7 Steps to a Secure Wireless Strategy
Like it or not, personal smartphones have invaded the enterprise, and they're not going anywhere. Learn how to build a smart wireless strategy.
Search Results
Search found 19074 results on 763 pages for 'secure government government cloud security'.
Page 80/763 | < Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87 | Next Page >
-
-
Securing Plugin Data in WordPress From Access by Other Plugins?
- by farinspace
There probably is some solution to this, whether it involves code running on just the wordpress installation or a combination of a wordpress installation and a master server I am not sure yet, but please remember not to have tunnel vision and consider any and all possible solutions: The scenario is this: A WordPress plugin (plugin-A) that manages some sort of valuable data (something that the admin would not want stolen), lets say, lead data with user's name and email addresses, the plugin uses its own db tables. Other than the obvious (which is the admin installing plugin-B, not knowing its malicious intent), what is to prevent another WordPress plugin (plugin-B) from accessing plugin-A data or hacking plugin-A files to circumvent security.Read the article
-
How should I secure my webapp written using Wicket, Spring, and JPA?
- by Martin
So, I have an web-based application that is using the Wicket 1.4 framework, and it uses Spring beans, the Java Persistence API (JPA), and the OpenSessionInView pattern. I'm hoping to find a security model that is declarative, but doesn't require gobs of XML configuration -- I'd prefer annotations. Here are the options so far: Spring Security (guide) - looks complete, but every guide I find that combines it with Wicket still calls it Acegi Security, which makes me think it must be old. Wicket-Auth-Roles (guide 1 and guide 2) - Most guides recommend mixing this with Spring Security, and I love the declarative style of @Authorize("ROLE1","ROLE2",etc). I'm concerned about having to extend AuthenticatedWebApplication, since I'm already extending org.apache.wicket.protocol.http.WebApplication, and Spring is already proxying that behind org.apache.wicket.spring.SpringWebApplicationFactory. SWARM / WASP (guide) - This looks the newest (though the main contributor passed away years ago), but I hate all of the JAAS-styled text files that declare permissions for principals. I also don't like the idea of making an Action class for every single thing a user might want to do. Secure models also aren't immediately obvious to me. Plus, there isn't an Authn example. Additionally, it looks like lots of folks recommend mixing the first and second options. I can't tell what the best practice is at all, though.Read the article
-
Windows Azure Learning Plan - SQL Azure
- by BuckWoody
This is one in a series of posts on a Windows Azure Learning Plan. You can find the main post here. This one deals with Security for Windows Azure. Overview and Training Overview and general information about SQL Azure - what it is, how it works, and where you can learn more. General Overview (sign-in required, but free) http://social.technet.microsoft.com/wiki/contents/articles/inside-sql-azure.aspx General Guidelines and Limitations http://msdn.microsoft.com/en-us/library/ee336245.aspx Microsoft SQL Azure Documentation http://msdn.microsoft.com/en-us/windowsazure/sqlazure/default.aspx Samples and Learning Sources for online and other SQL Azure Training Free Online Training http://blogs.msdn.com/b/sqlazure/archive/2010/05/06/10007449.aspx 60-minute Overview (webcast) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032458620&CountryCode=US Architecture SQL Azure Internals and Architectures for Scale Out and other use-cases. SQL Azure Architecture http://social.technet.microsoft.com/wiki/contents/articles/inside-sql-azure.aspx Scale-out Architectures http://tinyurl.com/247zm33 Federation Concepts http://tinyurl.com/34eew2w Use-Cases http://blogical.se/blogs/jahlen/archive/2010/11/23/sql-azure-why-use-it-and-what-makes-it-different-from-sql-server.aspx SQL Azure Security Model (video) http://www.msdev.com/Directory/Description.aspx?EventId=1491 Administration Standard Administrative Tasks and Tools Tools Options http://social.technet.microsoft.com/wiki/contents/articles/overview-of-tools-to-use-with-sql-azure.aspx SQL Azure Migration Wizard http://sqlazuremw.codeplex.com/ Managing Databases and Login Security http://msdn.microsoft.com/en-us/library/ee336235.aspx General Security for SQL Azure http://msdn.microsoft.com/en-us/library/ff394108.aspx Backup and Recovery http://social.technet.microsoft.com/wiki/contents/articles/sql-azure-backup-and-restore-strategy.aspx More Backup and Recovery Options http://social.technet.microsoft.com/wiki/contents/articles/current-options-for-backing-up-data-with-sql-azure.aspx Syncing Large Databases to SQL Azure http://blogs.msdn.com/b/sync/archive/2010/09/24/how-to-sync-large-sql-server-databases-to-sql-azure.aspx Programming Programming Patterns and Architectures for SQL Azure systems. How to Build and Manage a Business Database on SQL Azure http://tinyurl.com/25q5v6g Connection Management http://social.technet.microsoft.com/wiki/contents/articles/sql-azure-connection-management-in-sql-azure.aspx Transact-SQL Supported by SQL Azure http://msdn.microsoft.com/en-us/library/ee336250.aspxRead the article
-
Google dévoile Chrome Webstore et Chrome OS, "l'heure du cloud computing est arrivée" déclare Eric Schmidt
Google dévoile Chrome Webstore et Chrome OS, "l'heure du cloud computing est arrivée", déclare Eric Schmidt Il y a quelques minutes à peine que vient de s'achever un évènement majeur : Google a tenu une grande conférence, retransmise en direct, concernant Chrome OS et ce qui l'entoure. Ce système d'exploitation est on ne peut plus attendu de par le monde, et les informations qui ont été révélées ce soir en intéresseront plus d'un. Clou de la keynote : la présentation du premier netbook équipé de Chrome OS. Mais commençons par le début, et en l'occurrence, un déballage de chiffres : il y a 120 millions d'utilisateurs actifs de Chrome (le navigateur), sur terre. Et, première nouveauté annoncée : le support de Google Instant...Read the article
-
Suitable Hosting for Web Development Company: VPS Hosting, Cloud hosting, Shared Hosting
- by KoolKabin
Hi, We are web development company here in nepal. We are still in growth phase. Our URL: http://www.outsourcingnepal.com We have our clients demanding for web hosting and are now ready for getting hosting package to host websites of our clients. Since we have multiple clients and they want their own cpanel for self configuration, only creating ftp channel is not appropirate. So their own cpanel is needed. So i thought of reseller package. When i searched for reseller package i came across with vps, cloud hosting and shared hosting. So now confused which one is better for our company?Read the article
-
MSDN Simulcast Event: Take Your Applications Sky-High with Cloud Computing and the Windows Azure Pla
Join your local MSDN Events team as we take a deep dive into Microsoft Windows Azure. We'll start with a developer-focused overview of this brave new platform and the cloud computing services that can be used to build amazing applications. As the day unfolds, we'll explore data storage, Microsoft SQL Azure, and the basics of deployment with Windows Azure....Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.Read the article
-
Running TeamCity from Amazon EC2 - Cloud based scalable build and continuous Integration
Ive been having fun playing with the amazon EC2 cloud service. I set up a server running TeamCity, and an image of a server that just runs a TeamCity agent. I also setup TeamCity to automatically instantiate agents on EC2 and shut them down based upon availability of free agents. Heres how I did it: The first step was setting up the teamcity server. Create an account on amazon EC2 (BTW, amazons sites works better in IE than it does in chrome.. who knew!?) Open the EC2 dashboard, and...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.Read the article
-
Running TeamCity from Amazon EC2 - Cloud based scalable build and continuous Integration
Ive been having fun playing with the amazon EC2 cloud service. I set up a server running TeamCity, and an image of a server that just runs a TeamCity agent. I also setup TeamCity to automatically instantiate agents on EC2 and shut them down based upon availability of free agents. Heres how I did it: The first step was setting up the teamcity server. Create an account on amazon EC2 (BTW, amazons sites works better in IE than it does in chrome.. who knew!?) Open the EC2 dashboard, and...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.Read the article
-
Register for Cloud Computing Bootcamp: Free Technical Training on Developing for Windows Azure
This two-day workshop will help you prepare to deliver solutions on the Windows Azure Platform. We've worked to bring the region's best Azure experts together to teach you how to work in the cloud. Each day will be filled with training, discussion, reviewing real scenarios, and hands-on labs. It's more than just a training class, it's also an event-in-a box. If you don't see a class near you, then throw your own....Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.Read the article
-
Morgan Stanley chooses Solaris 11 to run cloud file services
- by Frederic Pariente
At the EAKC2012 Conference last week in Edinburg, Robert Milkowski, Unix engineer at Morgan Stanley, presented on deploying OpenAFS on Solaris 11. It makes a great proofpoint on how ZFS and DTrace gives a definite advantage to Solaris over Linux to run AFS distributed file system services, the "cloud file system" as it calls it in his blog. Mike used ZFS to achieve a 2-3x compression ratio on data and greatly lower the TCA and TCO of the storage subsystem, and DTrace to root-cause scalability bottlenecks and improve performance. As future ideas, Mike is looking at leveraging more Solaris features like Zones, ZFS Dedup, SSD for ZFS, etc.Read the article
-
Message Buffers in cloud
- by kaleidoscope
Message Buffer is WCF queue in the cloud (although currently it does not provide all features of WCF queue). With on-premise WCF, you can take advantage of MSMQ, so that a message is sent to MSMQ by one endpoint, and another endpoint can get the message in a later time. The message is usually a SOAP message so that you can generate a client proxy and invoke the service operations just as invoking a normal WCF operation. Message Buffer is similar, but it also provides a REST API for you to work with the messages. Use it when you need a reliable WCF service. Message buffers can be consumed by non-azure components, "Message buffers are accessible to applications using HTTP and do not require the Windows Azure platform AppFabric SDK" How to: Configure an AppFabric Service Bus Message Buffer : please find below link for more details: http://msdn.microsoft.com/en-us/library/ee794877.aspx http://msdn.microsoft.com/en-us/library/ee794877.aspx Chandraprakash, SRead the article
-
Oracle Exalogic Elastic Cloud - Planned Webcasts
- by chuck.speaks
I’m putting together a collection of recorded webcasts around Oracle Exalogic Elastic Cloud (Exalogic). The plan is to do a systems overview and then multiple deep dives into hardware and software components that make up the engineered system. Those of you that are members of our partner community (Oracle Partner Network), drop me a note if you are interested in a full blown in-class delivery via PTS resources. There is no schedule for these workshops but if there is enough interest, I would venture to guess it would roll out soon. Those of you with applications certified on Oracle WebLogic server that would like to scale to Exalogic, see me or watch this space. Chuck Speaks chuck <dot> speaks at oracle <dot> comRead the article
-
Sales & Operations Planning in the Cloud (Value Chain Planning) with JD Edwards
- by Hartmut Wiese
AVATA, a US based Oracle Partner with the EMEA Headquarter in Germany is offering a pre-integrated, cloud based integration with JD Edwards. It is a Sales & Operations Planning hub that enables companies to seamlessly plan across the entire organization via a dynamic, continuous and collaborative web-based Sales and Operations Planning process. There is a datasheet uploaded to the EMEA JD Edwards Partner Community workspace here which explains options and benefits and has contact details included as well. You need to be a member of this Community to access the workspace. Please register here.Read the article
-
Cloud Control 12c: Verteilen von beliebiger Software mit Deployment Prozeduren
- by Ralf Durben (DBA Community)
Mit dem Lifecycle Management Pack von Oracle Enterprise Manager Cloud Control 12c können Sie Software aus der grafischen Konsole heraus auf Zielsysteme verteilen und installieren, also provisionieren. Dieses funktioniert für viele Oracle Produkte in einer vorgefertigen Form unter Verwendung von Deployment Prozeduren, die als eine Art Spezialformat für Provisionierungsskripte angesehen werden können. Dabei können die vorgefertigten Deployment Prozeduren direkt oder für die eigenen Bedürfnisse modifiziert verwendet werden. Sie können diese Technik jedoch auch für die Provisionierung beliebiger Software nutzen, indem Sie eigene Deployment Prozeduren erstellen. Als einfaches Beispiel einer solchen Provisionierung soll in diesem Tipp das Verteilen einer ZIP-Datei mit anschliessendem Auspacken betrachtet werden. Bewusst wird in diesem Tipp versucht, das Beispiel einfach zu halten, um einen leichten Einstieg zu ermöglichen. Dieser Tipp zeigt Ihnen, wie Sie eine ZIP-Datei mit einer selbstgeschriebenen Deployment Prozedur provisionieren können.Read the article
-
The Unintended Consequences of Sound Security Policy
- by Tanu Sood
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Author: Kevin Moulton, CISSP, CISM Meet the Author: Kevin Moulton, Senior Sales Consulting Manager, Oracle Kevin Moulton, CISSP, CISM, has been in the security space for more than 25 years, and with Oracle for 7 years. He manages the East Enterprise Security Sales Consulting Team. He is also a Distinguished Toastmaster. Follow Kevin on Twitter at twitter.com/kevin_moulton, where he sometimes tweets about security, but might also tweet about running, beer, food, baseball, football, good books, or whatever else grabs his attention. Kevin will be a regular contributor to this blog so stay tuned for more posts from him. When I speak to a room of IT administrators, I like to begin by asking them if they have implemented a complex password policy. Generally, they all nod their heads enthusiastically. I ask them if that password policy requires long passwords. More nodding. I ask if that policy requires upper and lower case letters – faster nodding – numbers – even faster – special characters – enthusiastic nodding all around! I then ask them if their policy also includes a requirement for users to regularly change their passwords. Now we have smiles with the nodding! I ask them if the users have different IDs and passwords on the many systems that they have access to. Of course! I then ask them if, when they walk around the building, they see something like this: Thanks to Jake Ludington for the nice example. Can these administrators be faulted for their policies? Probably not but, in the end, end-users will find a way to get their job done efficiently. Post-It Notes to the rescue! I was visiting a business in New York City one day which was a perfect example of this problem. First I walked up to the security desk and told them where I was headed. They asked me if they should call upstairs to have someone escort me. Is that my call? Is that policy? I said that I knew where I was going, so they let me go. Having the conference room number handy, I wandered around the place in a search of my destination. As I walked around, unescorted, I noticed the post-it note problem in abundance. Had I been so inclined, I could have logged in on almost any machine and into any number of systems. When I reached my intended conference room, I mentioned my post-it note observation to the two gentlemen with whom I was meeting. One of them said, “You mean like this,” and he produced a post it note full of login IDs and passwords from his breast pocket! I gave him kudos for not hanging the list on his monitor. We then talked for the rest of the meeting about the difficulties faced by the employees due to the security policies. These policies, although well-intended, made life very difficult for the end-users. Most users had access to 8 to 12 systems, and the passwords for each expired at a different times. The post-it note solution was understandable. Who could remember even half of them? What could this customer have done differently? I am a fan of using a provisioning system, such as Oracle Identity Manager, to manage all of the target systems. With OIM, and email could be automatically sent to all users when it was time to change their password. The end-users would follow a link to change their password on a web page, and then OIM would propagate that password out to all of the systems that the user had access to, even if the login IDs were different. Another option would be an Enterprise Single-Sign On Solution. With Oracle eSSO, all of a user’s credentials would be stored in a central, encrypted credential store. The end-user would only have to login to their machine each morning and then, as they moved to each new system, Oracle eSSO would supply the credentials. Good-bye post-it notes! 3M may be disappointed, but your end users will thank you. I hear people say that this post-it note problem is not a big deal, because the only people who would see the passwords are fellow employees. Do you really know who is walking around your building? What are the password policies in your business? How do the end-users respond?Read the article
-
eDelivery (Delivery Cloud) Housekeeping - removal of obsolete EPM products
- by THE
You may have noticed that Weblogic Server (WLS) 9.2.X and WLS 10.0.X releases have been removed from the Oracle Software Delivery Cloud. The Delivery Team has been asked to remove or update any product pack or product that embeds WLS 10.3.2 or earlier versions. This is consistent with general Oracle practice of removing old product versions from public distribution systems, and encourages customer usage and adoption of newer product releases such as WLS 10.3.3 or newer. For the convenience of existing supported customers, a media request SR on My Oracle Support can be entered to obtain any removed media. Information on how to open such an SR can be found on MOS Doc ID 1071023.1 . OTN will also be reviewed and similar modifications may potentially be done. The following media packs will be removed from E-Delivery this week, as of the above reason. Hyperion 9.3.1 Hyperion 9.2.1 Hyperion Pre-system 9 EPM 11.1.1.3 EPM 11.1.1.4Read the article
-
Data Source Security Part 5
- by Steve Felts
If you read through the first four parts of this series on data source security, you should be an expert on this focus area. There is one more small topic to cover related to WebLogic Resource permissions. After that comes the test, I mean example, to see with a real set of configuration parameters what the results are with some concrete values. WebLogic Resource Permissions All of the discussion so far has been about database credentials that are (eventually) used on the database side. WLS has resource credentials to control what WLS users are allowed to access JDBC resources. These can be defined on the Policies tab on the Security tab associated with the data source. There are four permissions: “reserve” (get a new connection), “admin”, “shrink”, and reset (plus the all-inclusive “ALL”); we will focus on “reserve” here because we are talking about getting connections. By default, JDBC resource permissions are completely open – anyone can do anything. As soon as you add one policy for a permission, then all other users are restricted. For example, if I add a policy so that “weblogic” can reserve a connection, then all other users will fail to reserve connections unless they are also explicitly added. The validation is done for WLS user credentials only, not database user credentials. Configuration of resources in general is described at “Create policies for resource instances” http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/security/CreatePoliciesForResourceInstances.html. This feature can be very useful to restrict what code and users can get to your database. There are the three use cases: API Use database credentials User for permission checking getConnection() True or false Current WLS user getConnection(user,password) False User/password from API getConnection(user,password) True Current WLS user If a simple getConnection() is used or database credentials are enabled, the current user that is authenticated to the WLS system is checked. If database credentials are not enabled, then the user and password on the API are used. Example The following is an actual example of the interactions between identity-based-connection-pooling-enabled, oracle-proxy-session, and use-database-credentials. On the database side, the following objects are configured.- Database users scott; jdbcqa; jdbcqa3- Permission for proxy: alter user jdbcqa3 grant connect through jdbcqa;- Permission for proxy: alter user jdbcqa grant connect through jdbcqa; The following WebLogic Data Source objects are configured.- Users weblogic, wluser- Credential mapping “weblogic” to “scott”- Credential mapping "wluser" to "jdbcqa3"- Data source descriptor configured with user “jdbcqa”- All tests are run with Set Client ID set to true (more about that below).- All tests are run with oracle-proxy-session set to false (more about that below). The test program:- Runs in servlet- Authenticates to WLS as user “weblogic” Use DB Credentials Identity based getConnection(scott,***) getConnection(weblogic,***) getConnection(jdbcqa3,***) getConnection() true true Identity scottClient weblogicProxy null weblogic fails - not a db user User jdbcqa3Client weblogicProxy null Default user jdbcqaClient weblogicProxy null false true scott fails - not a WLS user User scottClient scottProxy null jdbcqa3 fails - not a WLS user User scottClient scottProxy null true false Proxy for scott fails weblogic fails - not a db user User jdbcqa3Client weblogicProxy jdbcqa Default user jdbcqaClient weblogicProxy null false false scott fails - not a WLS user Default user jdbcqaClient scottProxy null jdbcqa3 fails - not a WLS user Default user jdbcqaClient scottProxy null If Set Client ID is set to false, all cases would have Client set to null. If this was not an Oracle thin driver, the one case with the non-null Proxy in the above table would throw an exception because proxy session is only supported, implicitly or explicitly, with the Oracle thin driver. When oracle-proxy-session is set to true, the only cases that will pass (with a proxy of "jdbcqa") are the following.1. Setting use-database-credentials to true and doing getConnection(jdbcqa3,…) or getConnection().2. Setting use-database-credentials to false and doing getConnection(wluser, …) or getConnection(). Summary There are many options to choose from for data source security. Considerations include the number and volatility of WLS and Database users, the granularity of data access, the depth of the security identity (property on the connection or a real user), performance, coordination of various components in the software stack, and driver capabilities. Now that you have the big picture (remember that table in part 1), you can make a more informed choice.Read the article
-
Live Webcast: Private Cloud Database Consolidation with Oracle Exadata
- by kimberly.billings
Thursday, January 20th, 2011 at 9:00 am PT In this webcast, you'll learn how Oracle Exadata, Oracle Database 11g, and Oracle Real Application Clusters enable you to consolidate multiple applications on clustered server and storage pools to achieve extreme performance and lower your IT costs. You'll also learn how to maximize the efficiencies of private clouds, including: • Multitenancy • Rapid provisioning • Pay-for-use infrastructure Join us for this live Webcast and discover how Oracle Exadata delivers key cloud capabilities, providing elastic database services that can be quickly provisioned on demand. Register today! To learn more about how customers are consolidating on private clouds with Exadata, watch this video about how Commonwealth Bank of Australia consolidated multiple database services, including OLTP applications such as PeopleSoft Financials, onto an Exadata platform for improved performance and resilience and faster time-to-market.Read the article
-
Anti Cloud Open Source License
- by Steve
I'm working on a browser based open source monitoring project that I want to be free to the community. What I'm worried about is someone taking the project, renaming it, deploying it in the cloud and start charging people who don't even know my project exists. I know I maybe shouldn't mind, but it just sticks in my throat a bit if someone took a free ride like that and contributed nothing back. Is there any common open source license that can prevent this. I know GPL or AGPL don't.Read the article
-
The Best Apps and Cloud Services for Taking, Storing, and Sharing Notes
- by Lori Kaufman
Is your desk and computer covered with sticky notes? Do you have miscellaneous pieces of paper with bits of information buried in drawers, your laptop case, backpack, purse, etc.? Get rid of all the chaos and get organized with note-taking software and services. We’ve collected a list of the best desktop applications and cloud-based services for taking, storing, and sharing information. How To Customize Your Wallpaper with Google Image Searches, RSS Feeds, and More 47 Keyboard Shortcuts That Work in All Web Browsers How To Hide Passwords in an Encrypted Drive Even the FBI Can’t Get IntoRead the article
-
Windows Azure : Microsoft va baisser ses prix de 28% pour rendre sa plateforme Cloud "plus accessible"
Microsoft rend Windows Azure plus accessible avec une réduction de la tarification de 28% Pour la seconde fois en un an, Microsoft revoit à la baisse le prix de sa plateforme Cloud Windows Azure. La société vient d'annoncer dans un billet de blog qu'elle appliquera à compter du 12 décembre prochain une nouvelle grille tarifaire aux clients Windows Azure. Cette nouvelle tarification permettra une réduction de près de 28% en fonction des volumes stockés. La nouvelle grille peut être consultée ci-dessous : [IMG]http://rdonfack.developpez.com/images/Table_Storage.png[/IMG] Les comptes de stockage Windows Azure dis...Read the article
-
Data Source Security Part 2
- by Steve Felts
In Part 1, I introduced the default security behavior and listed the various options available to change that behavior. One of the key topics to understand is the difference between directly using database user and password values versus mapping from WLS user and password to the associated database values. The direct use of database credentials is relatively new to WLS, based on customer feedback. Some of the trade-offs are covered in this article. Credential Mapping vs. Database Credentials Each WLS data source has a credential map that is a mechanism used to map a key, in this case a WLS user, to security credentials (user and password). By default, when a user and password are specified when getting a connection, they are treated as credentials for a WLS user, validated, and are converted to a database user and password using a credential map associated with the data source. If a matching entry is not found in the credential map for the data source, then the user and password associated with the data source definition are used. Because of this defaulting mechanism, you should be careful what permissions are granted to the default user. Alternatively, you can define an invalid default user to ensure that no one can accidentally get through (in this case, you would need to set the initial capacity for the pool to zero so that the pool is populated only by valid users). To create an entry in the credential map: 1) First create a WLS user. In the administration console, go to Security realms, select your realm (e.g., myrealm), select Users, and select New. 2) Second, create the mapping. In the administration console, go to Services, select Data sources, select your data source name, select Security, select Credentials, and select New. See http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/ConfigureCredentialMappingForADataSource.html for more information. The advantages of using the credential mapping are that: 1) You don’t hard-code the database user/password into a program or need to prompt for it in addition to the WLS user/password and 2) It provides a layer of abstraction between WLS security and database settings such that many WLS identities can be mapped to a smaller set of DB identities, thereby only requiring middle-tier configuration updates when WLS users are added/removed. You can cut down the number of users that have access to a data source to reduce the user maintenance overhead. For example, suppose that a servlet has the one pre-defined, special WLS user/password for data source access, hard-wired in its code in a getConnection(user, password) call. Every WebLogic user can reap the specific DBMS access coded into the servlet, but none has to have general access to the data source. For instance, there may be a ‘Sales’ DBMS which needs to be protected from unauthorized eyes, but it contains some day-to-day data that everyone needs. The Sales data source is configured with restricted access and a servlet is built that hard-wires the specific data source access credentials in its connection request. It uses that connection to deliver only the generally needed day-to-day information to any caller. The servlet cannot reveal any other data, and no WebLogic user can get any other access to the data source. This is the approach that many large applications take and is the reasoning behind the default mapping behavior in WLS. The disadvantages of using the credential map are that: 1) It is difficult to manage (create, update, delete) with a large number of users; it is possible to use WLST scripts or a custom JMX client utility to manage credential map entries. 2) You can’t share a credential map between data sources so they must be duplicated. Some applications prefer not to use the credential map. Instead, the credentials passed to getConnection(user, password) should be treated as database credentials and used to authenticate with the database for the connection, avoiding going through the credential map. This is enabled by setting the “use-database-credentials” to true. See http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/ConfigureOracleParameters.html "Configure Oracle parameters" in Oracle WebLogic Server Administration Console Help. Use Database Credentials is not currently supported for Multi Data Source configurations. When enabled, it turns off credential mapping on Generic and Active GridLink data sources for the following attributes: 1. identity-based-connection-pooling-enabled (this interaction is available by patch in 10.3.6.0). 2. oracle-proxy-session (this interaction is first available in 10.3.6.0). 3. set client identifier (this interaction is available by patch in 10.3.6.0). Note that in the data source schema, the set client identifier feature is poorly named “credential-mapping-enabled”. The documentation and the console refer to it as Set Client Identifier. To review the behavior of credential mapping and using database credentials: - If using the credential map, there needs to be a mapping for each WLS user to database user for those users that will have access to the database; otherwise the default user for the data source will be used. If you always specify a user/password when getting a connection, you only need credential map entries for those specific users. - If using database credentials without specifying a user/password, the default user and password in the data source descriptor are always used. If you specify a user/password when getting a connection, that user will be used for the credentials. WLS users are not involved at all in the data source connection process.Read the article
-
Hitachi Data Systems definition of cloud
- by llaszews
1. Ability to rapidly provision and de-provision a service. (aka: provisioning) 2. A consumption model where users pay for what they use. (aka: chargeback and showback) 3. The agility to flexibly scale - 'flex up' or 'flex down' - the services without extensive pre-planning. (aka: elasticity) 4. Secure, direct connection to the cloud without having to recode applications (aka: internet-based) 5. Multi-tenancy capabilitites that segregate and protect the data. (as it says multi-tenancy) Happen to be I have been talking about 4 of the 5. Did not mention connection to internet as assumed this.Read the article
-
Can I architect a web app so it can be deployed to either the cloud or a dedicated server / VPS ? Ho
- by CAD bloke
Is there are an architecture versatile enough that it may be deployed to either a cloud server or to a dedicated (or VPS) server with minimal change? Obviously there would be config changes but I'd rather leave the rest of the app consistent, keeping one maintainable codebase. The app would be ASP.NET &/or ASP.MVC. My dev environment is VS 2010. The cloud may, or may not be, Azure. Dedicated or VPS would be Win Server 2008. Probably. It is not a public-facing web site. The web app I have in mind would be a separate deployment for each client. Some clients would be small-scale, some will prefer the app to run on a local intranet rather than on the web. Other clients may prefer the cloud approach for a black-box solution. The app may run for a few hours or it may run indefinitely, it depends on the client and the project. Other than deployment scenarios the apps would be more or less identical. As you may see from the tags, I'm assuming a message-based architecture is probably the most versatile but I'm also used to being wrong about this stuff. All suggestions and pointers welcome regarding general architectures and also specific solutions.Read the article
