ASE Security Related QuestionHi All,
Security type question:
This is our environment:
- Delphi application connecting to an ASE 11.5 on NT 4.0 (using the BDE)
- MS-Access connecting to the same ASE 11.5 server using ODBC (Intersolv
3.0)
The problem:
The users do their updates to the db through the Delphi app. The MS-Access
app. is supposed to be used for querying only. We want to restrict update
access to the db to have to go through the Delphi app. Currently have a
couple of distinct Sybase groups set up - 1 for inquiry which has select
access, 1 for update which has all privileges. Problem is some...
Need suggestion.Security related general question
Hi,
I have project that is using email to bring users back to the login page. The system auto generates email with a LINK to bring user to login page. Now my question is, how to make it secure.
What are your suggestions about making link secure so no one can guess. Suggestions will be helpful.
May be I need to use username in the link or etc. I was thinking Guid with username attached in email?
Application is in ASP.NET 2.0 with SQL Server 2000
Thanks
Hi,
Not sure what you mean. You have an Email going out to users. That Email has a link t...
Issue related with secure AuthenticationType i.e. AuthenticationTypes.Secure
So when i use
DirectoryEntry MyDirectoryObject = new DirectoryEntry(LDAPServerString, UserName,Password, AuthenticationTypes.Serverbind);
I can work with LDAP no problem, create new users etc..
But when I use
DirectoryEntry MyDirectoryObject = new DirectoryEntry(LDAPServerString, UserName,Password,AuthenticationTypes.Secure);
I get 2 types of errors
1] Unknown error
2] Invalid dn syntax has been specified.
The user details are correct and they are the user details of the directory manager.
What is going wrong here ?...
ASE and ASECould it be possible to take scripts from ASA and load them in an ASE
Any information is welcome
jean-fran�ois
ASA supports a fairly large sub-set of Transact-SQL, so if you write your
stored procedures and triggers in ASA using T-SQL, you should be able to
create scripts that will run against both ASE and ASA. If you're planning
to do this though, I would suggest developing your database schema against
ASA, since everything you write in T-SQL in ASA will be supported on ASE,
but the reverse is not true.
Check out the section in the ASA documentation entitled "Tra...
How secure is secure?Thanks to this group and all the high tech individuals who frequent it I
have learned how to protect my PC from the inside out. But what about
security risks to my info 'before' it gets to my computer? Like my mail
box on the server. Could someone hack into that and thumb through my
mail?
If so, how would I ever know?
(The short story)
We have a rogue employee at my work who one day decided to run the web
site, she got in tight with the ISP, got tools to set and delete
passwords on a protected directory on the server. Who knows if she has
telnet access to other things, li...
ASE to ASEHi,
Is anyone out there doing ASE to ASE replication using SQL remote? If
you are have created your own version of the SSEXTRACT utility to set up
a replicant database in ASE rather than ASA? Or does anyone know if
SYBASE has created a version SSEXTRACT for use with ASE to ASE
replication?
Thanks in advance
Doug Trainer
Hi Douglas,
I thought the SQL Remote Replication support in ASE11.5 was meant for a
consolidate-database only (by design)! At least that was what Sybase
said when they announced support for SQL Remote technology support in
ASE11.5.
I will be happy to...
when is secure, secure?Lo everyone,
I wrote a custom authentication handler for PureFTPD, using a combination of
authentication methods, for about 4 different types of users.
So far, from testing it, it does look to work properly, and does it's job
pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and
use warnings, and the code returns no errors or warnings when run.
I am right to presume that this basically only really tells me the my syntax
and structure of the application is right? What's a good way to see whether
it is actually SECURE... There is a couple of lines of...
What generals generally doReading a McChrystal thread elsewhere, I came across someone quoting a
US general
http://en.wikipedia.org/wiki/Smedley_Butler
> I spent 33 years and four months in active military service and
> during that period I spent most of my time as a high class thug for
> Big Business, for Wall Street and the bankers. In short, I was a
> racketeer, a gangster for capitalism. I helped make Mexico and
> especially Tampico safe for American oil interests in 1914. I helped
> make Haiti and Cuba a decent place for the National City Bank boys to
> collect revenues in. I ...
security too secureName: joe
Product: Firefox
Summary: security too secure
Comments:
The security thing won't let me in this sight no matter how I accept,
confirm, get certificate, etc.
https://www.vtext.com/customer_site/jsp/messaging_lo.jsp
Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4
From URL: http://hendrix.mozilla.org/
Note to readers: Hendrix gives no expectation of a response to this feedback
but if you wish to provide one you must BCC (not CC) the sender for them to
see it.
...
ASE securityHas anyone successfully granted admin(sa,sso) roles to users? I have
gotten the following:
1> grant role sa_role to bob
2> go
Msg 156, Level 15, State 1:
Line 1:
Incorrect syntax near the keyword 'role'.
this is while logged in as sa.
Also I have read about the Sybase Central utility. does this come with
the Linux version? If so where is it installed? If not is it available
for free?
I recieved an email from Ryan Lubke with the commands that work.
sp_role "grant", "sa_role", user_name
exec sp_role "grant", "sso_role",...
general security
hello, i was wondering if all these tools, such as the login control, create new user wizard, and the datagrids,etc -if all of them are generally protected from things like SQL injection, cross scripting? and or should more validation be done?
I don't know if they are totally protected from SQL injection, but it is always a good idea to use standard security to protect against this. Such as using a stored proc and keeping dynamic sql down to none.View My Blog Download My URL Rewriter and Reverse ProxyOnly $9.95/month, ASP.NET, 2GB & SQL 2005...
ASA To ASE - VSWhat are the differents in terms of configuring SQL Remote Between ASA to
ASE and ASE To ASE ?
You should start with the Help file and then ask specific questions:
Data Replication with SQL Remote
PART 5. Appendix
APPENDIX A. Enterprise and Anywhere: Differences
There are many differences, so begin there.
--
David Fishburn
Sybase
Please only post to the newsgroup
BH Ong <bhong@tm.net.my> wrote in message
news:01bf4b98$33183580$7ccdc8c8@virtual-branch...
> What are the differents in terms of configuring SQL Remote Between ASA to
> ASE and ASE To ASE ...
Are there any common errors / issues related to using the dump/load strategy vs. sqlupgrade utility for upgrade/migration to ASE 15.x (from ASE 12.5.x)?Are there any common errors / issues related to using the
dump/load strategy vs. sqlupgrade utility for
upgrade/migration to ASE 15.x (from ASE 12.5.x)?
Hi everyone,
I've been reading posts on this discussion thread to try to
see if I can find any disadvantage of using the dump/load
strategy vs. using the sqlupgrade utility (i.e. common
errors / issues).
I noticed that some have run into errors after the
upgrade/migration when using system stored procedure(s). So
this sparked a few questions...
1) Is one upgrade/migration strategy prone to more errors
and issues than ...
general security issues
hi i'm doing an assignment on the security issues of active server pages. i was wondering if anyone could outline the major security issues for me. if you could i'd really appreciate it!
biggest security issue in ASP? ASP Developers. without a question.RTFM - straight talk for web developers. Unmoderated, uncensored, occasionally unreadableJason Brown - MVP, IIS
As Jason points out, crappy coders are the biggest problem :-)
The crappy code tends to be vulnerable to the following types of attacks:
-SSL Injection Attacks
-Cross Site Scripting Attacks
-Replay Attacks/Cookie thef...