A question about Authentication Provider

Similar Messages

• Question about content provider having access to code view

  can they? i have read and read to try and figure this out. i
  don't want to offer my client something that doesn't exist.
  if i set up her site with contribute, she buys her version,
  and we get it all working, can she access the html code to add
  paypal buttons herself? or will she only be able to see design
  view?

  Sure thing - been in practice for years - search for:
  Projector (EXE file that you can publish from flash which
  embedds the player).
  Auto Start (google this). Simple file to add to the root
  level of the CD to make it auto play.
  Check out www.flashjester.com and other 3rd party tools for
  extending the projector format beyond
  what Flash offers.
  Chris Georgenes
  Animator
  http://www.mudbubble.com
  http://www.keyframer.com
  Adobe Community Expert
  *\^^/*
  (OO)
  <---->
  rizien wrote:
  > We're trying to put our catalog on CD-rom, and I want it
  all to be stand-alone,
  > so when you put the CD rom in a menu comes up and you
  can browse.
  >
  > I had used Flash in the past under Macromedia, but its
  been a while so my
  > question before I buy is:
  >
  > Can I make a flash animation/menu that will run on any
  computer, not in a
  > browser, and not connected to the internet? Can I
  include on the CD a version
  > of the Flash player that they can use? Preferably having
  it auto-play and the
  > menu just pops up.
  >

• Question about authentication scheme plugin parameter

  Hi, <br>
  Could anyone kindly tell me what the below quoted "password" means ? <br>
  <br><b> validate_password      userPassword="password"</b><br><br>
  Is it the value of <b>userPassword</b> in my directory or just a parameter name that I should use when I use the HTTP form based call.<br>It would be even great if there is an example. Thanks!

  Hi Sino,
  When the values from the form reach the authentication scheme (e.g. name1=value1&name2=value2&name3=value3), it selects the values it wants its plug-ins to process by passing them in the "creds" challenge parameter (e.g. creds: name3 name2). "password" is just one such parameter name passed to the plug-ins so that the value can be used to process authentication.
  This value is used by the validate_password plug-in to bind to the user directory for authenticating the user who has been identified by preceding plug-in(s).
  So both your guesses are partly correct - it is related to the HTTP form field and it is related to the userPassword attribute in your directory. Hope the explanation helps in understanding the caveats to the guesses. Also, it would help if you experiment with these parameters a little and observe the changes in behaviour and any errors displayed.
  One other thing..shouldn't it be -
  validate_password obCredentialPassword="password"
  -Vinod

• Question about Authentication on item-level

  If you set authentication for a page item, am I correct in assuming that it does get processed (i.e. the value in the item can be used for example in the where-clause in a query), but it just does not get displayed?

  i mean a normal item on a page. For example a selectlist, or textfield.
  In the app I'm currently developing, I have a few user levels. Normal users should only see their own records in a report, admins should be able to see all records.
  So what I have for the admins, is a select-list with the usernames, so they can choose whose records they can see. A normal user can't see the select-list.
  When a user logs in, I set the value of the select-list to their user-id (and the select-list displays the corresponding name, based on a LOV). The query which displays the report looks at the select-list to see for which user it must show records. So, when an admin selects a different username, it will show the records for that user. When a normal user logs in, he/she won't see the select-list, but the query does use the value of that select-list in the query.
  Now what I want to know for sure, is that the select-list is always processed upon loading, and not that it's just a coincidence in this case that it's working.
  I'm asking because if you check the help for the Authorization-option in the item, it says "Optionally select an authorization scheme which must evaluate to TRUE in order for this component to be rendered or otherwise processed."
  From this I would think that it won't contain a value if the authorization is false (which would be in the case of a normal user).
  I'm using HTML DB 1.6, by the way.

• Questions on Authentication, Security, and APEX_PUBLIC_USER

  Hello,
  I’m evaluating APEX and my DBA’s have some questions about authentication and database connections. I have audit tables in my schema (created using Oracle Designer) and I’ve noticed that APEX_PUBLIC_USER is the user recorded in my created_by and modified_by columns. I’ve read several posts about this expected behavior and its solution - (UPPER(NVL(V('APP_USER'),USER)). See:
  Re: User in journal
  Re: DB connection by apex_public_user or by registered schema name?
  How can I store the user name, not APEX_PUBLIC_USER
  I’m ok making the changes in my triggers, but my question is what is the consequence from the DBA’s perspective? If there are 100 users in my application and the DBA’s look at current database connections it will show 100 APEX_PUBLIC_USERs correct? What about any internal Oracle auditing? This is really my first true venture into web style programming. Maybe this is expected behavior.
  I also noticed that there are 157 PUBLIC grants to objects in the FLOWS_030000 schema. This means that any DB account has access to these objects by default. Is this a security risk? I would have expected the objects to be granted directly to APEX_PUBLIC_USER. My company is heavily audited in both in an internal and a Sarbanes-Oxley (Sox) sense. This may not be a concern to everyone, but it may be a concern to us. How do other people explain/justify this?
  Are we expected to not make DB accounts and only create users inside of APEX? I know APEX supports the DB authentication, but I haven’t seen any definitive “best practice” recommendations on this. I have looked at all the documentation here:
  http://download-west.oracle.com/docs/cd/B32472_01/doc/nav/portal_booklist.htm
  Is there more documentation with a better explanation than this?
  Can anyone explain how APEX_PUBLIC_USER has no direct privilege on tables in my schema, yet it is the user recorded for DML changes?
  I know this is alot of questions; we're just trying to get a better understanding of APEX before we make the commitment to begin using it.
  Thanks for the help.
  Message was edited by:
  jabolen

  This FLOWS_xxxxxx schema has enough privilege to do DML in my schema (probably why FLOWS_xxxxxx is locked). Is that about right?
  Sort of. It has privilege to dynamically execute your DML (and other code) using your schema, so it is your schema that parses the code. (search: sys.dbms_sys_sql)
  ...enterprise-level identity management solutions...Is one example of that creating DB accounts? I assume others are SSO, LDAP, etc. Where can I read about the pro’s and con’s of these choices?
  Good topic for another thread: Best tools for managing user populations (tens, hundreds, thousands, internal company vs. internet/public, etc.) One key factor is who's going to do the work and how does that fit with your business, e.g., user forgets password -> user calls help desk (24/7?) -> help desk accesses admin account and resets password...Will help desk admin use EM, Application Express admin app, SQL*Plus, OID admin, ...?
  About authorization and roles, be aware that roles are useful in an Application Express environment only if you have a database user account for each application user (presumably named the same as the account the application user uses to authenticate, regardless of how the username/password lookup is performed, i.e., using the database account's password, LDAP, or something else) and your authorization code has enough privileges to check the current user's default roles, again the roles assigned to the database user account that corresponds to the application user name. This precludes the use of dynamically enabled roles. It also requires your application parsing schema to be able to access global views like dba_tab_privs. So, IMO, it's not the most streamlined approach unless you already have (or don't mind maintaining) a database user account for every named application user, a provision that may be unnecessary to support your authentication (vs.authorization) requirements.
  About ref cursors, there wouldn't be any privileges problems - your application's parsing schema must have the privilege to execute whatever definer's rights packages are to be called and these packages, as you said, would do the DML.. As to other issues involving the use of ref cursors, we'd need to know more about your approach and how you want to define reports. I suggest you build a small prototype app and try it out.
  Scott

• Question about setting cookies and custom authentication

  I have a question about setting cookies.
  I have two different 'projects' in HTMLDB - we will call them App1 and App2.
  I also have two different connection configurations setup in the DADs.conf file. - we will call them Connect1 and Connect2.
  App1 is setup to use database authentication (no user is specified in the DAD) and uses Connect1. Once the user successfully logs in, we set a username cookie (this is a persistent connection).
  We created a custom authenticatoin scheme for App2 - this scheme checks for the username cookie (set by App1). We would like for App2 to use Connect2 (HTMLDB_PUBLIC_USER is the default user specified and it uses connection pooling).
  Is it possible to set a cookie from App1, Connect1 for App2, Connect2 - then redirect to App2 and pick up that cookie?
  Here is an example of what we are trying to accomplish:
  A user loggs into App1, we set a cookie, and the user is redirected to App2. If the cookie exists, we allow them access to the home page in App2, if no cookie, we redirect back to a 'Login Failed' page in App1. We don't want App2 to use the same database connection as App1 though, we need App2 to use connection pooling.
  Is this possible? OR...Is there a better way to accomplish what we want to do?
  This is an enhancement to an existing app. Our requirements are to use Database Authentication (setup where pass expires after 60 days or so, cannot reuse last 3 passwords, etc.) - which is already setup and being used by other applications in our organization. All of our users have accounts in the database. We don't want users to have a new username/pass - and we don't want to manage a separate group for HTMLDB apps.
  The existing application uses HTMLDB's built in authentication - which uses database username/pass, and it uses connection pooling, but we cannot handle the pass expire stuff in it, unless there's something we're not seeing or understanding - at least that's how our DBA explained it to us.
  Any help with this will be appreciated so much. I can send you the code we have if needed.
  Thanks!

  Same problem here.  I have so many problems with this remote app.  Is there an iTunes API? I would like to write my own remote app that actually works.

• Question about the Filter type for the trace provide "Microsoft-Windows-Kernel-File"

  Hello all,
  I have moved this question from the Windows
  Server General Forum accorfing to the suggestion from Mr. Justin Gu 
  I have a question about the Filter function for the trace provider "Microsoft-Windows-Kernel-File".
  I can find the Filter function with the following operation.
  Mr. Justin Gu wrote:
  > You create a Data Collector Set for the trace provider "Microsoft-Windows-Kernel-File" and finish completely, then you > can right click it and select Properties.
  In the Properties dialog box, click Filter and
  then select ‘Edit…’. You will be> able
  to see the Filter type and Filter data in the Filter dialog box.
  What
  Kind of Filter can
  I use in this Filter dialog box?
  And, how can I set to exclude the some kind of datas?
  Could you give me your suggestion?
  Thank you.

  What
  Kind of Filter can
  I use in this Filter dialog box?
  And, how can I set to exclude the some kind of datas?
  Could you give me your suggestion?
  Thank you.
  I'm looking for the same information.

• Questions about using Bitlocker without TPM

  We currently use Bitlocker to encrypt our Windows 7 computers with TPM. Now we are looking at encrypting some Windows 7 computers without a TPM. I see how to change the group policy setting to allow Bitlocker without a TPM. I have looked at a lot of other
  threads and I have a few questions about how the Bitlocker without TPM works.
  1) I see a USB drive containing a key is required for Bitlocker configurations without a TPM, say the end user loses this USB drive, what are the recovery options for their computer? 
  This article seems to indicate that without the USB drive connected, you are unable to even access recovery options http://blogs.technet.com/b/hugofe/archive/2010/10/29/bitlocker-without-tpm.aspx
  We have recovery backed up to AD when Bitlocker is enabled, but how could we do this recovery on a computer on computer where it's USB is lost? Would we have to remove the HD itself and attach it to another computer to access?
  2) After enabling Bitlocker on a computer without a TPM and using the USB Drive for the key, is there a way to also add a PIN or password protection at bootup?

  Hi,
  Sorry for my dilatory reply, 
  Configuring a startup key is another method to enable a higher level of security with the TPM. The startup key is a key stored on a USB flash drive, and the USB flash drive must be inserted every time the computer starts. The startup key is used to provide
  another factor of authentication in conjunction with TPM authentication. To use a USB flash drive as a startup key, the USB flash drive must be formatted by using the NTFS, FAT, or FAT32 file system.
  You must have a startup key to use BitLocker on a non-TPM computer.
  From: http://technet.microsoft.com/de-de/library/ee449438(v=ws.10).aspx#BKMK_Key
  For more Q&A about BitLocker, you can refer to the link above.
  hope this is helpful.
  Roger Lu
  TechNet Community Support

• Questions about Access Manager tutorials available in netbeans site

  Hi
  Thank you for reading my post
  I have some questions about two tutoral which i find in :
  http://www.netbeans.org/kb/55/amsecurity.html and
  http://www.netbeans.org/kb/55/amsecurity-liberty.html
  here is my problem :
  we have some web services, now we want to have authentication applied for consumer who try to access our web services.
  we need to have most possible flexibility because we may deploy the server for a customer with an already established Identity database ( Database Table with user details)
  Also we need to have Transport level security using SSL.
  I read and studied both of them and now i have some questions :
  -I think Securing Web Services Using the SAML or UserNameToken is what we need for authentication and autorization of web service consumers?
  is that right?
  -Does Sun Java System Access Manager provide flexibility to authenticate user/password with a database table content?
  -How we can apply roles in Sun Java System Access Manager when we authenticate users ?
  Thanks

  Imagine that we want to have an end to end security for our web services
  we thought that we could use message level encryption to protect the soap message and also we should protect our web services from un-authenticated acess,
  we will use userName token for this.
  Our customer has large database which contains many user/password and role of those users.
  some of web services should be available to higher role (manager) and not for all users.
  so we should check a user role before we allows him/her to access a web service.
  my question is whether Sun Access manager can help us with this? or there are other configuration or packages that we should apply to have this feature.
  to explain more :
  our client side is a swing application, users enter username/password to login into system. after they loged in, we send user/pass every time user want to request some data from some services. (is it good to send user/pass every time?)
  We want Sun Access Manager to handle users authentication .
  We also need to handle role related authorization, can Sun access manager handle this?
  Thanks

• Just installed iOS6, questions about "iMessage" and other things...

  I've been a satisfied iOS4 user since I bought my iPhone4, but I was forced to install iOS6 tonight in order to download a "free" app. I found a few new icons on the screen along with about 200 percent more "Settings" I'd like to ask some questions about. I'm sure a few of these could be answered by doing a frantic and thorough search through weeks of posts but I'm a little short on time right now.
  First, what exactly is iMessage? Looking at the page for it, I can't see any difference between it and regular text messages. The info page says its to avoid charges, but between my data plan and not being charged for text I don't see where theres any other benefit. The one person I text with the most recently asked me why I had not installed iMessage yet, and didn't have an answer when I asked him why I should. I guess he just wanted to see text replies in blue instead of green.
  In a related bit, flipping through Settings>Messages>Send & Receive I find a "2 addresses" section, with my phone number in there as well as my email under "You can be reached by iMessage at:" and "Start new conversations from:". What good does it do iMessages to have my email address? Does the Mail app handle text as well as email addresses? That seems to be the only explanation, and also very odd to think I'd be trying to text through my Mail app.
  Second, looking through the Settings>Mail I see now that I have an icloud email address as well as the mac.com address I've been desperately hanging on to for the past 10 years, and the me.com address they've been trying to force me into since those came out. (I was happy to see I could delete the me.com address from the phone. I wish I could delete it from the universe.)
  I wasn't even aware there was a such thing as icloud.com addresses. When did this happen? What is it used for?
  Third, under that icloud Setting I see a long list of apps with buttons labeled "Off" under it. What are those for? Under the Mac.com settings I see switches for "Mail" and "Notes", with Mail on and Notes off. The Notes app (which I haven't used since my old iPhone 3) still opens, regardless of this setting.
  Fourth, I now have an item called "Facetime" under my Settings. It is off, but underneath it says "Your phone number and/or email address will be shared with people you call". I understand caller ID normally sends caller number info to the receiver, but why would someone need my email address if I call them?
  Fifth, I now have a "Music" setting, at the bottom of which I see a "Home Sharing" item, which when clicked brings up my AppleID and asks me if I want to Sign Out or Cancel. What is Home Sharing? Its also at the bottom of the "Video" settings.
  Sixth, now I have Twitter and Facebook settings? For what? I don't have accounts with either of those companies. So why have settings, especially since it asks me to create accounts and download apps for those companies right in the Settings?
  Seventh, there is a camera icon on the unlock screen. Touching it causes the screen to bounce up about a quarter inch, almost but not quite revealing something behind it. I should probably just quit asking about this stuff already, but I'll take the bait - what is this now?
  Finally, what is the Notification Center used for?
  If I got a text under iOS4, it would put an alert on the Unlock screen. Scrolling through this huge list of things under the Notification settings I'm really blown away by all the apps set up to yell at me. I can see having an alert for a text message but Game Center? What the heck is that, and why is it set up to hit me with a "Badge App Icon" (whatever that is) when I get alerts from "Everyone". Similarly, the phone is set to alert me to something called a "Photostream Alert"? What is this? Why is there a Phone section for the Notification Center? So they can put a Notice on my screen to tell me the phone is ringing? Holy cow! The phone is set to send me alerts from the "Weather Widget". So if I miss the fact its raining there will be a message on my screen to let me know? Whats next - a buzzer to tell me I'm listening to music?
  There's a lot more, like what would I need Passbook for when I have the actual movie tickets, gate boarding passes, coupons, etc in my hands, but we'll leave that for another time. Many thanks to all who can offer some answers to my questions above.

  Hey Taantumus!
  Here is an article that will provide some guidance on this question:
  Apple ID: Changing your password
  http://support.apple.com/kb/ht5624
  The next time you use an Apple feature or service that uses Apple ID, you'll be asked to sign in with your new Apple ID password.
  Thanks for coming to the Apple Support Communities!
  Regards,
  Braden

• Questions about Rooting...

  Hi everyone, I’ve some questions about rooting my Xperia Arc S. Hopefully I’ll get helpful answers from you.
  If I root my phone, shall I get regular software official updates from Sony?
  Currently Sony is rolling out the ICS update. After rooting the phone am I able to upgrade my phone to ICS?
  While rooting the phone if any damage is done, can that be recoverable by installing a fresh OS or something?
  Does the rooting process delete all the existing contacts, messages, apps etc?
  Finally can anyone please provide a full proof guide/tutorial for rooting the Xperia Arc S?
  Thanks in advance.
  Solved!
  Go to Solution.

  Do you have an app named Super USer ?
  Were you on 4.0.4 and then rooted your mobile using this method ?
  If yes then your mobile is not rooted for sure
  See how to root 4.0.4 here
  Discussion guidelines.
  Message me or any other moderator to seek help regarding moderation.

• Re: Questions about Plan structure

  Reply-To: "Duncan Kinnear" <[email protected]>
  Q. if you have an Employee class with related EmployeeSubordinate and
  EmployeeSalaryHistory classes, should these all be in the same plan?
  A It is better to have them in the same plan.It depends on the design
  you have
  Q Why should the Managers be separated from their business classes?
  A Managers are usually service objects which might require different
  resources.
  These managers when deployed might be required by several other
  applications.
  Seperating them as a different plan will help in just using one
  installed partition to be
  Used by different applications (refer about Reference Partition)
  Q If you have the Database managers separate, what scope does each DB
  manager cover?
  A It is better to have the DB managers in user scope.
  It depends on the numbers of users, u have for the system.
  Since u are talking about 100 tables. It's a huge system.
  It also depends on the user licenses u have for the backend.
  Take care that u use proper load balancing of DB Managers for the
  system.
  Krishna CVSR
  GoldStone Softech Inc
  >
  Hi there,
  We are in the middle of designing the structure of a new system.
  I have read/heard that it is best to break down the plans into the
  following categories:
  Business Classes
  Managers/Services
  Clients
  I have a few questions about this structure:
  Should related business classes be grouped together in Plans? E.g. if
  you have an Employee class with related EmployeeSubordinate and
  EmployeeSalaryHistory classes, should these all be in the same plan?
  Why should the Managers be separated from their business classes?
  E.g. if there is an EmployeeMgr service which deals with anything to do
  with the Employee business class, why separate them in different
  plans? If you need the manager to access the class, you will always
  need both.
  Some of the Forte documentation talks about "Policy" managers and
  "Database" managers. How do the functions of these managers differ
  for a simple CRUD (Create Read Update Delete) class?
  If you have the Database managers separate, what scope does each
  DB manager cover? I.e. do you have one for the entire database (over
  100 tables in our case), or do you break it down by sub-system?
  Thanks in advance for any answers.
  Cheers,
  Duncan Kinnear,
  McCarthy and Associates, Email: [email protected]
  PO Box 764, McLean Towers, Phone: +64 6 834 3360
  Shakespeare Road, Napier, New Zealand. Fax: +64 6 834 3369
  Providing Integrated Software to the Meat Processing Industry for over 10 years
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
  Get Your Private, Free Email at http://www.hotmail.com
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

  Reply-To: "Duncan Kinnear" <[email protected]>
  Q. if you have an Employee class with related EmployeeSubordinate and
  EmployeeSalaryHistory classes, should these all be in the same plan?
  A It is better to have them in the same plan.It depends on the design
  you have
  Q Why should the Managers be separated from their business classes?
  A Managers are usually service objects which might require different
  resources.
  These managers when deployed might be required by several other
  applications.
  Seperating them as a different plan will help in just using one
  installed partition to be
  Used by different applications (refer about Reference Partition)
  Q If you have the Database managers separate, what scope does each DB
  manager cover?
  A It is better to have the DB managers in user scope.
  It depends on the numbers of users, u have for the system.
  Since u are talking about 100 tables. It's a huge system.
  It also depends on the user licenses u have for the backend.
  Take care that u use proper load balancing of DB Managers for the
  system.
  Krishna CVSR
  GoldStone Softech Inc
  >
  Hi there,
  We are in the middle of designing the structure of a new system.
  I have read/heard that it is best to break down the plans into the
  following categories:
  Business Classes
  Managers/Services
  Clients
  I have a few questions about this structure:
  Should related business classes be grouped together in Plans? E.g. if
  you have an Employee class with related EmployeeSubordinate and
  EmployeeSalaryHistory classes, should these all be in the same plan?
  Why should the Managers be separated from their business classes?
  E.g. if there is an EmployeeMgr service which deals with anything to do
  with the Employee business class, why separate them in different
  plans? If you need the manager to access the class, you will always
  need both.
  Some of the Forte documentation talks about "Policy" managers and
  "Database" managers. How do the functions of these managers differ
  for a simple CRUD (Create Read Update Delete) class?
  If you have the Database managers separate, what scope does each
  DB manager cover? I.e. do you have one for the entire database (over
  100 tables in our case), or do you break it down by sub-system?
  Thanks in advance for any answers.
  Cheers,
  Duncan Kinnear,
  McCarthy and Associates, Email: [email protected]
  PO Box 764, McLean Towers, Phone: +64 6 834 3360
  Shakespeare Road, Napier, New Zealand. Fax: +64 6 834 3369
  Providing Integrated Software to the Meat Processing Industry for over 10 years
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
  Get Your Private, Free Email at http://www.hotmail.com
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

• General question about iTunes Match and multiple libraries

  Hello to everyone,
  I have a general question about the iTunes Match service, which is available since yesterday in my country (Italy). Currently my library situation is the following:
  Computer A (desktop, Windows 7): "big" iTunes library (about 20 GB), at the moment not associated with my Apple ID
  Computer B (MacBook Air 2011): "small" iTunes library (about 5 GB), associated with my Apple ID
  At the moment, both my iOS devices (iPhone 4 and iPad 2) are synchronized with the smaller library on the MacBook Air.
  Question is as follows: should I subscribe to iTunes Match, would it be possible to upload the "big" library (provided I associate it with my Apple ID) to iCloud while keeping my devices synchronized with the "small" one?
  Ideally, at the end of the day, the situation should be the following: both iOS devices with music from the small library + possibility of downloading songs from iCloud (coming from the big one). Is this possible?
  Maybe the question sounds stupid, but I want to be sure about this before paying for the service.
  Thanks a lot.

  Yes, you could also associate your larger library with iTunes match if you associated your Apple ID with it. However any purchases in the library made from another Apple ID will not be matched with iTunes much.
  If both libraries are part of iTunes match, then all your devices will see all of the content from both libraries, which content you choose to have on those devices and which you have accessible via iTunes match is entirely up to you.

• Legality questions about Home Sharing

  I have some legality questions about Apple's Home Sharing technology.
  As I understand it, you can share (that is, copy it from one computer to another) your music, movies, applications and other iTunes-managed files amongst five computers. The only 'trick' is that each computer must have an iTunes Store account and must be logged in in order for it to work.
  My question concerns the copying aspect and the legality of it. For content that was purchased through the iTunes Store I can see how Home Sharing can provide a limitation on content sharing, since all of the machines would need to be connected to Apple's servers in order for the validation process to happen. But what about content that was added to iTunes through other means, e.g., ripping my own CDs or converting my DVDs? These items can still be copied via Home Sharing and as there's no DRM on them there's no way they can be protected against "illegal" or "unauthorized" use.
  It was my understanding that if I gave a copy of a song to someone else, that's illegal. Apple's Home Sharing technology seems to facilitate this action. If I rip a CD or DVD into iTunes and someone copies it out, isn't that making an illegal copy? Can I be held liable for distribution of content?
  And how far does this extend? If I live in a house with four unrelated people, are they legally (?) allowed to copy music and media amongst each another? Is there a perceived or actual difference between using Home Sharing to copy a movie versus, say, using a USB flash drive? And what if one of them moves out? Am I legally obligated to go through that person's hard drive and remove content that they copied from me before they leave the building?
  Does Home Sharing somehow retroactively change the copyright application on a given CD or DVD? Most of my CDs and DVDs contain notices and warnings against distributing copies. Can these warnings now be ignored, or at least amended with "...unless you're using iTunes Home Sharing" at the ends of them?
  I am not trying to stir up a hornet's nest here. I'm only trying to better understand the legal issues surrounding Home Sharing and particularly how they relate to unprotected content. It seems very contradictory that the RIAA and MPAA would be fighting so hard against peer-to-peer services like BitTorrent and Gnutella while apparently allowing peer-to-peer services through iTunes Home Sharing.
  Furthermore, I also understand that the intention of this system was to allow families who are living together to have common access to all of the "household" music, but my issues aren't about this. I envision, for example, a college dorm building where there's several hundred people living together on the same network subnet, and all of them have Home Sharing enabled and everyone is copying thousands and thousands of songs to/from one another. Is this now legal?
  Any insights would be appreciated. Thanks.

  If I rip a CD or DVD into iTunes and someone copies it out, isn't that making an illegal copy?
  RIPping of commercial, encrypted DVDs (most of them) is illegal to begin with. Or rather, breaking the encryption on a DVD is illegal and in order to RIP the DVD, you must break the encryption. SO you have already "broken the law" by having a copy on your computer.
  Most of my CDs and DVDs contain notices and warnings against distributing copies.
  Most of your DVDs have a notice about even simply making a copy, not only distributing copies.
  Much of your post has been cussed and discussed by many, many people (lawyers, corporations, organizations, individuals, etc.) and no one has come (or likely ever will come) to a complete agreement.
  Generally, "sharing" in the same house hold amongst family members seems to be okay. Outside the same household/family is almost always not okay.
  I envision, for example, a college dorm building where there's several hundred people living together on the same network subnet, and all of them have Home Sharing enabled and everyone is copying thousands and thousands of songs to/from one another. Is this now legal?
  No.
  This is exactly what Napster was and why they were sued & shut down.
  I imagine Apple lawyers have done their homework as well as consulted with the labels to discuss these exact issues.
  And it's called "Home Sharing" to indicate that it is not "Dorm Sharing" or "Workplace Sharing", or even simply "Library Sharing"etc. even though it may be possible to use it in other places than the Home.
  Users on other computers need to know your iTunes ID and password to enable it Home Sharing. Likely this is how Apple got the lables to be okay with it.
  Are you gonna give (and get) dozens/hundreds/thousands/any other users your iTunesID & password?
  You can contact Apple Legal here -> http://www.apple.com/legal

• Some question about International Travel

  Ok so i know alot of people have question about international travel weather is USA to Canada, Canada to USA or where ever.
  So i just got off the phone with someone from AT&T these are my questions for them. i hope it can help, im confuse myself.
  *1. I travel recently travel to canada a few weeks ago, when i cross the boarder i switch the data roaming ON and it picks up Rogers Wireless, a few days ago i try i again it said NO SERVICE is something wrong with my iPad?*
  NO, consider yourself lucky u didnt get charge for that roaming, your ipad well not work out of the US unless u buy one of our International plans that AT&T has provided. The reason for this is so you wont have any unwanted charge or high charge on your bill.
  *2. If i was to buy a sim card from Canada and pop it in to my US ipad well it work?*
  Honestly that's something you can try at your own risk, it's design for AT&T so by switching sim cards it may affect your ipad such as running slow, virus, crash. You can try it, i dont work for Rogers so i know nothing about them, i work for AT&T so i can only tell you about our plans and i wont lie to you.(I THINK U JUST DID) This ipad is not unlock just like the iphone so it well only work with AT&T.
  *3. If i pop my sim card out and put in an international sim card well it affect my plan at all or in any way?*
  Yes it can, right now your on the unlimited plan if you put in a different sim card and then re-put in ur AT&T one chances are you're going to loose your unlimited plan and have to settle for the newer plan. That's why AT&T has reduce it's international plans so people are more likely to use it. It's a contract we sign with Apple, if u want to use in canada you can always buy an Ipad in canada and use their plan. (***)
  At the end of this conversion i was just more angry with them. All in all she told bottom line is dont do anything stick with AT&T and pay for international plans. So i have to pay over price data plan if i want to use it intertanional? or i have to buy an ipad for each international places i go to?
  Has anyone try or done any of the 3 ive mention and did it affect ur plan or ipad in anyway?
  Thanks
  Andy

  Ok so here's a little more info
  I called AT&T again today asking them the same question the guy was more helpful then the one yesterday. Even though he kinda told me the same saying that the ipad need to be unlock. , Afterward he transfer me someone from Apple. The lady told me
  1. The ipad is UNLOCK so dont bother trying to get it unlock.
  2. she doesnt see why sticking in another sim card from one of the apple ipad carrier is a problem. U would just have to sign up activated it like u would when u first got it.
  3. Contact phone company (my case Rogers) to see if they carry the mico sim cards.
  4. She doesnt see why it would affect the current plan u have now.
  So at the end of all that she told me, seem like AT&T is just telling you, you cant do this or u shouldnt do that is simple THEY WANT YOU TO USE THEIR PLANS.
  so with that i said i just want to let everyone know. I'm gonna go pick my Micro sim cards from Canada in a bit and sign up for thier plan we'll keep everyone updated if anything change or how it work