Search Results

Search found 42331 results on 1694 pages for 'event log security'.

Page 91/1694 | < Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >

• What causes this logrotate behavior in Puppet?

  - by ujjain

  After running logrotate, Puppet starts writing it's logs into /var/log/puppet/masterhttp.log-20130616. How come it doesn't keep logging in /var/log/puppet/masterhttp.log? It seems normal behavior is renaming the original log-file and start with a clean fresh log-file to start writing in that log file, keeping the other file as a log-archive. [root@puppetmaster puppet]# ls -al total 97520 drwxr-x---. 2 puppet puppet 4096 Jun 16 03:24 . drwxr-xr-x. 12 root root 4096 Jul 1 09:11 .. -rw-r--r--. 1 puppet puppet 0 Jun 16 03:24 masterhttp.log -rw-rw----. 1 puppet puppet 99847187 Jul 1 09:19 masterhttp.log-20130616 [root@puppetmaster init.d]# cat /etc/logrotate.d/puppet /var/log/puppet/*log { missingok notifempty create 0644 puppet puppet sharedscripts postrotate pkill -USR2 -u puppet -f /usr/sbin/puppetmasterd || true [ -e /etc/init.d/puppet ] && /etc/init.d/puppet reload > /dev/null 2>&1 || true endscript } [root@puppetmaster init.d]# How can I make Puppet log to /var/log/puppet/masterhttp.log and not to /var/log/puppet/masterhttp.log-20130616? Even restarting puppet doesn't make it log into /var/log/puppet/masterhttp.log instead of /var/log/puppet/masterhttp.log-20130616.

  Read the article

• GPO best practices : Security-Group Filtering Versus OU

  - by Olivier Rochaix

  Good afternoon everyone, I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU. Do you think it is a good practice or should I stick to OU ? We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups. The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU. Thanks for your advices, Olivier

  Read the article

• Windows AD DNS: Event ID 5504

  - by Chris_K

  Two of my AD controllers (both running DNS service) appear to be having a similar issue. Both are throwing lots of events in the DNS events that look like this: Event Type: Information Event Source: DNS Event Category: None Event ID: 5504 Date: 5/24/2010 Time: 11:51:38 AM User: N/A Computer: ALPHA Description: The DNS server encountered an invalid domain name in a packet from 76.74.137.6. The packet will be rejected. The event data contains the DNS packet. That will come with the same event, same time, with a packet from 76.74.137.7 as well. I know this is "Information" not an error, but since it is new and different it bothers me (yes, I fear unexplained change!) Both machines are running Windows 2003 R2 SP2. The DNS servers are not exposed to the internet. Both DNS servers are configured to use OpenDNS for Forwarders. For both servers, this started about a week ago. Any thoughts on: 1) should I be concerned? 2) how can I stop/fix this? To keep it interesting, I have a 3rd AD / DNS box. Same domain, different Active Directory site. Same forwarders, yet doesn't have this issue.

  Read the article

• Is it possible to re-cab an Administrative Install Point?

  - by Nathaniel Bannister

  We have Acrobat 8 Pro at work, and our media was painfully out of date. Rather than install all of the machines at 8.0.0 and then do the 6 or 7 consecutive reboots adobe expects you to be ok with I decided I'd integrate the .msp files into the installer. After reading up on it, I figured out the exact patch order that adobe required, extracted my cd to an Administrative install point, and ran the patches against it: msiexec /a AcroPro.msi /p AcrobatUpd810_efgj_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd811_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd812_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd813_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd816_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd817_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd820_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd822_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd823_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd825_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" msiexec /a AcroPro.msi /p AcrobatUpd826_all_incr.msp TARGETDIR="C:\Acrobat8" /log "output.log" Now I have a AIP that is fully patched to 8.2.6 (Tested working prior to attempting to CAB it), but is absolutely huge (1.2gb) what I would like to do is take the folders within the AIP and put them back into a cab file for the sake of convenience in transferring the files around. I tried the command: cscript "C:\Program Files\Microsoft SDKs\Windows\v7.0\Samples\sysmgmt\msi\scripts\WiMakCab.vbs" AcroPro.msi Data1 /L /C /S Per the guide I was using, while this did produce the cab file I Wanted, however the resulting MSI fails to install with an error 2602: It's been a while since I've done something like this, and it's probably a glaring oversight on my part, but any insight would be much appreciated.

  Read the article

• Windows Server 2008 - change security settings for multiple files at once

  - by ovalsquare

  On Windows Server 2008, is there an easy way to modify security permissions for multiple files at once (as with Windows Server 2003)? Right-click menu - properties does not provide a "Security" tab if more than one file/directory is selected (i.e. ctrl-click multiple files). Is there really a valid security reason for changing this in Windows Server 2008?

  Read the article

• Exchange 2010: Find Move Request Log after move request completes

  - by gravyface

  EDIT: significantly changed my question here to streamline it a bit. I've gone ahead and used 100 as my corrupted item count and ran it from the Exchange Shell. So the trail of tears continues with my SBS 2003 to 2011 migration: all the mailboxes have moved mailbox store from OLDSERVER to NEWSERVER, with the Local Move Requests completing successfully, except for one. What I'd like to do now is review the previous move request log files: when they were in progress, I could right-click Properties Log View Log File, but now that they're completed, that's not available. Nor can I use: Get-MoveRequestStatistics <user> -includereport | fl MoveReport ...as the move request has now completed and it errors out with "couldn't find a move request that corresponds...". Basically what I'd like to do is present the list of baditems to the user so that they're aware of what items didn't come across and if anything important was lost, be able to check their current OST, an archive.pst, etc. to recover it if possible. If this all needs to be wrapped up in a batch Exchange power shell command to pipe the output to log files on disk somewhere, I'm all ears, and would appreciate it for the next migration we do.

  Read the article

• Group Policy for IE Security Zones

  - by Doug Luxem

  We are currently using the following Group Policy to control the Internet Explorer security zones: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Then setting the Site to Zone Assignment List with the various values using the following chart: Value Setting ------------------------------ 0 My Computer 1 Local Intranet Zone 2 Trusted sites Zone 3 Internet Zone 4 Restricted Sites Zone This works well; however, users are then unable to edit (or especially add) to their zone settings. Is there a way to lock in our custom zone settings while still giving users the ability to add their own sites to the security zones? Yes, I do realize the slight security risk in opening this up.

  Read the article

• Group policy not applying to security group

  - by ihavenoideawhatimdoing

  Preface: I have enough privileges to create GPOs in my OU, and have made a few of them for some simple tasks (like deploying a printer to certain users). Not actually a sysadmin...I'm a developer who is winging it. I wanted to create a GPO that would set a mapped folder for a certain security group (which I recently created and that contains only myself). Did the following: Created the GPO in MyOU - Users Removed the default Authenticted Users under Security Filtering Add the security group with my account to Security Filtering Set up the mapping via the User Configuration option Changed GPO Status to "Computer configuration settings disabled" Left WMI filtering to Closed the GPO at this point... Logged in as the target user; ran gpupdate /force Logged out, logged in, ran gpresult /r, no mention of my GPO Rebooted Logged in, re-ran gpupdate /force Logged out, logged in, ran gpresult /r, still no mention of my GPO If I log in with another completely different user, their RSOP information shows that the new GPO is being ignored due to a security restriction, so it appears to be "working" for other users. I just can't get it to actually show up in RSOP for the user it should be working. Is there anything else I can do short of rebooting endlessly and crossing my fingers?

  Read the article

• Missing access log for virtual host on Plesk

  - by Cummander Checkov

  For some reason i don't understand, after creating a new virtual host / domain in Plesk a few months back, i cannot seem to find the access log. I noticed this when running /usr/local/psa/admin/sbin/statistics The host in question is being scanned Main HTML page is 'awstats.<hostname_masked>-http.html'. Create/Update database for config "/opt/psa/etc/awstats/awstats.<hostname_masked>.com-https.conf" by AWStats version 6.95 (build 1.943) From data in log file "-"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Jumped lines in file: 0 Parsed lines in file: 0 Found 0 dropped records, Found 0 corrupted records, Found 0 old records, Found 0 new qualified records. So basically no access logs have been parsed/found. I then went on to check if i could find the log myself. I looked in /var/www/vhosts/<hostname_masked>.com/statistics/logs but all i find is error_log Does anybody know what is wrong here and perhaps how i could fix this? Note: in the <hostname_masked>.com/conf/ folder i keep a custom vhost.conf file, which however contains only some rewrite conditions plus a directory statement that contains php_admin_flag and php_admin_value settings. None of them are related to logging though.

  Read the article

• Dir all files to output.log, including message "File Not Found"

  - by user316687

  I'm trying to dir a bunch of files with dos command: dir My dir.bat file: dir E:\documentos\57\Asiento\01\"Asiento 3 Modificacion de Estatuto.doc" dir E:\documentos\134\Asiento\01\"File Does Not Exist.doc" dir E:\documentos\55\Asiento\01\"Asiento 5 Padron de Afiliados Segunda Entrega.doc" The second one doesn't exist. Then, when running my bat: C:\myuser>E:\dir.bat > output.log I open output.log and don't find any message about the file that was not found. Output.log : E:\documentos>dir E:\documentos\57\Asiento\01\"Asiento 3 Modificacion de Estatuto.doc" Volume in drive E is New Volume Volume Serial Number is 0027-F7F6 Directory of E:\documentos\57\Asiento\01 20/12/2005 06:41 p.m. 40,960 Asiento 3 Modificacion de Estatuto.doc 1 File(s) 40,960 bytes 0 Dir(s) 17,053,155,328 bytes free E:\documentos>dir E:\documentos\134\Asiento\01\"File Does Not Exist.doc" Volume in drive E is New Volume Volume Serial Number is 0027-F7F6 Directory of E:\documentos\134\Asiento\01 E:\documentos>dir E:\documentos\55\Asiento\01\"Asiento 5 Padron de Afiliados Segunda Entrega.doc" Volume in drive E is New Volume Volume Serial Number is 0027-F7F6 Directory of E:\documentos\55\Asiento\01 08/08/2007 08:33 a.m. 40,960 Asiento 5 Padron de Afiliados Segunda Entrega.doc 1 File(s) 40,960 bytes 0 Dir(s) 17,053,151,232 bytes free Is there any way that output.log shows "File Not Found" message?

  Read the article

• How does Slackware handle security updates?

  - by Abtin Forouzandeh

  I use a distribution that uses apt for package management and am accustomed to letting apt grab a list of package changes. I generally let it install all the needed security updates. I've been considering migrating to slackware. However, it seems slackware does not have a package management system. How would I learn about new security updates? Is the only way to monitor http://www.slackware.com/security/?

  Read the article

• Empty rewrite.log on Windows, RewriteLogLevel is in httpd.conf

  - by ripper234

  I am using mod_rewrite on Apache 2.2, Windows 7, and it is working ... except I don't see any logging information. I added these lines to the end of my httpd.conf: RewriteLog "c:\wamp\logs\rewrite.log" RewriteLogLevel 9 The log file is created when Apache starts (so it's not a permission problem), but it remains empty. I thought there might be a conflicting RewriteLogLevel statement somewhere, but I checked and there isn't. What else could cause this? Could this be caused by Apache not flushing the log file? (I closed it by hitting CTRL-C on the httpd.exe command ... this caused the access logs to be flushed to disk, but still nothing in rewrite.log) My (partial) httpd-vhosts.conf: <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName my.domain.com DocumentRoot c:\wamp\www\folder <Directory c:\wamp\www\folder> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule . everything-redirects-to-this.php [L] </IfModule> </Directory> </VirtualHost>

  Read the article

• Windows Server 2012 File Security Warning

  - by Technicolour

  I've mapped my domain users to a remote share, and I'm trying to get rid of the security warning that appears whenever a file is run from the remote share. I've tried adding the FQDN to the intranet list with no prevail and I'm starting to go crazy. I've also turned off IE Enhanced Security Configuration for both Admins and Users. The group policies are being applied, and I can see the FQDN in the intranet list in internet options. Relevant group policy: Relevant security warning:

  Read the article

• Walk me through the Linux log files (please)

  - by Andy

  Hey all, I just tried loading a 2MB file in gedit and it silently died on me. I was wondering if anything might appear in a log file that might help me diagnose this: I checked syslog and found out it segfaulted. While doing this I realised that I don't really know anything about how logging is organised on *nix machines. All I know at the mo is Logs are typically stored in /var/log/... is there anywhere else that I should know about? I'm familiar with application specific logs, such as apache's. I understand that dmesg is the bootup log, and syslog is a general system log... is that right? So would someone mind taking me through the most useful logs? Are the two logs I mention in the final point the only general logs? And what are the funky numbers at the start of lines in dmesg? Seconds since startup? Please include anything in your answers that you think would improve my understanding here and help me track down anomalies! TIA Andy

  Read the article

• Windows OS level file open event trigger

  - by john

  Colleagues, I have need to run a script/program on certain basic OS level events. In particular when a file in Windows is opened. The open may be read-only or to edit, and may be initiated by a number of means, either from windows explorer (open or ), be selected from a viewing or editing application from the native file chooser, or drag-n-drop into an editing or viewing application. Further, i need the trigger to "hold" the event from completing the action until the runtime on the program has completed. The event handler program may return a pass state, or fail state. If fail state has been returned, then the event must disallow the initially requested action. Lastly, I need to add to the file in question a property or attribute that will contain metadata that will be used by the above event trigger handler program to make a determination as to the pass/fail condition that will ultimately determine if the user is permitted to open the file. Please note that this is NOT a windows event log situation, but one at the OS level file open event. thanks very much for your help. regards, j

  Read the article

• How to make a request from an android app that can enter a Spring Security secured webservice method

  - by johnrock

  I have a Spring Security (form based authentication) web app running CXF JAX-RS webservices and I am trying to connect to this webservice from an Android app that can be authenticated on a per user basis. Currently, when I add an @Secured annotation to my webservice method all requests to this method are denied. I have tried to pass in credentials of a valid user/password (that currently exists in the Spring Security based web app and can log in to the web app successfully) from the android call but the request still fails to enter this method when the @Secured annotation is present. The SecurityContext parameter returns null when calling getUserPrincipal(). How can I make a request from an android app that can enter a Spring Security secured webservice method? Here is the code I am working with at the moment: Android call: httpclient.getCredentialsProvider().setCredentials( //new AuthScope("192.168.1.101", 80), new AuthScope(null, -1), new UsernamePasswordCredentials("joeuser", "mypassword")); String userAgent = "Android/" + getVersion(); HttpGet httpget = new HttpGet(MY_URI); httpget.setHeader("User-Agent", userAgent); httpget.setHeader("Content-Type", "application/xml"); HttpResponse response; try { response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); ... parse xml Webservice Method: @GET @Path("/payload") @Produces("application/XML") @Secured({"ROLE_USER","ROLE_ADMIN","ROLE_GUEST"}) public Response makePayload(@Context Request request, @Context SecurityContext securityContext){ Payload payload = new Payload(); payload.setUsersOnline(new Long(200)); if (payload == null) { return Response.noContent().build(); } else{ return Response.ok().entity(payload).build(); } }

  Read the article

• Flash Player, security: If a URL starts with "http://" will the SWF always be loaded into REMOTE san

  - by Pavel

  Seems to be a question for a Flash security guru. Suppose we are loading an external SWF movie with MovieClipLoader.loadMovie(url:String) Is it safe to assume that if url starts with "http://", the movie will be loaded in REMOTE sandbox? We need to tell local SWFs from remote ones to close a security hole. If you need the context read on. We have developed a Projector, written in C++ embedding Flash Player ActiveX. Our Flash application runs inside the Projector. Soon we want to give our users a way to create plugins for the application. The plugins are obviously will be SWF movies. The case I'm afraid of is the following. A bad person creates a malicious evil.swf pretending it to be nice plugin for our app. In case evil.swf is loaded from the local file system it is granted an access to the whole MovieClip tree and Projector API, opening C++ file access operations. On the other hand if evil.swf is loaded from the internet, remotely, it will be locked in REMOTE sandbox by Flash security model. Because of this, we need a reliable way to tell local SWF from remote one before loading it. And we must not make a mistake. So again, is it safe to assume that if url begins with "http://", the clip will be loaded inside REMOTE sandbox?

  Read the article

• C# Gui setting control.Enabled to false fires OnClick event???

  - by Daniel

  For some really weird reason when i set the .Enabled property to false on a simple text box on a small GUI, it fires a radio buttons OnClick event and its causing lots of problems. I have breakpointed the txtBox.Enabled = false; and after stepping over OR into it i jump straight to the OnClick event of the radio button control Here is the call stack as that happened: TestGUI.exe!TestGUI.frmMain.radiobuttonClicked(object sender = {Text = "Download Single Episode" Checked = true}, System.EventArgs e = {System.EventArgs}) Line 67 C# System.Windows.Forms.dll!System.Windows.Forms.Control.OnClick(System.EventArgs e) + 0x70 bytes System.Windows.Forms.dll!System.Windows.Forms.RadioButton.OnClick(System.EventArgs e) + 0x27 bytes System.Windows.Forms.dll!System.Windows.Forms.RadioButton.OnEnter(System.EventArgs e = {System.EventArgs}) + 0x3e bytes System.Windows.Forms.dll!System.Windows.Forms.Control.NotifyEnter() + 0x20 bytes System.Windows.Forms.dll!System.Windows.Forms.ContainerControl.UpdateFocusedControl() + 0x195 bytes System.Windows.Forms.dll!System.Windows.Forms.ContainerControl.AssignActiveControlInternal(System.Windows.Forms.Control value = {Text = "Download Single Episode" Checked = true}) + 0x54 bytes System.Windows.Forms.dll!System.Windows.Forms.ContainerControl.ActivateControlInternal(System.Windows.Forms.Control control, bool originator = false) + 0x76 bytes System.Windows.Forms.dll!System.Windows.Forms.ContainerControl.SetActiveControlInternal(System.Windows.Forms.Control value = {Text = "Download Single Episode" Checked = true}) + 0x73 bytes System.Windows.Forms.dll!System.Windows.Forms.ContainerControl.SetActiveControl(System.Windows.Forms.Control ctl) + 0x33 bytes System.Windows.Forms.dll!System.Windows.Forms.ContainerControl.ActiveControl.set(System.Windows.Forms.Control value) + 0x5 bytes System.Windows.Forms.dll!System.Windows.Forms.Control.Select(bool directed, bool forward) + 0x1b bytes System.Windows.Forms.dll!System.Windows.Forms.Control.SelectNextControl(System.Windows.Forms.Control ctl, bool forward, bool tabStopOnly, bool nested, bool wrap) + 0x7b bytes System.Windows.Forms.dll!System.Windows.Forms.Control.SelectNextControlInternal(System.Windows.Forms.Control ctl, bool forward, bool tabStopOnly, bool nested, bool wrap) + 0x4a bytes System.Windows.Forms.dll!System.Windows.Forms.Control.SelectNextIfFocused() + 0x61 bytes System.Windows.Forms.dll!System.Windows.Forms.Control.Enabled.set(bool value) + 0x42 bytes What the hell? It wouldn't have anything to do with the way i subscribe to the events would it? this.radioBtnMultipleDownload.Click += radiobuttonClicked; this.radioBtnSingleDownload.Click += radiobuttonClicked; this.radioCustomUrl.Click += radiobuttonClicked;

  Read the article

• SQL SERVER – guest User and MSDB Database – Enable guest User on MSDB Database

  - by pinaldave

  I have written a few articles recently on the subject of guest account. Here’s a quick list of these articles: SQL SERVER – Disable Guest Account – Serious Security Issue SQL SERVER – Force Removing User from Database – Fix: Error: Could not drop login ‘test’ as the user is currently logged in. SQL SERVER – Detecting guest User Permissions – guest User Access Status One of the advices which I gave in all the three blog posts was: Disable the guest user in the user-created database. Additionally, I have mentioned that one should let the user account become enabled in MSDB database. I got many questions asking if there is any specific reason why this should be kept enabled, questions like, “What is the reason that MSDB database needs guest user?” Honestly, I did not know that the concept of the guest user will create so much interest in the readers. So now let’s turn this blog post into questions and answers format. Q: What will happen if the guest user is disabled in MSDB database? A:  Lots of bad things will happen. Error 916 - Logins can connect to this instance of SQL Server but they do not have specific permissions in a database to receive the permissions of the guest user. Q: How can I determine if the guest user is enabled or disabled for any specific database? A: There are many ways to do this. Make sure that you run each of these methods with the context of the database. For an example for msdb database, you can run the following code: USE msdb; SELECT name, permission_name, state_desc FROM sys.database_principals dp INNER JOIN sys.server_permissions sp ON dp.principal_id = sp.grantee_principal_id WHERE name = 'guest' AND permission_name = 'CONNECT' There are many other methods to detect the guest user status. Read them here: Detecting guest User Permissions – guest User Access Status Q: What is the default status of the guest user account in database? A: Enabled in master, TempDb, and MSDB. Disabled in model database. Q: Why is the default status of the guest user disabled in model database? A: It is not recommended to enable the guest in user database as it can introduce serious security threat. It can seriously damage the database if configured incorrectly. Read more here: Disable Guest Account – Serious Security Issue Q: How to disable guest user? A: REVOKE CONNECT FROM guest Q: How to enable guest user? A: GRANT CONNECT TO guest Did I miss any critical question in the list? Please leave your question as a comment and I will add it to this list. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

  Read the article

• Opinion on LastPass's security for the Average Joe [closed]

  - by Rook

  This is borderline on objective/subjective, but I'm posting it here since I'm more interested in objective facts, without going into too much technical details, than I am in user reviews of LastPass. I've always used offline ways for (password / sensitive data) storage, but lately I keep hearing good things about LastPass. Indeed, it is more practical having it always accessible from every computer you're using without syncing and related problems, but the security aspect still troubles me. How (in a nutshell for dummies) does LastPass keep your data secure / can their employees see your data, and what is your opinion for such storage of more than usual keeping of sensitive data (bank PIN codes, some financial / business related stuff and so on - you know, the things that would practically hurt if lost / phished)? What are your opinions of it, and do you trust it for such? Any bad experiences? If someone for example is sniffing your wifi network, would such data be easier than usual to sniff out?

  Read the article

• www.foobar.com works but foobar.com results in a 'Server not found' error

  - by Homunculus Reticulli

  I have just setup a minimal (hopefully secure? - comments welcome) apache website using the following configuration file: <VirtualHost *:80> ServerName foobar.com ServerAlias www.foobar.com ServerAdmin [email protected] DocumentRoot /path/to/websites/foobar/web DirectoryIndex index.php # CustomLog with format nickname LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog "|/usr/bin/cronolog /var/log/apache2/%Y%m.foobar.access.log" common LogLevel notice ErrorLog "|/usr/bin/cronolog /var/log/apache2/%Y%m.foobar.errors.log" <Directory /> AllowOverride None Order Deny,Allow Deny from all </Directory> <Directory /path/to/websites/> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> I am able to access the website by using www.foobar.com, however when I type foobar.com, I get the error 'Server not found' - why is this? My second question concerns the security implications of the directive: <Directory /path/to/websites/> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> in the configuration above. What exactly is it doing, and is it necessary?. From my (admitedly limited) understanding of Apache configuration files, this means that anyone will be able to access (write to?) the /path/to/websites/ folder. Is my understanding correct? - and if yes, how is this not a security risk?

  Read the article

• ASP.NET Chart Control errors in Event Viewer

  - by Richard Reddy

  Hi, I have been using the ASP.NET chart controls for a while on win2k3 (32bit) setups without any issue but have noticed that on our new win2k8 (64bit) box I am getting a warning message showing up in the event viewer from the chart control. In my web.config file I have the following tag telling the Chart Control where I can store the Temp Files: <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" /> Below is the warning message produced by the control: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/7/2009 2:40:03 PM Event time (UTC): 10/7/2009 2:40:03 PM Event ID: 237c3b208962429e8bbc5a48ffd177f0 Event sequence: 2860 Event occurrence: 26 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-128993655360497729 Trust level: Full Application Virtual Path: / Application Path: C:\data\sites\mydomain.com\ Machine name: 231692-WEB Process information: Process ID: 4068 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: ArgumentException Exception message: The image is not found. Request information: Request URL: http://www.mydomain.com/ChartImg.axd?i=chart%5F0%5F3.png&g=bccc8aa11abb470980c60e8cf1e71e15 Request path: /ChartImg.axd User host address: my domain ip User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 7 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Web.UI.DataVisualization.Charting.ChartHttpHandler.ProcessSavedChartImage(HttpContext context) at System.Web.UI.DataVisualization.Charting.ChartHttpHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) It's worth pointing out that ALL of the chart images are displayed correctly on the screen so I'm not sure when/where the image not found error is being caused. Is this a 64bit issue? Thanks, Rich

  Read the article

• 'Important security update' for Firefox and flash plugin, but the update cannot be selected

  - by geoffrey

  [This question has been updated as I now have the same problem with Firefox in addition to flash plugin] The update manager (on Ubuntu 12.04, 64bit) shows an 'important security update' for flashplugin-installer:i386, firefox, and firefox-globalmenu. The update is unticked, and cannot be selected, and therefore cannot be updated (I can update other packages without problems). Actually the flashplugin-installer package does not appear to be installed on my computer (judging from the Software Centre). I can't remember how I installed flash, probably directly from the Adobe website. The updater asks me if I want to do a partial upgrade. When running sudo apt-get update && sudo apt-get upgrade from terminal, I get the following: The following packages have been kept back: firefox firefox-globalmenu flashplugin-installer:i386

  Read the article

• APress Deal of the Day 10/August/2014 - Pro ASP.NET Web API Security

  - by TATWORTH

  Originally posted on: http://geekswithblogs.net/TATWORTH/archive/2014/08/10/apress-deal-of-the-day-10august2014---pro-asp.net-web.aspxToday’s $10 Deal of the Day from APress at http://www.apress.com/9781430257820 is Pro ASP.NET Web API Security. “ASP.NET Web API is a key part of ASP.NET MVC 4. It has become the platform of choice for building RESTful services. Securing ASP.NET Web API applications requires a move away from traditional WCF-based techniques in favor of new SOAP-less methods. The evaluation, selection and analysis of these new techniques is the focus of this book.”

  Read the article

• Framework 4 Features: User Propogation to the Database

  - by Anthony Shorten

  Once of the features I mentioned in a previous entry was the ability for Oracle Utilities Application Framework V4 to automatically propogate the end user to the database connection. This bears more explanation. In the past releases of the Oracle Utilities Application Framework, all database connections are pooled and shared within a channel of access. So for example, the online connections on the Business Application Server share a common pool of connections and the batch in a thread pool shares a seperate pool of connections. The connections are pooled for performance reasons (the most expensive part of a typical transaction is opening and closing connections so we save time by having them ready beforehand). The idea is that when a business function needs some SQL to be execute it takes a spare connection from the pool, executes the SQL and then returns the connection back to the pool for reuse. Unfortunelty to support the pool being started and ready before the transactions arrives means that you need to have a shared userid (as you dont know the users who need them beforehand). Therefore each connection uses the same database user to execute the SQL it needs. This is acceptable for executing transactions, generally but does not allow the DBA or other tools to ascertain which end user is actually running the transaction. In Oracle Utilities Application Framework V4, we now set the CLIENT_IDENTIFIER to the end userid (not the Login Id) when the connection is taken from the pool and used and reset it back to blank when returned to the pool. The CLIENT_IDENTIFIER is a feature that is present in the Oracle Database connection information. From a monitoring perspective, when a connection to the database is actively running SQL, the end user is now able to be determined by querying the CLIENT_IDENTIFIER on the session object within the database. This can be done in the DBA's favorite monitoring tool (even just some SQL on the v$session table is enough). This has other implications as well. Oracle sells a lot of other security addons to the database and so do third parties. If a site wants to have additional levels of security or auditing in the database then the CLIENT_IDENTIFIER, if supported, is now available to be recorded or used by those products to provide additional levels of security. This facility was one of the highly "nice to haves" that customers would ask us about so we now allow it to be used to allow finer grained monitoring and additional security facilities. Note: This facility is only available for customers using the Oracle Database versions of our products.

  Read the article

< Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >