Search Results

Search found 9545 results on 382 pages for 'least privilege'.

Page 8/382 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

• Giving Zend Navigation Pages Multiple ACL Privileges

  - by Sonny

  I'm using Zend_Navigation and am trying to integrate it with Zend_Acl. Each page in the navigation has a privilege attribute. What I can't determine is how to define multiple privileges for a single page. Use case: A page that is for managing users. I want to display that page (in navigation) if the current signed in user's role has add, edit, or delete privileges on the Users resource. Example entry in the navigation XML: <admin_users> <label>Users</label> <route>default</route> <controller>admin</controller> <action>users</action> <resource>Users</resource> <privilege>add,edit,delete</privilege> </admin_users> Using a comma-separated list as above doesn't lend the desired behavior.

  Read the article

• A Quick-Start Guide of Process Mandatory Level Checking and Self-elevation under UAC

  This example demonstrates how to check the privilege level of the current process, and how to self-elevate the process by giving explicit consent with the Consent UI.

  Read the article

• Giving a Zone "More Power"

  - by Brian Leonard

  In addition to the traditional virtualization benefits that Solaris zones offer, applications running in zones are also running in a more secure environment. One way to quantify this is compare the privileges available to the global zone with those of a local zone. For example, there a 82 distinct privileges available to the global zone: bleonard@solaris:~$ ppriv -l | wc -l 82 You can view the descriptions for each of those privileges as follows: bleonard@solaris:~$ ppriv -lv contract_event Allows a process to request critical events without limitation. Allows a process to request reliable delivery of all events on any event queue. contract_identity Allows a process to set the service FMRI value of a process contract template. ... Or for just one or more privileges: bleonard@solaris:~$ ppriv -lv file_dac_read file_dac_write file_dac_read Allows a process to read a file or directory whose permission bits or ACL do not allow the process read permission. file_dac_write Allows a process to write a file or directory whose permission bits or ACL do not allow the process write permission. In order to write files owned by uid 0 in the absence of an effective uid of 0 ALL privileges are required. However, in a non-global zone, only 43 of the 83 privileges are available by default: root@myzone:~# ppriv -l zone | wc -l 43 The missing privileges are: cpc_cpu dtrace_kernel dtrace_proc dtrace_user file_downgrade_sl file_flag_set file_upgrade_sl graphics_access graphics_map net_mac_implicit proc_clock_highres proc_priocntl proc_zone sys_config sys_devices sys_ipc_config sys_linkdir sys_dl_config sys_net_config sys_res_bind sys_res_config sys_smb sys_suser_compat sys_time sys_trans_label virt_manage win_colormap win_config win_dac_read win_dac_write win_devices win_dga win_downgrade_sl win_fontpath win_mac_read win_mac_write win_selection win_upgrade_sl xvm_control However, just like Tim Taylor, it is possible to give your zones more power. For example, a zone by default doesn't have the privileges to support DTrace: root@myzone:~# dtrace -l ID PROVIDER MODULE FUNCTION NAME The DTrace privileges can be added, however, as follows: bleonard@solaris:~$ sudo zonecfg -z myzone Password: zonecfg:myzone> set limitpriv="default,dtrace_proc,dtrace_user" zonecfg:myzone> verify zonecfg:myzone> exit bleonard@solaris:~$ sudo zoneadm -z myzone reboot Now I can run DTrace from within the zone: root@myzone:~# dtrace -l | more ID PROVIDER MODULE FUNCTION NAME 1 dtrace BEGIN 2 dtrace END 3 dtrace ERROR 7115 syscall nosys entry 7116 syscall nosys return ... Note, certain privileges are never allowed to be assigned to a zone. You'll be notified on boot if you attempt to assign a prohibited privilege to a zone: bleonard@solaris:~$ sudo zoneadm -z myzone reboot privilege "dtrace_kernel" is not permitted within the zone's privilege set zoneadm: zone myzone failed to verify Here's a nice listing of all the privileges and their zone status (default, optional, prohibited): Privileges in a Non-Global Zone.

  Read the article

• Oracle Database:?????????????

  - by Yuichi Hayashi

  Oracle Database?????????·???????????????????·???????? ?????????????????ORA-1031(??????????)?????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????? USER_TAB_PRIVS ·???????????????????????????? ·????????????????????? ·?????????????????????? (?) SQL SELECT * FROM USER_TAB_PRIVS; GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTA HIERAR ---------- ---------- ---------- ---------- ---------- ------ ------ YHAYASHI SCOTT EMP SCOTT DELETE NO NO YHAYASHI SCOTT EMP SCOTT SELECT NO NO [ ?????? ] GRANTEE:????????????OWNER:??????????? GRANTOR:???????????PRIVILEGE:??????????? ?????????????????????????????????????????? ????????????????????????????? USER_TAB_PRIVS_MADE:???????????????????????????? USER_TAB_PRIVS_RECD:??????????????????????? ¦??????????????????? ??????Oracle Database??????·??????????????????????????????? ¦??????????? ??????Oracle Database SQL???????????GRANT????????????

  Read the article

• Disable MySQL general logging without restarting?

  - by shantanuo

  Can I disable general logging completely without restarting the server? Because, per the documentation: SET sql_log_bin = {0|1} Disables or enables binary logging for the current connection (sql_log_bin is a session variable) if the client has the SUPER privilege. The statement is refused with an error if the client does not have that privilege. Can I enable/disable general log without restarting MySQL?

  Read the article

• rails declarative authorization, permit all actions for controller?

  - by SooDesuNe

  using the delcarative_authorization gem for rails, is there a shortcut to allow a role access to all controller actions? privileges do # default privilege hierarchies to facilitate RESTful Rails apps privilege :manage, :includes => [:create, :read, :update, :delete] end isn't sufficient, because I have more controlling methods than just CRUD in my controllers. Something like: role :foo do has_permission_on :bar, :to =>[:all] end would be perfect, but I'm not finding it in the docs.

  Read the article

• Troubleshooting sudoers via ldap

  - by dafydd

  The good news is that I got sudoers via ldap working on Red Hat Directory Server. The package is sudo-1.7.2p1. I have some LDAP/Kerberos users in an LDAP group called wheel, and I have this entry in LDAP: # %wheel, SUDOers, example.com dn: cn=%wheel,ou=SUDOers,dc=example,dc=com cn: %wheel description: Members of group wheel have access to all privileges. objectClass: sudoRole objectClass: top sudoCommand: ALL sudoHost: ALL sudoUser: %wheel So, members of group wheel have administrative privileges via sudo. This has been tested and works fine. Now, I have this other sudo privilege set up to allow members of a group called Administrators to perform two commands as the non-root owner of those commands. # %Administrators, SUDOers, example.com dn: cn=%Administrators,ou=SUDOers,dc=example,dc=com sudoRunAsGroup: appGroup sudoRunAsUser: appOwner cn: %Administrators description: Allow members of the group Administrators to run various commands . objectClass: sudoRole objectClass: top sudoCommand: appStop sudoCommand: appStart sudoCommand: /path/to/appStop sudoCommand: /path/to/appStart sudoUser: %Administrators Unfortunately, members of Administrators are still refused permission to run appStart or appStop: -bash-3.2$ sudo /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as root on host.example.com. -bash-3.2$ sudo -u appOwner /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as appOwner on host.example.com. /var/log/secure shows me these two sets of messages for the two attempts: Oct 31 15:02:36 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:37 host sudo: pam_krb5[1508]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:37 host sudo: pam_krb5[1508]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:37 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=root ; COMMAND=/path/to/appStop Oct 31 15:02:52 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:52 host sudo: pam_krb5[1547]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:52 host sudo: pam_krb5[1547]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:52 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=appOwner; COMMAND=/path/to/appStop The questions: Does sudo have some sort of verbose or debug mode where I can actually watch it capture the sudoers privilege list and determine whether or not Aaron should have the privilege to run this command? (This question is probably independent of where the sudoers database is kept.) Does sudo work with some background mechanism that might have a log level I could turn up? Right now, I can't fix a problem I can't identify. Is this an LDAP search failure? Is this a group member matching failure? Identifying why the command fails will help me identify the fix... Next step: Recreate the privilege in /etc/sudoers, and see if it works locally... Cheers!

  Read the article

• Queston about torrents

  - by c0mrade

  Why do my torrents go at rate 25/30 kb/s and my regular http downloads rate up to 300 kb/s .. is my ISP to blame for this, I meant torrents have like thousand seeders and again its very slow.How are they blocking torrent speed, can I bypass it? @gekkz Results : * There's no indication that your ISP rate limits all downloads at port 6881. In our test, a TCP download on a BitTorrent port achieved at least 392 Kbps while a TCP download on a non-BitTorrent port achieved at least 223 Kbps. You can find details here. * There's no indication that your ISP rate limits all uploads at port 6881. In our test, a TCP upload on a BitTorrent port achieved at least 314 Kbps while a TCP upload on a non-BitTorrent port achieved at least 191 Kbps. You can find details here.

  Read the article

• Is Movable Type among the most secure PHP blogs? How secure are the various PHP blog applications?

  - by user6025

  Basically I'm trying to find a blog for a website, and security is the highest priority in our case. We don't need any features that I would imagine are special. Wordpress was our first idea, but its reputation precedes it, and though it may have cleaned up its act lately, I'm not seeing much solid evidence. I get the impression that Movable Type (at least the Perl version) has a much better reputation for security than Wordpress (historically at least). I'm not sure I want to take a chance with Wordpress at this point, but is there some objective source I can got to to back up (or counter) the notion that MT is at least among the best? Secunia doesn't recommend using their stats for comparisons, and securityfocus.com doesn't have stats at all that I can see. Searching here http://web.nvd.nist.gov makes MT look way better than WP (at least in 2007), but this site was referenced by MT's own page boasting about their security, so I don't know how relevant it is or how seriously people take it. Any suggestions on sites where I could/should make a somewhat objective comparison?

  Read the article

• Changing the system time zone succeeds once and then no longer changes

  - by Adam Driscoll

  I'm using the WinAPI to set the time zone on a Windows XP SP3 box. I'm reading the time zone information from the HKLM\Software\Microsoft\WindowsNT\Time Zones\<time zone name> key and then setting the time zone to the specified time zone. I enumerate the keys under the Time Zones key, grab the TZI value and stuff it into a TIME_ZONE_INFORMATION struct to be passed to SetTimeZoneInformation. All seems to work on the first pass. The time zone changes, no error is returned. The second time I perform this operation (same user, new session, on login before userinit) the call succeeds but the system does not reflect the time zone change. Neither the clock nor time stamps on files are updated to the new time zone. When I navigate to: HKLM\System\CurrentControlSet\Control\TimeZoneInformation my new time zone information is present. A couple strange things are happening when I'm setting my time zone: Also when I parse the TZI binary value from the registry to store in my TIME_ZONE_INFORMATION struct I'm noticing the struct has the DaylightDate.wDay and StandardDate.wDay field always set to 0 I tried to call GetTimeZoneInformation right after I call SetTimeZoneInformation but the call fails with a 1300 error (Not all privileges or groups referenced are assigned to the caller. ) I'm also making sure to send a WM_BROADCAST message so Explorer knows whats going on. Think it's the parsing of the byte array to the TIME_ZONE_INFORMATION struct? Or am I missing some thing else important? EDIT: Found a document stating why this is happening: here. Privilege was introduced in Vista...thanks MSDN docs... Per the Microsoft documentation I'm enabling the SE_TIME_ZONE_NAME privilege for the current processes token. But when I attempt to call LookupPriviledgeValue for SE_TIME_ZONE_NAME I get a 1313 error (A specified privilege does not exist. ).

  Read the article

• Impersonate SYSTEM (or equivalent) from Administrator Account

  - by KevenK

  This question is a follow up and continuation of this question about a Privilege problem I'm dealing with currently. Problem Summary: I'm running a program under a Domain Administrator account that does not have Debug programs (SeDebugPrivilege) privilege, but I need it on the local machine. Klugey Solution: The program can install itself as a service on the local machine, and start the service. Said service now runs under the SYSTEM account, which enables us to use our SeTCBPrivilege privilege to create a new access token which does have SeDebugPrivilege. We can then use the newly created token to re-launch the initial program with the elevated rights. I personally do not like this solution. I feel it should be possible to acquire the necessary privileges as an Administrator without having to make system modifications such as installing a service (even if it is only temporary). I am hoping that there is a solution that minimizes system modifications and can preferably be done on the fly (ie: Not require restarting itself). I have unsuccessfully tried to LogonUser as SYSTEM and tried to OpenProcessToken on a known SYSTEM process (such as csrss.exe) (which fails, because you cannot OpenProcess with PROCESS_TOKEN_QUERY to get a handle to the process without the privileges I'm trying to acquire). I'm just at my wit's end trying to come up with an alternative solution to this problem. I was hoping there was an easy way to grab a privileged token on the host machine and impersonate it for this program, but I haven't found a way. If anyone knows of a way around this, or even has suggestions on things that might work, please let me know. I really appreciate the help, thanks!

  Read the article

• WIF, ADFS 2 and WCF&ndash;Part 1: Overview

  - by Your DisplayName here!

  A lot has been written already about passive federation and integration of WIF and ADFS 2 into web apps. The whole active/WS-Trust feature area is much less documented or covered in articles and blogs. Over the next few posts I will try to compile all relevant information about the above topics – but let’s start with an overview. ADFS 2 has a number of endpoints under the /services/trust base address that implement the WS-Trust protocol. They are grouped by the WS-Trust version they support (/13 and /2005), the client credential type (/windows*, /username*, /certificate*) and the security mode (*transport, *mixed and message). You can see the endpoints in the MMC console under the Service/Endpoints page. So in other words, you use one of these endpoints (which exactly depends on your configuration / system setup) to request tokens from ADFS 2. The bindings behind the endpoints are more or less standard WCF bindings, but with SecureConversation (establishSecurityContext) disabled. That means that whenever you need to programmatically talk to these endpoints – you can (easily) create client bindings that are compatible. Another option is to use the special bindings that come with WIF (in the Microsoft.IdentityModel.Protocols.WSTrust.Bindings namespace). They are already pre-configured to be compatible with the ADFS endpoints. The downside of these bindings is, that you can’t use them in configuration. That’s definitely a feature request of mine for the next version of WIF. The next important piece of information is the so called Federation Service Identifier. This is the value that you (at least by default) have to use as a realm/appliesTo whenever you are requesting a token for ADFS (e.g. in  IdP –> RSTS scenario). Or (even more) technically speaking, ADFS 2 checks for this value in the audience URI restriction in SAML tokens. You can get to this value by clicking the “Edit Federation Service Properties” in the MMC when the Service tree-node is selected. OK – I will come back to this basic information in the following posts. Basically I want to go through the following scenarios: ADFS in the IdP role ADFS in the R-STS role (with a chained claims provider) Using the WCF bindings for automatic token issuance Using WSTrustChannelFactory for manual token handling Stay tuned…

  Read the article

• Non-unique display names?

  - by Davy8

  I know of at least big title game (Starcraft II) that doesn't require unique display names, so it would seem like it can work in at least some circumstance. Under what situations does allowing non-unique display names work well? When does it not work well? Does it come down to whether or not impersonation of someone else is a problem? The reasons I believe it works for Starcraft II is that there isn't any kind of in-game trading of virtual goods and other than "for kicks" there isn't much incentive to impersonate someone else in the game. There's also ladder rankings so even trying to impersonate a pro is easily detectable unless you're on a similar skill level. What are some other cases where it makes sense to specifically allow or disallow duplicate display names? (I have no idea what to tag this as. I went with game-design because I needed at least 1 tag and I don't have rep to create new ones yet.)

  Read the article

• How to get experience in large scale databases?

  - by Justin

  I have written applications that are very small scale and the code I write works fine for them. But I have often wondered how the server side code I write would scale up from 100s of queries per day to millions. Also when looking at possible jobs/projects, people are often looking for developers with experience in this sort of high traffic database design so I would at least like to be able to say, I havent gotten to work on a project that was this popular, but I at least have tried to simulate it. Are there tools or frameworks that can generate a lot of traffic or at least simulate what would happen with traffic on different orders of magnitude so I could get some practice writing optimized code for higher traffic applicaitons?

  Read the article

• Unable to Turn On Media Streaming in Windows Media Player 12 on Windows 7

  - by Chau Chee Yang

  I have 2 PC installed with Windows 7 and Media Player 12. I would like to use Play To feature on both PC connected via LAN. Both PC (A and B) run media player in standard user account. I able to turn on media streaming option in PC A (with privilege access prompt) without any problem. However, PC B also prompt privilege access but no response after enter administrator password. Both PC follow same configuration steps. I may use "play to" PC A (in standard user account) from other PC without any problem. But I can't "play to" PC B in standard user account. I can only run media player in administrator account for "play to" to function. I have tried uninstall and reinstall media player via "Programs and Features" in control panel on PC B. However, it doesn't work too. Does anyone has similar experience as me failing to turn on media streaming that running Windows media player in standard user account?

  Read the article

• security issue of Linux sudo command?

  - by George2

  Hello everyone, 1. I am using Red Hat Enterprise 5 Linux box. I find if a user is in /etc/sudoers file, then if the user run command with sudo, the user will run this command with root privilege (without knowing root password, the user runs sudo only need to input the user's own password in order to run a command with sudo). Is that correct understanding? 2. If yes, then is it a security hole? Since users other than root could run with root privilege? thanks in advance, George

  Read the article

• DB2 users and groups

  - by Arun Srini

  Just want to know everyone's experience and take on managing users/authentication on a multi-node db2 cluster with users groups. I have 17 apps in production (project based company, only 2 online apps), and some 30 users with 7 groups. prodsel - group that has select privilege on all tables produpdt - update group on selective tables (as required by the apps) proddel - delete prodins - insert permissions for the group Now what my company does is when an app uses certain user (called app1user), and needs select and insert privilege on a table, they 1. grant select and insert for prodsel, prodins respectively 2. add the user under those two groups... now this creates one to many relationship between user and privileges, and this app1user also gets select on other tables granted for the prodsel group. I know this is wrong. Before I explain, I need to know how this is done elsewhere. Please share your experiences, even if you use other Databases that uses OS level authentication.

  Read the article

• configure HTTPS server on a cisco router

  - by Sara

  For the past week I was trying to configure an HTTPS server on a cisco 2900 router, I've used the following commands and assigned a username and password to privilege 15 however, when Im trying to access a given ip it requires a username and password however when I insert the username and password I configured it does not allow me to enter and i'm not sure where the problem is. Router(config)# ip http secure-server Router(config)# ip http authentication local These were the commands i used for the https server and also I used the following to assign the username and password Router(config)#username name privilege 15 secret 0 password where 'name' and 'password' represent the username and password respectively I'm trying to access the 192.168.14.1 interface on the router and the username and password i created are not authorized to enter (I got the commands from a cisco router manual)

  Read the article

• How do I get rid of the Cisco CP one-time user message on a Cisco 2901 router?

  - by user65712

  I get this message on a new 2901 Cisco router: Cisco Configuration Professional (Cisco CP) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username <myuser> privilege 15 secret 0 <mypassword> Replace and with the username and password you want to use. It appears every time I login and everytime I show run. I already set up my username. How do I turn it off?

  Read the article

• Turn on PC power remotely through the Internet?

  - by W.N.

  I use SVN for my work at home and office, but I usually forget to commit the changes before shutdown. Therefore, I wish I could turn on my home/office PC at office/home. I already have TeamViewer installed on both PCs, so it will be okay as soon as the power is turned on. I have read many articles about this, I found both my PC and office computers support Wake-on-LAN. However, I don't know much about other config. And I need to turn on my computers through the Internet, not on LAN. My office Internet connection has static IP, however, my home Internet connection has dynamic IP, it changes as soon as I reset the modem, but it is not a big problem, I rarely turn the Internet modem off. And I don't have privilege to config office Internet connection, but I have Administration privilege on both PCs. Please give me details steps to turn on my office PC from home, and turn on my home PC from office.

  Read the article

• Resolving "PLS-00201: identifier 'DBMS_SYSTEM.XXXX' must be declared" Error

  - by Giri Mandalika

  Here is a failure sample. SQL set serveroutput on SQL alter package APPS.FND_TRACE compile body; Warning: Package Body altered with compilation errors. SQL show errors Errors for PACKAGE BODY APPS.FND_TRACE: LINE/COL ERROR -------- ----------------------------------------------------------------- 235/6 PL/SQL: Statement ignored 235/6 PLS-00201: identifier 'DBMS_SYSTEM.SET_EV' must be declared .. By default, DBMS_SYSTEM package is accessible only from SYS schema. Also there is no public synonym created for this package. So, the solution is to create the public synonym and grant "execute" privilege on DBMS_SYSTEM package to all database users or a specific user. eg., SQL CREATE PUBLIC SYNONYM dbms_system FOR dbms_system; Synonym created. SQL GRANT EXECUTE ON dbms_system TO APPS; Grant succeeded. - OR - SQL GRANT EXECUTE ON dbms_system TO PUBLIC; Grant succeeded. SQL alter package APPS.FND_TRACE compile body; Package body altered. Note that merely granting execute privilege is not enough -- creating the public synonym is as important to resolve this issue.

  Read the article

• Managing user privileges, best practice.

  - by Loïc N.

  I'm am new to web development. I'm creating a website where different user can have different privileges, such as creating/editing/deleting a news, or adding/editing/deleting whatever kind of content on the website. I started by creating a "user type" that would indicate the user's privileges (such as "user", "newser", "moderator", "admin", and so on), but i quickly started noticing issues that made me think that this might be a naive approach to this issue. What if i want to give a regular user the right to edit a news (for whatever reason)? Then the user would be half "user", half "newser". But the system i use can only handle one user-type. So what would be the best practice here? I was thinking of removing the concept of roles (or "user-types" such as newser) and only have the concept of "privilege", where every user could have zero to many privileges. So, to re-use the above example, if i wanted a user to have the right to edit some news, i would only have to give him a "edit news" privilege. Is this the way to go?

  Read the article

• Oracle Linux Partner Pavilion Spotlight

  - by Ted Davis

  With the first day of Oracle OpenWorld starting in less than a week, we wanted to showcase some of our premier partners exhibiting in the Oracle Linux Partner Pavilion ( Booth #1033) this year. We have Independent Hardware Vendors, Independent Software Vendors and Systems Integrators that show the breadth of support in the Oracle Linux and Oracle VM ecosystem. We'll be highlighting partners all week so feel free to come back check us out. Centrify delivers integrated software and cloud-based solutions that centrally control, secure and audit access to cross-platform systems, mobile devices and applications by leveraging the infrastructure organizations already own. From the data center and into the cloud, more than 4,500 organizations, including 40 percent of the Fortune 50 and more than 60 Federal agencies, rely on Centrify's identity consolidation and privilege management solutions to reduce IT expenses, strengthen security and meet compliance requirements. Visit Centrify at Oracle OpenWorld 2102 for a look at Centrify Suite and see how you can streamline security management on Oracle Linux.  Unify identities across the enterprise and remove the pain and security issues associated with managing local user accounts by leveraging Active Directory Implement a least-privilege security model with flexible, role-based controls that protect privileged operations while still granting users the privileges they need to perform their job Get a central, global view of audited user sessions across your Oracle Linux environment  "Data Intensity's cloud infrastructure leverages Oracle VM and Oracle Linux to provide highly available enterprise application management solutions.  Engineers will be available to answer questions about and demonstrate the technology, including management tools, configuration do's and don'ts, high availability, live migration, integrating the technology with Oracle software, and how the integrated support process works."    Mellanox’s end-to-end InfiniBand and Ethernet server and storage interconnect solutions deliver the highest performance, efficiency and scalability for enterprise, high-performance cloud and web 2.0 applications. Mellanox’s interconnect solutions accelerate Oracle RAC query throughput performance to reach 50Gb/s compared to TCP/IP based competing solutions that cap off at less than 12Gb/s. Mellanox solutions help Oracle’s Exadata to deliver 10X performance boost at 50% Hardware cost making it the world’s leading database appliance. Thanks for reviewing today's Partner spotlight. We will highlight new partners each day this week leading up to Oracle OpenWorld.

  Read the article

• Managing user privileges, best practices [on hold]

  - by Loïc N.

  I'm am new to web development. I'm creating a website where different user can have different privileges, such as creating/editing/deleting a news, or adding/editing/deleting whatever kind of content on the website. I started by creating a "user type" that would indicate the user's privileges (such as "user", "newser", "moderator", "admin", and so on), but I quickly started noticing issues that made me think that this might be a naive approach to this issue. What if I want to give a regular user the right to edit a news (for whatever reason)? Then the user would be half "user", half "newser". But the system I use can only handle one user-type. So what would be the best practice here? I was thinking of removing the concept of roles (or "user-types" such as newser) and only have the concept of "privilege", where every user could have zero to many privileges. So, to re-use the above example, if I wanted a user to have the right to edit some news, I would only have to give him a "edit news" privilege. Is this the way to go?

  Read the article

• MVP Pattern Philsophical Question - Security Checking in UI

  - by Brian

  Hello, I have a philosophical question about the MVP pattern: I have a component that checks whether a user has access to a certain privilege. This privilege turns on or off certain UI features. For instance, suppose you have a UI grid, and for each row that gets bound, I do a security check to see if certain features in the grid should be enabled or disabled. There are two ways to do this: have the UI/view call the component's method, determine if it has access, and enable/disable or show/hide. The other is have the view fire an event to the presenter, have the presenter do the check and return the access back down to the view through the model or through the event arg. As per the MVP pattern, which component should security checks fit into, the presenter or the view? Since the view is using it to determine its accessibility, it seems more fitting in the view, but it is doing database checks and all inside this business component, and there is business logic there, so I can see the reverse argument too. Thoughts? Thanks.

  Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >