php security - Page 9 - Developer IT

PHP security question?

- by pHp

I just wanted to know what are some basic PHP security techniques I should use when creating a web page that accepts articles? I'm fairly new to PHP and was wondering what will hold the fort down until I'm a security expert?

Read the article

Buck-security - Security scanner for Ubuntu Servers

Ubuntu Geek: "Buck-Security is a security scanner for Debian and Ubuntu Linux. It helps you to harden your system by running some important security checks."

Read the article

Security of shared hosting

- by Doodle

What are some of the security risks involved with using shared hosting services such as godaddy inmotion and fatcow?

Read the article

Fix for php 5.3.9 libxsl security "bug" fix

- by Question Mark

just this morning i updated my debian server to php 5.3.9 , change log (last item in list) has a fix for this bug and now when running any hosted site using XSL transforms i get: Warning: XSLTProcessor::transformToXml(): Can't set libxslt security properties, not doing transformation for security reasons I'm not using any <sax:output> tags in my xslt at all. Does anybody have any information on this, current chatter about it is thin, so i'm i little lost. Using the suggestion about switching ini settings on and off either side of -transformToXml(): ini_set("xsl.security_prefs", XSL_SECPREFS_NONE) or $xsl->setSecurityPreferences(XSL_SECPREFS_NONE) brings me back to the same error Many thanks. Progress: - Upgrading libxml and recompiling libxslt against the new version was a good suggestion, though has not fixed the issue. - Compiling the latest php5.3 snapshot does not fix the issue. Solution: I'm unsure what actually solved this, very sorry for anyone else having the same problem. firstly i upgraded libxml, then applied a few patches, then went into php source for the xsl parser and added some debugging and a few tweaks, after a few compiles getting the configure args right the error went away and wasn't reproducible. I would definitely recommend upgrading libxml as Petr suggested below and then grabbing the latest snapshot from php.net.

Read the article

[GEEK SCHOOL] Network Security 8: Keep Your System Updated for Security and Stability

- by Ciprian Rusen

Another important step in securing any computer or device is setting up automated updates. Your device’s security relies on your operating system, apps, plug-ins, and programs always being up to date. For example, using outdated Internet browsers and plug-ins like Adobe Flash, Java, or Silverlight represents a big security problem. There are many websites on the Internet that exploit security bugs in your browser or the plug-ins you have installed.Click Here to Continue Reading

Read the article

root folder php scripts not running in nginx

- by Thermionix

nginx with php-fpm on ubuntu 12.04 server. attempting to access /var/www/test.php (via https://example.net/test.php) downloads the script instead of executing it. if I place the test.php in a subdirectory, i.e. /var/www/test/test.php it executes. root.conf; root /var/www; include php-fpm.conf; location ~ /\. { access_log off; log_not_found off; deny all; } php-fpm.conf; location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php5-fpm.socket; include fastcgi_params; } fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;

Read the article

Nginx and PHP Fundamentals

- by Elton Stoneman

Originally posted on: http://geekswithblogs.net/EltonStoneman/archive/2013/08/01/nginx-and-php-fundamentals.aspxHot on the heels of my .NET caching course, I’ve had my first “fundamentals” course released on Pluralsight: Nginx and PHP Fundamentals. It’s a practical look at two of the biggest technologies on the web – Nginx, which is the fastest growing HTTP server around (currently hosting 100+ million sites), and PHP, which powers more websites than any other server-side framework (currently 240+ million sites). The two technologies work well together, both are open-source and cross-platform and both are lightweight and easy to get started with - you just need to download and unzip the runtimes, and with a text editor you can create and host dynamic websites. I’ve used PHP as a second (sometimes third) language since 2005 when I was brought cold into an established codebase to help improve performance, and Nginx to host tier 2 apps for the last couple of years. As with any training course, you learn new things as you produce it, and it was good to focus on a different stack from my commercial .NET world. In the course I start with a website in two parts – one which is just static content, and one which processes a user registration form using ASP.NET MVC, both running in IIS. Over four modules I migrate the app to Nginx and PHP: Hosting Static Content in Nginx – how to deploy and configure Nginx for a basic website; PHP Part 1: Basic Web Forms – installing PHP and an IDE, and building a simple form with server-side validation; PHP Part 2: Packages and Integration – using PECL and Composer for packages to connect to Azure, AWS, Mongo and reCAPTCHA; Hosting PHP in Nginx – configuring Nginx to host our PHP site. Along the way I run some performance stats with JMeter, and the headlines are that Nginx running on Linux outperforms IIS on Windows for static content,by 800 requests per second over 1000 concurrent requests; and Linux+Ngnix+PHP outperforms Windows+IIS+ASP.NET MVC by 700 request per second with the same load. Of course, the headline stats don’t tell the whole story, and when you add OpCode caching for PHP and the ASP.NET Output Cache, the results are very different. As Web architecture moves away from heavy server-side processing, to Single Page Apps with client-side frameworks like AngularJS and Knockout, I think there’s an increasing need for high-performance, low-cost server technologies, and the combination of Nginx and PHP makes a compelling case.

Read the article

Anyone have BlazeDS working with WebLogic Security (j_security_check) ??

- by Brian

I'm working on a Flex implementation (currently using SDK 3.5) on WebLogic 10.3 (11G.) We originally used Glassfish v2.1.1 with zero issues (there was an active directory group lookup bug but it did not hinder our progress.) Since transitioning to WebLogic we have an issue where the flexsession is invalidated after logging in using j_security_check: [BlazeDS]Unexpected error encountered in Message Broker servlet flex.messaging.LocalizedException: The FlexSession is invalid. at flex.messaging.FlexSession.checkValid(FlexSession.java:943) at flex.messaging.FlexSession.getUserPrincipal(FlexSession.java:254) at flex.messaging.HttpFlexSession.getUserPrincipal(HttpFlexSession.java:286) at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:296) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) I've tried almost every option in services-config.xml: [security [login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/> [!-- Uncomment the correct app server [login-command class="flex.messaging.security.TomcatLoginCommand" server="JBoss"> [login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/> [login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/> [login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/> --> [/security> I've even completely removed this section with no luck. The login functions correctly from a non-BlazeDS perspective. It authenticates the user correctly. Without authentication, BlazeDS works fine (no errors for any remote calls.) Together its a big ball of fail (invalid flexsession every time.) Has anyone got this working? Any tips?

Read the article

monit configuration for php-fpm

- by Adam Jimenez

I'm struggling to find a monit config for php-fpm that works. This is what I've tried: ### Monitoring php-fpm: the parent process. check process php-fpm with pidfile /var/run/php-fpm/php-fpm.pid group phpcgi # phpcgi group start program = "/etc/init.d/php-fpm start" stop program = "/etc/init.d/php-fpm stop" ## Test the UNIX socket. Restart if down. if failed unixsocket /var/run/php-fpm.sock then restart ## If the restarts attempts fail then alert. if 3 restarts within 5 cycles then timeout depends on php-fpm_bin depends on php-fpm_init ## Test the php-fpm binary. check file php-fpm_bin with path /usr/sbin/php-fpm group phpcgi if failed checksum then unmonitor if failed permission 755 then unmonitor if failed uid root then unmonitor if failed gid root then unmonitor ## Test the init scripts. check file php-fpm_init with path /etc/init.d/php-fpm group phpcgi if failed checksum then unmonitor if failed permission 755 then unmonitor if failed uid root then unmonitor if failed gid root then unmonitor But it fails because there is no php-fpm.sock (Centos 6)

Read the article

Installing PHP 5.2.17 Dependencies on Centos 5

- by user1114330

I have followed the wget method here hoping it was my solution: Howto install php 5.2.17 on centos 6 x86_64 However I get the following error when trying to install: # rpm -ivh php-5.2.17-1.x86_64.rpm error: Failed dependencies: libaspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 libcrypto.so.6()(64bit) is needed by php-5.2.17-1.x86_64 libcurl.so.3()(64bit) is needed by php-5.2.17-1.x86_64 libpspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 libssl.so.6()(64bit) is needed by php-5.2.17-1.x86_64 php-cli = 5.2.17-1 is needed by php-5.2.17-1.x86_64 Would be awesome if someone could help. UPDATE: I have now installed an instance of CentOS 5 and am attempting to install php 5.2.17 yet again...anyone know the best way to deal with the following dependencies: libaspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 libgmp.so.3()(64bit) is needed by php-5.2.17-1.x86_64 libpspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 php-cli = 5.2.17-1 is needed by php-5.2.17-1.x86_64 php-common = 5.2.17-1 is needed by php-5.2.17-1.x86_64 Wondering what libgmp, libaspell, php-cli and php-common are and where to get the proper versions for php 5.2.17. Any help is most appreciated. Thank you!

Read the article

PHP unable to start if "apc.shm_size" has "M" or "G" unit

- by apasajja

Using: Ubuntu 10.04, PHP 5.3.10, apc 3.1.3 PHP and APC installed using below repo: deb http://ppa.launchpad.net/brianmercer/php5/ubuntu lucid main deb-src http://ppa.launchpad.net/brianmercer/php5/ubuntu lucid main If I put apc.shm_size=3G or apc.shm_size=3000M in /etc/php5/fpm/conf.d/apc.ini, PHP unable to start. However, if I put only number without M or G unit, it will start and run. By default, if put only number, what unit is it means? It I put 3000 does it means 3000 MB?

Read the article

Multiple PHP SAPI configuration

- by DTest

I'm trying to build PHP for use as an apache shared module --with-apxs2 but also with the 'php-cgi' binary (fastcgi) on Mac OSX 10.6. I'm using this ./configure : /configure --prefix=/usr/local/PHP \ --with-apxs2=/usr/local/apache/bin/apxs \ --disable-ipv6 \ --enable-cgi \ --with-curl \ --with-mysqli=/usr/local/mysql/bin/mysql_config \ --with-openssl=/usr \ --enable-ftp \ --enable-shared \ --enable-soap \ --enable-sockets \ --enable-zip \ --with-zlib-dir It builds the apache php5.so module just fine, but in /usr/local/PHP/bin, there is no php-cgi file. If I build it without the --with-apxs2 option (and indeed, I don't even need the --enable-cgi option) the php-cgi file gets built with no problems. Background on my setup: PHP 5.3.4, Apache 2.2.14, Mac OSX 10.6, Tomcat with JavaBridge (which is why I need the php-cgi file) Without the apxs2 option, /usr/local/php/bin/php -v produces: PHP 5.3.4 (cli) (built: Dec 21 2010 21:35:14) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies and /usr/local/php/bin/php-cgi -v produces: PHP 5.3.4 (cgi-fcgi) (built: Dec 21 2010 21:35:12) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies My question is, what am I not understanding with php SAPIs that won't allow the building of the two modules at the same time? Also, can I build it --with-apxs2 the first time, then make clean and rebuild in the same PHP directory /usr/local/php for the php files without issue?

Read the article

How do I make Nginx redirect all requests for files which do not exist to a single php file?

- by Richard

I have the following nginx vhost config: server { listen 80 default_server; access_log /path/to/site/dir/logs/access.log; error_log /path/to/site/dir/logs/error.log; root /path/to/site/dir/webroot; index index.php index.html; try_files $uri /index.php; location ~ \.php$ { if (!-f $request_filename) { return 404; } fastcgi_pass localhost:9000; fastcgi_param SCRIPT_FILENAME /path/to/site/dir/webroot$fastcgi_script_name; include /path/to/nginx/conf/fastcgi_params; } } I want to redirect all requests that don't match files which exist to index.php. This works fine for most URIs at the moment, for example: example.com/asd example.com/asd/123/1.txt Neither of asd or asd/123/1.txt exist so they get redirected to index.php and that works fine. However, if I put in the url example.com/asd.php, it tries to look for asd.php and when it can't find it, it returns 404 instead of sending the request to index.php. Is there a way to get asd.php to be also sent to index.php if asd.php doesn't exist?

Read the article

Executed PHP files are stale unitl "touched" (Symlinked NFS mount as web root)

- by mmattax

We have a PHP application that has 3 web servers (running Nginx and Apache). The web server's directory root are symlinked directories that point to an NFS mount. For example: web01 has an NFS mount at /data/webapp, which is symlinked to /home/webapp. Apache serves content from /home/webapp/www. We also use ACP for our PHP opcode cache. When we deploy code, we SCP an archive file to the NFS server and extract it. Since upgrading RedHat 6, when we deploy our code the webserver execute "stale" PHP files until touch is run on the PHP files. We thought that APC might be causing a problem, but the issue exists, even after clearing the opcode cache. Any ideas on how to diagnose why the stale PHP code is being executed?

Read the article

Apache 2.4 and PHP 5.4 getting connection reset errors in the browser

- by zuallauz

In the weekend I upgraded my development web server to Apache 2.4 and PHP 5.4. In my web application which was previously working great on Apache 2.2 and PHP 5.3 it now starts getting these messages saying the "connection was reset" in Firefox. See screenshot. I am connecting to the linux machine via local LAN. I'm assuming it might be something to do with the new version of Apache or PHP, or the new LAMP stack which I downloaded from BitNami? It would seem to happen every 5-10 requests and throw this error, perhaps more likely to trigger it is if I send a POST request from a page. Is it timing out the script or something? These are just basic dynamic pages I'm loading and they worked perfectly in Apache 2.2 and PHP5.3. Here are my httpd.conf and PHP.ini if that has any clues. Any ideas? Any help much appreciated.

Read the article

LIVE Video Streaming with Nginx + PHP-FPM / Process Timeout

- by user3393046

I have a live video streaming in my server using nginx + php. the php file reas a live streaming and it directly sends it to the client. I have only one problem. The problem is that i want each request to be in a new process of php-fpm. In a few words i don't want to have idle timeout for a process but instead i want them to close instant when a request is being closed. With idle timeout i have huge problems which are hard to explain at the moment but i'm really sure that if i disable the idle timeout everything will be perfect. Is there any way to do this? I'm using on demand php-fpm

Read the article

PHP include_path doesn't work

- by 50ndr33

I have the documents at http://www.example.com/ in /home/www/example.com/www running on Debian Squeeze. /home/www/example.com/ www/ index.php php/ include_me.php In the php.ini I've uncommented and changed to: include_path =".:/home/www/example.com" In a script index.php in www, I have require_once("/php/include_me.php"). The output I am getting from PHP is: Warning: require_once(/php/include_me.php) [function.require-once]: failed to open stream: No such file or directory in /home/www/example.com/www/index.php on line 2 Fatal error: require_once() [function.require]: Failed opening required '/php/include_me.php' (include_path='.:/home/www/example.com') in /home/www/example.com/www/index.php on line 2 As you can see, the include-path is set correctly according to the error. But if I do require_once("../php/include_me.php");, it works. Therefore, something has to be wrong with the include-path. Does anyone know what I can do to fix it?

Read the article

PHP Sessions suddenly not working

- by styrken

Out of no where my php sessions does not work anymore. The server have been running fine for several months. I'am running Ubuntu 11.10 (GNU/Linux 3.0.0-14-server x86_64) with nginx/1.0.11 and php 5.3.19-1~dotdeb.0 Session info copied from phpinfo() Session Support enabled Registered save handlers files user memcached Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 0 0 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 I have setup the following php script to test with: error_reporting(E_ALL); ini_set('display_errors', true); error_log($_SERVER['REMOTE_ADDR'] . ' visited test page'); if(session_start()) echo "Session started "; else echo "Session failed "; echo '<a href="?', time(), '">refresh</a>', "\n"; echo '<pre>'; echo 'session id: ', session_id(), "\n"; $sessionfile = ini_get('session.save_path') . '/' . 'sess_'.session_id(); echo 'session file: ', $sessionfile, ' '; if ( file_exists($sessionfile) ) { echo 'size: ', filesize($sessionfile), "\n"; echo '# ', file_get_contents($sessionfile), ' #'; } else { echo ' does not exist'; } echo PHP_EOL; $_SESSION['number'] = (int) @$_SESSION['number'] + 1; var_dump($_SESSION); echo "</pre>\n"; session_write_close(); echo 'done.'; It tells me that the session file exists, but my session id changes on each refresh.. What is going wrong? There is no output to any error logs at all.. :/ Please help!

Read the article

"Installing" GD for PHP

- by gbuckingham89

I'm new to server admin & Linux and have just got a VPS running CentOS 6. Apache, MySQL and PHP all came installed (along with cPanel and WHM), however I'm now also trying to install the GD library. I've run "yum install php-gd" and it installed ok. If I run it again I get "Package php-gd-5.3.2-6.el6_0.1.x86_64 already installed and latest version". However, when I do a phpinfo() or from the command line "php -m" there is no mention of GD. Is there anything else I need to do?

Read the article

Dynamically writing page titles and active classes with php

- by toomanyairmiles

For some time now I've been using the following code to dynamically write in html page titles and add an active class to menu items. Is this still a good why to achieve this or are there better/smarter/optimal ways of achieving the same thing? <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='contact.php'? 'class="active"' : '');?> Menu example <ul id="nav"> <li><a href="index.php" target="_parent" <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='index.php'? 'class="active"' : '');?>>Home</a></li> <li><a href="services.php" target="_parent" <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='services.php'? 'class="active"' : '');?><?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='services-landlords.php'? 'class="active"' : '');?><?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='services-sellers.php'? 'class="active"' : '');?><?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='services-tennants.php'? 'class="active"' : '');?>>Our Services</a></li> <li><a href="for-sale.php" target="_parent" <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='sales.php'? 'class="active"' : '');?>>Sales</a></li> <li><a href="to-let.php" target="_parent" <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='lettings.php'? 'class="active"' : '');?>>Lettings</a></li> <li><a href="register.php" target="_parent" <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='register.php'? 'class="active"' : '');?><?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='register-thanks.php'? 'class="active"' : '');?>>Register</a></li> <li><a href="contact.php" target="_parent" <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='contact.php'? 'class="active"' : '');?>>Contact Us</a></li> </ul> Page title Example <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='services.php'? 'Services' : '');?> <?php echo (basename($_SERVER['SCRIPT_FILENAME'])=='services-landlords.php'? 'Services for Landlords' : '');?>

Read the article

Applied Security for Oracle Business Intelligence Podcast

- by Tim Dexter

Listen to BI Security Meister, Bryan Wise talk about his recent book Applied Oracle Security and learn about the cutting edge techniques for Oracle Business Intelligence from a leading security expert. http://www.oracle.com/podcasts/author-podcasts.html - Applied Security for Oracle Business Intelligence Well worth the listen and of course the book is available at all discerning bookstores!

Read the article

Oracle Security Inside Out Newsletter – June Edition

- by Troy Kitch

This month’s Information In Depth Newsletter, Security Inside Out Edition is now available. In this edition we look at the Gartner Security and Risk Management Summit 2011, discuss safeguarding data from threats with Oracle Database Vault, and reveal the latest database security webcasts, videos, training, events and more. If you don’t have a subscription to this bi-monthly security information update, you can sign up here at the bottom of the page.

Read the article

Taking the fear out of a Cloud initiative through the use of security tools

- by user736511

Typical employees, constituents, and business owners interact with online services at a level where their knowledge of back-end systems is low, and most of the times, there is no interest in knowing the systems' architecture. Most application administrators, while partially responsible for these systems' upkeep, have very low interactions with them, at least at an operational, platform level. Of greatest interest to these groups is the consistent, reliable, and manageable operation of the interfaces with which they communicate. Introducing the "Cloud" topic in any evolving architecture automatically raises the concerns for data and identity security simply because of the perception that when owning the silicon, enterprises are not able to manage its content. But is this really true? In the majority of traditional architectures, data and applications that access it are physically distant from the organization that owns it. It may reside in a shared data center, or a geographically convenient location that spans large organizations' connectivity capabilities. In the end, very often, the model of a "traditional" architecture is fairly close to the "new" Cloud architecture. Most notable difference is that by nature, a Cloud setup uses security as a core function, and not as a necessary add-on. Therefore, following best practices, one can say that data can be safer in the Cloud than in traditional, stove-piped environments where data access is segmented and difficult to audit. The caveat is, of course, what "best practices" consist of, and here is where Oracle's security tools are perfectly suited for the task. Since Oracle's model is to support very large organizations, it is fundamentally concerned about distributed applications, databases etc and their security, and the related Identity Management Products, or DB Security options reflect that concept. In the end, consumers of applications and their data are to be served more safely in a controlled Cloud environment, while realizing the many cost savings associated with it. Having very fast resources to serve them (such as the Exa* platform) makes the concept even more attractive. Finally, if a Cloud strategy does not seem feasible, consider the pros and cons of a traditional vs. a Cloud architecture. Using the exact same criteria and business goals/traditions, and with Oracle's technology, you might be hard pressed to justify maintaining the technical status quo on security alone. For additional information please visit Oracle's Cloud Security page at: http://www.oracle.com/us/technologies/cloud/cloud-security-428855.html

Read the article

Internet Explorer Security: How to Configure Settings

Before jumping into the steps that are needed to configure Internet Explorer's security settings, let us first take a closer look at the four separate security zones that Microsoft has established for the browser. You will be able to tweak the settings of each of these four zones when we get into the configuration part of this tutorial, so it is best that you learn what they represent first. Internet Explorer Security Zones Internet Zone This Internet Explorer security zone refers to websites that are not on your computer or are not designated to your local intranet, which we will discuss in ...

Read the article

Spring Security Configuration Leads to Perpetual Authentication Request

- by Sammy

Hello, I have configured my web application with the following config file: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />   <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/**" filters="securityContextPersistenceFilter, basicAuthenticationFilter, exceptionTranslationFilter, filterSecurityInterceptor" /> </security:filter-chain-map> </bean>  <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> <property name="securityContextRepository"> <bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"> <property name="allowSessionCreation" value="false" /> </bean> </property> </bean>  <bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager" /> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> </bean>  <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint"> <property name="realmName" value="Ayudo Web Service" /> </bean>    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider" /> <ref local="inMemoryAuthenticationProvider" />  </list> </property> </bean>  <bean id="inMemoryAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="propertiesUserDetails" /> </bean> <security:user-service id="propertiesUserDetails" properties="classpath:operators.properties" />  <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService" /> </bean>   <bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource" ref="dataSource" /> </bean> <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> <property name="accessDeniedHandler"> <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl" /> </property> </bean> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="securityMetadataSource"> <security:filter-security-metadata-source use-expressions="true"> <security:intercept-url pattern="/*.html" access="permitAll" /> <security:intercept-url pattern="/version" access="permitAll" /> <security:intercept-url pattern="/users/activate" access="permitAll" /> <security:intercept-url pattern="/**" access="isAuthenticated()" /> </security:filter-security-metadata-source> </property> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="accessDecisionManager" /> </bean> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean class="org.springframework.security.access.vote.RoleVoter" /> <bean class="org.springframework.security.web.access.expression.WebExpressionVoter" /> </list> </property> </bean> As soon as I run my application on tomcat, I get a request for username/password basic authentication dialog. Even when I try to access: localhost:8080/myapp/version, which is explicitly set to permitAll, I get the authentication request dialog. Help! Thank, Sammy

Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 9/1734 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16 | Next Page >

- by pHp

- by Doodle

- by Question Mark

- by Ciprian Rusen

- by Thermionix

- by Elton Stoneman

- by Brian

- by Adam Jimenez

- by user1114330

- by apasajja

- by DTest

- by Richard

- by mmattax

- by zuallauz

- by user3393046

- by 50ndr33

- by styrken

- by gbuckingham89

- by toomanyairmiles

- by Tim Dexter

- by Troy Kitch

- by user736511

- by Sammy

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16 | Next Page >