Introducing the new Google Geocoding Web Service
Geocoding - finding the geographical location of a given address - is one of the most popular features of the Google Maps API. Both the JavaScript Maps APIs...
Search Results
Search found 22711 results on 909 pages for 'amazon product api'.
Page 440/909 | < Previous Page | 436 437 438 439 440 441 442 443 444 445 446 447 | Next Page >
-
-
Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?
- by Austin Smith
I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?Read the article
-
Learn more about SPARC by listening to our newly recorded podcasts
- by Cinzia Mascanzoni
Please listen to our newly recorded series of four podcasts focused on SPARC. The topics are: How SPARC T4 Servers Open New Opportunities SPARC Roadmap and SPARC T4 Architecture Highlights SPARC T4 For Installed Base Refresh and Consolidation SPARC T4 – How Does it Stack up Against the Competition? Rob Ludeman, from SPARC Product Management, and Thomas Ressler, WWA&C Alliances Consultant, are your hosts. The intent is to continue to help you understand how to position and sell SPARC/T4 into your customer architecture.Details on how to access these podcasts can be found here.Read the article
-
RiverTrail - JavaScript GPPGU Data Parallelism
- by JoshReuben
Where is WebCL ? The Khronos WebCL working group is working on a JavaScript binding to the OpenCL standard so that HTML 5 compliant browsers can host GPGPU web apps – e.g. for image processing or physics for WebGL games - http://www.khronos.org/webcl/ . While Nokia & Samsung have some protype WebCL APIs, Intel has one-upped them with a higher level of abstraction: RiverTrail. Intro to RiverTrail Intel Labs JavaScript RiverTrail provides GPU accelerated SIMD data-parallelism in web applications via a familiar JavaScript programming paradigm. It extends JavaScript with simple deterministic data-parallel constructs that are translated at runtime into a low-level hardware abstraction layer. With its high-level JS API, programmers do not have to learn a new language or explicitly manage threads, orchestrate shared data synchronization or scheduling. It has been proposed as a draft specification to ECMA a (known as ECMA strawman). RiverTrail runs in all popular browsers (except I.E. of course). To get started, download a prebuilt version https://github.com/downloads/RiverTrail/RiverTrail/rivertrail-0.17.xpi , install Intel's OpenCL SDK http://www.intel.com/go/opencl and try out the interactive River Trail shell http://rivertrail.github.com/interactive For a video overview, see http://www.youtube.com/watch?v=jueg6zB5XaM . ParallelArray the ParallelArray type is the central component of this API & is a JS object that contains ordered collections of scalars – i.e. multidimensional uniform arrays. A shape property describes the dimensionality and size– e.g. a 2D RGBA image will have shape [height, width, 4]. ParallelArrays are immutable & fluent – they are manipulated by invoking methods on them which produce new ParallelArray objects. ParallelArray supports several constructors over arrays, functions & even the canvas. // Create an empty Parallel Array var pa = new ParallelArray(); // pa0 = <> // Create a ParallelArray out of a nested JS array. // Note that the inner arrays are also ParallelArrays var pa = new ParallelArray([ [0,1], [2,3], [4,5] ]); // pa1 = <<0,1>, <2,3>, <4.5>> // Create a two-dimensional ParallelArray with shape [3, 2] using the comprehension constructor var pa = new ParallelArray([3, 2], function(iv){return iv[0] * iv[1];}); // pa7 = <<0,0>, <0,1>, <0,2>> // Create a ParallelArray from canvas. This creates a PA with shape [w, h, 4], var pa = new ParallelArray(canvas); // pa8 = CanvasPixelArray ParallelArray exposes fluent API functions that take an elemental JS function for data manipulation: map, combine, scan, filter, and scatter that return a new ParallelArray. Other functions are scalar - reduce returns a scalar value & get returns the value located at a given index. The onus is on the developer to ensure that the elemental function does not defeat data parallelization optimization (avoid global var manipulation, recursion). For reduce & scan, order is not guaranteed - the onus is on the dev to provide an elemental function that is commutative and associative so that scan will be deterministic – E.g. Sum is associative, but Avg is not. map Applies a provided elemental function to each element of the source array and stores the result in the corresponding position in the result array. The map method is shape preserving & index free - can not inspect neighboring values. // Adding one to each element. var source = new ParallelArray([1,2,3,4,5]); var plusOne = source.map(function inc(v) { return v+1; }); //<2,3,4,5,6> combine Combine is similar to map, except an index is provided. This allows elemental functions to access elements from the source array relative to the one at the current index position. While the map method operates on the outermost dimension only, combine, can choose how deep to traverse - it provides a depth argument to specify the number of dimensions it iterates over. The elemental function of combine accesses the source array & the current index within it - element is computed by calling the get method of the source ParallelArray object with index i as argument. It requires more code but is more expressive. var source = new ParallelArray([1,2,3,4,5]); var plusOne = source.combine(function inc(i) { return this.get(i)+1; }); reduce reduces the elements from an array to a single scalar result – e.g. Sum. // Calculate the sum of the elements var source = new ParallelArray([1,2,3,4,5]); var sum = source.reduce(function plus(a,b) { return a+b; }); scan Like reduce, but stores the intermediate results – return a ParallelArray whose ith elements is the results of using the elemental function to reduce the elements between 0 and I in the original ParallelArray. // do a partial sum var source = new ParallelArray([1,2,3,4,5]); var psum = source.scan(function plus(a,b) { return a+b; }); //<1, 3, 6, 10, 15> scatter a reordering function - specify for a certain source index where it should be stored in the result array. An optional conflict function can prevent an exception if two source values are assigned the same position of the result: var source = new ParallelArray([1,2,3,4,5]); var reorder = source.scatter([4,0,3,1,2]); // <2, 4, 5, 3, 1> // if there is a conflict use the max. use 33 as a default value. var reorder = source.scatter([4,0,3,4,2], 33, function max(a, b) {return a>b?a:b; }); //<2, 33, 5, 3, 4> filter // filter out values that are not even var source = new ParallelArray([1,2,3,4,5]); var even = source.filter(function even(iv) { return (this.get(iv) % 2) == 0; }); // <2,4> Flatten used to collapse the outer dimensions of an array into a single dimension. pa = new ParallelArray([ [1,2], [3,4] ]); // <<1,2>,<3,4>> pa.flatten(); // <1,2,3,4> Partition used to restore the original shape of the array. var pa = new ParallelArray([1,2,3,4]); // <1,2,3,4> pa.partition(2); // <<1,2>,<3,4>> Get return value found at the indices or undefined if no such value exists. var pa = new ParallelArray([0,1,2,3,4], [10,11,12,13,14], [20,21,22,23,24]) pa.get([1,1]); // 11 pa.get([1]); // <10,11,12,13,14>Read the article
-
Fonctionnalités spéciales de Qt avec Mac OS X, un article de Trenton Schulz traduit par charlespf
Bien que Qt facilite le développement d'applications multiplateformes, cela ne signifie pas que nous fournissons exclusivement des fonctionnalités qui sont communes à toutes les plateformes. En effet, lorsque cela est possible, des fonctionnalités spécifiques à la plateforme sont exposées, tout en veillant à ce qu'elles ne sortent pas du cadre de nos API multiplateformes : ceci est particulièrement vrai pour Qt sous Mac OS X. "Fonctionnalités spéciales de Qt avec Mac OS X...Read the article
-
Transform Your Portal Experience and Optimize Online Engagement
- by Christie Flanagan
Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Does your portal environment foster collaboration between your business and your customers? Are you effectively managing your customer, employee, and partner relationships and engagement? Can your users access information through Web, mobile, and social channels? Online engagement solutions give organizations the ability to listen and respond to their customers, provide targeted experiences, and encourage interaction among customers and employees.Join us for a webcast on Thursday, April 12, 2012 at 10 a.m. PT / 1 p.m. ET, where Sachin Agarwal, Senior Director of Product Management and Kellsey Ruppel, Senior Product Marketing Manager for Oracle WebCenter, will tell you how to transform your portal experience and optimize online engagement. With Oracle WebCenter, you can: Deliver an optimized online experience for your users Create contextually relevant, targeted online experiences Provide intuitive and secure access to back-office applications Manage and moderate interactive, multichannel social interactions Register today and learn how to make your portals more interactive and engaging across multiple channels.Read the article
-
[News] Microsoft Visual Studio 2010 disponible !
C'est officiel, Visual Studio 2010 est d?sormais disponible. Vous pouvez l'essayer ou l'acheter. Nul besoin de rappeler les dizaines de nouveaut?s de cette mouture. La partie graphique a ?t? enti?rement con?ue sur la base du framework WPF et de nouvelles API font leur apparition. C'est s?r, le d?veloppement .NET prend aujourd'hui une nouvelle dimension avec VS 2010 et le framework .NET V4.Read the article
-
Using XNA to learn to build a game, but wanna move on [closed]
- by Daniel Ribeiro
I've been building a 2D isometric game (with learning purposes) in C# using XNA. I found it's really easy to manage sprite sheets loading, collision, basic physics and such with the XNA api. The thing is, I want to move on. My real goal is to learn C++ and develop a game using that language. What engine/library would you guys recommend for me to keep going on that same 2D isometric game direction using pretty much sprite sheets for the graphical part of the game?Read the article
-
SharePoint Office365 and Azure – an Overview of what you can use today
- by Sahil Malik
SharePoint 2010 Training: more information I will be speaking on cloud related topics – an overview at one of my favorite user groups, CMAPonline on January 24th. Here are the details, When – Tuesday, January 24, 2012 7:00 PMWhere - UMBC Building 21 About - "SharePoint Office365 and Azure – an Overview of what you can use today!"Everyone is talking about the cloud. Everyone is moving to the cloud. Microsoft's cloud offering is probably the most expansive of all. But how does it really compare with other offerings? What is the featureset of Google? Or Amazon? And in the jungle of Beta, what is currently proven and production ready in the Microsoft spectrum? Most of all, how do you move from your current setup to a cloud based setup? In this session, Sahil provides a manager and architect level overview demystifying all these topics and more. Read full article ....Read the article
-
Exadata ROI cases
- by Javier Puerta
The following cases illustrate the type of ROI benefits that customers can obtain from their investment in Exadata infrastructure. Australian Finance Group will achieve a 42% ROI by and break even in three years by consolidating Oracle E-Business Suite and Siebel applications on Oracle Exadata. Read the ROI case at: http://www.oracle.com/us/corporate/customers/afg-1-exadata-cs-1354807.pdf In addition to this study, there are Oracle Exadata Mainstay ROI Case Studies for the following: Merck -Pharma, Oracle Exadata Achieves Fivefold Performance Increase for Critical Product Research Platform Turkcell Accelerates Reporting Tenfold, Saves on Storage and Energy Costs with Consolidated Oracle Exadata PlatformRead the article
-
Where can I download list of all .com domains registered in the world
- by John
I just need registered .com domain names. I know this list is available at: http://www.verisigninc.com/en_US/products-and-services/domain-name-services/grow-your-domain-name-business/tld-zone-access/index.xhtml ( looks like it could take 4 weeks for approval) http://www.premiumdrops.com/zones.html Also I can extract domain names using domain search API at domaintools.com Is there any other source where I can find this list?Read the article
-
Compliance Strategic Issues: How Oracle and OPN Partner Approva are Automating IT Controls
Fred speaks with Greg Myers, Vice President of Sales for Approva, an OPN Partner, and Lane Leskela, Oracle's Senior Director of Product Marketing for Compliance Solutions about compliance issues such as segregation of duties (SOD) and the benefits of compliance management.Read the article
-
Kicking off the ODI12c Blog Series
- by Madhu Nair
Normal 0 false false false EN-US ZH-TW X-NONE MicrosoftInternetExplorer4 It is always exciting to talk about a new release, especially one as significant as the newly released Oracle Data Integrator 12c (ODI12c). Why? Because it is packed with features that addresses many requirements for the user community. If you missed sneak previews at this year's Oracle Open World sessions, do not despair. Because over the coming weeks the ODI12c team of developers and consultants will be sharing their perspective on key features, experiences and best practices for ODI12c right here through a series of blogs. Before diving into feature details in subsequent blogs it helps to understand the overall themes that went into developing ODI12c. Let the Productivity Flow: Let us face it. Designing for developer user experience is always top of mind to any enterprise software. ODI12c addresses this through the introduction of declarative flow based mappings (the topic of our next ODI blog by the way!!). Reusability has been addressed though the introduction of reusable mappings cutting down development times for repeated logics. An enhanced debugger makes life easy for complex granular debugging scenarios. Unique repository IDs now allow you to manage multiple repositories. Performance is Paramount: Another major area of focus for ODI12c is performance. Increased parallelism (like the multiple target table load feature), reduced session overheads and ability to customize loads plans through physical views all empower the user to tune run times for extreme performances. mapping showing multiple target load physical representation allowing users to choose execution options Integrating it all: This release is not just about ODI12c as a standalone product. Closer integration with Oracle GoldenGate now brings Change Data Capture (CDC) capabilities into ODI12c. Oracle Warehouse Builder (OWB) jobs can now be executed and monitored from within ODI12c. And ODI12c is fast becoming the de facto standard for Oracle Applications that need data integration in their solutions. The best example being the latest release of the Oracle BI Applications technology. Even as we bring you in-depth write-ups about the features there are some great previews and resources that are already out there. Like this super entry by beta partner Rittman Mead Consulting and this ODI12c Key Features White Paper. You can download ODI12c here (this post helps). The best though is the upcoming Executive Webcast featuring customers and executives who have seen and conceived the product. Don’t miss it!Read the article
-
Archbeat Link-O-Rama Top 10 Facebook Faves for October 20-26, 2013
- by OTN ArchBeat
What are the 4,460 fans of the OTN ArchBeat Facebook Page talking about? The list below represents the Top 10 most popular articles, blog posts, and other content from across the community. Enterprise Grade Deployment Considerations for Oracle Identity Manager AD Connector | Firdaus Fraz Oracle Fusion Middleware solution architect Firdaus Fraz illustrates provides best practice recommendations for setting up an enterprise deployment environment for the OIM connector for Microsoft Active Directory. A Roadmap for SOA Development and Delivery | Mark Nelson Do you know the way to S-O-A? Mark Nelson does. His latest blog post, part of an ongoing series, will help to keep you from getting lost along the way. The road ahead for WebLogic 12c | Edwin Biemond Oracle ACE Edwin Biemond shares his thoughts on announced new features in Oracle WebLogic 12.1.3 & 12.1.4 and compares those upcoming releases to Oracle WebLogic 12.1.2. Oracle GoldenGate 12c - New Release, New Features | Michael Rainey Rittman Mead's Michael Rainey takes you on guided tour through the GoldenGate 12c features that "are relevant to data warehouse and data migration work we typically see in the business intelligence world." Reproducing WebLogic Stuck Threads with ADF CreateInsert Operation and ORDER BY Clause | Andrejus Baranovsikis Another post from Oracle ACE Director Andrejus Baranovsikis on dealing with WebLogic Stuck Threads. This one includes a test case application you can download. The Impact of SaaS - The Times They Are A-Changin' | Floyd Teter Oracle ACE Director Floyd Teter shares some truly interesting insight gained in conversations with three Fortune 500 CIOs. Configure Oracle Identity Manager AD/LDAP Authentication | Arda Eralp A step-by-step how-to from a member of the Fusion Middleware Applications Consultancy team. Java-Powered Robot Named NAO Wows Crowds | Tori Wieldt Tori Wieldt interviews a robot and human. Updated ODI Statement of Direction | Robert Schweighardt Heads up Oracle Data Integrator fans! A new product statement of direction document is available, offering "an overview of the strategic product plans for Oracle’s data integration products for bulk data movement and transformation, specifically Oracle Data Integrator (ODI) and Oracle Warehouse Builder (OWB)." Oracle BI Apps 11.1.1.7.1 – GoldenGate Integration - Part 2: Setup and Configuration | Michael Rainey Michael Rainey continues his series with another technical article for you GoldenGate fans. Thought for the Day "Intuition will tell the thinking mind where to look next." — Jonas Salk, American medical researcher and virologist (October 28, 1914 – June 23, 1995) Source: brainyquote.comRead the article
-
CVE-2012-2763 Buffer overflow vulnerability in Gimp
- by RitwikGhoshal
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-2763 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 7.5 Gimp Solaris 11 11/11 SRU 11.4 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
ArchBeat Facebook Friday: Top 10 Posts - August 15-21, 2014
- by Bob Rhubart-Oracle
As hot as molten rock? Not quite. But among the 5,313 fans of the OTN ArchBeat Facebook Page these Top 10 items were the hottest over the past seven days, August 15-21, 2014. Oracle BPM 12c Gateways (Part 1 of 5): Exclusive Gateway | Antonis Antoniou Oracle ACE Associate Antonis Antoniou begins a five-part series with a look at In the gateway control flow components in Oracle BPM and how they can be used to process flow. Slicing the EDG: Different SOA Domain Configurations | Antony Reynolda Antony Reynolds introduces three different configurations for a SOA environment and identifies some of the advantages for each. How to introduce DevOps into a moribund corporate culture | ZDNet Confused about DevOPs? This post from ZDNet's Joe McKendrick -- which includes insight from Phil Whelan -- just might clear some of the fog. Oracle Identity Manager Role Management With API | Mustafa Kaya Mustafa Kaya shares some examples of role management using the Oracle Identity Management API. Podcast: Redefining Information Management Architecture Oracle Enterprise Architect Andrew Bond joins Oracle ACE Directors Mark Rittman and Stewart Bryson for a conversation about their collaboration on a new Oracle Information Management Reference Architecture. WebCenter Sites Demo Integration with Endeca Guided Search | Micheal Sullivan A-Team solution architect Michael Sullivan shares the details on a demo that illustrates the viability of integrating WebCenter Sites with Oracle Endeca. Wearables in the world of enterprise applications? Yep. Oh yeah, wearables are a THING. Here's a look at how the Oracle Applications User Experience team has been researching wearables for inclusion in your future enterprise applications. Getting Started With The Coherence Memcached Adaptor | David Felcey Let David Felcey show you how to configure the Coherence Memcached Adaptor, and take advantage of his simple PHP example that demonstrates how Memecached clients can connect to a Coherence cluster. OTN Architect Community Newsletter - August Edition A month's worth of hot stuff, all in one spot. Featuring articles on Java, Coherence, WebLogic, Mobile and much more. 8,853 Conversations About Oracle WebLogic Do you have a question about WebLogic? Do you have an answer to a question about WebLogic? You need to be here.Read the article
-
ApiChange Corporate Edition
- by Alois Kraus
In my inital announcement I could only cover a small subset what ApiChange can do for you. Lets look at how ApiChange can help you to fix bugs due to wrong usage of an Api within a fraction of time than it would take normally. It happens that software is tested and some bugs show up. One bug could be …. : We get way too man log messages during our test run. Now you have the task to find the most frequent messages and eliminate the Log calls from the source code. But what about the myriads other log calls? How can we check that the distribution of log calls is nearly equal across all developers? And if not how can we contact the developer to check his code? ApiChange can help you too connect these loose ends. It combines several information silos into one cohesive view. The picture below shows how it is able to fill the gaps. The public version does currently “only” parse the binaries and pdbs to give you for a –whousesmethod query the following colums: If it happens that you have Rational ClearCase (a source control system) in your development shop and an Active Directory in place then ApiChange will try to determine from the source file which was determined from the pdb the last check in user which should be present in your Active Directory. From there it is only a small hop to an LDAP query to your AD domain or the GC (Global Catalog) to get from the user name his Full name Email Phone number Department …. ApiChange will append this additional data all of your query results which contain source files if you add the –fileinfo option. As I said this is currently not enabled by default since the AD domain needs to be configured which are currently only some hard coded values in the SiteConstants.cs source file of ApiChange.Api.dll. Once you got this data you can generate metrics based on source file, developer, assembly, … and add additional data by drag and drop directly into the pivot tables inside Excel. This allows you to e.g. to generate a report which lists the source files with most log calls in descending order along with the developer name and email in the pivot table. Armed with this knowledge you can take meaningful measures e.g. to ask the developer if the huge number of log calls in this source file can be optimized. I am aware that this is a very specific scenario but it is a huge time saver when you are able to fill the missing gaps of information. ApiChange does this in an extensible way. namespace ApiChange.ExternalData { public interface IFileInformationProvider { UserInfo GetInformationFromFile(string fileName); } } It defines an interface where you can implement your custom information provider to close the gap between source control system and the real person I have to send an email to ask if his code needs a closer inspection.Read the article
-
New iPad vs. iPad 2–Side by side comparison of hardware specification [Infographic]
- by Gopinath
Apple released the 3rd generation of iPad on March 7th with spectacular hardware and software specs. The new iPad is the most advanced tablet available in the market with not much of competition. The closest competitor to the new iPad is not from Android or RIM or Amazon as they are no where close to the standards of the new iPad . But the competitor is none other than previous generation of iPad 2. In order to help you decide which Apple tablet suits your requirements here is an infographic comparing the iPad with iPad 2Read the article
-
Google Chrome Extensions: Launch Event (part 1)
Google Chrome Extensions: Launch Event (part 1) Video Footage from the Google Chrome Extensions launch event on 12/09/09. In this part, Brian Rakowski, product management director, provides an update on Google Chrome and explains why extensions are important for the Google Chrome team. From: GoogleDevelopers Views: 5167 17 ratings Time: 04:39 More in Science & TechnologyRead the article
-
CVE-2012-3410 stack-based buffer overflow vulnerability in Bash
- by RitwikGhoshal
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3410 Buffer overflow vulnerability 4.6 Bash Solaris 11 Contact Support Solaris 10 SPARC: 126546-04 X86: 126547-04 Solaris 9 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
Multiple Denial of Service vulnerabilities in Quagga
- by chandan
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3323 Denial of Service (DoS) vulnerability 5.0 Quagga Solaris 10 SPARC: 126206-09 X86: 126207-09 Solaris 11 11/11 SRU 4 CVE-2011-3324 Denial of Service (DoS) vulnerability 5.0 CVE-2011-3325 Denial of Service (DoS) vulnerability 5.0 CVE-2011-3326 Denial of Service (DoS) vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
Multiple Denial of Service vulnerabilities in Quagga
- by chandan
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-4826 Denial of Service (DoS) vulnerability 3.5 Quagga Solaris 10 SPARC: 126206-09 X86: 126207-09 Solaris 11 11/11 SRU 4 CVE-2009-1572 Denial of Service (DoS) vulnerability 5.0 CVE-2010-1674 Denial of Service (DoS) vulnerability 5.0 CVE-2010-1675 Denial of Service (DoS) vulnerability 5.0 CVE-2010-2948 Denial of Service (DoS) vulnerability 6.5 CVE-2010-2949 Denial of Service (DoS) vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
The Benefits of Oracle's Warehouse Management Solution and RFID
Oracle Supply Chain Expert, Irving Chernofsky speaks with Fred about Oracle's Warehouse Management Solution (WMS), the benefits customers are receiving today from this product, how it supports Radio Frequency Identification or RFID and where you can get more information about these products.Read the article
-
Le Khronos Group publie les spécifications de OpenGL 3.3 et 4.0
Le Khronos Group publie les spécifications de OpenGL 3.3 et 4.0 Déjà deux ans après la sortie d'OpenGl 3.x, le Khronos Group nous offre le même jour les spécifications des nouvelles versions d'OpenGL : La version 3.3 et la version 4.0 Pour ces nouvelles versions la séparation Core et Compatibility demeurent et, nouveauté pour le GLSL, les versions ont dorénavant le même nom que la version de l'API sous laquelle elles ont été sortis. On nous promet aussi une version 4.0 optimisée, moins dépendante du CPU, notamment concernant la tesselation... N'étant pas familier a OpenGL je n'oserais en dire plus pour les plus curieux voici le lien :Read the article
-
SQL Azure and Trust Services
- by BuckWoody
Microsoft is working on a new Windows Azure service called “Trust Services”. Trust Services takes a certificate you upload and uses it to encrypt and decrypt sensitive data in the cloud. Of course, like any security service, there’s a bit more to it than that. I’ll give you a quick overview of how you can use this product to protect data you send to SQL Azure. The primary issue with storing data in the cloud is that you are in an environment that isn’t under your control – in fact, that’s the benefit of being in a distributed computing environment in the first place. On premises you’re able to encrypt data you don’t want anyone else to see, using various methods such as passwords (not very strong) or certificates (stronger). When you use a certificate, it’s vital that you create (or procure) and protect it yourself. When you store data remotely, regardless of IaaS, PaaS or SaaS, you don’t own the machines where the data lives. That means if you use a certificate from the cloud vendor to encrypt the data, you have to trust that the data won’t be accessed by the vendor. In some cases having a signed agreement with the vendor that they won’t access your data is sufficient, in other cases that doesn’t meet the requirements your system has for security. With the new Trust Services service, the basic process is that you use a Portal to create a Trust Server using policies and other controls. You place a X.509 Certificate you create or procure in that server. Using the Software development Kit (SDK), the developer has access to an Application Layer Encryption Framework to set fields of data they want to encrypt. From there, the data can be stored in SQL Azure as a standard field – only it is encrypted before it ever arrives. The portion of the client software that decrypts the data uses the same service, so the authenticated user sees the data if they are allowed to do so. The data remains encrypted “at rest”. You can learn more about this product and check it out in the SQL Azure labs at Microsoft Codename "Trust Services"Read the article
