similar to: Using Cucumber with Lockdown

Hello, Presently, we are able to add additionnal info to a matrix thanks to the nice comment() and attr() functions. Maybe I miss some other functions ? Since there is a always a little remaining place on the top left when one print a matrix, I was wondering if it won't be interesting to offer the possibility to show some information here, I'm thinking on something like : > attr(M,

Hi, I have some models such as: class User < ActiveRecord::Base acts_as_authentic end class Admin < User end class Superadmin < Admin end And some controllers such as: class UserSessionsController < ApplicationController def new @user_session = UserSession.new end def create @user_session =

I have a Model event and the following two lines in routes.rb 1 - map.connect "events/:action", :controller => ''events'', :action => / [a-z_]+/i 2 - map.resources :events, :has_many => :comments, :has_one => :address #, :collection => {:mapit => :get} I have #1 so that I can call custom actions from a link_to_remote link from my index page t0 update a

Hi all, I''m running into a very strange but incredibly annoying problem that I just can''t seem to solve. The exception is occurring from a seemingly innocuous line in my code, a simple ''logger.warn("some debug information")''. The backtrace follows: SecurityError (Insecure: can''t modify array)

Hello! I was wondering, sometimes I raise an exception in my Rails apps, e.g.: raise SecurityError unless @post.user == logged_in_user Now: is there any way to catch that SecurityError exception somewhere and render a custom template? E.g., I want to render ''app/views/content/security_error.rhtml'' Does anyone know how to do this? Thanks a bunch, Rob

In my user_sessions_controller: class UserSessionsController < ApplicationController before_filter :require_no_user, :only => [:create, :new] before_filter :require_user, :only => :destroy def new @user_session = UserSession.new @message = "Hello." end def create @user_session = UserSession.new(params[:user_session]) if @user_session.save

Hello, I wanted to view a AIX box as a WinNT box, so I downloaded the file samba-1.9.17p3.aix-3.2.5.tar.gz to install samba on the unix machine (IBM RS6000). It runs AIX Version 3. My client machine runs WinNT 4.00.1381 (x86 Family 6 Model 1 Stepping6). Samba is now installed on /usr2/local/samba. There are some symbolic links on /usr/local/samba that point to the corresponding files in

Hi group As promised some months ago, I'm letting you know that lockdown is now ready for testing. Please don't study the code to much, I know it is a mess and therefore a rewrite is on it's way. But feel free to take a look at the features offered, how you use them and the default settings. When lockdown is ready for production usage, I'll release version 1.0. I guess that will

What: Lockdown <http://stonean.com/projects/show/lockdown> is an authorization/authentication gem for RubyOnRails 2.x This version bundles Classy Inheritance<http://stonean.com/projects/show/classy-inheritance>to simplify the management screens. There is also a lot of template cleanup in this release. *There were no changes to the security engine.* If you have questions, please

In the test environment, logging out and back in is not working for me. The log for the first login looks like this: Processing UserSessionsController#create (for 127.0.0.1 at 2010-05-24 19:53:57) [POST] Parameters: {"user_session"=>{"remember_me"=>"true", "password"=>"[FILTERED]", "login"=>"test"},

Hi all, I am doing some tests with my CentOS7 desktop. I have configured a policy to lockdown Chrome/Chromium browsers and it works perfectly. And I am trying to the same for Firefox browsers but Firefox's docs are really "hard" to understand. I have the following stopper points: a/ what is the "real" system wide's config file: firefox.js, sysprefs.js or

Hi guys, I'm just about to shoot on my foot so I wanted to check if there is something else to blow my full leg actually ;-)) I have setup a working Samba 3 PDC controller with user authentication and roaming profiles. I want to lock down [*] the desktop on client machines (win xp) as I did with poledit (NTConfig.POL) on Win9x/WinNT4 machines. [*] Lock downs suck as : disabling msn

Hi All, I''m having a bit of trouble wrapping my head around "nil_lockdown_values" in the Lockdown plugin. I''m unfamiliar with how exactly this works. I''m assuming it is a helper method of sorts, but I see no definition. Does Rails simply have the ability to nil_ [somerandomliborclass]_values? Would someone mind unconfusing me? Also, where would I find

I only run one piece of software under wine but this app is still a great risk. The intentions and opportunity of software developers not using open source should not be underestimated. when i run env WINEPREFIX="/ubuntu/PC1/.wine" wine C:\\windows\\system32\\taskmgr.exe I am reminded again of all the security problems with windows. I was thinking that it ought to be easier to

I'm seeing errors like this in my event viewer on win2k clients: Source MRx Smb "The master browser has received a server announcement that computer CONAN that believes it is the master browser for the domain ... The master brower is stoppong or an election is being forced." Event ID 8003 The other error that frequently occurs with this: Source: Netlogon "No Windows NT or

Manon, On Thu, 4 Jul 2024 at 05:00, Manon Goo <manon.goo at dg-i.net> wrote: > My Idea would be to have a shared secret option that the client and server would have to proof to know when initiating the Handshake. The Server or client could terminate the connection immediately when the peer does not know the secret. So in case of a security Problem the administrator could set an

Dear Christian, >How is this different to configuring /etc/securetty and tunnelling >Telnet over SSH Port Forwarding which I don't recommend BTW? In case your SSH is remotely attackable for instance - because your LDAP is configured wrongly, - your run into some problem like CVE-2008-0166 - some users private keys are lost And you want to lock down the sshd and investigate and

Steffen Nurpmeso wrote in <20240714024434.vvSRh10_ at steffen%sdaoden.eu>: ... |[.]do not |know about the AI_V4MAPPED flag[.] I have read https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 but as an application developer i find it ugly not to be able to "simply do it", and get back a mapped address. --steffen | |Der Kragenbaer,

On 14/07/2024 03:49, Steffen Nurpmeso wrote: > I have read > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > but as an application developer i find it ugly not to be able to > "simply do it", and get back a mapped address. You are looking at a Internet draft which expired more than 20 years ago.

On 04.07.24 01:41, Manon Goo wrote: > - some users private keys are lost Then you go and remove the corresponding pubkeys from wherever they're configured. Seriously, even if you do not scan which pubkey is configured where *now* (as is part of our usual monitoring), it'll be your "number <3" task *then* to go hunt it down. > And you want to lock down the sshd