Search Results

Search found 6397 results on 256 pages for 'secure emails'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 50/256 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >

  • SSL setup: UCC or wildcard certificates?

    - by quanza
    I've scoured the web for a clear and concise answer to my SSL question, but to no avail. So here goes: I have a web-service requiring SSL support for authentication pages. The root-level domain does not have the "www" - i.e., secure://domain.com - but localized pages use "language-code.domain.com", i.e. secure://ja.domain.com So I need at least a wildcard SSL certificate that supports secure://*.domain.com However, we also have a public sandbox environment at sandbox.domain.com, which we also need to support under localized domains - so secure://ja.sandbox.domain.com needs to also work. The previous admin managed to purchase a wildcard SSL certificate for .domain.com, but with a Subject Alternative Name for "domain.com". So, I'm thinking of trying to get a wildcard certificate with SANs defined as "domain.com" and ".*.domain.com". But now I'm getting confused because there seem to be separate SAN certificates, also called UCC certificates. Can someone clarify whether it's possible to get a wildcard certificate with additional SAN fields, and ultimately what the best way is to support: secure://domain.com secure://.domain.com secure://.*.domain.com with the fewest (and cheapest!) number of SSL certificates? Thanks!

    Read the article

  • Spring 3 simple extentionless url mappings with annotation-based mapping - impossible?

    - by caerphilly
    Hi, I'm using Spring 3, and trying to set up a simple web-app using annotations to define controller mappings. This seems to be incredibly difficult without peppering all the urls with *.form or *.do Because part of the site needs to be password protected, these urls are all under /secure. There is a <security-constraint> in the web.xml protecting everything under that root. I want to map all the Spring controllers to /secure/app/. Example URLs would be: /secure/app/landingpage /secure/app/edit/customer/{id} each of which I would handle with an appropriate jsp/xml/whatever. So, in web.xml I have this: <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/secure/app/*</url-pattern> </servlet-mapping> And in despatcher-servlet.xml I have this: <context:component-scan base-package="controller" /> In the Controller package I have a controller class: package controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; @Controller @RequestMapping("/secure/app/main") public class HomePageController { public HomePageController() { } @RequestMapping(method = RequestMethod.GET) public ModelAndView getPage(HttpServletRequest request) { ModelAndView mav = new ModelAndView(); mav.setViewName("main"); return mav; } } Under /WEB-INF/jsp I have a "main.jsp", and a suitable view resolver set up to point to this. I had things working when mapping the despatcher using *.form, but can't get anything working using the above code. When Spring starts up it appears to map everything correctly: 13:22:36,762 INFO main annotation.DefaultAnnotationHandlerMapping:399 - Mapped URL path [/secure/app/main] onto handler [controller.HomePageController@2a8ab08f] I also noticed this line, which looked suspicious: 13:25:49,578 DEBUG main servlet.DispatcherServlet:443 - No HandlerMappings found in servlet 'dispatcher': using default And at run time any attempt to view /secure/app/main just returns a 404 error in Tomcat, with this log output: 13:25:53,382 DEBUG http-8080-1 servlet.DispatcherServlet:842 - DispatcherServlet with name 'dispatcher' determining Last-Modified value for [/secure/app/main] 13:25:53,383 DEBUG http-8080-1 servlet.DispatcherServlet:850 - No handler found in getLastModified 13:25:53,390 DEBUG http-8080-1 servlet.DispatcherServlet:690 - DispatcherServlet with name 'dispatcher' processing GET request for [/secure/app/main] 13:25:53,393 WARN http-8080-1 servlet.PageNotFound:962 - No mapping found for HTTP request with URI [/secure/app/main] in DispatcherServlet with name 'dispatcher' 13:25:53,393 DEBUG http-8080-1 servlet.DispatcherServlet:677 - Successfully completed request So... Spring maps a URL, and then "forgets" about that mapping a second later? What is going on? Thanks.

    Read the article

  • Need to get SMTP server on MS Server 2003

    - by Matt Dawdy
    Long story short, client paid networking company to move their website in house. Now I have to figure out how to email out from their website even though they don't have an SMTP server. At least until I install one. Their email is hosted with Gmail right now (the client's domain through Google App for Your Domain). I changed my code to connect as one of their users "[email protected]" and send email. Worked great for about 12 hours. All of a sudden none of the automated emails are going out now, and google is sending the emails back saying that it is a permanent failure and Message Rejected. The link they direct me to, http://mail.google.com/support/bin/answer.py?answer=69585 is telling me that our emails look like spam. They aren't. They are emails we send to out clients about the status of their applications. Seriously, they are NOT spam. So...long story short is out the window, sorry...but I need to get an SMTP server setup inside their domain that I can send emails out of. This thing won't need to receive emails ever, and really only needs 1 email account customercare. What can I do? Will I have to have the networking company open a port in the firewall? Is there one built into Server 2003?

    Read the article

  • How to make Exchange 2003 non-authoritive

    - by Romski
    Background We are a small company with an internally hosted Exchange 2003. It receives email for 2 domains (the company was renamed a few years back). For the sake of argument, the domains are: oldname.com newname.com We have moved newname.com to a hosted exchange service, and our DNS record is correctly routing emails. Our internal server still receives email for oldname.com, although we have asked our hosting company to accept emails for that domain. Problem My problem is that emails generated internally from monitoring software, printer, etc. are being caught by our (defunct) internal server and being delivered to the old mailboxes. I believe that what is happening is that our internal exchange server considers itself to be the authoritive server for newname.com. I think it must be looking in active directory for a mailbox and delivering it internally without ever going outside. Attempt to fix I started to follow the article here: http://support.microsoft.com/kb/321721. I removed the SMTP recipient policy for newname.com, and added a dummy address and made it primary. I also answered yes for updating the associated emails. I then restarted the Microsoft Exchange Routing System and SMTP, but emails are still being routed internally. Is there a way to force the exchange server to route all emails for the domain newname.com to the new hosted service?

    Read the article

  • Basic security practices for desktop Ubuntu

    - by Daisetsu
    Most of us know the basic security practices on Windows: use a limited account set a password disable unused services uninstall bloatware Antivirus / Antimalware etc. I haven't ran linux as my main desktop computer before, so I don't know how to properly secure it. I have heard linux is supposed to be more secure than Windows, but I know that the default settings of anything are rarely secure. What are some things I should do as a new Linux user to secure my desktop system from attack?

    Read the article

  • Serving protected files using Nginx's X-Accel-Redirect header

    - by andybak
    I'm trying to serve protected files using this directive in my nginx.conf: location /secure/ { internal; alias /home/ldr/webapps/nginx/app/secure/; } I'm passing in paths in the form: "/myfile.doc" and the file's path would be: /home/ldr/webapps/nginx/app/secure/myfile.doc I just get 404's when I access "http: //myserver/secure/myfile.doc" (space inserted after http to stop ServerFault converting it to a link) I've tried taking the trailing / off the location directive and that makes no difference. Two questions: How do I fix it! How can I debug problems like this myself? How can I get Nginx to report which path it's looking for? error.log shows nothing and access.log just tells me which url is being requested - this is the bit I already know! It's no fun trying things randomly without any feedback. Here's my entire nginx.conf: daemon off; worker_processes 2; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; server { listen 21534; server_name my.server.com; client_max_body_size 5m; location /media/ { alias /home/ldr/webapps/nginx/app/media/; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; fastcgi_pass unix:/home/ldr/webapps/nginx/app/myproject/django.sock; fastcgi_pass_header Authorization; fastcgi_hide_header X-Accel-Redirect; fastcgi_hide_header X-Sendfile; fastcgi_intercept_errors off; include fastcgi_params; } location /secure { internal; alias /home/ldr/webapps/nginx/app/secure/; } } } EDIT: I'm trying some of the suggestions here So I've tried: location /secure/ { internal; alias /home/ldr/webapps/nginx/app/; } both with and without the trailing slash on location. I've also tried moving this block before the "location /" directive. The page I linked to has ^~ after 'location' giving: location ^~ /secure/ { ...etc... Not sure what that signifies but it didn't work either!

    Read the article

  • .htaccess url rewrite with ssl redirection

    - by Stuart McAlpine
    I'm having trouble combining a url query parameter rewrite (fancy-url) with a .htaccess ssl redirection. My .htaccess file is currently: Options +FollowSymLinks Options -Indexes ServerSignature Off RewriteEngine on RewriteBase / # in https: process secure.html in https RewriteCond %{server_port} =443 RewriteCond $1 ^secure$ [NC] RewriteRule ^(.+).html$ index.php?page=$1 [QSA,L] # in https: force all other pages to http RewriteCond %{server_port} =443 RewriteCond $1 !^secure$ [NC] RewriteRule ^(.+).html$ http://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] # in http: force secure.html to https RewriteCond %{server_port} !=443 RewriteCond $1 ^secure$ [NC] RewriteRule ^(.+).html$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] # in http: process other pages as http RewriteCond %{server_port} !=443 RewriteCond $1 !^secure$ [NC] RewriteRule ^(.+).html$ index.php?page=$1 [QSA,L] The fancy-url rewriting is working fine but the redirection to/from https isn't working at all. If I replace the 2 lines containing RewriteRule ^(.+).html$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] with RewriteRule ^(.+).html$ https://%{HTTP_HOST}/index.php?page=$1 [QSA,L] then the https redirection works fine but the fancy-url rewriting doesn't work. Is it possible to combine these two?

    Read the article

  • How to secure Add child record functionality in MVC on Parent's view?

    - by RSolberg
    I'm trying to avoid some potential security issues as I expose some a new set of functionality into the real world. This is basically functionality that will allow for a new comment to be added via a partialview on the "Parent" page. My comment needs to know a couple of things, first what record is the comment for and secondly who is making the comment. I really don't like using a hidden field to store the ID for the Parent record in the add comment form as that can be easily changed with some DOM mods. How should I handle this? PARENT <% Html.RenderPartial("AddComment", Model.Comments); %> CHILD <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<CommentsViewModel>" %> <% using (Html.BeginForm("AddComment", "Requests")) {%> <fieldset> <legend>New Comment</legend> <%= Html.HiddenFor(p => p.RequestID) %> <%= Html.TextBoxFor(p => p.Text) %> &nbsp; <input type="submit" value="Add" /> </fieldset> <% } %> CONTROLLER [AcceptVerbs(HttpVerbs.Post)] public void AddComment(CommentsViewModel commentsModel) { var user = GetCurrentUser(); commentsModel.CreatedByID = user.UserID; RequestsService.AddComment(commentsModel); }

    Read the article

  • Account verification Yelp style, how is it more "secure" than traditional verification?

    - by Chad
    For business owners to "take control" of their business page on Yelp, they register for it. The Yelp system performs a telephone call-back. From watching to the video here, it sounds like a telephone version of what we all typically do - e-mail check. For e-mail check, it basically goes like this: User registers verify e-mail sent they click link inside verify e-mail site verifies Here's Yelp's: User registers verify screen shown with code Yelp calls user user enters code site verifies It's essentially the same thing, via phone. Is there any reason you can see why this method is better than the e-mail method?

    Read the article

  • How do I read a secure rss feed into a SyndicationFeed without providing credentials?

    - by John Kaster
    For whatever reason, IBM uses https (without requiring credentials) for their RSS feeds. I'm trying to consume https://www.ibm.com/developerworks/mydeveloperworks/blogs/roller-ui/rendering/feed/gradybooch/entries/rss?lang=en with a .NET 4 SyndicationFeed. I can open this feed in a browser and it loads just fine. Here's the code: using (XmlReader xml = XmlReader.Create("https://www.ibm.com/developerworks/mydeveloperworks/blogs/roller-ui/rendering/feed/gradybooch/entries/rss?lang=en")) { var items = from item in SyndicationFeed.Load(xml).Items select item; } Here's the exception: System.Net.WebException was unhandled by user code Message=The remote server returned an error: (500) Internal Server Error. Source=System StackTrace: at System.Net.HttpWebRequest.GetResponse() at System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials credentials, IWebProxy proxy, RequestCachePolicy cachePolicy) at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials, IWebProxy proxy, RequestCachePolicy cachePolicy) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) at System.Xml.XmlReaderSettings.CreateReader(String inputUri, XmlParserContext inputContext) at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.XmlReader.Create(String inputUri) at EDN.Util.Test.FeedAggTest.LoadFeedInfoTest() in D:\cdn\trunk\CDN\Dev\Shared\net\EDN.Util\EDN.Util.Test\FeedAggTest.cs:line 126 How do I configure the reader to work with an https feed?

    Read the article

  • Pyramid.security: Is getting user info from a database with unauthenticated_userid(request) really secure?

    - by yourfriendzak
    I'm trying to make an accesible cache of user data using Pyramid doc's "Making A “User Object” Available as a Request Attribute" example. They're using this code to return a user object to set_request_property: from pyramid.security import unauthenticated_userid def get_user(request): # the below line is just an example, use your own method of # accessing a database connection here (this could even be another # request property such as request.db, implemented using this same # pattern). dbconn = request.registry.settings['dbconn'] userid = unauthenticated_userid(request) if userid is not None: # this should return None if the user doesn't exist # in the database return dbconn['users'].query({'id':userid}) I don't understand why they're using unauthenticated_userid(request) to lookup user info from the database...isn't that insecure? That means that user might not be logged in, so why are you using that ID to get there private info from the database? Shouldn't userid = authenticated_userid(request) be used instead to make sure the user is logged in? What's the advantage of using unauthenticated_userid(request)? Please help me understand what's going on here.

    Read the article

  • How to secure an AJAX call from a facebook canvas application.

    - by user259349
    Reading this Ajax example, http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example I found the following line. I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"? "Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or check the sig values per Platform spec"

    Read the article

  • how to configure Postfix to send more emails per hour than the default.

    - by dina-ak
    Hello; My postfix only let me send only 3600 email in an hour ( from which i conclude that there is 1s delay between each email ) while I want to send double that number .. I looked in the postfix configuration .Is there any parameters that i can change to send more than 3600 email in an hour ? this is the output of postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases bounce_queue_lifetime = 1d command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 5 default_destination_rate_delay = 0s html_directory = no inet_interfaces = all inet_protocols = ipv4 initial_destination_concurrency = 2 lmtp_destination_rate_delay = 0s local_destination_rate_delay = 0s mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 1d mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = example.com myhostname = server01.example.com myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix qmgr_message_recipient_limit = 10000 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES relay_destination_rate_delay = 0s sample_directory = /usr/share/doc/postfix-2.5.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_bind_address = xxx.xxx.xxx.xxx smtp_destination_rate_delay = 0s smtp_generic_maps = hash:/etc/postfix/generic smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_restrictions = check_client_access hash:/etc/postfix/access unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual virtual_destination_rate_delay = 0s

    Read the article

  • IP address detection for geo-location or MAC address much secure?

    - by SuperRomia
    Recent study many websites are using geo-location technology on their Websites. I'm planning to implement one website which can be detect the web visitor more accurate. An found that Mozilla is using some kind of detect MAC address technology in their Geo-Location web service. Is it violate some privacy issue? I believe most of Geo-location service providers only offer country to city level. But the Mac address detection enable to locate the web visitors' location more correctly than using IP address detection. If detect the MAC address is not practical, which geo-location service provider is offering more accurate data to detect my Website visitor around the world?

    Read the article

  • How Does Entourage 2008 (for Mac) Decide Which Emails Form a Conversation?

    - by David M
    This is a little bit like http://stackoverflow.com/questions/288757/how-to-identify-email-belongs-to-existing-thread-or-conversation but I am more interested in how Entourage 2008 really does threading as opposed to how it ought to. I have the parent message that has something like Message-ID: <[email protected]/> then some replies that have (in addition to their own Message-ID) In-Reply-To: <[email protected]/> However, these show up as two conversations! The first conversation consists solely of the parent message, and the second conversation consists of the other replies. Would adding a References: header (as described in RFC 2822) resolve this?

    Read the article

  • How to configure custom binding to consume this WS secure Webservice using WCF?

    - by Soeteman
    Hello all, I'm trying to configure a WCF client to be able to consume a webservice that returns the following response message: Response message <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://myservice.wsdl"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1" /> </env:Header> <env:Body> <ns0:StatusResponse> <result> ... </result> </ns0:StatusResponse> </env:Body> </env:Envelope> To do this, I've constructed a custom binding (which doesn't work). I keep getting a "Security header is empty" message. My binding: <customBinding> <binding name="myCustomBindingForVestaServices"> <security authenticationMode="UserNameOverTransport" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" securityHeaderLayout="Strict" includeTimestamp="false" requireDerivedKeys="true"> </security> <textMessageEncoding messageVersion="Soap11" /> <httpsTransport authenticationScheme="Negotiate" requireClientCertificate ="false" realm =""/> </binding> </customBinding> My request seems to be using the same SOAP and WS Security versions as the response, but use different namespace prefixes ("o" instead of "wsse"). Could this be the reason why I keep getting the "Security header is empty" message? Request message <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-d3b70d1f-0ebb-4a79-85e6-34f0d6aa3d0f-1"> <o:Username>user</o:Username> <o:Password>pass</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <getPrdStatus xmlns="http://myservice.wsdl"> <request xmlns="" xmlns:a="http://myservice.wsdl" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> ... </request> </getPrdStatus> </s:Body> </s:Envelope> How do I need to configure my WCF client binding to be able to consume this webservice? Any help greatly appreciated! Sander

    Read the article

  • PHP secure logon script - md5 hash is not matching the hash i wrote to the database in a previous sc

    - by Chris Sobolewski
    I am trying to cobble together a login script in PHP as a learning project. This is the code for my database write when the user registers. Both of these values are written to the database. $this->salt = md5(uniqid()); $this->password = md5($password.$salt); Upon logging in, the following function is fired. For some function challengeLogin($submittedPassword, $publicSalt, $storedPassword){ if(md5($submittedPassword.$publicSalt) == $actualPassword){ return 0; }else{ return 1; }; } Unfortunately, on stepping through my code, the two values have never equaled. Can someone help me understand why?

    Read the article

  • Windows 8 - Ubuntu dual boot

    - by Serkan Özkan
    I bought a new Toshiba s855 notebook with windows 8 preinstalled. Secure boot feature was enabled by default. I installed latest version of ubuntu after disabling secure boot feature(it was not possible to install ubuntu without disabling secure boot). But now when I enable secure boot, the system automatically boots into windows 8, and it boots into ubuntu when I disable secure boot. EasyBCD lists the following boot entries but I can only see Windows 8 in boot menu: Default: Windows 8 Timeout: 7 seconds EasyBCD Boot Device: C:\ Entry #1 Name: Ubuntu BCD ID: {971641cd-304a-11e2-be82-806e6f6e6963} Device: \Device\HarddiskVolume2 Bootloader Path: \EFI\ubuntu\grubx64.efi ... Entry #5 Name: Windows 8 BCD ID: {current} Drive: C:\ Bootloader Path: \windows\system32\winload.efi Any recommendations will be appreciated.

    Read the article

  • Is using os.path.abspath to validate an untrusted filename's location secure?

    - by mcmt
    I don't think I'm missing anything. Then again I'm kind of a newbie. def GET(self, filename): name = urllib.unquote(filename) full = path.abspath(path.join(STATIC_PATH, filename)) #Make sure request is not tricksy and tries to get out of #the directory, e.g. filename = "../.ssh/id_rsa". GET OUTTA HERE assert full[:len(STATIC_PATH)] == STATIC_PATH, "bad path" return open(full).read() Edit: I realize this will return the wrong HTTP error code if the file doesn't exist (at least under web.py). I will fix this.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >