Search Results

Search found 28693 results on 1148 pages for 'oracle advanced security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 430/1148 | < Previous Page | 426 427 428 429 430 431 432 433 434 435 436 437  | Next Page >

  • Best Pratice to Implement Secure Remember Me

    - by Yan Cheng CHEOK
    Sometimes, I came across certain web development framework which doesn't provide authentication feature as in Authenication ASP.NET I was wondering what is the security measure needs to be considered, when implementing "Remember Me" login feature, by hand coding? Here are the things I usually did. 1) Store the user name in cookie. The user name are not encrypted. 2) Store a secret key in cookie. The secret key is generated using one way function based on user name. The server will verify secret key against user name, to ensure this user name is not being changed. 3) Use HttpOnly in cookie. http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html Any things else I could miss out, which could possible lead a security hole.

    Read the article

  • How to implement a good system for login/out into a webapp

    - by Brandon Wang
    I am one of the developers at PassPad, a secure password generator and username storage system. We're still working on it, but I have a few questions on the best way to implement a secure login/out system. Right now, what we plan on doing is to have the login system save a cookie with the username and a session key, and that's all that serves as authentication. The server verifies the two to match. Upon login/out a new key is created. This is a security-related webapp and while we don't actually store any information that might make the user queasy, because it is security-oriented it makes it a necessity for us to at least appear secure in a way that the user would be happy with. Is there a better way to implement a login/out system in PHP? Preferably it won't take too much coding time or server resources. Is there anything else I need to implement, like brute-force protection, etc? How would I go about that?

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Subquery works in 9i but not in 11g

    - by Zsuetam
    Statement below is working on Oracle 9i but not on Oracle 11g SELECT * FROM ( SELECT 0 scrnfail_rate, '9' zz, 7 hh FROM DUAL UNION ALL SELECT 0 scrnfail_rate, '9' zz, 7 hh FROM DUAL ) WHERE zz IS NOT NULL AND TO_CHAR (hh) NOT IN ( SELECT DECODE ( scrnfail_rate, 0, -1, ROUND (LEVEL * 1 / (scrnfail_rate / 100)) - ROUND (1 / (2 * (scrnfail_rate / 100))) ) AS nno FROM DUAL WHERE NVL (scrnfail_rate, 0) > 0 CONNECT BY LEVEL <= ROUND(9 * scrnfail_rate / 100) ) It looks like Oracle 11g is ignoring where decode or even where clause in the subquery. This query should return two rows as it does on Oracle 9i, but results ORA-01476: divisor is equal to zero on Oracle 11g EE 11.2.0.1.0 - 64bit. Can anyone help? Thanks!

    Read the article

  • How to secure authiorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Using WCF HttpBindings on a LAN

    - by dcw
    We have a WCF-based client server that operates over a LAN. We've been getting along ok by using the NetTcpBinding, chosen because we couldn't get either HttpBinding to work between hosts. (Within a single host works fine, but is not useful for the production environment.) We're now back at the point where we want to explore using either BasicHttpBinding or WsHttpBinding, but we simply can't see the server from the client: even putting in the path to the endpoint into IE fails to see the server. Is there something simple we've overlooked? We're not specifying any security settings (or anything else, for that matter). Should we be doing so (e.g. explicitly setting security settings to None)?

    Read the article

  • Dealing with passwords securely

    - by Krt_Malta
    Hi I have a Java web service and a Java web client making use of this service. One of the functions is to create a new user account. My two concerns are: How will I send the user's password securely from the client. How will I store the user's password securely on the server. How can I achieve these? I know the theory basically behind security, security algorithms etc but can anyone give me some advice on how I should go about in coding? Could anyone point me to some good (and if possible not complicated) examples to follow since I found some examples on the Internet very contorted? Thanks a lot and regards, Krt_Malta

    Read the article

  • Is it possible for a XSS attack to obtain HttpOnly cookies?

    - by Dan Herbert
    Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

    Read the article

  • Web.xml: Are url-pattern tags relative to each other?

    - by sixtyfootersdude
    <servlet-mapping> <servlet-name>myName</servlet-name> <url-pattern>/aName</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> ... <url-pattern> /* </url-pattern> </web-resource-collection> ... </security-constraint> This is an excerpt from web.xml (using it to configure a jboss/tomcat webservice). Just wondering if the url-pattern in web-resource-collection is relative to the url-pattern in servlet-mapping.

    Read the article

  • What are the alternatives for Java authentication?

    - by Crusader
    Preferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples. I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotations (@RolesAllowed etc), MINIMAL XML, and 'remember-me' features (not cookie based). Apache Shiro seems to support Flex/Silverlight/Swing as well but I'd like to know if there are any other alternatives that are NOT container specific.

    Read the article

  • Uploading a Website

    - by 01010011
    Hi, This is my first time building a website and using CodeIgniter for a school project. I was wondering whether you have any tips on uploading CI to a free web host , my database, free webhosting and basic security tips. Can I just upload the entire CI folder? Or do I have to upload individual files (God no!)? What are my options? What about my MySQL database - do I just upload my mysqldump to the webhost? Also, can you recommend a good free webhost. I was thinking about 000webhost. Any basic tips on security would also be appreciated (I've implemented many of the form_validation rules like xss_clean for starters) Any other suggestions will be more than welcome. Thanks!

    Read the article

  • Web.xml: Are url-pattern tags relitive to each other?

    - by sixtyfootersdude
    <servlet-mapping> <servlet-name>myName</servlet-name> <url-pattern>/aName</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> ... <url-pattern> /* </url-pattern> </web-resource-collection> ... </security-constraint> This is an excerpt from web.xml (using it to configure a jboss/tomcat webservice). Just wondering if the url-pattern in web-resource-collection is relative to the url-pattern in servlet-mapping.

    Read the article

  • @Secured not working

    - by user3640507
    I am new to spring and trying to implement Role based authorization with the help of @Secured annotation. I have a method which is specifically for ADMIN and I have written @Secured ("ROLE_ADMIN") to secure it. @Secured ("ROLE_ADMIN") public void HelloUser(String name) { System.out.println("Hello ADMIN"); } Now when I call this method by creating a class object it gets called eventhough user dont have ADMIN authority But when I dont create an object and use @autowired annotation instead then it works i.e User is not allowed to access this method. In my security.xml as well as servlet.xml I have added <global-method-security secured-annotations="enabled" /> Can some one please tell me where I am going wrong or is this the natural behaviour in spring ?

    Read the article

  • Securely using exec with PHP to run ffmpeg

    - by Venkat D.
    I would like to run ffmpeg from PHP for video encoding purposes. I was thinking of using the exec or passthru commands. However, I have been warned that enabling these functions is a security risk. In the words of my support staff: The directive 'disable_functions' is used to disable any functions that allow the execution of system commands. This is for more security of the server. These PHP functions can be used to crack the server if not used properly. I'm guessing that if exec is enabled, then someone could (possibly) execute an arbitrary unix command. Does anyone know of a secure way to run ffmpeg from PHP? By the way, I'm on a dedicated server. Thanks ahead of time!

    Read the article

  • Estrategias de monitorización y supervisión de entornos

    - by [email protected]
    El bajo rendimiento de un entorno de aplicación Oracle E-Business Suite, Siebel, Peoplesoft o Hyperion puede tener un impacto directo en puntos fundamentales de su negocio. Para sacar el mayor valor a la inversión realizada en Oracle, es crítico asegurar que sus aplicaciones funcionan óptimamente. Supervisando preventivamente la salud de su instalación a través de nuestros servicios de revisión de entornos productivos y monitorización de problemas de rendimiento usted puede identificar rápidamente y resolver cualquier problema potencial, reduciendo considerablemente cualquier impacto en su negocio. Brochure: Performance & Health Check

    Read the article

  • Not to miss! Today’s web seminar on content integration with Oracle Apps

    - by Lance Shaw
    Hello everyone.  The first web seminar in a three-part series kicks off later today, focused on the value of delivering and controlling the flow of content in the context of your most critical business applications.   If you are using Oracle E-Business Suite, PeopleSoft Enterprise, JD Edwards EnterpriseOne or Siebel CRM, we heartily recommend you investigate the value of centralizing the delivery of scanned images, forms, faxes and digital documents within those processes.  The improvements in efficiency and productivity can result in some impressive cost savings. One customer recently reported that they had realized an impressive ROI of 180% and that the investment in this new technology had paid for itself in a mere 6 months.  We hope you can spare some time today to join us at 1pm Eastern Time / 10am Pacific Time / 18:00 GMT. We think you will find it time well spent.   Click here to attend.  We look forward to seeing you there!

    Read the article

  • Sorgenia rende più rapido ed efficace l'intero processo di gestione dei clienti

    - by antonella.buonagurio(at)oracle.com
    Sorgenia SpA, uno dei maggiori protagonisti del mercato libero italiano dell'energia elettrica e del gas naturale, grazie a Oracle Siebel CRM ha reso più fluido ed efficace il processo di gestione clienti. La riduzione dei tempi di chiamata, possibile grazie a Oracle Siebel CRM, ha permesso a Sorgenia SpA di gestire con puntualità ed efficacia un numero di richieste sempre maggiore mantenedo elevato il livello di servizio offerto. Leggi qui l'intero caso di successo  

    Read the article

  • Demonstration VM BIC2g 2013-10 Partner Edition for Download

    - by Mike.Hallett(at)Oracle-BI&EPM
    Normal 0 false false false EN-GB X-NONE X-NONE MicrosoftInternetExplorer4 UPDATED ! The “BIC2g” demo VM (now version 2013-10) is downloadable from our BIC2g Beehive Online Workspace portal for OPN member partners. Compared to the prior version, Bic2g 2013-04, the new Bic2g 2013-10 has: OBIEE was upgraded from 11.1.1.7.0 to 11.1.1.7.1. with BI Mobile Application Designer (BIMAD) added. TimesTen was upgraded from 11.2.2.3.0 to 11.2.2.5.0 ODI Client 11.1.1.7.0 was installed, including a Standalone agent and empty repositories, and the BI Applications 11g ODI Repositories were included (BIAPPS_11g) Informatica and DAC were removed from image There are additional demos for BI-Apps and for Endeca. The compact deployment of EPM is installed and configured, including: Hyperion Foundation, Essbase, Essbase Studio, Essbase Administration Services, Provider Services, Calculation Manager, Planning, Reporting and Analysis, Financial Reporting, Web Analysis, and Workspace. The access details, for OPN member partners only, to get added to the BIC2G Beehive Online Workspace portal are shown from this page @ BI Solutions Engineering Partner Portal. This Oracle Business Intelligence Linux VM virtual appliance (“BIC2g”) was developed to support Oracle OBI, BI-Apps and EPM Hyperion sales and Oracle partners in product demonstrations, training activities and POC activities.  If you do not need BI-Apps, then there is a slightly smaller VM OBI Sample-App you can get from OTN: see @ Oracle BI and EPM Demonstration SampleApp V309 on OTN. /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

    Read the article

  • Le monde sur le point de se « noyer dans les données » selon le président d'Oracle qui prédit une crise du stockage et du traitement

    Le monde sur le point de se « noyer dans les données » Selon le président d'Oracle qui prédit une crise du stockage et de traitement Dans une déclaration au Times de Londres, le coprésident d'Oracle Mark Hurd a évoqué le sujet de « la croissance exponentielle » des données. Il prédit que celle-ci soit sur le point de déclencher un problème majeur dans les opérations de stockage, de traitement et d'analyse en temps réel. [IMG]http://idelways.developpez.com/news/images/oracle-marc-hurd.jpg[/IMG] Mark Hurd Selon Hurd, le nombre de dispositifs connectés à internet et fournissant des données pour les entreprises va croître po...

    Read the article

  • Oracle Alliances & Channels wünscht allen Partnern ein frohes Fest!

    - by A&C Redaktion
    Endlich!Die letzten Projekte sind erledigt, die Geschenke verpackt und auch in den Sphären des Web 2.0 soll nun etwas Ruhe und Weihnachtsstimmung einkehren. Ich möchte daher gar nicht viele Worte verlieren: Es liegt ein arbeitsreiches Jahr hinter uns und es galt viele Herausforderungen zu meistern. Vor allem in der eigentlich geruhsamen Adventszeit wird es viel zu hektisch. Aber gerade dann ist es umso wichtiger, kurz innezuhalten. Wir haben viel geschafft und sollten nun, für die Festtage, auch die Bürotür im Kopf schließen. Dann kann es endlich Weihnachten werden!Im Namen von Oracle Alliances & Channels bedanke ich mich für die gute Zusammenarbeit. Ich wünsche Ihnen und Ihren Lieben ein frohes Fest und schöne, erholsame Feiertage!Herzlich,Ihre Silvia KaskeSenior Director Channel Sales & AlliancesORACLE Deutschland B.V. & Co. KG

    Read the article

  • Sun Ray 3 Plus Unboxing video

    - by [email protected]
    Shot using a prototype Sun Ray 3 Plus weeks before the Oracle acquisition of Sun was completed, this video gives you the sense of how this newly announced Sun Ray 3 Plus is packaged when shipped.   It also shows what the bits of the SR 3 Plus are all about, including the most commonly asked about specs.  While the Production unit is available for ordering NOW, it will obviously have the Oracle logo in addition to the Sun logo.Enjoy the video here:

    Read the article

  • Oracle Exalogic Elactisc Cloud X2-2 est disponible, pour une meilleure expérience de développement dans le cloud

    Oracle Exalogic Elactisc Cloud X2-2 est disponible, pour une meilleure expérience de développement dans le cloud Mise à jour du 08.12.2010 par Katleen Oracle vient d'annoncer ce jour l'arrivée de son infrastructure cloud "Exalogic Elastic Cloud X2-2". Celle-ci servira de base de consolidation pour la quasi globalité des applications Java et non-Java, ainsi que pour les charges de travail. Ce système hardware et software mélange des processeurs x86 cutting-edge 64-bit, une fabrication I/O basée sur InfiniBand ; ainsi qu'un stockage solid-state sur Oracle WebLogic Server. Cette combinaison inédite permet une interaction entre divers composants d'une Java app et l'I/O zero-copy....

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 426 427 428 429 430 431 432 433 434 435 436 437  | Next Page >