Url security issue

Hello All,
here is my problem hopefully someone can help...
i have a globalhome.jsp page that asks general users these are members of the public...to enter an order number and their postcode...to track the status of their order...
this is the code in my jsp page that lets the user log in..
<af:commandButton text="Track Order"
disabled="#{!bindings.ExecuteWithParams.enabled}"
binding="#{backing_webPages_globalHome.commandButton1}"
id="searchButton"
action="#{backing_webPages_globalHome.searchButton_action}"/>
in the java backing bean i have code that basically checks to see if the details are correct then it redirects them to the home.jsp page that shows the order details...
this all works fine...
my problem is...
if i hit a button to back to the globalhome.jsp all the details are cleared from the textboxes (which is correct)
however at this stage where the login page has blank fields...if i type in the url ......../Pages/Home.jsp i am directed to the home page where the previous order details are displayed (which is wrong..)
how can i stop a user from seeing a page if they have not been directed to it through an action behind a button?
hope this makes sense....

i have tried adding the pages into the web-inf folder the same way i created them in the past however when i come to run the page i get a "Webpage cannot be found error"
this is my url ...
http://localhost:8989/xxxxxxx-ViewController-context-root/faces/WEB-INF/pages/test.jsp
do i need to do this in a specific way to hold them in the webinf?

Similar Messages

  • Can I create a form that doesn't trigger Acrobat's JavaScript disabled / security issues warning?

    Hello,
    Can I create a pdf that doesn't trigger Acrobat's JavaScript is currently disabled and this document uses it for some features.  Enabling JavaScript can lead to potential security issues.
    I even get this error when I create a blank pdf.
    I'm not using any JavaScript in the form and the nature of the message might tend to be a bit scary to some people since it mentions enabling JS can lead to potential security issues.  I basically want to disable the messaging of a feature I'm not even using.
    Anyone know if this is possible and if so, how I go about it?
    Thank you.

    Hi,
    I too share your frustration!!
    Unfortunately I do not have a complete answer for you.
    From the start I must say that Stefan Cameron has been very helpful (http://forms.stefcameron.com/2010/01/14/acrobatreader-9-3-now-available/), however I have not had sufficient time available to deal with the issue (or find a satisfactory resolution).
    The original post that Srini shared with you related to an XFA form that had FormCalc and Javascript in it. I will now share with you another situation that is closer to your experiences.
    Sometimes where we have a complex solution/form, we often give our users a PDF with instructions and demonstrations. We generate these using Adobe products:
    LiveCycle Designer ES to generate the solution/form;
    Captivate to record the demonstration (.swf);
    Acrobat to package it up in a static PDF.
    The screen shots below are from a PDF that includes written instructions and six Flash (.swf) files. The PDF does NOT include fields/form objects and does NOT include any FormCalc or Javascript.
    One of the big sells in Acrobat 9 was that Adobe had fully integrated Flash (Adobe product, ex. Macromedia) into Acrobat 9. This mean that .swf files could run natively inside a PDF. Brilliant!!!  The website today is still pushing this message, for example:
    Now bear in mind that the following screenshots are from a PDF that does not contain any scripting - its sole purpose is to "inform" the user, "look as good as the work I put into it", incorporate instruction and "multimedia" in a "single polished file" and I should be "confident that my audience will be able to view my work exactly as intended".
    Not so!!
    When the user now opens the form, all looks OK. No warning. They can read the instructions and scroll down to the multimedia (.swf files).
    However when the user clicks on the multimedia, the yellow bar appears:
    I go through the "trust" process:
    And the PDF looks like it is OK, no yellow bar. When I click on the multimedia, it begins to play - yes!! BUT ONLY FOR A SECOND OR TWO AND THEN IT STOPS AND GOES BACK TO THE START - AGGGGHHHHHHH!!!!!. I would apologise for shouting, but this is beyond frustration. The work in capturing six screencasts in Captivate, annotating them, publishing to .swf and packaging up in Acrobat has been a complete waste of time. Worse than that I now have several PDFs out there, that do not work. Good advertisement for my business? I don't think so!!
    The document that Stefan provided (Managing JavaScript Execution in the Acrobat Family of Products) does not mention Flash/.swf as being a problem. However I would recommend that you go through this document, as it may help you.
    So, where to now? I don't know. The previous posts and Stefan's responses have several urls that may help. You should maybe consider logging your experiences as a bug (log at Adobe).
    In the meantime good luck,
    Niall
    UPDATE:
    This behaviour (.swf playing for only a few seconds) happens in PDFs where the .swf is inserted as legacy media to run in earlier versions of Acrobat/Reader. In this case Acrobat/Reader is making an external call to Flash Player. Hence the yellow bar. However it does not explain why the Flash video still does not play when trusted.
    If the .swf is added into the PDF as Flash media to run on Acrobat 9 and above, then it works without displaying the yellow warning bar.
    So maybe any feature of your PDF that calls an external resource is likely to show the yellow warning bar.

  • Samba 3.2.6 patch for security issue

    I know the security issue is hard to trigger, but I created a new PKGBUILD for samba 3.2.6 containing the patch.
    Excerpt from the patch commentary:
    commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410
    Author: Michael Adam <[email protected]>
    AuthorDate: Thu Dec 18 18:01:55 2008 +0100
    Commit: Karolin Seeger <[email protected]>
    CommitDate: Fri Dec 19 08:30:23 2008 +0100
    smbd: prevent access to root filesystem when connecting with empty service name
    This only applies to a setup with "registry shares = yes"
    Michael
    And here's the PKGBUILD:
    # $Id: PKGBUILD 22200 2008-12-22 22:24:26Z tpowa $
    # Maintainer: judd <[email protected]>
    pkgname=samba
    pkgver=3.2.6
    # We use the 'A' to fake out pacman's version comparators. Samba chooses
    # to append 'a','b',etc to their subsequent releases, which pamcan
    # misconstrues as alpha, beta, etc. Bad samba!
    _realver=3.2.6
    pkgrel=2.1
    pkgdesc="Tools to access a server's filespace and printers via SMB"
    arch=(i686 x86_64)
    url="http://www.samba.org"
    license=('GPL3')
    backup=(etc/logrotate.d/samba etc/pam.d/samba etc/samba/smb.conf etc/xinetd.d/swat etc/conf.d/samba)
    depends=('db>=4.7' 'popt' 'libcups' 'acl' 'libldap' 'smbclient=3.2.6' 'libcap' 'heimdal>=1.2-1' 'pam' 'fam' 'gnutls>=2.4.1' 'tdb=3.2.6')
    options=(!makeflags)
    source=(http://us1.samba.org/samba/ftp/stable/${pkgname}-${_realver}.tar.gz \
    no-clients.patch samba samba.logrotate swat.xinetd samba.pam samba.conf.d \
    ftp://us1.samba.org/pub/samba/patches/security/samba-3.2.6-CVE-2009-0022.patch)
    build() {
    cd ${srcdir}/${pkgname}-${_realver}/source
    patch -Np2 -i ${srcdir}/no-clients.patch || return 1
    patch -Np2 -i ${srcdir}/samba-3.2.6-CVE-2009-0022.patch || return 1
    ./configure --prefix=/usr --with-configdir=/etc/samba \
    --with-lockdir=/var/cache/samba \
    --with-piddir=/var/run/samba \
    --with-fhs --with-pam --with-ads --with-acl-support \
    --without-cifsmount --without-libsmbclient \
    --with-syslog --with-pam_smbpass \
    --localstatedir=/var --disable-dnssd --libdir=/usr/lib/samba
    make || return 1
    mkdir -p ${pkgdir}/var/log/samba
    mkdir -p ${pkgdir}/etc/samba/private
    chmod 700 ${pkgdir}/etc/samba/private
    make DESTDIR=$startdir/pkg install
    chmod 644 ${pkgdir}/usr/include/*.h
    rm -rf ${pkgdir}/usr/var
    (cd script; cp installbin.sh i; cat i | sed 's/\/sbin\///' > installbin.sh)
    install -D -m755 ../../samba ${pkgdir}/etc/rc.d/samba
    install -D -m644 ../../samba.conf.d ${pkgdir}/etc/conf.d/samba
    mkdir -p ${pkgdir}/etc/samba
    cat ../examples/smb.conf.default | \
    sed 's|log file = .*$|log file = /var/log/samba/log.%m|g' >${pkgdir}/etc/samba/smb.conf.default
    install -D -m644 ../../samba.logrotate ${pkgdir}/etc/logrotate.d/samba
    install -D -m644 ../../swat.xinetd ${pkgdir}/etc/xinetd.d/swat
    install -D -m644 ../../samba.pam ${pkgdir}/etc/pam.d/samba
    # symlink libs
    for i in ${pkgdir}/usr/lib/samba/libsmbshare*; do
    ln -sf samba/$(basename $i) ${pkgdir}/usr/lib/$(basename $i)
    done
    # spool directory
    install -d -m1777 ${pkgdir}/var/spool/samba
    sed -i 's|/usr/spool/samba|/var/spool/samba|g' ${pkgdir}/etc/samba/smb.conf.default
    # fix logrotate
    sed -i -e 's|log.%m|%m.log|g' ${pkgdir}/etc/samba/smb.conf.default
    # nsswitch libraries
    install -D -m755 nsswitch/libnss_wins.so ${pkgdir}/lib/libnss_wins.so
    ln -s libnss_wins.so ${pkgdir}/lib/libnss_wins.so.2
    install -D -m755 nsswitch/libnss_winbind.so ${pkgdir}/lib/libnss_winbind.so
    install -D -m755 bin/pam_winbind.so ${pkgdir}/lib/security/pam_winbind.so
    # remove conflict files of smbclient and tdb
    for man in libsmbclient smbspool \
    umount.cifs mount.cifs net; do
    rm -f ${pkgdir}/usr/share/man/man8/${man}.8
    done
    for i in libnetapi* libtdb* libtalloc* libwbclient*; do
    rm -f ${pkgdir}/usr/lib/samba/$i
    done
    rm -f ${pkgdir}/usr/bin/tdbbackup
    rm -f ${pkgdir}/usr/include/{tdb.h,talloc.h,netapi.h}
    for man in rpcclient smbcacls smbclient smbcquotas \
    smbtree smbtar nmblookup smbget; do
    rm -f ${pkgdir}/usr/share/man/man1/${man}.1
    done
    rm -f ${pkgdir}/usr/share/man/man7/libsmbclient.7
    rm -f ${pkgdir}/usr/include/libsmbclient.h
    md5sums=('0cd27c7afbb8211616eea4010f32271c'
    'a676f0dde2c434aeb5125376b8797a64'
    'e93533fa2296c07c1f645dfdd373657f'
    '5697da77590ec092cc8a883bae06093c'
    'a4bbfa39fee95bba2e7ad6b535fae7e6'
    '96f82c38f3f540b53f3e5144900acf17'
    'f2f2e348acd1ccb566e95fa8a561b828'
    'e15ab37115101cf3a8d110f0c1f8e29e')
    I think a security task force should be initiated (I know discussions existed, but I don't know what were the consequences), so that important packages (like those providing services) could be updated in a timely manner. This is a minor issue as I stated earlier, but it could be worse. Those interested, let's initiate a discussion with the developers of important packages and try to get some things working. People (mostly trusted users) who can generate early packages are welcome, so that they can provide early versions of unvulnerable packages.

    ckristi wrote:I don't know about other packages, but I believe when I checked the PKGBUILD for PHP, that the security fix was included in 5.2.7.
    Check http://repos.archlinux.org/viewvc.cgi/p … iew=markup for more info.
    And don't get me wrong, I am a little bit concerned about the way vulnerabilities are treated in Arch, 'cause my home server is running this distro.
    And I really would think we should start some serious discussions about this security issues and the way they should be treated. I know the developers are doing their best and I'm not going to put fingers at all. They should be helped in maintaining packages for important services. We'll benefit from it and their tasks would be easier.
    Why don't you start a wiki page tracking the latest vulnerabilities disclosed on various security mailing lists which are not fixed in arch. This will make it much easier for the devs.
    This thing has been already discussed multiple times and already a wiki page exists for Arch Security Team but it seems nobody followed up with that.
    http://wiki.archlinux.org/index.php/Security_Task_Force

  • Problems with Flash Security issues and Captivate projects

    Hello,
    We're putting together a flash based eLearning course that has been created primarily in Adobe Captivate with flash plugins. The course consists of several modules, all which are embedded into HTML files that are linked to each other.
    Our client wants the project on a CD, which is starting to create some problems. Everytime the project goes to open another HTML/flash page, the security issue comes up that mentions that the flash player is trying to communicate to the internet.
    Now usually the way to get around this is to go into the security settings and add the CD as an accepted URL - however we can't do this for several reasons. The main one is that we are encasing it within Firefox Portable (included within the CD and as such, read only) and the computers it is being used on may not be connected to the internet.
    Any idea how we can get around this? Are the flash player settings stored somewhere locally on your computer, and can we configure them there? (perhaps through an ini or something) to place on the CD with the plugin for Firefox Portable? Is there a simpler way to address this that we're just not seeing?
    Thanks,

    Hi there
    I agree with Michael.
    Server2Go is also what I'd have offered. The mention of Firefox portable sound intiguing, but I'm really skeptical that it will do what is needed in this case.
    In case it will help, here are some steps for Server2Go.
    Download the Server2Go software from http://www.server2go-web.de/download/download.html
    Choose the Micro package
    This should result in receiving a zip file named distribute_apache1.3_micro.zip
    Unzip the contents of the zip file to the root of your hard drive ( C:\ )
    This should create a folder named distribute_apache1.3_micro
    Open this folder and delete the following files and folders inside:
    Files:
    splash.bmp
    logo.ico
    readme.txt
    Folders:
    dlls
    dbdir
    cgi-bin
    Open the htdocs folder and delete all files and folders inside.
    Copy all of your Captivate output files to the htdocs folder
    Rename the HTML page Captivate created to index.htm
    Copy the contents of the distribute_apache1.3_micro folder to the CD-ROM and test!
    Hopefully this helps... Rick
    Click here for Adobe Certified Captivate and RoboHelp HTML Training
    Click here for the SorcerStone Blog
    Click here for RoboHelp and Captivate eBooks

  • Security issue with Syndication?

    I'm using the Syndication package to retrieve MediaRSS XML feeds - using FeedLoadTrait. I've got an error while loading a remote feed when the SWF is published online (on another domain). I've tried many feeds URLs from various domains, and even if they have a crossdomain file that allows all domains, I can't load the xml file.
    No errors are return, except the constant LoadState.LOAD_ERROR, so I'm assuming there's a security issue there (I have to reckon, this is the part of Flash that always confused me; might not be an OSMF specific issue..)
    The SWF security type is REMOTE, and I've try to add Security.allowDomain("*") as well as Security.allowInsecureDomain("*"), without success. I'm using Flex 4.5.1 and OSMF 1.1.

    Ok so here it is, the solution is to use a proxy on the server and ask for the feed using a variable, using CURL in PHP for example.

  • Flash 8 security issue

    I'm using Flash 8 and in my code i use the XMLSocket.connect
    command. When i try to connect to another computer in my LAN i get
    a security warning that says that flash stopped an unsafe
    operation. When i select "Settings" and add the swf path to the
    trusted locations everything works well.
    My question is, what if i'm not connected to the internet?
    How can i pass this security warning without an intenet connection
    to get to the URL in which i add trusted locations?

    Unfortunately, that doesn't help me pin it down much.  It sounds like we tightened restrictions on a behavior that was previously allowed, which caused them to need to update their content.  The web is a dynamic place, and Flash has an obligation to be a good citizen in the larger ecosystem.  As new web standards evolve and emerge, it's important that Flash Player is aligned with them to the extent possible.  In the same vein, we work closely with partners in industry, academia and government to identify and resolve security issues based on the latest research and intelligence. 
    While we take backwards compatibility seriously, the security landscape looks very different than it did 5-10 years ago.  The security of both end-users and the network is of paramount importance.  With the quantity and age of existing Flash content (not all of which is generated by Adobe software), it's incredibly difficult to anticipate whether or not content will break when we change something, particularly if it's esoteric.  We operate a public beta program and encourage content providers to participate in order to prevent unexpected outages as the result of changes to Flash Player.  The beta can be found at http://www.adobe.com/go/beta/. 
    If your cable provider needs assistance in resolving the issue, their engineers are more than welcome to reach out to me directly.

  • CMI adapter and Vista security issues

    Hi,
    We have recently noticed that most of our vista users are complaining that they are unable to run courses despite downloading the latest JRE. On investigating we found that unless we lower the security in IE on Vista CMI adapter aplet is blocked by Vista.
    We run iLearn5.0 - any solutions?
    Kg

    See if using the signed applet resolves the security issue.
    Add the following parameter at the end of the CMI Adapter URL:
    ?lms_signed=on

  • IPhone security issue

    To repost a question asked in another blog, because it is critical to iOS security.  Can't find a good answer.
    When connecting to a URL via HTTPS and the SSL certificate doesn't match (such as at a paid Wi-Fi hotspot), iOS shows a dialog asking whether the certificate should be accepted. If you accept the certificate, iOS adds an SSL exception and will never ask about that certificate again.
    There are possibly two aspects to this: certificates accepted in Safari, and certificates accepted for network services in other apps.
    The question is, how does one remove these exceptions, short of a full device reset? There seems to be no way to view or remove exceptions in the device settings.
    So, first, other than personal certificates, how do you view any "trusted" additions or "exceptions" in iOS 8 (thye are different)?  And second, how do you remove unwanted ones.
    Hard to believe that, in today's security environment, that Apple hasn't addressed this.
    Thanks, all!
    BTW, hard to believe that there is no Community here for Apple security issues! 

    [[UIDevice currentDevice] uniqueIdentifier]
    will return the device's unique UUID.
    Andreas

  • Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

    Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

    You will need to contact Snapfish to find out their system requirements and which plugin you need
    - http://support.snapfish.com/app/answers/detail/a_id/669/brand/3

  • I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

    I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
    I can open it Internet explorer but not in Mozila fireworks

    Clear the cache and the cookies from sites that cause problems.
    "Clear the Cache":
    *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
    "Remove Cookies" from sites causing problems:
    *Tools > Options > Privacy > Cookies: "Show Cookies"
    Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
    *Don't make any changes on the Safe mode start window.
    *https://support.mozilla.org/kb/Safe+Mode
    *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

  • Other web browsers and security issues?

    Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
    Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

    Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
    I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
    I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
    Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
    Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
    I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
    Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
    I would stay away from abandonware Internet Explorer.
    As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
    Happy Exploring.

  • Security Issue with Apple ID

    Today while using my iphone and trying to use facetime for the first time since updating to IOS6, my phone asked me if I wanted to use some email address that I do not have for facetime. What? The message pretty much said that this email address was linked to my apple ID. So I got to work logged into AppleID.Apple.com and saw the email address verified and also saw it displayed as an alternate apple id. Immediately, I changed my Apple ID password and called apple at 1800myapple since that is the number on the website and try to talk to someone that could assist me with this severe issue. Anyway, my iphone went dead and the people on the phone couldn't connect me to anyone because I couldn't give them a serial number to an apple device. I tried to explain to the technicians that this is a problem with my ID and that the alternate ID has access to everything that my Apple ID has access to. Both times the call went nowhere. This is ridiculous. Why can't I talk to a security team? Why is the technician telling me that I can manage my ID from the website, when I know that I am looking at the website and I cannot remove the alternate ID? How did this ID get associated with my account and why did I never receive an email informing me of the change?
    Since Apple has other services and not just products STOP ASKING FOR A SERIAL NUMBER AND ASSIST THE CUSTOMER WITH THE ISSUE especially since it is a SECURITY ISSUE.

    oh man, I know exactly what you're talking about. i have a relatively easy to guess apple id email and everybody in the world thinks it's theirs... but once I turned on two-step authentication, the emails stopped completely.  here's a faq about it:
    http://support.apple.com/kb/HT5570
    once i turned that on, whenever they'd want to reset my password, they would get asked for my recovery key, which they don't have, haha!  victory is mine.

  • My account was deleted for security issues. I made a new account, but I can't syncronise my apps with this new account. I bought a new Iphone and would like to transfer the apps ans music on this new one. Can somebody help me?

    My account was deleted for security issues. I made a new account, but I can't syncronise my apps with this new account. I bought a new Iphone and would like to transfer the apps ans music on this new one. Can somebody help me?

    Why would you make a new account?  This will likely cause many problems.  Just get you old account enabled.
    Apple ID: "This Apple ID has been disabled for security reasons" alert appears
    Frequently Asked Questions About Apple ID
    Everything you purchased with the old account will always be tied to that account.  You will have to authorize the computer for that account and you will have to update the apps from that account.

  • HT5642 I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

    I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

    Any upgrade will be to the most recent, compatible version, in this case 7.0.6.

  • Bit locker security issues (easy to crack) disk encryption?

    Bit locker security issues (easy to crack) disk encryption?
    Problem 1: When the PC run I think its too easy to get  malicious users (with usb pendrive) or spyware to get the encryption key (fast and easy)
    youtube.com/watch?v=0npTlOq6q_0
    Problem2:not resistant with bruteforce attacks
    youtube.com/watch?v=zvaJxnvbGic
    Problem 3: not resistant with boot hacking
    Im using DriveCrypt plus pack and searched security issues in bit locker.The bit locker allow you the bruteforce/dic attack easy.I think  It would be much safer 1. (I think the keys stored somewhere that is easily read) 2. Do not just be enough password
    need a password+file combination to decrypt the disk. DriveCrypt plus pack use a file+password combination if you know the password but you wont have the file you can not decrypt the disk (protect with bruteforce attack).On system boot protected bruteforce
    attak you can crash the (boot).If the boot system crash you can not decrypt the disk just the password you need the file+password combination plus to decrypt it. I am not a programmer but I see the BitLocker ( easy security catches to crack the disk encryption).Im
    tested DriveCrypt and I can not get the key that easy (Problem 1). I have not tested it in greater depth just trying to (catches to crack software encryption).

    Where is your question, sir?
    If the question were "is it easy to crack", the answer is "no". Your videos make use of several assumptions and ingredients and permissions that a normal attacker does not have.
    "Problem 3" is not clear, please describe what scenario you are talking about.

Maybe you are looking for