Search Results

Search found 32181 results on 1288 pages for 'j security check'.

Page 66/1288 | < Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73 | Next Page >

Standard/Compliance for web programming?

- by MarkusK

I am working with developers right now that write code the way they want and when i tell them to do it other way they respond that its just matter of preference how to do it and they have their way and i have mine. I am not talking about the formatting of code, but rather of way site is organized in classes and the way the utilize them. and the way they create functions and process forms etc. Their coding does not match my standards, but again they argue that its matter of preference and as long as goal achieved the can be different way's to do it. I agree but their way is proven to have bugs and we spend a lot of time going back and forth with them to fix all problems security or functionality, yet they still write same code no matter how many times i asked them to stop doing certain things. Now i am ready to dismiss them but friend of mine told me that he has same exact problem with freelance developers he work with. So i don't want to trade one bad apple for another. Question is is there some world wide (or at least europe and usa) accepted standard or compliance on how write secure web based applications. What application architecture should be for maintainable application. Is there are some general standard that can be used for any language ruby php or java govern security and functionality and quality of code? Or at least for PHP and MySQL i use for my website. So i can make them follow this strict standard and stop making excuses.

Read the article
How to go about designing an intermediate routing filter program to accept input and forward accordingly?

- by phileaton

My predicament: I designed an app, written in Python, to read my mail and check for messages that contain a certain digital signature. It opens these and looks for keywords. If the message contains these keywords, certain related functions area executed on the computer. It is a way I can control my computer from my cell phone without being there. I am still in the beginning stages and it can only currently remotely open and close applications/processes. The obvious issue is security risks. I hoped to spearhead that by requiring and checking for that digital signature. However, my issue comes when I'd like to make this program usable by multiple users. The idea is that the user will send keywords: username and password, for instance, to log into their personal email account and send messages to it to be parsed. Please ignore the security implications of sending non-encoded passwords through email. (Though if you could help me on that part I'd much appreciate it as well, but currently, that is not the scope of my question.) My issue is designing an intermediary process that will take an email/password to read an email and scan for those keywords. The issue is, that the program has to be accessing an email to read the email for the username/password! I have got myself into a loop and cannot figure out how to have this required intermediary program. I could just create an arbitrary email account and have that check for login-creds, but is there a better way of doing this than that? Also, is there a better way of communicating with a computer remotely than this? Especially if the computer is not a server and is behind a router with only a subnet ip? If I am asking this question in the wrong place, I deeply apologize. Any help would be much appreciated!

Read the article
Check if Checkbox is checkd?

- by streetparade

Im trying to get some checkbox with a specific name document.getElementsByName("test"); Unfortunatley i cant check if it is checked or not here is the code for(i=0;i<check.length;i++) { if(check[i].checked==true) { alert(check[i].value); } } Is somewhere a typo?

Read the article
Can't check in due to conflicting changes

- by themaninthesuitcase

I have an issue that means I cannot check in changes even if I resolve the issues. I have removed a form from the solution then created a new form with the same name. Now when I go to check in the form I get the following error: Even if I mark all the conflicts as resolved the check in fails with the following error: All conflicts resolved but no files checked in due to initial conflicts. How can I get this to check in?

Read the article
Check to See if File is in Repository with SharpSVN

- by Jason

How do I check if a file is already in a repository (or NOT in the repository) so I can determine whether I need to 'add' it first before doing the check in? (For the record, I have check-in working, but I get an exception when I try to check in a file that has not yet been added to the repository.) Thanks

Read the article
Check item in CheckedListBox without selecting

- by Dmi

How can I allow the user to click to check an item in CheckedListBox in one click? The default behaviour is the first click selects the item, the second click allows you to toggle the check. I don't want to toggle the check on select either, I'm looking for the behavior of the ListView control where I can click directly on check boxes to toggle them without selecting their items first.

Read the article
How do I check SQLite3 syntax?

- by Benjamin Oakes

Is there a way to check the syntax of a SQLite3 script without running it? Basically, I'm looking for the SQLite3 equivalent of ruby -c script.rb, perl -c script.pl, php --syntax-check script.php, etc. I've thought of using explain, but most of the scripts I'd like to check are kept around for reference purposes (and don't necessarily have an associated database). Using explain would also make it hard to use with something like Syntastic. (That is, I'm only wanting to check syntax, not semantics.)

Read the article
HTTP Headers - need to check OPTIONS

- by chris

I've received the results of a pen test and there is some unwanted exposure in the HTTP OPTIONS where the fact that Frontpage Server Extensions was available (now removed) was reported. I need to run a check on the OPTIONS to see whether it has been removed. The test output from the report is below, I need to recreate it to establish that it has gone but don't know how to check the OPTIONS, I can only find tools that seem to check the "HEAD / HTTP/1.1". Does anyone know how to test this - I'm running a Windows environment? Many thanks OPTIONS / HTTP/1.1 Host: www.website.com HTTP/1.1 200 OK Allow: OPTIONS, TRACE, GET, HEAD Content-Length: 0 Server: Microsoft-IIS/6.0 Public: OPTIONS, TRACE, GET, HEAD, POST MS-Author-Via: MS-FP/4.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Date: Fri, 01 Feb 2010 16:09:15 GMT

Read the article
Check for Apache state in Linux

- by loulouzekiller

Hi i have a java application that starts/stops/restart Apache and it should also check for its status, so i have looked how checking for status of apache and it appears that you have to check for the state of the service, problem is that when i use apachectl start the service httpd is still not started, is that normal ? i check for the service state by doing service httpd status . [root@lxrdcpsm ~]# service httpd status httpd is stopped [root@lxrdcpsm ~]# /apps/apache/2.4.4/bin/apachectl start httpd (pid 20502) already running [root@lxrdcpsm ~]# service httpd status httpd is stopped [root@lxrdcpsm ~]# /apps/apache/2.4.4/bin/apachectl stop [root@lxrdcpsm ~]# service httpd status httpd is stopped [root@lxrdcpsm ~]# /apps/apache/2.4.4/bin/apachectl start [root@lxrdcpsm ~]# service httpd status httpd is stopped [root@lxrdcpsm ~]#

Read the article
How do I check for available "Automatic Updates" via script / cli

- by Lee

I asked this on superuser, but I think this may have been a more apropriate place. We are trying to automate server reboots, but one of the "gotchas" we are running into are that they want us to install updates by manually clicking "sure, install updates" during monthly Windows reboots. If I had a way to check to see if updates are in fact waiting, we'd be ok with rebooting automatically via a script and just failing if this is the case. My problem is I can't figure out how to check to see if there are in fact updates waiting to be installed, without logging in. Is there a file or particular service status I can check for? Maybe with Powershell or something similar? The current setting used is "Download updates but do not install automatically"

Read the article
Run disk error check on NTFS file?

- by paulius_l

I have a feeling that my system hard drive is dying. Benchmark kind of enforces it. Here is the benchmark of my system hard drive during low system activity: And here is the benchmark of backup drive: Furthermore, there are some files which I just can't touch because I get CRC errors and the hard drive activity spikes to 100% with operating speeds less than 1 MB/s while working with such files. I haven't yet tried swapping SATA cable as I have read this might cause the problems. Anyway, I would like to run some tests on specific clustsers where those files I am interested in are stored. I don't want to do the full chkdsk because it takes a very long time. I would like to either find the utility which executes the disk check directly on the clusters where the file belongs or a couple utilities where one tells me the cluster locations and another can check just those locations. How do I check and possibly fix disk errors where the files I am interested in are stored? Edit: S.M.A.R.T. info:

Read the article
WSUS Showing Incorrect Version & Client Update Failure but they can check-in

- by user132199

One of the issues we are having is the clients will not download the updates from our WSUS server. They check-in as they are suppose too and find applicable updates but they are unable to actually download and install them. The GPO is set correctly. We decided to install the patch KB2720211to see if it would help eleviate this issue but it did not. In fact, even stranger, if I check the version that is installed on WSUS it reads 3.2.7600.226 but as far as I know it should read 3.2.7600.251. If I check Add/Remove programs to see what Windows Updates have been installed it even lists for WSUS that KB2720211 has been installed at version 3.2.7600.251. To install this update I followed the following directions Question: Has anyone seen this issue where the patch is installed yet not showing the correct version? What can I try to get my clients to update?

Read the article
Meaning of Bridge-Check in iptables flowchart

- by networkIT

In the famous iptables flow-chart what does bridge-check exactly stands for ? I couldn't find any documentation. The only clue I found was while scanning the MikroTik RouterOS documentation ( RouterOS is build upon a Linux 2.6.16 kernel ), I found this : In-interface Bridge = Checks if the input interface is a port for a bridge or is the bridge. Manual:Packet Flow Comparing both flow-charts brings clues that iptables Bridge-check might equal MikroTik In-Interface Bridge. Is this true ? Else, what might be the meaning of iptables Bridge-Check ?

Read the article
Does CHECK TABLE add read/write locks?

- by Ztyx

Hi, Yesterday I ran CHECK TABLE on a table that is read very frequently. I scanned the MySQL documentation for CHECK TABLE for any mentions of "lock" (and found none) and also noticed that only SELECT privilege was required to run the command. I therefor concluded that the command did not do any read lock and was safe to run even in production. Sadly, running the command took 1 minute and 37 seconds and seemed to block all read access. My question is therefor, does CHECK TABLE do any read lock? Any other reason why I experienced a read block on the table? Thanks

Read the article
How often does a Linux check it's /etc/localtime file

- by DarkSheep

I am trying to troubleshoot a problem. Some very helpful information would lead me to a solution is: Often does Linux check the /etc/localtime file? Additionally if there is a configuration file to increase the frequency (for testing) that would be helpful. Normally I would assume that it would check when a call to the ntp server has been executed, but NTP is not installed. It couldn't possibly check every time the date function is called as this would result in many problems on busy web servers. Server is Ubuntu 12.04, but I don't think that is relevant to the question.

Read the article
Request Limit Length Limits for IIS’s requestFiltering Module

- by Rick Strahl

Today I updated my CodePaste.net site to MVC 3 and pushed an update to the site. The update of MVC went pretty smooth as well as most of the update process to the live site. Short of missing a web.config change in the /views folder that caused blank pages on the server, the process was relatively painless. However, one issue that kicked my ass for about an hour – and not foe the first time – was a problem with my OpenId authentication using DotNetOpenAuth. I tested the site operation fairly extensively locally and everything worked no problem, but on the server the OpenId returns resulted in a 404 response from IIS for a nice friendly OpenId return URL like this: http://codepaste.net/Account/OpenIdLogon?dnoa.userSuppliedIdentifier=http%3A%2F%2Frstrahl.myopenid.com%2F&dnoa.return_to_sig_handle=%7B634239223364590000%7D%7BjbHzkg%3D%3D%7D&dnoa.return_to_sig=7%2BcGhp7UUkcV2B8W29ibIDnZuoGoqzyS%2F%2FbF%2FhhYscgWzjg%2BB%2Fj10ZpNdBkUCu86dkTL6f4OK2zY5qHhCnJ2Dw%3D%3D&openid.assoc_handle=%7BHMAC-SHA256%7D%7B4cca49b2%7D%7BMVGByQ%3D%3D%7D&openid.claimed_id=http%3A%2F%2Frstrahl.myopenid.com%2F&openid.identity=http%3A%2F%2Frstrahl.myopenid.com%2F&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.op_endpoint=http%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2010-10-29T04%3A12%3A53Zn5F4r5&openid.return_to=http%3A%2F%2Fcodepaste.net%2FAccount%2FOpenIdLogon%3Fdnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Frstrahl.myopenid.com%252F%26dnoa.return_to_sig_handle%3D%257B634239223364590000%257D%257BjbHzkg%253D%253D%257D%26dnoa.return_to_sig%3D7%252BcGhp7UUkcV2B8W29ibIDnZuoGoqzyS%252F%252FbF%252FhhYscgWzjg%252BB%252Fj10ZpNdBkUCu86dkTL6f4OK2zY5qHhCnJ2Dw%253D%253D&openid.sig=h1GCSBTDAn1on98sLA6cti%2Bj1M6RffNerdVEI80mnYE%3D&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cns.sreg%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname&openid.sreg.email=rstrahl%40host.com&openid.sreg.fullname=Rick+Strahl A 404 of course isn’t terribly helpful – normally a 404 is a resource not found error, but the resource is definitely there. So how the heck do you figure out what’s wrong? If you’re just interested in the solution, here’s the short version: IIS by default allows only for a 1024 byte query string, which is obviously exceeded by the above. The setting is controlled by the RequestFiltering module in IIS 6 and later which can be configured in ApplicationHost.config (in \%windir\system32\inetsvr\config). To set the value configure the requestLimits key like so: <configuration> <security> <requestFiltering> <requestLimits maxQueryString="2048"> </requestLimits> </requestFiltering> </security> </configuration> This fixed me right up and made the requests work. How do you find out about problems like this? Ah yes the troubles of an administrator? Read on and I’ll take you through a quick review of how I tracked this down. Finding the Problem The issue with the error returned is that IIS returns a 404 Resource not found error and doesn’t provide much information about it. If you’re lucky enough to be able to run your site from the localhost IIS is actually very helpful and gives you the right information immediately in a nicely detailed error page. The bottom of the page actually describes exactly what needs to be fixed. One problem with this easy way to find an error: You HAVE TO run localhost. On my server which has about 10 domains running localhost doesn’t point at the particular site I had problems with so I didn’t get the luxury of this nice error page. Using Failed Request Tracing to retrieve Error Info The first place I go with IIS errors is to turn on Failed Request Tracing in IIS to get more error information. If you have access to the server to make a configuration change you can enable Failed Request Tracing like this: Find the Failed Request Tracing Rules in the IIS Service Manager. Select the option and then Edit Site Tracing to enable tracing. Then add a rule for * (all content) and specify status codes from 100-999 to capture all errors. if you know exactly what error you’re looking for it might help to specify it exactly to keep the number of errors down. Then run your request and let it fail. IIS will throw error log files into a folder like this C:\inetpub\logs\FailedReqLogFiles\W3SVC5 where the last 5 is the instance ID of the site. These files are XML but they include an XSL stylesheet that provides some decent formatting. In this case it pointed me straight at the offending module: Ok, it’s the RequestFilteringModule. Request Filtering is built into IIS 6-7 and configured in ApplicationHost.config. This module defines a few basic rules about what paths and extensions are allowed in requests and among other things how long a query string is allowed to be. Most of these settings are pretty sensible but the query string value can easily become a problem especially if you’re dealing with OpenId since these return URLs are quite extensive. Debugging failed requests is never fun, but IIS 6 and forward at least provides us the tools that can help us point in the right direction. The error message the FRT report isn’t as nice as the IIS error message but it at least points at the offending module which gave me the clue I needed to look at request restrictions in ApplicationHost.config. This would still be a stretch if you’re not intimately familiar, but I think with some Google searches it would be easy to track this down with a few tries… Hope this was useful to some of you. Useful to me to put this out as a reminder – I’ve run into this issue before myself and totally forgot. Next time I got it, right?© Rick Strahl, West Wind Technologies, 2005-2010Posted in ASP.NET Security

Read the article
Applying business logic to form elements in ASP.NET MVC

- by Brettski

I am looking for best practices in applying business logic to form elements in an ASP.NET MVC application. I assume the concepts would apply to most MVC patterns. The goal is to have all the business logic stem from the same place. I have a basic form with four elements: Textbox: for entering data Checkbox: for staff approval Checkbox: for client approval Button: for submitting form The textbox and two check boxes are fields in a database accessed using LINQ to SQL. What I want to do is put logic around the check boxes on who can check them and when. True table (little silly but it's an example): when checked || may check Staff || may check Client Staff | Client || Staff | Client || Staff | Client 0 0 || 1 0 0 1 0 1 || 0 0 0 1 1 0 || 1 0 0 1 1 1 || 0 0 0 1 There are to security roles, staff and client; a person's role determines who they are, the roles are maintained in the database alone with current state of the check boxes. So I can simply store the users roll in the view class and enable and disable check boxes based on their role, but this doesn't seem proper. That is putting logic in UI to control of which actions can be taken. How do I get most of this control down into the model? I mean I need to control which check boxes are enabled and then check the results in the model when the form is posted, so it seems the best place for it to originate. I am looking for a good approach to constructing this, something to follow as I build the application. If you know of some great references which explain these best practices that is really appreciated too.

Read the article
Hidden divs for "lazy javascript" loading? Possible security/other issues?

- by xyld

I'm curious about people's opinion's and thoughts about this situation. The reason I'd like to lazy load javascript is because of performance. Loading javascript at the end of the body reduces the browser blocking and ends up with much faster page loads. But there is some automation I'm using to generate the html (django specifically). This automation has the convenience of allowing forms to be built with "Widgets" that output content it needs to render the entire widget (extra javascript, css, ...). The problem is that the widget wants to output javascript immediately into the middle of the document, but I want to ensure all javascript loads at the end of the body. When the following widget is added to a form, you can see it renders some <script>...</script> tags: class AutoCompleteTagInput(forms.TextInput): class Media: css = { 'all': ('css/jquery.autocomplete.css', ) } js = ( 'js/jquery.bgiframe.js', 'js/jquery.ajaxQueue.js', 'js/jquery.autocomplete.js', ) def render(self, name, value, attrs=None): output = super(AutoCompleteTagInput, self).render(name, value, attrs) page_tags = Tag.objects.usage_for_model(DataSet) tag_list = simplejson.dumps([tag.name for tag in page_tags], ensure_ascii=False) return mark_safe(u'''<script type="text/javascript"> jQuery("#id_%s").autocomplete(%s, { width: 150, max: 10, highlight: false, scroll: true, scrollHeight: 100, matchContains: true, autoFill: true }); </script>''' % (name, tag_list,)) + output What I'm proposing is that if someone uses a <div class=".lazy-js">...</div> with some css (.lazy-js { display: none; }) and some javascript (jQuery('.lazy-js').each(function(index) { eval(jQuery(this).text()); }), you can effectively force all javascript to load at the end of page load: class AutoCompleteTagInput(forms.TextInput): class Media: css = { 'all': ('css/jquery.autocomplete.css', ) } js = ( 'js/jquery.bgiframe.js', 'js/jquery.ajaxQueue.js', 'js/jquery.autocomplete.js', ) def render(self, name, value, attrs=None): output = super(AutoCompleteTagInput, self).render(name, value, attrs) page_tags = Tag.objects.usage_for_model(DataSet) tag_list = simplejson.dumps([tag.name for tag in page_tags], ensure_ascii=False) return mark_safe(u'''<div class="lazy-js"> jQuery("#id_%s").autocomplete(%s, { width: 150, max: 10, highlight: false, scroll: true, scrollHeight: 100, matchContains: true, autoFill: true }); </div>''' % (name, tag_list,)) + output Nevermind all the details of my specific implementation (the specific media involved), I'm looking for a consensus on whether the method of using lazy-loaded javascript through hidden a hidden tags can pose issues whether security or other related? One of the most convenient parts about this is that it follows the DRY principle rather well IMO because you don't need to hack up a specific lazy-load for each instance in the page. It just "works". UPDATE: I'm not sure if django has the ability to queue things (via fancy template inheritance or something?) to be output just before the end of the </body>?

Read the article
Authentication and Security in my website - need advice please.

- by Ichirichi

Hi, I am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password. When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing). My question/problems are: Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue? Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2. If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load? Advice and answers much appreciated. L

Read the article
Spellchecking po files

- by moose

Hi, I am translating some po-files and I would like to run a spell checker over them. I have Ubuntu 10.10 and use gtranslator. As far as I know, gtranslator can't spellcheck the whole file. I tried ispell: $ ispell lordsawar-0.2.0-pre4.de.po - this doesn't work, as English and German strings, as well as some programming-relevant comments appear in the .po-file. Do you know any program running on Ubuntu which can spell check po-files?

Read the article
How do I disable automatic hyphen correction in OS X 10.7?

- by user167706

How do I disable automatic hyphen correction in OS X 10.7? When using the spell checker in Apple Mail it is always prompting to correct my hyphens to another one which is essentially similar but microns longer on the screen for some reason. It's annoying as I often use hyphens and really need spell check too. Thoughts? I looked in all the usual System Preferences places but can't find anything.

Read the article
Javascript: Dynamic Check box (Fieldset with Father/Child Checkboxes)

- by BoDiE2003

I have a problem here, when I select any of the 'father' checkboxes all the child checkboxes are getting enabled or disabled. So I need each father checkbox to affect it own child fieldset. Could someone help me with this. Thank you <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en"> <head> <title>toggle disabled</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <style type="text/css"> .cssDisabled { color: #ccc; } </style> <script src="http://prototypejs.org/assets/2009/8/31/prototype.js" type="text/javascript"> </script> <script type="text/javascript"> Event.observe(window, 'load', function(){ // for all items in the group_first class $$('.father').each(function(chk1){ // watch for clicks chk1.observe('click', function(evt){ dynamicCheckbox(); }); dynamicCheckbox(); }); }); function dynamicCheckbox (){ // count how many of group_first are checked, // doEnable true if any are checked var doEnable = ($$('.father:checked').length > 0) ? true : false; // for each in group_second, enable the checkbox, and // remove the cssDisabled class from the parent label $$('.child').each(function(item){ if (doEnable) { item.enable().up('label').removeClassName('cssDisabled'); } else { item.disable().up('label').addClassName('cssDisabled'); } }); }; </script> </head> <body> <fieldset> <legend>First Group</legend> <label><input type="checkbox" value="1" class="father" />Check box 1</label><br /> <label><input type="checkbox" value="2" class="father" checked/>Check box 2</label> </fieldset> <fieldset> <legend>Second Group</legend> <label class="cssDisabled"><input type="checkbox" value="x" class="child" disabled="disabled" />Check box x</label><br /> <label class="cssDisabled"><input type="checkbox" value="y" class="child" disabled="disabled" />Check box y</label><br /> <label class="cssDisabled"><input type="checkbox" value="z" class="child" disabled="disabled" />Check box z</label> </fieldset> <fieldset> <legend>First Group</legend> <label><input type="checkbox" value="3" class="father" />Check box 1</label><br /> </fieldset> <fieldset> <legend>Second Group</legend> <label class="cssDisabled"><input type="checkbox" value="x" class="child" disabled="disabled" />Check box x</label><br /> <label class="cssDisabled"><input type="checkbox" value="y" class="child" disabled="disabled" />Check box y</label><br /> <label class="cssDisabled"><input type="checkbox" value="z" class="child" disabled="disabled" />Check box z</label> </fieldset> </body> </html>

Read the article
Security in shared hosting vs VPS 'virtual appliances'

- by Pedro Loureiro

I have to change my hosting provider. Right now I have a shared hosting account but I'm considering trying the LAMP stack appliance from turnkeylinux.org. I'm very comfortable with using linux, I've been using it for a long time. I have no problem ssh'ing into remote machines and do whatever I have to do (coding, reading logs, moving files, deploying, etc). The problem is that none of those tasks have involved securing the server/firewall. My experience has been as a desktop user or developer deploying apps/files in remote servers. Ignoring the security in the application logic (read: any scripts, frameworks, websites I might have created or installed) - I'm worried about things like base configuration of deamons, firewall, ports, executable scripts being readable from the outside and whatnot. My question is: how do you compare the (expected) out of the box security of the LAMP stack from turnkey and the (expected) security of a "regular" shared hosting provider? I was hoping to find some guides with a list of steps to do to protect my server but the only documentation I found was simply referring to ubuntu's documentation.

Read the article
Win 2008 R2 terminal server and redirected printer queue security

- by Ian

I have a case where I need a non-priv account to be able to make a modification to the redirected printer. I know, its not advisable but we're not giving them access - changes will be made in code. So, following the docs (http://technet.microsoft.com/en-us/library/ee524015(WS.10).aspx) I modified the default security for new printer queues. This doesnt work though as windows doesn't seem to assign the privs you configure in the printer admin tool to redirected printer queues. As I test I added a non-priv test user to the default security tab in the printer admin tool (control panel - admin tools - printer admin. I assigned it all privs (its a test) and logged the user into the terminal server. The redirected printers duely appeared as usual. However if I open the printer properties - security tab, the user appears in the list of accounts/groups but the options I selected (all privs) are not set. Instead the user special privs box is marked and when I click on 'advanced options' and view them, there is nothing marked. So, something is clearing these options.... the question is, why and how can I convince it not to? Ian

Read the article
(Some) security perms in WinXP corrupted (shows GUID instead of username)

- by Andy

I've been using my Win XP machine (part of a domain) over the holiday period, so until yesterday it hadn't rebooted for about five days. I used it yesterday perfectly fine and shut it down. When I switched it on this morning the majority (but not all) of my shortcut links in the Quick Launch toolbar showed as generic file icons. If you open the folder and get properties on one of the failing shortcuts it says ''Target type: This is not a valid shortcut''. Then in Outlook I noticed my signature wasn't showing (I checked my sent folder and the sig was ok yesterday). Checking the signature folder, I can't see the security tab on any of the sig files, and I have an access denied message on trying to open them. I can see the security tab on the signature folder itself, just none of the contents. If I try and use the parent folder's security tab and ''Replace permission entries on all child objects with entries shown here that apply to child objects'' it appears to work fine, but makes no actual difference. I logged in as administrator and saw that the owner of the files showed up as a GUID (clearly should've been my account in its place). Any ideas what might have made that happen? So far I haven't heard any similar complaints from anyone else at the office...

Read the article

< Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73 | Next Page >