oracle security - Page 518

How To Prevent Processes From Starting?

- by Rob P.

I'm toying around with a very simplistic sort of process-monitor. Currently, it gets a list of the running processes and attempts to kill any process that is not white-listed. What I'm looking for is a way to prevent a process from starting that isn't on the white-list. If that's possible. My knowledge level in this area is pretty non-existent and my Google-fu only returns websites discussing Process.Start() :( Can anyone point me in the right direction?

Read the article

Linux File Permissions & Access Control Query

- by Jason

Hi, Lets say I am user: bob & group: users. There is this file: -rw----r-- 1 root users 4 May 8 22:34 testfile First question, why can't bob read the file as it's readable by others? Is it simply that if you are denied by group, then you are auto-blacklisted for others? I always assumed that the final 3 bits too precedence over user/group permission bits, guess I was wrong... Second question, how is this implemented? I suppose it's linked to the first query, but how does this work in relation to Access Control, is it related to how ACLs work / are queried? Just trying to understand how these 9 permission bits are actually implemented/used in Linux. Thanks alot.

Read the article

how can i hide the main form when it log out! ??

- by Azka

when i click onto login button, login page appears and when i enter the user id and password it proceeds to main form.. but.. when i log out, the main form appears and the controls transfer back to the log in page.. ... i need to hide that main form when it log outs.. ?? is it clear now??

Read the article

Is there a unique computer identifier that can be used reliably even in a virtual machine?

- by SaUce

I'm writing a small client program to be run on a terminal server. I'm looking for a way to make sure that it will only run on this server and in case it is removed from the server it will not function. I understand that there is no perfect way of securing it to make it impossible to ran on other platforms, but I want to make it hard enough to prevent 95% of people to try anything. The other 5% who can hack it is not my concern. I was looking at different Unique Identifiers like Processor ID, Windows Product ID, Computer GUID and other UIs. Because the terminal server is a virtual machine, I cannot locate anything that is completely unique to this machine. Any ideas on what I should look into to make this 95% secure. I do not have time or the need to make it as secure as possible because it will defeat the purpose of the application itself. I do not want to user MAC address. Even though it is unique to each machine it can be easily spoofed. As far as Microsoft Product ID, because our system team clones VM servers and we use corporate volume key, I found already two servers that I have access to that have same Product ID Number. I have no Idea how many others out there that have same Product ID By 95% and 5% I just simply wanted to illustrate how far i want to go with securing this software. I do not have precise statistics on how many people can do what. I believe I might need to change my approach and instead of trying to identify the machine, I will be better off by identifying the user and create group based permission for access to this software.

Read the article

Best Way To Store Users Passwords Using PHP?

- by PeAk

What is the best way to store users passwords in a MySQL database using PHP. For example, md5 or is there something better? examples would be much appreciated.

Read the article

Expanded securityadmin

- by user80652

I'm aware that sysadmin is documented as the server role necessary for creating logins (SQL/Windows-integrated); nevertheless, I'm tasked to find out if there's any other server role (built-in or otherwise) that can be used. To be specific, I'm looking to setup one or two logins with access to create logins, create [database] users, assign users to [database] roles. Potentially reset passwords, but most of the logins are Windows-integrated and it's not necessary. Cannot have access to data at all, nor can these logins have rights to update tables nor create/update roles. Seems my only options so far are to set these 2 logins with securityadmin server role and for the specific databases, configure with db_securityadmin and db_accessadmin... but this configuration doesn't allow for creating logins.

Read the article

php Mail function; Is this way of using it safe?

- by Camran

I have a classifieds website, and inside each classified, there is a small form. This form is for users to be able to tip their "friends": <form action="/bincgi/tip.php" method="post" name="tipForm" id="tipForm"> Tip: <input name="email2" id="email2" type="text" size="30 /> <input type="submit" value="Skicka Tips"/> <input type="hidden" value="<?php echo $ad_id;?>" name="ad_id2" id="ad_id2" /> <input type="hidden" value="<?php echo $headline;?>" name="headline2" id="headline2" /> </form> The form is then submitted to a tip.php page, and here is my Q, is this below code safe, ie is it good enough or do I need to make some sanitations and more safety details? $to = filter_var($_POST['email2'], FILTER_SANITIZE_EMAIL); $ad_id = $_POST['ad_id2']; $headline = $_POST['headline2']; $subject = 'You got a tip'; $message ='Hi. You got a tip: '.$headline.'.\n'; $headers = 'From: [email protected]\r\n'; mail($to, $subject, $message, $headers); I haven't tested the above yet.

Read the article

What statistics app should I use for my website?

- by Camran

I have my own server (with root access). I need statistics of users who visit my website etc etc... I have looked at an app called Webalyzer... Is this a good choice? I run apache2 on a Ubuntu 9 system... If you know of any good statistics apps for servers please let me know. And a follow-up question: All statistics are saved in log-files right? So how large would these log-files become then? Possibility to split them would be good, dont know if this is possible with Webalyzer though...

Read the article

SpringSecurity VS SpringWebSecurity

- by abc

SpringSecurity VS SpringWebSecurity .. please explain..

Read the article

What's the best way to store sensative data in MySQL?

- by embedded

I'm managing the MySQL database from PHP scripts. the communication between server and client is secured via SSL. I store user account data which is sensitive. Is there a way to encrypt this data when entered into the DB? What is the best way to protect this sensitive data? Thanks

Read the article

Interrupted Upgrade from 11.10 to 12.04

- by Tamil

My upgrade using alternative iso from 11.10 to 12.04 got interrupted and I had to hard restart my machine. Now I feel that everything is recovered except my already installed packages like vim. How do I backup my home folder for fresh installation of ubuntu? Following are the errors I'm facing I couldn't mark any package for re-installation in synaptic or remove and install too. output of sudo apt-get install vim Building dependency tree Reading state information... Done Package vim is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'vim' has no installation candidate If I try installing it from synaptic I get apache2.2-common: Package apache2.2-common has no available version, but exists in the database. This typically means that the package was mentioned in a dependency and never uploaded, has been obsoleted or is not available with the contents of sources.list my sources.list file # added by the release upgrader # deb cdrom:[Ubuntu 12.04.1 LTS _Precise Pangolin_ - Release amd64 (20120822.4)]/ precise main restricted # added by the release upgrader # # deb cdrom:[Ubuntu 12.04.1 LTS _Precise Pangolin_ - Release amd64 (20120822.4)]/ precise main restricted # deb cdrom:[Ubuntu 11.04 _Natty Narwhal_ - Release amd64 (20110427.1)]/ natty main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://archive.ubuntu.com/ubuntu precise main restricted deb-src http://archive.ubuntu.com/ubuntu precise main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://archive.ubuntu.com/ubuntu precise-updates main restricted deb-src http://archive.ubuntu.com/ubuntu precise-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu precise universe deb-src http://archive.ubuntu.com/ubuntu precise universe deb http://archive.ubuntu.com/ubuntu precise-updates universe deb-src http://archive.ubuntu.com/ubuntu precise-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://archive.ubuntu.com/ubuntu precise multiverse deb-src http://archive.ubuntu.com/ubuntu precise multiverse deb http://archive.ubuntu.com/ubuntu precise-updates multiverse deb-src http://archive.ubuntu.com/ubuntu precise-updates multiverse ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://us.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse # deb-src http://us.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu precise-security main restricted deb-src http://archive.ubuntu.com/ubuntu precise-security main restricted deb http://archive.ubuntu.com/ubuntu precise-security universe deb-src http://archive.ubuntu.com/ubuntu precise-security universe deb http://archive.ubuntu.com/ubuntu precise-security multiverse deb-src http://archive.ubuntu.com/ubuntu precise-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb http://archive.canonical.com/ubuntu precise partner # deb-src http://archive.canonical.com/ubuntu natty partner ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. deb http://extras.ubuntu.com/ubuntu precise main deb-src http://extras.ubuntu.com/ubuntu precise main # deb http://tamil.3758_gmail.com:[email protected]/free unstable main # disabled on upgrade to oneiric # deb http://debian.datastax.com/natty oneiric main # disabled on upgrade to oneiric sudo apt-get update Err http://archive.ubuntu.com precise InRelease Err http://archive.canonical.com precise InRelease Err http://archive.ubuntu.com precise-updates InRelease Err http://archive.ubuntu.com precise-security InRelease Err http://extras.ubuntu.com precise InRelease Err http://archive.canonical.com precise Release.gpg Unable to connect to 172.16.140.249:3142: Err http://archive.ubuntu.com precise Release.gpg Unable to connect to 172.16.140.249:3142: Err http://archive.ubuntu.com precise-updates Release.gpg Unable to connect to 172.16.140.249:3142: Err http://extras.ubuntu.com precise Release.gpg Unable to connect to 172.16.140.249:3142: Err http://archive.ubuntu.com precise-security Release.gpg Unable to connect to 172.16.140.249:3142: W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/precise/InRelease

Read the article

How can I install oracle-java7 from webupd8 ppa?

- by Ahmed Zain El Dein

I installed ppa:webupd8team/java and I get the following error Output from: sudo apt-get install oracle-java7-installer Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: binfmt-support visualvm ttf-baekmuk ttf-unfonts ttf-unfonts-core ttf-kochi-gothic ttf-sazanami-gothic ttf-kochi-mincho ttf-sazanami-mincho ttf-arphic-uming The following packages will be upgraded: oracle-java7-installer 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. Need to get 0 B/16.0 kB of archives. After this operation, 64.5 kB of additional disk space will be used. Could not exec dpkg! E: Sub-process /usr/bin/dpkg returned an error code (100) i did afterwords those line of code trying to resolve the issue becuase it is not existed actually in the /usr/bin/dpkg there is no dpkg mkdir /tmp/dpkg cd /tmp/dpkg wget http://archive.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4_i386.deb ar x dpkg*.deb data.tar.gz tar xfvz data.tar.gz ./usr/bin/dpkg sudo cp ./usr/bin/dpkg /usr/bin/ sudo apt-get update sudo apt-get install --reinstall dpkg then i get this $ sudo apt-get install --reinstall dpkg Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 6 not upgraded. 1 not fully installed or removed. Need to get 0 B/1,814 kB of archives. After this operation, 0 B of additional disk space will be used. dpkg: warning: 'dpkg-deb' not found on PATH. dpkg: 1 expected program(s) not found on PATH. NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin. E: Sub-process /usr/bin/dpkg returned an error code (2) How can I fix this?

Read the article

Solaris OpenStack Horizon customizations

- by GirishMoodalbail-Oracle

In Oracle Solaris OpenStack Havana, we have customized the Horizon BUI by modifying existing dashboard and panels to reflect only those features that we support. The modification mostly involves: -- disabling an widget (checkbox, button, textarea, and so on) -- removal of a tab from a panel -- removal of options from pull-down menus The following table lists the customizations that we have made. |-----------------------------+-----------------------------------------------------| | Where | What | |-----------------------------+-----------------------------------------------------| | Project => Instances => | Post-Creation tab is removed. | | Launch Instance | | | | | | Project => Instances => | Security Groups tab is removed. | | Actions => Edit Instance | | | | | | Project => Instances => | Console tab is removed. | | Instance Name | | | | | | Project => Instances => | Following actions Console, Edit Security Groups, | | Actions | Pause Instance, Suspend Instance, Resize Instance, | | | Rebuild Instance, and Migrate Instance are removed. | | | | | Project => | Security Groups tab is removed. | | Access and Security | | | | | | Project => | Create Volume action is removed. | | Images and Snapshots => | | | Images => Actions | | | | | | Project => Networks => | Admin State is disabled and its value is always | | Create Network | true. | | | | | Project => Networks => | Disable Gateway checkbox is disabled, and its | | Create Network => | value is always false. | | Subnet | | | | | | Project => Networks => | Allocation Pools and Host Routes text area are | | Create Network => | disabled. | | Subnet Detail | | | | | | Project => Networks => | Edit Subnet action is removed. | | Network Name => Subnet => | | | Actions | | | | | | Project => Networks => | Edit Port action is removed. | | Network Name => Ports => | | | Actions | | | | | | Admin => Instnaces => | Following actions Console, Pause Instance, | | Actions | Suspend Instance, and Migrate Instance are removed. | | | | | Admin => Networks => | Edit Network action is removed | | Actions | | | | | | Admin => Networks => | Edit Subnet action is removed | | Subnets => Actions | | | | | | Admin => Networks => | Edit Port action is removed | | Ports => Actions | | | | | | Admin => Networks => | Admin State and Shared check box are disabled. | | Create Network | Network's Admin State is always true, and Shared is | | | always false. | | | | | Admin => Networks => | Admin State check box is disabled and its value | | Network Name => Create Port | is always true. | |-----------------------------+-----------------------------------------------------|

Read the article

jdeps?Compact???????????????

- by kshimizu-Oracle

Java SE Embedded 8??Compact???????????? ?????ROM???????????????????????????? Compact????????compact1, compact2, compact3?3??????? ????????SE?API????Full JRE???????????? ?????????Java SE????????4???????????????? ????????????????????????????????????????????jdeps???????????????????????????jdeps?JDK 8??????????????JDK??????????($JAVA_HOME/bin/jdeps)????????????????????? ???????????jdeps?Compact??????????????????? --------------------------------------------------------------------------------------------------------------------- > jdeps -P helloworld.jar # ??????????????????helloworld.jar -> /opt/jdk1.8.0_05/jre/lib/rt.jar (compact1) com.example (helloworld.jar) -> java.io compact1 -> java.lang compact1 -> java.util.logging compact1 --------------------------------------------------------------------------------------------------------------------- >jdeps -P -v helloworld.jar # ???????????????? com.example.HelloWorld -> java.io.PrintStream compact1com.example.HelloWorld -> java.lang.Class compact1com.example.HelloWorld -> java.lang.InterruptedException compact1com.example.HelloWorld -> java.lang.Object compact1com.example.HelloWorld -> java.lang.OutOfMemoryError compact1com.example.HelloWorld -> java.lang.Runtime compact1com.example.HelloWorld -> java.lang.String compact1com.example.HelloWorld -> java.lang.StringBuilder compact1com.example.HelloWorld -> java.lang.System compact1com.example.HelloWorld -> java.lang.Thread compact1com.example.HelloWorld -> java.lang.Throwable compact1com.example.HelloWorld -> java.util.logging.Level compact1com.example.HelloWorld -> java.util.logging.Logger compact1 --------------------------------------------------------------------------------------------------------------------- ?????????????????????"-dotoutput"???????????????????????????????????????????? ??????????????????DOT????????????? ??URL: 1. jdeps http://docs.oracle.com/javase/8/docs/technotes/tools/unix/jdeps.html 2. Compact??????????http://www.oracle.com/technetwork/java/embedded/resources/tech/compact-profiles-overview-2157132.html?ssSourceSiteId=otnjp 3. Compact???????Footprint http://www.oracle.com/technetwork/java/embedded/resources/se-embeddocs/index.html#sysreqs

Read the article

Deploying Application with mvc in shared hosting server

- by ankita-13-3

We have created an MVC web application in asp.net 3.5, it runs absolutely fine locally but when we deploy it on godaddy hosting server (shared hosting), it shows an error which is related to trust level problem. We contacted godaddy support and they say, that we only support medium trust level application. So how to convert my application in medium trust level. Do I need to make changes to web.config file. It shows the following error : Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityException: Request failed.] System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +150 System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +100 System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +284 System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh) +69 System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh) +150 System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +30 System.Threading.CompressedStack.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +40 System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) +123 System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, Resolver accessContext) +41 Look forward to your help. Regards Ankita Software Developer Shakti Informatics Pvt. Ltd. Web Template Hub

Read the article

How to handle xpath in SQL query while programming in Java

- by Pratik

I am trying to execute the SQL statement from my java application Due website restriction on url I have replaced http=htp for this post. SELECT DISTINCT(DID) FROM (SELECT e_id DID, xml_doc xml, rownum rn from employee_master_indexes)," + " table(XMLSequence(extract(xml,'//cf:SalesReport/ext:Sales/*//j:PersonAssignedIDDetails/j:PersonID/j:ID',"+ "'xmlns:j=\" htp://www.it.jvp.com/xmm/3.0.3\" xmlns:xsi=\" htp://www.w3.org/2001/XMLSchema\" " + "xmlns:ext=\" htp://xml.crossflo.com/xdm/3.0.3/extension\" xmlns:cf=\" htp://xml.crossflo.com/xdm/3.0.3\" ')))EMPID" + "WHERE extractValue(value(EMPID),'/j:ID', 'xmlns:j=\" htp://www.it.jvp.com/xmm/3.0.3\"') LIKE '%-%-%' AND rn BETWEEN 999 AND 2001"; but end up with 10/05/24 11:11:51 java.sql.SQLException: ORA-00933: SQL command not properly ended 10/05/24 11:11:51 at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:138) 10/05/24 11:11:51 at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:316) 10/05/24 11:11:51 at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:282) 10/05/24 11:11:51 at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:639) 10/05/24 11:11:51 at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:113) 10/05/24 11:11:51 at oracle.jdbc.driver.T4CStatement.execute_for_describe(T4CStatement.java:431) 10/05/24 11:11:51 at oracle.jdbc.driver.OracleStatement.execute_maybe_describe(OracleStatement.java:1029) 10/05/24 11:11:51 at oracle.jdbc.driver.T4CStatement.execute_maybe_describe(T4CStatement.java:463) 10/05/24 11:11:51 at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1126) 10/05/24 11:11:51 at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1274) 10/05/24 11:11:51 at oracle_jdbc_driver_T4CStatement_Proxy.executeQuery() I am able to run this query properly on my sql prompt.Any guidance on what makes oracle give me this exception would be appreciated.

Read the article

How to implement multi-source XSLT mapping in 11g BPEL

- by [email protected]

In SOA 11g, you can create a XSLT mapper that uses multiple sources as the input. To implement a multi-source mapper, just follow the instructions below, Drag and drop a Transform Activity to a BPEL process Double-click on the Transform Activity, the Transform dialog window appears. Add source variables by clicking the Add icon and selecting the variable and part of the variable as needed. You can select multiple input variables. The first variable represents the main XML input to the XSL mapping, while additional variables that are added here are defined in the XSL mapping as input parameters. Select the target variable and its part if available. Specify the mapper file name, the default file name is xsl/Transformation_%SEQ%.xsl, where %SEQ% represents the sequence number of the mapper. Click OK, the xls file will be opened in the graphical mode. You can map the sources to the target as usual. Open the mapper source code, you will notice the variable representing the additional source payload, is defined as the input parameter in the map source spec and body<mapSources> <source type="XSD"> <schema location="../xsd/po.xsd"/> <rootElement name="PurchaseOrder" namespace="http://www.oracle.com/pcbpel/po"/> </source> <source type="XSD"> <schema location="../xsd/customer.xsd"/> <rootElement name="Customer" namespace="http://www.oracle.com/pcbpel/Customer"/> <param name="v_customer" /> </source> </mapSources>...<xsl:param name="v_customer"/> Let's take a look at the BPEL source code used to execute xslt mapper. <assign name="Transform_1"> <bpelx:annotation> <bpelx:pattern>transformation</bpelx:pattern> </bpelx:annotation> <copy> <from expression="ora:doXSLTransformForDoc('xsl/Transformation_1.xsl',bpws:getVariableData('v_po'),'v_customer',bpws:getVariableData('v_customer'))"/> <to variable="v_invoice"/> </copy> </assign> You will see BPEL uses ora:doXSLTransformForDoc XPath function to execute the XSLT mapper.This function returns the result of XSLT transformation when the xslt template matching the document. The signature of this function is ora:doXSLTransformForDoc(template,input, [paramQName, paramValue]*).Wheretemplate is the XSLT mapper nameinput is the string representation of xml input, paramQName is the parameter defined in the xslt mapper as the additional sourceparameterValue is the additional source payload. You can add more sources to the mapper at the later stage, but you have to modify the ora:doXSLTransformForDoc in the BPEL source code and make sure it passes correct parameter and its value pair that reflects the changes in the XSLT mapper.So the best practices are : create the variables before creating the mapping file, therefore you can add multiple sources when you define the transformation in the first place, which is more straightforward than adding them later on. Review ora:doXSLTransformForDoc code in the BPEL source and make sure it passes the correct parameters to the mapper.

Read the article

Deploying BAM Data Control Application to WLS server

- by [email protected]

var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); try { var pageTracker = _gat._getTracker("UA-15829414-1"); pageTracker._trackPageview(); } catch(err) {} Typically we would test our ADF pages that use BAM Data control using integrated wls server (ADRS). If we have to deploy this same application to a standalone WLS we have to make sure we have the BAM server connection created in WLS.unless we do that we may face runtime errors.In Development mode of WLS(Reference) For development-mode WebLogic Server, you can set the mode to OVERWRITE to test user names and passwords. You can set the mode by running setDomainEnv.cmd or setDomainEnv.sh with the following option added to the command. Add the following to the JAVA_PROPERTIES entry in the <FMW_HOME>/user_projects/domains/<yourdomain>/bin/setDomainEnv.sh file: -Djps.app.credential.overwrite.allowed=true In Production mode of WLS Enable MDS Create and/or Register your MDS repository. For more details refer this Edit adf-config.xml from your application and add the following tag <adf-mds-config xmlns="http://xmlns.oracle.com/adf/mds/config"> <mds-config version="11.1.1.000"> <persistence-config> <metadata-store-usages> <metadata-store-usage default-cust-store="true" deploy-target="true" id="myRepos"> </metadata-store-usage> </metadata-store-usages> </persistence-config> </mds-config> </adf-mds-config>Deploy the application to WLS server after picking the appropriate repository during deployment from the MDS Repository dialog that pops up Enterprise Manager (Use these steps if using a version prior to 11gR1 PS1 release of JDeveloper) Go to EM (http://<host>:<port>/EMIn the left pane, deployments select Application1(your application)In the right pane, top dropdown select "System Mbean Browser->oracle.adf.share.connections->Server: AdminServer->Server: AdminServer->Application:<Appname>->ADFConnections"Right pane click "Operations->CreateConnection"Enter Connection Type as "BAMConnection"Enter the connection name same as the one defined in JdevClick "Invoke"Click "Return"Click on Operation->SaveNow in the ADFConnections in the navigator, select the connection just created and enter all the configuration details.Save and run the page. Enterprise Manager (Use these steps or the steps above if using 11gR1 PS1 or newer) Go to EM (http://<host>:<port>/EMIn the left pane, deployments select Application1(your application)In the right pane, click on "Application Deployment" to invoke to dropdown. In that select "ADF -> Configure ADF Connections"Select Connection Type as "BAM" from the drop downEnter Connection Type as to be the same as the one defined in JDevClick on "Create Connection". This should add a new row below under "BAM Connections"Select the new connection and click on the "Edit" icon. This should bring up a dialogSpecific appropriate values for all connection parameters - Username, password, BAM Server Host, BAM Server Port, Webtier Server Host, Webtier Server Port and BAM Webtier Protocol - and then click on OK to dismiss the dialogClick on "Apply"Run the page page.

Read the article

Using Managed Beans with your ADF Mobile Client Applications

- by [email protected]

Did you know it's easy to extend your ADF Mobile Client application with a Managed Bean just like it is with an ADF web application? Here's how: Using the New Gallery (File -> New), create a new Java class. This class should extend oracle.adfnmc.el.utils.BeanResolver. Add this java class as a managed bean: Go to your task flow, select the Overview tab at the bottom and go to the Managed Bean section. Add an entry and name your new Managed Bean and point to the java class you just created. Add your custom methods and properties to your java class Since reflection is not supported in the J2ME version on some platforms (BlackBerry), you need to provide dispatch code if you want to invoke/access any of your methods/properties from EL. Here's a sample: MyBeanClass.java Use Expression Language (EL) to access your properties and invoke your methods on your MCX pages. Here's an sample: <?xml version="1.0" encoding="UTF-8" ?><amc:view xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:amc="http://xmlns.oracle.com/jdev/amc"> <amc:form id="form0"> <amc:menuControl refId="menu0"/> <amc:panelGroupLayout id="panelGroupLayout1" width="100%"> <amc:panelGroupLayout id="panelGroupLayout2" layout="horizontal" width="100%"> <amc:image id="image1" source="logo_sm.png"/> <amc:outputText value="Home" id="outputText1" verticalAlign="center" fontSize="20" fontWeight="bold" foregroundColor="#ff0000"/> </amc:panelGroupLayout> <amc:commandLink text="#{MyBean.property1}" id="commandLink1" actionListener="#{MyBean.doFoo}" foregroundColor="#0000ff" action="patientlist"/> </amc:panelGroupLayout> </amc:form> <amc:menu type="main" id="menu0"> <amc:menuGroup id="menuGroup1"> <amc:commandMenuItem id="commandMenuItem1" action="exit" label="Exit" index="1" weight="0"/> </amc:menuGroup> </amc:menu></amc:view>

Read the article

Advice on selecting programming languages to concentrate on? (2nd year IT security student)

- by Tyler J Fisher

I'm in the process of considering which programming languages I should devote the majority of my coding studies to. I'm a 2nd year CS student, majoring in IT security. What I want to do/work with: Intelligence gathering Relational databases Virus design Snort network IPS Current coding experience (what I'm going to keep): Java - intermediate HTML5 - intermediate SQL (MySQL, Oracle 11g) - basic BASH - basic I'm going to need to learn (at least) one of the following languages in order to be successful in my field. Languages to add (at least 1): Ruby (+Metasploit) C++ (virus design, low-level driver interaction, computationally intensive applications) Python (import ALL the things) My dilemma: If I diversify too broadly, I won't be able to focus on, and improve in a specific niche. Does anyone have any advice as to how I should select a language? What I'm considering + why I'm leaning towards Ruby because of Metasploit support, despite lower efficiency when compared to Python. Any suggestions based on real-world experience? Should I focus on Ruby, Python, or C++? Both Ruby, and Python have been regarded as syntactically similar to Java which my degree is based around. I'm going to be studying C++ in two years as a component of my malicious code class. Thanks, Tyler

Read the article

Security Issue in LinkedIn – View any 3rd profile without a premium account.

- by Shaurya Anand

Originally posted on: http://geekswithblogs.net/shauryaanand/archive/2013/06/25/153230.aspxI discovered this accidently when my wife forwarded a contact on LinkedIn from her tablet, using the mobile interface of the website. On opening the contact on my desktop, I was surprised to see, I need to upgrade my account to view the contact. Doing some research along with my wife, I found this simple security vulnerability from LinkedIn that can let anyone view a contact’s full profile even when you have a “not upgraded” LinkedIn account and that the contact is a “3rd + Everyone Else”. Here’s an example of what I am talking about. I just made a random search on LinkedIn for a contact whose name starts with Sacha. Do note, this is just a walkthrough and I am not publicizing any Sacha. I check the “3rd + Everyone Else” and find a “LinkedIn Member”. On clicking this person’s profile to view, I am presented with the following page, asking me to upgrade. Make a note of this page’s web address and you get the profile id from it. For example, for this contact, the page address is: http://www.linkedin.com/profile/view?id=868XXX35 The Profile Id for this contact is 868XXX35. Now, open following page where the Profile Id is the same as the one we grabbed a moment earlier. https://touch.www.linkedin.com/?#profile/868XXX35 The mobile page exposes this contact information and you even get the possibility to connect to this person without an introduction mail (InMail). I hope someone from LinkedIn sees and issues a fix for this. I am pretty sure, it’s something that they don’t want the user to do without purchasing an upgrade package.

Read the article

How to manage security of these self hosted web apis, to ensure that the request coming for accessing data is authenticated?

- by Husrat Mehmood

Let's pretend I am going to work on an enterprise application. Say I have 11 modules in the application and I would have to develop Dashboards for every role in the organization for whom I are going to develop application. We Decided to use Asp.Net Web Api and return json data from our apis. We are going to include 11 Self hosted web apis projects in our application (one self hosted web api) for every module. All 11 modules are connected to one Sql server 2012 Database. Then once api is ready we would have to create Business Dashboards (Based upon roles in Organization). So Now my web api client is Asp.Net Mvc application.Asp.Net mvc will consume those web apis. Here is the part for whom all explanation is done. How should I manage Security of all 11 self hosted web apis? How should I only authenticated request is coming? If I authenticate user by login and password and then redirect user to appropriate Dashboard designed for the role that user have and load data by consuming web apis. How should I ensure that the request coming for accessing data is authenticated?

Read the article

what are some good interview questions for a position that consists of reviewing code for security vulnerabilities?

- by John Smith

The position is an entry-level position that consists of reading C++ code and identifying lines of code that are vulnerable to buffer overflows, out-of-bounds reads, uncontrolled format strings, and a bunch of other CWE's. We don't expect the average candidate to be knowledgeable in the area of software security nor do we expect him or her to be an expert computer programmer; we just expect them to be able to read the code and correctly identify vulnerabilities. I guess I could ask them the typical interview questions: reverse a string, print a list of prime numbers, etc, but I'm not sure that their ability to write code under pressure (or lack thereof) tells me anything about their ability to read code. Should I instead focus on testing their knowledge of C++? Ask them if they understand what a pointer is and how bitwise operators work? My only concern about asking that kind of question is that I might unfairly weed out people who don't happen to have the knowledge but have the ability to acquire it. After all, it's not like they will be writing a single line of code, and it's not like we are looking only for people who already know C++, since we are willing to train the right candidate. (It is true that I could ask those questions only to those candidates who claim to know C++, but I'd like to give the same "test" to everyone.) Should I just focus on trying to get an idea of their level of intelligence? In other words, should I get them to talk and pay attention to the way they articulate their thoughts, and so on?

Read the article

Ubuntu 12.04 - syslog showing "SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled"

- by Tom G

I have been seeing these random logs in syslog on our production system. There is no XFS setup. Fstab only shows local partitions, only EXT3 . There is nothing in crontabs either. The only file system related package I have installed is 'nfs-kernel-server' Kernel version is 3.2.0-31-generic . kernel: [601730.795990] SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled kernel: [601730.798710] SGI XFS Quota Management subsystem kernel: [601730.828493] JFS: nTxBlock = 8192, nTxLock = 65536 kernel: [601730.897024] NTFS driver 2.1.30 [Flags: R/O MODULE]. kernel: [601730.964412] QNX4 filesystem 0.2.3 registered. kernel: [601731.035679] Btrfs loaded os-prober: debug: running /usr/lib/os-probes/mounted/10freedos on mounted /dev/vda1 10freedos: debug: /dev/vda1 is not a FAT partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/10qnx on mounted /dev/vda1 10qnx: debug: /dev/vda1 is not a QNX4 partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/20macosx on mounted /dev/vda1 macosx-prober: debug: /dev/vda1 is not an HFS+ partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/20microsoft on mounted /dev/vda1 20microsoft: debug: /dev/vda1 is not a MS partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/30utility on mounted /dev/vda1 30utility: debug: /dev/vda1 is not a FAT partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/40lsb on mounted /dev/vda1 debug: running /usr/lib/os-probes/mounted/70hurd on mounted /dev/vda1 debug: running /usr/lib/os-probes/mounted/80minix on mounted /dev/vda1 debug: running /usr/lib/os-probes/mounted/83haiku on mounted /dev/vda1 83haiku: debug: /dev/vda1 is not a BeFS partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/90bsd-distro on mounted /dev/vda1 83haikuos-prober: debug: running /usr/lib/os-probes/mounted/90linux-distro on mounted /dev/vda1 os-prober: debug: running /usr/lib/os-probes/mounted/90solaris on mounted /dev/vda1 os-prober: debug: /dev/vda2: is active swap Why would this randomly show up? This also spawns multiple "jfsCommit" processes.

Read the article

??????????? - Java SE Embedded 8

- by kshimizu-Oracle

Java?OS??????1?????????????????????????????????3?????????????? HEAP: Java????????????????????????????????? NON-HEAP: NON-HEAP????JVM???????????????????Code Cache?Metaspace???2????????????? Code Cache: ????JIT??????????????????????????? Metaspace: HEAP?????????????????????????? JavaVM??????????: VM?????????????????? ??????????????? ????????????????????????????????????????????????????????????????????????? HEAP?Java Mission Control???????????????????? (????)? ????Java SE?????????????API????????????????????????????????????? Mission Control?????API?????????????????????????????????API??????????????? HEAP???????????? VM????????"-Xmx"???????????????? java.lang.Runtime.maxMemory(); ?????HEAP????????? ?????VM????????"-Xms"? ????????????? "-Xms"???????"-Xmx"?????????? java.lang.Runtime.totalMemory(); ???????????HEAP????????????? java.lang.Runtime.freeMemory(); ??NON-HEAP???????????? API??????????? Java Mission Control?????????? ????????????Java Mission Control??????????????????????? ????"NON_HEAP"?????????NON-HEAP?????? ???? HEAP????NON-HEAP?????????????? Java VM???????????????????????????????????????? ?????????????????????????????????? ????HEAP/NON-HEAP?????????????????????????? OS?????????????? Linux???????procfs?Java??????????????????? (VmHWM or VmRSS) ????? ????HEAP/NON-HEAP??????????????????????????? ?????????????????? ??????JVM?????????????????? ?????????????????JVM???????????????????? ???JVM?????? ????????????? Embedded??JVM?????????? ??Embedded???Oracle JVM??????CPU????????????????????????????????????????? ??????CPU??????????????????????????????????????? Minimal/Client/Server??JVM???????????????? ????JVM??????????????????? ??????Compact????????????????? ? 2 - 3?????? Concept Guide (http://docs.oracle.com/javase/8/embedded/embedded-concepts/basic-concepts.htm) ???????? ??JVM??????????? ????????????????????? -Xms: ??????????? ?????????? ?????????????????????????????????????????????????? -Xmx: ??????????? -XX:ReservedCodeCacheSize: Code Cache??????? ?) JIT??????????????Code Cache????????????0???????? -Xint: JIT??????????? ????????????? JIT?????????????????????? ????????????????? -Xss: ???????????????????? ????????????????????????? ????????????????????????????? -XX:CompileThreshold: JIT?????????????????????????????????? ?????????????????????? ????????? ?????????????????? Code Cache?????????? ?????????? ????????????????????? ????????????????????????? ??????????????????????? ?????????????????????

Search Results

Search found 25758 results on 1031 pages for 'oracle security'.

Page 518/1031 | < Previous Page | 514 515 516 517 518 519 520 521 522 523 524 525 | Next Page >

- by Rob P.

- by Jason

- by Azka

- by SaUce

- by PeAk

- by user80652

- by Camran

- by Camran

- by abc

- by embedded

- by Tamil

- by Ahmed Zain El Dein

- by GirishMoodalbail-Oracle

- by kshimizu-Oracle

- by ankita-13-3

- by Pratik

- by [email protected]

- by [email protected]

- by [email protected]

- by Tyler J Fisher

- by Shaurya Anand

- by Husrat Mehmood

- by John Smith

- by Tom G

- by kshimizu-Oracle

< Previous Page | 514 515 516 517 518 519 520 521 522 523 524 525 | Next Page >