similar to: Lockdown: Understanding "nil_lockdown_values"...?

What: Lockdown <http://stonean.com/projects/show/lockdown> is an authorization/authentication gem for RubyOnRails 2.x This version bundles Classy Inheritance<http://stonean.com/projects/show/classy-inheritance>to simplify the management screens. There is also a lot of template cleanup in this release. *There were no changes to the security engine.* If you have questions, please

Hi group As promised some months ago, I'm letting you know that lockdown is now ready for testing. Please don't study the code to much, I know it is a mess and therefore a rewrite is on it's way. But feel free to take a look at the features offered, how you use them and the default settings. When lockdown is ready for production usage, I'll release version 1.0. I guess that will

Hi guys, I'm just about to shoot on my foot so I wanted to check if there is something else to blow my full leg actually ;-)) I have setup a working Samba 3 PDC controller with user authentication and roaming profiles. I want to lock down [*] the desktop on client machines (win xp) as I did with poledit (NTConfig.POL) on Win9x/WinNT4 machines. [*] Lock downs suck as : disabling msn

Hi all, I am doing some tests with my CentOS7 desktop. I have configured a policy to lockdown Chrome/Chromium browsers and it works perfectly. And I am trying to the same for Firefox browsers but Firefox's docs are really "hard" to understand. I have the following stopper points: a/ what is the "real" system wide's config file: firefox.js, sysprefs.js or

Has anyone had any issues using Cucumber with Lockdown. in the following scenario, I am logged in as an admin and so should have :all access rights, however I get the following error. Authoriztion filed! prms: {"action"=>"index", "controller"=>"admin"} session: {:expiry_time=>Wed Oct 28 13:33:43 +0000 2009,

Dear OpenSSH developers, Thanks a lot for your work on OpenSSH. We use it a lot and it is very helpful for our daily work. Would it be possible to have a lockdown option as a workaround in case of a remotely exploitable problem in ssh. This may help react to compromised keys/passwords, configuration issues, software bugs or other problems for example when Debian broke ssh . My Idea would be

I only run one piece of software under wine but this app is still a great risk. The intentions and opportunity of software developers not using open source should not be underestimated. when i run env WINEPREFIX="/ubuntu/PC1/.wine" wine C:\\windows\\system32\\taskmgr.exe I am reminded again of all the security problems with windows. I was thinking that it ought to be easier to

I'm seeing errors like this in my event viewer on win2k clients: Source MRx Smb "The master browser has received a server announcement that computer CONAN that believes it is the master browser for the domain ... The master brower is stoppong or an election is being forced." Event ID 8003 The other error that frequently occurs with this: Source: Netlogon "No Windows NT or

Manon, On Thu, 4 Jul 2024 at 05:00, Manon Goo <manon.goo at dg-i.net> wrote: > My Idea would be to have a shared secret option that the client and server would have to proof to know when initiating the Handshake. The Server or client could terminate the connection immediately when the peer does not know the secret. So in case of a security Problem the administrator could set an

Dear Christian, >How is this different to configuring /etc/securetty and tunnelling >Telnet over SSH Port Forwarding which I don't recommend BTW? In case your SSH is remotely attackable for instance - because your LDAP is configured wrongly, - your run into some problem like CVE-2008-0166 - some users private keys are lost And you want to lock down the sshd and investigate and

Steffen Nurpmeso wrote in <20240714024434.vvSRh10_ at steffen%sdaoden.eu>: ... |[.]do not |know about the AI_V4MAPPED flag[.] I have read https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 but as an application developer i find it ugly not to be able to "simply do it", and get back a mapped address. --steffen | |Der Kragenbaer,

On 14/07/2024 03:49, Steffen Nurpmeso wrote: > I have read > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > but as an application developer i find it ugly not to be able to > "simply do it", and get back a mapped address. You are looking at a Internet draft which expired more than 20 years ago.

On 04.07.24 01:41, Manon Goo wrote: > - some users private keys are lost Then you go and remove the corresponding pubkeys from wherever they're configured. Seriously, even if you do not scan which pubkey is configured where *now* (as is part of our usual monitoring), it'll be your "number <3" task *then* to go hunt it down. > And you want to lock down the sshd

Gert Doering wrote in <ZpUvZQr0T-vOToo2 at greenie.muc.de>: |On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: |> On 14/07/2024 03:49, Steffen Nurpmeso wrote: |>> https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-\ |>> harmful-01 |>> |>> but as an application developer i find it ugly not to be able to |>>

Hi, On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: > On 14/07/2024 03:49, Steffen Nurpmeso wrote: > > I have read > > > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > > > but as an application developer i find it ugly not to be able to > > "simply do it", and get back a mapped address.

Simon Josefsson wrote in <87jzi1fg24.fsf at kaka.sjd.se>: |Jochen Bern <Jochen.Bern at binect.de> writes: |> (And since you mention "port knocking", I'd like to repeat how fond I |> am of upgrading that original concept to a single-packet |> crypto-armored implementation like fwknop.) | |I am reluctantly considering to use some kind of port knocking

Steffen Nurpmeso wrote in <20240704180538.iV4uex29 at steffen%sdaoden.eu>: |Simon Josefsson wrote in | <87jzi1fg24.fsf at kaka.sjd.se>: ||Jochen Bern <Jochen.Bern at binect.de> writes: ||> (And since you mention "port knocking", I'd like to repeat how fond I ||> am of upgrading that original concept to a single-packet ||> crypto-armored

Hi all, I'm currently investigating a bug which is causing an assert to fail in lib/CodeGen/SelectionDAG/ScheduleDAGRRList.cpp. See https://llvm.org/bugs/show_bug.cgi?id=28753 for repro information. To my knowledge, this problem only occurs with the SystemZ target. I'm trying to determine whether the issue is the result of an edge case in the scheduling code itself, or if it's a

Could you post the .ll file with the testcase? -Krzysztof On 7/29/2016 2:38 PM, Elliot Colp via llvm-dev wrote: > Hi all, > > I'm currently investigating a bug which is causing an assert to fail in > lib/CodeGen/SelectionDAG/ScheduleDAGRRList.cpp. See > https://llvm.org/bugs/show_bug.cgi?id=28753 for repro information. > > To my knowledge, this problem only occurs with

P.S.: Steffen Nurpmeso wrote in <20240707025234.j3oUaPFH at steffen%sdaoden.eu>: |Steffen Nurpmeso wrote in | <20240704180538.iV4uex29 at steffen%sdaoden.eu>: ||Simon Josefsson wrote in || <87jzi1fg24.fsf at kaka.sjd.se>: |||Jochen Bern <Jochen.Bern at binect.de> writes: |||> (And since you mention "port knocking", I'd like to repeat how fond I