Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 94/529 | < Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101  | Next Page >

  • SECURITY Flaws in this design for User authentication.

    - by Shao
    SECURITY Flaws in this design for User authentication. From: http://wiki.pylonshq.com/display/pylonscookbook/Simple+Homegrown+Authentication Note: a. Project follows the MVC pattern. b. Only a user with a valid username and password is allowed submit something. Design: a. Have a base controller from which all controllers are derived from. b. Before any of the actions in the derived controllers are called the system calls a before action in the base controller. c. In each controller user hardcodes the actions that need to be verified in an array. d. The before action first looks in the array that has the actions that are protected and sees if a user is logged in or not by peaking into the session. If a user is present then user is allowed to submit otherwise user is redirected to login page. What do you think?

    Read the article

  • Speed vs security vs compatibility over methods to do string concatenation in Python

    - by Cawas
    Similar questions have been brought (good speed comparison there) on this same subject. Hopefully this question is different and updated to Python 2.6 and 3.0. So far I believe the faster and most compatible method (among different Python versions) is the plain simple + sign: text = "whatever" + " you " + SAY But I keep hearing and reading it's not secure and / or advisable. I'm not even sure how many methods are there to manipulate strings! I could count only about 4: There's interpolation and all its sub-options such as % and format and then there's the simple ones, join and +. Finally, the new approach to string formatting, which is with format, is certainly not good for backwards compatibility at same time making % not good for forward compatibility. But should it be used for every string manipulation, including every concatenation, whenever we restrict ourselves to 3.x only? Well, maybe this is more of a wiki than a question, but I do wish to have an answer on which is the proper usage of each string manipulation method. And which one could be generally used with each focus in mind (best all around for compatibility, for speed and for security). Thanks.

    Read the article

  • java.security.AccessControlException : access denied (java.util.PropertyPermission http.agent read)

    - by Stefano Borini
    I have a non-signed java applet interacting with the same host. Every time I click on an element in my page, the applet (which is a third part applet I have no control on) should load data from a URL. I say should, because for some files, I get java.security.AccessControlException : access denied (java.util.PropertyPermission http.agent read) and some other files are correctly loaded. All files are correctly readable and downloadable from the web server, and they are very simple text files. I also found that, in some cases, files that previously returned the error are now loaded and continue to load, so it seems a cache is involved somehow. Does any of you have an idea of what's going on here ? The behavior seems to be absolutely random, and I have no way of performing debug on this thing. Note: I used this applet to perform many other "single shot" file access, and it never gave me any problem. The only apparent difference I have is that now I do it "on-demand" via a javascript event. What could be the cause, in the java of the applet or anywhere else ?

    Read the article

  • Group / User based security. Table / SQL question

    - by Brett
    Hi, I'm setting up a group / user based security system. I have 4 tables as follows: user groups group_user_mappings acl where acl is the mapping between an item_id and either a group or a user. The way I've done the acl table, I have 3 columns of note (actually 4th one as an auto-id, but that is irrelevant) col 1 item_id (item to access) col 3 user_id (user that is allowed to access) col 3 group_id (group that is allowed to access) So for example item1, peter, , item2, , group1 item3, jane, , so either the acl will give access to a user or a group. Any one line in the ACL table with either have an item - user mapping, or an item group. If I want to have a query that returns all objects a user has access to, I think I need to have a SQL query with a UNION, because I need 2 separate queries that join like.. item - acl - group - user AND item - acl - user This I guess will work OK. Is this how its normally done? Am I doing this the right way? Seems a little messy. I was thinking I could get around it by creating a single user group for each person, so I only ever deal with groups in my SQL, but this seems a little messy as well..

    Read the article

  • Security Exception when using Custom ASP.NET Healthmonitoring event in medium trust

    - by Elementenfresser
    Hi, I'm using custom healthmonitoring events in ASP.NET We recently moved to a new server with default High Trust Permissions. Literature says that healthmonitoring and custom events should work under Medium or higher trust (http://msdn.microsoft.com/en-us/library/bb398933.aspx). Problem is - it doesn't. In less than full trust I get a SecurityException saying The application attempted to perform an operation not allowed by the security policy It works in Full trust or when I remove the inheritance of System.Web.Management.WebErrorEvent. Any suggestions anyone? Here is the super simple code behind with a custom event defined: public partial class Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { try { CallCustomEvent(); } catch (Exception ex) { Response.Write(ex.Message); throw ex; } } /// <summary> /// this metho is never called due to lacking permissions... /// </summary> private void CallCustomEvent() { try { //do something useful here } catch (Exception) { //code to instantiate the forbidden inheritance... WebBaseEvent.Raise(new CustomEvent()); } } } /// <summary> /// custom error inheriting WebErrorEvent which is not allowed in high trust? can't believe that... /// </summary> public class CustomEvent : WebErrorEvent { public CustomEvent() : base("test", HttpContext.Current.Request, 100001, new ApplicationException("dummy")) { } } and the Web Config excerpt for high trust: <system.web> <trust level="High" originUrl="" />

    Read the article

  • Using jQuery with Windows 8 Metro JavaScript App causes security error

    - by patridge
    Since it sounded like jQuery was an option for Metro JavaScript apps, I was starting to look forward to Windows 8 dev. I installed Visual Studio 2012 Express RC and started a new project (both empty and grid templates have the same problem). I made a local copy of jQuery 1.7.2 and added it as a script reference. <!-- SomeTestApp references --> <link href="/css/default.css" rel="stylesheet" /> <script src="/js/jquery-1.7.2.js"></script> <script src="/js/default.js"></script> Unfortunately, as soon as I ran the resulting app it tosses out a console error: HTML1701: Unable to add dynamic content ' a' A script attempted to inject dynamic content, or elements previously modified dynamically, that might be unsafe. For example, using the innerHTML property to add script or malformed HTML will generate this exception. Use the toStaticHTML method to filter dynamic content, or explicitly create elements and attributes with a method such as createElement. For more information, see http://go.microsoft.com/fwlink/?LinkID=247104. I slapped a breakpoint in a non-minified version of jQuery and found the offending line: div.innerHTML = " <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>"; Apparently, the security model for Metro apps forbids creating elements this way. This error doesn't cause any immediate issues for the user, but given its location, I am worried it will cause capability-discovery tests in jQuery to fail that shouldn't. I definitely want jQuery $.Deferred for making just about everything easier. I would prefer to be able to use the selector engine and event handling systems, but I would live without them if I had to. How does one get the latest jQuery to play nicely with Metro development?

    Read the article

  • Security header is not valid - using curl php

    - by toni
    Hi all, Im implementing the Express Checkout, Paypal API using PHP. I have no problem with the first step:SetExpressCheckout. I a have awk=success. But in method GetExpressCheckout I get "Security header is not valid". I try to figure out the problem and i think found out maybe it was the curl not working well.. What i did i copy the whole URL: https://api-3t.sandbox.paypal.com/nvp?USER=sanbox_1276609583_biz_api1.gmail.com&PWD=1276609589&SIGNATURE=AYVosblmD7khKkvvb.bNxvFT0OQ2A8GopwByEuC.CfMHt65VaUmvAEy-&VERSION=62.0&token=EC-3YG18670X88588437&METHOD=GetExpressCheckoutDetails and paste it to the browser. This will result to: TOKEN=EC%2d3YG18670X88588437&CHECKOUTSTATUS=PaymentActionNotInitiated&TIMESTAMP=2010%2d06%2d16T07%3a40%3a12Z&CORRELATIONID=e1a1e469bf066&ACK=Success&VERSION=62%2e0&BUILD=1356926... But when that url executed in the function I made it will not work. Below is my function: function mycurl($url,$querystr){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $querystr); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $response = curl_exec($ch); curl_close ($ch); return $response; } I hope somebody can help on this. thanks so much. Note: - I Used the sandbox for this. I created a sandbox account, I have a Business account to represent a merchant, and a Personal account to represent a buyer. And I used this: endpoint url: api-3t.sandbox.paypal.com/nvp sandbox url: www.sandbox.paypal.com/cgi-bin/webscr This should not be the issue.

    Read the article

  • problem of setting audit rules: Syscall name unknown: stime

    - by zhaojing
    I am setting audit rules in /etc/audit/audit.rules. As the requirement : The audit system should be configured to audit all administrative, privileged, and security actions. So I add one line into /etc/audit/auditd.rules: -a exit,always -S stime -S acct -S reboot -S swapon However, after I restart audit.d by service auditd restart: There is error comeout: Stopping auditd: [ OK ] Starting auditd: [ OK ] Syscall name unknown: stime There was an error in line 14 of /etc/audit/audit.rules It seems stime can't be recognized. Could anybody help me to find out what is wrong with my added rule? Thanks a lot!

    Read the article

  • "Something wicked happened" error in apt-get

    - by Dragon
    Everytime I try to install through terminal I get this" I am not able to install or update and I can't find working answer for this here. Here is my apt-get update result: Hit http://ppa.launchpad.net raring Release.gpg Hit http://deb.opera.com stable Release.gpg Hit http://ppa.launchpad.net raring Release.gpg Hit http://deb.opera.com stable Release Hit http://ppa.launchpad.net raring Release Hit http://deb.opera.com stable/non-free i386 Packages Hit http://ppa.launchpad.net raring Release Hit http://ppa.launchpad.net raring/main i386 Packages Hit http://ppa.launchpad.net raring/main i386 Packages Ign http://deb.opera.com stable/non-free Translation-en_US Ign http://deb.opera.com stable/non-free Translation-en Ign http://ppa.launchpad.net raring/main Translation-en_US Ign http://ppa.launchpad.net raring/main Translation-en Ign http://ppa.launchpad.net raring/main Translation-en_US Ign http://ppa.launchpad.net raring/main Translation-en Err http://archive.ubuntu.com raring Release.gpg Something wicked happened resolving 'archive.ubuntu.com:http' (-11 - System error) Err http://extras.ubuntu.com raring Release.gpg Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) Err http://dl.google.com stable Release.gpg Something wicked happened resolving 'dl.google.com:http' (-11 - System error) Ign https://private-ppa.launchpad.net quantal Release.gpg Err http://archive.ubuntu.com raring-updates Release.gpg Something wicked happened resolving 'archive.ubuntu.com:http' (-11 - System error) Get:1 http://archive.ubuntu.com raring-security Release.gpg [933 B] Get:2 http://archive.ubuntu.com raring-proposed Release.gpg [933 B] Get:3 http://archive.ubuntu.com raring-backports Release.gpg [933 B] Hit http://archive.ubuntu.com raring Release Get:4 http://archive.ubuntu.com raring-updates Release [40.8 kB] Get:5 http://archive.ubuntu.com raring-security Release [40.8 kB] Ign http://extras.ubuntu.com raring Release Ign http://dl.google.com stable Release Ign https://private-ppa.launchpad.net quantal Release Get:6 http://archive.ubuntu.com raring-proposed Release [40.8 kB] Hit http://archive.ubuntu.com raring-backports Release Ign http://archive.ubuntu.com raring/main Sources/DiffIndex Ign http://archive.ubuntu.com raring/restricted Sources/DiffIndex Ign http://archive.ubuntu.com raring/universe Sources/DiffIndex Ign http://archive.ubuntu.com raring/multiverse Sources/DiffIndex Ign http://archive.ubuntu.com raring/main i386 Packages/DiffIndex Ign http://archive.ubuntu.com raring/restricted i386 Packages/DiffIndex Ign http://archive.ubuntu.com raring/universe i386 Packages/DiffIndex Ign http://archive.ubuntu.com raring/multiverse i386 Packages/DiffIndex Hit http://archive.ubuntu.com raring/main Translation-en Hit http://archive.ubuntu.com raring/multiverse Translation-en Hit http://archive.ubuntu.com raring/restricted Translation-en Ign http://dl.google.com stable/main i386 Packages/DiffIndex Hit http://archive.ubuntu.com raring/universe Translation-en Ign http://archive.ubuntu.com raring-updates/main Sources/DiffIndex Ign http://archive.ubuntu.com raring-updates/restricted Sources/DiffIndex Ign http://archive.ubuntu.com raring-updates/universe Sources/DiffIndex Ign https://private-ppa.launchpad.net quantal/main i386 Packages/DiffIndex Ign http://archive.ubuntu.com raring-updates/multiverse Sources/DiffIndex Ign http://archive.ubuntu.com raring-updates/main i386 Packages/DiffIndex Hit http://dl.google.com stable/main i386 Packages Ign http://archive.ubuntu.com raring-updates/restricted i386 Packages/DiffIndex Ign http://archive.ubuntu.com raring-updates/universe i386 Packages/DiffIndex Ign http://archive.ubuntu.com raring-updates/multiverse i386 Packages/DiffIndex Hit http://archive.ubuntu.com raring-updates/main Translation-en Hit http://archive.ubuntu.com raring-updates/multiverse Translation-en Hit http://archive.ubuntu.com raring-updates/restricted Translation-en Hit http://archive.ubuntu.com raring-updates/universe Translation-en Get:7 http://archive.ubuntu.com raring-security/main Sources [24.7 kB] Get:8 http://archive.ubuntu.com raring-security/restricted Sources [14 B] Get:9 http://archive.ubuntu.com raring-security/universe Sources [4,802 B] Get:10 http://archive.ubuntu.com raring-security/multiverse Sources [690 B] Hit https://private-ppa.launchpad.net quantal/main i386 Packages Ign http://dl.google.com stable/main Translation-en_US Get:11 http://archive.ubuntu.com raring-security/main i386 Packages [67.9 kB] Ign http://dl.google.com stable/main Translation-en Get:12 http://archive.ubuntu.com raring-security/restricted i386 Packages [14 B] Get:13 http://archive.ubuntu.com raring-security/universe i386 Packages [19.2 kB] Get:14 http://archive.ubuntu.com raring-security/multiverse i386 Packages [1,403 B] Hit http://archive.ubuntu.com raring-security/main Translation-en Ign http://extras.ubuntu.com raring/main Sources/DiffIndex Hit http://archive.ubuntu.com raring-security/multiverse Translation-en Hit http://archive.ubuntu.com raring-security/restricted Translation-en Hit http://archive.ubuntu.com raring-security/universe Translation-en Get:15 http://archive.ubuntu.com raring-proposed/universe i386 Packages [18.0 kB] Get:16 http://archive.ubuntu.com raring-proposed/main i386 Packages [29.9 kB] Get:17 http://archive.ubuntu.com raring-proposed/multiverse i386 Packages [14 B] Get:18 http://archive.ubuntu.com raring-proposed/restricted i386 Packages [14 B] Hit http://archive.ubuntu.com raring-proposed/main Translation-en Hit http://archive.ubuntu.com raring-proposed/multiverse Translation-en Hit http://archive.ubuntu.com raring-proposed/restricted Translation-en Hit http://archive.ubuntu.com raring-proposed/universe Translation-en Hit http://archive.ubuntu.com raring-backports/multiverse i386 Packages Hit http://archive.ubuntu.com raring-backports/main i386 Packages Hit http://archive.ubuntu.com raring-backports/restricted i386 Packages Hit http://archive.ubuntu.com raring-backports/universe i386 Packages Hit http://archive.ubuntu.com raring-backports/main Translation-en Ign https://private-ppa.launchpad.net quantal/main Translation-en_US Hit http://archive.ubuntu.com raring-backports/multiverse Translation-en Hit http://archive.ubuntu.com raring-backports/restricted Translation-en Hit http://archive.ubuntu.com raring-backports/universe Translation-en Hit http://archive.ubuntu.com raring/main Sources Ign https://private-ppa.launchpad.net quantal/main Translation-en Hit http://archive.ubuntu.com raring/restricted Sources Hit http://archive.ubuntu.com raring/universe Sources Hit http://archive.ubuntu.com raring/multiverse Sources Hit http://archive.ubuntu.com raring/main i386 Packages Hit http://archive.ubuntu.com raring/restricted i386 Packages Hit http://archive.ubuntu.com raring/universe i386 Packages Hit http://archive.ubuntu.com raring/multiverse i386 Packages Get:19 http://archive.ubuntu.com raring-updates/main Sources [37.0 kB] Get:20 http://archive.ubuntu.com raring-updates/restricted Sources [14 B] Get:21 http://archive.ubuntu.com raring-updates/universe Sources [49.8 kB] Ign http://extras.ubuntu.com raring/main i386 Packages/DiffIndex Get:22 http://archive.ubuntu.com raring-updates/multiverse Sources [690 B] Get:23 http://archive.ubuntu.com raring-updates/main i386 Packages [93.5 kB] Get:24 http://archive.ubuntu.com raring-updates/restricted i386 Packages [14 B] Get:25 http://archive.ubuntu.com raring-updates/universe i386 Packages [94.2 kB] Get:26 http://archive.ubuntu.com raring-updates/multiverse i386 Packages [1,403 B] Ign http://archive.ubuntu.com raring/main Translation-en_US Ign http://archive.ubuntu.com raring/multiverse Translation-en_US Ign http://archive.ubuntu.com raring/restricted Translation-en_US Ign http://archive.ubuntu.com raring/universe Translation-en_US Ign http://archive.ubuntu.com raring-updates/main Translation-en_US Ign http://archive.ubuntu.com raring-updates/multiverse Translation-en_US Ign http://archive.ubuntu.com raring-updates/restricted Translation-en_US Ign http://archive.ubuntu.com raring-updates/universe Translation-en_US Ign http://archive.ubuntu.com raring-security/main Translation-en_US Ign http://archive.ubuntu.com raring-security/multiverse Translation-en_US Ign http://archive.ubuntu.com raring-security/restricted Translation-en_US Ign http://archive.ubuntu.com raring-security/universe Translation-en_US Ign http://archive.ubuntu.com raring-proposed/main Translation-en_US Ign http://archive.ubuntu.com raring-proposed/multiverse Translation-en_US Ign http://archive.ubuntu.com raring-proposed/restricted Translation-en_US Ign http://archive.ubuntu.com raring-proposed/universe Translation-en_US Ign http://archive.ubuntu.com raring-backports/main Translation-en_US Ign http://archive.ubuntu.com raring-backports/multiverse Translation-en_US Ign http://archive.ubuntu.com raring-backports/restricted Translation-en_US Ign http://archive.ubuntu.com raring-backports/universe Translation-en_US Err http://extras.ubuntu.com raring/main Translation-en_US Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) Err http://extras.ubuntu.com raring/main Translation-en Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) Err http://extras.ubuntu.com raring/main Sources Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) Err http://extras.ubuntu.com raring/main i386 Packages Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) Fetched 568 kB in 8min 0s (1,181 B/s) W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/Release.gpg Something wicked happened resolving 'archive.ubuntu.com:http' (-11 - System error) W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring-updates/Release.gpg Something wicked happened resolving 'archive.ubuntu.com:http' (-11 - System error) W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/raring/Release.gpg Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) W: Failed to fetch http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg Something wicked happened resolving 'dl.google.com:http' (-11 - System error) W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/raring/main/i18n/Translation-en_US Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/raring/main/i18n/Translation-en Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/raring/main/source/Sources Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/raring/main/binary-i386/Packages Something wicked happened resolving 'extras.ubuntu.com:http' (-11 - System error) E: Some index files failed to download. They have been ignored, or old ones used instead.

    Read the article

  • How to disable SSLCompression on Apache httpd 2.2.15?

    - by Stefan Lasiewski
    I read about the CRIME attack against TLS Compression (CRIME is a successor to the BEAST attack against ssl & tls), and I want to protect my webservers against this attack by disabling SSL Compression, which was added to Apache 2.2.22 (See Bug 53219). I am running Scientific Linux 6.1, which ships with httpd-2.2.15. Security fixes for upstream versions of httpd 2.2 should be backported to this version. # rpm -q httpd httpd-2.2.15-15.sl6.1.x86_64 # httpd -V Server version: Apache/2.2.15 (Unix) Server built: Feb 14 2012 09:47:14 Server's Module Magic Number: 20051115:24 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 I tried SSLCompression off in my configuration, but that results in the following error message: # /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: Syntax error on line 147 of /etc/httpd/httpd.conf: Invalid command 'SSLCompression', perhaps misspelled or defined by a module not included in the server configuration [FAILED] Is it possible to disable SSLCompression with this version of Apache Webserver?

    Read the article

  • Look Inside WebLogic Server Embedded LDAP with an LDAP Explorer

    - by james.bayer
    Today a question came up on our internal WebLogic Server mailing lists about an issue deleting a Group from WebLogic Server.  The group had a special character in the name. The WLS console refused to delete the group with the message a java.net.MalformedURLException and another message saying “Errors must be corrected before proceeding.” as shown below. The group aa:bb is the one with the issue.  Click to enlarge. WebLogic Server includes an embedded LDAP server that can be used for managing users and groups for “reasonably small environments (10,000 or fewer users)”.  For organizations scaling larger or using more high-end features, I recommend looking at one of Oracle’s very popular enterprise directory services products like Oracle Internet Directory or Oracle Directory Server Enterprise Edition.  You can configure multiple authenicators in WebLogic Server so that you can use multiple directories at the same time. I am not sure WebLogic Server supports special characters in group names for the Embedded LDAP server, but in this case both the console and WLST reported the same issue deleting the group with the special character in the name.  Here’s the WLST output: wls:/hotspot_domain/serverConfig/SecurityConfiguration/hotspot_domain/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator> cmo.removeGroup('aa:bb') Traceback (innermost last): File "<console>", line 1, in ? weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090296]invalid URL ldap:///ou=people,ou=myrealm,dc=hotspot_domain??sub?(&(objectclass=person)(wlsMemberOf=cn=aa:bb,ou=groups,ou=myrealm,dc=hotspot_domain)) at weblogic.security.providers.authentication.LDAPAtnGroupMembersNameList.advance(LDAPAtnGroupMembersNameList.java:254) at weblogic.security.providers.authentication.LDAPAtnGroupMembersNameList.<init>(LDAPAtnGroupMembersNameList.java:119) at weblogic.security.providers.authentication.LDAPAtnDelegate.listGroupMembers(LDAPAtnDelegate.java:1392) at weblogic.security.providers.authentication.LDAPAtnDelegate.removeGroup(LDAPAtnDelegate.java:1989) at weblogic.security.providers.authentication.DefaultAuthenticatorImpl.removeGroup(DefaultAuthenticatorImpl.java:242) at weblogic.security.providers.authentication.DefaultAuthenticatorMBeanImpl.removeGroup(DefaultAuthenticatorMBeanImpl.java:407) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449) at java.security.AccessController.doPrivileged(Native Method) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447) at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:263) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449) at java.security.AccessController.doPrivileged(Native Method) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447) at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444) at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323) at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663) at java.security.AccessController.doPrivileged(Native Method) at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654) at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427) at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72) at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265) at java.security.AccessController.doPrivileged(Native Method) at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367) at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788) at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source) at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667) at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146) at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518) at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) at weblogic.work.ExecuteThread.run(ExecuteThread.java:176) Caused by: java.net.MalformedURLException at netscape.ldap.LDAPUrl.readNextConstruct(LDAPUrl.java:651) at netscape.ldap.LDAPUrl.parseUrl(LDAPUrl.java:277) at netscape.ldap.LDAPUrl.<init>(LDAPUrl.java:114) at weblogic.security.providers.authentication.LDAPAtnGroupMembersNameList.advance(LDAPAtnGroupMembersNameList.java:224) ... 41 more It’s fairly clear that in order to work that the : character needs to be URL encoded to %3A or similar.  But all is not lost, there is another way.  You can configure an LDAP Explorer like JXplorer to WebLogic Server Embedded LDAP and browse/edit the entries. Follow the instructions here, being sure to change the authentication credentials to the Embedded LDAP server to some value you know, as by default they are some unknown value.  You’ll need to reboot the WebLogic Server Admin Server after making this change. Now configure JXplorer to connect as described in the documentation.  I’ve circled the important inputs.  In this example, my domain name is “hotspot_domain” which listens on the localhost listen address and port 7001.  The cn=Admin user name is a constant identifier for the Administrator of the embedded LDAP and that does not change, but you need to know what it is so you can enter it into the tool you use. Once you connect successfully, you can explore the entries and in this case delete the group that is no longer desired.

    Read the article

  • Most basic, low power home surveillance system

    - by cbp
    I am thinking of setting up a simple but effective surveillance system for my house that is: Very low powered (preferably no PCs left running out of stand-by mode) Cheap. When motion (or sound) is detected, I would like it to: Send an email/phone alert to me Record and upload video to the web (in case they steal the camera) So I imagine a system where I leave a netbook PC in stand-by mode and have it woken up by a motion detector. This initiates software to send alerts and periodically upload recorded video to the web. The software part is easy for me, but I'm not really a gadget-man so I'd like some advice on using a motion sensor of some sort to wake up the PC. Does anyone have some good advice? I know there are a couple of questions dealing with this topic already (see here: http://superuser.com/questions/3054/looking-for-a-moderately-priced-home-surveillance-setup, and here: http://superuser.com/questions/2929/can-you-suggest-a-great-home-security-setup-anti-burglars-e-t-c) - I am seeking more specific information with this question.

    Read the article

  • Why does apt-get fail to resolve the mirror?

    - by Jake Kubisiak
    I know this has been covered before, but I can't seem to resolve my issue. Here is my output. jake@KUBIE-SERVER:~$ sudo apt-get update Err http://us.archive.ubuntu.com precise InRelease Err http://us.archive.ubuntu.com precise-updates InRelease Err http://us.archive.ubuntu.com precise-backports InRelease Err http://security.ubuntu.com precise-security InRelease Err http://archive.canonical.com precise InRelease Err http://ppa.launchpad.net precise InRelease Err http://archive.canonical.com precise Release.gpg Temporary failure resolving 'archive.canonical.com' Err http://ppa.launchpad.net precise Release.gpg Temporary failure resolving 'ppa.launchpad.net' Err http://security.ubuntu.com precise-security Release.gpg Temporary failure resolving 'security.ubuntu.com' Err http://us.archive.ubuntu.com precise Release.gpg Temporary failure resolving 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com precise-updates Release.gpg Temporary failure resolving 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com precise-backports Release.gpg Temporary failure resolving 'us.archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise/InRelease W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise- updates/InRelease W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise- backports/InRelease W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/precise-security/InRelease W: Failed to fetch http://archive.canonical.com/ubuntu/dists/precise/InRelease W: Failed to fetch http://ppa.launchpad.net/webupd8team/java/ubuntu/dists/precise/InRelease W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise/Release.gpg Temporary failure resolving 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise- updates/Release.gpg Temporary failure resolving 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise- backports/Release.gpg Temporary failure resolving 'us.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/precise- security/Release.gpg Temporary failure resolving 'security.ubuntu.com' W: Failed to fetch http://archive.canonical.com/ubuntu/dists/precise/Release.gpg Temporary failure resolving 'archive.canonical.com' W: Failed to fetch http://ppa.launchpad.net/webupd8team/java/ubuntu/dists/precise/Release.gpg Temporary failure resolving 'ppa.launchpad.net' W: Some index files failed to download. They have been ignored, or old ones used instead. Any help is greatly appreciated.

    Read the article

  • Is it a bad idea to run an asp.net app pool with the same identity as IIS's anon user?

    - by Andrew Bullock
    Subject says it all really, Thinking on security terms, I want to give each site on my server its own user account, so that they can't access each other's data. I also want to use integrated authentication for sql so i dont have any passwords knocking about in connection strings. Is it a bad idea to use the same account for the app pool identity and the anon user account for iis (im interested in answers for both v6 and 7)? Edit: ive seen this post describing how IIS7 allows you to automatically use the same account, but the question of whether its a good idea or not remains ;) If so, why? Thanks

    Read the article

  • Server Administration

    - by Kassem
    Hi everyone, My client asked me for a job description of a system administration because I might be assigned this position along with the other guy I'm working with. To be honest, I do not know much about a System Administrator's job but I'm willing to learn. Questions: What are the security requirements of a server? * What are the key responsibilities in a system admin's job description? What are some of the day to day tasks of a system admin? What is the average monthly salary of a system admin? Note: I will be working inside a Windows environment. But your replies do not necessarily need to be constricted to a Windows environment. (*) Other software I know will be required are: Windows Server 2008 IIS 7.0 MS SQL Server .NET 4.0 Runtime Let me know if there are other things I should be aware of as well. Thanks!

    Read the article

  • Did Firefox running in OSX get hacked

    - by z-buffer
    When I try to do a google search in Firefox, I can't click on any of the links. They're just regular black text, not hyperlinks. I even tried safe mode and disabling all the plugins. I was running Firefox 12. I installed the current version over it and it's the same thing. Other browsers have not been affected. This is what it looks like. Edit: My firewall was turned off and I had several things running which are potential security holes. I turned on my firewall and closed all unnecessary ports. I also turned off Home Sharing. Then I restarted my computer. After that, Firefox works normally again. What do you think happened?

    Read the article

  • Can not create a linked server between SQL Server 2008 on a desktop and my laptop

    - by norlando
    I'm having an issue getting the linked server to connect between a desktop and my laptop. Both have SQL server 2008 and the link is coming from the desktop to my laptop. Also, both computers have Windows 7. I don't have any issues creating the linked server from my laptop to the desktop. The error I'm getting is "Login failed for user '[UserName]'. (Microsoft SQL Server, Error: 18456)." I let the user name out for security reasons. The user is an sa on both SQL servers and an admin on both computers. Does anyone have an idea what could be stopping me from creating the linked server from the desktop to my laptop?

    Read the article

  • I just got a linode VPS a week ago and I've been flagged for SSH scanning

    - by meder
    I got a 32-bit Debian VPS from http://linode.com and I really haven't done any sort of advanced configuration for securing it ( port 22; password enabled ). It seems somehow there is ssh scanning going on from my IP, I'm being flagged as this is against the TOS. I've been SSHing only from my home Comcast ISP which I run Linux on. Is this a common thing when getting a new vps? Are there any standard security configuration tips? I'm quite confused as to how my machine has been accused of this ssh scanning.

    Read the article

  • How to protect my VPS from winlogon RDP spam requests

    - by Valentin Kuzub
    I got some hackers constantly hitting my RDP and generating thousands of audit failures in event log. Password is pretty elaborate so I dont think bruteforcing will get them anywhere. I am using VPS and I am pretty much a noob in Windows Server security (am a programmer myself and its my webserver for my site). Which is a recommended approach to deal with this? I would rather block IPs after some amount of failures for example. Sorry if question is not appropriate.

    Read the article

  • Local Password Management

    - by ultimazombie88
    In our office (and I am sure many others) we access various websites and tend to share one account with our team. For example, we share credentials to Ebay and change them every few weeks to maintain some sense of security. However, we know this does not allow for any type of accountability for major changes. After some discussion we want to try to manage how we distribute credentials for sites that may not offer child accounts. Is there any smart and safe way to do this? If so how do you do it?

    Read the article

  • October 2012 Critical Patch Update and Critical Patch Update for Java SE Released

    - by Eric P. Maurice
    Hi, this is Eric Maurice. Oracle has just released the October 2012 Critical Patch Update and the October 2012 Critical Patch Update for Java SE.  As a reminder, the release of security patches for Java SE continues to be on a different schedule than for other Oracle products due to commitments made to customers prior to the Oracle acquisition of Sun Microsystems.  We do however expect to ultimately bring Java SE in line with the regular Critical Patch Update schedule, thus increasing the frequency of scheduled security releases for Java SE to 4 times a year (as opposed to the current 3 yearly releases).  The schedules for the “normal” Critical Patch Update and the Critical Patch Update for Java SE are posted online on the Critical Patch Updates and Security Alerts page. The October 2012 Critical Patch Update provides a total of 109 new security fixes across a number of product families including: Oracle Database Server, Oracle Fusion Middleware, Oracle E-Business Suite, Supply Chain Products Suite, Oracle PeopleSoft Enterprise, Oracle Customer Relationship Management (CRM), Oracle Industry Applications, Oracle FLEXCUBE, Oracle Sun products suite, Oracle Linux and Virtualization, and Oracle MySQL. Out of these 109 new vulnerabilities, 5 affect Oracle Database Server.  The most severe of these Database vulnerabilities has received a CVSS Base Score of 10.0 on Windows platforms and 7.5 on Linux and Unix platforms.  This vulnerability (CVE-2012-3137) is related to the “Cryptographic flaws in Oracle Database authentication protocol” disclosed at the Ekoparty Conference.  Because of timing considerations (proximity to the release date of the October 2012 Critical Patch Update) and the need to extensively test the fixes for this vulnerability to ensure compatibility across the products stack, the fixes for this vulnerability were not released through a Security Alert, but instead mitigation instructions were provided prior to the release of the fixes in this Critical Patch Update in My Oracle Support Note 1492721.1.  Because of the severity of these vulnerabilities, Oracle recommends that this Critical Patch Update be installed as soon as possible. Another 26 vulnerabilities fixed in this Critical Patch Update affect Oracle Fusion Middleware.  The most severe of these Fusion Middleware vulnerabilities has received a CVSS Base Score of 10.0; it affects Oracle JRockit and is related to Java vulnerabilities fixed in the Critical Patch Update for Java SE.  The Oracle Sun products suite gets 18 new security fixes with this Critical Patch Update.  Note also that Oracle MySQL has received 14 new security fixes; the most severe of these MySQL vulnerabilities has received a CVSS Base Score of 9.0. Today’s Critical Patch Update for Java SE provides 30 new security fixes.  The most severe CVSS Base Score for these Java SE vulnerabilities is 10.0 and this score affects 10 vulnerabilities.  As usual, Oracle reports the most severe CVSS Base Score, and these CVSS 10.0s assume that the user running a Java Applet or Java Web Start application has administrator privileges (as is typical on Windows XP). However, when the user does not run with administrator privileges (as is typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial" instead of "Complete", typically lowering the CVSS Base Score to 7.5 denoting that the compromise does not extend to the underlying Operating System.  Also, as is typical in the Critical Patch Update for Java SE, most of the vulnerabilities affect Java and Java FX client deployments only.  Only 2 of the Java SE vulnerabilities fixed in this Critical Patch Update affect client and server deployments of Java SE, and only one affects server deployments of JSSE.  This reflects the fact that Java running on servers operate in a more secure and controlled environment.  As discussed during a number of sessions at JavaOne, Oracle is considering security enhancements for Java in desktop and browser environments.  Finally, note that the Critical Patch Update for Java SE is cumulative, in other words it includes all previously released security fixes, including the fix provided through Security Alert CVE-2012-4681, which was released on August 30, 2012. For More Information: The October 2012 Critical Patch Update advisory is located at http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html The October 2012 Critical Patch Update for Java SE advisory is located at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html.  An online video about the importance of keeping up with Java releases and the use of the Java auto update is located at http://medianetwork.oracle.com/video/player/1218969104001 More information about Oracle Software Security Assurance is located at http://www.oracle.com/us/support/assurance/index.html  

    Read the article

  • How quickly do I need to complete the installation of Windows updates once they're available?

    - by DragonLord
    I know that Microsoft publishes most updates on the second Tuesday of each month. While I understand that it is important to install security updates as soon as possible, do I place my computer at a significant risk if I wait more than a few hours after the updates are available to install the updates and restart the computer to complete installation? I'm asking because 1) I can't always restart the computer immediately after the system prompts me to do so; and 2) the download process sometimes has to be manually started late in the day when I remember, much later than when they're released at 01:00 PM EST/EDT, because Windows Update only seems to check automatically once per day and does so as soon as I connect to the Internet. Ideally, answers should be detailed and objective, with citations to references as appropriate.

    Read the article

  • Can /etc/hosts.deny/allow be overridden?

    - by Tar
    I have security measures put in place to keep unwanted users out of my server. I've changed the SSH port, disabled root login, have a software firewall to block portscans, and have entries in hosts.deny and hosts.allow. I have various services denied to all but another server of mine should my IP change, and two other administrators + my own IP address. My question is, can hosts.deny/allow configuration be overridden so that they can gain access to my server? Does using chroot jail for running things like an IRC server and Teamspeak server prevent people from gaining access to my server and screwing with it?

    Read the article

  • Is email encryption practical enough?

    - by Dimitri C.
    All emails I have ever sent were sent as plain text. Like postcards, everybody on the way to the addressee could easily read and store them. This worries me. I know privacy is something of the past, but encrypting email is possible, at least in theory. However, I wonder whether it is practical enough. Is there anybody who has experience with email security? Is it easy to set up? And can you still send and receive email from all you friends and acquaintances?

    Read the article

  • XML Schema For MBSA Reports

    - by Steve Hawkins
    I'm in the process of creating a script to run the command line version of Microsoft Baseline Security Analyzer (mbsacli.exe) against all of our servers. Since the MBSA reports are provided as XML documents, I should be able to write a script or small program to parse the XML looking for errors / issues. I'm wondering if anyone knows whether or not the XML schema for the MBSA reports is documented anywhere -- I have goggled this, and cant seem to find any trace of it. I've run across a few articles that address bits and pieces, but nothing that addresses the complete schema. Yes, I could just reverse engineer the XML, but I would like to understand a little more about the meaning of some of the tags. Thanks...

    Read the article

< Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101  | Next Page >