Multiple Vendor URL JSP Request Source Code Disclosure Vulnerability

Similar Messages

• Selecting multiple images to edit the source code

  Hi. Does anyone know if there's a way to select multiple
  images in a table and change there source code. The reason why I
  ask is that I recently decided to organize my assets folder by
  adding subfolders. Naturally, this makes my images appear as broken
  links. It's a pretty big site that I'm working on and I would like
  to know if there is a faster way than just selecting them one by
  one.

  If you would have created the folders within DW itself (file
  management), and moved images from one
  folder to the other, the links would have been adjusted
  automatically. Carrying out changes like
  this outside of DW will create broken links as you have
  found.
  Did you backup the original site, if so, and have a lot of
  broken links, it maybe worthwhile, going
  back to the original and use the file management to
  rename/create new folders and move your assets
  that way.
  Nadia
  Adobe® Community Expert : Dreamweaver
  Unique CSS Templates |Tutorials |SEO Articles
  http://www.DreamweaverResources.com
  CSS Tutorials for Dreamweaver |
  http://www.adobe.com/devnet/dreamweaver/css.html
  "lordcornwallis" <[email protected]> wrote
  in message
  news:gpqni2$3io$[email protected]..
  > Hi. Does anyone know if there's a way to select multiple
  images in a table and
  > change there source code. The reason why I ask is that I
  recently decided to
  > organize my assets folder by adding subfolders.
  Naturally, this makes my
  > images appear as broken links. It's a pretty big site
  that I'm working on and
  > I would like to know if there is a faster way than just
  selecting them one by
  > one.
  >

• Use flash charts from multiple base URLs

  My APEX apps are hosted by a shared service provider who uses a front end proxy. Following the instructions in this forum, I was able to get flash charts to work by substituting my client URL for #HOST#.
  Example, Change:
  <embed src="#IMAGE_PREFIX#flashchart/
  #CHART_TYPE#.swf?XMLFile=#HOST#apex_util.flash?p=&APP_ID.:5:&APP_SESSION.:FL
  OW_FLASH_CHART_R#REGION_ID#"
  to
  <embed src="#IMAGE_PREFIX#flashchart/#CHART_TYPE#.swf?XMLFile=
  http://mydomain.hostingcompany.com/pls/apex/apex_util.flash?p=&APP_ID.:5:&APP
  _SESSION.:FLOW_FLASH_CHART_R#REGION_ID# "
  I changed this base url in multiple locations in the chart source code and the charts now work.
  THE PROBLEM
  Users access the site via a public domain http://www.xyz.com. In order to get the charts to work I then need to change #HOST# to http://www.xyz.com/pls/apex. Then they no longer work when accessing via http://mydomain.hostingcompany.com/pls/apex.
  Is there some way to get the charts to work irrespective of which path users take to get to the site?
  ANOTHER PROBLEM
  Though the above fix works for stand alone flash charts it does not work for the charts in interactive reports or the sample charts displayed when using the chart builder wizard in the application builder.
  Is there somewhere to change in order to get the sample charts in the create chart wizard in application builder and/or the charts in interactive reports?

  Hello,
  Take a look at this thread -
  Re: #HOST# variable at Flash chart region source
  Which discusses the issue.
  John.
  http://jes.blogs.shellprompt.net
  http://www.apex-evangelists.com

• Vendor Down Payment Request on WBS (F-47)

  Dear Fellows:
  I have came across a problem that while creating a Vendor Down Payment request (T.code: F-47) on WBS, my system is not stoping me over budget exhaust. I have Budget of 100  and i create request for 101, system allows it and post the document.
  Vice Versa if i create a Vendor Down Payment request over Commitment iten, then system check the budget and generates message.
  any good solution to it would highly be appreciable.
  Regards.

  Hi,
  The budget availability check is done only against the assigned values and
  Following entried does not contribute to the Assigned value
      V: Value type not relevant (<> Act./Plan/Stat.Act./Stat.Plan/Commt)
      D: Delivery
      S: Settlement to object with no budget control
      R: Revenue cost element
      C: Cost element is exempt cost element
      M: Minimum from actual + commitment and plan per order value update
      P: Plan value is not on apportioned order / network
      B: Plan Costing Single Position
      S: Funds Commitment in Balance
  So the down payment is not covered for the calculation of the assigned value.
  Hence no check is carried out for the Availability check.
  hope its useful.
  Reward points if useful.
  Thanks..

• Instead of requested page source code is getting populated in WAS 6.1.0.15

  Hi All,
  I'm trying to bring up an application using jnlp.please find below the source code for the same.
  When i deploy the application in WAS 6.1.0.0, i'm able to bring up the application without any issue.
  But other than 6.1.0.0 if i deploy the same war file in any other WAS server, itz just showing the source code when i request for href in the browser.
  Kindly some one help me to resolve this.
    <?xml version="1.0" encoding="UTF-8" ?>
  - <jnlp spec="1.0+" codebase="http://10.66.193.212:9080/<appname>/">
  - <information>
    <title> Application name</title>
    <vendor>vendor</vendor>
    <homepage href="/RSA" />
    <description>JNLP Application for <appname></description>
    </information>
    <offline-allowed />
  - <security>
    <all-permissions />
    </security>
  - <resources>
    <j2se version="1.4+" />
    <jar href="appname.jar" />
    <extension name="jcalendar" href="jcalendar.jnlp" />
    <extension name="jcommon" href="common.jnlp" />
    <extension name="jfreechart" href="jfreechart.jnlp" />
    </resources>
    <application-desc main-class="a.b.c.d.mainclass" />
    </jnlp>Thanks in advance,
  siva.

  Type must be registered with jnlp extension so that content type is set (in the header with value application/x-java-jnlp-file), this should be done in httpd.conf (with an AddType), you can google for it or ask any server administrator for it, should be something like:
  AddType  .jnlp application/x-java-jnlp-fileMaybe you can give a look at working httpd.conf (on 6.1.0.0 searching for 'application/x-java-jnlp-file') and copy/paste in other configs.
  Bye.

• How can one encrypt the source code of a given web page(html, jsp, etc.) ?

  Good Day! I'm just having a hard time of thinking how to encrypt the source code of a given web page(html, jsp, etc.) without affecting how it is previewed in an Internet Browser. What I plan is to disable the capabilities of some malicious Internet users of copying the source codes of my web pages by using the "View Source" option of Internet Explorer and the equivalent function in Netscape Navigator. Please somebody help me in this matter (I'm planning to use an IDEA algorithm using JCE)....
  It would be big help if a running code is supplied.
  Thank you very much in advance.
  God Bless!!!
  - Jonathan Untalan([email protected])

  don't know theses softs. What i know about encrypted web pages, is that you need a secure socket connection (https).
  Your web page will be ciphered, send to the user, and decipher by the browser with the signature file associated to your https connexion.
  It isn't possible to encrypt your page directly, and then decrypt them when requested.
  For the download time, only the server is responsible for this.
  if it is overloaded, then it will slow down its upload.
  Maybe you use some encryption method that require a lot of CPU time.
  For summary : you can only cipher the pipe transport, but not the transported pages.
  Good luck in your search.

• Report to identify multiple vendors in source list?

  is there a standard t-code that may list multiple vendors (if they exist) for a range of source lists?  better to solve with abap query?
  (ex. say there are 1250 materials and want a list of source lists, with vendors or even one vendor if it only has one)
  thanks all
  Edited by: strat on Mar 27, 2008 10:41 PM

  Hi
  Try following report
  ME0M - Source List for Material
  Vishal...

• Dynamically generate JSF Source code in a JSP

  Hi,
  I have a JSP and instead of writing the JSF source Code like:
  <h:inputText
  styleClass="entryInput"
  id="textNumberOfServerMachinesInput"
  value="#{DataAccess.value}"
  valueChangeListener="#{InputValueChanged.processValueChange}">
  </h:inputText>
  manually in the jsp I want the JSF source code to be added dynamically to the jsp.
  So what I want is including a tag in the jsp and this tag generates JSF source code like seen above.
  This source code should then be treated just the way it would be if I had written it manually in the JSP. This means that the dynamically generated JSF code must be interpreted and all Listeners and Beans work just fine.
  How can I make this???

  Hi,
  I have a smiliar problem:
  JSP:
  <h:panelGrid binding="#{fileUploadGrid.panelGrid}">
     <%-- emty in jsp --%>
  </h:panelGrid>The panel should be populated with items the backing bean creates in source code:
  FileUploadGrid.java
  public void setUploadFieldNumber(int uploadFieldNumber) {
      this.uploadFieldNumber = uploadFieldNumber;
      this.refresh();
  private void refresh() {
      if (this.panelGrid == null)
        this.createPanelGrid();
      List children = this.panelGrid.getChildren();
      children.clear();
      for (int i = 0; i < this.uploadFieldNumber; i++) {
        HtmlOutputText out = new HtmlOutputText();
        out.setTitle("Image " + i);
        out.setRendered(true);
        HtmlInputText in = new HtmlInputText();
        children.add(out);
        children.add(in);   
  private void createPanelGrid() {
      this.panelGrid = new HtmlPanelGrid();
      this.panelGrid.setColumns(2);
      this.panelGrid.setCellpadding("1");
      this.panelGrid.setBorder(1);
      this.panelGrid.setWidth("50%");
      this.panelGrid.setRendered(this.isRendered());
  public void setPanelGrid(HtmlPanelGrid panelGrid) {
      this.panelGrid = panelGrid;
    public HtmlPanelGrid getPanelGrid() {
      return this.panelGrid;
  }The backing bean is initialized in faces-config.xml:
  <managed-bean>
    <managed-bean-name>fileUploadGrid</managed-bean-name>
    <managed-bean-class>org.smi.pte.isf.FileUploadGrid</managed-bean-class>
    <managed-bean-scope>request</managed-bean-scope>
    <managed-property>
      <property-name>rendered</property-name>
      <value>true</value>
    </managed-property>
    <managed-property>
       <property-name>uploadFieldNumber</property-name>
       <value>6</value>
    </managed-property>
  </managed-bean>The problem is: although the debug output of the faces framework (I use it along with Tomcat) shows that the in- and output fields are added correctly to the panel, the page remains empty at display.
  Thanks in advance for any help.
  F. Eckhardt

• How to protect JSP source code on the Server Side ?

  I am new on JSP. I Already know about various Web and Desktop technologies but is the first time on JSP. I know ASP for example.
  Well, about .NET platform, it protects my source code on the server, the source code is compiled and on the server, only the compiled file are installed, my source code stay with me...
  About JSP, how it works about ? Is possible to hide my source code too ? What the technique to hide the codes ? I need to prevent access to my source codes...
  Roberto

  roberto.novakosky wrote:
  About .exe files, do you know if a java class is more easy or dificult to do reverse engineering ?Depends on who your enemy is. If it's for example a hacker with a lot of C knowledge but zero of Java knowledge, reverse engineering .exe would be easier than .class. If one was interested, one would always take time to learn how to decompile the one or other. Making files secure is a waste of time. It's always "hackable".
  If there was a proof of concept, no one major software vendor would have had so much problems with piracy and cracks/keygens. Think about it once again. It's simply impossible. Just have a clear EULA and actually make work of it whenever you discovers if someone breaks your EULA.
  I was thinking about, the .JSP can be converted to servlet .java, and converted to .class, this way hide the source code.Once again, one could still decompile it (or reverse engineer, so you call).

• Super 1.5 - source code level tracing for EJB, JSP and others

   

  Would you want to try new installation for Super 1.6?
  Please visit www.acelet.com
  Thanks.
  "Dominique Jean-Prost" <[email protected]> wrote:
  If only your installation tool was easy to use ...
  dom
  "Wei Jiang" <[email protected]> a écrit dans le message news:
  [email protected]...
  Super supports source code level tracing for Java and JSP!
  Announcement: Super 1.5 - an EJB/J2EE monitoring tool with
  SuperPeekPoke
  SuperLogging
  SuperStress
  SuperEnvironment
  It is free for development.
  You can anomyously down load it from:
  http://www.acelet.com.
  Super is a component based administration tool for EJB/J2ee.
  It provides built-in functionality as well as
  extensions, as SuperComponents. Users can install
  SuperComponents onto it, or uninstall them from it.
  Super has the following functions:
  * A J2EE/EJB monitor.
  * A gateway to EJB servers from different vendors.
  * A framework holding user defined SuperComponents.
  * A PeekPoke tool to read/write attributes from EJBs.
  * A full-featured logging/tracing tool for centralized, chronologicallogging.
  * A Stress test tool.
  * A global environment tool.
  It is written in pure Java.
  The current version support:
  * Universal servers.
  * Weblogic 5.1
  * Weblogic 6.0
  What is new:
  Version 1.50 August, 2001
  Enhancement:
  1. Source code level tracing supports EJB, JSP, java helper and other
  programs which are written in native languages (as long as you
  write correct log messages in your application).
  2. Redress supports JSP now.
  3. New installation with full help document: hope it will be easier.
  4. Support WebSphere 4.0
  Version 1.40 June, 2001
  Enhancement:
  1. Add SuperEnvironment which is a Kaleidoscope with TableView,TimeSeriesView
  and PieView for GlobalProperties.
  GlobalProperties is an open source program from Acelet.
  2. SuperPeekPoke adds Kaleidoscope with TableView, TimeSeriesView andPieView.
  Changes:
  1. The structure of log database changed. You need delete old installationand
  install everything new.
  2. The format of time stamp of SuperLogging changed. It is not localedependent:
  better for report utilities.
  3. Time stamp of SuperLogging added machine name: better for clusteringenvironment.
  Bug fix:
  1. Under JDK 1.3, when you close Trace Panel, the timer may not bestopped
  and
  Style Panel may not show up.
  Version 1.30 May, 2001
  Enhancement:
  1. Add ConnectionPlugin support.
  2. Add support for Borland AppServer.
  Version 1.20 April, 2001
  Enhancement:
  1. Redress with option to save a backup file
  2. More data validation on Dump Panel.
  3. Add uninstall for Super itself.
  4. Add Log Database Panel for changing the log database parameters.
  5. Register Class: you can type in name or browse on file system.
  6. New tour with new examples.
  Bug fix:
  1. Redress: save file may fail.
  2. Install Bean: some may fail due to missing manifest file. Now, itis
  treated
  as foreign beans.
  3. Installation: Both installServerSideLibrary and installLogDatabasecan
  be worked
  on the original file, do not need copy to a temporary directory anymore.
  4. PeekPoke: if there is no stub available, JNDI list would be emptyfor
  Weblogic5-6.
  Now it pick up all availble ones and give warning messages.
  5. Stress: Launch>Save>Cancel generated a null pointer exception.
  Changes:
  1. installLogDatabase has been changed from .zip file to .jar file.
  2. SuperLogging: If the log database is broken, the log methods willnot
  try to
  access the log database. It is consistent with the document now.
  3. SuperLogging will not read system properties now. You can put logdatabase
  parameters in SuperLoggingEJB's deployment descriptor.
  Version 1.10 Feb., 2001
  Enhancement:
  1. Re-written PeekPoke with Save/Restore functions.
  2. New SuperComponent: SuperStress for stress test.
  3. Set a mark at the highlighted line on<font size=+0> the Source Code
  Panel (as a work-a-round for JDK 1.3).</font>
  4. Add support for WebLogic 6.0
  Bug fix:
  1. Uninstall bean does physically delete the jar file now.
  2. WebLogic51 Envoy may not always list all JNDI names. This is fixed.
  Version 1.00 Oct., 2000
  Enhancement:
  1. Support Universal server (virtual all EJB servers).
  2. Add Lost and Found for JNDI names, in case you need it.
  3. JNDI ComboBox is editable now, so you can PeekPoke not listed JNDIname
  (mainly
  for Envoys which do not support JNDI list).
  Version 0.90: Sept, 2000
  Enhancement:
  1. PeekPoke supports arbitrary objects (except for Vector, Hashtable
  and alike) as input values.
  2. Reworked help documents.
  Bug fix:
  1. Clicking Cancel button on Pace Panel set 0 to pace. It causes
  further time-out.
  2. MDI related bugs under JDK 1.3.
  Version 0.80: Aug, 2000
  Enhancement:
  1. With full-featured SuperLogging.
  Version 0.72: July, 2000
  Bug fix:
  1. Ignore unknown objects, so Weblogic5.1 can show JNDI list.
  Version 0.71: July, 2000
  Enhancement:
  1. Re-worked peek algorithm, doing better for concurent use.
  2. Add cacellable Wait dialog, showing Super is busy.
  3. Add Stop button on Peek Panel.
  4. Add undeploy example button.
  Bug fix:
  1. Deletion on Peek Panel may cause error under JDK 1.3. Now it worksfor
  both
  1.2 and 1.3
  Version 0.70: July, 2000
  Enhancement:
  1. PeekPoke EJBs without programming.
  Bug fix:
  1. Did not show many windows under JDK 1.3. Now it works for both 1.2and
  1.3
  Changes:
  1. All changes are backward compatible, but you may need to recompilemonitor
  windows defined by you.
  Version 0.61: June, 2000
  Bug fix:
  1. First time if you choose BUFFER as logging device, message willnot
  show.
  2. Fixed LoggingPanel related bugs.
  Version 0.60: May, 2000
  Enhancement:
  1. Add DATABASE as a logging device for persistent logging message.
  2. Made alertInterval configurable.
  3. Made pace for tracing configurable.
  Bug fix:
  1. Fixed many bugs.
  Version 0.51, 0.52 and 0.53: April, 2000
  Enhancement:
  1. Add support to Weblogic 5.1 (support for Logging/Tracing and
  user defined GUI window, not support for regular monitoring).
  Bug fix:
  1. Context sensitive help is available for most of windows: pressF1.
  2. Fix installation related problems.
  Version 0.50: April, 2000
  Enhancement:
  1. Use JavaHelp for help system.
  2. Add shutdown functionality for J2EE.
  3. Add support to Weblogic 4.5 (support for Logging/Tracing and
  user defined GUI window, not support for regular monitoring).
  Bug fix:
  1. Better exception handling for null Application.
  Version 0.40: March, 2000
  Enhancement:
  1.New installation program, solves installation related problems.
  2. Installation deploys AceletSuperApp application.
  3. Add deploy/undeploy facilities.
  4. Add EJB and application lists.
  Change:
  1.SimpleMonitorInterface: now more simple.
  Version 0.30: January, 2000
  Enhancement:
  1. Add realm support to J2EE
  2. Come with installation program: you just install what you want
  the first time you run Super.
  Version 0.20: January, 2000
  Enhancement:
  Add support to J2EE Sun-RI.
  Change:
  1. Replace logging device "file" with "buffer" to be
  compliant to EJB 1.1. Your code do not need to change.
  Version 0.10: December, 1999
  Enhancement:
  1. provide SimpleMonitorInterface, so GUI experience is
  not necessary for developing most monitoring applications.
  2. Sortable table for table based windows by mouse
  click (left or right).
  Version 0.01 November., 1999:
  1. Bug fix: An exception thrown when log file is large.
  2. Enhancement: Add tour section in Help information.
  Version 0.00: October, 1999
  Thanks.

• URL source code

  I want to make an internet explorer, i am facing a problem at this time:
  how can i get the source code that an explorer is getting from the sites. whena user hits on a url then the website sends information that i want to get uptill now i can only get the HTML code by using
  URL u = new URL("http://www.yahoo.com/");
  InputStream in= u.openStream();
  in = new BufferedInputStream(in);
  Reader r =new InputStreamReader(in);
  int c;
  while((c=r.read()) != -1)
  System.out.print((char) c);
  but it is not the thing that i required. i did another attempt by URLConnection, but it give exception of unknown host server exception, at runtime.

  but it is not the thing that i required. i did another
  attempt by URLConnection, but it give exception of
  unknown host server exception, at runtime.Just to be clear.
  A browser sends a request to a web server. A web server returns a response to the browser. To create the response the web server might run some code.
  All you have access to is what you send to the server and the response that it sends back. There is no way for you to get to the code that the server runs to generate your response.
  Some response sent to a browser can contain code (that is not the same as the code that runs on the server.) That is how an applet works. But that is part of the response.

• One cheque for multiple vendors in diff comp codes

  Good day all
  My client wants to pay multiple vendors in multipe company codes with one cheque.
  Ex.1.  Vendor 123 in Comp code 1
            Vendor 555 in Comp code 2
            Vendor 789 in Comp code 3
            Must all be paid with one cheque to Vendor 987 in Comp code 1.
  OR
  2. Vendor 123 in Comp 1
      Vendor 123 in Comp 2
      Vendor 123 in Comp 3
      Must all be paid with one cheque to Vendor 123 in Comp code 1.
  Only ONE cheque in both cases must be created.
  Is this at all possible with F110, check payments?
  Any advice or ideas would be greatly appreciated.
  Regards
  Louise

  HI,
  Do vendor transfer posting from one to another company code that transfer remaining two vendors to one main vendor through cross company transaction and then clear the open items of remaining two vendors. And run F110 for Main vendor to whom who want to print cheque.

• How to convert the source code in JSP,HTML&BEANS into executable files?

  Sir,
  We are developing one s/w product in JSP,HTML&BEANS.Now we are in the implementation phase.During the time of Installation,without copying our source code in the customer's site I want to copy the executable files of the entire source codes? Is it possible in JSP,HTML&BEANS?

  In theory you can do it even with JSP but the you will be unable to run it on the standard JSP engine. :-)
  From other hand, all critical logic should be in the Java Beans or at least in custom tags but not in the JSP code. Then you can protect that code and leave JSP open because there is nothing to steal or break.

• Login Box example and source code on adf struts and JSP

  Dear all..
  I want to make application using ADF struts and JSP using oracle 10g Jdeveloper.
  The user should login into the login box and verify everyone who has right to enter the home.jsp.
  Anybody could help me with the source code as well as the step by step explanation...
  I'm looking forward the help...

  http://www.oracle.com/technology/products/jdev/collateral/papers/10g/reviewer/viewlets/reviewer_struts_viewlet_swf.html

• How to reveal JSP source code

  I was just wondering if the source code of a JSP page can be viewed any way?
  The JSP gets translated to a servlet, which pretty much generates HTML and only that is visible to the client browser but is there a way around it?
  E.g. would be secure/suicidal to include usernames and passwords to the JSP source code?
  I would greatly appreciate any feedback.

  The HTML delivered will contain only the output from JSP execution -- you're safe there.
  Every JSP when it is compiled produces a .java file that contains that actual servlet code. There is a risk of a user finding that and downloading it. To avoid this, you want to do one or more of the following:
  1. Turn off the server's retaining of this .java file (it's basically a debugging tool).
  2. Ensure that the .java files are created in a directory that is not accessible via the browser (i.e. outside of docroot).
  3. Apply file system permissions to the directory the files are created in such that they cannot be accessed from the web.
  #1 and #2 should be pretty easily configurable in your application server's settings. #3 is trickier, as you have to set the permissions such that the server can access them, but a web user can't.