Search Results

Search found 32185 results on 1288 pages for 'row level security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 41/1288 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • Replay attacks for HTTPS requests

    - by MatthewMartin
    Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability. What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire? No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.

    Read the article

  • Database Security: The First Step in Pre-Emptive Data Leak Prevention

    - by roxana.bradescu
    With WikiLeaks raising awareness around information leaks and the harm they can cause, many organization are taking stock of their own information leak protection (ILP) strategies in 2011. A report by IDC on data leak prevention stated: Increasing database security is one of the most efficient and cost-effective measures an organization can take to prevent data leaks. By utilizing the data protection, access control, account management, encryption, log management, and other security controls inherent in the database management system, entities can institute first-level control over the widest range of protected information. As a central repository for unstructured data, which is growing at leaps and bounds, the database should be the first layer providing information leakage protection. Unfortunately, most organizations are not taking sufficient steps to protect their databases according to a survey of the Independent Oracle User Group. For example, any operating system administrator or database administrator can access the all the data stored in the database in most organizations. Without any kind of auditing or monitoring. And it's not just administrators, database users can typically access the database with ad-hoc query tools from their desktop and by-pass any application level controls. Despite numerous regulations calling for controls to limit the powers of insiders, most organizations still put too many privileges in the hands of their employees. Time and time again these excess privileges have backfired. Internal agents were implicated in almost half of data breaches according to the Verizon Data Breach Investigations Report and the rate is rising. Hackers also took advantage of these excess privileges very successfully using stolen credentials and SQL injection attacks. But back to the insiders. Who are these insiders and why do they do it? In 2002, the U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts formed the Insider Threat Study team to examine insider threat cases that occurred in US critical infrastructure sectors, and examined them from both a technical and a behavioral perspective. A series of fascinating reports has been published as a result of this work. You can learn more by watching the ISSA Insider Threat Web Conference. So as your organization starts to look at data leak prevention over the coming year, start off by protecting your data at the source - your databases. IDC went on to say: Any enterprise looking to improve its competitiveness, regulatory compliance, and overall data security should consider Oracle's offerings, not only because of their database management capabilities but also because they provide tools that are the first layer of information leak prevention. Learn more about Oracle Database Security solutions and get the whitepapers, demos, tutorials, and more that you need to protect data privacy from internal and external threats.

    Read the article

  • How to Highlight a Row in Excel Using Conditional Formatting

    - by Erez Zukerman
    Conditional formatting is an Excel feature you can use when you want to format cells based on their content. For example, you can have a cell turn red when it contains a number lower than 100. But how do you highlight an entire row? If you’ve never used Conditional Formatting before, you might want to look at Using Conditional Cell Formatting in Excel 2007. It’s one version back, but the interface really hasn’t changed much. But what if you wanted to highlight other cells based on a cell’s value? The screenshot above shows some codenames used for Ubuntu distributions. One of these is made up; when I entered “No” in the “Really” column, the entire row got different background and font colors. To see how this was done, read on.How To Make a Youtube Video Into an Animated GIFHTG Explains: What Are Character Encodings and How Do They Differ?How To Make Disposable Sleeves for Your In-Ear Monitors

    Read the article

  • c# : How ot create a grid row array programatically

    - by user234839
    I am working in c# and i am under a situation where i have a grid (childGrid) and inside this grid i want to create 3 more grids dynamically. I want to achieve it using arrays. My try to do this is: Grid[] row = new Grid[counts]; for (int i = 0; i < counts; i++) { row[i].RowDefinitions[counts].Add(new RowDefinition()); } for (int i = 0; i < counts; i++) { Grid.SetColumn(txtblkLabel, 0); Grid.SetRow(row[i], 0); row[i].Children.Add(txtblkLabel); Grid.SetColumn(sp, 1); Grid.SetRow(row[i], 0); row[i].Children.Add(sp); Grid.SetColumn(txtblkShowStatus, 2); Grid.SetRow(row[i], 0); row[i].Children.Add(txtblkShowStatus); childGrid.Children.Add(row[i]); } the line row[i].RowDefinitions[counts].Add(new RowDefinition()); gives error. Error 1'System.Windows.Controls.RowDefinition' does not contain a definition for 'Add' and no extension method 'Add' accepting a first argument of type 'System.Windows.Controls.RowDefinition' could be found (are you missing a using directive or an assembly reference?) How to achieve this ?

    Read the article

  • Adding class to the UL and LI as per the level

    - by Wazdesign
    I have the following HTML mark up. <ul class="thumbs"> <li> <strong>Should be level 0</strong> </li> <li> <strong>Should be level 1</strong> </li> <li> <strong>Should be level 2</strong> </li> </ul> <ul class="thumbs"> <li> <strong>Should be level 0 -- </strong> </li> <li> <strong>Should be level 1 -- </strong> </li> </ul> and javascript. var i = 0; var j = 0; jQuery('ul.thumbs').each(function(){ var newName = 'ul -level' + i; jQuery(this).addClass('ul-level-'+i) .before('<h2>'+newName+'</h2>'); i = i+1; }); jQuery('ul.thumbs li').each(function(){ jQuery(this).addClass('li-level-'+j) .append('li-level-'+j); j = j+1; }); JS Bin Link But the level of the second UL LI is show diffrent. Please help me out in this.

    Read the article

  • How to exclude hidden row vaue from total value SSRS

    - by Annmarie
    I have an SSRS project and I want to exclude a row that I have hidden from the total. I have hidden the row based on an expression on the row visibility, where the row is hidden if: =IIF(IIF(ReportItems!CUST_CNT2.Value = 0, 0, ReportItems!Total_Contribution5.Value / IIF(ReportItems!CUST_CNT2.Value = 0, 1, ReportItems!CUST_CNT2.Value)) > 0, True, False) So basically the column totals for the report just total up all rows including this above row that I have hidden, and I need the total to exclude this row. Any ideas?

    Read the article

  • Remove third/nth level domains from google Index

    - by drakythe
    Somehow google has indexed some third(and fourth!) level domains that I had attached to my server temporarily, eg. my.domain.root.com. I now have these redirected properly where I would like them to go, however with a carefully crafted search one can still find them and I'd rather they not be exposed. My google foo skills have failed me in finding an answer, so I come to you wonderful folks: Is there a way/How do I remove sub-level domains from google search results? I have the site in google webmaster tools and verified, but all the URL removal requests I can perform append the url to the base url, not prefixed. And finally, how can I prevent this in the future?

    Read the article

  • How Pick a Column Value from a ListView Row - C#.NET

    - by peace
    How can i fetch the value 500 to a variable from the selected row? One solution would be to get the row position number and then the CustomerID position number. Can you please give a simple solution. SelectedItems means selected row and SubItems means the column values, so SelectedItem 0 and SubItem 0 would represent the value 500. Right? This is how i populate the listview: for (int i = 0; i < tempTable.Rows.Count; i++) { DataRow row = tempTable.Rows[i]; ListViewItem lvi = new ListViewItem(row["customerID"].ToString()); lvi.SubItems.Add(row["companyName"].ToString()); lvi.SubItems.Add(row["firstName"].ToString()); lvi.SubItems.Add(row["lastName"].ToString()); lstvRecordsCus.Items.Add(lvi); }

    Read the article

  • Get particular row as series from pandas dataframe

    - by Pratyush
    How do we get a particular filtered row as series? Example dataframe: >>> df = pd.DataFrame({'date': [20130101, 20130101, 20130102], 'location': ['a', 'a', 'c']}) >>> df date location 0 20130101 a 1 20130101 a 2 20130102 c I need to select the row where location is c as a series. I tried: row = df[df["location"] == "c"].head(1) # gives a dataframe row = df.ix[df["location"] == "c"] # also gives a dataframe with single row In either cases I can't the row as series.

    Read the article

  • Using High Level Abstractions

    - by Jonn
    I'm not sure if I'm using the correct term, but would you program using High-level abstractions like Powerbuilder, or some CMS like MODx or DotNetNuke? I haven't dabbled in any of these yet. The reason I'm asking is that I kind of feel intimidated by the whole notion of using any abstraction over the languages I'm using. I'm thinking that my job might be over-simplified. While it may provide business solutions faster, I'd rather be coding straight from, in my case, .NET. Do/Would you use abstractions like these or prefer them over programming in lower level languages?

    Read the article

  • SQL Server pivots? some way to set column names to values within a row

    - by ccsimpson3
    I am building a system of multiple trackers that are going to use a lot of the same columns so there is a table for the trackers, the tracker columns, then a cross reference for which columns go with which tracker, when a user inserts a tracker row the different column values are stored in multiple rows that share the same record id and store both the value and the name of the particular column. I need to find a way to dynamically change the column name of the value to be the column name that is stored in the same row. i.e. id | value | name ------------------ 23 | red | color 23 | fast | speed needs to look like this. id | color | speed ------------------ 23 | red | fast Any help is greatly appreciated, thank you.

    Read the article

  • How do you make an added row from QueryAddRow() the first row of the result from a query?

    - by JS
    I am outputting a query but need to specify the first row of the result. I am adding the row with QueryAddRow() and setting the values with QuerySetCell(). I can create the row fine, I can add the content to that row fine. If I leave the argument for the row number off of QuerySetCell() then it all works great as the last result of the query when output. However, I need it to be first row of the query but when I try to set the row attribute with the QuerySetCell it just overwrites the first returned row from my query (i.e. my QueryAddRow() replaces the first record from my query). What I currently have is setting a variable from recordCount and arranging the output but there has to be a really simple way to do this that I am just not getting. This code sets the row value to 1 but overwrites the first returned row from the query. <cfquery name="qxLookup" datasource="#application.datasource#"> SELECT xID, xName, execution FROM table </cfquery> <cfset QueryAddRow(qxLookup)/> <cfset QuerySetCell(qxLookup, "xID","0",1)/> <cfset QuerySetCell(qxLookup, "xName","Delete",1)/> <cfset QuerySetCell(qxLookup, "execution", "Select this to delete",1)/> <cfoutput query="qxLookup"> <tr> <td> <a href="##" onclick="javascript:ColdFusion.navigate('xSelect/x.cfm?xNameVar=#url.xNameVar#&xID=#qxLookup.xID#&xName=#URLEncodedFormat(qxLookup.xName)#', '#xNameVar#');ColdFusion.Window.hide('#url.window#')">#qxLookup.xName#</a> </td> <td>#qxLookup.execution#</td> </tr> </cfoutput> </table> Thanks for any help.

    Read the article

  • Mid level IT lead [closed]

    - by Arihant
    I am a mid level IT lead at a IT support company with 8 years of experience. I don't get a lot of opportunities to learn at my organization since we primarily support existing systems and just fix issues arising on a day to day basis, We are not expected by the parent company to develop solutions from scratch. I aspire to become an Architect. Please guide me how should I plan to acquire the required skills and Knowledge esp since my company doesn't provide me with the right opportunities. The city where i am in doesn't have a lot of s/w development companies they are mostly services companies. Thanks a lot for your replies. Please give me some directions on how do I plan the self learning process ? Personal commitment won't let me move out of my current capacity to join a entry level job outside as of now . Atleast I should be well prepared to grab the opportunity when the time comes.

    Read the article

  • Limitation of high level languages? [closed]

    - by user1705796
    My question may look bit philosophical and nonsense! But I need to know kind of instructions those are not well suitable in high level languages even in c? Or rarely use in the development of software? Like read/write content of CPU registers may useful in debugging programs. And access to cache memory required when developing OS (maybe I am wrong at this point). Is this kind of instruction available languages like Java, Python, C? I also have a second question: And Why all high level languages not having same uniform syntax; at-least same standard library interface name? In python there is and. Or operator is almost same as && and ||. I think Python is developed after C but space indentation is compulsory in Python. Why Python does not use brackets {}. I already know this question going to be highly down-voted.

    Read the article

  • SQL SERVER – Windows File/Folder and Share Permissions – Notes from the Field #029

    - by Pinal Dave
    [Note from Pinal]: This is a 29th episode of Notes from the Field series. Security is the task which we should give it to the experts. If there is a small overlook or misstep, there are good chances that security of the organization is compromised. This is very true, but there are always devils’s advocates who believe everyone should know the security. As a DBA and Administrator, I often see people not taking interest in the Windows Security hiding behind the reason of not expert of Windows Server. We all often miss the important mission statement for the success of any organization – Teamwork. In this blog post Brian tells the story in very interesting lucid language. Read On! In this episode of the Notes from the Field series database expert Brian Kelley explains a very crucial issue DBAs and Developer faces on their production server. Linchpin People are database coaches and wellness experts for a data driven world. Read the experience of Brian in his own words. When I talk security among database professionals, I find that most have at least a working knowledge of how to apply security within a database. When I talk with DBAs in particular, I find that most have at least a working knowledge of security at the server level if we’re speaking of SQL Server. One area I see continually that is weak is in the area of Windows file/folder (NTFS) and share permissions. The typical response is, “I’m a database developer and the Windows system administrator is responsible for that.” That may very well be true – the system administrator may have the primary responsibility and accountability for file/folder and share security for the server. However, if you’re involved in the typical activities surrounding databases and moving data around, you should know these permissions, too. Otherwise, you could be setting yourself up where someone is able to get to data he or she shouldn’t, or you could be opening the door where human error puts bad data in your production system. File/Folder Permission Basics: I wrote about file/folder permissions a few years ago to give the basic permissions that are most often seen. Here’s what you must know as a minimum at the file/folder level: Read - Allows you to read the contents of the file or folder. Having read permissions allows you to copy the file or folder. Write  – Again, as the name implies, it allows you to write to the file or folder. This doesn’t include the ability to delete, however, nothing stops a person with this access from writing an empty file. Delete - Allows the file/folder to be deleted. If you overwrite files, you may need this permission. Modify - Allows read, write, and delete. Full Control - Same as modify + the ability to assign permissions. File/Folder permissions aggregate, unless there is a DENY (where it trumps, just like within SQL Server), meaning if a person is in one group that gives Read and antoher group that gives Write, that person has both Read and Write permissions. As you might expect me to say, always apply the Principle of Least Privilege. This likely means that any additional permission you might add does not need Full Control. Share Permission Basics: At the share level, here are the permissions. Read - Allows you to read the contents on the share. Change - Allows you to read, write, and delete contents on the share. Full control - Change + the ability to modify permissions. Like with file/folder permissions, these permissions aggregate, and DENY trumps. So What Access Does a Person / Process Have? Figuring out what someone or some process has depends on how the location is being accessed: Access comes through the share (\\ServerName\Share) – a combination of permissions is considered. Access is through a drive letter (C:\, E:\, S:\, etc.) – only the file/folder permissions are considered. The only complicated one here is access through the share. Here’s what Windows does: Figures out what the aggregated permissions are at the file/folder level. Figures out what the aggregated permissions are at the share level. Takes the most restrictive of the two sets of permissions. You can test this by granting Full Control over a folder (this is likely already in place for the Users local group) and then setting up a share. Give only Read access through the share, and that includes to Administrators (if you’re creating a share, likely you have membership in the Administrators group). Try to read a file through the share. Now try to modify it. The most restrictive permission is the Share level permissions. It’s set to only allow Read. Therefore, if you come through the share, it’s the most restrictive. Does This Knowledge Really Help Me? In my experience, it does. I’ve seen cases where sensitive files were accessible by every authenticated user through a share. Auditors, as you might expect, have a real problem with that. I’ve also seen cases where files to be imported as part of the nightly processing were overwritten by files intended from development. And I’ve seen cases where a process can’t get to the files it needs for a process because someone changed the permissions. If you know file/folder and share permissions, you can spot and correct these types of security flaws. Given that there are a lot of database professionals that don’t understand these permissions, if you know it, you set yourself apart. And if you’re able to help on critical processes, you begin to set yourself up as a linchpin (link to .pdf) for your organization. If you want to get started with performance tuning and database security with the help of experts, read more over at Fix Your SQL Server. Reference: Pinal Dave (http://blog.sqlauthority.com)Filed under: Notes from the Field, PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL

    Read the article

  • How to enable connection security for WMI firewall rules when using VAMT 2.0?

    - by Ondrej Tucny
    I want to use VAMT 2.0 to install product keys and active software in remote machines. Everything works fine as long as the ASync-In, DCOM-In, and WMI-In Windows Firewall rules are enabled and the action is set to Allow the connection. However, when I try using Allow the connection if it is secure (regardless of the connection security option chosen) VAMT won't connect to the remote machine. I tried using wbemtest and the error always is “The RPC server is unavailable”, error code 0x800706ba. How do I setup at least some level of connection security for remote WMI access for VAMT to work? I googled for correct VAMT setup, read the Volume Activation 2.0 Step-by-Step guide, but no luck finding anything about connection security.

    Read the article

  • Can not find the "variables.tcl" file in Varnish Security

    - by Vladimir
    Varnish Security main.vcl contains # clear all internal variables include "/etc/varnish/security/build/variables.vcl"; and # fallthrough: clear all internal variables on security.vcl_recv exit include "/etc/varnish/security/build/variables.vcl"; but /etc/varnish/security/build/variables.vcl is not included into the git. I commented it out, and it is working fine but where can I get that file?

    Read the article

  • If a user is part of two TFS security groups, why do they (appear to) receive the lesser security of the two?

    - by Jedidja
    Given two TFS security groups Admins: Contains a set of Windows users Friends: Contains a Windows Security Group (which is also used as a mailing list) However, the people listed as admins are also part of the security group. It appears that when I lock down the Friends group to certain directories in TFS, the people in Admin also lose their privileges. Is there any way for users to receive the maximum security allowed between multiple groups they are included in? Or have I perhaps setup my TFS security groups incorrectly?

    Read the article

  • yum security update - message indicating kernel version not up to date

    - by JMC
    Running yum --security check-update returns this message: Security: kernel-3.x.x-x.63 is an installed security update Security: kernel-3.x.x-x.29 is the currently running version I already ran the yum security update on the kernel, but it looks like it didn't change the version running on the system. What needs to be done to make it run the new kernel? Are there any concerns about why it didn't change during the installation process? The yum log just shows installed for the new kernel no error messages.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >