Search Results

Search found 25872 results on 1035 pages for 'document security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 64/1035 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • best approah (security) to do some admin work through web page in Linux?

    - by Data-Base
    Hello, I want to build a web based admin tools that allow the system admin to run pre-configured commands and scripts through a web page (simple and limited webmin), what is the best approach? I already started with Ubuntu installing LAMP and give the user www-data root's privileges !!! as I learned (please check the link) this is a really bad move !!!, so how to build such web-based system without the security risk? cheers

    Read the article

  • Java embedded applet page security, how to properly meet its recquirements?

    - by meds
    If I have an applet embedded in a webpage and I want it to connect to server side software (also written in Java) how can I do this properly on a windows machine running local host? Would I have to run the java application from within the localhost directory and access the applet html from a browser (i.e. localhost/applet.html)? From what I undestand if you don't have everything setup correctly you won't be able to connect because of Java's security requirements. Thanks for any help :)

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Is canvas security model ignoring access-control-allow-origin headers?

    - by luklatlug
    It seems that even if you set the access-control-allow-origin header to allow access from mydomain.org to an image hosted on domain example.org, the canvas' origin-clean flag gets set to false, and trying to manipulate that image's pixel data will trigger a security exception. Shouldn't canvas' obey the access-control-allow-origin header and allow access to image's data without throwing an exception?

    Read the article

  • ASP.NET Security Exception when Switch IIS7 to Use UNC Path for Content

    - by Jeremy H.
    I have a Windows Server 2008 R2 box running IIS7.5 with Medium Trust configured for ASP.NET. When I have the website running from local content (e.g.: c:\inetpub\wwwroot) everything works fine. When I change IIS to use a UNC path for the content (e.g.: \\computer\wwwroot) I get the following error: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. I'm trying to figure out why ASP.NET/IIS would allow for the SQL call when using local content but not when using a UNC path. Any ideas what I need to do to use a UNC path from IIS7 properly?

    Read the article

  • ASP.NET Security Exception when Switch IIS7 to Use UNC Path for Content

    - by Jeremy H.
    I have a Windows Server 2008 R2 box running IIS7.5 with Medium Trust configured for ASP.NET. When I have the website running from local content (e.g.: c:\inetpub\wwwroot) everything works fine. When I change IIS to use a UNC path for the content (e.g.: \\computer\wwwroot) I get the following error: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. I'm trying to figure out why ASP.NET/IIS would allow for the SQL call when using local content but not when using a UNC path. Any ideas what I need to do to use a UNC path from IIS7 properly?

    Read the article

  • IIS7 Default Document not working

    - by TooFat
    I have a website running on IIS 7 that has the default document on the Web Site Level set to only index.php. If I right click on the Web Site in IIS Manager and select Explore I see that the index.php file is there. If I just browse to the web site like http://my.site.com I get the default IIS 7 logo with "Welcome" in a bunch of diff languages. If I go to http://my.site.com/index.php it brings up the site just fine. I have stopped and started the Web Site and ran iisreset but still no luck. The Default Document Section of Web.config looks like this <defaultDocument> <files> <clear /> <add value="index.php" /> </files> </defaultDocument> What am I missing?

    Read the article

  • Re-open Word document to previous cursor location with identical page vertical position

    - by Malcolm
    I would like to return to my previous point of edit with the page vertically positioned identical to its original vertical position. The Shift+F5 technique returns me to the previous point of edit, but the page I return to is vertically positioned on the screen in a somewhat random manner. In other words, if my cursor is 300 vertical pixels from the top of the document viewport, I would like to re-open my page so that the location of the cursor is still 300 vertical pixels from the top of my viewport. The following can be used to determine the vertical position (on the screen) of my text cursor: ActiveWindow.GetPoint pLeft, pTop, pWidth, pHeight, Selection.Range So the challenge becomes how to scroll my document in such a manner as to return my text cursor to its original vertical position (pHeight)? There is no corresponding ActiveWindow.SetPoint and ActiveWindow.ScrollIntoView scrolls a selection range into view, but offers no control over the vertical position of the selection range on the screen.

    Read the article

  • Norton Security Suite Symantec Download Manager Error: "Error writing to disk"

    - by Stephen Pace
    My broadband provider (Comcast) decided to switch their 'included with service' security suite from McAfee to Norton Security Suite. Their email directed me to a site that downloaded the Symantec Download Manager (NortonDL.exe) and that went fine. I'm running Windows 7 32-bit and running this application pops up the standard User Account Control message and the software is correctly identified as coming from Symantec. I answer 'yes' to allow the software to install and upon launch immediately get an "Error writing to disk" error. I searched the Internet for this error, but mainly I find Comcast users complaining about the same issue with no resolution other than to call Symantec. I found no one suggesting a successful workaround and it appeared that most of the support calls took up to three hours. I'd like to avoid that if possible. Ideas? To be honest, I'm getting close to bagging this installation and just moving to Microsoft Security Essentials.

    Read the article

  • Chrome shows "The site's security certificate is not trusted" error

    - by Emerald214
    From this morning I get this error whenever I access Google Docs and some websites. My system datetime is correct and I checked "Automatically from the Internet". My BIOS is OK. I cleared everything (cache, cookie, private data) in Chrome and restarted OS but nothing changes. How to fix it? Firefox works but Chrome has that problem. The site's security certificate is not trusted! You attempted to reach docs.google.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You cannot proceed because the website operator has requested heightened security for this domain.

    Read the article

  • RTF File Opens as Read Only from Document Management System (Does not happen for all users)

    - by Dave
    We have a third party system in place that as one part of its duties hosts RTF files that a user can open, make changes to, and save back into the document management system. Recently we have begun upgrading users to Office 2007 from 2003. We are now hearing that when some users open these documents, they open as Read Only (even though there is no document protection in place and the files are set for Unrestricted Access). Other users though, who also have Word 2007, report no problems. There were no problems for anyone when Word 2003 was being used. I'm sure it's a setting in Word but I'm having a lot of difficulty in identifying where the issue could be. Looking for any assistance on why these RTF files are opening as Read Only for some and not for others when using Word 2007. Thanks! Dave

    Read the article

  • Saving a Word document as Web Page, Filtered drastically reduces image resolution

    - by Abdullah Jibaly
    I have a document with hundreds of images. When I save the first image (right click and save picture) it ends up with a good resolution as shown below: However, when I save the document as Web Page, Filtered, all the images end up really low-res. Here's the exact same image afterwards: I've tried the following options in the Save As dialog with no luck: In Tools > Web Options... > Pictures > Target Monitor I've set the Pixels Per Inch to the highest value, 120. In Tools > Compress Pictures > Target Output I've set it to Print (220 ppi). Any ideas would be appreciated.

    Read the article

  • Xcode find in document stuck in case-sensitive

    - by mjdth
    When in Xcode editing code for my objective C files, I often press Command-F to bring up the little Find-In-Document banner across the top. Sometimes this gets stuck in case-sensitive search, and when it does that it also won't loop through the entire document and sometimes won't even display the selected found string. I can't find any options to turn off the case sensitivity, and I never intentionally turned it on. I've restarted xcode several times hoping that would be it but it's changed nothing. Slightly off-topic, but this was the best place I could think of to ask this question. Thanks for any response!

    Read the article

  • MS Word - Close Word when you close the last open document **using keyboard**

    - by Chad
    In MS Word, by default, you can use: Ctrl+F4 to close Word Ctrl+W to close the current document Is it possible to make Word close when you close the last open document? For instance, in Chrome, if you keep hitting Ctrl+W you'll eventually close the last tab, which will also close Chrome. I'd like the same functionality with Word (and the other Office products) where I can just keep closing documents until I close the last one, at which point the application closes. Unfortunately, Ctrl+W doesn't close Word, even when there are no documents open.

    Read the article

  • Word 2007, Adding Page Numbers to Landscape, 5.5 by 8.5 Booklet Style Document

    - by nicorellius
    I am publishing a 5.5 by 8.5 booklet. I created this document in Word 2007 and will be converting it to PDF. It looks good as is, but I can't seem to figure out how to add page numbers automatically to this document. In general, I know how to add page numbers using footers, etc, but this application is a bit different: I have two pages (5.5 by 8.5) on one landscape 8.5 by 11 page. See picture below: I guess I could manually add page numbers, but then getting the formatting perfect will be tough. Any ideas?

    Read the article

  • Oracle Advanced Security Options is Blank

    - by mak4pi
    I just installed Oracle DB 10gR2 with Oracle Advanced Security, but cannot see the algorithms. [user@db-1] adapters Installed Oracle Net transport protocols are: IPC BEQ TCP/IP SSL RAW Installed Oracle Net naming methods are: Local Naming (tnsnames.ora) Oracle Directory Naming Oracle Host Naming Oracle Names Server Naming Installed Oracle Advanced Security options are: Where are all the algorithms for Oracle Advanced Security options please? I checked the $ORACLE_HOME/bin/adapters file and it's looking for naea256i, naemd5i, etc. in the naetab.so file, but none of these are listed in the naetab.so file. What's wrong with the naetab.so file? Thanks.

    Read the article

  • Microsoft Office 2003 document (Excel and Word) intermitently, takes 30 seconds to load

    - by Julio Nobre
    I am trying to figure out why a simple .XLS EXCEL workbook is taking, randomly, 30 seconds to open. Before answering: Please, bear mind the following: Problem symptoms Hanging is intermitent and it takes exactly 30 seconds; During hanging there is no cpu or disk activity; It only happens during document load. Every runs smooth after that; Windows Explorer.exe hangs on folder, but all other folders, system and applications are still responsive; There are no consecutive hangings. I have to wait for while to reproduce this behaviour; All samples documents are located on a local drive (C:\BPI); The no document has has macros and have any addins usage; The problem does occurs on others files extensions like .PDF, for example; Office 2003 is being used for several years; The computer is running Windows XP; Computer has several network mapped drives, all addressed to main file server; Recently, main fileserver was replaced by Windows 2011 SBS Standard Edition What I have done so far I have traced machine Explorer.exe, using Process Monitor, added Duration column, and filtered by Duration 1. That's is how I found that hanging was taking exactly 30 seconds. For further information, please refer to Oliver Salzburg tutorial. Using Process Monitor, I have also figured out than five operations were taking most of sample collecting duration. Looking at sample image below, column Operation below you will notice that one single operation was taking 29 seconds; I have tried different documents (.xls and .doc), all of them smaller than 30 KB; I have, temporarily, removed all shortcuts on User Document's folder that were pointing to network drives or shares; I have runned CCleaner to fix registry issues; I made sure that there were no external links on tested workbook or word documents; I have reproduced this behaviour for hours; I have extensivelly researched for hours on the web; Process Monitor's collected and filtered data

    Read the article

  • Importing Omnigraffle drawings into a NeoOffice document

    - by Greg Harman
    What is the best way to import an Omnigraffle drawing into a NeoOffice document? I expect the document to change over time, and I may need to update the drawing later, so I'd like a way to make that happen painlessly. Currently, I export the drawing to a .jpg and then import that in NeoOffice with Insert-Picture-From File... but that's an extra step and extra file to maintain (the intermediate .jpg) and the frame that NeoOffice puts the image in always gives me trouble when I try to update the image with a new one.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >