ADF and SQL-Injection?
Hi
As I understand there is no any protection!!! Do view parameters work as parameters in JDBC prepared statement? I looked at examples and it looks they are just replaced with string as parameter value to make new string !!!
Andrius
Andrius,
to my knowledge only prepared statements provide you some level of safety and even herte I would recommend caution. The recommended approach for SQL Injection is to filter it either in a Servlet filter (which may be hard to do, but there is a library called mod_security by Ian Ristic that is open source and can be configured for additional security). In addition you can add custom code to the BC code that sets the parameters for the parameterized query to check for SQL injection. This can be done with Regular Expressions:
As an example:
Pattern p = Pattern.compile("(?i)\\bcreate|insert|delete|drop|update\\b");
Matcher m = p.matcher(username);
if (m.find())
// reject the request
Note that the example doesn't check for all possible patterns
Depending on your front end, additional checks can be provided. If e.g. in teh future you build applications with JSF, you could create a RegEx Validator to filter SQL injections.
Oracle ADF V2 comes with a declarative validator on the data binding level that support Regular Expressions defined on the attribute level. This I think should provide you the level of security you will expect.
Frank
Similar Messages
-
Dreamweaver CS3 and sql injection....
Any news if Dreamweaver CS3 will have the same "problems"
brought on by the
8.0.2 update to Dreamweaver 8?
Thanks!Excellent...glad to hear it and I look forward to getting
CS3. I held off
on 8 because of the so called problems.
"Murray *ACE*" <[email protected]> wrote
in message
news:[email protected]...
> Yes, that's what I do. Honestly, I've not seen any
problems there.
>
> --
> Murray --- ICQ 71997575
> Adobe Community Expert
> (If you *MUST* email me, don't LAUGH when you do so!)
> ==================
>
http://www.dreamweavermx-templates.com
- Template Triage!
>
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
>
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
>
http://www.macromedia.com/support/search/
- Macromedia (MM) Technotes
> ==================
>
>
> "Pizza Good" <[email protected]> wrote in
message
> news:[email protected]...
>>I think it comes up more when you have a form and
pass the values to a
>>recordset which uses those values to query and filter
a recordset.
>>
>>
>> "Murray *ACE*"
<[email protected]> wrote in message
>> news:[email protected]...
>>>I am processing form input, which I believe is
where SQL injection comes
>>>in.
>>>
>>> --
>>> Murray --- ICQ 71997575
>>> Adobe Community Expert
>>> (If you *MUST* email me, don't LAUGH when you do
so!)
>>> ==================
>>>
http://www.dreamweavermx-templates.com
- Template Triage!
>>>
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
>>>
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
>>>
http://www.macromedia.com/support/search/
- Macromedia (MM) Technotes
>>> ==================
>>>
>>>
>>> "Pizza Good" <[email protected]> wrote
in message
>>> news:[email protected]...
>>>> That's good, or perhaps you are not building
the types of sites that
>>>> may encounter the so called problems?
>>>>
>>>>
>>>> "Murray *ACE*"
<[email protected]> wrote in message
>>>> news:[email protected]...
>>>>>I have to say that I've used 8.0.2 with
such things quite a bit and not
>>>>>encountered *any* of the posted problems.
>>>>>
>>>>> --
>>>>> Murray --- ICQ 71997575
>>>>> Adobe Community Expert
>>>>> (If you *MUST* email me, don't LAUGH
when you do so!)
>>>>> ==================
>>>>>
http://www.dreamweavermx-templates.com
- Template Triage!
>>>>>
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
>>>>>
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
>>>>>
http://www.macromedia.com/support/search/
- Macromedia (MM) Technotes
>>>>> ==================
>>>>>
>>>>>
>>>>> "Paul Whitham AdobeCommunityExpert"
<[email protected]> wrote in
>>>>> message
news:[email protected]...
>>>>>> Using stored procedures is a good
safe guard against SQL injection
>>>>>> because you have to define your
parameter types, in much the same way
>>>>>> that the parameters in the 8.0.2
worked.
>>>>>>
>>>>>> Yes it did break a number of
extensions because the underlying code
>>>>>> was completely rewritten but it is
my understanding that most of
>>>>>> these were subsequently patched to
work with it.
>>>>>>
>>>>>> --
>>>>>> Paul Whitham
>>>>>> Certified Dreamweaver MX2004
Professional
>>>>>> Adobe Community Expert - Dreamweaver
>>>>>>
>>>>>> Valleybiz Internet Design
>>>>>> www.valleybiz.net
>>>>>>
>>>>>> "Pizza Good"
<[email protected]> wrote in message
>>>>>>
news:[email protected]...
>>>>>>>I think what he is referring to
is the sql injection "prevention"
>>>>>>>code that was introduced in the
8.0.2 update. I read a bunch of
>>>>>>>issues related to the way
recordsets were coded and that a page that
>>>>>>>was coded lets say in ASP using
8.0.1 that had used QueryString
>>>>>>>values that were passed into the
recodset for filtering/searching no
>>>>>>>longer worked. I also read that
8.0.2 "broke" a lot of extensions
>>>>>>>because of the fix.
>>>>>>>
>>>>>>> I am still using MX2004, but I'm
curious if the supposed problems
>>>>>>> that came up with 8.0.2 could be
totally avoided if a programmer
>>>>>>> used Stored Procedures?
>>>>>>>
>>>>>>> Hopefully that makes sense.
>>>>>>>
>>>>>>>
>>>>>>> "Paul Whitham
AdobeCommunityExpert" <[email protected]> wrote in
>>>>>>> message
news:[email protected]...
>>>>>>>> Most of the change that was
made to the recordset in 8.0.2 was to
>>>>>>>> eliminate SQL injections.
What specifically are you refering to as
>>>>>>>> an issue now
>>>>>>>>
>>>>>>>> --
>>>>>>>> Paul Whitham
>>>>>>>> Certified Dreamweaver MX2004
Professional
>>>>>>>> Adobe Community Expert -
Dreamweaver
>>>>>>>>
>>>>>>>> Valleybiz Internet Design
>>>>>>>> www.valleybiz.net
>>>>>>>>
>>>>>>>> "Brendon"
<[email protected]> wrote in message
>>>>>>>>
news:[email protected]...
>>>>>>>>> Those that are beta
testing it would know - if they were doing
>>>>>>>>> serverside/sql related.
It wouldn't be speculation at all - in
>>>>>>>>> fact it would be pretty
straight forward to test.
>>>>>>>>> I'd be very surprised if
they havn't fixed the issue - in fact I
>>>>>>>>> thought it was fixed in
the 8.0.2 update, but I could be wrong.
>>>>>>>>>
>>>>>>>>> Brendon
>>>>>>>>>
>>>>>>>>> "Deaf Web Designer"
<[email protected]> wrote in
>>>>>>>>> message
news:[email protected]...
>>>>>>>>>> DW CS3 is not here
as yet.
>>>>>>>>>>
>>>>>>>>>> Only time will tell
once you have DW CS3 installed on your
>>>>>>>>>> platform and find
>>>>>>>>>> out if that is the
case.
>>>>>>>>>>
>>>>>>>>>> At this point, it is
all speculation without knowing the fact of
>>>>>>>>>> the problem.
>>>>>>>>>> Try to be a bit more
patient until official release of product
>>>>>>>>>> sometime this
>>>>>>>>>> spring.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
> -
I'm using Business Components on a SQL Server database. I'm able to insert and select records from the database. But while trying to either update or delete I get an error due to the fact that SQL Server does not seem to support the "For Update" clause that BC uses for updates and deletes. What can I do to update and delete records from SQL Server via ADFBC?
You can try to change the configuration you are testing. Right click on the app module->configuration, select the one you are testing and go to the properties tab. Scroll down to the jbo.sql92.LockTrailer and change it. See if this helps.
Timo -
SQL Injections and XSS - Escaping Special Characters
Hi, hope someone can help in regards to security and SQL Injections and XSS.
We are using APEX 4.0.2 on Oracle 11.2.0.2.
1. It seems the special characters we have entered into normal 'Text Items' 'Text Areas' etc are not being escaped (ie <,>,&, '). If I enter them into the field (ie Surname) they are saved as is into session state and the database - no escaping. Am I missing something such as an environment setting as I thought the "smart" oracle escaping rules would cater for this.
Surely I don't have to manually do each of then.
Just to confirm, am I looking in the correct places to assess if the characters are escaped or not - ie should they show as '&<>' in session state and/or the database ?
2. Also, for the Oracle procedures such as '‘wwv_flow.accept’ , ‘wwv_flow.show’ , 'wwv_flow_utilities.show_as_popup_calendar' - do these escape special characters. If not, then they must be vulnerable to SQL Injections attacks.
Thx
NigelRecx Ltd wrote:
Just to pitch in, escaping values internally (either in the database or session state) is extremely problematic. Data searches, string comparison, reporting and double escaping are all areas which suffer badly when you do this.
Stripping characters on input can also cause problems if not considered within the context of the application. Names such as "O'Niel", statistical output such as "n < 300", fields containing deliberate HTML markup can be annoying to debug. In certain situations stripping is totally ineffective and may still lead to cross-site scripting.
Apex applications that share the database with other applications will also be affected.
The database should contain 'raw' unfettered data and output should be escaped properly, as Joel said, at render time. Either with Apex attributes or using PLSQL functions such as htf.escape_sc() as and when required.Do not needlessly resurrect old threads. After a couple of months watches expire and the original posters are not alerted to the presence of your follow-up.
Shameless plug: If you are in the game of needing to produce secure Apex code, you should get in touch.This crosses the line into spam: it violates the OTN Terms of Use—see 6(j).
Promotional posts like this are liable to be removed by the moderators. -
SQL Injection and variable substitutions
Hello helpful forum, I'm trying to understand what really goes on "behind" the scenes
with the variable substitutions in order to protect from sql injections.
I'm using apex 3.0.0.00.20
The trickiest component seems to be a Report of type "pl/sql returning sql", since
multiple dynamic sql interpretations are done there.
consider the following innocent looking disaster:
DECLARE
l_out VARCHAR2(2000);
BEGIN
l_out := 'select * from test_injection t where t.name like ''%' || :NAME || '%''';
RETURN l_out;
END;
if NAME is a single quote the report will return:
failed to parse SQL query: ORA-00911: invalid character
which hints to the fact that NAME is not escaped, and you are in fact able to access db functions
as in: '||lower('S')||'
I also tried to put there a function that runs in a autonomous transaction to log its calls, and
I see that it's called five times for each request.
consider now the similar solution (notice the two single quotes):
DECLARE
l_out VARCHAR2(2000);
BEGIN
l_out := 'select * from test_injection t where t.name like ''%'' || :NAME || ''%''';
RETURN l_out;
END;
with this second example nothing of the above is possible.
So my theory (please confirm it or refute it) is that there is a first variable substitution done
at the pl/sql level (and in the second case :NAME is just a string so nothing is substituted).
Then the dynamic sql is executed and it returns the following string:
select * from test_injection t where t.name like '%' || :NAME || '%'
now another substitution is done (at an "APEX" level) and then query is finally executed to return
the rows to the report.
The tricky point seems to be that the first substitution doesn't escape the variable (hence the error
with the single quote), while the second substitution does.
Please let me know if this makes sense and what are the proper guidelines to avoid sql injection with
the different kinds of reports and components (SQL, pl/sql returning sql, processes, ...)
ThanksGiovanni,
You should build report regions like this using the second method so that all bind variables (colon followed by name) appear in the resultant varchar2 variable, l_out in your example, which will then be parsed as the report query. This addresses not only the SQL injection problem but the shared-pool friendliness problem.
Scott -
SQL Injection with CF7 and MS SQL 2005
I looked through a bunch of SQL injection posts and couldn't
find a definitive answer to this...
Let me introduce this by saying that I know I should be using
CFQUERYPARAM with EVERY CF variable in a CFQUERY tag. No excuses.
But for a necessary quick fix, if I only use it for numeric
DB fields, is SQL injection still possible (using MS SQL 2005)?
I've yet to successfully perform SQL injection while manipulating a
variable surrounded by single quotes in the query.
Scenario 1) select * from users where user_id=#form.user_id#
...is a gimme to hack, but
Scenario 2) select * from users where
password='#form.password#' ...is another story
Has anyone ever heard of a successful SQL injection attack in
a Scenario 2 situation.
I'll fix everything up eventually, but I've got a Pen Test
coming up soon, and a lot of raw code to review.
Thanksquote:
Originally posted by:
Dan Bracuk
What others can do is more relevent than what we think. When
in doubt, test.
very true, although my final solution went more like, "When
in doubt, manually add about 600 cfqueryparams in 406 cfquery
tags". -
SQL Injection - cfqueryparam and other techniques to stop abuse?
We have been having a lot of issues with SQL injection lately and so we are trying various methods to secure the data better.
First off we have been utlizing cfqueryparam on the queries that are being hit. I am also optimizing the data tables so that more maxlengths are in place.
What else can be done to improve security? I have looked up everything and anything on the internet and keep seeing the cfqueryparam.
Does changing the variables or table names make any difference? We are trying that, but I want to make sure it is not a waste of our time.
Thanks for any other suggestions.CFqueryparam is a good fist step, though you should note that it will not protect some queries. For example if you have a sort by or order by that is dynamic, cfqueryparam wont help in that case. You will need to review data and validate for that.
You should also be checking for XSS vulnarabilities.
http://www.12robots.com/index.cfm/2008/8/4/Persistent-XSS-Attacks-and-countermeausures-in- ColdFusion
The blog above has a great number of CF sercurity related posts.
Pete Freitag has a nice security scanner that will look at your CF server and highlight any missing patches and some other issues
http://www.petefreitag.com/item/721.cfm
There are some open source projects that will also filter out common sql injection and xss attacks on a code level.
http://portcullis.riaforge.org/
Finally there are several conferences in the CF world coming up, and all surely have some security sessions. You may want to attend. -
XML Validation using java for SQL Injection and script validation
I have an input coming from xml file.
I have to read that input and validate the input against sql injections and scripts.
I require help now how to read this xml data and validate against the above two options.
I am a java developer.
in this context what is marshelling?http://www.ibm.com/developerworks/library/x-javaxmlvalidapi.html?ca=dgr-lnxw07Java-XML-Val
http://java.sun.com/j2se/1.5.0/docs/api/javax/xml/validation/package-summary.html
The following code validates the xml against a xml schema
// define the type of schema - we use W3C:
String schemaLang = "http://www.w3.org/2001/XMLSchema";
SchemaFactory factory = SchemaFactory.newInstance(schemaLang);
Schema schema = factory.newSchema(new StreamSource("sample.xsd"));
Validator validator = schema.newValidator();
// at last perform validation:
validator.validate(new StreamSource("sample.xml"));Message was edited by:
haishai -
[ask] about oracle sql injection and escalation
Hello,i'm student , i'm studying oracle,now i want to research about oracle sql injection,i had read some tuttorial such as *'Hacking Oracle From Web,Advanced SQL Injection In Oracle Databases,Oracle Hacker HandBook ...'* but when i try to demo on localserver (11.0.1.6) but not run,and this is my demo
-- first,i created table users
create table users (name nvarchar2(50),pass nvarchar2(50))
-- then i created procedure with system user
create or replace procedure system.adduser(u nvarchar2,p nvarchar2)
as
begin
insert into users values(u,p);
end;
-- grant execute privilege to oc user
grant execute on adduser to oc
-- login with user oc and create a procedure
create or replace procedure sqli
as
begin
execute immediate 'grant dba to oc';
end;
-- and then,i run system's procedure
declare
begin
system.adduser('admin','admin'' ; execute immediate ''declare begin sqli() end;');
end;
i hope oracle master help me to i can understand and improving my knowledge
ThanksThe best forum for this is probably Forum Home » Java » SQLJ/JDBC
Presumably you are refering to oracle.sql.TIMESTAMP. While this is intended to (and does) correspond to java.sql.Timestamp it can't be a subclass because it needs to be a subclass of oracle.sql.Datum. -
SQL Injection and Java Regular Expression: How to match words?
Dear friends,
I am handling sql injection attack to our application with java regular expression. I used it to match that if there are malicious characters or key words injected into the parameter value.
The denied characters and key words can be " ' ", " ; ", "insert", "delete" and so on. The expression I write is String pattern_str="('|;|insert|delete)+".
I know it is not correct. It could not be used to only match the whole word insert or delete. Each character in the two words can be matched and it is not what I want. Do you have any idea to only match the whole word?
Thanks,
Ricky
Edited by: Ricky Ru on 28/04/2011 02:29Avoid dynamic sql, avoid string concatenation and use bind variables and the risk is negligible.
-
We have recently had an SQL injection attack on our site. The web form in question was calling a second cfm with a post command. The second cfm did the actually db insert. After extensive research and revamping of the web form I believed that I had shut it down rather convincingly. I did the following to secure the form:
- implemented the cfqueryparam tag on all applicable fields being entered in the form
- introduced a hidden, random numeric variable for verification before completing the insert; it tests for its existence and if it is numeric
- consolidated the two cfms into one page so the entry and insert are done in one cfm (to eliminate injection going directly thru insert cfm)
However, I am still getting intermittent injection errors into my MS SQL table. I don't believe it is getting in through the revised web form and am at a loss as to how it's getting through.
I am now at the point that I am looking for a utility that will scan through my site or specific pages to identify SQL injection vulnerabilties. I found something called SQLFury and downloaded it; however, there is literally no documentation with it and I have no idea how to run it. I've researched the web and found no assistance on how to use this utility. Is anyone familiar with this utility or does anyone know of any other utility that will assist with validating ColdFusion methods?
Any assistance would be very much appreciated.Ian:
Thanks for the information. The utility is helpful and confirmed for me that my page was secure from SQL injection. The additional insight you provided has lead me to discover that my issue was not an SQL injection, but a Cross Scripting attack. A web vulnerability utility from Acunetix helped me determine that.
Thanks again,
...Wes -
SQL Injection and cfqueryparam
I was told to look into <cfqueryparam> to assist in
fighting sql-injection
and it makes perfect sense, up until I thought of a different
scenario...
This tag seems great when you are dealing with numbers or
text that you can
restrict the number of characters, but what if you have a
textarea that
allows for a large amount of text to be entered? I.E. a
search field for
records that uses keywords.
How you stop someone from entering damaging sql into an area
that accepts
this?
Thanks for any education.
Wally Kolcz
MyNextPet.org
Founder / Developer
586.871.4126WebDev wrote:
It works because <cfqueryparam ....> tells the DBMS
that this data is a
value NOT SQL. The DBMS will then never process it as SQL.
When you
write the SQL and Values straight into the code, then the
DBMS does not
know what is what and assumes it all must be SQL.
An Example...
<cfquery ....>
SELECT aField FROM aTable WHERE aField = '#aValue#'
</cfquery>
With this code, ColdFusion process the entire body of the
<cfquery...>
tag into a string and sends that entire string to the DBMS as
SQL. The
DBMS then processes what it was given. If somebody can modify
the
aValue variable to change the SQL string - that is what is
processed.
<cfquery ...>
SELECT aField FROM aTable WHERE aField = <cfqueryParam
value="#aValue#"...>
</cfquery>
With this code ColdFusion process the SQL and the queryParam
as separate
things. It sends the DBMS the SQL with parameters and a list
of values
to be used in those parameters. The DBMS knows the parameters
are not
SQL and will not process it as SQL and if the parameter
contains SQL it
will just be used as a value and not parsed.
FYI... That is how <cfqueryparam...> can improve
performance. By
knowing what parts of the SQL are variables, it can cache the
SQL and
just use different variables when they are passed to the
DBMS.
HTH
Ian -
Is cfinsert and cfupdate open to SQL Injection
Hello All,
I'm looking for a real answer on if cfinsert and cfupdate are vulnerability to SQL Injection. The closest thing I can find from Adobe is Ben Forta's Personal recommendation. I was hoping to find some form of "official note" in the live docs to indicate there is a SQL Injection issue with cfinsert - cfupdate. (Other than someone's post to Ben's Blog)
http://www.forta.com/blog/index.cfm/2006/10/3/Use-CFINSERT-And-CFUPDATE
In this forum I have seen this question asked, and the only answer is "You should validate your inputs". Yes, you should, but that does not answer the question of if cfinsert and cfupdate is vulnerability to SQL Injection.
I have found this blog entry that if I interpret is correctly from his findings cfinsert and cfupdate where only vulnerability to SQL Injection IF you did not give cfinsert - cfupdate the list of fields to take action on. -Is this true?
http://blog.securityps.com/2009/05/demystifying-cfinsert-sql-injection.html
Also, on a closely related note, is cfinsert - cfupdate on ColdFusion 9 also vulnerable? If so, why? Seems like a BUG that could be easly addressed by the CF server team.
Thank you,I do agree with you here. But to be devil's advocate for a second: the same could be said of <cfquery>. One has to take additional measures to ensure the same vulnerabilities are mitigated with that.
I'm not sure that it's really news that these two tags are not the most well-thought-out features in the CF arsenal, and if you listen to most opinions in the community regarding <cfinsert> and <cfupdate>, it's: "don't use them".
They're great for quick and dirty insert/update processes in internal or test code, but I'd never use them in production.
It also remains a fact that any external input (form fields, URL param) must be validated as being kosher and within expected margins before they're used in any way. That is just common sense. And if one neglects to do that: one brings any eventuality onto one's self. The problem here really is with people not doing their "due diligence" on externally sourced data, not specififcally with <cfinsert>, <cfupdate> or <cfquery>.
Still: I think Adobe should make it more clear in the docs that additional measures need to be take to make them safe. And by that time... one might as well use a <cfquery> to do the SQL.
Adam -
Web and Database Security - SQL Inject info
Web and Database Security - SQL Injection.
Here is a whitepaper on The Dangers of Dynamic Content (SQL Injection)
http://www.issadvisor.com/viewtopic.php?t=125
SQL Injection. 3 parts. The first part discusses the basics of how to test
web applications for SQL injection vulnerabilities. The second part goes into
the specifics of how to manually identify and test for SQL injection
vulnerabilities. And the third part describes how to exploit SQL injection to
retrieve data from the database.
http://www.issadvisor.com/viewtopic.php?t=123
Understanding this critical security issue, helps web developers that leverage
database must design and make their applications more secure.
Hopefully these two links are informative and useful. Please pass them on.An APEX page can certainly be configured to not require authentication (that's pretty standard for the login/ registration page). There is no need for an "Oracle public password." There are accounts in the Oracle database that APEX uses but that no human needs to know the password for. If that's what you mean by "Oracle public password" then, yes, you do. But that would be the case no matter what authentication and authorization scheme you use in APEX.
A static IP address for your web server is likely a good idea. It's possible to have DNS work with dynamic IP addresses but that's probably not what you want.
Justin -
SQL Injection when using Search by Example on a View Object
It seems that the SQL queries generated by "Search by Example" pattern (When you drop a view object as a Search Form) are not using bind parameters, and will be vulnerable to SQL injection attacks. This pattern is very handy and could be very useful to create search pages. Is there a way to avoid SQL Injection and still use this feature in ADF?
ChandreshHi,
from a training slide developed by Duncan Mills:
When the user is in Find mode and enters some information, he or she is constructing a ViewCriteria row. Each attribute in the View object exists in this row and any values that the user enters into the fields are mapped into these attributes.
In most circumstances, you will only ever have one criteria row, although the developer can allow multiple rows if the Create operation is called during Find mode.
To parse the entered query values, you need to look at each row, and then at each attribute. Calling getAttribute() returns the value the user entered (if any) for that field. You can then pass that string to a filter routine (shown in the next slide), which inspects this value for errors.
The filter routine can then change the example value if required and reset the criteria.
import java.util.regex.Matcher;
import java.util.regex.Pattern;
protected String detectInjection(String criteria) {
boolean reject = false;
String testPattern = "^(>=|<=|=<|=>|<|>|<>|!=|=|BETWEEN|IN|LIKE|IS)";
String testCriteria = criteria.trim().toUpperCase();
if (testCriteria != null && testCriteria.length() > 0) {
Pattern pattern = Pattern.compile(testPattern);
Matcher matcher = pattern.matcher(testCriteria);
if (matcher.find())
reject = true;
return reject?null:criteria;
}Frank
Maybe you are looking for
-
Can you share files in the cloud with people who are not on the team?
Just wondering if you can share files with people that are not on the team. The paid for team members.
-
I have captured and edited a short clip from a Sony HVR-Z1E into FCP5. I am trying to get this clip into DSP4. I continually get "incompatible format" errors. In DSP4 i have the project set as HD and the "menus, tracks and slideshows" set as 1440x108
-
Transfer Asset from Non Depreciating Asset Class to Depreciating Asset Clas
We use the fixed asset subledger to maintain patents and patent applications. The patent applications do not amortize. How do I transfer from the patent application class to the patent class which will begin to amortize?
-
Do the purchase order can be created with several purchasing groups?
Hello gúrus, I need your help again a.s.a.p. please! We are implementing SAP R/3 ECC 600 and we have SRM too. In the SRM is possible to create a purchase order with several purchasing groups, but, in MM we cannot because of the purchasing groups is t
-
"Additional Content" downloads can be continued!
Here's something I wasn't aware of until I just happened to fumble into it: The other day, while downloading some of Logic Pro X's "Additional Content" instruments at a place that had free Wi-Fi (I have a limited montly allowance of 5Gb through Veriz