Search Results

Search found 52418 results on 2097 pages for 'free database security ev'.

Page 8/2097 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15 | Next Page >

Open Source Security packages for Rails

- by Edwin

I'm currently creating a complete web application using Rails 3 to familiarize myself with its inner workings and to gain a better appreciation of a working web application's moving parts. (Plus, since I'm still working on my degree, I hope that it will give me a better idea of what's BS in my education requirements and which weaknesses/skills I should focus on.) The example application I'm working on is an ecommerce site, and I've already configured the backend, routes, controllers, and so on. As part of the application, I'd like to integrate a second layer of security on top of the one Rails already provides for user authentication. However, I've been unable to find any on Google, with the exception of OAuth - which, from my understanding, is meant to secure API calls. While I could roll my own secure authentication system, I'm only in my second year of college and recognize that A) I know little about security, and B) there are developers that know much more about security that are working on open-source projects. What are some actively developed open-source security packages or frameworks that can be easily added to Rails? Pros and cons are not necessary, as I can do the research myself. P.S. I'm not sure whether I posted this in the right SE site; please migrate to SO or Security if it is more appropriate there.

Read the article
j2ee implementing security and using a framwork pros and cons

- by Ismail Marmoush

I'm a newbie to j2ee security, and i'm not j2ee expert either, though i'm really willing to put some effort and learn I've an application that i'm about to develop on Google App Engine (GAE) --with no time constraints. As you know GAE handles a lot of web container security issues for you, also I will be using openID for authentication exclusively (sessions will be handled by provider). GAE supports SSL which will help with confidentiality and integrity maybe. Authorization can be done through filters. I know reinventing the wheel is a mess, but I was looking forward to learn something about security and implement that in my new app. so what the pros and cons of using a framework like shiro, spring security, jguard etc or filling the rest of gaps on my own ?

Read the article
Weaknesses of 3-Strike Security

- by prelic

I've been reading some literature on security, specifically password security/encryption, and there's been one thing that I've been wondering: is the 3-strike rule a perfect solution to password security? That is, if the number of password attempts is limited to some small number, after which all authentication requests will not be honored, will that not protect users from intrusion? I realize gaining access or control over something doesn't always mean going through the authentication system, but doesn't this feature make dictionary/brute-force attacks obsolete? Is there something I'm missing?

Read the article
Monday, Oct 1 at OpenWorld - Database Security Must See Sessions

- by Troy Kitch

TIME TITLE LOCATION 12:15 - 1:15 PM Database Security Inside-Out: Latest Innovations in Database Security (CON8686) Moscone South - 102 3:15 - 4:15 PM Oracle Database Security Solutions Customer Panel: Real-World Case Studies (CON8674) Moscone South - 270 4:45 - 5:45 PM Latest Innovations and Best Practices for Oracle Database Auditing (CON8661) Moscone South - 303

Read the article
Need suggestions on how to create a website with an encrypted database.

- by SFx

Hi guys, I want to create a website where a user enters content (say a couple of sentences) which eventually gets stored in a backend database (maybe MySQL). But before the content leaves the client side, I want it to get encrypted using something on client like maybe javascript. The data will travel over the web encrypted, but more importantly, will also be permanently stored in the backend database encrypted. Is JavaScript appropriate to use for this? Would 256 bit encryption take too long? Also, how do you query an encrypted database later on if you want to pull down the content that a user may have submitted over the past 2 months? I'm looking for tips, suggestions and any pointers you guys may have in how to go about learning about and accomplishing this. Thanks!

Read the article
Are two database trips reasonable for a login system?

- by Randolph Potter

I am designing a login system for a project, and have an issue about it requiring two trips to the database when a user logs in. User types in username and password Database is polled and password hash is retrieved for comparative purposes (first trip) Code tests hash against entered password (and salt), and if verified, resets the session ID New session ID and username are sent back to the database to write a row to the login table, and generate a login ID for that session. EDIT: I am using a random salt. Does this design make sense? Am I missing something? Is my concern about two trips unfounded? Comments and suggestions are welcome.

Read the article
Spring security request matcher is not working with regex

- by Felipe Cardoso Martins

Using Spring MVC + Security I have a business requirement that the users from SEC (Security team) has full access to the application and FRAUD (Anti-fraud team) has only access to the pages that URL not contains the words "block" or "update" with case insensitive. Bellow, all spring dependencies: $ mvn dependency:tree | grep spring [INFO] +- org.springframework:spring-webmvc:jar:3.1.2.RELEASE:compile [INFO] | +- org.springframework:spring-asm:jar:3.1.2.RELEASE:compile [INFO] | +- org.springframework:spring-beans:jar:3.1.2.RELEASE:compile [INFO] | +- org.springframework:spring-context:jar:3.1.2.RELEASE:compile [INFO] | +- org.springframework:spring-context-support:jar:3.1.2.RELEASE:compile [INFO] | \- org.springframework:spring-expression:jar:3.1.2.RELEASE:compile [INFO] +- org.springframework:spring-core:jar:3.1.2.RELEASE:compile [INFO] +- org.springframework:spring-web:jar:3.1.2.RELEASE:compile [INFO] +- org.springframework.security:spring-security-core:jar:3.1.2.RELEASE:compile [INFO] | \- org.springframework:spring-aop:jar:3.0.7.RELEASE:compile [INFO] +- org.springframework.security:spring-security-web:jar:3.1.2.RELEASE:compile [INFO] | +- org.springframework:spring-jdbc:jar:3.0.7.RELEASE:compile [INFO] | \- org.springframework:spring-tx:jar:3.0.7.RELEASE:compile [INFO] +- org.springframework.security:spring-security-config:jar:3.1.2.RELEASE:compile [INFO] +- org.springframework.security:spring-security-acl:jar:3.1.2.RELEASE:compile Bellow, some examples of mapped URL path from spring log: Mapped URL path [/index] onto handler 'homeController' Mapped URL path [/index.*] onto handler 'homeController' Mapped URL path [/index/] onto handler 'homeController' Mapped URL path [/cellphone/block] onto handler 'cellphoneController' Mapped URL path [/cellphone/block.*] onto handler 'cellphoneController' Mapped URL path [/cellphone/block/] onto handler 'cellphoneController' Mapped URL path [/cellphone/confirmBlock] onto handler 'cellphoneController' Mapped URL path [/cellphone/confirmBlock.*] onto handler 'cellphoneController' Mapped URL path [/cellphone/confirmBlock/] onto handler 'cellphoneController' Mapped URL path [/user/update] onto handler 'userController' Mapped URL path [/user/update.*] onto handler 'userController' Mapped URL path [/user/update/] onto handler 'userController' Mapped URL path [/user/index] onto handler 'userController' Mapped URL path [/user/index.*] onto handler 'userController' Mapped URL path [/user/index/] onto handler 'userController' Mapped URL path [/search] onto handler 'searchController' Mapped URL path [/search.*] onto handler 'searchController' Mapped URL path [/search/] onto handler 'searchController' Mapped URL path [/doSearch] onto handler 'searchController' Mapped URL path [/doSearch.*] onto handler 'searchController' Mapped URL path [/doSearch/] onto handler 'searchController' Bellow, a test of the regular expressions used in spring-security.xml (I'm not a regex speciality, improvements are welcome =]): import java.util.Arrays; import java.util.List; public class RegexTest { public static void main(String[] args) { List<String> pathSamples = Arrays.asList( "/index", "/index.*", "/index/", "/cellphone/block", "/cellphone/block.*", "/cellphone/block/", "/cellphone/confirmBlock", "/cellphone/confirmBlock.*", "/cellphone/confirmBlock/", "/user/update", "/user/update.*", "/user/update/", "/user/index", "/user/index.*", "/user/index/", "/search", "/search.*", "/search/", "/doSearch", "/doSearch.*", "/doSearch/"); for (String pathSample : pathSamples) { System.out.println("Path sample: " + pathSample + " - SEC: " + pathSample.matches("^.*$") + " | FRAUD: " + pathSample.matches("^(?!.*(?i)(block|update)).*$")); } } } Bellow, the console result of Java class above: Path sample: /index - SEC: true | FRAUD: true Path sample: /index.* - SEC: true | FRAUD: true Path sample: /index/ - SEC: true | FRAUD: true Path sample: /cellphone/block - SEC: true | FRAUD: false Path sample: /cellphone/block.* - SEC: true | FRAUD: false Path sample: /cellphone/block/ - SEC: true | FRAUD: false Path sample: /cellphone/confirmBlock - SEC: true | FRAUD: false Path sample: /cellphone/confirmBlock.* - SEC: true | FRAUD: false Path sample: /cellphone/confirmBlock/ - SEC: true | FRAUD: false Path sample: /user/update - SEC: true | FRAUD: false Path sample: /user/update.* - SEC: true | FRAUD: false Path sample: /user/update/ - SEC: true | FRAUD: false Path sample: /user/index - SEC: true | FRAUD: true Path sample: /user/index.* - SEC: true | FRAUD: true Path sample: /user/index/ - SEC: true | FRAUD: true Path sample: /search - SEC: true | FRAUD: true Path sample: /search.* - SEC: true | FRAUD: true Path sample: /search/ - SEC: true | FRAUD: true Path sample: /doSearch - SEC: true | FRAUD: true Path sample: /doSearch.* - SEC: true | FRAUD: true Path sample: /doSearch/ - SEC: true | FRAUD: true Tests Scenario 1 Bellow, the important part of spring-security.xml: <security:http entry-point-ref="entryPoint" request-matcher="regex"> <security:intercept-url pattern="^.*$" access="ROLE_SEC" /> <security:intercept-url pattern="^(?!.*(?i)(block|update)).*$" access="ROLE_FRAUD" /> <security:access-denied-handler error-page="/access-denied.html" /> <security:form-login always-use-default-target="false" login-processing-url="/doLogin.html" authentication-failure-handler-ref="authFailHandler" authentication-success-handler-ref="authSuccessHandler" /> <security:logout logout-url="/logout.html" success-handler-ref="logoutSuccessHandler" /> </security:http> Behaviour: FRAUD group **can't" access any page SEC group works fine Scenario 2 NOTE that I only changed the order of intercept-url in spring-security.xml bellow: <security:http entry-point-ref="entryPoint" request-matcher="regex"> <security:intercept-url pattern="^(?!.*(?i)(block|update)).*$" access="ROLE_FRAUD" /> <security:intercept-url pattern="^.*$" access="ROLE_SEC" /> <security:access-denied-handler error-page="/access-denied.html" /> <security:form-login always-use-default-target="false" login-processing-url="/doLogin.html" authentication-failure-handler-ref="authFailHandler" authentication-success-handler-ref="authSuccessHandler" /> <security:logout logout-url="/logout.html" success-handler-ref="logoutSuccessHandler" /> </security:http> Behaviour: SEC group **can't" access any page FRAUD group works fine Conclusion I did something wrong or spring-security have a bug. The problem already was solved in a very bad way, but I need to fix it quickly. Anyone knows some tricks to debug better it without open the frameworks code? Cheers, Felipe

Read the article
Database Developer - October 2013 issue: Download Database 12c and related products

- by Javier Puerta

The October issue of the Database Application Developer newsletter is now available. The focus of this issue is on downloads of Database 12c and related products. (Full newsletter here) Get Ready to Download, Deploy and Develop for Oracle Database 12c This month we're focused on downloads. We've rounded up the top developer releases (both early adopter and BETA releases) and the articles that will help you do more with Oracle 12c. See the technical content that will help you get started. If you're ready...Away we go! — Laura Ramsey, Database and Developer Community, Oracle Technology Network Team FEATURED DOWNLOADS Download: Oracle Database 12c According Tom Kyte, the Oracle 12c version has some of the biggest enhancements to the core database since version 6 - Check it out for yourself. Download: Oracle SQL Developer 4.0 Early Adopter 2 is Here Oracle SQL Developer is a free IDE that simplifies the development and management of Oracle Database. It is a complete end-to-end development platform for your PL/SQL applications that features a worksheet for running queries and scripts, a DBA console for managing the database, a reports interface, a complete data modeling solution and a migration platform for moving your 3rd party databases to Oracle. If you are interested in checking out this new early adopter version,Oracle SQL Developer 4.0 EA is the place to go. Download: Oracle 12c Multitenant Self Provisioning Application -BETA- The -BETA- is here. The Multitenant self provisioning Application is an easy and productive way for DBAs and Developers to get familiar with powerful PDB features including create, clone, plug and unplug. No better time to start playing with PDBs. Oracle 12c Multitenant Self Provisioning Application. Download: New! Updates to Oracle Data Integration Portfolio Oracle GoldenGate 12c and Oracle Data Integrator 12c is now available. From Real-Time data integration, transactional change data capture, data replication, transformations....to hi-volume, high-performance batch loads, event-driven, trickle-feed integration process..its now available. Go here all the details and links to downloads...and Congratulations Data Integration Team!. Download: Oracle VM Templates for Oracle 12c Features Support for Single Instance, Oracle Restart and Oracle RAC Support for all current Oracle Database 11.2 versions as well as Oracle 12c on Oracle Linux 5 Update 9 & Oracle Linux 6 Update 4. The Oracle 12c templates allow end-to-end automation for Flex Cluster, Flex ASM and PDBs. See how the Deploycluster tool was updated to support Single Instance and the new Oracle 12c features. Oracle VM Templates for Oracle Database. Download: Oracle SQL Developer Data Modeler 4.0 EA 3 If you're looking for a datamodeling and database design tool that provides an environment for capturing, modeling, managing and exploiting metadata, it's time to check out Oracle SQL Developer Data Modeler. Oracle SQL Developer Data Modeler 4.0 EA V3 is here.

Read the article
Database Developer - October 2013 issue: Download Database 12c and related products

- by Javier Puerta

The October issue of the Database Application Developer newsletter is now available. The focus of this issue is on downloads of Database 12c and related products. (Full newsletter here) Get Ready to Download, Deploy and Develop for Oracle Database 12c This month we're focused on downloads. We've rounded up the top developer releases (both early adopter and BETA releases) and the articles that will help you do more with Oracle 12c. See the technical content that will help you get started. If you're ready...Away we go! — Laura Ramsey, Database and Developer Community, Oracle Technology Network Team FEATURED DOWNLOADS Download: Oracle Database 12c According Tom Kyte, the Oracle 12c version has some of the biggest enhancements to the core database since version 6 - Check it out for yourself. Download: Oracle SQL Developer 4.0 Early Adopter 2 is Here Oracle SQL Developer is a free IDE that simplifies the development and management of Oracle Database. It is a complete end-to-end development platform for your PL/SQL applications that features a worksheet for running queries and scripts, a DBA console for managing the database, a reports interface, a complete data modeling solution and a migration platform for moving your 3rd party databases to Oracle. If you are interested in checking out this new early adopter version,Oracle SQL Developer 4.0 EA is the place to go. Download: Oracle 12c Multitenant Self Provisioning Application -BETA- The -BETA- is here. The Multitenant self provisioning Application is an easy and productive way for DBAs and Developers to get familiar with powerful PDB features including create, clone, plug and unplug. No better time to start playing with PDBs. Oracle 12c Multitenant Self Provisioning Application. Download: New! Updates to Oracle Data Integration Portfolio Oracle GoldenGate 12c and Oracle Data Integrator 12c is now available. From Real-Time data integration, transactional change data capture, data replication, transformations....to hi-volume, high-performance batch loads, event-driven, trickle-feed integration process..its now available. Go here all the details and links to downloads...and Congratulations Data Integration Team!. Download: Oracle VM Templates for Oracle 12c Features Support for Single Instance, Oracle Restart and Oracle RAC Support for all current Oracle Database 11.2 versions as well as Oracle 12c on Oracle Linux 5 Update 9 & Oracle Linux 6 Update 4. The Oracle 12c templates allow end-to-end automation for Flex Cluster, Flex ASM and PDBs. See how the Deploycluster tool was updated to support Single Instance and the new Oracle 12c features. Oracle VM Templates for Oracle Database. Download: Oracle SQL Developer Data Modeler 4.0 EA 3 If you're looking for a datamodeling and database design tool that provides an environment for capturing, modeling, managing and exploiting metadata, it's time to check out Oracle SQL Developer Data Modeler. Oracle SQL Developer Data Modeler 4.0 EA V3 is here.

Read the article
Suggestions for programming language and database for a high end database querying system (>50 milli

- by mmdave

These requirements are sketchy at the moment, but will appreciate any insights. We are exploring what would be required to build a system that can handle 50 database million queries a day - specifiically from the programming language and database choice Its not a typical website, but an API / database accessing through the internet. Speed is critical. The application will primarily receive these inputs (about a few kb each) and will have to address each of them via the database lookup. Only a few kb will be returned. The server will be run over https/ssl.

Read the article
Instructor Insight: Using the Container Database in Oracle Database 12 c

- by Breanne Cooley

The first time I examined the Oracle Database 12c architecture, I wasn’t quite sure what I thought about the Container Database (CDB). In the current release of the Oracle RDBMS, the administrator now has a choice of whether or not to employ a CDB. Bundling Databases Inside One Container In today’s IT industry, consolidation is a common challenge. With potentially hundreds of databases to manage and maintain, an administrator will require a great deal of time and resources to upgrade and patch software. Why not consider deploying a container database to streamline this activity? By “bundling” several databases together inside one container, in the form of a pluggable database, we can save on overhead process resources and CPU time. Furthermore, we can reduce the human effort required for periodically patching and maintaining the software. Minimizing Storage Most IT professionals understand the concept of storage, as in solid state or non-rotating. Let’s take one-to-many databases and “plug” them into ONE designated container database. We can minimize many redundant pieces that would otherwise require separate storage and architecture, as was the case in previous releases of the Oracle RDBMS. The data dictionary can be housed and shared in one CDB, with individual metadata content for each pluggable database. We also won’t need as many background processes either, thus reducing the overhead cost of the CPU resource. Improve Security Levels within Each Pluggable Database We can now segregate the CDB-administrator role from that of the pluggable-database administrator as well, achieving improved security levels within each pluggable database and within the CDB. And if the administrator chooses to use the non-CDB architecture, everything is backwards compatible, too. The bottom line: it's a good idea to at least consider using a CDB. -Christopher Andrews, Senior Principal Instructor, Oracle University

Read the article
Don’t miss this very popular presentation on Punchout in iProcurement on June 26th 2012

- by user793553

Don’t miss this very popular presentation on Punchout in iProcurement on June 26th. See Doc ID 1448447.1 for the Webcast details. ADVISOR WEBCAST: Punchout in iProcurement PRODUCT FAMILY: EBZs- Procurement June 26, 2012 at 14:00 UK / 15:00 Cairo / 6:00 am Pacific / 7:00 am Mountain / 9:00 am Eastern This one-hour session is recommended for technical and functional users who are maintaining and/or implementing the Punchout from iProcurement. The session will provide an overview of the different Punchout model, setup, and the Punchout to PO xml/cxml cycle. Also, it will provide tips in troubleshooting the common issues when new supplier is added to Punchout or the existing one stops working. TOPICS WILL INCLUDE: Overview of the Punchout Models. Provide the knowledge in the Punchout to PO Process cycle. Demo - Punchout. Certificates and setup. Learn the common issues and how to address in an efficient way. (Documentation and Notes) A short, live demonstration (only if applicable) and question and answer period will be included. Oracle Advisor Webcasts are dedicated to building your awareness around our products and services. This session does not replace offerings from Oracle Global Support Services. Current Schedule can be found on Note 740966.1 Post Presentation Recordings can be found on Note 740964.1 WebEx Conference Details Topic: Advisor Webcast - Punchout in iProcuremen Date and Time: Tuesday, June 26, 2012 3:00 pm, Egypt Time (Cairo, GMT+02:00) Tuesday, June 26, 2012 2:00 pm, GMT Summer Time (London, GMT+01:00) Tuesday, June 26, 2012 9:00 am, Eastern Daylight Time (New York, GMT-04:00) Tuesday, June 26, 2012 7:00 am, Mountain Daylight Time (Denver, GMT-06:00) Event number: 597 373 155 ------------------------------------------------------- To register for this meeting ------------------------------------------------------- 1. Event address for attendees: https://oracleaw.webex.com/oracleaw/onstage/g.php?d=597373155&t=a 2. Register for the meeting. Once the host approves your request, you will receive a confirmation email with instructions for joining the meeting. InterCall Audio Instructions A list of Toll-Free Numbers can be found below. VOICESTREAMING IS AVAILABLE teleconference ID: 70528713 UK standard International:+44 1452 562 665 US Free Call: 1866 230 1938 US Local call: 1845 608 8023 Global Toll-Free Numbers MOS doc#: https://metalink3.oracle.com/od/faces/secure/km/DocumentDisplay.jspx?id=1148600.1 Designation Number Argentina Free Call 0800 444 1009 Australia Free Call 1800 763 650 Austria Free Call 0800 111 956 Austria Local Call 0192 865 72 Belgium Free Call 0800 724 46 Belgium Local Call 0817 000 60 Brazil Free Call 0800 761 0835 Bulgaria Free Call 0080 011 511 76 Canada Free Call 1866 984 6577 Columbia Free Call 0180 091 562 17 Croatia Free Call 0800 222 305 Cyprus Free Call 8009 6341 Czech Republic Free Call 8007 007 95 Denmark Free Call 8088 8467 Denmark Local Call 3272 7506 Finland Free Call 0800 112 398 Finland Local Call 0923 114 014 France Free Call 0805 110 463 France Local Call 0359 580 290 Germany Free Call 0800 101 4918 Germany Local Call 0692 222 161 19 Greece Free Call 0080 012 8135 Hong Kong Free Call 8009 661 55 Hungary Free Call 0680 018 839 Hungary Local Call 0180 889 97 India Free Call 0008 001 006 600 Ireland Free Call 1800 300 170 Ireland Local Call 0143 198 35 Israel Free Call 1809 431 440 Italy Free Call 8007 840 87 Italy Local Call 0236 009 700 Japan Free Call 0066 338 124 31 Latvia Free Call 8000 3680 Luxembourg Free Call 8002 7941 Malaysia Free Call 1800 814 528 Mexico Free Call 0018 666 864 905 Monaco Free Call 8009 3655 Netherlands Free Call 0800 949 4596 Netherlands Local Call 0207 168 000 New Zealand Free Call 0800 451 190 North China Free Call 1080 074 413 29 Norway Free Call 8001 8057 Norway Local Call 2151 0847 Poland Free Call 0080 012 135 73 Portugal Free Call 8007 894 20 Romania Free Call 0800 895 558 Russia Free Call 8108 002 385 2044 Slovenia Free Call 0800 804 55 South Africa Free Call 0800 982 794 South China Free Call 1080 044 111 82 South Korea Free Call 0079 814 800 7887 Spain Free Call 9009 389 85 Spain Local Call 9111 421 10 Sweden Free Call 0200 214 344 Sweden Local Call 0850 596 375 Switzerland Free Call 0800 835 040 Switzerland Local Call 0445 804 280 Thailand Free Call 0018 004 421 98 UK Free Call 0800 073 1830 UK Local Call 0844 871 9364 UK National Call 0871 700 0309 UK Standard International +44 (0) 1452 562 665 USA Free Call 1866 230 1938 Back to the top Copyright? 2010, Oracle. All rights reserved. Contact Us | Legal Notices and Terms of Use | Privacy Statement

Read the article
Borrow Harry Potter’s eBooks from Amazon Kindle Owner’s Lending Library

- by Rekha

From June 19, 2012, Amazon.com customers can borrow All 7 Harry Potter books from Kindle Owner’s Lending Library (KOLL). The books are available in English, French, Italian, German and Spanish. Prime Members of Amazon owning Kindle, can choose from 145,000 titles. US customers can borrow for free with no due dates and also as frequently as a month. There are no limits on the number of copies available for the customers. Anyone can read the books simultaneously by borrowing them. The bookmarks in the borrowed books are saved, for the customers to continue reading where they stopped even when they re-borrow the book. Prime members also have the opportunity to enjoy free two day shipping on millions of items and unlimited streaming of over 18,000 movies and TV episodes. Amazon has got an exclusive license from J.K. Rowling’s Pottermore. The series cost between $7.99 and $9.99 for the individual books. Pottermore’s investment on these books are compensated by Amazon’s large payment. Via Amazon. CC Image Credit Amazon KOLL.

Read the article
Oracle Database Appliance Setup Poster Updated

- by Ravi.Sharma

The newly updated Setup Poster for Oracle Database Appliance is now available at http://wd0338.oracle.com/archive/cd_ns/E22693_01/index.htm This updated poster is a comprehensive source of information for anyone planning to deploy Oracle Database Appliance. It includes two main sections (which are conveniently printed on the two sides of a single 11x17 page) 1. Preparing to Deploy Oracle Database Appliance2. Oracle Database Appliance Setup The Preparing to Deploy Oracle Database Appliance section provides a concise list of items to plan for and review before beginning deployment. This includes registering Support Identifiers, allocating IP addresses, downloading software and patches, choosing configuration options, as well as important links to useful information. The Oracle Database Appliance Setup section provides a step by step procedure for deploying and configuring Oracle Database Appliance. This includes initial powering up of Oracle Database Appliance, configuring initial network, downloading software and completing the configuration using Oracle Database Appliance Configurator (GUI)

Read the article
Deploying an ADF Secure Application using WLS Console

- by juan.ruiz

Last week I worked on a requirement from a customer that wanted to understand how to deploy to WLS an application with ADF Security without using JDeveloper. The main question was, what steps where needed in order to set up Enterprise Roles, Security Policies and Application Credentials. In this entry I will explain the steps taken using JDeveloper 11.1.1.2. 0 Requirements: Instead of building a sample application from scratch, we can use Andrejus 's sample application that contains all the security pieces that we need. Open and migrate the project. Also make sure you adjust the database settings accordingly. Creating the EAR file Review the Security settings of the application by going into the Application -> Secure menu and see that there are two enterprise roles as well as the ADF Policies enforcing security on the main page. Make sure the Application Module uses the Data Source instead of JDBC URL for its connection type, also take note of the data source name - in my case I have: java:comp/env/jdbc/HrDS To facilitate the access to this application once we deploy it. Go to your ViewController project properties select the Java EE Application category and give it a meaningful name to the context root as well to the Application Name Go to the ADFSecurityWL Application properties -> Deployment and create a new EAR deployment profile. Uncheck the Auto generate and Synchronize weblogic-jdbc.xml Descriptors During Deployment Deploy the application as an EAR file. Deploying the Application to WLS using the WLS Console On the WLS console create a JNDI data source. This is the part that I found more tricky of the hole exercise given that the name should match the AM's data source name, however the naming convention that worked for me was jdbc.HrDS Now, deploy the application manually by selecting deployments ->Install look for the EAR and follow the default steps. If this is the firs time you deploy the application, once the deployment finishes you will be asked to Activate Changes on the domain, these changes contain all the security policies and application roles insertion into the WLS instance. Creating Roles and User Groups for the Application To finish the after-deployment set up, we need to create the groups that are the equivalent of the Enterprise Roles of ADF Security. For our sample we have two Enterprise Roles employeesApplication and managersApplication. After that, we create the application users and assign them into their respective groups. Now we can run the application and test the security constraints

Read the article
Oracle Database Machine and Exadata Storage Server

- by jean-marc.gaudron(at)oracle.com

Master Note for Oracle Database Machine and Exadata Storage Server (Doc ID 1187674.1)This Master Note is intended to provide an index and references to the most frequently used My Oracle Support Notes with respect to Oracle Exadata and Oracle Database Machine environments. This Master Note is subdivided into categories to allow for easy access and reference to notes that are applicable to your area of interest. This includes the following categories: • Database Machine and Exadata Storage Server Concepts and Overview• Database Machine and Exadata Storage Server Configuration and Administration• Database Machine and Exadata Storage Server Troubleshooting and Debugging• Database Machine and Exadata Storage Server Best Practices• Database Machine and Exadata Storage Server Patching• Database Machine and Exadata Storage Server Documentation and References• Database Machine and Exadata Storage Server Known Problems• ASM and RAC Documentation• Using My Oracle Support Effectively

Read the article
Spring Security - is Role and ACL security overkill?

- by HDave

I have a 3 tier application that requires security authorizations be placed on various domain objects. Whether I use Spring's ACL implementation or roll my own, it seems to me that ACL based security can only be used to authorize (service) methods and cannot be used to authorize URL or web service invocations. I think this because how could a web service call check the ACL before it has hydrated the XML payload? Also, all the examples for web access security in the Spring documentation are securing URL's based on Role. Is it typical to use Spring's roles to secure web presentation and web service calls, while at the same time using ACL's to secure the business methods? Is this overkill?

Read the article
Oracle Announces General Availability of Oracle Database 12c, the First Database Designed for the Cloud

- by Javier Puerta

Oracle Announces General Availability of Oracle Database 12c, the First Database Designed for the Cloud REDWOOD SHORES, Calif. – July 1, 2013 News Summary As organizations embrace the cloud, they seek technologies that will transform business and improve their overall operational agility and effectiveness. Oracle Database 12c is a next-generation database designed to meet these needs, providing a new multitenant architecture on top of a fast, scalable, reliable, and secure database platform. By plugging into the cloud with Oracle Database 12c, customers can improve the quality and performance of applications, save time with maximum availability architecture and storage management and simplify database consolidation by managing hundreds of databases as one. Read full press release

Read the article
Oracle Announces General Availability of Oracle Database 12c, the First Database Designed for the Cloud

- by Javier Puerta

Oracle Announces General Availability of Oracle Database 12c, the First Database Designed for the Cloud REDWOOD SHORES, Calif. – July 1, 2013 News Summary As organizations embrace the cloud, they seek technologies that will transform business and improve their overall operational agility and effectiveness. Oracle Database 12c is a next-generation database designed to meet these needs, providing a new multitenant architecture on top of a fast, scalable, reliable, and secure database platform. By plugging into the cloud with Oracle Database 12c, customers can improve the quality and performance of applications, save time with maximum availability architecture and storage management and simplify database consolidation by managing hundreds of databases as one. Read full press release

Read the article
Single value data to multiple values of data in database relation

- by Sofiane Merah

I have such a hard time picturing this. I just don't have the brain to do it. I have a table called reports. --------------------------------------------- | report_id | set_of_bads | field1 | field2 | --------------------------------------------- | 123 | set1 | qwe | qwe | --------------------------------------------- | 321 | 123112 | ewq | ewq | --------------------------------------------- I have another table called bads. This table contains a list of bad data. ------------------------------------- | bad_id | set_it_belongs_to | field2 | field3 | ------------------------------------- | 1 | set1 | qwe | qwe | ------------------------------------- | 2 | set1 | qee | tte | ------------------------------------- | 3 | set1 | q44w | 3qwe | ------------------------------------- | 4 | 234 | qoow | 3qwe | ------------------------------------- Now I have set the first field of every table as the primary key. My question is, how do I connect the field set_of_bads to set_it_belongs_to in the bads table. This way if I want to get the entire set of data that is set1 by calling on the reports table I can do it. Example: hey reports table.. bring up the row that has the report_id 123. Okay thank you.. Now get all the rows from bads that has the set_of_bads value from the row with the report_id 123. Thanks.

Read the article
How I might think like a hacker so that I can anticipate security vulnerabilities in .NET or Java before a hacker hands me my hat [closed]

- by Matthew Patrick Cashatt

Premise I make a living developing web-based applications for all form-factors (mobile, tablet, laptop, etc). I make heavy use of SOA, and send and receive most data as JSON objects. Although most of my work is completed on the .NET or Java stacks, I am also recently delving into Node.js. This new stack has got me thinking that I know reasonably well how to secure applications using known facilities of .NET and Java, but I am woefully ignorant when it comes to best practices or, more importantly, the driving motivation behind the best practices. You see, as I gain more prominent clientele, I need to be able to assure them that their applications are secure and, in order to do that, I feel that I should learn to think like a malevolent hacker. What motivates a malevolent hacker: What is their prime mover? What is it that they are most after? Ultimately, the answer is money or notoriety I am sure, but I think it would be good to understand the nuanced motivators that lead to those ends: credit card numbers, damning information, corporate espionage, shutting down a highly visible site, etc. As an extension of question #1--but more specific--what are the things most likely to be seeked out by a hacker in almost any application? Passwords? Financial info? Profile data that will gain them access to other applications a user has joined? Let me be clear here. This is not judgement for or against the aforementioned motivations because that is not the goal of this post. I simply want to know what motivates a hacker regardless of our individual judgement. What are some heuristics followed to accomplish hacker goals? Ultimately specific processes would be great to know; however, in order to think like a hacker, I would really value your comments on the broader heuristics followed. For example: "A hacker always looks first for the low-hanging fruit such as http spoofing" or "In the absence of a CAPTCHA or other deterrent, a hacker will likely run a cracking script against a login prompt and then go from there." Possibly, "A hacker will try and attack a site via Foo (browser) first as it is known for Bar vulnerability. What are the most common hacks employed when following the common heuristics? Specifics here. Http spoofing, password cracking, SQL injection, etc. Disclaimer I am not a hacker, nor am I judging hackers (Heck--I even respect their ingenuity). I simply want to learn how I might think like a hacker so that I may begin to anticipate vulnerabilities before .NET or Java hands me a way to defend against them after the fact.

Read the article
Microsoft Blacklists Google, Windows 8 Integrated Security

According to researcher Brian Krebs, millions of surfers were affected by the error which was caused by two of Microsoft's antivirus solutions in the form of Microsoft Security Essentials and the business-related Microsoft Forefront. Both received updates as part of Microsoft's traditional Patch Tuesday on February 14, and those patches are believed to be the cause behind Google's incorrect blacklisting. The false positive alert specifically tagged the search site as being infected with the infamous Blackhole Exploit Kit, which reportedly gives cybercriminals the power to create their own bo...

Read the article
Is it a bad practice to store large files (10 MB) in a database?

- by B Seven

I am currently creating a web application that allows users to store and share files, 1 MB - 10 MB in size. It seems to me that storing the files in a database will significantly slow down database access. Is this a valid concern? Is it better to store the files in the file system and save the file name and path in the database? Are there any best practices related to storing files when working with a database? I am working in PHP and MySQL for this project, but is the issue the same for most environments (Ruby on Rails, PHP, .NET) and databases (MySQL, PostgreSQL).

Read the article
Free OS with MS Windows Archetecture and capabilities

- by Nayana Adassuriya

Currently most of the PC users mostly depend on the windows OS and they would not go away from that beaus of the hand on usage knowledge about and also because of the look and feel habituation. But there are plenty of Linux base Desktop operation systems there such as UBUNTU, FEDORA. Users do not tend to go for those OSs (specially office environments) because most of the 3rd party software and tools (such as Photoshop, flash, Visual Studio) mostly can install only in windows operating system. So I'm thinking why we cant create a free OS same as Windows. That is capable to install software that created for windows. that can communicate with windows servers and exchange etc.. . Simply it should be a free OS with all the capabilities of Windows OS. How about your idea?

Read the article
The Best Websites for Creating and Sending Free eCards

- by Lori Kaufman

With the holiday season upon us, it’s time to pull out the holiday card list and get writing. However, how would you like to save some money this year and also help save the environment? We’ve assembled a list of websites that allow you to create electronic cards (eCards) you can send (using email, Facebook, or other electronic delivery methods) to friends and family for the holidays, or for any other occasion. Each site listed provides free eCards you can send or has a free option, as well as a paid option. Why Does 64-Bit Windows Need a Separate “Program Files (x86)” Folder? Why Your Android Phone Isn’t Getting Operating System Updates and What You Can Do About It How To Delete, Move, or Rename Locked Files in Windows

Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15 | Next Page >