Cluster logins and security

Similar Messages

• What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

  What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?
  Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affect.

  security authentication failure rate number_of_failed_attempts : A global configuration mode command used to specify the maximum number of failed attempts (in the range of 2 to 1024) before introducing a 15-second delay
  login block-for 100 attempts 15 within 100 : Block all access after 15 failed login attempts within 100 Secs for the period of 100Secounds (1.40 Minutes).
  The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible denial-of-service (DoS) attack is detected.
  The login block and login delay options introduced by this feature can be configured for Telnet or SSH virtual connections. By enabling this feature, you can slow down "dictionary attacks" by enforcing a "quiet period" if multiple failed connection attempts are detected, thereby protecting the routing device from a type of denial-of-service attack.

• Ajax Login both secure and non secure url

  Does anyone know if there is a way to use ajax to log a user in for both the non secure and secure url. Normally if you're submitting a log in form over the secure url with the non secure url in the referrer parameter it will log you in on both domains but not via ajax. Anyone have a good work around?

  Here’s the code I’ve used…
  {% if Settings.Site_Live -%}
  {% assign redirectHTTP = "" -%}
  {% assign redirectDOMAIN = Settings.Site_URL -%}
  {% assign redirectEXTEND = "" -%}
  {% else -%}
  {% assign redirectHTTP = "http%3a%2f%2f" -%}
  {% assign redirectDOMAIN = Settings.System_Name -%}
  {% assign redirectEXTEND = ".fueldesign.co.nz" -%}
  {% endif -%}
  {% capture redirectURL -%}{{redirectHTTP}}{{redirectDOMAIN}}{{redirectEXTEND}}{% endcapture -%}
  <form class="form--box escapeWorldSecureSystems" method="post" action="https://{{Settings.System_Name}}.worldsecuresystems.com/ZoneProcess.aspx?ZoneID=51&amp;Referrer={{ redirectURL}}&amp;OID=&amp;OTYPE=" data-parsley-validate>
  Note: I have a Settings collection that has a lot of data from a Settings web app that controls a lot of settings for the website, such as “Site_Live” checkbox etc. this allows my sign-ins to be generic and editable site to site.
  And here’s the development URL where I’m working on this. (don’t just my site during development stage lol)
  http://astrolift.fueldesign.co.nz/ <http://astrolift.fueldesign.co.nz/>
  username: dev
  password: dev123
  Hopt this gives you some inspiration.
  Let us know if you get the ajax working.
  Cheers guys

• Menu tabs disappear completely after login and appears if only i press on item node at hire level

  I'm using a Menu Model to Create a Page Hierarchy in my adf application on Jdeveloper 11.1.2.3.0
  it is in three levels level 1 have 2 item nods (home - Help) displayed as buttons
                              level 2   contains 5 item nods about the managements displayed as tabs
                              level 3   is about reports displayed as list
  the point I have apply security in the application using Adf security wizard and i assign roles and users and grants
  all works fine but level 2 tabs disappear completely after login and appears if only i press on Home item node at run time
  I create 2 users (admin) has all roles  and can view all  tabs in level 2 of my navigation and another user (emp)  which can view one Tab page in level 2
  Point 1 --the item nod are rendered according the #{securityContext.regionViewable['oracle.view.pageDefs.RentManagPageDef']}     (EL ) expression language 
  and other item nod render property are set as the same but in the page name definition
  it works fine
  _ Point 2 in my page template I set #{menuInfo.rendered} for renderd property of the command navigation item
  it works fine
  - point 3 I add a  go link in my template to explicit perform log in log out from the app  and redirect the user to the required page
  Destination is
  #{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/wearhouse.jsf"  : "/adfAuthentication?success_url=/faces/company.jsf"}
  and its also works fine
  the problem is in the level 2 navigation tabs which is diaper after explicit log in the app directs the user to the correct page successfully
  But the tabs are not rendered till I press on home button on Level 1 navigation it appears and it appears  correctly cording the logged in user validation
  in another words i log in as user (admin) i get directed to the successful log in page  in the link go but  level 2 tabs are invisible or not rendered at all    I click on Home button in level1 navigation the tabs
  become rendered or viewable and i navigate normally
  I log out as admin the level 2 tabs becomes invisible again
  then I log in as (emp)  i get directed to the successful log in page and  level 2 tabs are still  invisible or not rendered
  I click on Home button in level1 navigation the only one tab the user emp authorized to it  gets rendered (appears)
  and its semi correct behavior because this is what I want him to see only
  my tries to find solution
  I tride to use
  #{securityContext.userInRole['division']}
  on the menu node item   I found same behavior level 2 tabs gets hidden till i click on home link at run time
  I tride to use #{securityContext.authenticated} to control item nods rending
  all tabs remains visible and i dont want that ain adition if user clicks on a tab of page he has no authority on it i recive server error
  I read 30.7 Creating a Login Page in the  Fusion Developer's Guide for Oracle Application Development Framework to finde about redirecting user
  and it is using the same as i did from adf tutorials
  I tried to make new navigation app on fast
  maybe i made incorrect change in any stage of my original app
  but I found same behavior
  I tried to set disabled property instead of rendered property the tabs are always rendered   but I got server error when I click on a tab which a user does not authorized
  So I doubt maybe problem in the El or the way I use to control rendering item node
  or there additional step to stop all  the tabs disappear after login
  I hope please some one Help or tell me what i have to read about in the developer guide  or interface developer guide or article on the web
  I'll be gratfule
  I know maybe it is small issue but help me please

  Hi,
  have a look at the sample that comes with this article: Oracle ADF: Security for Everyone It uses resource remissions to authorize panel tabs.
  One test to run is to print the outcome of the security evaluation (e.g. output text) to see what it returns.
  Frank

• "logon time" between USR41 and security audit log

  Dear colleagues,
  I got a following question from customer for security audit reason.
  > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
  > logon history of Security Audit Log(Tr-cd:SM20)?
  Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
  And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
  at the time when user logged on, the security audit log is recorded .
  I tried to check SAP GUI logon program:SAPMSYST several ways, however,
  I could not check it because the program is protected even for read access.
  I want to know about specification of "logon time" between USR41 and security audit log,
  or about how to look into the program:SAPMSYST and debug it.
  Thank you.
  Best Regards.

  Hi,
  If you configure Security Audit you can achieve your goals...
  1-Audit the employees how access the screens, tables, data...etc
  Answer : Option 1 & 3
  2-Audit all changes by all users to the data
  Answer : Option 1 & 3
  3-Keep the data up to one month
  Answer: No such settings, but you can define maximum log size.
  4-Log retention period can be defined.
  Answer: No !.. but you can define maximum log size.
  SM19/SM20 Options:
  1-Dialog logon
  You can check how many users logged in and at what time
  2-RFC login/call
  Same as above you can check RFC logins
  3-Transaction/report start
  You can see which report or transaction are executed and at what time
  (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
  4-User master change
  (You can see user master changes log with this option)
  5-System/Other events
  (System error can be logged using this option)
  Hope, it clear the things...
  Regards.
  Rajesh Narkhede

• Printer is asking for an user acces code instead of windows login and password?

  I have been seeing the HP printers asking(LaserJet M4555 MFP, LaserJet 500 color MFP M575 etc) for user access code instead of windows login and password.
  One thing i have noticed  is that when this happens there is a slight change in the EWS page configuration at security -> access control.The device administrator tabe is unchecked as you can see below ehen this happens
  Have tried cold resetting the printer and restore facory settings but this does not works and some thimes it does works for a while but the issue is returing back.
  We do not need this access code promt instead we need the usual windows login and password that used be there originally.
  alsothis is how the settings look like after a cold reset somtimes when it does not  asks for user access code , the problem is cold rese does lways works and it reverts back ois original settings

  @munish259272 
  ‎Thank you for using HP Support Forum. I have brought your issue to the appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post ( serial numbers and case details).
  If you are unfamiliar with the Forum's private messaging please click here to learn more.
  Thank you,
  Omar
  I Work for HP

• Coldfusion back-end, AngularJS front-end, and Security

  The company I work for is building an application in which security is of the utmost importance.  We're really hoping to use Angular as the client-side application, and we're exploring how best to create our back-end in ColdFusion (which we've used for a few years now).
  I understand that only so much security can exist in the front-end of the app, and that the bulk of the work needs to happen on the server.  But I'm really unsure about how to move forward in that regard.  From what I've read, it sounds like we'll need some kind of Authentication Token to be created on login and stored on the backend.  This token should come along with every http request, and the server can then decide on the validity of the request.
  Does this sound about right?  And if so, are there best practices for implementing it?
  Any resources that might shed more light on the topic would be HUGELY appreciated.
  Thanks,
  Jonathan

  maheshguruswamy wrote:
  mycoffee wrote:
  maheshguruswamy wrote:
  847102 wrote:
  More and more teams in my company are now mixing technologies. For example they use java for the back end and C# for all the client side code i.e GUI.
  How can you mix these technologies. Ie how can c# code "talk" to java code?
  Not sure if this is the best place to ask, as its a java forum but I though I would give it a try!
  ThanksSimplest way would be to use web services.It is new thing for me to learn...
  How efficient to do it compared to all in one either C# or java? I guess it would be slower.
  Either C# or java can handle the job. Why both? I don't get it.It all depends on how big the teams are and how much "separation of concerns" you are looking for. In enterprise architecture what i aim to do is try to give the development groups freedom to use whatever technology they feel best suits their need...BUT...if they want to talk to other systems and vice versa, they have to follow certain standards (SOAP, REST etc). Architect the lines, not the boxes. If you are not looking for separation of concerns, sure build out everything in one technology..but keep it mind future changes.Thank,
  It is good thing to learn. I used to work with java front end calling Cobol back end (using transactions)
  I know C# and java can talk by SOAP or web services but only wondered about the reason.
  If I am going to design everything new, one technology is the answer.

• Non US characters in login and email generation

  I have a design problem that I would like to check if anyone else has found a good solution to.
  Once you leave the safe shores of the United States your users start having names that includes all kinds of funny characters. In the good old days this problem was resolved by the fact that the HR system only handled 7 bit US ascii characters but today you are likely to have to face an HR system that supports unicode or at least some kind of character set that includes lots of non US ascii characters. I just ran some stats on my current enterprise population and it seems like about 5% of the users have names containing "strangeness".
  These strange characters causes big problems if you aren't allowed to include non US ascii characters in logins, email addresses and other generated fields. Exactly what a "strange character" is varies. RFC 5322 takes a quite liberal view towards special characters but explicitly disallows non US letters.
  The simplistic solution is to drop any character that isn't a US ascii letter. This works if the problem is names like "O'Malley" as the "'" really shouldn't be part of the user login and probably not part of an email address either(can be debated). This solution breaks down when you get to Germany or Scandinavia where your users that are called "Örjan Åhs" may not appreciate an email address of rjan.hs@your_company.com.
  What you would like to do is to convert "Örjan Åhs" to either "Orjan Ahs" or (possible) "Oerjan Aohs" but I haven't been able to find any java lab that does that conversion for you.
  Anyone that has run into this problem before and solved it?
  I wonder how certain characters in this post will be rendered on computers in different parts of the world :)
  /Martin, who long ago converted his last name (Swedish) to be 7 bit ascii compliant

  Thanks Daniel
  The code above drops any non US ascii characters which is fine in some situations but doesn't work for me as that would result in (amongst other issues) unacceptable email addresses.
  Example: The user "Jörgen Åhs" gets the email [email protected] (using drop strategy), what is needed is [email protected]
  The solution to this problem is to write a transform function and as we have about 80 non US ascii characters in character set we are using this mapping can quite easily be externalized to a configuration file.
  Good point about the preferred name. I have not seen this specific problem in my current system but it is very common in certain parts of the world i.e. people with Chinese heritage in south east Asia often have a Chinese legal name and a western name that they actually use in day to day interactions. If you base the email address of their name in HR much screaming ensures. The same thing should actually happen in the US as you are supposed to enter the name on your social security card into the HR system but that seems largely to be ignored.

• Unable to Reboot After Latest Apple Updates (SA-2011-06-23-1 and Security Update 2011-004)

  Hi All,
  After applying today's updates (06/23/2011) in APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004, my MacBook will no longer boot. Prior to updating, the MacBook workked perfectly (except for the occasional error entry in the system and kernel log). The MackBook model number is A1278, with a RAM upgrade (4 GB).
  When booting in NORMAL mode, the grey screen with Apple logo (and spinning wheel) is shown for about 50 seconds. The device never shows the blue background or login window. It simply shuts down like the power was pulled.
  When booting in SAFE mode, the grey screen with Apple logo (and spinning wheel) is shown for about 1 minute 30 seconds. The blue background is shown and quickly transitions to the login windows. About 45 seconds after the login window is shown, the machine shuts down like the power was pulled.
  On the few occassions I logged in to take advantage of the 45 second safe mode window (before shutdown), I was *not* able to copy off my log files (in /log/var) to a thumb drive because the computer would not mount the USB device.
  When I peeked at the system's log file, I caught the tail end of "signature validation failed" for a bunch of hardware - from video to audio. I can only peek because the computer will shutdown before I have an opportunity to study anything in detail. The failed verifications may or may not be related to the shutdown - signature verfication might be disabled in safe mode; I simply don't know.
  It seems the world's most advanced operating system [tm] is performing the world's most epic failure. Any ideas to get this brick working again would be greatly appreciated.
  Jeffrey Walton
  Baltimore, MD, US

  Here's what I've found:
  (1) I cannot run Disk Utility because I don't have my install disk handy
  (2) I cannot run Repair Permissions because Apple does not make a separate ISO available to fix their mistakes
  (3) There does not appear to be a wat to back out updates (ie, no Add/Remove Programs)
  I was able to boot into safe mode and perform:
      > sudo bash
      $ chmod -R root /
  Amazingly, the command ran to completion. Unfortunately, it did not fix the problem. As soon as some spare cycles were available (interesting indeed!), the machine shutdown.
  +1 to Apple engineers for creating a broken patch
  +1 to Apple quality assurance for letting the junk out the door
  +1 to Apple, for not offering an ISO to fix a broken installation
  +1 to Steve, who has managed to keep his anti-trust lock on the hardware and broken software
  Great job, Apple

• Trying to Understand Login and State Management

  Hi,
  I'm relatively new to Flex 3.  I'm using the builder.
  Here's my core problem.  I'm coming from a ColdFusion background, where users run to the server for any type of authentication and sessions rule until they're timed out.
  My goal is to understand how ColdFusion (with a SQL Server backend) and Flex work together to help a user login and helps that same user maintain it's state.
  I understand so far that Flex can use a RemoteObject to go back and use ColdFusion services to authenticate a user.  I'd like to go this route.
  My problem is understanding how does Flex maintains information about the particular logged in user.  Am I correct in thinking that once I return information from ColdFusion about the user, I create a global object in Flex that keeps the user's information that I can refer to as I transition between the View States (states) in my Flex application?  And I can just refer to that local user object if I need to make sure I'm still dealing with the same user? 
  Is it really that simple?  Also, I've had been trying to review COUNTLESS articles on the Login/Authentication process.  One that I came across suggested placing a UUID on the server for a particular logged in user, and then I just return that back to Flex.  Does anyone recommend that?  I know that when I used sessions in ColdFusion, the server did this, so I'm not sure which routes to take. 
  By the way, I'm designing an Intranet that's only accessible from our internal network, but I want my colleagues to be able to login securely.  And like I said before, I'm using  ColdFusion (and CF services), SQL Server, and Flex 3. 
  I'm teaching myself Flex through the Video Training - Flex 3, but haven't seen much on this yet.  If someone could provide a good outline of the Best Practices to Login, Authenticate, and Maintain Session State throughout a Flex Application (using a ColdFusion and SQL Server backend), I'd be highly appreciative. 
  Thanks!
  mfho

  Hi,
  Thanks for responding.
  Here's one solution I found located on http://www.blogna.org/blog/adobe-flash/flex-and-flash-rias-authentication-sessions-scalabi lity/#comment-843
  A user submits their username and password inside a Flex form.
  ColdFusion Server receives the username and password and verifies them against the users in a database.
  If the user is valid, A KEY IS CREATED, stored in the database with a time stamp, then sent back to the user.
  The key is stored in a local variable inside the Flex application.
  Now, any time the application needs to retrieve data from a service that requires the user to be logged in, it will pass the key with the request. So, instead of a method like getUserInfo(), now it will look like getUserInfo(key).
  The service will use the key to determine if the user is authenticated, and if they are, it will send back the appropriate data.
  Here are my questions:
  1.  Do I have to have a key sent back to Flex?  Can't I just pull all of the data for that particular user at the time and send it back to Flex?
  I guess I'm not understanding first why I need a key or session id from ColdFusion, but if I do, I guess I could create it using the CreateUUID() in ColdFusion, send it back to Flex, store it in a local var and then reference that each time I needed to do something that's user sensitive.
  Would that work?
  I guess I'd prefer not to use a session ID if I don't have to.
  Thanks!
  mfho1

• Saving login and password of the server in MD5-Challenge

  I want to authenticate the server automatically using MD5-Challenge with Cisco Secure ACS4.1.
  When I unplugged and plugged the network cable, it always prompt for login and password.
  How can I avoid this process?
  What can I do if I want to have authentication automatically at the start-up of my server.
  Note: All the fonctionnality of the ACS server is OK

  This is a function of the server. How this will work, if at all, depends on which type of server you have.
  Which server, which network device and what scenario are you using with MD5?

• Oracle form is slow when first login and normal after that

  My Query is that one screen when queried is very slow on first login and normal with same query afterwards.What can be the cause.Forms 10g on Linux,Database 10g

  I had raised this issue to Oracle. It is now considered as bug:
  BUG 13005659 - PSR:PERF:BIP:POOR PERF ACCESSING CATALOG FOLDER IN BIP 11G WITH SECURITY ENABLED
  The notes:
  1373204.1: BI Publisher: Navigation in catalog folders is slow after enabling catalog file system security
  And the fix is now included in one-off patch for October 2011:
  Patch 13042018

• Basic Questions about JSF, Login and Session

  Hi,
  I try to implement a login/logout function on my jsf-website. I create one <form> with Login and Pass to enter. My AuthenticBean(sessionbean) checks login and pass. If Login is "ok" the login and pass will set in the authenticBean (min. value of login and pass = 2).
  Now I check protected .jsf files (files who need a login) if in the AuthenticBean the login.equals("") or pass.equals(""). If so, the user is not logged in.
  Is this a safe method or should I choose a better way to have secure login/logout functions. Perhaps its better to create a userSessionBean after a succeful login and check it with HttpServletRequest rq.getSession().getAttribute(userSessionBean)?
  I am confused a little bit and I hope you'll help me:)
  Thnx Alex

  Implement a javax.servlet.Filter and indeed use the attributes of the HttpSession.

• Shared logins and performance

  I am upgrading MS Access applications to SQL Server 2012 back ends. We're currently approaching SS access with a single login shared by multiple users, but less than 24, for the same application. I'm having trouble finding documentation regarding
  what performance effects (if any) we will have from SQL Server using this single ID approach. Does anyone have some information regarding this?

  Hi SteveChicago,
  Based on my understanding, you want to know if it can cause a performance issue when sharing a single login with multiple users.
  As Sean mentioned, share a single login with multiple users could cause a security issue rather than a performance issue.
  A login is a security principal, or an entity that can be authenticated by a secure system. Users need a login to connect to SQL Server. As a security principal, permissions can be granted to logins. The scope of a login is the whole Database Engine. So
  I recommend you to create different logins for multiple users, and grant them property permission to access different database. To make sure every has his own login with different permission, it’s better for us to manage databases. About how to create a login
  and map the login to a database user, please refer to this article:
  http://msdn.microsoft.com/en-us/library/aa337562.aspx.
  Best regards,
  Qiuyun Yu

• No mapping between account IDs and security was done

  I upgraded to Windows 8.1, it blew up my SQL Server Developer installation. So I traveled 400 miles to get my DVD and reinstall SQl Server. I saw on th eforum that several people had similar problems and they said selecting the repair option of the installation
  would fix it. So I tried but I can't get past the "No mapping between account names and security IDs was done" error.
  I suspected the login to be the issue from the beginning because the *&$%^$ Windows 8.1 update forced me to enter a new password as it didn't find my old one acceptable. Problem is, it didn't update it everywhere and I can't find where to change it for
  SQL Server in this worthless version of an operating system.
  I can't find the login for SQL Server in the the computer services anymore, it's gone from there. I used to be able to go in and manually start the service and change the password. But that great 8.1 update wiped all of that out and left me sitting high
  and dry.
  Does anyone know of a solution? I need to finish this project and my hands are tied at this point.

  Unless you used your own Windows user as the service account for SQL Server, the password change should not matter.
  You talk about "Computer services". The place where to make changes to the SQL Server services is the SQL Server Configuration Manager.
  You say that the SQL Server installation blew up. Is SQL Server not running (you can check this in the Configuration Manager) at all, or is the problem that you cannot log in?
  I was considering to update a small netbook that has Windows 8 to 8.1 the other day, but to get the "free" update, I was told to go the Microsoft Store. I did that the other day from my Surface RT and that was highly unpleasant as it hi-jacked
  by user id and replaced with a Microsoft account. So I am not making that mistake again. I looked at getting Windows 8.1 from MSDN, but then decided it's not worth it for a machine I only use for vacation trips. (All machines that I use for serious work
  do of course run Windows 7.)
  Erland Sommarskog, SQL Server MVP, [email protected]