Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 89/509 | < Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >

  • Ubuntu server; Should I add a new user or not?

    - by Camran
    On my Ubuntu server, when I do everything now I do it as "root" user. So for example, logging into ftp filezilla, I enter "root" as username... Is this the way to do it, or should I create a users group and add priveliges to the users in that group? Don't know if I should create a new user or not, it works with root just fine, but I don't want any security flaws... Thanks

    Read the article

  • Thoughts on MPM-ITK?

    - by Rich
    I have several sites on my server set up as virtual hosts. What are your thoughts on MPM-ITK? Are the tradeoffs and the potential root exploit vulnerability worth the security of internal system files? http://mpm-itk.sesse.net/

    Read the article

  • Vulnerability research. Is it really research?

    - by Benjamin
    IT security people often say they do "vulnerability research". They defend the idea that they actually are doing some kind of "research". But is searching for vulnerabilities in software real research? A geologist looking for mines in the desert is doing "exploration", not "research".

    Read the article

  • Sandbox on a linux server for group members

    - by mgualt
    I am a member of a large group (academic department) using a central GNU/Linux server. I would like to be able to install web apps like instiki, run version control repositories, and serve content over the web. But the admins won't permit this due to security concerns. Is there a way for them to sandbox me, protecting their servers in case I am hacked? What is the standard solution for a problem like this?

    Read the article

  • Anti-virus protection question?

    - by DaBaer
    About 4 years ago, I found Kaspersky and have been using the most current version since. Most people try and argue the use of AVG or Avast to me, and there are some very solid reasons I do not go that route. Over the years, I have found Kasp to become bulkier and bulkier, and have had issues setting it up for friends/family/clients. I am just curios on possible recommendations from other users, with my criteria in mind: What I like about Kasp in the past: The license sold in stores in a 3 pack, is considered a commercial license, and emails from Kasp in response to my questions, make it clear that I can do with the 3 licenses that I want, providing I do not use more than 3 installs per Key. So, allowed me to buy 3, 5, and 7 packs, and resell to users at a cheaper cost than what they would pay if they bought their own license. The ability to easily obtain a currently updated .exe for installation on multiple peoples machines. Power of the scan. Kasp has been a good solution for me (even when using a trial license) on cleaning up machines that were badly infected (in which AVG and AVAST were unable to.) Speed of install/update. After a cleanup of malwarebytes, spybot, mcafee stinger, ccleaner, and combofix, I used to be able to get Kasp Int Security installed and updated in around 5 minutes. The issues that I have with the free AV, is strength of protection. In my opinion for someone who is a 'power use' these are good alternatives, because such a user should be trained or knowledgeable enough to be careful and not get themselves in trouble. Most of the users I assist, are too PC ignorant to know any better, and go hogwild on the web. It has been my experience that the number of people coming back to me with spyware/malware/virus issues since I have converted from AVG to Kasp has been cut down to around 20% of what it used to be 4 or 5 years ago. In a perfect world, I could install and use Kasp Internet Security 2008, and be very happy. But this is not the case anymore. So after this long description of what I used, and have used, does anyone have any good recommendations on AV that isn't going to cost me too much per install?

    Read the article

  • Secure linux distro that sends traffic through Tor

    - by gravestone
    I'm looking for a live Linux distro that is secure and preserves my anonymity online. For what I need, Tor seems to do the job – but such software requires configuration that someone who is not knowledgeable in how it works might find difficult. I was looking at 'Lightweight portable security' but it does not specify whether it sends all traffic through Tor. Does anyone know more information about it and/or any other such live Linux distro?

    Read the article

  • Why does Kerberos need Ticket Granting Server?

    - by Narsil
    It's probably something fundamental but I can't find a certain statement. Why can't KDC authenticate then provide the service ticket directly. Is it about security or performance or some other thing? Since users don't log in each time they request a service and assumably they will keep logged in for a long time, AS doesn't seem so busy. Why do they have to be seperated?

    Read the article

  • Disable File Copy between VMs

    - by shawnnny
    When I access multiple virtual desktops via VMware View 4, I'm able to copy files between VMs. The VMs are located in different isolated networks. This is a security concern in my organization and how can I disable this feature? I'm not able to find any related configuration in View Connection Server. Thanks!

    Read the article

  • Is auto-logon on laptop with encrypted hard drive secure?

    - by Tobias Diez
    I have the complete hdd of my laptop encrypted (with the Windows built-in Bitlocker) and thus have to login two times upon booting (Bitlocker and user account). Since I'm the only person using the computer (and knowing the Bitlocker password), I was thinking about automatically login into the user account to make the boot process smoother and quicker. In which cases/scenarios is this a bad idea and the additional login gives a true additionally layer of security?

    Read the article

  • How to prevent virtual machines's copy

    - by Florent
    I'll have to deploy virtual machines on demo laptops, which will use Vmware player, but I've got some security concerns, as some data stored in the virtual machines are a bit sensitive. Is there a way to prevent the copy of these virtual machines ? Are the virtual hard drives encrypted, and if not is there a way to encrypt them ? In short, is there a way to lock down everything so that nobody could copy and or use these VMs in another computer ?

    Read the article

  • Is Flash a secure content delivery technology for password protected digital content?

    - by Merkel Fastia
    We are working on a project that would be a competitor to Yudu for online publishing and what we are debating is whether to use Flash for content security protection as Yudu does. See for example "The Testicle Cookbok" for which a limited (3-frame) preview is available before a password is requested by the Flash application running in the browser. Do you see any problems with this approach or could you recommend an alternative technology for password proected digital content?

    Read the article

  • linux vs windows and web server question

    - by student
    What are the differences from security point of view running a web server on linux and running a web server on windows. I heard that almost nobody going to attack linux machine. Is that true? or Linux is hard to attack and nobody want to waste his time?

    Read the article

  • Why is Internet said to be an untrusted network?

    - by Ant's
    From Wikipedia In computer security, a DMZ (sometimes referred to as a perimeter networking) is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. Why does it say … larger untrusted network, usually the Internet. I often see that internet is said to be an untrusted network. Are there any reasons for it?

    Read the article

  • Asp.net mvc application deployment / security issues

    - by WestDiscGolf
    I'll start with appologies; I wasn't sure if this was best posted here of Server Fault so if its in the wrong place then please move :-) Basic information I have written the first module of a new application at work. This is written using Visual Studio 2010, targetting .net 3.5 (at the moment) and asp.net mvc 2. This has been working fine during development running on the built in Development server from VS but however does not work once deployed to IIS 7/7.5. To deploy the application, I have built it in release mode and created a deployment package by right clicking on the project in the solution explorer (this will be done with an automated build in tfs once upgrade from the beta). This has then been imported into IIS on the server. The application is using windows/domain authentication. Issue #1 I can fire up internet explorer and browse to the application from a client computer as well as on a remote desktop connection. I can execute the code which reads/stores data in Session fine from the IE instance on the remote desktop but if I browse to it from the client pc it seems to lose the session state. I click on the form submit and the page refreshes and doesn't execute the required code. I've tried setting with; InProc, SQLServer and StateServer. but with no luck :-( Issue #2 As part of the application it views PDF and Tiff documents on the fly which are on a network share on the office network and creates thumbnails if the document hasn't been viewed before. This works if running on the machine the application is deployed to; however when browsing from a client pc I get an error saying: Access to the path '\\fileserver\folder\file.tif' is denied Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.UnauthorizedAccessException: Access to the path '\\fileserver\folder\file.TIF' is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. As this is on a different server the user is not accessible. To get round this I have tried: 1 - setting the application pool to run as domain administrator (I know this is a security risk, but I'm just trying to get it to work at the moment!) 2 - to set the log on account for World Wide Web Publishing service to be the domain admin . When trying to restart the service I get ... Windows could not start the World Wide Web Publishing Service service on the Local Computer. Error 1079: The account specified for this service is different from the account specified fro the other services running in the same process. Any pointers/help would be much appriciated as I'm pulling my hair out (of what little I have left). Update I've been using this funky little tool I found - DelegConfig v2 beta (Delegation / Kerberos Configuration Tool). This has been really usefull. So I've got the accessing of the file share working (there is a test page which will read the files) so now I've just got the issue of passing through the users credentials through to the SQL Server (wans't my choice to do it this way!!) to execute the queries etc. but I can't get it to log on as the user. It tries to access it as "NT Authority\Network Service" which doesn't have a sql login (as should be the logged on user). My connection string is: <add name="User" connectionString="Data Source=.;Integrated Security=True" providerName="System.Data.SqlClient" /> No initial catalog is specified as the system is over multiple dbs (also wasn't my choice!!). I really appriciate all the help so far! :-) Any further hints?!

    Read the article

  • How can I test a form that requires the entry of two random characters from a security phrase?

    - by lawm
    I need to test a two-stage login system which first asks for your email address and password and then presents the user with two select lists containing [a-zA-Z0-9]. The labels beside the drop down's are of the form 'Select character X from your security phrase', where X is a random character index from a known security phrase. I'd rather not stub the code for an acceptance test, so is it possible to write a matcher in cucumber which will, given that we know the whole phrase, select the required character in each of the two lists? Here is the scenario I have so far and the steps involved: Scenario: valid login email, password and secret phrase takes me to the dashboard Given I am not logged in When I log in as "[email protected]" Then I should be on the dashboard page And I should see "Your Dashboard" When /^I log in as "([^\"]*)"$/ do |login| visit path_to('Login page') fill_in "Email", :with => login fill_in "Password", :with => "Password123" click_button "Log in" response.should contain("Please verify some characters from your security phrase") select "a", :from => "Select character X of your security phrase" select "b", :from => "Select character Y of your security phrase" click_button "Submit" end For example, if the security phrase is 'Secret123', X = 3 and Y = 8, the above would have to produce the equivalent of: select "c", :from => "Select character 3 of your security phrase" select "2", :from => "Select character 8 of your security phrase" The numbers X and Y in the actual page are inside span#svc_1 and span#svc_2 respectively. Thanks,

    Read the article

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • Winforms role based security limitations

    - by muhan
    I'm implementing role based security using Microsoft's membership and role provider. The theoretical problem I'm having is that you implement a specific role on a method such as: [PrincipalPermissionAttribute(SecurityAction.Demand, Role="Supervisor")] private void someMethod() {} What if at some point down the road, I don't want Supervisors to access someMethod() anymore? Wouldn't I have to change the source code to make that change? Am I missing something? It seems there has to be some way to abstract the relationship between the supervisors role and the method so I can create a way in the application to change this coupling of role permission to method. Any insight or direction would be appreciated. Thank you.

    Read the article

  • System.Security.VerificationException: Operation could destabilize the runtime

    - by Rigobert Song
    I have a web service which is queried using linq to sql but returns an array of objects. I keep getting the following error: System.Security.VerificationException: Operation could destabilize the runtime When I run a method that uses a linq statement to return an array I get this error, but only on my test server, which is windows server 2008. Everything works fine in my win 7 machine. The project is a .net 3.5. Any ideas what the problem might be? Thanks UPDATE: My linq queries return IQueryable.

    Read the article

  • Quick question on session security.

    - by Scarface
    Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

    Read the article

  • Implementing Security on custom BCS/.net class?

    - by Michael Stum
    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • Objective-C Plugin Architecture Security (Mac, not iphone)

    - by Tom Dalling
    I'm possibly writing a plugin system for a Cocoa application (Mac, not iphone). A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys. Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only. Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

    Read the article

  • Flash security popup is unclickable on a layered window

    - by sjlewis
    I have a layered (TransparencyKey is set) winform w/ a WebBrowser control on it that navigates to a page that contains flash (swf). Everything works okay except that when flash shows a security popup, none of the buttons on the popup respond to mouse click, so I can't click Allow/Deny. Right-click works but only shows the context menu that is normal to flash. I tried overriding WndProc on the WebBrowser control, as suggested here, but it still does not respond to mouse click. If I comment out the TransparencyKey setting, even w/o the WndProc override, the buttons respond. I thought this'd be a container issue so I decided to host the swf file on the form, using the example here, but this, too, had the same problem w/ layered window. So, is there another way that can get around this problem? What is it w/ layered window that renders the buttons on the flash popup unclickable? What is it w/ flash...?

    Read the article

  • ie6 p3p 'file download security warning'

    - by cometta
    i have a page inside iframe, so i set the header to "P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" after that my page inside iframe able to load properly and i able to authenticate user with 'form' post . but on ie6, when i post 'form' inside iframe, i get ie6 message 'file download security warning on javascript file' . those javascript files are put on 'head' of pages inside iframe. how comes ie6 suddenly pop up dialog asking to download those files? anyone know which p3p parameter cause this problem?

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

< Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >