Search Results

Search found 25503 results on 1021 pages for 'browser security'.

Page 661/1021 | < Previous Page | 657 658 659 660 661 662 663 664 665 666 667 668 | Next Page >

nginx deny directory and files to be downloaded

- by YeppThat'sMe

gurus. I have a problem and i dont know how to solve it. I am working with Git and Compass/SASS on some projects. Now i want to protect those directories. When i go only to the folder its all fine – i get what i expected a 403 forbidden. location ~ /\.git { deny all; } But when i try use the full path to the config file from git the browser start to download it. Same scenario with compass. There is a config.rb file within the folder which also starts to download it. How can i prevent this behaviour? How can i deny downloading specific files?

Read the article
Binding services to localhost and using SSH tunnels - can requests be forged?

- by Martin

Given a typical webserver, with Apache2, common PHP scripts and a DNS server, would it be sufficient from a security perspective to bind administration interfaces like phpmyadmin to localhost and access it via SSH tunnels? Or could somebody, who knew eg. that phpmyadmin (or any other commonly availible script) is listening at a certain port on localhost easily forge requests that would be executed if no other authentication was present? In other words: could somebody from somewhere in the internet easily forge a request, so that the webserver would accept it, thinking it originated from 127.0.0.1 if the server is listening on 127.0.0.1 only? If there were a risk, could it be somehow dealt with on a lower level than the application, eg. by using iptables? The idea being, that if someone found a weakness in a php script or apache, the network would still block this request because it did not arrive via a SSH-tunnel?

Read the article
SonicWALL NetExtender - Client Install?

- by JArmani

We are about to push out a new VPN solution for our organization. One of the beautiful things we saw in SonicWALL's SSL-VPN was the thin, browser-based solution of NetExtender. Does anybody have experience with this? My specific concern is that, at least in Windows 7 during testing, it prompts for admin credentials to install the ActiveX NetExtender plugin, which is standard for installing anything in a Windows domain environment. But doesn't this mean I actually have to go in and install the client on all domain laptops that will be using the VPN in the field? They wouldn't actually be able to simply visit the site and run the client, as advertised? By the way, we're using the SonicWALL NSA 3500 device. We do have ManageEngine's Desktop Central, which can push out software installations, but it usually has to be in the form of a .MSI package. Is there any solution to this, besides hitting up all my organization's computers?

Read the article
How can I get rid of the long Google results URLs?

- by Teifi

google.com is always shielded by our firewall. When I search something at google.com, a result list appears. Then I click the link, the URL changes to a processed url like: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDcQFjAA&url=http%3A%2F%2Fwww.amazon.com%2F&ei=PE_AUMLmFKW9iAfrl4HoCQ&usg=AFQjCNGcA9BfTgNdpb6LfcoG0sjA7hNW6A&cad=rjt Then my browser is blocked because of google.com I guess. The only useful information in that long like processed URL is http%3A%2F%2Fwww.amazon.com(http://www.amazon.com). My quesitons: What's the meaning of that long like processed URL? Is there a way to remove the header google.com/url?sa.. each time I click the search results?

Read the article
What is a good solution for an intranet video portal (YouTube-like) site? [closed]

- by Ken Pespisa

I would like an easy-to-setup site to handle videos to be viewed internally by my company. YouTube is essentially the perfect solution except for its being public. I'm looking for a place where a few people can upload videos, and the system will return a page where they can watch that video in a browser. I figure this would involve a dedicated Web server to run the Web application and process the videos. I've searched and I don't think such a system exists, but I perhaps there's one out there in its infancy that doesn't rank high on Google yet. Essentially the site I'm looking for is what MediaWiki is to Wikis, or what StackExchange is to Q&A sites, but for videos.

Read the article
block access to certain website types

- by frustrated teacher

Need to block access to certain website types without listing each URL to block. Students at secondary school are going to porn sites. Need to be able to block all such access without having to list each possible site URL. Having the Content -- Ratings tab set to None for all categories on the ratings files listed on my computers does not prevent access. Unchecking users may access sites with no rating, even with the security settings set to High, still allows the porn sites to come up. If that is checked, then ONLY listed sites can open and students would not be able to do any research via google, for example. I would rather not have to continue checking each computer and blocking sites as they find them.

Read the article
Can not find the source of Grant permission on a folder

- by Konrads

I have a security mystery :) Effective permissions tab shows that a few sampled users (IT ops) have any and all rights (all boxes are ticked). The permissions show that Local Administrators group has full access and some business users have too of which the sampled users are not members of. Local Administrators group has some AD IT Ops related groups of which the sampled users, again, appear not be members. The sampled users are not members of Domain Administrators either. I've tried tracing backwards (from permissions to user) and forwards (user to permission) and could not find anything. At this point, there are two options: I've missed something and they are members of some groups. There's another way of getting full permissions. Effective Permissions are horribly wrong. Is there a way to retrieve the decision logic of Effective Permissions? Any hints, tips, ideas?

Read the article
Unable to connect to MySQL through port 3306

- by Ron

I read the answers about 3306 from a question posted in 2009. I have the same problem, but the answers I read didn't help. Port 3306 is open, even if I stop the windows-firewall, MySQL still can't access it. MySQL is running. I've run netstat firewall xxxxxx and get these results: 3306 TCP Enable MySQL Server and this from netstat -a -n: TCP [::]:3306 [::]:0 LISTENING 0 (I don't understand the [::]) I do have AVG Internet Security running but not the Firewall component. How can I find out what is blocking MySQL from accessing this port? And it's not just this specific port, but any port. I've asked on the MySQL forum, but no one is replying.

Read the article
Recommend a web file sharing software please.

- by Baczek

I'm looking for a web platform to put company files at. My requirements are: should be accessible via a browser should be open source must be installable (dropbox is a no-go) must have an option to put a access time limit on a file must perform garbage collection automatically after a file expires must be able to mark files as public or private an option to protect a file via a pin-code for users without accounts in the system would be nice to have The problem is I don't even know what to search for - all my googling results in either complete groupware solutions or p2p file sharing software. If such a thing doesn't exist, please don't hestitate to say so, so I can crawl to a corner and cry myself to sleep. TIA

Read the article
OS X software updates download but don't install

- by ridogi

I've got three 10.6 computers that won't install OS X updates. Checking for new software will show about a dozen updates (Security updates, Safari, iPhoto, printers, etc) and if choose install it downloads them. After downloading and then clicking restart the computer sits at the purplish sky desktop with no progress bar, and then after about 3 minutes it goes back to the login window (without ever installing or restarting). If I then select check for updates the same updates will all be presented and I can repeat the process. Manually downloading and installing an update such as 10.6.8 combo updater works as it should, and then check for updates no longer presents that particular update as an option. This seems to be the result of some setting or 3rd party application as I've got 3 out 7 computers experiencing this exact same problem. What could cause this and how can I fix it?

Read the article
How to keep program always in memory (no swapping)

- by Yossarian

I'm using KeePass (on Windows 7) for storing passwords. The application is running on my laptop almost 100% of the time, but I'm using it rarely. The problem is, that activating the window after long time takes huge amount of time, I'd say that OS realized the application is no longer used and swapped it. I don't want OS to swap my KeePass (because of the loading lag, and also because of security - I don't like the idea of password keeping program's memory to be stored anywhere on HDD). Is there any possibility how to tell OS not to swap some program? Or, is this achievable by some programming?

Read the article
Hide directory contents from showing when accessing the URL directly

- by SoLoGHoST

On my site, if you browse to http://example.com/images/ the contents of the entire directory are shown like so: How can I make it so that this doesn't show up when people browse directly to http://example.com/images/? Can I create an .htaccess file in that directory? Or is there a better way? I really don't want people being able to do this for the entire site (i.e. every directory on that site). What can I do to prevent this? I figure it's either something that has to be done in Apache or using an global .htaccess file and placing it in the public_html folder perhaps? EDIT I diverted this using an index.php file, but I still feel that security is an issue here, how can I fix this permanently?

Read the article
Is looking for Wi-Fi access points purely passive?

- by Aric TenEyck

Say I carry a Wi-Fi enabled phone or laptop through an area where there are WAPs. Assuming that I don't actively try to connect to them or otherwise interact with them, is it possible for the owner of that WAP to know that I was there? I'm asking this in the context of my earlier question: Looking for MACs on the network I was talking with a friend about my newfound ability to detect phones (and other devices with MAC addresses) on the network, and he pointed out that it might be useful to detect unknown phones on the network; I could use that data to track down anyone who was in my house and brought a Wi-Fi phone with them. So, if I set up a logging fake WAP with no security or encryption, can I glean any useful information about the devices that come into the house? Assuming that the thief doesn't actively try to connect...

Read the article
Unable to renew certificate in certmgr.msc in windows 2003

- by VicF

I am trying to renew a certificate using CertManager on Windows 2003 Server. (I have also used the certificate plug-in in MMC but its the same thing.) I am logged in with the Administrator account. When I select any of my Personal certificates and go to the All-Tasks menu I only see Open and Export. I do not see the "Renew Certificate with New Key" or "Renew this certificate with the same key" options. How do I get those options to show up? I there some security policy or service that I need to run?

Read the article
Centrally manage Windows 7 computers without Active Directory

- by Sean W.

I manage three Windows PCs at home using the principle of least privilege. This means that practically every other day when a new version of Java is released, I have to manually install the update using my administrative credentials on each machine. This is starting to become more work than I had expected. I would love to set up an active directory domain at home, but Microsoft has discontinued Windows home server; its replacement, Windows server 2012 essentials is much more expensive (about $500). Are there any free (preferably as in speech) that would allow me to centrally manage the software installed on each machine in a manner similar to that of active directory? I'd also like to find a way to centrally manage security settings, but I doubt there's an equivalent of group policy. Samba 4 would be an ideal solution, but according to its own developers, it is not yet stable enough for production use.

Read the article
IIS get full error message for failed requests

- by BetaRide

I have IIS set-up and serving my webservice. Unfortunately if the webservice throws an exception, all I get is a blue box with the title failed request. What options do I have to actually see what went wrong? I'd prefer to get the exception message and a stack trace. I already set-up "Failed Request Tracing" but the directory remains empty. If possible I'd prefer to get the stack trace in the browser directly. Just if this matters: I have an IIS 7.5 on a Win 7 64 Pro box. The Webservice is a WCF C# project.

Read the article
Launching multiple applications with a single command/script/shortcut

- by Bill

I realized a few days ago that every time I sit down at work, I do a few things after unlocking my computer. First, I open up Firefox, then I open up Chrome, then I log in to Digsby. I realized I could probably save repeating this daily by writing a small batch script to open up Firefox and Chrome , but I couldn't figure out how to make it work.. and since the whole effort is to save time I don't want to bash my head around in the windows command prompt to do it. I also tired this in powershell but ran in to a bunch of security nonsense. Is there a way to do this that I am missing? Bonus points if somebody has figured out how to manipulate Digsby via COM , scripting, or python =)

Read the article
what are the vulnerabilities installing openvpn client on a customer's unattended server?

- by senorsmile

We run Pfsense as our primary firewall. We also have OpenVPN server running on that box to allow us to remotely connect to our network. My question is: if we have a customer's mostly unattended server that we want to access remotely, what security vulnerabilities are there to installing openvpn on the customer's server as a client connecting to our network. Presumably, we would want to limit/restrict that server's access to the rest of our network. How do we lock openvpn down and are there ways to detect abnormal activity coming from an openvpn client?

Read the article
Blocked Chrome by Company's Proxy

- by gol.d.ace

Chrome has just suddenly being blocked by my company for accessing internet. Instead, IE still works fine. It blocks the connection, the error says that my Chrome connection is timeout & the server is not responding Error 118 (net::ERR_CONNECTION_TIMED_OUT): The operation timed out). I guess the reason behind this is to standardize all user's browser for only using IE for security reason. I have tried to change the user-agent string (--user-agent="... ") so that the Chrome will pretend to be as IE. and yet, still not working! Could anyone shed my problem here? IE is just not comfortable so-called for surfing the web!

Read the article
Newly installed DIR-615 - how to connect to the wireless?

- by JK123

I've just installed a D-Link DIR 615, but can't figure out how to connect to the wireless.. When I double click my wireless icon in the tray, it does show the new network. Its starts the "WiFi protected setup wizard" and the first thing it asks for is the "Device Ownership Password". I have no idea what that is - I've tried the PIN and the router password. On the next page it says: SSID: _(name)__ Security type: _wpa2 personal aes ccmp_ Password: _some long key that is not what I entered during router setup_ I change the key to the one I created when setting up the router. I've also tried leaving the key as it is shown in the dialog. But it does not connect either way. All it says is "Configuration failed" So how do I connect to the new wireless network??

Read the article
How to know if it's phishing or not in android apps?

- by Zakaria Dza

In IM apps (not only), there is a browser frame that appears and prompts for example to connect to facebook account, ebuddy for example (can't post pictures :( ) http://nsa34.casimages.com/img/2013/06/26//130626121230193046.jpg My question is: how can I know if this frame is from facebook.com and not a phishing website. I know that the apps in the play store are legit (mostly at least), but how can we trust apps that we install from outside the store? Or is there any way to check the credentials form action? Thanks for your answers and sorry for my bad english. (And sorry for the picture, couldn't make a screenshot ;-) )

Read the article
one of my web hostings is down - only for me - why ?

- by Thomas Traub

My first post here, I am reading / learning a lot, thanks ;). I've got a mysterious issue (for me) and would really appreciate to get it solved. I've rent a reseller package with bibihost.com and it's now the second time that all my domaines the hoster's site are unavailable from my connection (my Mac and my iPhone), (in browser, per FTP, ping, ab, and traceroute) This has never before happened to me with other web addresses. traceroute get's always stuck at a specific server 40g.vss-1-6k.routers.chtix.eu (91.121.131.29) The sites are all up for everyone else, I've checked with downforeveryoneorjustme.com, a homegrown script loaded to another server and montastic.com My question(s) : Why am I blocked ? Is there anything I can do about it ? If I cannot solve this issue I have to change the hoster, but I really would like to know what's going on. my domaines on this server : tienstiens.fr tomlegrand.com

Read the article
Help with Corrupt version of IE8 on WinXPsp3

- by Anon

I've upgrade from IE6 to 7 to 8 and back down and back up, but still have critical issues in IE such as * cannot see any version info in "about internet explorer" * cannot run windows update * cannot load SharePoint pages (and other pages using ActiveX or IE-specific dhtml) I've also re-installed sp3, but still no luck. Also, also - I've changed security settings to be most permissive. Next step is blowing it all away and starting with windows7. Short of that, any suggestions are welcome. Thanks in advance.

Read the article
Redirect traffic to local address so iOS speedtest app measures LAN speed

- by ivan_sig

I have mounted a Speedtest Mini server on a local LAMP, so I can test my LAN speeds effortlessly just by opening the URL with a Flash enabled web browser, the thing is, I want my iOS and Android devices to test with the LAN server too, not with the WAN, as I'm trying to measure LAN-Only performance. Is there a way so I can redirect the traffic intended to an specific external IP (The one of the real server) to my local server?. I know the servers IP as a short Wireshark analysis gave me the data, but still searching for a way to make that redirect. I have Jailbreak and root on my devices, so playing with system files is not a problem. I've tried mounting a proxy and making redirects by the hosts file and domain names, but it looks like Ookla's app relies on IP address only.

Read the article
System stuttering caused by hard drive

- by LukLed

My system keeps freezing for about 1-2 second every time I try to do something. For example, when I enter URL in browser, it freezes and starts working after few seconds. It is probably related to hard drive. I installed HD tune and when benchmark is in progress, causing constant disk use, everything works fine in background, there are no lags. What can be the reason of this issue? My hardware is Acer Aspire 7740G-6969 running on Windows 7.

Read the article

< Previous Page | 657 658 659 660 661 662 663 664 665 666 667 668 | Next Page >