About Leveraging database security with JPA...

Similar Messages

• Is there a way to view Flash videos on my iMac without downloading Adobe Flash Player? I'm concerned about performance and security with Flash Player.

  Is there a way to view Flash videos on my iMac without downloading Adobe Flash Player? I'm concerned about performance and security with Adobe Flash Player.

  If the video is only available in a format that requires Flash player : then no.
  However, a great many can also be viewed in an HTML5 version, in which case http://hoyois.github.io/safariextensions/clicktoplugin/ or similar can be set up so that Flash never runs unless you specifically choose it to.

• Database security with PUBLIC EXECUTE privileges for Application Express

  I recently tried installing APEX into an existing database containing a data warehouse. Security on this database is quite controlled and PUBLIC EXECUTE to SYS owned objects had been removed. Ie there was no PUBLIC EXECUTE on:
  DBMS_LOB
  UTL_HTTP
  UTL_FILE
  UTL_SMTP
  UTL_RAW.
  When I tried to install APEX, I got all kinds of errors and logged a TAR. The analyst told me to grant execute to public to the above SYS owned objects. This contradicts the "Policies" in 10G Grid control and the Metalink Notes 131752.1 &
  Note:247093.1.
  Can these execute privileges be changed to another user in the htmlDB
  application such as FLOWS_FILES? Or HTMLDB_PUBLIC_USER? What is the security reccomendations for Oracle Application Express? Calling any product managers out there....

  Developers/users have started clicking around and are now getting errors. There is a function called CUSTOM_AUTH and one called CUSTOM_HASH which do not compile. They have complain about not seeing UTL_RAW so had been relying on PUBLIC synonyms. here's the 1 function:
  create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
                           return varchar2
                           is
                           l_password varchar2(4000);
                           l_salt varchar2(4000) := '2ZVKZMILYMGVFRFXOZIVZ72RJNJY8V';
                           begin
                           -- This function should be wrapped, as the hash algorhythm is exposed here.
                           -- You can change the value of l_salt or the method of which to call the
                           -- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
                           -- if you choose to do this.
                           l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
                           (input_string => p_password || substr(l_salt,10,13) || p_username ||
                           substr(l_salt, 4,10)));
                           return l_password;
                           end;

• Masters in Database security

  Hi Team,
  I Work as oracle apps dba..I was planning for higher studies preferably masters programme already i hold engineering degree in my U.G
  The reason i chose database security programme please follow up:
  1. only few DBA's are expertise on this arena
  2. Companies that bother about their database security must be big multi MNC and reputated international banks
  3. Already working in revelant field, completed certifications etc which could strong my base foundation further more
  4. Most regular DBA`s in market has got almost nil knowledge on database vault, security, encryption, tde etc
  So, does this idea really works good? If i do proagramme how are my chances...and i see security is essential and has got key role to play in future in any organisation to protect their privacy.
  regards,
  Dilip

  Hi A/K
  I wanted to know about the degree Masters in Database administration, Data Modelling and Data Warehousing.
  Are you thinking about the Oracle Certified Master ? Or some training courses on those topics?
  Database administration > http://en.wikipedia.org/wiki/Database_administrator
  Data Modelling read that> http://en.wikipedia.org/wiki/Data_modeling
  Data Warehousing > http://en.wikipedia.org/wiki/Data_warehouse
  What exactly is covered under these courses.
  See the previous links
  As to which universites would be good to do it from.
  Are you working for a company then get them to paid for the Oracle training courses especially if relevant with your work/.
  Any universities in India offer them ?
  No idea..... but try to google on that...

• Migrate SQL 2008 Analysis database to 2012 AS database along with data level security defined in current production cube

  I want to migrate Analysis Services 2008 database to 2012 AS database along with data level security defined in current production cube
  Note: Only Production environment have security, while no security is defined in development environment
  Potential Approach:
  1 - Using Synchronization Wizard: Gives me error : "The OLAP element at line1 can not appear under envelope......" and this is because Synchrinzation works only for same version
  and in my case, there are different versions of SQL (SQL 2008 and 2012)
  2 - Using Visual studio conversion wizard - Convert SQL 2008 AS project to 2012 and then process cube, so I can get the cube working but then how can I get data level security since 100's of data level security is defined in production Cube, so how can I
  migrate that across
  3 - Script out XMLA and deploy cube - But then again having issues with how can i script SSAS security
  4 - Would taking backup of SSAS 2008 database and restore to SSAS 2012 will help ?
  Any suggestions would be appreciated
  Thanks,
  Mihir

  Hi Mihir,
  According to your description, you want to migrate the SQL Server Analysis Services (SSAS) 2008 database which have some security setting with it to SSAS 2012, right? We can migrate existing Analysis Services databases either during Setup, by upgrading an
  existing instance of Analysis Services, or after Setup, by running the Migration Wizard. Generally, when migrating a database to another server, all the setting will be migrated. So in your scenario, you can refer to the steps on the links below to migrate
  your SSAS database.
  How to: Migrate Analysis Services Databases
  Migrating Existing Analysis Services Databases
  Regards,
  Charlie Liao
  TechNet Community Support

• Web form and database security risk

  I'd like to develop an Oracle Form or APEX Form where people don't have to login to use it. Like a registration form on our website, where anyone can fill it out. Ideally, the information entered into the form would be saved to an Oracle table (could use a flat file if database security is an issue). I'm a developer and don't know a lot about the security side.
  I'm thinking we would need a static IP address and an Oracle public password that doesn't expire, since the public doesn't have to login to use the form.
  Is this possible and is it a database or network security risk ?

  An APEX page can certainly be configured to not require authentication (that's pretty standard for the login/ registration page). There is no need for an "Oracle public password." There are accounts in the Oracle database that APEX uses but that no human needs to know the password for. If that's what you mean by "Oracle public password" then, yes, you do. But that would be the case no matter what authentication and authorization scheme you use in APEX.
  A static IP address for your web server is likely a good idea. It's possible to have DNS work with dynamic IP addresses but that's probably not what you want.
  Justin

• Servlet security with SSL

  Hello All,
  I am fairly knew to Java and Tomcat etc as I came from a non Java\Tomcat previous role but have inherited a project which is a Java servlet (Java 1.6.0.29) running on Windows with Tomcat (Tomcat 7) as the container. The servlet communicates with both an Oracle database on a Unix server and a SQL server database on a Windows server. I now require to secure the communication with the SQL Server database using SSL (Two way communication) and would really like some straight forward guidance on how to do this, i.e. what exactly do I do?
  I ask this because there is a lot of information on the Tomcat website and other web sites but I find it becomes very ambiguous and confusing. They mostly talk about setting up a Keystore for the root certificate on the server and then say nothing about the "client". In my servlets situation the server hosting the SQL server is the "server" and the server hosting the servlet is the "client". The server hosting the servlet ("the client") already has a keystore set up on it to handle the encryption to the Oracle database and a entry to suit in the Tomcat server.xml file.
  Any assistance would be greatly appreciated. I am really stuck with this
  Thank you in advance
  Alanjo

  On 01/14/2014 06:11 AM, Alan Farroll wrote:
  > Hi all,
  >
  > I could not find a more appropriate forum in Eclipse for this question
  > so have placed it in newcomers as I am still quite new to Java\Eclipse
  >
  > We are working on a Java servlet application that involves security with
  > SSL to allow the servlet to run from a server outside our firewall and
  > interrogate databases inside our firewall. It runs on Tomcat 7 and built
  > on Java 1.6.0.29
  >
  > We have had no problems running the servlet on the Test server within
  > the firewall but when running on the Live server outside the firewall
  > the SoapUI request returns nothing and the current Tomcat log error is
  > "java.lang.RuntimeException: Could not generate dummy secret"
  >
  > The problems seem to be with the jce.jar and the sunJCE_provider.jar.
  >
  > Has anybody any assistance they could provide please.
  >
  > Thanks in advance
  >
  > AJF
  The live server doesn't have access to the right JARs? Maybe this will help?
  http://www.javahotchocolate.com/notes/jce-policy.html

• Looking for an article on database security

  I'm looking for an article on database design with reference to security; meaning, how to create users, users types, groups etc.
  Does anyone know something worth reading?
  xww

  http://databases.about.com/od/security/

• Web and Database Security - SQL Inject info

  Web and Database Security - SQL Injection.
  Here is a whitepaper on The Dangers of Dynamic Content (SQL Injection)
  http://www.issadvisor.com/viewtopic.php?t=125
  SQL Injection. 3 parts. The first part discusses the basics of how to test
  web applications for SQL injection vulnerabilities. The second part goes into
  the specifics of how to manually identify and test for SQL injection
  vulnerabilities. And the third part describes how to exploit SQL injection to
  retrieve data from the database.
  http://www.issadvisor.com/viewtopic.php?t=123
  Understanding this critical security issue, helps web developers that leverage
  database must design and make their applications more secure.
  Hopefully these two links are informative and useful. Please pass them on.

  An APEX page can certainly be configured to not require authentication (that's pretty standard for the login/ registration page). There is no need for an "Oracle public password." There are accounts in the Oracle database that APEX uses but that no human needs to know the password for. If that's what you mean by "Oracle public password" then, yes, you do. But that would be the case no matter what authentication and authorization scheme you use in APEX.
  A static IP address for your web server is likely a good idea. It's possible to have DNS work with dynamic IP addresses but that's probably not what you want.
  Justin

• Configuring Database Security Store is failing

  Guys,
  I am trying to configure Database Security Store while installing 11gR2 (OIM, OAM, SOA) and wlst.sh script is failing. Here is the format I am giving.
  $MW_HOME/oracle_common/common/bin/wlst.sh $ORACLE_HOME/common/tools/configureSecurityStore.py -d $IAM_DOMAIN_LOCATION -m create -c IAM -p $ORA_PASS
  Here is the error message i am getting.
  Problem invoking WLST - Traceback (innermost last):
  File "/apps/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py ", line 15, in ?
  ImportError: no module named security
  Please let me know how to resolve this issue.
  PS: I created a new domain with 7002 for OIM, OAM & SOA as 7001 is being used by OID domain. And trying to run the above command with 7002 domain name and getting this error.

  This is a bug.
  Run a search for wlst.sh in your environment and call the wlst.sh from oracle_common/common/bin not from wl_server/common/bin.
  You can look for this (Doc ID 1493576.1) in Oracle support.
  Thanks,
  Ram

• Assigning role to role doesn't work when applying Database security model

  I applied Oracle Database security model for BI Publisher.
  then I create some roles and users and assigned roles to users in Oracle Database.
  i also assigned appropriate folders to each role in BI Publisher.
  the users with direct roles worked successfully but i got problem when i assigned roles to a super role, and assigned this role to a super user.
  the super user could only access guest folder.
  Please help me.
  thanks.
  Daniel
  Edited by: user13344498 on Jul 5, 2010 11:13 PM

  Add a Role to a Role:
  1. From the Security Center, select Roles and Permissions; this will invoke the
  Security Center page. Here you can see the list of existing roles and permissions.
  2. Select the Add Roles icon for the Role.
  3. Select the desired role from the Available Roles list and use the Move shuttle
  button to move it to the Included Roles.
  this is from "Oracle® Business Intelligence Publisher User's Guide Release 10.1.3.2 Part No. B40017-01" book, but the security model is BI Publisher Security.

• ORA-00001: unique constraint during "Configure Database Security Store for OIM Domain"

  Hi Guru's,
  I am following the below steps for OIM 11.1.2.1 with SOA 11.1.1.7 Installation and facing below error during step "Configure Database Security Store for OIM Domain".
  Installed Database 11.2.0.3
  Installed RCU (Here I used two versions.
       RCU 11.1.2   - Used IDAM prefix for (Metadata Services, OPSS, OIM)
       RCU 11.1.1.7 - Used SOA prefix for(Metadata Services,SOA Infrastructure, User Messaging service)
  Installed JDK 7 (Java 1.7)
  Installed WL 10.3.6 (MW_HOME-/u01/Middleware/fmw, WL_HOME=/u01/Middleware/fmw/wlserver_10.3)
  Installed FMW 11.1.2.1 for OIM. (ORACLE_HOME=Oracle_IDM1)
  Installed FMW 11.1.1.7 for SOA (ORACLE_HOME=Oracle_SOA1)
  WL Domain creation.  (Domain Name – idam_domain1)
  Configure Database Security Store for OIM Domain.
  Internal Exception: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (IDAM_OPSS.IDX_JPS_RDN_PDN) violated
  Also followed the below bug solution, but issue still occurs.
  Bug 16690836 : CONFIGURE DATABASE SECURITY STORE (CONFIGURESECURITYSTORE.PY) SCRIPT IS FAILING
  @ 1. Delete the Schemas using RCU.
  @ 2. Recreate the OAM schemas.
  @ 3. Reinstall the WLS and OAM software.
  @ 4. Run config.sh to create a new domain.
  @ 5. Run setDomainEnv.sh from user_projects/domains/<Domain_name>/bin
  @ 6. Run the configureSecurityStore.py from same window.
  Not sure if anyone tried with different steps that fixed the issue? Could you please help.
  Thanks
  VG

  Hi Gurus, I got the solution from Oracle. SOA 11.1.1.7.0 shouldn't be used with Identity Management 11.1.2.1.0(11GR1-PS1) version. Identity Management 11.1.2.1.0(11GR1-PS1) is bundled with SOA 11.1.1.6.0. When used this SOA version, Installation went smooth. Thanks VG

• Database link with the alias and full description in the connect string

  Hi,
  i have created database link with alias in tnsentry and full description
  and suppose i have removed the tnsnames.ora file what will be the impact on the database link that is whether database link will work or not i am sure db link created with alias won't work and how about db link created with full description and which one you prefer
  Thanks

  # Parameter file initora for Database prd
  ### Global database name is db_name.db_domain
  global_names = TRUE
  db_name = prd
  db_domain = world
  # TNSNAMES.ORA for prd ###############################
  prd.world = (DESCRIPTION = (ADDRESS = (COMMUNITY = tcp.world)
  (PROTOCOL = TCP) (Host = 100.10.100.1) (Port = 1521))
  (CONNECT_DATA = (SID = prd) (GLOBAL_NAME = prd.world)
  (SERVER = DEDICATED)))
  Our database link points from the local database test to the remote database prd. Therefore we need the global database name for prd. Ask the remote database administrator for these information or connect to prd and execute the following query on prd:
  SQL> select GLOBAL_NAME from GLOBAL_NAME;
  GLOBAL_NAME
  prd.WORLD
  CREATE DATABASE LINK prd
  CONNECT TO system IDENTIFIED BY system_passwd
  USING 'prd';--- alias
  so the connection description will be ---select ename from [email protected]
  useful link
  http://www.akadia.com/services/ora_dblinks.html

• RMAN-06067: RECOVER DATABASE required with a backup or created controlfile

  Hi,
  DB:9.2.0.8
  OS: AIX 5.3
  I am restoring DB with until time(12/06/2012) for needed tablespaces.
  I restored the 12th date controlfile ,which is backed up with archivedlogs. I also have one more controlfile which backed up with full DB..
  Restore of tablespaces are completed..
  When recovery is going , failed with following error..
  allocated channel: c7
  channel c7: sid=22 devtype=SBT_TAPE
  channel c7: VERITAS NetBackup for Oracle - Release 5.1 (2006040520)
  allocated channel: c8
  channel c8: sid=21 devtype=SBT_TAPE
  channel c8: VERITAS NetBackup for Oracle - Release 5.1 (2006040520)
  executing command: SET until clause
  Starting recover at 23-06-2012 02:00:15
  released channel: c1
  released channel: c2
  released channel: c3
  released channel: c4
  released channel: c5
  released channel: c6
  released channel: c7
  released channel: c8
  RMAN-00571: ===========================================================
  RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
  RMAN-00571: ===========================================================
  RMAN-03002: failure of recover command at 06/23/2012 03:36:57
  RMAN-06067: RECOVER DATABASE required with a backup or created controlfile
  RMAN>
  Restore Script:
  connect target /
  connect catalog rmanc/recom@lgn_rmanc
  run {
  allocate channel c1 type 'SBT_TAPE';
  allocate channel c2 type 'SBT_TAPE';
  allocate channel c3 type 'SBT_TAPE';
  allocate channel c4 type 'SBT_TAPE';
  allocate channel c5 type 'SBT_TAPE';
  allocate channel c6 type 'SBT_TAPE';
  allocate channel c7 type 'SBT_TAPE';
  allocate channel c8 type 'SBT_TAPE';
  allocate channel c9 type 'SBT_TAPE';
  allocate channel c10 type 'SBT_TAPE';
  allocate channel c11 type 'SBT_TAPE';
  allocate channel c12 type 'SBT_TAPE';
  set until time '12-06-2012 00:01:26';
  restore tablespace SYSTEM,UNDO_GEN01,UNDO_GEN02,TAB_80K_GENCON,TAB_25M_GENCON;
  release channel c1;
  release channel c2;
  release channel c3;
  release channel c4;
  release channel c5;
  release channel c6;
  release channel c7;
  release channel c8;
  release channel c9;
  release channel c10;
  release channel c11;
  release channel c12;
  Recover Script:
  connect catalog rmanc/recom@lgn_rmanc
  connect target /
  run {
  allocate channel c1 type 'SBT_TAPE';
  allocate channel c2 type 'SBT_TAPE';
  allocate channel c3 type 'SBT_TAPE';
  allocate channel c4 type 'SBT_TAPE';
  allocate channel c5 type 'SBT_TAPE';
  allocate channel c6 type 'SBT_TAPE';
  allocate channel c7 type 'SBT_TAPE';
  allocate channel c8 type 'SBT_TAPE';
  set until time '12-06-2012 00:01:26';
  recover tablespace SYSTEM,UNDO_GEN01,UNDO_GEN02,TAB_80K_GENCON,TAB_25M_GENCON;
  release channel c1;
  release channel c2;
  release channel c3;
  release channel c4;
  release channel c5;
  release channel c6;
  release channel c7;
  release channel c8;
  Any suggestion in this is helpful to me..
  Thanks in advance,

  Hello;
  I read your post and here's the thoughts that came to mind : ( my largest concern is you might restore something that damages your current system )
  1. So you want to restore the whole DB back to 12/06/2012 to get some tablespaces from then right?
  2. Are you restoring to a different system?
  3. How did you start the database ( NOMOUNT, MOUNT )
  4. If you are restoring the whole DB back to 12/06/2012 how did you restore the control file?
  5. Your command shows :
  restore tablespace SYSTEM,UNDO_GEN01,UNDO_GEN02,TAB_80K_GENCON,TAB_25M_GENCON;
  COMMENT : Generally I use recover tablespace for point in time recovery and use an auxilary destination.
  Meaning I don't use restore at all, in fact using restore may cause an issue.
  SUMMARY : I don't see how this will work as is.
  It seems you want data from five tablespaces from about six months ago including the SYSTEM tablespace.
  This is an Incomplete Recovery. I believe I would rethink this completely.
  Give the time that has past I would consider restoring the whole database to a different server where cannot damage anything.
  Once this is done I would decide how to get the data I need.
  Or I would check for a daily export file and recover the tablespace data that way.
  So you have some good details on your question but it seems the plan is either missing something or you need to add a few more details.
  Example
  I'm recovering old tablespaces into a test system.
  Here's how I'm not damaging my current production system.
  I don't have an export from that date.
  So take a step back and either rethink or give a few more details on how this is safe.
  Best Regards
  mseberg

• Security with Flat files

  Hi,
  I have a webpage with many UI Elemnts such as LinkToURLs, TextViews whose content is got from flat files present in the src/mimes folder of the project.
  I need to keep the files secure so that no other person can change the details present in it.
  Please help me how to proceed as i dont have any idea rearding this.
  Thanks and Regards,
  Padma Usha.

  Hi Usha,
  You are asking about the security in WebDynpro while editing the file context in the views ? or talking about windows file security ?
  If your question is on webdynpro, you can restrict the users from editing the files by using UME roles.
  Ex: If you have view to show/edit the file, depending upon the logged in user you can disable/enable the file from editing.
  Regards, Anilkumar