in Db2 v11.1 on Linux I would like to have control over applications that consumes too much CPU resources. For every application that consumes too much CPU for more then 3 seconds I want to lower CPU resources to max 5%.
In Db2 Workload Manager I created two subclasses. First without restrictions and second with 5%-CPU restriction. The trouble I have now is at "create threshold" command (bellow). CPUTIMEINSC actually means time spend in sub-class, but I am looking for option to only trigger threshold when SQL consumes a lot of CPU power.
How to restrict CPU consumption to "aggressive" applications?
-- Create super-class. CREATE SERVICE CLASS SC_APPS; -- Create default subclass that all applications start with. CREATE SERVICE CLASS SC_APPS_100 UNDER SC_APPS SOFT CPU SHARES 1000 CPU LIMIT 100 PREFETCH PRIORITY DEFAULT BUFFERPOOL PRIORITY DEFAULT; -- Create subclass with CPU, disk I/O and memory restrictions. CREATE SERVICE CLASS SC_APPS_05 UNDER SC_APPS HARD CPU SHARES 50 CPU LIMIT 5 PREFETCH PRIORITY LOW BUFFERPOOL PRIORITY LOW; -- Move application that consumes CPU for more then 3 seconds from non-restricting subclass to resource restricting subclass CREATE THRESHOLD TR_APPS_GOTO_05 FOR SERVICE CLASS SC_APPS_100 UNDER SC_APPS ACTIVITIES ENFORCEMENT MEMBER WHEN CPUTIMEINSC > 3 HOURS CHECKING EVERY 1 SECOND REMAP ACTIVITY TO SC_APPS_05; -- Crete workload restrictions for one user only CREATE WORKLOAD WL_APPS_05 SYSTEM_USER ('USER1') SERVICE CLASS SC_APPS_05 UNDER SC_APPS; -- Grant access to public GRANT USAGE ON WORKLOAD WL_APPS_05 TO PUBLIC;
I’ve one doubt, we can use cors to restrict api calls to specific host in web app. how to do the same for native mobile app ? to restrict api calls from my app alone. is it possible to do so ?
I have a server and I want my iPhone to connect to it securely. However, I cannot just install the self-signed server certificate on my iPhone. When I install the profile (that’s what they call the certificate), it says "Not verified".
Normally, you would go to CA Trust settings and enable full trust for the certificate. BUT I deliberately made the certificate with
critical,CA:false constraint. That’s the reason it does not show in the CA Trust settings.
Why did I do it — I just need to install the single certificate and I don’t want to totally compromise my iPhone security, if my CA credentials got stolen.
Do this have a solution? iOS probably requires a CA to trust a certificate, but I don’t want a possibility to create certificates at all (beside the one), or at least for another domains.
One potential "solution" might be to create the CA, sign the server certificate and then delete the CA key, as it would not be needed and would live for a shorter time (lower chance to get stolen).
However, people except me wouldn’t be stoked to install it. (I don’t want to buy a certificate as its a home project and I don’t even have a domain name, just the IP address.)
The certificate complies with apple’s current requirements for server certificates. (https://support.apple.com/en-us/HT210176)
I’m trying to setup a SQL Server 2008 R2 instance, restricting access to my database so only specific users on specific machines can login there.
Let’s say, we have 3 devs: John, Jill and Steve, with 3 machines: JohnPC, JillPC and StevePC. John and Jill use their machines inside a domain, but Steve doesn’t. So, the machines “full names” are: MYDOMAIN\JohnPC, MYDOMAIN\JillPC and StevePC, since Steve isn’t in MYDOMAIN, but in windows default “WorkGroup”.
I know that I can create accounts to restrict access from a machine, as in [MYDOMAIN\JohnPC$ ].
But in my case, I don’t want to allow Jill to login from JohnPC.
I’m using mixed-mode login to server, so I have the ‘sa’ account enabled (and it’s supposed to access only within the server’s localhost environment).
I’ve read this article that shows how to create an account for a computer within a domain, but that doesn’t apply to my case [Edit: because it doesn’t tell how to restrict user to each computer, and it doesn’t tell how to create an account for a computer with no domain]. Searched google about it, and can’t find any answer that could remotely fit what I’m trying to do.
So, is this possible to achieve? And if it is, how can I do it?
I am trying to make a restriction to procfs like only a certain groups of members can perform read and write actions.
kernel document says we can do that by setting
/etc/fstab. It will restrict the malicious user from making read and write on procfs but I have a doubt whether it is possible for malicious user (restricted in the
/etc/fstab) to access content in profs using
syscall instead of
fs operation like read and write.
I have an iPhone that runs 13.3.1 (latest at this time). It’s a corporate phone and has an MDM profile installed. I’ve been using the phone for almost 2 years now with a custom keyboard (Google Keyboard). However, after recently traveling to the States, I noticed that my phone is forcing me to use the default Apple keyboard every time I try to type something. It’s been happening since 3 weeks now and this change was not caused by a system upgrade, I remember not changing/installing anything around the time when this started. It’s almost like my iPhone woke up one day and did not want me to use another keyboard, even after I had been using one for years now (jealous much?). The MDM profile installed doesn’t mention having control over keyboard. The moment I start typing, I get force switched to the Apple keyboard (without suggestions). And while I can switch to the Apple keyboard with suggestions, I can’t use my other keyboard even though it’s set as default.
This behavior began very randomly and at this point I wonder if it’s just paranoia or legit. I work in this field and so it probably isn’t irrational paranoia but I’m just looking for a logical answer. Does anyone know what this is about or has experienced similar?
I want to allow crawling of my website only if the URL starts with accepted region/language combinations which are
fr/fr. Other language combinations must be restricted. On the other hand crawler should be able to crawl
/about, etc. For example:
example.com/us/en/videos # should be allowed example.com/de/en/videos # should be blocked example.com/users/mark # should be allowed
Again, it should be blocked only if it starts with unaccepted region/language combinations. What I did so far does not work:
Disallow: /*? Disallow: /*/*/cart/ Disallow: /*/*/checkout/ Disallow: /*/*/ Allow: /*.css? Allow: /*.js? Allow: /us/en/ Allow: /gb/en/ Allow: /fr/fr/
I tested it with google’s online robots.txt tester.
A website restricts these characters from passwords:
# * ( ) %
At a casual glance, it looks like they’re not sanitizing data input to the database or hashing passwords, but I’m a hobbyist.
Should I contact the IT maintainer? This is a new site that was just launched to replace an old one within my industry.
What risks are there in allowing external clients to resolve internal IPs to their domain names? The server is used internally for clients, as well as for external clients needing to resolve a web server’s domain. Couldn’t allowing these reverse lookups allow an attacker to gather a wide array of information if the domain names contain usable information?
I’d like to create a readonly role for a third party to access a handful of tables from the public schema without being able to view the rest of the tables in public.
My initial idea was to create a new schema ‘readonly’ and then create views in that schema:
create view readonly.table1 as select * from public.table1
Then alter the search path for the readonly user to limit it only to the ‘readonly’ schema. However, it looks like I can still view the public schema as that role (though I can’t select anything from any tables in schema public).
Is there a way to remove all visibility into the public schema from a role? Unfortunately, moving everything to a different schema is not possible.