Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 393/1021 | < Previous Page | 389 390 391 392 393 394 395 396 397 398 399 400  | Next Page >

  • Controlling access to site folders if you cannot user Roles

    - by DavidMadden
    I find myself on an assignment where I could not use System.Web.Security.Roles.  That meant that I could not use Visual Studio's Website | ASP.NET Configuration.  I had to go about things another way.  The clues were in these two websites:http://www.csharpaspnetarticles.com/2009/02/formsauthentication-ticket-roles-aspnet.htmlhttp://msdn.microsoft.com/en-us/library/b6x6shw7(v=VS.71).aspxhttp://msdn.microsoft.com/en-us/library/b6x6shw7(v=VS.71).aspxYou can set in your web.config the restrictions on folders without having to set the restrictions in multiple folders through their own web.config file.  In my main default.aspx file in my protected subfolder off my main site, I did the following code due to MultiFormAuthentication (MFA) providing the security to this point:        string role = string.Empty;         if (((Login)Session["Login"]).UserLevelID > 3)         {             role = "PowerUser";         }         else         {             role = "Newbie";         }         FormsAuthenticationTicket ticket =  new FormsAuthenticationTicket( 1,                 ((Login)Session["Login"]).UserID,                 DateTime.Now,                 DateTime.Now.AddMinutes(20),                 false,                 role,                 FormsAuthentication.FormsCookiePath);         string hashCookies = FormsAuthentication.Encrypt(ticket);         HttpCookie cookie =  new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);         Response.Cookies.Add(cookie); This all gave me the ability to change restrictions on folders without having to restart the website or having to do any hard coding.

    Read the article

  • session management: verifying a user's log-in state

    - by good_computer
    I am storing sessions in my database. Everytime a user logs in, I create a new row corresponding to the new session, generate a new session id and send it as a cookie to the browser. My session data looks something like this: { 'user_id': 1234 'user_name': 'Sam' ... } When a request comes, I check whether a cookie with a session id is sent. If it is, I fetch session data from my database (or memcache) corresponding to that session id. When the user logs out, I remove the session data from my database (and memcache), and delete the cookie from the user's browser too. Notice that in my session data, I don't have something like logged_in: true. This is because if I find a session record in the database (or memcache) I deduce that the user is logged in, and if there is no session record found, the user is not logged in. My question is: is this the right approach? Should I have a logged_in key in my session data? Is there any possibility that a session record may be present on the server where the corresponding user is actually NOT logged in? Are there any security implications in having or not having such a key?

    Read the article

  • How to Change the Cmd+Q Shortcut Key in OS X (to Stop Accidentally Closing Apps)

    - by The Geek
    If you’ve spent any time using Mac OS X, you’ve figured out that the Cmd+W shortcut key closes a window or tab, while the Cmd+Q key quits the entire app. The problem? The keys are right next to each other, and way too easy to accidentally hit! Here’s how to change it. This problem is compounded even more when you’re using an application like Google Chrome, Safari, or Firefox, where you’re opening or closing tabs all the time, and probably using the Cmd+W key to close just the current tab. If you aren’t careful, you’ll accidentally hit Cmd+Q instead, and your entire browser gets closed. Latest Features How-To Geek ETC How to Use the Avira Rescue CD to Clean Your Infected PC The Complete List of iPad Tips, Tricks, and Tutorials Is Your Desktop Printer More Expensive Than Printing Services? 20 OS X Keyboard Shortcuts You Might Not Know HTG Explains: Which Linux File System Should You Choose? HTG Explains: Why Does Photo Paper Improve Print Quality? Awesome WebGL Demo – Flight of the Navigator from Mozilla Sunrise on the Alien Desert Planet Wallpaper Add Falling Snow to Webpages with the Snowfall Extension for Opera [Browser Fun] Automatically Keep Up With the Latest Releases from Mozilla Labs in Firefox 4.0 A Look Back at 2010 Through Infographics Monitor the Weather with the Weather Forecast Extension for Opera

    Read the article

  • One site being on a subdirectory of another. Does google count this against you?

    - by Mick
    I have created two similar websites (relating to monetary systems). So far, one appears to be loved by Google and the other hated. I'm struggling to work out why. This is a mystery to me because both sites were created by me with the same design philosophy, both in pure html. Both are packed to the rafters with references to, and information about, their respective subjects. One issue I'm worried may be the cause is to do with the location of the sites. I got a web hosting package from hostmonster.com for the successful one, but less liked one is just an "add-on" which sits on a subdirectory of the successful one. I wonder if Google somehow detects this and treats it as a less significant website? EDIT: Just to clarify, even though one site is an add-on that sits on a subdirectory of the other, the URL is arranged to look like it is a root. I.e. the unpopular site can be accessed directly with a simple www.myunpopularsite.com name, without specifying any subdirectory. EDIT: Just in case its important... say the popular site is called pop.com and the unpopular one unpop.com. In the webspace I've purchased, there is a directory called public_html. This is where I put the index.htm and all the other files of my popular site. When I purchased the add-on unpop.com. I made a subdirectory of public_html called unpop. It is within this "public_html\unpop\" that I place the index.htm and all the other files of my unpopular site. Typing www.unpop.com into the address bar of a browser links directly to the contents of "public_html\unpop\" and the user is not aware that this site is sitting on a subdirectory of another site. BUT if you type "www.pop.com/unpop" into the address bar of a browser you DO see the unpopular site.

    Read the article

  • Are web application usability issues equal to website usability issues?

    - by Kor
    I've been reading two books about web usability issues and tests (Rocket Surgery Made Easy¹ and Prioritizing Web Usability²) and they claim some strategies and typical problems about website usability and how to lead them. However, I want to do a web application, and I think I lost track of what I am trying to solve. These two books claim to work with raw websites (e-commerce, business sites, even intranet), but I'm not sure if everything about web usability is applicable to web application usability. They sure talk about always having available (and usable) the Back button, to focus on short information rather than big amounts of text, etc., but they could be inaccurate in deeper problems that may be easier (or just skippable) in regular websites. Has anybody some experience in this field and could tell me if both web applications and websites share their usability issues? Thanks in advance Edit: Quoting Wikipedia, a website is a collection of related web pages containing images, videos or other digital assets, and a web application is an application that is accessed over a network such as the Internet or an intranet. To sum up, both shows/lets you search/produce information but websites are "simple" in interaction and keep the classics of websites (one-click actions) and the other one is closer to desktop applications in the meaning of their uses and ways of interaction (double click, modal windows, asynchronous calls [to keep you in the same "environment" instead of reloading it] etc.). I don't know if this clarifies the difference. Edit 2: Quoting @Victor and myself, a website is anything running in your browser, but a web application is somewhat running in your browser that could be running in your desktop, with similar behaviors and features. Gmail is a web application that could replace Outlook. GDocs could replace Office. Grooveshark could replace your music player, etc.

    Read the article

  • How to overcome politics of the net (Google translate code refuses to work from a specific region) [closed]

    - by Jawad
    Possible Duplicate: How to overcome politics of the net (Google translate code refuses to work from a specific region) I have this Web Site. It uses the Google Translate API (Can't post the link, does not open from this region) with the following code. <meta name="google-translate-customization" content="9f841e7780177523-3214ceb76f765f38-gc38c6fe6f9d06436-c"></meta> <script type="text/javascript"> function googleTranslateElementInit() { new google.translate.TranslateElement({pageLanguage: 'en'}, 'google_translate_element'); } </script> <script type="text/javascript" src="http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script> The problem is since this, it just stopped working. On the site you can see that I had to actually remove the above from here, here, and here while left it here, here, here and here. This is so because the the web site "refuses" to load at all with the pages that have the code (i.e., from this region.) If I use Firefox Stealthy Plugin and open the site in Firefox, It works like a charm without any problems. But with Google Chrome, Apple Safari and Opera Web browser, the site does not load/open at all because of the Google translate. (I know this because If I remove the Google Translate Code, the site works/loads fine) It was one thing to program for "cross browser compatability" and alltogether another to program for "cross region compatability". What can I do to make sure that the site works from anywhere? Do I completely remove the Google Translate code and just have to do without the additional functionality or Do I look for alternatives like this or according to this?

    Read the article

  • Financial institutions build predictive models using Oracle R Enterprise to speed model deployment

    - by Mark Hornick
    See the Oracle press release, Financial Institutions Leverage Metadata Driven Modeling Capability Built on the Oracle R Enterprise Platform to Accelerate Model Deployment and Streamline Governance for a description where a "unified environment for analytics data management and model lifecycle management brings the power and flexibility of the open source R statistical platform, delivered via the in-database Oracle R Enterprise engine to support open standards compliance." Through its integration with Oracle R Enterprise, Oracle Financial Services Analytical Applications provides "productivity, management, and governance benefits to financial institutions, including the ability to: Centrally manage and control models in a single, enterprise model repository, allowing for consistent management and application of security and IT governance policies across enterprise assets Reuse models and rapidly integrate with applications by exposing models as services Accelerate development with seeded models and common modeling and statistical techniques available out-of-the-box Cut risk and speed model deployment by testing and tuning models with production data while working within a safe sandbox Support compliance with regulatory requirements by carrying out comprehensive stress testing, which captures the effects of adverse risk events that are not estimated by standard statistical and business models. This approach supplements the modeling process and supports compliance with the Pillar I and the Internal Capital Adequacy Assessment Process stress testing requirements of the Basel II Accord Improve performance by deploying and running models co-resident with data. Oracle R Enterprise engines run in database, virtually eliminating the need to move data to and from client machines, thereby reducing latency and improving security"

    Read the article

  • hdmi audio works only with aplay -D alsa test wavs; open source radeon drivers; kernel 3.5 vgaswitcheroo

    - by user108754
    I've trolled the internets to make hdmi work on my system Ubuntu 12.04 software center kernel 3.5 uname: Linux ubuntu 3.5.0-18-generic #29~precise1-Ubuntu SMP...x86_64 x86_64 x86_64 GNU/Linux open source radeon drivers vgaswitcheroo (hybrid intel/radeon gpu): I boot with intel, not radeon, running. (and recall that with kernel 3.5, vgaswitcheroo now gives info on a third item, "DIS-Audio"; it indicates pwr on my system) ( /etc/rc.local: chown user:user /sys/kernel/debug/ # change "username" with your user name echo OFF /sys/kernel/debug/vgaswitcheroo/switch ) grub indeed now has "radeon.audio=1" for testing audio, I did aplay -l which gave me the card and device, which made me try aplay -D plughw:1,3 /usr/share/sounds/alsa/Front_Center.wav and lo! I get crystal clear sound on my hdtv. If I play an mp3 file as the argument to that command, I get noise as, I guess, aplay interprets the mp3 code as a wav. If I play a .wav that is not in the /usr/share/sounds/alsa/ directory, I get nothing. Internet flash video in browser plays no sound over hdmi. Both system sounds control and pavucontrol have hdmi cedar selected. Alas, I can not get sound for any gui test (left, right). Why would only aplay, and only when directed with "-D plughw", yield sound over hdmi? I've also tried only using one sound program at a time, if it was a limitation of alsa, so I tried aplay with web browser and even the sound control gui closed. I tried each of the last two, running alone. No improvement. alsamixer only shows hda intel and I think it's only the intel audio, not the hdmi.

    Read the article

  • How to handle Real Time Data from a database perspective?

    - by balexandre
    I have an idea in mind, but it still confuses me the database area. Imagine that I want to show real time data, and using one of the latest browser technologies (web sockets - even using older browsers) it is very easy to show to all observables (user browser) what everyone is doing. Remy Sharp has an example about the simplicity about this. But I still don't get the database part, how would I feed, let's imagine (using Remy game Tron) that I want to save the path for each connected user in a database and if a client wants to see what is going on with a 5 sec delay, he will see that, not only the 5 sec until that moment but the continuation in time ... how can I query a DB like that? SELECT x, y FROM run WHERE time >= DATEADD(second, -5, rundate); is not the recommended path right? and pulling this x in x time ... this is not real data feed correct? If can someone help me understand the Database point of view, I would greatly appreciate.

    Read the article

  • Outlook 2010 - HTML Images not downloaded - at all - by default

    - by Scott Lock
    Maybe it's just me but I found this "Security Feature" of Office 2010 a bit annyoing out of the box.  Outlook does not download any pictures by default for HTML emails.  Now this is nothing new, but what is different is that Outlook 2010 has added another layer of security around the pictures.  You now have the option to finely tune when things are downloaded.  The side affect is that nothing is downloaded at all.  And when I would click on "Download Images" on an email, it still would not show the images.  I found that I had to explicitly tell Outlook to download HTML images and then restart Windows.  It did not work if I simply restarted Office.  Again, maybe this was just me.  Here's what you need to do in Outlook 2010 to enable images for HTML: Click on the new "File" tab Click on "Options" Click on "Trust Center" Clicn on "Trust Center Settings" Uncheck the "Don't download pictures automatically in HTML e-mail messages or RSS items" check box Click the "Okay" button Exit Outlook 2010 Again, for me I had to restart Windows (Windows 7 64bit, Office 2010 64bit) to get this to "take affect".

    Read the article

  • ArchBeat Link-o-Rama for December 7, 2012

    - by Bob Rhubart
    From XaaS to Java EE – Which damn cloud is right for me in 2012? | Markus Eisele Oracle ACE Director Markus Eisele wrestles with a timely technical issue and shares his observations on several of the alternatives. WebLogic Servier Domain Browser App (Android) My colleague Jeff Davies, a frequent speaker at OTN Architect Day events and a genuinely nice guy, emailed me last night with this message: "I just came across this app on Google Play. It allows WebLogic administrators to browse WLS 12c domain information. I installed it on my phone and tried it out. Works very fast." I'm an iPhone guy, but I'm perfectly comfortable taking Jeff at his word.The app is called WLS Domain Browser. Follow the link for more info from the Google Play site. Exalogic 2.0.1 Tea Break Snippets - Creating a ModifyJeOS VirtualBox | The Old Toxophilist "One of the main advantages of this is that Templates can be created away from the Exalogic Environment," explains The Old Toxophilist. BTW: I had to look it up: a toxophilist is one who collects bows and arrows. Thought for the Day "All models are wrong; some models are useful." — George Box Source: SoftwareQuotes.com

    Read the article

  • ArchBeat Link-o-Rama for 2012-09-25

    - by Bob Rhubart
    Oracle 11gR2 RAC on Software Defined Network (SDN) | Gilbert Stan "The SDN [software defined network] idea is to separate the control plane and the data plane in networking and to virtualize networking the same way we have virtualized servers," explains Gil Standen. "This is an idea whose time has come because VMs and vmotion have created all kinds of problems with how to tell networking equipment that a VM has moved and to preserve connectivity to VPN end points, preserve IP, etc." H/T to Oracle ACE Director Tim Hall for the recommendation. ServerSent-Events on WebLogic Server | Steve Buttons "The HTML5 ServerSent-Event model provides a mechanism to allow browser clients to establish a uni-directional communication path to a server, where the server is then able to push messages to the browser at any point in time," explains Steve "Buttso" Buttons. Focus on Architects and Architecture This handy guide for sessions and other activities at Oracle OpenWorld 2012 focuses on IT architecture in all its many facets and permutations. Operating System Set-up for WebLogic Server | Rene van Wijk Oracle ACE Rene van Wijk shows you how to set-up an operating system for WebLogic Server. "We will use VMware as our virtualization platform and use CentOS as the operating system," says van Wijk. "We end the post by showing how the operating system can be tuned when running a Java process such as WebLogic Server." Free eBook: Oracle SOA Suite - In the Customer's Words If you find yourself in the position of having to sell the idea of Service-oriented Architecture to business stakeholders this free e-book may come in very handy. Check out "Oracle SOA Suite: In the Customer's Words. (Registration / Oracle.com login required.) Thought for the Day "The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency." — Bill Gates Source: BrainyQuote.com

    Read the article

  • Podcast Show Notes: Architect Meet-Up

    - by Bob Rhubart
    What happens when you get bunch of architects together and just let them talk? The latest ArchBeat Podcast features just such a conversation. The four participants in this conversation responded to a general invitation to my list of some three dozen Usual Suspects to join me on Skype for what I call a virtual meet-up. That conversation took place on March 20, 2012. The Participants Basheer Khan: Oracle ACE Director; Founder, President & CEO at Innowave Technology Lucas Jellema: Oracle ACE Director; CTO of AMIS Services Eric Stephens: a director of Enterprise Architecture at Oracle Derek Sharpe: director of Oracle’s Fusion Middleware Architecture Team The Conversation Listen to Part 1: Meeting the Mobile Challenge The conversation focuses on Oracle ADF Mobile and the challenges of defining a mobile strategy for the enterprise. Listen to Part 2: Mobile Security, Availability, and Usability (April 4) The conversation turns to the security, availability, and usability challenges in the evolution of the mobile enterprise. Listen to Part 3 Evolving Software Development Roles (April 11) The panel closes out the discussion with a look at the interplay between developers and architects, and the evolving nature of both roles.

    Read the article

  • Internet Explorer 9 is coming Monday to a web near you

    - by brian_ritchie
    Internet Explorer 9 is finally here...well almost.  Microsoft is releasing their new browser on March 14, 2011. IE9 has a number of improvements, including: Faster, Faster, Faster.  Did I mention it is faster?   With the new browsers coming out from Mozilla, Google, and Microsoft, there have been a flood of speed test coverage.  Chrome has long held the javascript speed crown.  But according to Steven J. Vaughan-Nichols over at ZDNET..."for the moment at least IE9 is actually the fastest browser I’ve tested to date."  He came to this revelation after figuring out that the 32-bit version of IE9 has the new Chakra JIT (the 64-bit version doesn't).  It also has a DirectX-based rendering engine so it can do cool tricks once reserved for desktop applications. Windows 7 Desktop Integration.  Read my post for more details.  Unfortantely, they didn't integrate my ideas...at least not yet :) Hot new UI.  Ok, they "borrowed" some ideas from Chrome...but that is the best form of flattery. Standards Compliance.  A real focus on HTML5 and CSS3.  Definite goodness for developers. So, go get yourself some IE9 on Monday and enjoy! 

    Read the article

  • Best peer-to-peer game architecture

    - by Dejw
    Consider a setup where game clients: have quite small computing resources (mobile devices, smartphones) are all connected to a common router (LAN, hotspot etc) The users want to play a multiplayer game, without an external server. One solution is to host an authoritative server on one phone, which in this case would be also a client. Considering point 1 this solution is not acceptable, since the phone's computing resources are not sufficient. So, I want to design a peer-to-peer architecture that will distribute the game's simulation load among the clients. Because of point 2 the system needn't be complex with regards to optimization; the latency will be very low. Each client can be an authoritative source of data about himself and his immediate environment (for example bullets.) What would be the best approach to designing such an architecture? Are there any known examples of such a LAN-level peer-to-peer protocol? Notes: Some of the problems are addressed here, but the concepts listed there are too high-level for me. Security I know that not having one authoritative server is a security issue, but it is not relevant in this case as I'm willing to trust the clients. Edit: I forgot to mention: it will be a rather fast-paced game (a shooter). Also, I have already read about networking architectures at Gaffer on Games.

    Read the article

  • Oracle Identity Management 11gR2 Live Event - New York

    - by Tanu Sood
      Are you in New York or the vicinity on September 6? If so, come join Amit Jasuja, Senior Vice President, Security and Identity Management at Oracle as he discusses the evolution of Oracle identity Management solutions and the business drivers (and industry trends) behind those. You have heard about some of the new experiences delivered with the latest release of Oracle Identity Management - simplified user experience, enhanced security and seamless enablement for secure cloud and mobile environments. Now come see it in action and hear what customers, your peers, are saying about their implementations. This forum will also be a great opportunity for you to connect directly with technology experts and network with industry professionals. There is still time left to register so book your space today. Registration details as well as the agenda for the day can be found here. We look forward to hosting you on Thursday, September 6th. Oracle Identity Management 11gR2 Live Event – New York Thursday, September 6, 2012 Oracle NYC Office 101 Park Avenue 4th Floor New York, NY 10178 Register Here Not in NY on Sep 6? Find an event near you in North America.

    Read the article

  • What advantages does developing applications for smartphones have over developing the same application as a web application?

    - by Alfredo O
    Let's take the Facebook application as an example. Why did they develop an application when the users could just access to their page and do the same? For me that represents more maintenance and more cost because for each feature added to the web application that feature will have to be added to the smartphone application as well. So why would I want to develop more than once (for each patform iOS, Android, etc) when I could just have one web application? What benefits do I get? The only one that comes to my mind is GPS feature. EDIT: My question is more oriented towards business applications that are going to be used only by some members of the company, it's not about selling the application (private use). So contrary to what some answers say about that by developing as a smartphone application it will benefit from more sells because of the "smartphone stores" for me this point is not important because the application is for private use. By developing the application as a web application it means that it can be accessed through smartphone browser and also in a PC (any capable browser), but developing as a native application would limit this to only some kind of smartphone so we would be limiting the use. On the other hand developing it as a web application means that in order to access the application an Internet connection must be available. So keeping this in mind how would you convince your boss to write the application for a given smartphone platform (iOS/Android) vs developing it as a web application?

    Read the article

  • Hurry! See the uncensored OOW videos before they get edited!

    - by rickramsey
    source Uploaded so far: Which Oracle Solaris 11 Technologies Have Sysadmins Been Using Most? Director's Cut - Uncensored - Markus Flierl, VP Solaris Core Engineering, describes how Oracle Solaris 11 customers are taking advantage of the Image Packaging System and the snapshot capability of ZFS to run more frequent updates of not only the OS, but also the applications (agile development, anyone?), and how they're using the network virtualization capabilities in Oracle Solaris 11 to isolate applications and manage workloads on the cloud. Watch How Hybrid Columnar Compression Saves Storage Space Director's Cut - Uncensored - Art Licht shows how hyprid columnar compression (HCC) compresses data 30x without slowing down other queries that the database is performing. First he shows what happens when he runs database queries without HCC, then he shows what happens when he runs the queries with HCC. Security Capabilities and Design in Oracle Solaris 11 Director's Cut - Uncensored - Compliance reporting. Extended policy. Immutable zones. Three of the best minds in Oracle Solaris security explain what they are, what customers are doing with them, and how they were engineered. Filmed at Oracle Open World 2012. Why DTrace and Ksplice Have Made Oracle Linux 6 Popular with Sysadmins Use the DTrace scripts you wrote for Oracle Solaris on Oracle Linux without modification. Wim Coekaerts, VP of Engineering for Oracle Linux, explains how this capability of DTrace, the zero downtime updates enabled by KSplice, and other performance and stability enhancements have made Oracle Linux 6 popular with sysadmins. Why Solaris 11 Is Being Adopted Faster Than Solaris 10 Sneak Preview - Uncut Version - Lynn Rohrer, Director of Oracle Solaris Product Management explains why customers are adopting Oracle Solaris 11 at a faster rate than Oracle Solaris 10, and proves why you should never challenge a Montana woman to a test of strength. What Forsythe Corp Is Helping Its Customers Do With Oracle Solaris 11 Director's Cut - Unedited - Lee Diamante, Solutions Architect for Forsythe Corp, an Oracle Solaris Partner, explains why Forsythe has been recommending Oracle Solaris to its customers, and what those customers have been doing with it. Lots more to come ... - Rick Website Newsletter Facebook Twitter

    Read the article

  • What are the hard and fast rules for Cache Control?

    - by Metalshark
    Confession: sites I maintain have different rules for Cache Control mostly based on the default configuration of the server followed up with recommendations from the Page Speed & Y-Slow Firefox plug-ins and the Network Resources view in Google's Speed Tracer. Cache-Control is set to private/public depending on what they say to do, ETag's/Last-Modified headers are only tinkered with if Y-Slow suggests there is something wrong and Vary-Accept-Encoding seems necessary when manually gziping files for Amazon CloudFront. When reading through the material on the different options and what they do there seems to be conflicting information, rules for broken proxies and cargo cult configurations. Any of the official information provided by the analysis tools mentioned above is quite inaccessible as it deals with each topic individually instead of as a unified strategy (so there is no cross-referencing of techniques). For example, it seems to make no sense that the speed analysis tools rate a site with ETag's the same as a site without them if they are meant to help with caching. What are the hard and fast rules for a platform agnostic Cache Control strategy? EDIT: A link through Jeff Atwood's article explains Caching in superb depth. For the record though here are the hard and fast rules: If the file is Compressed using GZIP, etc - use "cache-control: private" as a proxy may return the compressed version to a client that does not support it (the browser cache will hold files marked this way though). Also remember to include a "Vary: Accept-Encoding" to say that it is compressible. Use Last-Modified in conjunction with ETag - belt and braces usage provides both validators, whilst ETag is based on file contents instead of modification time alone, using both covers all bases. NOTE: AOL's PageTest has a carte blanche approach against ETags for some reason. If you are using Apache on more than one server to host the same content then remove the implicitly declared inode from ETags by excluding it from the FileETag directive (i.e. "FileETag MTime Size") unless you are genuinely using the same live filesystem. Use "cache-control: public" wherever you can - this means that proxy servers (and the browser cache) will return your content even if the rest of the page needs HTTP authentication, etc.

    Read the article

  • Configuring permissions with Bastille

    - by Lucio
    I was using Bastille to improve the security of OS and I found the next question there I don't know if I should answer for YES or NOT: Questions: Would you like to set more restrictive permissions on the administration utilities? Explanation: In general, the default file permissions set by most vendors are fairly secure. To make them more secure, though, you can remove non-root user access to some administrator functions. If you choose this option, you'll be changing the permissions on some common system administration utilities so that they're not readable or executable by users other than root. These utilities (which include linuxconf, fsck, ipconfig, runlevel and portmap) are ones that most users could never have a need to access. This option will increase your system security, but there's a chance it will inconvenience your users. My users: When I installed Ubuntu I had create a user (admin), then I was able to create another user (people) but I cannot change the permissions of this user. Questions: The user there I am using like admin it's not the root, right? The effects of this option will affect to the two users (admin & people) or just to people?

    Read the article

  • Hello PCI Council, are you listening?

    - by David Dorf
    Mention "PCI" to any retailer and you'll instantly see them take a deep breath and start looking for the nearest exit.  Nobody wants to be insecure, but few actually believe that PCI does anything more than focus blame directly on retailers.  I applaud PCI for making retailers more aware of the importance of security, but did you have to make them PAINFULLY aware?  POS vendors aren't immune to this pain either as we have to undergo lengthy third-party audits in addition to the internal secure programming programs.  There's got to be a better way. There's a timely article over at StorefrontBacktalk that discusses the inequity of PCI's rules, and also mentions that the PCI Council is accepting comments until April 15th. As a vendor, my biggest issue with PCI is that they require vendors to disclose the details of any breaches, in effect "ratting out" customers.  I don't think its a vendor's place to do this.  I'd rather have the trust of my customers so we can jointly solve the problem. Mary Ann Davidson, Oracle's Chief Security Officer, has an interesting blog posting on this very topic.  Its a bit of a long read, but I found it very entertaining and thought-provoking.  Here's an excerpt: ...heading up the list of “you must be joking” regulations are recent disturbing developments in the Payment Card Industry (PCI) world. I’d like to give [the] PCI kahunas the benefit of the doubt about their intentions, except that efforts by Oracle among others to make them aware of “unfortunate side effects of your requirements” – which is as tactful I can be for reasons that I believe will become obvious below - have gone, to-date, unanswered and more importantly, unchanged. I encourage you to read the entire posting, Pain Comes Instantly, and then provide feedback to the PCI Council.

    Read the article

  • Bundling in visual studio 2012 for web optimization

    - by Jalpesh P. Vadgama
    I have been writing a series of posts about Visual Studio 2012 features. This series describes what are the new features in the Visual Studio 2012. This post will also be part of Visual Studio 2012 feature series. As we know now days web applications or site are providing more and more features and due to that we have include lots of JavaScript and CSS files in our web application.So once we load site then we will have all the JavaScript  js files and CSS files loaded in the browsers and If you have lots of JavaScript files then its consumes lots of time when browser request them. Following images show the same situation over there.   Here you can see total 25 files loaded into the system and it's almost more than 1MB of total size. As we need to have our web application of site very responsive and need to have high performance application/site, this will be a performance bottleneck to our site. In situation like this, the bundling feature of Visual Studio 2012 and ASP.NET 4.5 comes very handy. With the help of this feature we do optimization there and we can increase performance of our application. To enable this feature in Visual Studio 2012 we just made debug=”false” in web.config of our application like following. Now once you enable this feature and run this application in the browser to see your traffic it will have less items like following. As you can see in the above image there are only 8 items. So after enabling bundling it will automatically convert all js and css files into the one request. Isn’t that cool feature? This feature will surely going to have great impact on performance. Hope you like it. Stay tuned for more.. Till then happy programming!!

    Read the article

  • Secunia Personal Software Inspector (PSI) 2.0

    - by TATWORTH
    Secunia Personal Software Inspector is now available in a updated version that is free for personnal use. The home page says "The Secunia PSI is aFREE security tool designed to detectvulnerable andout-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular" among criminals. The only solution to block these kind of attacks is to apply security updates, commonly referred to as patches. Patches are offered free-of-charge by most software vendors, however, finding all these patches is a tedious and time consuming task. Secunia PSI automates this and alerts you when your programs and plug-ins require updating to stay secure. Download the Secunia PSI now and secure your PC today - free-of-charge." I have used this for some time on my home PC and have found it to be very useful in identifying required updates. I use Google Chrome but I found that whenever a new version is issued, the old version is not de-installed. Secunia PSI helps me to locate them and get rid of them.

    Read the article

  • How to schedule time-of-day upgrades

    - by Richard
    Hello, I'm responsible for about 30 Ubuntu computers at a private K-8 school. We have only a 3Mbps internet connection serving the entire campus, and I would like to ensure that updates are done in the middle of the night - so that daytime tasks are not slowed down. I'm using Ubuntu 10.04, and have set all computers to download and install security updates via the update manager. I have also installed cron-apt, and modified the config file to stagger the start times of the upgrades from about 10pm to 4am local time. HOWEVER - this morning I arrived at the school at 7:30am and all the computers were busy downloading a large security based update. Needless to say, all internet activity was slowed to a crawl (for the next 2 hours), and the computer users were very very upset. This was the event I'm trying so hard to prevent. It seems that my scheme to ensure middle of the night downloads failed, and I'm not sure why. I've also tried some schemes using unattended-upgrades & crontab, but there always seemed to be something scheduling upgrades to occur in addition to the ones I try to force at middle of the night. Is there a sure fire way to absolutely positively guarantee that updates will occur only at one specific time? It would be nice if the update manager just had a drop down menu to specify a designated time. Thanks in advance for any help you can give me.

    Read the article

  • Exalogic Elastic Cloud Software (EECS) version 2.0.1 available

    - by JuergenKress
    We are pleased to announce that as of today (May 14, 2012) the Exalogic Elastic Cloud Software (EECS) version 2.0.1 has been made Generally Available. This release is the culmination of over two and a half years of engineering effort from an extended team spanning 18 product development organizations on three continents, and is the most powerful, sophisticated and comprehensive Exalogic Elastic Cloud Software release to date. With this new EECS release, Exalogic customers now have an ideal platform for not only high-performance and mission critical applications, but for standardization and consolidation of virtually all Oracle Fusion Middleware, Fusion Applications, Application Unlimited and Oracle GBU Applications. With the release of EECS 2.0.1, Exalogic is now capable of hosting multiple concurrent tenants, business applications and middleware deployments with fine-grained resource management, enterprise-grade security, unmatched manageability and extreme performance in a fully virtualized environment. The Exalogic Elastic Cloud Software 2.0.1 release brings important new technologies to the Exalogic platform: Exalogic is now capable of hosting multiple concurrent tenants, business applications and middleware deployments with fine-grained resource management, enterprise-grade security, unmatched manageabi! lity and extreme performance in a fully virtualized environment. Support for extremely high-performance x86 server virtualization via a highly optimized version of Oracle VM 3.x. A rich, fully integrated Infrastructure-as-a-Service management system called Exalogic Control which provides graphical, command line and Java interfaces that allows Cloud Users, or external systems, to create and manage users, virtual servers, virtual storage and virtual network resources. Webcast Series: Rethink Your Business Application Deployment Strategy Redefining the CRM and E-Commerce Experience with Oracle Exalogic, 7-Jun@10am PT & On-Demand: ‘The Road to a Cloud-Enabled, Infinitely Elastic Application Infrastructure’ (featuring Gartner Analysts). WebLogic Partner Community For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: ExaLogic Elastic Cloud,ExaLogic,WebLogic,WebLogic Community,Oracle,OPN,Jürgen Kress,ExaLogic 2.0.1

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 389 390 391 392 393 394 395 396 397 398 399 400  | Next Page >