Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

Page 71/763 | < Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78 | Next Page >

So You Want To Build a SPARC Cloud

- by user12601629

Did you ever wish you could get the industrial strength power of UNIX/RISC with the flexibility of cloud computing? Well, now you can! With recent advances from Oracle it's possible to build an incredibly high-performance, flexible, available virtualized infrastructure based on Solaris and SPARC. Here's the recipe! Authored in collaboration across the Oracle "Systems Group" team, we now have a complete best practice guide for you. Click below to download it: Best Practices for Building a Virtualized SPARC Computing Environment Inside you'll find recommendations for how and when to leverage technologies like: SPARC T4 OVM for SPARC hypervisor (version 2.2 and newer) Solaris 11 Ops Center 12c ZFS Storage Appliance Oracle network switches Based on following these best practices, you'll be able to construct a dynamic, virtualized infrastructure that allows for: Easy, GUI-based provisioning on new VMs Automated HA failover in the event of physical server failures Automatic load balancing across a cluster of VM hosts Complete end-to-end monitoring You should download this paper and check it out. Even if you aren't planning on buying all new hardware, and instead want to transform some existing gear into a dynamic virtualized environment then this paper will give you concrete info on what to do and the trade-offs you'll make. Have fun getting started on your journey to build a SPARC cloud!

Read the article
How to configure a WCF service to only accept a single client identified by a x509 certificate

- by Johan Levin

I have a WCF client/service app that relies on secure communication between two machines and I want to use use x509 certificates installed in the certificate store to identify the server and client to each other. I do this by configuring the binding as <security authenticationMode="MutualCertificate"/>. There is only client machine. The server has a certificate issued to server.mydomain.com installed in the Local Computer/Personal store and the client has a certificate issued to client.mydomain.com installed in the same place. In addition to this the server has the client's public certificate in Local Computer/Trusted People and the client has the server's public certificate in Local Computer/Trusted People. Finally the client has been configured to check the server's certificate. I did this using the system.servicemodel/behaviors/endpointBehaviors/clientCredentials/serviceCertificate/defaultCertificate element in the config file. So far so good, this all works. My problem is that I want to specify in the server's config file that only clients that identify themselves with the client.mydomain.com certificate from the Trusted People certificate store are allowed to connect. The correct information is available on the server using the ServiceSecurityContext, but I am looking for a way to specify in app.config that WCF should do this check instead of my having to check the security context from code. Is that possible? Any hints would be appreciated. By the way, my server's config file looks like this so far: <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service name="MyServer.Server" behaviorConfiguration="CertificateBehavior"> <endpoint contract="Contracts.IMyService" binding="customBinding" bindingConfiguration="SecureConfig"> </endpoint> <host> <baseAddresses> <add baseAddress="http://localhost/SecureWcf"/> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="CertificateBehavior"> <serviceCredentials> <serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="server.mydomain.com"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <customBinding> <binding name="SecureConfig"> <security authenticationMode="MutualCertificate"/> <httpTransport/> </binding> </customBinding> </bindings> </system.serviceModel> </configuration>

Read the article
Exception during secure communication implementation

- by Liran

hi everyone. im trying to implement simple secured client server communiction using WCF. when im launching mt server everty thing is OK , But when im launching my client im getting this error: Error : An error occurred while making the HTTP request to https://localhost:800 0/ExchangeService. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caus ed by a mismatch of the security binding between the client and the server. this is the server code : Uri address = new Uri("https://localhost:8000/ExchangeService"); WSHttpBinding binding = new WSHttpBinding(); //Set Binding Params binding.Security.Mode = SecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None; Type contract = typeof(ExchangeService.ServiceContract.ITradeService); ServiceHost host = new ServiceHost(typeof(TradeService)); host.AddServiceEndpoint(contract, binding, address); host.Open(); this is the client configuration (app.config): </client> <bindings> <wsHttpBinding> <binding name="TradeWsHttpBinding"> <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType ="None"/> </security> </binding> </wsHttpBinding> </bindings> the security configuration at both the client and the server are the same , and i dont need certificate for the server in that kind of security (transport) so why do i get this exception ???? thanks...

Read the article
Many users, many cpus, no delays. Good for cloud?

- by Eric

I wish to set up a CPU-intensive time-important query service for users on the internet. A usage scenario is described below. Is cloud computing the right way to go for such an implementation? If so, what cloud vendor(s) cater to this type of application? I ask specifically, in terms of: 1) pricing 2) latency resulting from: - slow CPUs, instance creations, JIT compiles, etc.. - internal management and communication of processes inside the cloud (e.g. a queuing process and a calculation process) - communication between cloud and end user 3) ease of deployment A usage scenario I am expecting is: - A typical user sends a query (XML of size around 1K) once every 30 seconds on average. - Each query requires a numerical computation of average time 0.2 sec and max time 1 sec on a 1 GHz Pentium. The computation requires no data other than the query itself and is performed by the same piece of code each time. - The delay a user experiences between sending a query and receiving a response should be on average no more than 2 seconds and in general no more than 5 seconds. - A background save to a DB of the response should occur (not time critical) - There can be up to 30000 simultaneous users - i.e., on average 1000 queries a second, each requiring an average 0.2 sec calculation, so that would necessitate around 200 CPUs. Currently I'm look at GAE Java (for quicker deployment and less IT hassle) and EC2 (Speed and price optimization) as options. Where can I learn more about the right way to set ups such a system? past threads, different blogs, books, etc.. BTW, if my terminology is wrong or confusing, please let me know. I'd greatly appreciate any help.

Read the article
Cannot import resource > "app/config/security.yml" from "/app/config/config.yml"

- by tirengarfio

Im getting this error: FileLoaderLoadException: Cannot import resource "app/config/security.yml" from "/app/config/config.yml". The file security.yml is on the right path. This is my security.yml file: jms_sapp/confiapp/config/security.yml secure_all_services: false exprapp/confiapp/config/security.yml security: encoders: Symfony\Component\Security\Core\User\User: plaintext role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: in_memory: memory: users: user: { password: userpass, roles: [ 'ROLE_USER' ] } admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/demo/secured/login$ security: false secured_area: pattern: ^/demo/secured/ form_login: check_path: /demo/secured/login_check login_path: /demo/secured/login logout: path: /demo/secured/logout target: /demo/ #anonymous: ~ #http_basic: # realm: "Secured Demo Area" access_control: #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } #- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }

Read the article
firefox addon security question

- by rep_movsd

I'm writing a firefox extension that logs some data and displays the result on a webpage... The webpage fires an event that the extension listens for and the extension can then add data to the page and fire an event back to the page to make it update itself. How do I ensure that the extension always sends data only to my page and not some other? Thanks V

Read the article
Salt, passwords and security

- by Jonathan

I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand. You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't someone gain access to the database, look for says the account called Admin or whatever and then work out the password from that?

Read the article
.net 4.0 with Code Access Security NetFx40_LegacySecurityPolicy won't work

- by user210903

Hi- I'm trying to use an external library DevExpress.XtraTreeList.v8.1.dll in my vsto office addin built using VS2010 beta 2. I am getting the following compile time error: DevExpress.Utils.AppareanceObject threw an exception -- System.NotSupportedException. The error message goes on to say that for compatibility reasons I can use the NetFx40_LegacySecurityPolicy switch. I've tried putting this config variable in all of the following locations: 1) my applications config file. 2) C:\Windows\Microsoft.NET\Framework\v4.0.21006\msbuild.exe.config 3) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\dev.exe.config None of these have resolved the problem. Here were the references I've used. re-enable cas msdn.microsoft.com/en-us/library/ee191568(VS.100).aspx How do I get rid of this error so I can build the application in vs 2010?

Read the article
Spring Security 3.0 and Active Directory LDAP: DOMAIN\user login

- by Bernd Haug

I would like to have users authenticate against an ActiveDirectory LDAP server using the DOMAIN\user.name syntax. I think that should be possible with SpringSec 3.0 since the docs mention an "alternative syntax" which I guess refers to the DOM\user syntax instead of a bind DN, but the docs don't elaborate further. Is there some way to configure Spring Sec 3 LDAP to use "the MS way" or do I have to write my own Authenticator implementation (against e.g. the java.naming.directory package, which I've tested to be able to use the MS syntax as its SECURITY_PRINCIPAL)?

Read the article
firefox extension security issue

- by rep_movsd

I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage. When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics. Now how do I ensure that the extension only puts the (sensitive) data on the right page and not some other malicious one? Thanks V

Read the article
Python: Dennis Nedry - Security

- by Peter Nielsen

Has anyone seen Jurrassic Park where Dennis Nedry has protected the system with an animation that says 'You didn't say the magic word' where after the system goes down. Is it possible to do something similar ikn Python ? To describe it less humoristic: A response screen which waits for a condition fulfilled by the user. And encrypts and locks the system after a certain time. Is that possible on a linux system by the use of Python ?

Read the article
php security help

- by Oliver Bayes-Shelton

Hi, I believe that some one is running shell commands to my server via my site, Could any one offer any help on how the user could be doing this ? also how could I stop this?

Read the article
Security for ASP.NET application running on intranet / VPN

- by Ryan

Hi, I have an ASP.NET app that sits on our intranet, using the WindowsIdentity to identify the user: WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity; if (wi == null || wi.Name == null) { noAccess("No WindowsIdentity"); return; } string username = wi.Name; if (username.Contains("\\")) username = username.Substring(username.LastIndexOf("\\") + 1); This works fine on our Intranet. However, when users from other offices (separate network, with firewall open) they get a password request input box. Why are they getting the password dialogue? What is the recommended way identify users of the app? I want to avoid using password, but windows identities. Anyone attempting to access the application is inside a trusted network. Thanks a lot for any help Ryan

Read the article
Datagram Transport Layer Security (DTLS) on Android/Java

- by Soumya Simanta

Hi, Has anyone used DTLS on Android or is there is an open source Java implementation that supports DTLS? What are my other options for securing UDP traffic on Android ? Thanks.

Read the article
Locking down RAD Studio internal browser security.

- by HMcG

I use Firefox as my web browser, mostly for access to add-ins such as Flashblock and No-script. I noticed yesterday that the RAD Studio internal browser used for the Welcome Page etc has scripting and Active X etc enabled. Is there a way to disable scripting, or better still, block all access to non-local sources in the built-in browser?

Read the article
Quick question about PayPal IPN Security

- by Alix Axel

PayPal IPN sends a POST request with a variable number of fields to the notify URL, in order to confirm that the POST request is legit we need to resubmit the same request along with a additional cmd=_notify-validate field to PayPal, which then replies SUCCESS or FAILURE. My question is, why do we need to resend the request to PayPal? Wouldn't something like this work? if (preg_match('~^(?:.+[.])?paypal[.]com$~i', gethostbyaddr($_SERVER['REQUEST_ADDR'])) > 0) { // request came from PayPal, it's legit. } Iff we can trust the server to correctly resolve IPs, I assume we can trust PayPal POST requests, no?

Read the article
Asp.net Security: IIdentity.IsAuthenticated default implementation.

- by Pickels

Hello Stackoverflowers, I am writing my own custom Identity class which implements IIdentity. I don't need to change the default method IsAuthenticated but so now I was wondering how does the default IIdentity determines if it should return true or false? I thought to find the answer in the FormsAuthenticationTicket I am using but not sure if that is correct. Thanks in advance, Pickels

Read the article
Spring Security: Authentication returns null

- by Mike

Hi! I implemented FilterInvocationSecurityMetadataSource. in getAttribute, i am trying to extract the Authentication object to achieve the user and get his allowed views from the database:Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); but the authentication is null! why? how can i achieve it?

Read the article
database security with php page that spits out XML

- by Rees

Hello, I just created a PHP page that spits outs some data from my database in an XML format. This data is fetched from a flex application I made. I had spent a long time formatting my tables and database information and do not want anyone to be able to simply type www.mysite.com/page_that_spits_out_XML.php and steal my data. However, at the same time I need to be able to access this page from my flex application. Is there a way I can prevent other people from doing this? Thank you!

Read the article
Running Activex control and Maintaining security

- by Shyju

Hi Techies, In my a web application, I have a part to invoke an activex control .The Activex control is available in all the client PCs who are accessing my web application from web server. But When trying to run this ActiveX control from the browser in client machine (using Wshell), It was not getting invoked since "Run Activex Controls and Pluggins" are disabled in my browser. So I changed the browser settings to enable mode and Then the Activex control gave me the expected output. I afraid that this change in browser settings would allow any other website to harm my system. How could I get rid of this problem? Any thoughts? Thanks in advance

Read the article
WPF Skin Skinning Security Concerns

- by Erik Philips

I'm really new to the WPF in the .Net Framework (get that out of the way). I'm writing an application where the interface is very customizable by simply loading .xaml (at the moment a Page element) files into a frame and then mapping the controls via names as needed. The idea is to have a community of people who are interested in making skins, skin my application however they want (much like Winamp). Now the question arises, due to my lack of Xaml knowledge, is it possible to create malicious Xaml pages that when downloaded and used could have other embedded Iframes or other elements that could have embed html or call remote webpages with malicious content? I believe this could be the case. If this is the case then I two options; either I have an automated process that can remove these types of Xaml files by checking it’s elements prior to allowing download (which I would assume would be most difficult) or have a human review them prior to download. Are there alternatives I’m unaware of that could make this whole process a lot easier?

Read the article
jQuery - ASPX Security libraries

- by Jean Paul

Hello. I would like to know if there's a combo like jCryption ([jCryption]) - PHP but for jQuery - ASPX. I mean, I have been searching for a combo to send data both ways (Client-server, server-client) with jQuery to ASPX. The best I found was jCryption that sends data from JavaScrpit to PHP. I need a combo to send data from JavaScrpit to ASPX. Any ideas?? PD: Please don't tell me to use HTTPS, it's not enough to ensure the data communication on a client - server application.

Read the article
silverlight security with WCF service, Forms Authentication and Custom Form Ticket

- by user74825

I have a silverlight application with login on the silverlight page. It uses Forms Authentication with WCF authentication service and customer Membership Provider. Something like : http://blogs.msdn.com/phaniraj/archive/2009/09/10/using-the-ado-net-data-services-silverlight-client-library-in-x-domain-and-out-of-browser-scenarios-ii-forms-authentication.aspx So, SL page login page calls the WCF service authentication service, it validates using DB - brings back username and password. Now, in each subsequent calls (in Global.asax in Authenticate_Request, I get HttpContext.User.IsAuthenticated and HttpContext.User.UserName). I have all this working properly. But, I just don't want the username, but more information surrounding the user, like UserId, UserAddress, UserAssociateCustomer etc. I tried couple of different approaches. 1) Use HttpContext.Cache as a dictionary to save the item and get it off based on httpcontext.user.name, problem is cache can be erased if there memory is being used heavily. 2) Tried CustomFormsAuth Ticket, when forms authentication writes a ticket, I intercept CreatingCookie method and write additional info in formauthentication ticket, so that I can read it in subsequent requests, I am having problems with this approach, I don't find the ticket in subsequent requests. I read about how we should use REsponse.Redirect, but where do I redirect user from WCF call. How do you guys implement the above scenario? Any best practices.? Any issues you see with going on HTTPS? All examples (or most of them) just explains simple forms authentication with "I am logged in message".. Any suggestions ?

Read the article
Security implications of writing files using PHP

- by susmits

I'm currently trying to create a CMS using PHP, purely in the interest of education. I want the administrators to be able to create content, which will be parsed and saved on the server storage in pure HTML form to avoid the overhead that executing PHP script would incur. Unfortunately, I could only think of a few ways of doing so: Setting write permission on every directory where the CMS should want to write a file. This sounds like quite a bad idea. Setting write permissions on a single cached directory. A PHP script could then include or fopen/fread/echo the content from a file in the cached directory at request-time. This could perhaps be carried out in a Mediawiki-esque fashion: something like index.php?page=xyz could read and echo content from cached/xyz.html at runtime. However, I'll need to ensure the sanity of $_GET['page'] to prevent nasty variations like index.php?page=http://www.bad-site.org/malicious-script.js. I'm personally not too thrilled by the second idea, but the first one sounds very insecure. Could someone please suggest a good way of getting this done?

Read the article
PHP Form Security With Referer

- by Jascha

I'm putting together a site that will make itself available for user input. I was wondering if writing a function like: if(getenv("HTTP_REFERER") != 'http://www.myURL.com/submitArea'){ die('don\'t be an jerk, ruin your own site'); }else{ // continue with form processing } is enough to prevent cross site form submissions.

Read the article

< Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78 | Next Page >