Search Results

Search found 14771 results on 591 pages for 'security policy'.

Page 99/591 | < Previous Page | 95 96 97 98 99 100 101 102 103 104 105 106  | Next Page >

  • Secure WS client with UsernameToken(SOAP security header)

    - by user79163
    Hi, I'm trying to secure my WS client to be able to call the WS. My code looks like this: SendSmsService smsService = new SendSmsService(); SendSms sendSMS = smsService.getSendSms(); BindingProvider stub = (BindingProvider)sendSMS; //Override endpoint with local copy of wsdl. String URL ="";//here is the wsdl url Map<String,Object> requestContext = stub.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL); //Set usernametoken URL fileURL = loader.getResource("client-config.xml"); File file = new File(fileURL.getFile()); FileInputStream clientConfig = null; try { clientConfig = new FileInputStream(file); } catch (FileNotFoundException e) { e.printStackTrace(); } XWSSecurityConfiguration config = null; try { config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig); } catch (Exception e) { e.printStackTrace(); log.warn("Exception: "+e.getMessage()); } requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config); //Invoke the web service String requestId = null; try { requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest); } catch (PolicyException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (ServiceException e) { // TODO Auto-generated catch block e.printStackTrace(); } and the config file looks like this: <xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true"> <xwss:Service> <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> <xwss:UsernameToken name="username" password="password> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> util.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler> </xwss:JAXRPCSecurity> The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler. Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0. But I'm constantly getting "Security header not valid" error. Where am I going wrong, can anyone tell me. I used wsimport(JAX_WS 2.1 to generate classes for my client) Note:Only thing I know about this WS is WSDL URL and user&pass for authentication

    Read the article

  • how to remove security settings from a connection string in vb.net

    - by teju
    hi i am trying to add data to the database that was created by some one but when am trying to insert or delete or update the exception is raising and entire project is not working properly and the error i am facing is "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)" so now what should i do to resolve this error and my connection string is written as Dim CON As New SqlConnection("Integrated Security=SSPI; Persist Security Info=False;Initial Catalog=DIGITALGAMES; Data Source=TEJUS-PC\SQLEXPRESS") is there any problem with my connection string ??

    Read the article

  • Create files on C:\ root gives error 0x80070522

    - by Bryan
    One of our customers has just found a problem when trying to create a file on the root of the C:\ Drive, on a Windows 7 Professional PC. I know they shouln't be keeping files here, but there is a valid reason in this case, so I've relaxed the security on the root of C:\ by giving the group 'users' modify permission. Before I relaxed the security, the user was receiving 'access denied', but now they are receiving the message: An unexpected error is keeping you from creating the file. If you continue to recieve this error, you can use the error code to search for help with this problem. Error 0x80070522: A required priviledge is not held by the client. Googling for this suggests that it is caused by UAC, but how can I get round this when the user doesn't have admin rights on their PC?

    Read the article

  • Fiddler not working in Windows 7 - LAN Settings locked?

    - by Glen Little
    I've been using Fiddler for years, but now, on Windows 7 (64 bit) I cannot get it to monitor traffic from IE 8. With the Firefox add-on, it is able to monitor Firefox traffic with no problem. This is not related to monitoring HTTPS traffic, or traffic to localhost. I've tried running IE and/or Fiddler with "Run as Administrator", but no luck. The best clue to the problem that I have is that in IE8, the "Local Area Network (LAN) Settings" dialog accessed from "LAN Settings" in the Internet Options / Connections tab is all grayed out. I have two Windows 7, 64 bit computers, both on the same LAN. One works fine, the other has these settings grayed out, and a note on the Connections tab: "Some settings are managed by your system administrator". However, the system administrator has NOT set any. Any ideas?

    Read the article

  • How to run Firefox in Protected Mode? (i.e. at low integrity level)

    - by Ian Boyd
    i noticed that Firefox, unlike Chrome and Internet Explorer, doesn't run in the Low Mandatory Level (aka Protected Mode, Low Integrity) Google Chrome: Microsoft Internet Explorer: Mozilla Firefox: Following Microsoft's instructions, i can manually force Firefox into Low Integrity Mode by using: icacls firefox.exe /setintegritylevel Low But Firefox doesn't react well to not running with enough rights: i like the security of knowing that my browser is running with less rights than i have. Is there a way to run Firefox into low rights mode? Is Mozilla planning on adding "protected mode" sometime? Has someone found a workaround to Firefox not handling low rights mode? Update From a July 2007 interview with Mike Schroepfer, VP of Engineering at the Mozilla Foundation: ...we also believe in defense in depth and are investigating protected mode along with many other techniques to improve security for future releases. After a year and a half it doesn't seem like it is a priority.

    Read the article

  • pfSense with two WANs, routing skype traffic over a specific WAN

    - by Eric
    I have a pfSense setup with two WANs (WAN1 and WAN2) and one LAN network. The two WANs are setup for failover. However, QoS has recently been an issue for skype calls in our office place (about 30 people) so we want to dedicate WAN2 for skype traffic (we use skype for all voip calls, etc.) As Skype is notoriously difficult to deal with, does anyone have any suggestions on how I should deal with this? A simple rile based on ports will not work, and using layer7 inspection witha skype porfile on all incoming LAN packets doesn't seem like the way to go eiter. here is a related pfsense forum post: http://forum.pfsense.org/index.php/topic,50406.msg268520.html#msg268520

    Read the article

  • GPO Startup script did not execute on some computers

    - by Aaron Ooi
    The GPO Startup scripts works fine on other machine but not for another half of the machine. gpresult show that GPO was there. I ran RSOP and it show that the Startup script was there but it was never executed. There nothing on application error or anything related to the failed execution in the event viewer. I have set to Allow slow network connection too but it did not help for the startup script to execute. Permission read/execute granted to Domain Computers & Authenticated Users Other GPO settings works except Startup Script did not execute. The scripts works fine as other machine which success without any issue except some machine. I need help to sort this out as it troubles me where another half of the machine did not execute the script at all. It was all WIndows 7.

    Read the article

  • Locking down a box on the web

    - by glowcoder
    I'm a Java developer who is looking to put a game on the web. I'm not much of a web or server guy, though, and frankly I seem a little lost at where I should start with putting something on the web. My application works fine on my machine, and I'm sure I can make it work fine on any box I put it on. But the security of that box is pretty important. If I sign up for a standard hosting package (let's say from GoDaddy or something) can I simply tell them "make port 12345 open for communication" and let them handle the rest of the security details? If I can't, what are the things I'm going to need to know to prevent my game server from getting hacked to shreds? (Links to solid resources fine by me!) Thanks!

    Read the article

  • Recursive reset file permissions on Windows

    - by Peter Horvath
    There is a big, complex directory structure on a relative big NTFS partition. Somebody managed to put very bad security privileges onto it - there are directories with randomly given/denied permissions, etc. I already run into permission bugs multiple times, and I found insecure permission settings multiple times (for example, write permissions for "Everyone", or false owners). I don't have time to check everything by hand (it is big). But luckily, my wishes are very simple. The most common: read/write/execute on anything for me, and maybe read for Everyone. Is it possible to somehow remove all security data from a directory and giving my (simple) wishes to overwrite everything there? On Unix, I used a chown -R ..., chmod -R ... command sequence. What is its equivalent on Windows?

    Read the article

  • Windows 2008 R2 CA and auto-enrollment: how to get rid of >100,000 issued certificates?

    - by HopelessN00b
    The basic problem I'm having is that I have 100,000 useless machine certificates cluttering up my CA, and I'd like to delete them, without deleting all certs, or time jumping the server ahead, and invalidating some of the useful certs on there. This came about as a result of accepting a couple defaults with our Enterprise Root CA (2008 R2) and using a GPO to auto-enroll client machines for certificates to allow 802.1x authentication to our corporate wireless network. Turns out that the default Computer (Machine) Certificate Template will happily allow machines to re-enroll instead of directing them to use the certificate they already have. This is creating a number of problems for the guy (me) who was hoping to use the Certificate Authority as more than a log of every time a workstation's been rebooted. (The scroll bar on the side is lying, if you drag it to the bottom, the screen pauses and loads the next few dozen certs.) Does anyone know how to DELETE 100,000 or so time-valid, existing certificates from a Windows Server 2008R2 CA? When I go to delete a certificate now, now, I get an error that it cannot be delete because it's still valid. So, ideally, some way to temporarily bypass that error, as Mark Henderson's provided a way to delete the certificates with a script once that hurdle is cleared. (Revoking them is not an option, as that just moves them to Revoked Certificates, which we need to be able to view, and they can't be deleted from the revoked "folder" either.) Update: I tried the site @MarkHenderson linked, which is promising, and offers much better certificate manageability, buts still doesn't quite get there. The rub in my case seems to be that the certificates are still "time-valid," (not yet expired) so the CA doesn't want to let them be deleted from existence, and this applies to revoked certs as well, so revoking them all and then deleting them won't work either. I've also found this technet blog with my Google-Fu, but unfortunately, they seemed to only have to delete a very large number of certificate requests, not actual certificates. Finally, for now, time jumping the CA forward so the certificates I want to get rid of expire, and therefore can be deleted with the tools at the site Mark linked is not a great option, as would expire a number of valid certificates we use that have to be manually issued. So it's a better option than rebuilding the CA, but not a great one.

    Read the article

  • Is dual-booting an OS more or less secure than running a virtual machine?

    - by Mark
    I run two operating systems on two separate disk partitions on the same physical machine (a modern MacBook Pro). In order to isolate them from each other, I've taken the following steps: Configured /etc/fstab with ro,noauto (read-only, no auto-mount) Fully encrypted each partition with a separate encryption key (committed to memory) Let's assume that a virus infects my first partition unbeknownst to me. I log out of the first partition (which encrypts the volume), and then turn off the machine to clear the RAM. I then un-encrypt and boot into the second partition. Can I be reasonably confident that the virus has not / cannot infect both partitions, or am I playing with fire here? I realize that MBPs don't ship with a TPM, so a boot-loader infection going unnoticed is still a theoretical possibility. However, this risk seems about equal to the risk of the VMWare/VirtualBox Hypervisor being exploited when running a guest OS, especially since the MBP line uses UEFI instead of BIOS. This leads to my question: is the dual-partitioning approach outlined above more or less secure than using a Virtual Machine for isolation of services? Would that change if my computer had a TPM installed? Background: Note that I am of course taking all the usual additional precautions, such as checking for OS software updates daily, not logging in as an Admin user unless absolutely necessary, running real-time antivirus programs on both partitions, running a host-based firewall, monitoring outgoing network connections, etc. My question is really a public check to see if I'm overlooking anything here and try to figure out if my dual-boot scheme actually is more secure than the Virtual Machine route. Most importantly, I'm just looking to learn more about security issues. EDIT #1: As pointed out in the comments, the scenario is a bit on the paranoid side for my particular use-case. But think about people who may be in corporate or government settings and are considering using a Virtual Machine to run services or applications that are considered "high risk". Are they better off using a VM or a dual-boot scenario as I outlined? An answer that effectively weighs any pros/cons to that trade-off is what I'm really looking for in an answer to this post. EDIT #2: This question was partially fueled by debate about whether a Virtual Machine actually protects a host OS at all. Personally, I think it does, but consider this quote from Theo de Raadt on the OpenBSD mailing list: x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes. -http://kerneltrap.org/OpenBSD/Virtualization_Security By quoting Theo's argument, I'm not endorsing it. I'm simply pointing out that there are multiple perspectives here, so I'm trying to find out more about the issue.

    Read the article

  • Where default settings are stored after applying GPO?

    - by tester5566
    When I apply a GPO that changes Service startup settings, where the default service startup settings are kept? And how can I read and modify them? The reason of the question is that I have a hundred of servers where most of services are disabled by a baseline GPO for hardening purposes. I want to relax this GPO by removing some services but I do not want that the service startup settings becomes default ones after the GPO is relaxed. So I want to keep the actual hardened state as a default state but allow local admins to change it if necessary. Thank you

    Read the article

  • Unable to copy files previously extracted from archives created on a Mac, even after claiming ownership

    - by Maxim Zaslavsky
    I reinstalled Windows on my computer today, and backed up my music to a USB drive. Now, I'm trying to copy the files onto my fresh Windows partition, but I'm unable to copy files that I obtained within my previous Windows installation from zip archives created on Macs. When I try to copy those previously-extracted files, I get an error saying that I need permission from S-1-5-21-...-1000 (a bizarre long ID). The first thing I tried was to take ownership of the files by setting my new user account as the owner, but that resulted in errors saying that I need permission from myself! Some Googling suggested adding antivirus suggestions, so I excluded the relevant folders from Microsoft Security Essentials, but the issue persists. For what it's worth, it seems that some program (so far I've only installed Chrome, Microsoft Security Essentials, and the latest Windows updates) created an empty folder named 601c8c7f0e0c03f725 at the root of my external USB hard drive. What gives?

    Read the article

  • VPN authentication and MAC addresses

    - by zakk
    I have to set up a VPN (various clients connecting to a web service on a server, which is also the VPN server) and I want to make sure that no user will share his/her credentials with third parties. I know that this problem is not solvable completely, but I'd want to set up some additional security checks... Some idea I have: 1) An additional check on MAC address, but... are MAC addresses preserved thru VPN? 2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized). 3) I would like to avoid commercial solutions like a security token... I realize it would be the perfect solution, but it will be to expensive, I suppose... Do you feel that these options are viable? Do you have any other ideas? Thanks in advance for your replies!

    Read the article

  • Recommended apps for securing/protecting a new desktop machine install?

    - by Eddie Parker
    I'm hoping to harness the collective tips of superuser to gather recommended apps/configurations to keep a new desktop clean, virus free, and hopefully lower software rot. I ask because I've recently come across tools like dropbox, deepfreeze, returnil, etc, and I'm curious what other ones are out there to protect a new box. I personally am interested in Windows, but feel free to comment on whatever OS you'd like, freeware or otherwise. Ideally specify the OS in your answer(s). One answer per program please. Then, rather than duplicate posts, vote for the program if it is already listed. UPDATE: It's been noted that there are other questions similar to this one [1], so I'd ask that these answers focus on security and protection. [1] Related questions: http://superuser.com/questions/1241/what-are-some-must-have-windows-programs http://superuser.com/questions/1191/what-are-some-must-have-mac-os-x-programs http://superuser.com/questions/1430/must-have-linux-software http://superuser.com/questions/3855/must-have-networking-security-tools

    Read the article

  • routing based on source IP

    - by user1977050
    I am trying to do source-based routing, following the question http://unix.stackexchange.com/questions/131527/routing-based-on-source-ip. The source IP floating one and assigned to a cluster (consists from 2 servers). Let's say that the physical IP on server1 is 192.0.2.1, on server2 192.0.2.2, and the virtual IP is 192.0.2.3 (and this should be the source IP for outgoing traffic). How can I configure static source IP routing for this in RHEL?

    Read the article

  • Why does Django's dev server use port 8000 by default?

    - by kojiro
    (My question isn't really about Django. It's about alternative http ports. I just happen to know Django is a relatively famous application that uses 8000 by default, so it's illustrative.) I have a dev server in the wild that we occasionally need to run multiple httpd services on on different ports. When I needed to stand a third service up and we were already using ports 80 and 8080, I discovered our security team has locked port 8000 access from the Internet. I recognize that port 80 is the standard http port, and 8080 is commonly http_alt, but I'd like to make the case to our security team to open 8000 as well. In order to make that case, I hope the answer to this question can provide me with a reasonable argument for using port 8000 over 8080 in some case. Or was it just a random choice with no meaning?

    Read the article

  • Grant a user access to directories shared by root (mod: 770)

    - by Paul Dinham
    I want to grant a user (username: paul) access to all directories shared by root with mod 770. I do it this way: groups root (here comes a list of groups in which root user is) usermod -a -G group1 paul usermod -a -G group2 paul usermod -a -G group3 paul ... All the 'group1', 'group2', 'group3' are seen in the group list of root user. However, after adding 'paul' to all groups above, he still can not write to directories shared by root user with mod 770. Did I do it wrongly?

    Read the article

  • cannot add a user to sysadmin role in SQL Server

    - by George2
    I am using SQL Server 2008 Management Studio. The current logon account belongs to machine local administrator group. I am using Windows Integrated Security mode in SQL Server 2008. My issue is, after log into SQL Server Management Studio, I select my login name under Security/Logins, then select Server Roles Tab, then select the last item -- sysadmin to make myself belong to this group/role, but it says I do not have enough permission. Any ideas what is wrong? I think local administrator should be able to do anything. :-)

    Read the article

  • SQLServer 2008 Fails to start under NT AUTHORITY/NETWORK SERVICE account

    - by braincells2pixels
    Not sure what changed but looks like my security credentials have been monkeyed with. Since yesterday evening after I disconnected from our corporate network and rebooted my laptop at home, I am unable to start the instance of SQL2K8. The service is set to run under NT AUTHORITY\NETWORK SERVICE account. The event log records an Access Denied error on the Master.mdf. Switching the account to Local System starts the service but our application runs into security errors. Any clues? TIA

    Read the article

  • Deploy binary hex registry via GPO or PowerShell

    - by Prashanth Sundaram
    I am trying to deploy a custom registry entry which I exported from a test machine. It looks like below. I came across THIS similar request on another site, but I couldn't make it to work. "TextFontSimple"=hex:3c,00,00,00,1f,00,00,f8,00,00,00,40,dc,00,00,00,00,00,00,\ 00,00,00,00,ff,00,31,43,6f,75,72,69,65,72,20,4e,65,77,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 As per the other solution, my PS command below, throws error."A parameter cannot be found that matches parameter name" Set-ItemProperty -Path "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings" -Name "TextFontSimple" -PropertyType Binary -Value ([byte[]] (0x3c,0x00,0x00,0x00,0x1f....0x00)) Any ideas? ====EDIT===== The key & value already exists. When I use Get-ItemProperty PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common PSChildName : MailSettings PSProvider : Microsoft.PowerShell.Core\Registry TextFontSimple : {60, 0, 0, 0...}

    Read the article

  • Event ID for modified GPOs

    - by Hinek
    I have to know, who (usersid or loginname) changed a specified GPO for a specified OU in the Active Directory. Given our audit settings include this, what would be the right Event ID to look for?

    Read the article

< Previous Page | 95 96 97 98 99 100 101 102 103 104 105 106  | Next Page >