Search Results

Search found 18808 results on 753 pages for 'security updates'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 40/753 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >

  • yum security update - message indicating kernel version not up to date

    - by JMC
    Running yum --security check-update returns this message: Security: kernel-3.x.x-x.63 is an installed security update Security: kernel-3.x.x-x.29 is the currently running version I already ran the yum security update on the kernel, but it looks like it didn't change the version running on the system. What needs to be done to make it run the new kernel? Are there any concerns about why it didn't change during the installation process? The yum log just shows installed for the new kernel no error messages.

    Read the article

  • WSUS Updates - Best Practice

    - by What'sTheStoryWishBone
    We have an isolated enviornment of a few hundred servers in which we use WSUS to push updates too. We have thousands of updates which to manage and push to devices testing along the way to ensure the update will not break anything. What are the best practices that you all follow in your enteprise networks to ensure an update does not go out to all the machines that will break something? We currently have ours broken into customized groups for each type of machine. There is one "Test Group" which has one PC of each type which we apply updates to for error checking. Is this a similar procedure others follow or is their an easier safer way to manage the thousands of WSUS updates?

    Read the article

  • Stop windows resuming from hibernation to install automatic updates

    - by swref
    I always hibernate my work (Windows 7, x64) laptop when leaving for the night. Sometimes when I come in again in the morning, the laptop is powered up and there's a message telling me that new updates have been installed. (I've changed the registry so automatic updates don't force a reboot.) I'm happy to have Windows apply updates automatically, but I don't want it to resume from hibernation to do so. How can I stop this behaviour so I'm not wasting electricity?

    Read the article

  • Remotely initiate windows updates

    - by TetraFlash
    I have a network with countless workstations on it and the windows updates are done through WSUS in push cycles to allow us to use a generic image and configuration and avoid network congestion. I have a number of workstations in storage that are connected once a month for a few days to recieve updates, however not all of them fall within their push cycle. I want to avoid going to each machine and clicking "check updates" as that would require me to connect a monitor, mouse and keyboard. Is there a way (preferably through powershell but im open minded) to initiate a check and install of updates on a remote system? Lets say for 1 system at a time right now, I can add a file reader and a look later. NOTE: the configuration of the WSUS server is above my pay grade, im simply being asked to ensure these machines are updated. Thanks for any help or hints

    Read the article

  • What security changes are necessary when connecting DSL modem directly to PC instead of router?

    - by Mike B
    Windows XP I have a user with a single PC that was connected to the internet via a standard home router. The router is now having hardware-related issues and to save money, they're considering connecting the PC directly to the DSL modem since they don't need to share the internet connection or need wireless functionality. If they decide to do that, I'm concerned that this will introduce additional security concerns. Is the Windows Firewall sufficient and Microsoft Security Essentials sufficient for protecting a computer directly connected to a DSL Modem? Or is other security software needed here? Ideally, I'd like to avoid having third-party firewall software constantly bringing up alerts and asking them to approve everything. Also, just to clarify, their use cases are just internet browsing and email.

    Read the article

  • How to sanely configure security policy in Tomcat 6

    - by Chas Emerick
    I'm using Tomcat 6.0.24, as packaged for Ubuntu Karmic. The default security policy of Ubuntu's Tomcat package is pretty stringent, but appears straightforward. In /var/lib/tomcat6/conf/policy.d, there are a variety of files that establish default policy. Worth noting at the start: I've not changed the stock tomcat install at all -- no new jars into its common lib directory(ies), no server.xml changes, etc. Putting the .war file in the webapps directory is the only deployment action. the web application I'm deploying fails with thousands of access denials under this default policy (as reported to the log thanks to the -Djava.security.debug="access,stack,failure" system property). turning off the security manager entirely results in no errors whatsoever, and proper app functionality What I'd like to do is add an application-specific security policy file to the policy.d directory, which seems to be the recommended practice. I added this to policy.d/100myapp.policy (as a starting point -- I would like to eventually trim back the granted permissions to only what the app actually needs): grant codeBase "file:${catalina.base}/webapps/ROOT.war" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/lib/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/classes/-" { permission java.security.AllPermission; }; Note the thrashing around attempting to find the right codeBase declaration. I think that's likely my fundamental problem. Anyway, the above (really only the first two grants appear to have any effect) almost works: the thousands of access denials are gone, and I'm left with just one. Relevant stack trace: java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat6/webapps/ROOT/WEB-INF/classes/com/foo/some-file-here.txt read) java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) java.security.AccessController.checkPermission(AccessController.java:546) java.lang.SecurityManager.checkPermission(SecurityManager.java:532) java.lang.SecurityManager.checkRead(SecurityManager.java:871) java.io.File.exists(File.java:731) org.apache.naming.resources.FileDirContext.file(FileDirContext.java:785) org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:206) org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:299) org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1937) org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:973) org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1108) java.lang.ClassLoader.getResource(ClassLoader.java:973) I'm pretty convinced that the actual file that's triggering the denial is irrelevant -- it's just some properties file that we check for optional configuration parameters. What's interesting is that: it doesn't exist in this context the fact that the file doesn't exist ends up throwing a security exception, rather than java.io.File.exists() simply returning false (although I suppose that's just a matter of the semantics of the read permission). Another workaround (besides just disabling the security manager in tomcat) is to add an open-ended permission to my policy file: grant { permission java.security.AllPermission; }; I presume this is functionally equivalent to turning off the security manager. I suppose I must be getting the codeBase declaration in my grants subtly wrong, but I'm not seeing it at the moment.

    Read the article

  • Windows Security Videos auf Channel 9

    - by Your DisplayName here!
    Ich habe vor ein paar Wochen mit Lori drei Videos zum Thema Windows Security für Entwickler aufgenommen – die sind nun Online. Der erste Teil beschäftigt sich mit den absoluten Grundlagen der Windows Sicherheit. Was ist ein Konto? Was ist eine SID? Was ist ein Windows Token? Weiterhin wird gezeigt, wie sich diese grundlegenden Windows Einrichtungen über Managed Code anprogrammieren lassen. Der Vortrag endet mit einem kleinen Einblick in die Vorgehensweise von UAC, und wie dieses programmatisch verwendet werden kann. http://channel9.msdn.com/Blogs/Lori/Windows-Security-fr-Developers-Teil-1 Teil zwei beschäfitgt sich mit Zugriffs-Kontrolllisten, und wie diese mit .NET Code gelesen und geschrieben werden können. Weiterhin werden die beiden verwandten Konzepte Logon Session und Impersonierung besprochen. Beide Einrichtungen erzeugen einen neuen Token, sind aber grundlegend verschieden in ihren Einsatzgebieten. http://channel9.msdn.com/Blogs/Lori/Windows-Security-fr-Developers-Teil-2 Teil drei stellt das Kerberos Netzwerk-Authentifizierungsprotokoll vor. Da dieses Protokoll standardmäßig in Active Directory verwendet wird, sollten man es in den Grundzügen kennen. Natürlich kann auch Kerberos aus Managed Code verwendet werden – die abschließende Demo zeigt wie dies funktioniert. http://channel9.msdn.com/Blogs/Lori/Windows-Security-fr-Developers-Teil-3 …und noch ein kleines Interview http://channel9.msdn.com/Blogs/Lori/Interview-mit-Dominick-Baier Viel Spaß ;)

    Read the article

  • Pella Increases Online Appointment Scheduling and Rapidly Personalizes and Updates Marketing Initiatives

    - by Michael Snow
    Originally posted on Oracle Customers page.Oracle Customer: Pella CorporationLocation:  Pella, IowaIndustry: Industrial Manufacturing Employees:  7,100 Pella Corporation is an innovative leader in creating a better view for homes and businesses by designing, testing, manufacturing, and installing quality windows and doors for new construction, remodeling, and replacement applications. A family-owned company, Pella has an 88-year history of innovation and, today, is the second-largest manufacturer in the country of windows and doors, including patio, entry, and storm doors. The company has 10 manufacturing facilities in United States and window and door showrooms across the United States and Canada. In-home consultations are an important part of Pella’s sales process. Several years ago, the company launched an online appointment scheduling tool to improve customer convenience. While the functionality worked well, the company wanted to increase online conversion rates and decrease the number of incomplete, online appointment schedules. It also wanted to give its business analysts and other line-of-business personnel the ability to update the scheduling tool and interface quickly, without needing IT team intervention and recoding, to better capitalize on opportunities and personalize the interface for specific markets. Pella also looked to reduce IT complexity by selecting a system that integrated easily with its Oracle E-Business Suite Release 12.1 enterprise applications.Pella, which has a large Oracle footprint, selected Oracle WebCenter Sites as the foundation for its new, real-time appointment scheduling application. It used the solution to re-engineer the scheduling process and the information required to set up an appointment. Just a few months after launch, it is seeing improvement in the number of appointments booked online and experiencing fewer abandoned appointments during the scheduling process. As important, Pella can now quickly and easily make changes to images, video, and content displayed on the scheduling tool interface, delivering greater business agility. Previously, such changes required a developer and weeks of coding and testing. Today, a member of Pella’s business analyst team can complete the changes in hours. This capability enables Pella to personalize the Web experience for customers. For example, it can display different products or images for clients in different regions.The solution is also highly scalable. Pella is using Oracle WebCenter Sites for appointment scheduling now and plans to migrate Pella.com, its configurator tool, and dealer microsites onto the platform. Further, Pella plans to leverage the solution to optimize mobile devices. “Moving ahead, we expect to extensively leverage Oracle WebCenter Sites to gain greater flexibility in updating the Web experience, thanks to the ability to make updates quickly without developer resources. Segmentation and targeting capabilities will allow us to create a more personalized experience across both traditional and mobile platforms,” said Teri Lancaster, IT manager, customer experience applications, Pella Corporation. A word from Pella Corporation "Oracle WebCenter Sites?from the start?delivered important benefits. We’ve redesigned the online scheduling process and are seeing more potential customers completing consultation bookings online. More important, the solution opens a world of other possibilities as we plan to migrate Pella.com and our dealer microsites to the platform, and leverage it to optimize the Web experience for our mobile devices.” – Teri Lancaster, IT Manager, Customer Experience Applications, Pella Corporation Oracle Product and Services Oracle WebCenter Sites Why Oracle Pella has a long-standing relationship with Oracle. “We look to Oracle first for a solution. Our Oracle account team came to us with several solutions, and Oracle WebCenter Sites delivered the scalability, ease-of-use, flexibility, and scalability that we required for the appointment scheduling initiative and other Web projects on the horizon, including migrating Pella.com and optimizing our site for mobile platforms,”said Teri Lancaster, IT manager, customer experience applications, Pella Corporation. Implementation Process The Pella implementation team, working with Oracle partner Element Solutions, LLC, integrated the appointment setting application with Pella.com as well as the company’s Oracle E-Business Suite customer relationship management applications. Using Oracle WebCenter Site’s development tools and subversion capabilities to develop the application, the Element Solutions and Pella teams could work remotely and collaboratively, accelerating deployment. Pella went live with the new scheduling tool in just six months. Partner Oracle PartnerElement Solutions, LLC Element Solutions was instrumental at every major stage of the project, including design creation and approval, development, training, and rollout. “Element Solutions was a vital partner for our Oracle WebCenter Sites initiative. The team provided guidance, and more important, critical knowledge transfer at every stage?which equipped us to get the most out of this powerful and versatile solution. We were definitely collaboration partners,” Lancaster said. Resources Pella Corporation Upgrades Enterprise Applications to Continue to Improve Manufacturing Efficiency Thousands of Customers Successfully and Smoothly Upgrade to Oracle E-Business Suite 12.1 for New Functionality, Lower Operating Costs and Improved Shared Operations Managing the Virtual World

    Read the article

  • Oracle JDK 7u10 released with new security features

    - by Henrik Stahl
    A few days ago, we released JRE and JDK 7 update 10. This release adds support for the following new platforms: Windows 8 on x86-64. Note that Modern UI (aka Metro) mode is not supported. Internet Explorer 10 on Windows 8. Mac OS X 10.8 (Mountain Lion) This release also introduces new features that provide enhanced security for Java applet and webstart applications, specifically: The Java runtime tracks if it is updated to the latest security baseline. If you try to execute an unsigned applet with an outdated version of Java, a warning dialog will prompt you to update before running the applet. The Java runtime includes a hardcoded best before date. It is assumed that a new version will be released before this date. If the client has not been able to check for an update prior to this date, the Java runtime will assume that it is insecure and start warning the user prior to executing any applets. The Java control panel now includes an option to set the desired security level on a low-medium-high-very high scale, as well as an option to disable Java applets and webstart entirely. This level controls things such as if the Java runtime is allowed to execute unsigned code, and if so what type of warning will be displayed to the user. More details on the security settings can be found in the documentation. See below for a sample screenshot. The new update of the JRE and the JDK are available via OTN. To learn more about the release please visit the release notes.

    Read the article

  • Updates broke my themes/shell [Ubuntu 12.04 running Gnome 3 ]

    - by APNW
    I am running gnome-session 3.4.2.1. After the latest updates (listed below) my theme regressed to what looks like tango - not sure. Am unable to change it using Gnome-tweak tool or the display settings. I am also unable to change the wallpaper. Here's what it looks like: Synaptic: Chromium and this is the wallpaper page even though I have selected the wallpaper, it actually does not change. This same problem occurred on my personal computer, and one other computer I have, all running the same software/config. The interesting thing is that while Gnome 3 and Unity are affected, Cinnamon is not. What I've done so far: purged and re-installed both gnome 3 and Unity- no change noted. So, how do I fix this? Thanks Here's the installation log: Start-Date: 2013-11-07 12:01:28 Upgrade: chromium-browser-l10n:i386 (28.0.1500.71-0ubuntu1.12.04.1, 30.0.1599.114-0ubuntu0.12.04.3), libswscale2:i386 (0.8.6-0ubuntu0.12.04.1, 0.8.8-0ubuntu0.12.04.1), chromium-codecs-ffmpeg:i386 (28.0.1500.71-0ubuntu1.12.04.1, 30.0.1599.114-0ubuntu0.12.04.3), chromium-browser:i386 (28.0.1500.71-0ubuntu1.12.04.1, 30.0.1599.114-0ubuntu0.12.04.3), libpostproc52:i386 (0.8.6-0ubuntu0.12.04.1, 0.8.8-0ubuntu0.12.04.1), libavcodec-extra-53:i386 (0.8.6ubuntu0.12.04.1, 0.8.8ubuntu0.12.04.1), libavformat53:i386 (0.8.6-0ubuntu0.12.04.1, 0.8.8-0ubuntu0.12.04.1), libavutil-extra-51:i386 (0.8.6ubuntu0.12.04.1, 0.8.8ubuntu0.12.04.1) End-Date: 2013-11-07 12:02:00 Start-Date: 2013-11-07 17:32:55 Commandline: aptdaemon role='role-commit-packages' sender=':1.136' Install: libmusicbrainz5-0:i386 (5.0.1-2~precise2), udisks2:i386 (1.98.0-1~precise1), libclutter-gst-1.0-0:i386 (1.5.4-0ubuntu2), libudisks2-0:i386 (1.98.0-1~precise1), cinnamon-session-common:i386 (2.0.4-20131105043005-precise), librhythmbox-core6:i386 (2.97-1ubuntu1~precise1), gcr:i386 (3.4.1-3~precise1), libcluttergesture-0.0.2-0:i386 (0.0.2.1-2ubuntu3), libmx-1.0-2:i386 (1.4.3-0ubuntu1), guile-2.0-libs:i386 (2.0.5+1-1), libclutter-imcontext-0.1-0:i386 (0.1.4-2build1), libnatpmp1:i386 (20110808-3ubuntu1) Upgrade: gnome-keyring:i386 (3.2.2-2ubuntu4.1, 3.4.1-4ubuntu1~precise1), cinnamon:i386 (2.0.6-20131026040307-precise, 2.0.10-20131105040309-precise), gir1.2-muffin-3.0:i386 (2.0.3-20131023003029-precise, 2.0.3-20131105003012-precise), gir1.2-totem-1.0:i386 (3.0.1-0ubuntu21.1, 3.4.3-0ubuntu1~precise1), nemo:i386 (2.0.2-20131023010018-precise, 2.0.5-20131105010007-precise), aisleriot:i386 (3.2.3.2-0ubuntu1, 3.4.1-1~precise1), procps:i386 (3.2.8-11ubuntu6.2, 3.2.8-11ubuntu6.3), libcinnamon-desktop0:i386 (2.0.2-20131025011504-precise, 2.0.3-20131105011505-precise), libgck-1-0:i386 (3.2.2-2ubuntu4.1, 3.4.1-3~precise1), totem-plugins:i386 (3.0.1-0ubuntu21.1, 3.4.3-0ubuntu1~precise1), cinnamon-desktop-data:i386 (2.0.2-20131025011504-precise, 2.0.3-20131105011505-precise), rhythmbox:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), libgcr-3-1:i386 (3.2.2-2ubuntu4.1, 3.4.1-3~precise1), seahorse:i386 (3.2.2-0ubuntu2.1, 3.4.1-2~precise1), muffin-common:i386 (2.0.3-20131023003029-precise, 2.0.3-20131105003012-precise), totem-common:i386 (3.0.1-0ubuntu21.1, 3.4.3-0ubuntu1~precise1), libtotem0:i386 (3.0.1-0ubuntu21.1, 3.4.3-0ubuntu1~precise1), rhythmbox-data:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), gir1.2-cinnamondesktop-3.0:i386 (2.0.2-20131025011504-precise, 2.0.3-20131105011505-precise), cinnamon-session:i386 (2.0.1-20131021043004-precise, 2.0.4-20131105043005-precise), rhythmbox-mozilla:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), rhythmbox-plugin-zeitgeist:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), libmuffin0:i386 (2.0.3-20131023003029-precise, 2.0.3-20131105003012-precise), cjs:i386 (2.0.0-20131021020602-precise, 2.0.0-20131105020703-precise), rhythmbox-plugin-cdrecorder:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), cinnamon-common:i386 (2.0.6-20131026040307-precise, 2.0.10-20131105040309-precise), gnome-disk-utility:i386 (3.0.2-2ubuntu7, 3.4.1-0ubuntu1~precise1), nemo-fileroller:i386 (2.0.0-20131021020004-precise, 2.0.0-20131105020003-precise), libnemo-extension1:i386 (2.0.2-20131023010018-precise, 2.0.5-20131105010007-precise), rhythmbox-plugins:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), gimp:i386 (2.8.6-0precise1~ppa, 2.8.8-0precise0~ppa), cinnamon-settings-daemon:i386 (2.0.5-20131026004504-precise, 2.0.6-20131105004505-precise), libgimp2.0:i386 (2.8.6-0precise1~ppa, 2.8.8-0precise0~ppa), gir1.2-rb-3.0:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), wpasupplicant:i386 (0.7.3-6ubuntu2.1, 0.7.3-6ubuntu2.2), libcjs0c:i386 (2.0.0-20131021020602-precise, 2.0.0-20131105020703-precise), nemo-data:i386 (2.0.2-20131023010018-precise, 2.0.5-20131105010007-precise), totem:i386 (3.0.1-0ubuntu21.1, 3.4.3-0ubuntu1~precise1), gimp-data:i386 (2.8.6-0precise1~ppa, 2.8.8-0precise0~ppa), transmission-common:i386 (2.51-0ubuntu1.3, 2.73-0ubuntu1~precise1), cinnamon-translations:i386 (2.0.1-20131021040407-precise, 2.0.1-20131105040807-precise), totem-mozilla:i386 (3.0.1-0ubuntu21.1, 3.4.3-0ubuntu1~precise1), rhythmbox-plugin-magnatune:i386 (2.96-0ubuntu4.3, 2.97-1ubuntu1~precise1), transmission-gtk:i386 (2.51-0ubuntu1.3, 2.73-0ubuntu1~precise1) End-Date: 2013-11-07 17:34:40

    Read the article

  • Data Source Security Part 3

    - by Steve Felts
    In part one, I introduced the security features and talked about the default behavior.  In part two, I defined the two major approaches to security credentials: directly using database credentials and mapping WLS user credentials to database credentials.  Now it's time to get down to a couple of the security options (each of which can use database credentials or WLS credentials). Set Client Identifier on Connection When "Set Client Identifier" is enabled on the data source, a client property is associated with the connection.  The underlying SQL user remains unchanged for the life of the connection but the client value can change.  This information can be used for accounting, auditing, or debugging.  The client property is based on either the WebLogic user mapped to a database user using the credential map Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} or is the database user parameter directly from the getConnection() method, based on the “use database credentials” setting described earlier. To enable this feature, select “Set Client ID On Connection” in the Console.  See "Enable Set Client ID On Connection for a JDBC data source" http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/EnableCredentialMapping.html in Oracle WebLogic Server Administration Console Help. The Set Client Identifier feature is only available for use with the Oracle thin driver and the IBM DB2 driver, based on the following interfaces. For pre-Oracle 12c, oracle.jdbc.OracleConnection.setClientIdentifier(client) is used.  See http://docs.oracle.com/cd/B28359_01/network.111/b28531/authentication.htm#i1009003 for more information about how to use this for auditing and debugging.   You can get the value using getClientIdentifier()  from the driver.  To get back the value from the database as part of a SQL query, use a statement like the following. “select sys_context('USERENV','CLIENT_IDENTIFIER') from DUAL”. Starting in Oracle 12c, java.sql.Connection.setClientInfo(“OCSID.CLIENTID", client) is used.  This is a JDBC standard API, although the property values are proprietary.  A problem with setClientIdentifier usage is that there are pieces of the Oracle technology stack that set and depend on this value.  If application code also sets this value, it can cause problems. This has been addressed with setClientInfo by making use of this method a privileged operation. A well-managed container can restrict the Java security policy grants to specific namespaces and code bases, and protect the container from out-of-control user code. When running with the Java security manager, permission must be granted in the Java security policy file for permission "oracle.jdbc.OracleSQLPermission" "clientInfo.OCSID.CLIENTID"; Using the name “OCSID.CLIENTID" allows for upward compatible use of “select sys_context('USERENV','CLIENT_IDENTIFIER') from DUAL” or use the JDBC standard API java.sql.getClientInfo(“OCSID.CLIENTID") to retrieve the value. This value in the Oracle USERENV context can be used to drive the Oracle Virtual Private Database (VPD) feature to create security policies to control database access at the row and column level. Essentially, Oracle Virtual Private Database adds a dynamic WHERE clause to a SQL statement that is issued against the table, view, or synonym to which an Oracle Virtual Private Database security policy was applied.  See Using Oracle Virtual Private Database to Control Data Access http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm for more information about VPD.  Using this data source feature means that no programming is needed on the WLS side to set this context; it is set and cleared by the WLS data source code. For the IBM DB2 driver, com.ibm.db2.jcc.DB2Connection.setDB2ClientUser(client) is used for older releases (prior to version 9.5).  This specifies the current client user name for the connection. Note that the current client user name can change during a connection (unlike the user).  This value is also available in the CURRENT CLIENT_USERID special register.  You can select it using a statement like “select CURRENT CLIENT_USERID from SYSIBM.SYSTABLES”. When running the IBM DB2 driver with JDBC 4.0 (starting with version 9.5), java.sql.Connection.setClientInfo(“ClientUser”, client) is used.  You can retrieve the value using java.sql.Connection.getClientInfo(“ClientUser”) instead of the DB2 proprietary API (even if set setDB2ClientUser()).  Oracle Proxy Session Oracle proxy authentication allows one JDBC connection to act as a proxy for multiple (serial) light-weight user connections to an Oracle database with the thin driver.  You can configure a WebLogic data source to allow a client to connect to a database through an application server as a proxy user. The client authenticates with the application server and the application server authenticates with the Oracle database. This allows the client's user name to be maintained on the connection with the database. Use the following steps to configure proxy authentication on a connection to an Oracle database. 1. If you have not yet done so, create the necessary database users. 2. On the Oracle database, provide CONNECT THROUGH privileges. For example: SQL> ALTER USER connectionuser GRANT CONNECT THROUGH dbuser; where “connectionuser” is the name of the application user to be authenticated and “dbuser” is an Oracle database user. 3. Create a generic or GridLink data source and set the user to the value of dbuser. 4a. To use WLS credentials, create an entry in the credential map that maps the value of wlsuser to the value of dbuser, as described earlier.   4b. To use database credentials, enable “Use Database Credentials”, as described earlier. 5. Enable Oracle Proxy Authentication, see "Configure Oracle parameters" in Oracle WebLogic Server Administration Console Help. 6. Log on to a WebLogic Server instance using the value of wlsuser or dbuser. 6. Get a connection using getConnection(username, password).  The credentials are based on either the WebLogic user that is mapped to a database user or the database user directly, based on the “use database credentials” setting.  You can see the current user and proxy user by executing: “select user, sys_context('USERENV','PROXY_USER') from DUAL". Note: getConnection fails if “Use Database Credentials” is not enabled and the value of the user/password is not valid for a WebLogic Server user.  Conversely, it fails if “Use Database Credentials” is enabled and the value of the user/password is not valid for a database user. A proxy session is opened on the connection based on the user each time a connection request is made on the pool. The proxy session is closed when the connection is returned to the pool.  Opening or closing a proxy session has the following impact on JDBC objects. - Closes any existing statements (including result sets) from the original connection. - Clears the WebLogic Server statement cache. - Clears the client identifier, if set. -The WebLogic Server test statement for a connection is recreated for every proxy session. These behaviors may impact applications that share a connection across instances and expect some state to be associated with the connection. Oracle proxy session is also implicitly enabled when use-database-credentials is enabled and getConnection(user, password) is called,starting in WLS Release 10.3.6.  Remember that this only works when using the Oracle thin driver. To summarize, the definition of oracle-proxy-session is as follows. - If proxy authentication is enabled and identity based pooling is also enabled, it is an error. - If a user is specified on getConnection() and identity-based-connection-pooling-enabled is false, then oracle-proxy-session is treated as true implicitly (it can also be explicitly true). - If a user is specified on getConnection() and identity-based-connection-pooling-enabled is true, then oracle-proxy-session is treated as false.

    Read the article

  • How to configure a WCF service to only accept a single client identified by a x509 certificate

    - by Johan Levin
    I have a WCF client/service app that relies on secure communication between two machines and I want to use use x509 certificates installed in the certificate store to identify the server and client to each other. I do this by configuring the binding as <security authenticationMode="MutualCertificate"/>. There is only client machine. The server has a certificate issued to server.mydomain.com installed in the Local Computer/Personal store and the client has a certificate issued to client.mydomain.com installed in the same place. In addition to this the server has the client's public certificate in Local Computer/Trusted People and the client has the server's public certificate in Local Computer/Trusted People. Finally the client has been configured to check the server's certificate. I did this using the system.servicemodel/behaviors/endpointBehaviors/clientCredentials/serviceCertificate/defaultCertificate element in the config file. So far so good, this all works. My problem is that I want to specify in the server's config file that only clients that identify themselves with the client.mydomain.com certificate from the Trusted People certificate store are allowed to connect. The correct information is available on the server using the ServiceSecurityContext, but I am looking for a way to specify in app.config that WCF should do this check instead of my having to check the security context from code. Is that possible? Any hints would be appreciated. By the way, my server's config file looks like this so far: <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service name="MyServer.Server" behaviorConfiguration="CertificateBehavior"> <endpoint contract="Contracts.IMyService" binding="customBinding" bindingConfiguration="SecureConfig"> </endpoint> <host> <baseAddresses> <add baseAddress="http://localhost/SecureWcf"/> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="CertificateBehavior"> <serviceCredentials> <serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="server.mydomain.com"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <customBinding> <binding name="SecureConfig"> <security authenticationMode="MutualCertificate"/> <httpTransport/> </binding> </customBinding> </bindings> </system.serviceModel> </configuration>

    Read the article

  • Cannot import resource > "app/config/security.yml" from "/app/config/config.yml"

    - by tirengarfio
    Im getting this error: FileLoaderLoadException: Cannot import resource "app/config/security.yml" from "/app/config/config.yml". The file security.yml is on the right path. This is my security.yml file: jms_sapp/confiapp/config/security.yml secure_all_services: false exprapp/confiapp/config/security.yml security: encoders: Symfony\Component\Security\Core\User\User: plaintext role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: in_memory: memory: users: user: { password: userpass, roles: [ 'ROLE_USER' ] } admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/demo/secured/login$ security: false secured_area: pattern: ^/demo/secured/ form_login: check_path: /demo/secured/login_check login_path: /demo/secured/login logout: path: /demo/secured/logout target: /demo/ #anonymous: ~ #http_basic: # realm: "Secured Demo Area" access_control: #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } #- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }

    Read the article

  • WCF security when it is used with sync services

    - by malik
    I am using following architecture for sync process. http://www.codeproject.com/KB/smart/sync_services.aspx And for server i use WCF service, can anybody guide me how can i secure my wcf service without using certificate that is hosted on IIS. Can i get a way to pass credential or some token to authenticate? I need to authenticate and encrypt the communication, when syncagent call synchronise method.

    Read the article

  • firefox addon security question

    - by rep_movsd
    I'm writing a firefox extension that logs some data and displays the result on a webpage... The webpage fires an event that the extension listens for and the extension can then add data to the page and fire an event back to the page to make it update itself. How do I ensure that the extension always sends data only to my page and not some other? Thanks V

    Read the article

  • Salt, passwords and security

    - by Jonathan
    I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand. You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't someone gain access to the database, look for says the account called Admin or whatever and then work out the password from that?

    Read the article

  • Server Security

    - by mahatmanich
    I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server. What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ... This is what I have so far: iptables (for gen. packet filtering) fail2ban (brute force attack defense) ssh (chang default, port disable root access) modsecurity - is really clumsy and a pain (any alternative here?) ?Sudo why should I use it? what is the advantage to normal user handling thinking about greensql for mysql www.greensql.net is tripwire worth looking at? snort? What am I missing? What is hot and what is not? Best practices? I like "KISS" - Keep it simple secure, I know it would be nice! Thanks in advance ...

    Read the article

  • .net 4.0 with Code Access Security NetFx40_LegacySecurityPolicy won't work

    - by user210903
    Hi- I'm trying to use an external library DevExpress.XtraTreeList.v8.1.dll in my vsto office addin built using VS2010 beta 2. I am getting the following compile time error: DevExpress.Utils.AppareanceObject threw an exception -- System.NotSupportedException. The error message goes on to say that for compatibility reasons I can use the NetFx40_LegacySecurityPolicy switch. I've tried putting this config variable in all of the following locations: 1) my applications config file. 2) C:\Windows\Microsoft.NET\Framework\v4.0.21006\msbuild.exe.config 3) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\dev.exe.config None of these have resolved the problem. Here were the references I've used. re-enable cas msdn.microsoft.com/en-us/library/ee191568(VS.100).aspx How do I get rid of this error so I can build the application in vs 2010?

    Read the article

  • Spring Security 3.0 and Active Directory LDAP: DOMAIN\user login

    - by Bernd Haug
    I would like to have users authenticate against an ActiveDirectory LDAP server using the DOMAIN\user.name syntax. I think that should be possible with SpringSec 3.0 since the docs mention an "alternative syntax" which I guess refers to the DOM\user syntax instead of a bind DN, but the docs don't elaborate further. Is there some way to configure Spring Sec 3 LDAP to use "the MS way" or do I have to write my own Authenticator implementation (against e.g. the java.naming.directory package, which I've tested to be able to use the MS syntax as its SECURITY_PRINCIPAL)?

    Read the article

  • PageMethods security

    - by TenaciousImpy
    Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

    Read the article

  • Python: Dennis Nedry - Security

    - by Peter Nielsen
    Has anyone seen Jurrassic Park where Dennis Nedry has protected the system with an animation that says 'You didn't say the magic word' where after the system goes down. Is it possible to do something similar ikn Python ? To describe it less humoristic: A response screen which waits for a condition fulfilled by the user. And encrypts and locks the system after a certain time. Is that possible on a linux system by the use of Python ?

    Read the article

  • firefox extension security issue

    - by rep_movsd
    I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage. When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics. Now how do I ensure that the extension only puts the (sensitive) data on the right page and not some other malicious one? Thanks V

    Read the article

  • Security for ASP.NET application running on intranet / VPN

    - by Ryan
    Hi, I have an ASP.NET app that sits on our intranet, using the WindowsIdentity to identify the user: WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity; if (wi == null || wi.Name == null) { noAccess("No WindowsIdentity"); return; } string username = wi.Name; if (username.Contains("\\")) username = username.Substring(username.LastIndexOf("\\") + 1); This works fine on our Intranet. However, when users from other offices (separate network, with firewall open) they get a password request input box. Why are they getting the password dialogue? What is the recommended way identify users of the app? I want to avoid using password, but windows identities. Anyone attempting to access the application is inside a trusted network. Thanks a lot for any help Ryan

    Read the article

  • Good Guide For Web App Security?

    - by QAH
    Hello! I am pretty good on making web applications and I know how to transfer data to and from client/server, etc. I need some help though learning how to make the data exchanges more secure. That is the reason why I feel kind of scared to publish any web app I make. I wanted to know what are some good guides to help you understand and learn how to secure data transfer with your web application? Things like better authentication for example and making better logins. You can post any suggestion, but just for your information, I mainly code my web apps with Javascript and PHP. Also, I transfer my data using JSON or XML. Thanks a lot

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >