets a username and passphrase public function __setUsernameToken($username,$password) { $this->username=$username; $this->password=$password; } // Overwrites the original method, adding the security header public function __soapCall($function_name, $arguments, $options=null, $input_headers=null, $output_headers=null) { try { $result = parent::__soapCall($function_name, $arguments, $options, $this->wssecurity_header()); return $result; } catch (exception $e) { throw new Exception("Exception in __soapCall, " . $e->getMessage(), "\n"); } } } ?> Update: The request XML would have been as follows: <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://startrackexpress/Common/Primitives/v1" xmlns:ns2="http://startrackexpress/Common/actions/externals/Consignment/v1" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>DFU00050</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Fabricate1</wsse:Password> <wsse:Nonce>M4FIeGA=</wsse:Nonce> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-10-29T14:05:27Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body><ns2:getConsignmentDetailRequest> <ns2:header><ns1:source>customerA</ns1:source><ns1:accountNo>10072906</ns1:accountNo></ns2:header> <ns2:consignmentId>GKQ00000085</ns2:consignmentId> </ns2:getConsignmentDetailRequest></SOAP-ENV:Body> </SOAP-ENV:Envelope> This was obtained with the following code in WSSoapClient: public function __doRequest($request, $location, $action, $version) { echo "<p> " . htmlspecialchars($request) . " </p>" ; return parent::__doRequest($request, $location, $action, $version); }

    Read the article

  • Is it worth hiring a hacker to perform some penetration testing on my servers ?

    - by Brann
    I'm working in a small IT company with paranoid clients, so security has always been an important consideration to us ; In the past, we've already mandated two penetration testing from independent companies specialized in this area (Dionach and GSS). We've also ran some automated penetration tests using Nessus. Those two auditors were given a lot of insider information, and found almost nothing* ... While it feels comfortable to think our system is perfectly sure (and it was surely comfortable to show those reports to our clients when they performed their due diligence work), I've got a hard time believing that we've achieved a perfectly sure system, especially considering that we have no security specialist in our company (Security has always been a concern, and we're completely paranoid, which helps, but that's far as it goes!) If hackers can hack into companies that probably employ at least a few people whose sole task is to ensure their data stays private, surely they could hack into our small business, right ? Does someone have any experience in hiring an "ethical hacker"? How to find one? How much would it cost? *The only recommendation they made us was to upgrade our remote desktop protocols on two windows servers, which they were able to access because we gave them the correct non-standard port and whitelisted their IP

    Read the article

  • Mac Security - Which one?

    - by Bob Rivers
    Hi, Recently I had my credit card cloned. A few hours after shopping at an online store (in which I trust and buy since 2006) I received a call from my bank asking if I recognize a $5,000 debt to a store(?!) called Church of Christ... I'm a Mac user (OS X 10.6.3). I always kept my system updated and I have firewall enabled (in my Mac and in my broadband router), but I decided to adopt some kind of protection. I don't want to rise passionate discussions. Real or not, snake oil or not, I need to have back my peace of mind... I read this and this posts. I selected two software that I think that could help me (both have more features other than just an antivirus). Does someone have feedback about Intego's VirusBarrier X6 or Trendmicro's Smart Surfing? Intego solutions seems to be better, but TrendMicro brand/name is stronger in corporate environment, so their solution should be good. Both solutions have 30 day free trial, but I would like to hear something from you. Any other solution that I should look? TIA, Bob

    Read the article

  • Screen Flickering: Hardware or Software?

    - by Wesley
    I have a Samsung N120 netbook (upgraded to 2GB DDR2 RAM) and there has been a screen flickering issue for some time now. However, I have not been able to accurately determine whether it is a software or hardware issue. Here are some of the symptoms: The flicker is white-colored and shows up as vertical lines. Flickering or not, there may be occasionally some random blue patterns (no image distortion) The screen tends to flicker more when the screen is not tilted back all the way. When tilting the screen back and forth, the screen will usually flicker. Some images on the screen may randomly distort without full-on flickering. The screen will flicker only on certain websites, but not on others. A certain part of a webpage may constantly be distorted randomly, even when scrolling. While flickering, the mouse will not move though I'm moving my finger along the touchpad. A connected external monitor does not have any problems. The flickering is completely random and does not seem to follow any CPU/GPU usage trends. Flickering usually gets worse when the screen brightness is turned higher. There will be flickering on battery and while plugged in. Search up "Samsung N120 - Screen Flickering" on YouTube for an idea of what the flickering looks like. However, there is no visible distortions and the flickering seems to stop when the screen has dimmed. Since the problems started, I tried formatting and using Windows 7, then formatted again and went back to Windows XP. The screen was also replaced sometime during this past summer. The uninstallation of the Samsung Battery Manager (on the original install of XP) seemed to reduce the flicker partially, but eventually got worse. So, what could possibly be the problem?

    Read the article

  • Windows Firewall Software to Filter Transit Traffic

    - by soonts
    I need to test my networking code for Nintendo Wii under the conditions when some specific Internet server is not available. Wii is connected to my PC with crossover ethernet cable. PC has 2 NICs. PC is connected to hardware router with ethernet cable. The hardware router serves as NAT and has an internet connected to its uplink. I set the Wii to be in the same lan as PC by using Windows XP Network bridge. I can observe the WII network traffic using e.g. Wireshark sniffer. Is there a software firewall that can selectively filter out transit traffic? (e.g. block outgoing TCP connections to 123.45.67.89 to port 443) I tried Outpost Pro 2009 and Comodo. Outpost firewall blocks all transit traffic with it's implicit "block transit packet" rule. If the transit traffic is explicitly allowed by creating the system-wide low level rule, then it's allowed completely and no other filter can selectively block it. Comodo firewall only process rules when the packet has localhost's IP as either source or destination, allowing the rest of the traffic. Any ideas? Thanks in advance! P.S. Platform is Windows XP 32 bit, no other OSes is allowed, Windows ICS (Internet Connection Sharing) doesnt work since the Wii is unable to connect, becides I don't like the idea of adding one more level of NAT.

    Read the article

  • How to create a software raid5 array without a spare

    - by Yannick M.
    I am trying to create a software raid5 array using mdadm: $ linux # mdadm --create --verbose /dev/md0 --level=5 --raid-devices=4 --spare-devices=0 /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1 mdadm: layout defaults to left-symmetric mdadm: chunk size defaults to 64K mdadm: array /dev/md0 started. However when inspecting /proc/mdstat Personalities : [raid6] [raid5] [raid4] md0 : active raid5 sdd1[4] sdc1[2] sdb1[1] sda1[0] 2930279808 blocks level 5, 64k chunk, algorithm 2 [4/3] [UUU_] [>....................] recovery = 0.3% (2970496/976759936) finish=186.1min speed=87172K/sec unused devices: <none> It seems one drive isn't active, so I check the details of the array: /dev/md0: Version : 00.90.03 Creation Time : Tue Jul 21 16:29:53 2009 Raid Level : raid5 Array Size : 2930279808 (2794.53 GiB 3000.61 GB) Used Dev Size : 976759936 (931.51 GiB 1000.20 GB) Raid Devices : 4 Total Devices : 4 Preferred Minor : 0 Persistence : Superblock is persistent Update Time : Tue Jul 21 16:29:53 2009 State : clean, degraded, recovering Active Devices : 3 Working Devices : 4 Failed Devices : 0 Spare Devices : 1 Layout : left-symmetric Chunk Size : 64K Rebuild Status : 0% complete UUID : ce8b2f40:821d003c:0027688e:a70977ec Events : 0.1 Number Major Minor RaidDevice State 0 8 1 0 active sync /dev/sda1 1 8 17 1 active sync /dev/sdb1 2 8 33 2 active sync /dev/sdc1 4 8 49 3 spare rebuilding /dev/sdd1 And it seems there are only 3 active devices, with one spare. Is it just me, or something wrong here?

    Read the article

  • Converting software RAID1 to RAID10 for /boot

    - by luckytaxi
    Array info: /dev/md0 - /dev/sda1 and /dev/sdb1 /dev/md2 - /dev/sda2 and /dev/sdb2 Partition info: /boot - /dev/md0 / - /dev/md1 I have two drives that are setup as RAID1 using software RAID on Redhat. I added two additional drives (same size) and I would like to conver the RAID1 to a RAID10. The problem I'm having is adding the last drive to the array. I've gotten as far as creating a RAID10 with two missing devices but as soon as I add the last drive, all hell breaks loose. It seems /dev/sda1 is the culprit. What I'm not too sure about is how to create the RAID10. I've tried the following mdadm --create /dev/md2 --level=raid10 --raid-device=4 /dev/sdc1 missing /dev/sdd1 missing I then proceeded to fail /dev/sdb1 from /dev/md0 and added that partition to /dev/md2. I proceeded to install the MBR on EACH partition since boot resides on /dev/sdx1 on each drive. As a test, all is well, I'm able to boot back into the system once I do a quick reboot. Now, when I go add the last drive /dev/sda1, it breaks. I attempted to install grub on /dev/sda1 and I get the following ... grub> root (hd0,0) /dev/sda root (hd0,0) /dev/sda Filesystem type is ext2fs, partition type 0xfd grub> setup (hd0) setup (hd0) Checking if "/boot/grub/stage1" exists... no Checking if "/grub/stage1" exists... no Error 2: Bad file or directory type At this point, the array is hosed I believe. I rebooted the server and it refuses to boot.

    Read the article

  • mkfs Operation Takes Very Long on Linux Software Raid 5

    - by Elmar Weber
    I've set-up a Linux software raid level 5 consisting of 4 * 2 TB disks. The disk array was created with a 64k stripe size and no other configuration parameters. After the initial rebuild I tried to create a filesystem and this step takes very long (about half an hour or more). I tried to create an xfs and ext3 filesystem, both took a long time, with mkfs.ext3 I observed the following behaviour, which might be helpful: writing inode tables runs fast until it reaches 1053 (~ 1 second), then it writes about 50, waits for two seconds, then the next 50 are written (according to the console display) when I try to cancel the operation with Control+C it hangs for half a minute before it is really canceled The performance of the disks individually is very good, I've run bonnie++ on each one separately with write / read values of around 95 / 110MB/s. Even when I run bonnie++ on every drive in parallel the values are only reduced by about 10 MB. So I'm excluding hardware / I/O scheduling in general as a problem source. I tried different configuration parameters for stripe_cache_size and readahead size without success, but I don't think they are that relevant for the file system creation operation. The server details: Linux server 2.6.35-27-generic #48-Ubuntu SMP x86_64 GNU/Linux mdadm - v2.6.7.1 Does anyone has a suggestion on how to further debug this?

    Read the article

  • How to interrupt software raid resync?

    - by Adam5
    I want to interrupt a running resync operation on a debian squeeze software raid. (This is the regular scheduled compare resync. The raid array is still clean in such a case. Do not confuse this with a rebuild after a disk failed and was replaced.) How to stop this scheduled resync operation while it is running? Another raid array is "resync pending", because they all get checked on the same day (sunday night) one after another. I want a complete stop of this sunday night resyncing. [Edit: sudo kill -9 1010 doesn't stop it, 1010 is the PID of the md2_resync process] I would also like to know how I can control the intervals between resyncs and the remainig time till the next one. [Edit2: What I did now was to make the resync go very slow, so it does not disturb anymore: sudo sysctl -w dev.raid.speed_limit_max=1000 taken from http://www.cyberciti.biz/tips/linux-raid-increase-resync-rebuild-speed.html During the night I will set it back to a high value, so the resync can terminate. This workaround is fine for most situations, nonetheless it would be interesting to know if what I asked is possible. For example it does not seem to be possible to grow an array, while it is resyncing or resyncing "pending"]

    Read the article

  • How to configure Amazon Security Groups to achieve multi-tier architecture?

    - by ks78
    What is the preferred way to configure Amazon Security Groups to achieve a multi-tier architecture? Each of my instances has its own Security Group, which I only want to use for rules specific to an instance. I'd like to keep any rules which apply to multiple instances in a separate Security Group, which can then be assigned to instance Security Groups as necessary. As an example, I've setup a group called "admin", which allows administrative access from my IP. I added the "admin" group as the source to each of my instance security groups. However, I still can't access the instances from my IP without adding the rules directly to the instance's group. Am I missing something? Although it seems a multi-tier security architecture should be possible, it doesn't seem to be working.

    Read the article

  • mkfs Operation Takes Very Long on Linux Software Raid 5

    - by Elmar Weber
    I've set-up a Linux software raid level 5 consisting of 4 * 2 TB disks. The disk array was created with a 64k stripe size and no other configuration parameters. After the initial rebuild I tried to create a filesystem and this step takes very long (about half an hour or more). I tried to create an xfs and ext3 filesystem, both took a long time, with mkfs.ext3 I observed the following behaviour, which might be helpful: writing inode tables runs fast until it reaches 1053 (~ 1 second), then it writes about 50, waits for two seconds, then the next 50 are written (according to the console display) when I try to cancel the operation with Control+C it hangs for half a minute before it is really canceled The performance of the disks individually is very good, I've run bonnie++ on each one separately with write / read values of around 95 / 110MB/s. Even when I run bonnie++ on every drive in parallel the values are only reduced by about 10 MB. So I'm excluding hardware / I/O scheduling in general as a problem source. I tried different configuration parameters for stripe_cache_size and readahead size without success, but I don't think they are that relevant for the file system creation operation. The server details: Linux server 2.6.35-27-generic #48-Ubuntu SMP x86_64 GNU/Linux mdadm - v2.6.7.1 Does anyone has a suggestion on how to further debug this?

    Read the article

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >