Search Results

Search found 25758 results on 1031 pages for 'oracle security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 435/1031 | < Previous Page | 431 432 433 434 435 436 437 438 439 440 441 442  | Next Page >

  • How to pass username and password for authentication in URL?

    - by Maggie
    Hi there. I need to pass the user name and password in the URL for a REST web services call. I know that if I pass it this way in Firefox, it works: https://{UserName}:{Password}@api.opsourcecloud.net/oec/0.9/myaccount Is there a proper way to pass user name and password aside from the above example? It's a Spring Security Context?

    Read the article

  • How should I ethically approach user password storage for later plaintext retrieval?

    - by Shane
    As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ programming to make password resets and administrative assistance possible without storing their actual password. When I can’t fight it (or can’t win) then I always encode the password in some way so that it at least isn’t stored as plaintext in the database—though I am aware that if my DB gets hacked that it won’t take much for the culprit to crack the passwords as well—so that makes me uncomfortable. In a perfect world folks would update passwords frequently and not duplicate them across many different sites—unfortunately I know MANY people that have the same work/home/email/bank password, and have even freely given it to me when they need assistance. I don’t want to be the one responsible for their financial demise if my DB security procedures fail for some reason. Morally and ethically I feel responsible for protecting what can be, for some users, their livelihood even if they are treating it with much less respect. I am certain that there are many avenues to approach and arguments to be made for salting hashes and different encoding options, but is there a single ‘best practice’ when you have to store them? In almost all cases I am using PHP and MySQL if that makes any difference in the way I should handle the specifics. Additional Information for Bounty I want to clarify that I know this is not something you want to have to do and that in most cases refusal to do so is best. I am, however, not looking for a lecture on the merits of taking this approach I am looking for the best steps to take if you do take this approach. In a note below I made the point that websites geared largely toward the elderly, mentally challenged, or very young can become confusing for people when they are asked to perform a secure password recovery routine. Though we may find it simple and mundane in those cases some users need the extra assistance of either having a service tech help them into the system or having it emailed/displayed directly to them. In such systems the attrition rate from these demographics could hobble the application if users were not given this level of access assistance, so please answer with such a setup in mind. Thanks to Everyone This has been a fun questions with lots of debate and I have enjoyed it. In the end I selected an answer that both retains password security (I will not have to keep plain text or recoverable passwords), but also makes it possible for the user base I specified to log into a system without the major drawbacks I have found from normal password recovery. As always there were about 5 answers that I would like to have marked correct for different reasons, but I had to choose the best one--all the rest got a +1. Thanks everyone!

    Read the article

  • Oracle curcular join sometimes give duplicates, but sometimes does not

    - by Kaushik
    By mistake I wrote a query like this: select * from a,b,c where a.col=b.col and b.col2=c.col2 and c.col3=a.col4 So there is a circular join here. Now the thing is sometimes this query returns duplicate result, sometimes it returns unique(correct) results. I am trying to understand why it does not give duplicate results always. Also if circular joins are not allowed, how come Oracle does not throw an error. EDIT: This is the actual query. After reading ti carefully, I am not sure anymore if this is a circular join or not.It does not seem so...but why I get duplicates only sometime? select * from a,b,c,d where a.col=b.col and b.col=c.col and c.col2=d.col2 and d.col2 =a.col2

    Read the article

  • Can a python view template be made to be 'safe/secure' if I make it user editable?

    - by Blankman
    Say I need to have a templating system where a user can edit it online using an online editor. So they can put if tags, looping tags etc., but ONLY for specific objects that I want to inject into the template. Can this be made to be safe from security issues? i.e. them somehow outputing sql connection string information or scripting things outside of the allowable tags and injected objects.

    Read the article

  • Node.js A Good authentication module ? or whats the proper way to authenticate users?

    - by Mohamed Ahmed
    I'm learning Node.js and looking forward to create a simple web application which will be based on Express and I was thinking of something like creating user groups and each group has its own users and each group has its own permissions (Just like ACL in Cakephp) So can anyone recommend a good module or whatever to do so ? Also I'm a little curious about security and how these passwords are going to be saved and what type of encryption the passwords will be encrypted in. Thanks :)

    Read the article

  • Interrogating Java source code

    - by VibeofBoston
    I have a Java source code that I need to interrogate and apply security policies [for e.g. applying CWE] I have couple of ideas, for starters using AST and then travel thru the tree. Others include using regular expression. Are there any options other than AST or regex that I could use for such process.

    Read the article

  • Unsure how to modify userDetailsService to allow for custom userDetails but keep datasource

    - by adam2510
    what i am trying to do is i'm following this http://www.theserverside.com/tip/-Spring-Security-Customizing-Your-User-and-Authorization-in website to attempt to customise the UserDetails so i can retrieve more fields regarding to the user... as far as implementing the UserDetails, where i am confused is the UserDetailsService at the moment i only have the code for the userDetailsService that is in the website linked above i'm just not sure on how to go about doing it

    Read the article

  • Creation of database in Oracle

    - by macha
    Hello, I am a newbie to Oracle, and I have used MySQL for most of the time. So now for testing scripts, I was just planning to create a database, but from the resources I have found on google, it doesn't look as simple it is maybe in mysql or in sqlserver. I just need to create a database, say "CREATE DATABASE TESTDB";. That is it, but of the resources I have found, it seems I need to create an instance identifier, decide an authentication method, create an initialization file etc. Do I really have to do all this or am I using the wrong resources. I just need to create a database and add a few tables into it, just to check my connection string etc. I need to check if I am able to connect to my web server.

    Read the article

  • Are WCF Services encrypted automatically if they go over SSL?

    - by michael
    Basically, if I have a plain WCF Service over HTTPS is it automatically secure? [ServiceContract] public interface ICalc { [OperationContract] int add(int a, int b); } public class Calculator : ICalc { public int add(int a, int b) { return a + b; } } I figure the actual SOAP message isn't encrypted here, but is it still secure if I use https? Basically, if I use a basichttpbinding with no security settings in my config over https://www.myserver.com/services/Calc.svc is that secure?

    Read the article

  • Best way to store a database password in a startup script / config file?

    - by Mark Harrison
    So our web server apps need to connect to the database, and some other apps have startup scripts that execute at boot time. What's the best way to store the name/password for these applications, in terms of security, e.g. perhaps we don't want sysadmins to know the database password maintainability, e.g. making the configuration easy to change when the password changes, etc. both windows and linux solutions appreciated!

    Read the article

  • Is there a Veil-like plug-in for MySQL?

    - by Kevin
    We have a MySQL database and would like to have row-level security implemented at the database level. I have been playing with the Veil plug-in for PostgreSQL and like what it does. Is there something similar for MySQL so we do not have to convert over to PostgreSQL?

    Read the article

  • How to disallow a windows service stop

    - by Saar
    I have some security related service running on my machine (start type = automatic) In the service control manager, the stop/restart commands are grayed out. I was wondering how can I develop such service for which the stop operation is disallowed. Note that I am logged in as an administrator

    Read the article

  • CPU emulator on C for assembler

    - by krlzx00
    Hi, there. I have a problem. I´m working on a little aplication of security, but i recived an array that means a bytes, and that bytes can be interpreted as a assembler code, so my cuestion is.... some one knows a library that a i can use on my aplication that can execute this bytes and show what it do, or something like that?

    Read the article

  • Should the function or the caller be resonsible for input validation?

    - by haudenschilt
    I'm doing a security audit on a fairly large php application and was wondering where I should include my user-input validation. Should I validate the data, then send the clean data off to the back-end functions or should I rely on each function to do it's own validation? Or even both? Is there any standard or best-practice for this sort of thing? Currently the app does both inconsistently and I'll like to make things more consistent.

    Read the article

  • Oracle SQL Developer Data Modeler: What Tables Aren’t In At Least One SubView?

    - by thatjeffsmith
    Organizing your data model makes the information easier to consume. One of the organizational tools provided by Oracle SQL Developer Data Modeler is the ‘SubView.’ In a nutshell, a SubView is a subset of your model. The Challenge: I’ve just created a model which represents my entire ____________ application. We’ll call it ‘residential lending.’ Instead of having all 100+ tables in a single model diagram, I want to break out the tables by module, e.g. appraisals, credit reports, work histories, customers, etc. I’ve spent several hours breaking out the tables to one or more SubViews, but I think i may have missed a few. Is there an easy way to see what tables aren’t in at least ONE subview? The Answer Yes, mostly. The mostly comes about from the way I’m going to accomplish this task. It involves querying the SQL Developer Data Modeler Reporting Schema. So if you don’t have the Reporting Schema setup, you’ll need to do so. Got it? Good, let’s proceed. Before you start querying your Reporting Schema, you might need a data model for the actual reporting schema…meta-meta data! You could reverse engineer the data modeler reporting schema to a new data model, or you could just reference the PDFs in \datamodeler\reports\Reporting Schema diagrams directory. Here’s a hint, it’s THIS one The Query Well, it’s actually going to be at least 2 queries. We need to get a list of distinct designs stored in your repository. For giggles, I’m going to get a listing including each version of the model. So I can query based on design and version, or in this case, timestamp of when it was added to the repository. We’ll get that from the DMRS_DESIGNS table: SELECT DISTINCT design_name, design_ovid, date_published FROM DMRS_designs Then I’m going to feed the design_ovid, down to a subquery for my child report. select name, count(distinct diagram_id) from DMRS_DIAGRAM_ELEMENTS where design_ovid = :dESIGN_OVID and type = 'Table' group by name having count(distinct diagram_id) < 2 order by count(distinct diagram_id) desc Each diagram element has an entry in this table, so I need to filter on type=’Table.’ Each design has AT LEAST one diagram, the master diagram. So any relational table in this table, only having one listing means it’s not in any SubViews. If you have overloaded object names, which is VERY possible, you’ll want to do the report off of ‘OBJECT_ID’, but then you’ll need to correlate that to the NAME, as I doubt you’re so intimate with your designs that you recognize the GUIDs So I’m going to cheat and just stick with names, but I think you get the gist. My Model Of my almost 90 tables, how many of those have I not added to at least one SubView? Now let’s run my report! Voila! My ‘BEER2′ table isn’t in any SubView! It says ’1′ because the main model diagram counts as a view. So if the count came back as ’2′, that would mean the table was in the main model diagram and in 1 SubView diagram. And I know what you’re thinking, what kind of residential lending program would have a table called ‘BEER2?’ Let’s just say, that my business model has some kinks to work out!

    Read the article

  • Data Guard - Snapshot Standby Database??

    - by Jian Zhang-Oracle
    ?? -------- ?????,??standby?????mount??????????REDO??,??standby????????????????????,???????read-only???open????,????ACTIVE DATA GUARD,????standby?????????(read-only)??(????????),????standby???????????(read-write)? ?????,?????????????Real Application Testing(RAT)??????????,?????????standby??????snapshot standby?????????,??snapshot standby??????????,???????????(read-write)??????snapshot standby??????????????,?????????,??????????,????????,?????????snapshot standby?????standby???,????????? ?? ---------  1.??standby?????? SQL> Alter system set db_recovery_file_dest_size=500M; System altered. SQL> Alter system set db_recovery_file_dest='/u01/app/oracle/snapshot_standby'; System altered. 2.??standby?????? SQL> alter database recover managed standby database cancel; Database altered. 3.??standby???snapshot standby,??open snapshot standby SQL> alter database convert to snapshot standby; Database altered. SQL> alter database open;    Database altered. ??snapshot standby??????SNAPSHOT STANDBY,open???READ WRITE: SQL> select DATABASE_ROLE,name,OPEN_MODE from v$database; DATABASE_ROLE    NAME      OPEN_MODE ---------------- --------- -------------------- SNAPSHOT STANDBY FSDB      READ WRITE 4.?snapshot standby???????????Real Application Testing(RAT)????????? 5.?????,??snapshot standby???physical standby,?????????? SQL> shutdown immediate; Database closed. Database dismounted. ORACLE instance shut down. SQL> startup mount; ORACLE instance started. Database mounted. SQL> ALTER DATABASE CONVERT TO PHYSICAL STANDBY; Database altered. SQL> shutdown immediate; ORA-01507: database not mounted ORACLE instance shut down. SQL> startup mount; ORACLE instance started. Database mounted. SQL>ALTER DATABASE RECOVER MANAGED STANDBY DATABASE DISCONNECT FROM SESSION; Database altered. 5.?????standby?,???????PHYSICAL STANDBY,open???MOUNTED SQL> select DATABASE_ROLE,name,OPEN_MODE from v$database; DATABASE_ROLE    NAME      OPEN_MODE ---------------- --------- -------------------- PHYSICAL STANDBY FSDB      MOUNTED 6.??????????????? ????: SQL> select ads.dest_id,max(sequence#) "Current Sequence",            max(log_sequence) "Last Archived"        from v$archived_log al, v$archive_dest ad, v$archive_dest_status ads        where ad.dest_id=al.dest_id        and al.dest_id=ads.dest_id        and al.resetlogs_change#=(select max(resetlogs_change#) from v$archived_log )        group by ads.dest_id;    DEST_ID Current Sequence Last Archived ---------- ---------------- -------------      1              361           361      2              361           362 --???? SQL>    select al.thrd "Thread", almax "Last Seq Received", lhmax "Last Seq Applied"       from (select thread# thrd, max(sequence#) almax           from v$archived_log           where resetlogs_change#=(select resetlogs_change# from v$database)           group by thread#) al,          (select thread# thrd, max(sequence#) lhmax           from v$log_history           where resetlogs_change#=(select resetlogs_change# from v$database)           group by thread#) lh      where al.thrd = lh.thrd;     Thread Last Seq Received Last Seq Applied ---------- ----------------- ----------------          1               361              361 ??????????,???blog,???????????,??"??:Data Guard - Snapshot Standby Database??" 

    Read the article

  • MailEnable - Configuring TLS for secure SMTP (Gmail)

    - by Buckers
    I have the latest version of MailEnable Pro installed on a new server that I'm setting up. Sending & receiving works fine with a new email account that I have set up, however I am now trying to configure GMail to use the mailserver for outgoing SMTP. I've done the following so far: Creating a self-cert SSL certficiate Ticked "Enable TLS" on the General tab of the SMTP connector properties Ticked "Send using TLS if remote server supports it" on the Outbound tab of the SMTP connector properties Selected the new self-cert SSL certificate on the SSL tab of the localhost server properties. Given permissions to IME_System on the new certificate However, Gmail is still giving me the following error: Authentication failed. Please check your username/password. [Server response: 454 TLS not available due to temporary reason code(454) ] I'm trying to connect on port 25, (someone told me you can still do this and you dont have to connect on 465). Is this right? Or do I need to tell MailEnable to use port 465? Am I missing something? Thanks, Chris.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 431 432 433 434 435 436 437 438 439 440 441 442  | Next Page >