Search Results

Search found 28693 results on 1148 pages for 'oracle advanced security'.

Page 488/1148 | < Previous Page | 484 485 486 487 488 489 490 491 492 493 494 495  | Next Page >

• IIS reveals internal IP address in content-location field - fix

  - by saille

  Referring: http://support.microsoft.com/kb/q218180/, there is a known issue in IIS4/5/6 whereby it will reveal the internal IP of a web server in the content-location field of the HTTP header. We have IIS 6. I have tried the fix suggested, but it has not worked. The website is configured to send all requests to ASP.NET, and I am wondering if this is why the fix, which addresses IIS configuration, has not worked for us. If this is the case, how would we fix this in ASP.NET? We need to fix this issue in order to pass a security audit.

  Read the article

• How can I monitor if a cookie is being sent to a domain other than the one it originated from?

  - by Brendan Salt

  I am trying to write a program that will verify that all cookies sent out from the machine are in fact going to the domain they came from. This is part of a larger security project to detect cookie based malicious attacks (such as XSS). The main snag for this project is actually detecting the out-going cookies. Can someone point me in the right direction for monitoring out-going HTTP traffic for cookie information? Other information about the project: This is a windows application written in C and numerous scripting languages. Thanks so much for the help.

  Read the article

• INNOVATIONS IN PRODUCTS – Partner Briefing PROGRAM - October 1st

  - by Mike.Hallett(at)Oracle-BI&EPM

  Partners are invited to join the Innovations in Products webcast, October 1st: 4:00pm CET /5:00pm UK BI & EPM Product breakout Webcast sessions available on October 1st: Topics Speaker To Register Oracle Endeca Information Discovery, Product Overview Emma Palii, BI Sales Consultant CLICK HERE Hyperion Project Financial Planning, Measure the full financial impacts of your Projects Olivier Bernard, EPM Business Solutions Director CLICK HERE To see the full list of session topics, goto the overall registration page Innovations in Products October 1st.    To access the previously presented Applications, and Public-Sector Value Proposition presentations, please click here. Delivery Format: 1 Hour Webcast The Innovations in Products program is a series of Oracle product presentations followed by live Q&A.  It will be delivered over the Web.  Partner Participants have the opportunity to submit questions during the web cast via chat and subject matter experts will provide verbal answers live. For further information please contact Markku Rouhiainen.  

  Read the article

• Statements of direction for EPM 11.1.1.x series products

  - by THE

  Some of the older parts of EPM that have been replaced with newer software will phase out after January 2013. For most of these the 11.1.1.x Series will be the last release. They will then only be supported via sustaining support (see policy). We have notes about: the Essbase Excel Add In (replaced by SmartView which nearly achieved functionality parity with release 11.1.2.1.102) Oracle Essbase Spreadsheet Add-in Statement of Direction (Doc ID 1466700.1) Hyperion Data Integration Management (replaced by Oracle Data Integrator ( ODI )) Hyperion Data Integration Management Statement of Direction (Doc ID 1267051.1) Hyperion Enterprise and Enterprise Reporting (replaced by HFM) Hyperion Enterprise and Hyperion Enterprise Reporting Statement of Direction (Doc ID 1396504.1) Hyperion Business Rules (replaced by Calculation Manager) Hyperion Business Rules Statement of Direction (Doc ID 1448421.1) Oracle Visual Explorer (this one phased out in June 11 already - just in case anyone missed it) Oracle Essbase Visual Explorer Statement of Direction (Doc ID 1327945.1) For a complete list of the Supported Lifetimes, please review the "Oracle Lifetime Support Policy for Applications"

  Read the article

• Nodemanager Init.d Script

  - by john.graves(at)oracle.com

  I’ve seen many of these floating around.  This is my favourite on an Ubuntu based machine. Just throw it into the /etc/init.d directory and update the following lines: export MW_HOME=/opt/app/wls10.3.4 user='weblogic' Then run: update-rc.d nodemanager default Everything else should be ok for 10.3.4. #!/bin/sh # ### BEGIN INIT INFO # Provides: nodemanager # Required-Start: # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: WebLogic Nodemanager ### END INIT INFO # nodemgr Oracle Weblogic NodeManager service # # chkconfig: 345 85 15 # description: Oracle Weblogic NodeManager service # ### BEGIN INIT INFO # Provides: nodemgr # Required-Start: $network $local_fs # Required-Stop: # Should-Start: # Should-Stop: # Default-Start: 3 4 5 # Default-Stop: 0 1 2 6 # Short-Description: Oracle Weblogic NodeManager service. # Description: Starts and stops Oracle Weblogic NodeManager. ### END INIT INFO # Source function library. . /lib/lsb/init-functions # set Weblogic environment defining CLASSPATH and LD_LIBRARY_PATH # to start/stop various components. export MW_HOME=/opt/app/wls10.3.4 # # Note: # The setWLSEnv.sh not only does a good job of setting the environment, # but also advertises the fact explicitly in the console! Silence it. # . $MW_HOME/wlserver_10.3/server/bin/setWLSEnv.sh > /dev/null # set NodeManager environment export NodeManagerHome=$WL_HOME/common/nodemanager NodeManagerLockFile=$NodeManagerHome/nodemanager.log.lck # check JAVA_HOME if [ -z ${JAVA_HOME:-} ]; then export JAVA_HOME=/opt/sun/products/java/jdk1.6.0_18 fi exec=$MW_HOME/wlserver_10.3/server/bin/startNodeManager.sh prog='nodemanager' user='weblogic' is_nodemgr_running() { local nodemgr_cnt=`ps -ef | \ grep -i 'java ' | \ grep -i ' weblogic.NodeManager ' | \ grep -v grep | \ wc -l` echo $nodemgr_cnt } get_nodemgr_pid() { nodemgr_pid=0 if [ `is_nodemgr_running` -eq 1 ]; then nodemgr_pid=`ps -ef | \ grep -i 'java ' | \ grep -i ' weblogic.NodeManager ' | \ grep -v grep | \ tr -s ' ' | \ cut -d' ' -f2` fi echo $nodemgr_pid } check_nodemgr_status () { local retval=0 local nodemgr_cnt=`is_nodemgr_running` if [ $nodemgr_cnt -eq 0 ]; then if [ -f $NodeManagerLockFile ]; then retval=2 else retval=3 fi elif [ $nodemgr_cnt -gt 1 ]; then retval=4 else retval=0 fi echo $retval } start() { ulimit -n 65535 [ -x $exec ] || exit 5 echo -n $"Starting $prog: " su $user -c "$exec &" retval=$? echo return $retval } stop() { echo -n $"Stopping $prog: " kill -s 9 `get_nodemgr_pid` &> /dev/null retval=$? echo [ $retval -eq 0 ] && rm -f $NodeManagerLockFile return $retval } restart() { stop start } reload() { restart } force_reload() { restart } rh_status() { local retval=`check_nodemgr_status` if [ $retval -eq 0 ]; then echo "$prog (pid:`get_nodemgr_pid`) is running..." elif [ $retval -eq 4 ]; then echo "Multiple instances of $prog are running..." else echo "$prog is stopped" fi return $retval } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 restart ;; *) echo -n "Usage: $0 {" echo -n "start|" echo -n "stop|" echo -n "status|" echo -n "restart|" echo -n "condrestart|" echo -n "try-restart|" echo -n "reload|" echo -n "force-reload" echo "}" exit 2 esac exit $? .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }

  Read the article

• Is there any benefit to encrypting twice using pgp?

  - by ojblass

  I am asking from a "more secure" perspective. I can imagine a scenario with two required private keys needed for decryption scenarios that may make this an attractive model. This is to settle an argument. My vote is that it is not adding any additional security other than having to compromise two different private keys. I think that if it was any more secure than encrypting it one million times would be the best way to secure informaiton and I don't buy it. So I guess my question becomes is a two locking mechanism equivalent to another one locking mechanism with a single key? Update: Forgive me if the answer is obvious but my bread goes dead as I read books on the topic.

  Read the article

• Why Shouldn't I Programmatically Submit Username/Password to Facebook/Twitter/Amazon/etc?

  - by viatropos

  I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)... I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time. But I keep wondering, not being an authentication guru, why couldn't I just have a sleek login page saying "Enter username and password, and check your login service", and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn't have to go through popups and redirects and they could use any previously existing accounts. My question is: What are the reasons why I shouldn't do something like that? I don't know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!

  Read the article

• ADO "Unspecified Error" instead of actual error when fetching server side cursor

  - by Dan

  This relates to my recent question: http://stackoverflow.com/questions/2835663/force-oracle-error-on-fetch I am now able to reproduce a scenario where using ADO with the Oracle OLEDB Provider, I can force an error such as ORA-01722: invalid number to occur on calling Recordset.MoveNext However, this is not the error that is returned to the application. Instead, the application sees Provider error '80004005' Unspecified error. How can I get the application to see the real error from the database? This is with Oracle 10g (client and server), if it matters. Sample code is roughly as follows: Dim con As New ADODB.Connection Dim cmd As New ADODB.Command Dim rs As ADODB.Recordset con.ConnectionString = "Provider=OraOLEDB.ORACLE;Data Source=xxx;User Id=yyy;Password=zzz" con.CursorLocation = adUseServer con.Open Set cmd.ActiveConnection = con cmd.CommandText = "select * from table(ret_err)" cmd.Prepared = True Set rs = cmd.Execute While Not rs.EOF rs.MoveNext Wend

  Read the article

• Are there cross-platform tools to write XSS attacks directly to the database?

  - by Joachim Sauer

  I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications. I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development). Is anyone aware of a similar tool? Preferably it should be: cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok) open source (I really like being able to audit my security tools) able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)

  Read the article

• Detecting if a browser is using Private Browsing mode

  - by Steve

  I'm building an extranet for a company paranoid about security. They want to make sure that (among other things) their users are browsing the site with the Private Browsing mode switched on in their web browser so that no cookies or history is kept. I found only this http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html and http://serverfault.com/questions/18966/force-safari-to-operate-in-private-mode-and-detect-that-state-from-a-webserver The ideal solution would use no or minimal javascript. Would attempting to set a unique cookie work for all browsers and platforms? Anyone done this before? thanks!

  Read the article

• Prevent Method call without Exception using @PreAuthorize Annotation

  - by Chepech

  Hi all. We are using Spring Security 3. We have a custom implementation of PermissionEvaluator that has this complex algorithm to grant or deny access at method level on the application. To do that we add a @PreAuthorize annotation to the method we want to protect (obviously). Everything is fine on that. However the behavior that we are looking for is that if a hasPermission call is denied, the protected method call only needs to be skipped, instead we are getting a 403 error each time that happens. Any ideas how to prevent that? You can find a different explanation of the problem here; AccessDeniedException handling during methodSecurityInterception

  Read the article

• Introducing the new Demantra Guided Resolutions!

  - by user702295

  There is a new method to find your solution called guided resolution or search helper. Currently, we cover 5 specific topical areas: Oracle Demantra 7.x and Above Data Loading Guided Resolution Note 1461899.1 Oracle Demantra Load Data Issues Not Necessarily Error Code Related Guided Resolution Note 1468884.1 Oracle Demantra 7.x and Above Workflow Issues Guided Resolution Note 1353217.1 Oracle Demantra 7.x and Above Worksheet Related Guided Resolution Note 1486639.1 Oracle Demantra 7.x and Above Engine Related Guided Resolution Note 1486634.1 The guides will be updated with the latest proven solutions on a regular basis, keeping the contect relevant. What is a guided resolution?   What is the best practice using a guided resolution? How to Use the Demantra Guided Resolution, a Proactive Services Tutorial.  Note 1473992.1

  Read the article

• Meet up with JCP at Devoxx - 13 - 16 November

  - by Heather VanCura

  The JCP will be back at Devoxx this year:-).  If you are attending, you can catch either Patrick or Heather at one of these events... Tuesday - OpenJDK Lab, and then we will move over to the Hackergarten (TCK/unit testing); or Beer Bash at Oracle Booth-17:30–19:30. Wednesday - Beer Bash at Oracle Booth-18:00–20:00! Thursday - JCP session-12:00:  The JCP Program: More than 101 Ways to Influence the Future of the Java Platform ; Patrick Curran, Chair of the JCP & Heather VanCura, JCP Manager; or Beer Bash at Oracle Booth-18:00–20:00. Oracle booth twiki Oracle Session listing

  Read the article

• Use Tomcat with Java SecurityManager?

  - by pauline

  I'm writing a web application that is supposed to run on Tomcat on Ubuntu. On Ubuntu, Tomcat is per default configured to run with the Java SecurityManager. Besides my own web application, there will only be some well known third party web applications related to my own, like the BIRT report engine. If one of the web applications fails or gets compromised, it may take down all the others without harm, because they all belong together. What I don't wont to happen is that a compromised web app compromises the system itself, like calling rm -r / Do I need to use the java security manager to achieve this? Or is it only necessary to protect one web app from the other? I'd really like to prevent the effort to create .policy files for all the 3rd party web applications I intend to use.

  Read the article

• What is the sense of permiting the user to use no passwords longer than xx chars?

  - by reox

  Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

  Read the article

• B2B training material

  - by JuergenKress

  At our SOA Community Workspace (SOA Community membership required) you can find the latest B2B training material including training videos. B2B Technical Webcast - Part 1 - Feb 7 2013 - PPT.pptx B2B Technical Webcast - Part 2 - Feb 19 2013 - PPT.pptx B2B Technical Webcast - Part 1 - Feb 7 2013 - Audio & Video.wmv B2B Technical Webcast - Part 2 - Feb 19 2013 - Audio & Video.wmv Visit our next B2B and Adapters partner training August 26th-30th 2013 in Lisbon SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Mix Forum Technorati Tags: b2b,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

  Read the article

• Building a Fusion Applications Ready Foundation

  Designed from the ground-up using the latest technology advances and incorporating the best practices gathered from Oracle's thousands of customers, Fusion Applications are 100 percent open standards-based business applications that set a new standard for the way we innovate, work and adopt technology. Delivered as a complete suite of modular applications, Fusion Applications work with your existing portfolio to evolve your business to a new level of performance. In this AppCast, part of a special series on Fusion Applications, you will hear how components of Oracle Fusion Middleware, the very same platform that underpins Oracle Fusion Applications, can work with and enhance your Oracle E-Business Suite, Siebel, PeopleSoft, JD Edwards and other application investments. You will learn how you can build a Fusion-ready Applications Foundation and how you prepare your IT and operational skills to use and run Oracle Fusion Applications.

  Read the article

• How to make an Asp.net MVC 2 website have a Private Beta Mode.

  - by Mark Kitz

  I am creating an ASP.Net MVC website that I am launching soon in private beta. What I am using. ASP.NET MVC 2 ASP.NET Sql Membership Provider Authorization Attributes on ActionMethods. ex. [EditorsOnly] What I am trying to accomplish: During the private Beta period of my website, I want no anonymous users to access my site. Only Beta Testers of my site should be able to login and use my site as normal. After the private beta period people can access it using the security structure I already have set up. I am hoping I do not have to recompile but can have a setting in the webconfig to switch between Private Beta mode to Normal mode. Thanks for your suggestions.

  Read the article

• When do you trust the data / variables

  - by Wizzard

  We all know that all user data, GET/POST/Cookie etc etc needs to be validated for security. But when do you stop, once it's converted into a local variable? eg if (isValidxxx($_GET['foo']) == false) { throw InvalidArgumentException('Please enter a valid foo!'); } $foo = $_GET['foo']; fooProcessor($foo); function fooProcessor($foo) { if (isValidxxx($foo) == false) { throw Invalid...... } //other stuff } To me thats over the top. But what if you load the value from the database... I hope I make sense :)

  Read the article

• Is php fileinfo sufficient to prevent upload of malicious files?

  - by Scarface

  Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

  Read the article

• BI Applications Mobile Demonstration

  - by Mike.Hallett(at)Oracle-BI&EPM

  Partners can now run live interactive Demos of the latest version of OBI Mobile on an iPad, and BI Applications have also been made available via OBI mobile app Demos including; Financials, HR, Marketing, Procurement & Spend, Projects and Supply chain.  You can download Demo Scripts for these: e.g. Mobile_Marketing_Analytics.pdf The mobile app is using the same dashboards and data as the BI Applications Test Drives, which partners can access here. These existing demo scripts for these BI Applications can be used with the BI mobile app.  The instructions regarding the interface will be different, but the story line is the same.  If you want the “Mobile Financial Analytics” script ask me @ [email protected] For more instructions on setting up and connecting your iPad, see: Run Live OBI Mobile HD Demos on your iPad Business doesn't stop just because you're on the go. See how Oracle BI Mobile makes consuming BI on the go simple, secure and fast.  

  Read the article

• Websphere exception handling

  - by Benjamin

  Hi all, From a security standpoint, what is the best solution to handle application errors with Websphere? I've been thinking of creating a class that is called every time an application error is generated, log the error and display a generic error message to the users. In PHP this can be achieved using the set_exception_handler() function. Is there something similar for websphere that could be configured in the web.xml? I've found codes like this on the internet: <error-page> <error-code>500</error-code> <location>/servlet/ExceptionHandlerServlet</location> </error-page> But that would only work with "500" HTTP error codes. I really want something generic that catches everything. Something like a class that implements a certain interface which can have access to all information about the error. Thanks for your time.

  Read the article

• Secure database connection. DAL .net architecture best practice

  - by Andrew Florko

  We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a shits of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also. I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet. What kind of .net technologies and best practices would you suggest? Thank in you in advance!

  Read the article

• Gartner Business Process Management Excellence Awards 2014

  - by JuergenKress

  We are now accepting Nominations for the 2014 Gartner Business Process Management Excellence Awards. What are the Gartner Business Process Management Excellence Awards? Gartner Business Process Management (BPM) Excellence Awards program highlights world-class BPM programs and projects that deliver business results by broadly sharing their successes, challenges and insights. If you have recently implemented a successful BPM program or project with resulting business impact, do not miss out on the opportunity to publicize this accomplishment and honor those responsible for its success. Whatever your industry or government sector, and no matter the focus of your BPM program or project, we want to hear your story. Apply today. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Mix Forum Technorati Tags: Garnter,BPM award,BPM,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

  Read the article

• session is lost after successful login?

  - by sword101

  greetings all um using spring security 3.0.2,all the application pages are secured to see them you must be authenticated um using https protocol i have a strange problem that after successful login and got to the requested page when try to open any link to other pages in the application the session is invalidated or lost or what happened i don't know and the user become anonymous,and redirected to the login page and i got this from debugging: No HttpSession currently exists No SecurityContext was available from the HttpSession: null. A new one will be created. after reviewing the coe many times,nothing in the code is invalidating the session,any ideas why something like this might happen?

  Read the article

< Previous Page | 484 485 486 487 488 489 490 491 492 493 494 495  | Next Page >