Any Security Problems with Navigation with Short URLs?

Similar Messages

• Navigation using Short URLs

  Hi,
  I need to navigate from one page to another using short urls. I have a page P1 with iView V1 in it. I have another page P2. The hierarchy is as folllows:
  Role R1
  ..|__ page P1
  ........ |__ iView V1
  ..|__ page P2
  By clicking on a link in iView V1, i need to navigate to page P2 using short urls.
  I am passing the long url of page P2 (ROLES://portal_content/.../roleR1/pageP2...) as a iView property to V1.
  Can someone provide the code as to how to retrieve the short url(hashed valued) from the long url and how to navigate to page P2.
  Any help is appreciated.
  Regards,
  Melwyn.

  Hi Romano,
  Thanks for the reply.
  I tried the code snippet you gave me.
  However the method getNavigationNodeHashedName() is not appearing in the list of methods.
  I am only able to see the methods getInitialNodes(), getFirstNode(), getNode(), getNodes() and getNodeByQuickLink().
  Following is my import statement.
  import com.sapportals.portal.navigation.INavigationService;
  The jars that i am using are com.sap.portal.navigation.api_service_api.jar and com.sap.portal.navigation.service_api.jar.
  NWDS ver 7.0.15
  Portal ver 2004s SP 15
  Regards,
  Melwyn.

• Applet security problems while connecting with database

  i hav problem in the japplet connecting with sql database
  it gives security access denied error while running program as my driver is jdbc:odbc:bridge driver
  so for resolving this error how can i turn off security of applet and also which security permission to be change?
  plz reply

  baftos wrote:
  Maybe I should question the need to access a local database on the client PC.
  But anyway, the normal way to obtain security clearance is to use a signed applet.
  Another possibility is to grant the applet all permissions by modifying the security policy file of each client to grant your applet 'all permissions'. Note that in this case you must have access to each and every client PC or ask them to do so before running the applet.Database access at client's machine is ridiculous. I doubt this is what OP wants.
  @OP: request you to post the original security issue and the environment details.
  Thanks,
  Mrityunjoy

• Are there any know problems in DPS with HTML Resources on iOS8?

  We have a pdf in HTML Resources that works fine in iOS7, but the inline browser comes up blank with launched in iOS8. We've tested it with a 31 folio and a 27 folio in iOS8.

  Hi, again:
  We've also noticed that when we hyperlink to a pdf in a public url, as well as in HTML Resources, it also produces a blank inline browser screen in a 27 or 31 folio on a 4th Gen iPad running 8beta. Has your team been able to recreate the problem or find a work around for this issue?
  Thanks!

• Problem of navigation with UI Patterns

  Hi,
  I have developed one CAF(Entity Services) application & configured with UI Patterns by using following liink.
  http://localhost:50100/webdynpro/dispatcher/sap.com/cafUIconfigbrowser/ConfigBrowser
  now i am getting two view pages as follows
  1)For Create Employee
  http://localhost:50100/webdynpro/dispatcher/sap.com/cafUIptn~objecteditor/ObjectEditor?app.parameter1=&app.parameter2=N&app.configName=createEmployee
  2)For Search Employee
  http://localhost:50100/webdynpro/dispatcher/sap.com/cafUIptn~objectselector/ObjectSelector?app.configName=employeeSelector
  Now i want to navigate from one view page to another , or i want to send  or reterive data to & from database by implementing user defined buttons.
  can i do this thing by using UI Patterns.plz reply back ASAP.
  Thank You very much
  Pawan Mishra

  Hi,
  I have developed one CAF(Entity Services) application & configured with UI Patterns by using following liink.
  http://localhost:50100/webdynpro/dispatcher/sap.com/cafUIconfigbrowser/ConfigBrowser
  now i am getting two view pages as follows
  1)For Create Employee
  http://localhost:50100/webdynpro/dispatcher/sap.com/cafUIptn~objecteditor/ObjectEditor?app.parameter1=&app.parameter2=N&app.configName=createEmployee
  2)For Search Employee
  http://localhost:50100/webdynpro/dispatcher/sap.com/cafUIptn~objectselector/ObjectSelector?app.configName=employeeSelector
  Now i want to navigate from one view page to another , or i want to send  or reterive data to & from database by implementing user defined buttons.
  can i do this thing by using UI Patterns.plz reply back ASAP.
  Thank You very much
  Pawan Mishra

• Any security hole in this programm?

  The code below is a benchmarking harness for sorting algorithms.
  //a driver
  public class TestSort {
       static Object[] testData = {
            0.3, 1.3e-2, 7.9, 3.17
       public static void main(String[] args) {
            // TODO Auto-generated method stub
            Sort bsort = new SimpleSortDouble();
            SortMetrics metrics = bsort.sort(testData);
            System.out.println("Metrics: " + metrics);
            for (int i = 0; i < testData.length; i++)
                 System.out.println("\t" + testData);
  //used for storing statistic data
  public class SortMetrics implements Cloneable {
       public long probeCnt,               //data probes
            compareCnt, //comparing two elements
       swapCnt;     //swapping two elements
       public void init()
            probeCnt = swapCnt = compareCnt = 0;
       public String toString()
            return probeCnt + " probes" + compareCnt + " compares" + swapCnt + " swaps";
       /**overriding clone */
       public Object clone()
            try
                 return super.clone();
            catch (CloneNotSupportedException e)
                 throw new InternalError(e.toString());
  //this is the main framwork
  public abstract class Sort {
       private Object[] values;
       private final SortMetrics curMetrics = new SortMetrics();
       /** Invoked to do the full sort*/
       public final SortMetrics sort(Object[] data)
            values = data;
            curMetrics.init();
            doSort();
            return getMetrics();
       public final SortMetrics getMetrics()
            return (SortMetrics)curMetrics.clone();
       protected final int getDataLength()
            return values.length;
       protected final Object probe(int i)
            curMetrics.probeCnt++;
            return values[i];          
       protected final int compare(int i, int j)
            curMetrics.compareCnt++;
            Object d1 = values[i];
            Object d2 = values[j];
            if (d1 == d2)
                 return 0;
            else
                 return (Double.parseDouble(d1.toString()) > Double.parseDouble(d2.toString()) ? -1 : 1);
       protected final void swap(int i, int j)
            curMetrics.swapCnt++;
            Object tmp = values[i];
            values[i] = values[j];
            values[j] = tmp;
       protected abstract void doSort();
  //used to define a sorting alogrithm
  public class SimpleSortDouble extends Sort {
       @Override
       protected void doSort() {
            // TODO Auto-generated method stub
            for (int i = 0; i < getDataLength(); i++)
                 for (int j = 0; j < getDataLength() - i; j++)
                      if (compare(i, j) > 0)
                           swap(i, j);
  This is a question in �the java programming language(Third Edition) Page102�. I was required to find at least one security hole in �Sort� class that would let a sorting algorithm cheat on its metrics without being caught, assuming that the sorting algorithm author doesn�t get to write method �main�.
  In my naive opinion this framework is well-designed, since I find all the access method that shouldn�t be extended are declared final. It�s really hard for me to figure out any security problem.
  I�m very eager to know the answer, please enlighten me!

  How about this
  Object[] theList = new Object[getDataLength()];
  for(int i=0; i<theList.length; i++){
    theList[i] = probe(i);
  // we now have a local copy of the list.
  // we can do as many comparisions as we like on our local copy,
  // and just mirror the swaps with the sorting algorithm.
  for (int i = 0; i < getDataLength(); i++)
    for (int j = 0; j < getDataLength() - i; j++)
        if (theList.compareTo(theList[j] > 0)     
  swap(i, j);
  Thus we can falsify the number of comparisions we actually do.
  With a bit more effort, you can sort the list, figure out the minimum number of swaps needed to move the original list to the sorted one, and apply those ones.
  The trick is to avoid calling probe, compare and swap as much as possible.By calling probe once for each element, we no longer have to call compare to compare them.

• Need any security for Macs??

  Have recently converted from the PC dark side to my new iMac.
  In my research,have read endlessly that Macs don't get viruses,
  sound Linux base,only occupy small portion of the market,etc...
  Some Mac people I talk to don't run any antivirus or anything.
  Is there any security problems I should worry about (spyware)??
  If so,what pgms should I run?
  Shouldn't I have something so I don't send things to PC users?
  Thx,
  Doug

  sound Linux base,only occupy small portion of the
  market,etc...
  Just being nitpicky here, but OS X doesn't have a Linux base. It is based on NeXTStep which uses the Mach microkernel and a BSD subsystem, all of which predates Linux by a few years. Just because something is UNIX-based or UNIX-like doesn't mean it's Linux. OS X does include quite a few GNU utilities that are also included with most Linux distributions, but the utilities themselves aren't really "Linux" either, they are just sort of closely associated with Linux because Linux too is a UNIX-like OS.
  That out of the way, I don't run anti-virus software because to me, the hassle involved in doing so far outweighs the very small risk of getting a virus. There are no OS X viruses now, so the only risk is that eventually one will come out, and I'll be unlucky enough to be infected despite the fact that I'm already careful about what I do.

• Problem in navigating from one report to another in OBIEE 10g

  Hi,
  I am facing an issue with OBIEE 10g while applying navigation on my reports.
  Lets suppose I made a report showing list of all items(in broad categories) sold on a particular day, say Dairy, Frozen Foods, Chocolates etc.In this report there is a date prompt showing the date of sale.
  Now there are certain items that are distributed within these categories, like dairy includes milk, cheese, butter etc.
  Hence, my navigation should be like when I click on a particular item category, the control should move on to the report which has all items under that particular category and the prompt for this report should show the same date as passed in the previous report.
  But sometimes what happens is that on clicking the navigation from first report to the second one, the date is not persisting in the prompt. I say sometimes because at times the navigation does work correctly. This is a bug of Obiee or something which is giving unexpected results.
  Kindly help with your suggestions.
  Thanks
  Ankita

  Ankita,
  This is not a bug in OBIEE...I'm sure something is missing. If this is working for some cases and not working for some other case then you will need to find the root cause. Try in bits and pieces...Step by Step with some dates (unit testing). Ideally this shud work properly.
  For an instance try with OBIEE drilldown feature and not with navigation with a single sale date and observe the behavior.
  Hope its clear...

• Navigation with Short URLs for T.Code Published in the portal()

  Dear Expert
  We have the following issue:
  Requeriment:
  We created a report ABAP in the R/3. For this Report, the ABAP Team created a t.code ZPORTAL. For this t.code we created a service ITS in the t.code SICF, the name of this service is ZPORTAL. In the portal we created an type of iView IAC for call this service and assign the Iview to a page. And the Page to a role customer.
  In this moment the service work fine. The problem initial was that when the enduser press the button exit(Finalizar) the portal display the message Logged Off Successfully .
  We write in the forum of sdn with the following link:
  Logged Off Successfully
  And we made the step in the help.sap.com; But the result not is the that we wait.
  http://help.sap.com/saphelp_nw04s/helpdata/en/b3/7b8163404448e7aad7899c0b30313e/frameset.htm
  Please you can help me with suggestion.
  How can solve my issue and get the result that we wait..
  I can send documentation with the steps that I made, and the result that I want get.
  With kind regards
  Regards

  Hi,
  At System Administration > Navigation > Short URLs, the Short URL is activated?
  Can you see some URL codes on this page?
  Best regards
  João Macedo

• Navigation with Short URLs for T.Code Published in the portal ESS

  Dear Expert
  We have the following issue:
  Requeriment:
  We created a report ABAP in the R/3. For this Report, the ABAP Team created a t.code ZPORTAL. For this t.code we created a service ITS in the t.code SICF, the name of this service is ZPORTAL. In the portal we created an type of iView IAC for call this service and assign the Iview to a page. And the Page to a role customer.
  In this moment the service work fine. The problem initial was that when the enduser press the button exit(Finalizar) the portal display the message Logged Off Successfully .
  We write in the forum of sdn with the following link:
  Logged Off Successfully
  And we made the step in the help.sap.com; But the result not is the that we wait.
  http://help.sap.com/saphelp_nw04s/helpdata/en/b3/7b8163404448e7aad7899c0b30313e/frameset.htm
  Please you can help me with suggestion.
  How can solve my issue and get the result that we wait..
  I can send documentation with the steps that I made, and the result that I want get.
  With kind regards
  Regards

  Hi,
  At System Administration > Navigation > Short URLs, the Short URL is activated?
  Can you see some URL codes on this page?
  Best regards
  João Macedo

• Need to solve serious security problem with Oracle Reports URL

  As mentioned repeatedly on this forum, Oracle Reports allows serious security breaches that allow users to see reports that they did not generate -- it's easy to guess a legal URL by changing the getjobid parameter.
  I've reviewed the JavaDocs to part of the rwrun.jar file and reviewed some of the example report plugins. This shows promise in helping to solve this security problem but critical pieces are missing.
  1) The javadocs are accurate for only 10g (9.0.4) but not correct for 10g (10.1.2+), which we are currently using. I need access to the updated version of this javadoc.
  2) Even with the updated version of the JavaDoc, I haven't found a class from which to inherit that would give me the opportunity to generate random jobid values, which then would effectively prevent users from guessing other jobid values, and thereby gaining access to other's reports (which in our cases, may contain sensitive information.
  3) We have found that we can send the parameter=value of EXPIRATION=1 which helps protect such information, but this requires that every program which invokes a report be modified to add this parameter. It would be far better for the report server to be configured to use a java class we write that inherits from some rwrun.jar class that would by default, add the EXPIRATION=1 parameter.

  Hi,
  Thanks for our replies. I will ask to an administrator about this security problem, now I know it depends of a security parameter.
  But I would know if it could be possible to hide the technical name of the query in the url. It could improve the security level of our reports in a first time in this way.
  Thanks a lot,
  JW.

• Problems with navigation when deploy application on WebLogic 10.3

  Hi! I have problems with navigation when I deploy my application on Weblogic server 10.3. In my application I have two pages. One page where I can see the records. In this page I have button Create with action to secound jspx page. When I press this button then the first form (where I could see all records) is empty - the create operation worked, but navigation to second page not. Navigation rules is in adf task flow. In default server all works correct. Where is the problem?
  Maybe when I deploy my application I need specialy deploy adf task flow or somewhere write something? If so, then can you explain me where? Any suggestions what to do.
  Best regards!

  I have in log:
  2009.26.3 20:12:52 oracle.adfinternal.controller.faces.lifecycle.JSFLifecycleImp
  l setLifecycleContextBuilder
  WARNING: ADFc: Replacing the ADF Page Lifecycle implementation with 'oracle.adfi
  nternal.controller.application.model.JSFDataBindingLifecycleContextBuilder'.
  2009.26.3 20:12:52 oracle.adfinternal.controller.util.model.AdfmInterface initia
  lize
  INFO: ADFc: BindingContext is present, using ADFm APIs for DataControlFrames.
  2009.26.3 20:12:52 oracle.adfinternal.controller.metadata.provider.MdsMetadataRe
  sourceProvider <init>
  INFO: ADFc: Controller caching of MDS metadata resources ENABLED.
  2009.26.3 20:12:52 oracle.adf.controller.internal.metadata.MetadataService$Boots
  trap add
  INFO: ADFc: Loading bootstrap metadata from '/WEB-INF/adfc-config.xml'.
  2009.26.3 20:12:54 oracle.adf.share.security.providers.jps.CSFCredentialStore fe
  tchCredential
  WARNING: Unable to locate the credential for key AUGI in D:\bea\user_projects\do
  mains\base_domain\config\oracle.
  2009.26.3 20:12:54 oracle.adf.share.jndi.ReferenceStoreHelper throwPartialResult
  Exception
  WARNING: Incomplete connection information
  Edited by: Debuger on Mar 26, 2009 11:18 AM

• HT2506 Hello I'm unable to open any pdf's with preview window opens up with message file couldn't be opened because you don't have permission to view it (none of the pdf's have any security thanks if you can assist

  Hello this week I'm unable to open any pdf's with preview, when I select to open a window opens up with message "file couldn't be opened because you don't have permission to view it" none of the pdf's have any security thanks if you can assist

  Back up all data. Don't continue unless you're sure you can restore from a backup, even if you're unable to log in.
  This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it.
  Step 1
  If you have more than one user account, and the one in question is not an administrator account, then temporarily promote it to administrator status in the Users & Groups preference pane. To do that, unlock the preference pane using the credentials of an administrator, check the box marked Allow user to administer this computer, then reboot. You can demote the problem account back to standard status when this step has been completed.
  Triple-click the following line to select it. Copy the selected text to the Clipboard (command-C):
  { sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:staff ~ $_ ; sudo chmod -R u+rwX ~ $_ ; chmod -R -N ~ $_ ; } 2> /dev/null
  Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window (command-V). You'll be prompted for your login password. Nothing will be displayed when you type it. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
  The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.
  Step 2 (optional)
  Take this step only if you have trouble with Step 1 or if it doesn't solve the problem.
  Boot into Recovery. When the OS X Utilities screen appears, select
  Utilities ▹ Terminal
  from the menu bar. A Terminal window will open.
  In the Terminal window, type this:
  res
  Press the tab key. The partial command you typed will automatically be completed to this:
  resetpassword
  Press return. A Reset Password window will open. You’re not  going to reset a password.
  Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Under Reset Home Directory Permissions and ACLs, click the Reset button.
  Select
   ▹ Restart
  from the menu bar.

• Unable to connect to any secure sites with any browser

  I am unable to connect to any secure sites. I downloaded Firefox with the hopes that it would fix the problem but it did not. What ever browser I use I cant connect to any secure sites. All of the other pages load correctly.
  I have a PC notebook that I tried to load the same sites it worked fine, so I know that it is not a connecting problem.
  emac Mac OS X (10.4.6)
  ibook   Mac OS X (10.2.x)  

  Are you connecting via dial up or high speed through a router? If that latter, check the firewall settings of the router. I have my router set to medium (high, medium, low, & none) and it works most of the time. But occationally I get to sites that won't load and setting the router (temporarily) to low usually allows me to access those sites. So perhaps this is your issue.
  I think there are ways to add those sites to router security lists or "services" that will now let them through with the higher security settings, but I need it so rarely I haven't bothered to figure it out yet.
  Patrick

• After loading lion, I get an error message "There was a problem connecting with the server.  URL's with the type "file" are not supported."

  After loading Lion, I have been getting an error message "There was a problem connecting to the server.  URLs with the type "file:" are not supported."  There does not seem to be any actual problem with internet connectivity, but it is persistent and annoying.  Any idea of its cause and treatment?

  Take a look at this link, https://discussions.apple.com/message/16156214#16156214