Here is a quick way of creating your own CA and issue server and client certificates via OpenSSL.
I will test the certificates via the Apache HTTP Server by configuring one and two-way SSL.
I use Oracle Linux 5.
You should of cause only use this for test scenarios.
Often you do not want servers in your internal network segments to be able to access the Internet directly.
One way to get controlled access to the Internet is to place an Apache HTTP Server in a DMZ network segment. Internal servers can then use the Apache server as a (more...)
Megar (“megaargh!” in pirate-speak) is a Ruby wrapper and command-line client for the Mega API.
In the current release (gem version 0.0.3), it has coverage of the basic file/folder operations: connect, get file/folder listings and details, upload and download files. You can use it directly in Ruby with what I hope you'll find is a very sane API, but it also sports a basic command-line mode for simple listing, upload and download tasks.
If you are interested in hacking around with Mega, and prefer to do it (more...)
It is not difficult to create an SSL/TLS certificate and configure an Apache HTTP Server to use it. But I found that there are some things you need to know that does not necessarily make much sense. Here are some lessons learned and a couple of tips.
Intermediate and Root (more...)
I bet if any of you have an exposed server to an internet connection, without properly firewall protection, that your server is under heavy fire from hackers around the “world”… By the world I mean mostly China and Russia ssh attacks. If you’re curious, on Linux you can check the (more...)
ORA-00942: table or view does not exist.
More precisely it should give a text like
table or view does not exist or you are not allowed to access it.
For an ordinary user/schema separation there might be no big difference: If user A can not read table B.TAB it's of no value for user A whether the object does not exist or is just not (more...)
Introduction: Kerberos authentication allows to connect to Oracle without specifying the username/password credentials. The authentication is done externally. Kerberos has a widespread usais in use already in large environments so is a good candidate (for example for windows domain accounts or for an afs file system in Linux).
Proxy authentication allows connect to the DB to a target user via another DB user (the proxy user). For example we can authorize a user with a development account to connect (more...)
This is a summary only. Please, visit the blog for full content (more...)
As I investigated the problem how to secure a connection manager I was hinted at Note:1455068.1.
The solution is somewhat easy: Only allow incoming connections to your systems. e.g.
In a well designed environment where you can separate your DB Servers from others at low network layers, a set of CMAN (more...)
Gone are the day when cleartext passwords had to be stored in scripts for Oracle database access. The solution to this requirement is “Oracle Secure External Password Store (SEPS)”. This article will give a short introduction and a practical example of the solution.
no Advanced Security Option (License) necessary
every unix-account, who has access to the wallet can use it to log on to the contained databases without a password! Therefore prevent other unix-accounts from accessing your wallet! (chmod, chown)
Oracle Client: Unix-Account, who wishes to connect to the database without providing a password needs to (more...)
If you want to use Oracle file watcher, you need to Create a Credential. As there a password needs to be stored in the database, Oracle tries to save it in a secure way. But as the password must be decrypted for the purpose to login on the file watchers agent side, it is not safe at all:
The credentials are stored with
DBMS_SCHEDULER.CREATE_CREDENTIAL. Here an example:
credential_name => 'local_credential',
username => 'oracle', password => 'welcome1');
credential_name => 'local_credential2',
username => 'oracle2', password => 'welcome1');
It's quite easy to see the values (more...)
In part 1 of this post, I covered the JSON-P "standard" for mashups. Not so much a standard per se, but a sneaky way to share JSON code between servers by wrapping them in a 'callback' function... For example, if we have our raw JSON data at this URL:
A direct access would return the raw data dump in JSON format: