Search Results

Search found 15441 results on 618 pages for 'ssl security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 38/618 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • Configure a Port with an SSL Certificate w\o using Httpcfg

    - by dudia
    Hi, When one develops a self-hosted WCF http server, one of the steps needed is to bind an SSL certificate to a port number: httpcfg set ssl -i 0.0.0.0:8012 -h 0000000000003ed9cd0c315bbb6dc1c08da5e6 as stated in: http://msdn.microsoft.com/en-us/library/ms733791.aspx However, It is hardly expected that in my deployment environment one would be able to do it. (I don't even know if the httpcfg.exe is redistributable) Moreover, if the user changed the port after he installed the product then he will need to run the command again.... how can this step be automated pro grammatically? preferably in C# but if it can only be done in C++ (direct access to the Http Server API) then I will manage :)

    Read the article

  • Why does a ModalPopupExtender fail when using SSL?

    - by Brooke Jackson
    I have created a modal popup using the ModalPopupExtender in Microsoft's AJAX 1.0 for .NET 2.0. It works great when the page doesn't isn't being accessed through SSL (http://) however the link to close the popup fails to fire if accessing the page through https://. Is the ModalPopupExtender at blame? Is it a "Feature" of SSL to block popups, or is it something else I haven't though of? Here is the code I am using: <asp:Button ID="btnHelp" runat="server" Text="?" CausesValidation="False" /> <asp:Panel ID="pnlHelp" BackColor="white" runat="server"> <asp:LinkButton ID="lnkClosePanel" runat="server" CausesValidation="False" OnClick="lnkCloseHelp_Click">Close</asp:LinkButton> <p>Some Text</p> </asp:Panel> <cc1:ModalPopupExtender ID="popExt" runat="server" TargetControlID="btnHelp" PopupControlID="pnlHelp"></cc1:ModalPopupExtender>

    Read the article

  • SSRS 2008 + SSL displays 404 not found

    - by Matt
    Hi, I have SQL reporting services configured to use a secure certificate and when I visit both Reports and ReportManager I get a 404 not found error. The reporting services logs do not contain any error information. I am a bit at a loss to know where to start to diagnose this problem, especially as SSRS is not using IIS. I created the SSL binding using the Reporting Services Configuration Manager; IP Address: (All IPv4) SSL Port: 443 Certificate: {the certicate was present in the drop down list} URL: https://mydomain:444/Reports What can I check to get this working? Thanks

    Read the article

  • Request builder call not returning when using ssl(https)

    - by Zeeshan Khan
    Hi , I am using GWT. Currently using gwt-rpc to for login authentication. For only login purpose i want to use ssl(https) and so instead of using gwt-rpc i am trying Request Builder and calling a servlet with https. When in Servlet URL i use protocol as http the request builder works perfectly and response returns to client side(onResponseReceived ). but when i use https in the servlet url then the servlet is gettting called but the response is not returning to the onResponseReceived method of request builder. my url with http looks like : http://localhost:8888/myproject/myservlet and with https it looks like :https://localhost/myproject/myservlet Please give any suggestion or is there any other way to do it.and also is it possible to use ssl over gwt-rpc.

    Read the article

  • SSL on Heroku / User Authentication Across Multiple Domains

    - by Euwyn
    Posted a previous question on this, but have a followup. I was trying to create a workaround to use SSL on the expensive custom domain. I'm willing to live with bumping a user to https://app.heroku.com from http://www.app.com for certain secure pages, and have monkey-patched SSL required to make this happen. However, now this issue is with making sure my User is logged in when I do so. As I understand, cookies aren't cross domain. Is there a way around this issue?

    Read the article

  • Setting Host Headers for SSL Sites in IIS–Week 7 of 52

    - by OWScott
    At first glance, the Host Header field is grayed out when applying host headers to SSL (HTTPS) sites in IIS 7. This week I cover a trick plus a full featured way to set these host headers in IIS 7.0/7.5 and IIS 6.  If you haven’t watched last week’s video, I recommend watching it first since it covers the reasons and issues for host headers on SSL sites. This is week 7 of a 52 week series on various web administration related tasks.  Past and future videos can be found here. Host Headers in SSL Sites Here are some links mentioned in the video: http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html Unified Communications Certificate (aka Subject Alternative Name [SAN]) options: http://www.bing.com/search?q=unified+communications+certifcate

    Read the article

  • Google Charts of SSL

    - by Ian
    Hi, I need to get the free Google charts working over SSL without any security errors. I am using c# and asp.net. As Google charts does not support SSL by default, I am looking for a robust method of using there charts but ensuring my user doesn't get any security warnings over their browser. One thought was to use a handler to call the charts api and then generate the output my site needs. Similar to Pants are optional blog post. I haven't been able to get this example working at this stage. Any suggestions, or samples are welcome. Thanks

    Read the article

  • Should I use an ssl terminator or just haproxy?

    - by Justin Meltzer
    I'm trying to figure out how to set up my architecture for a socket.io app that will require both https and wss connections. I've found many tutorials on the web suggesting that you use something like stud or stunnel in front of haproxy, which then routes your unencrypted traffic to your app. If I were to go this route, is it suggested that haproxy and the ssl terminator be on separate instances, or is it fine if they are on the same EC2 server instance? If I do not want to use a separate ssl terminator, could I use haproxy to terminate the ssl? Or instead would it be possible to proxy these https and wss connections to my application and have the node app terminate the ssl itself?

    Read the article

  • Java Webstart Truststore SSL

    - by Padur
    Hello Experts .. Need some guidance. I have java webstart app and I want it to connect to a server via SSL.just adding a property like:System.setProperty("javax.net.ssl.trustStore","my.keystore");But since a JAWS program is downloaded from server didn't work and don't have a my.keystore on local file system. So decided to distribute the certificate to all clients.I did the following and it worked, but I am sure there are more better solutions that this.I packed it inside a jar and copied to some temp directory on clients machine and read the truststore jks file. Any ideas to make it better? -Padur ========================================

    Read the article

  • disable SSL on MAMP

    - by morktron
    Hi I'm used to editing sites locally on my MAMP to test out changes before going live. In this case though the site has a SSL certificate and wants to use it when I go to admin. So I can't go to admin. The error message says: (Error code: ssl_error_rx_record_too_long) It's a Joomla site I'm trying to log into locally ie: http://localhost:8888/site/administrator/ I've tried https as well, but same thing. Also same thing is Safari. I just need to turn off ssl, it must be a file somewhere in the site I downloaded.

    Read the article

  • .NET Security Part 3

    - by Simon Cooper
    You write a security-related application that allows addins to be used. These addins (as dlls) can be downloaded from anywhere, and, if allowed to run full-trust, could open a security hole in your application. So you want to restrict what the addin dlls can do, using a sandboxed appdomain, as explained in my previous posts. But there needs to be an interaction between the code running in the sandbox and the code that created the sandbox, so the sandboxed code can control or react to things that happen in the controlling application. Sandboxed code needs to be able to call code outside the sandbox. Now, there are various methods of allowing cross-appdomain calls, the two main ones being .NET Remoting with MarshalByRefObject, and WCF named pipes. I’m not going to cover the details of setting up such mechanisms here, or which you should choose for your specific situation; there are plenty of blogs and tutorials covering such issues elsewhere. What I’m going to concentrate on here is the more general problem of running fully-trusted code within a sandbox, which is required in most methods of app-domain communication and control. Defining assemblies as fully-trusted In my last post, I mentioned that when you create a sandboxed appdomain, you can pass in a list of assembly strongnames that run as full-trust within the appdomain: // get the Assembly object for the assembly Assembly assemblyWithApi = ... // get the StrongName from the assembly's collection of evidence StrongName apiStrongName = assemblyWithApi.Evidence.GetHostEvidence<StrongName>(); // create the sandbox AppDomain sandbox = AppDomain.CreateDomain( "Sandbox", null, appDomainSetup, restrictedPerms, apiStrongName); Any assembly that is loaded into the sandbox with a strong name the same as one in the list of full-trust strong names is unconditionally given full-trust permissions within the sandbox, irregardless of permissions and sandbox setup. This is very powerful! You should only use this for assemblies that you trust as much as the code creating the sandbox. So now you have a class that you want the sandboxed code to call: // within assemblyWithApi public class MyApi { public static void MethodToDoThings() { ... } } // within the sandboxed dll public class UntrustedSandboxedClass { public void DodgyMethod() { ... MyApi.MethodToDoThings(); ... } } However, if you try to do this, you get quite an ugly exception: MethodAccessException: Attempt by security transparent method ‘UntrustedSandboxedClass.DodgyMethod()’ to access security critical method ‘MyApi.MethodToDoThings()’ failed. Security transparency, which I covered in my first post in the series, has entered the picture. Partially-trusted code runs at the Transparent security level, fully-trusted code runs at the Critical security level, and Transparent code cannot under any circumstances call Critical code. Security transparency and AllowPartiallyTrustedCallersAttribute So the solution is easy, right? Make MethodToDoThings SafeCritical, then the transparent code running in the sandbox can call the api: [SecuritySafeCritical] public static void MethodToDoThings() { ... } However, this doesn’t solve the problem. When you try again, exactly the same exception is thrown; MethodToDoThings is still running as Critical code. What’s going on? By default, a fully-trusted assembly always runs Critical code, irregardless of any security attributes on its types and methods. This is because it may not have been designed in a secure way when called from transparent code – as we’ll see in the next post, it is easy to open a security hole despite all the security protections .NET 4 offers. When exposing an assembly to be called from partially-trusted code, the entire assembly needs a security audit to decide what should be transparent, safe critical, or critical, and close any potential security holes. This is where AllowPartiallyTrustedCallersAttribute (APTCA) comes in. Without this attribute, fully-trusted assemblies run Critical code, and partially-trusted assemblies run Transparent code. When this attribute is applied to an assembly, it confirms that the assembly has had a full security audit, and it is safe to be called from untrusted code. All code in that assembly runs as Transparent, but SecurityCriticalAttribute and SecuritySafeCriticalAttribute can be applied to individual types and methods to make those run at the Critical or SafeCritical levels, with all the restrictions that entails. So, to allow the sandboxed assembly to call the full-trust API assembly, simply add APCTA to the API assembly: [assembly: AllowPartiallyTrustedCallers] and everything works as you expect. The sandboxed dll can call your API dll, and from there communicate with the rest of the application. Conclusion That’s the basics of running a full-trust assembly in a sandboxed appdomain, and allowing a sandboxed assembly to access it. The key is AllowPartiallyTrustedCallersAttribute, which is what lets partially-trusted code call a fully-trusted assembly. However, an assembly with APTCA applied to it means that you have run a full security audit of every type and member in the assembly. If you don’t, then you could inadvertently open a security hole. I’ll be looking at ways this can happen in my next post.

    Read the article

  • Partner Webcast – Implementing Web Services & SOA Security with Oracle Fusion Middleware - 20 September 2012

    - by Thanos
    Security was always one of the main pain points for the IT industry, and new security challenges has been introduced with the proliferation  of the service-oriented approach to building modern software. Oracle Fusion Middleware provides a wide variety of features that ease the building service-oriented solutions, but how these services can be secured?Should we implement the security features in each and every service or there’s a better way? During the webinar we are going to show how to implement non-intrusive declarative security for your SOA components by introducing the Oracle product portfolio in this area, such as Oracle Web Services Manager and Oracle IDM. Agenda: SOA & Web Services basics: quick refresher Building your SOA with Oracle Fusion Middleware: product review Common security risks in the Web Services world SOA & Web Services security standards Implementing Web Services Security with the Oracle products Web Services Security with Oracle – the big picture Declarative end point security with Oracle Web Services Manager Perimeter Security with Oracle Enterprise Gateway Utilizing the other Oracle IDM products for the advanced scenarios Q&A session Delivery Format This FREE online LIVE eSeminar will be delivered over the Web. Registrations received less than 24hours prior to start time may not receive confirmation to attend. Thursday, September 20, 2012 - 10:00 AM to 11:00 AM CET (GMT/UTC+1)Duration: 1 hour Register Now Send your questions and migration/upgrade requests [email protected] Visit regularly our ISV Migration Center blog or Follow us @oracleimc to learn more on Oracle Technologies, upcoming partner webcasts and events. All content is made available through our YouTube - SlideShare - Oracle Mix.

    Read the article

  • Implementing SOA & Security with Oracle Fusion Middleware in your solution – partner webcast September 20th 2012

    - by JuergenKress
    Security was always one of the main pain points for the IT industry, and new security challenges has been introduced with the proliferation  of the service-oriented approach to building modern software. Oracle Fusion Middleware provides a wide variety of features that ease the building service-oriented solutions, but how these services can be secured? Should we implement the security features in each and every service or there’s a better way? During the webinar we are going to show how to implement non-intrusive declarative security for your SOA components by introducing the Oracle product portfolio in this area, such as Oracle Web Services Manager and Oracle Enterprise Gateway. Agenda: SOA & Web Services basics: quick refresher Building your SOA with Oracle Fusion Middleware: product review Common security risks in the Web Services world SOA & Web Services security standards Implementing Web Services Security with the Oracle products Web Services Security with Oracle – the big picture Declarative end point security with Oracle Web Services Manager Perimeter Security with Oracle Enterprise Gateway Utilizing the other Oracle IDM products for the advanced scenarios Q&A session Delivery Format This FREE online LIVE eSeminar will be delivered over the Web. Registrations received less than 24hours prior to start time may not receive confirmation to attend. Duration: 1 hour Register Now Send your questions and migration/upgrade requests [email protected] Visit regularly our ISV Migration Center blog or Follow us @oracleimc to learn more on Oracle Technologies, upcoming partner webcasts and events. All content is made available through our YouTube - SlideShare - Oracle Mix. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: Technorati Tags: ISV migration center,SOA,IDM,SOA Community,Oracle SOA,Oracle BPM,BPM,Community,OPN,Jürgen Kress

    Read the article

  • ASP.NET MVC SSL POST Error

    - by RyanFetz
    I have a Logon page in a MVC (1.0) application that I am securing with SSL, I have an attribute that inspects the request for the page and redirects to a https uri when it is requested with http. This all works, however when I post the form content i get the following error: The parameters dictionary contains a null entry for parameter 'rememberMe' of non-nullable type 'System.Boolean' for method 'System.Web.Mvc.ActionResult LogOn(System.String, System.String, Boolean, System.String)' in 'DAC.US.Web.Portal.Controllers.AccountController'. To make a parameter optional its type should be either a reference type or a Nullable type. Parameter name: parameters here is the controller code... // // GET: /Account/LogOn [RequiresSSL] public ActionResult LogOn(string ReturnUrl) { if (TempData["Message"] != null) ViewData["Message"] = TempData["Message"]; TempData["Message"] = null; ViewData["ReturnUrl"] = ReturnUrl ?? "/Home"; return View(); } Again, the RequireSSL Attribute works, but the POST from that SSL uri does not. What is not working?

    Read the article

  • Enabling SSL Requests on Jdev's Integrated Weblogic

    - by Christian David Straub
    Often times you will want to enable SSL access for such things as secure login or secure signup. By default, the integrated WLS that ships with JDev does not listen to SSL requests. However, this is easily fixed.Just navigate to http://127.0.0.1:7101/console. This will deploy the console app where you can configure WLS. By default the login credentials are:username: weblogicpassword: weblogic1Then go to Environment -> Servers -> DefaultServer. Check the "SSL Listen Port Enabled" box and your server will now listen to SSL requests (just make sure to use the listen port that is specified).For added security, you can always check while processing your request that it is going through an SSL connection by first checking HttpServletRequest.isSecure().

    Read the article

  • Security Controls on data for P6 Analytics

    - by Jeffrey McDaniel
    The Star database and P6 Analytics calculates security based on P6 security using OBS, global, project, cost, and resource security considerations. If there is some concern that users are not seeing expected data in P6 Analytics here are some areas to review: 1. Determining if a user has cost security is based on the Project level security privileges - either View Project Costs/Financials or Edit EPS Financials. If expecting to see costs make sure one of these permissions are allocated.  2. User must have OBS access on a Project. Not WBS level. WBS level security is not supported. Make sure user has OBS on project level.  3. Resource Access is determined by what is granted in P6. Verify the resource access granted to this user in P6. Resource security is hierarchical. Project access will override Resource access based on the way security policies are applied. 4. Module access must be given to a P6 user for that user to come over into Star/P6 Analytics. For earlier version of RDB there was a report_user_flag on the Users table. This flag field is no longer used after P6 Reporting Database 2.1. 5. For P6 Reporting Database versions 2.2 and higher, the Extended Schema Security service must be run to calculate all security. Any changes to privileges or security this service must be rerun before any ETL. 6. In P6 Analytics 2.0 or higher, a Weblogic user must exist that matches the P6 username. For example user Tim must exist in P6 and Weblogic users for Tim to be able to log into P6 Analytics and access data based on  P6 security.  In earlier versions the username needed to exist in RPD. 7. Cache in OBI is another area that can sometimes make it seem a user isn't seeing the data they expect. While cache can be beneficial for performance in OBI. If the data is outdated it can retrieve older, stale data. Clearing or turning off cache when rerunning a query can determine if the returned result set was from cache or from the database.

    Read the article

  • How can I prevent HTTPS on another domain from wrongly showing on my HTTP-only domain?

    - by Earlz
    So, I have a blog at domain.com. This blog is HTTP-only because I would gain almost nothing from adding SSL support. I have a web service now that I want to enable SSL support on that runs on the same server and IP address as my blog. I got it all working pretty easily, but not if I go to https://domain.com I will see a huge warning about an SSL certificate error and then if I click "ok" through the warning, I'll see the web service with SSL support, not my blog. My biggest fear with this scheme is Google indexing an HTTPS version of it and penalizing my blog because the content between the two doesn't match. How can I somehow for my blog's domain to either not serve anything on HTTPS, or to redirect back to my HTTP blog, or to serve my blog, but with an invalid SSL certificate? What can I do, preferably without buying another dedicated IP for my website?

    Read the article

  • IMAP + TLS/SSL with synapse ?

    - by azera
    i'm currently trying to add to a software the capability to list unread emails in the user's inbox using imap. After having no success at all using indy10, I discovered synapse which seemed better for what I needed, but I can't find a way to get it working. My problem is with the login (thus I think with the ssl configuration), I can't find a working combination of "FullSSL", "Sock.SSL.SSLType" and "AutoTLS", whetever I do the "Login()" function fails. For the sake of testing, is any of you able to connect to gmail's imap server using synapse, and if yes how ?

    Read the article

  • Basics for implementing SSL on PHP Website

    - by KoolKabin
    Hi guys, I am here as a developer of a website. My website got different modules among which one function is to process credit card. In order to process credit card I need to implement SSL layer and process the pages. For rest of modules the SSL is optional. Now my points are: 1.) Is the location of file for http and https same? 2.) Can the session of http and https be shared? this is required as i need user login information and cart item information.

    Read the article

  • Free E-Book from APress - Platform Embedded Security Technology Revealed

    - by TATWORTH
    Originally posted on: http://geekswithblogs.net/TATWORTH/archive/2014/08/23/free-e-book-from-apress---platform-embedded-security-technology-revealed.aspxAt  http://www.apress.com/9781430265719, APress are providing a free E-Book - Platform Embedded Security Technology Revealed. “Platform Embedded Security Technology Revealed is an in-depth introduction to Intel’s security and management engine, with details on the security features and the steps for configuring and invoking them. It's written for security professionals and researchers; embedded-system engineers; and software engineers and vendors.”

    Read the article

  • ASP.NET Request.ServerVariables["SERVER_PORT_SECURE"] and proxy SSL by load balancer

    - by frankadelic
    We have some legacy ASP.NET code that detects if a request is secure, and redirects to the https version of the page if required. This code uses Request.ServerVariables["SERVER_PORT_SECURE"] to detect if SSL is needed. Our operations team has suggested doing proxy SSL at the load balancer (F5 Big-IP) instead of on the web servers (assume for the purposes of this question that this is a requirement). The consequence would be that all requests appear as HTTP to the web server. My question: how can we let the web servers known that the incoming connection was secure before it hit the load balancer? Can we continue to use Request.ServerVariables["SERVER_PORT_SECURE"]? Do you know of a load balancer config that will send headers so that no application code changes are needed?

    Read the article

  • SSL certificate selection based on host-header: is it possible?

    - by DrStalker
    Is it possible for a web server to select an SSL certificate to use based on the host-header of the incoming connection, or is that information that is only available after the SSL connection is established? That is, can my webserver listed on port 443 and use the foo.com certificate if https://foo.com is requested, and the bar.com certificate if https://bar.com is requested or am I trying to do something impossible because the server has to establish an SSL connection before it knows what the client wants?

    Read the article

  • Programmatically adding a trusted cert in Java

    - by directedition
    I use SSL to communicate between two components written in Java. I can't use a CA, so I have to self-sign everything. Unfortunately, this means that when I try to handshake, I get a SunCertPathBuilderException. I can create my own X509TrustManager that just trusts everything, but that sort of defeats the purpose of having a signed cert. I would like, when first making the connection, to prompt the user with "SSL handshake with invalid cert. Add cert to store?" or something so they could have it added for them to their certificate store, like web browsers do at sites with invalid certs. I can find plenty of examples online of adding a cert to the store through the commandline, but I can't figure out how to do it programmatically. Is there a way to do this?

    Read the article

  • Rabbitmq 2.2 not working on Snow Leopard (SSL errors)

    - by ebeland
    When I start rabbitmq, I see the following message. I have Activating RabbitMQ plugins ... WARNING Undefined function crypto:des3_cbc_decrypt/5 WARNING Undefined function crypto:start/0 WARNING Undefined function ssl:close/1 WARNING Undefined function ssl:controlling_process/2 WARNING Undefined function ssl:peercert/1 WARNING Undefined function ssl:peername/1 WARNING Undefined function ssl:recv/3 WARNING Undefined function ssl:send/2 WARNING Undefined function ssl:sockname/1 WARNING Undefined function ssl:ssl_accept/3 0 plugins activated: I followed the advice here to install openssl and recompile erlang with a --with-ssl path set: http://old.nabble.com/2.1.1%3A-no-such-file-or-directory-crypto.app-message-prevents-broker-from-starting-td30011026.html When I recompiled erlang, I used the following .configure: ./configure \ --prefix=/usr/local/erlang/R13B04 \ --enable-smp-support \ --enable-threads \ --enable-darwin-64bit \ --with-ssl=/usr/include/openssl It compiled fine. Then, just in case, I reinstalled rabbit from macports. I still get the error. Am I using the wrong path for --with-ssl? Help?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >