Applet Security Restrictions Error

Similar Messages

• Java Applet Security Restriction?

  Hi,
  I wrote a java applet and test it on my computer. When I view it with applet viewer I can view the applet correctly. But when I try to view on the Internet Explorer, it said "Java Applet Started" But I didn't see anything on the screen.
  This happens when I actually incorporate the JFileChooser. When I take out that, the applet can run.
  What I think is, even if I run the applect in Internet Explorer, since I am actually running directly from my computer (i.e C:\Myapplet.html) and not even through Apache or IIS why I won't be able to carry out such operation?

  Output from JavaConsole
  Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.util.PropertyPermission user.dir read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       at java.io.Win32FileSystem.getUserPath(Unknown Source)
       at java.io.Win32FileSystem.resolve(Unknown Source)
       at java.io.File.getAbsolutePath(Unknown Source)
       at sun.awt.shell.Win32ShellFolder2.<init>(Unknown Source)
       at sun.awt.shell.Win32ShellFolder2.listFiles(Unknown Source)
       at sun.awt.shell.ShellFolder.listFiles(Unknown Source)
       at sun.awt.shell.Win32ShellFolderManager2.get(Unknown Source)
       at sun.awt.shell.ShellFolder.get(Unknown Source)
       at javax.swing.plaf.metal.MetalFileChooserUI.updateUseShellFolder(Unknown Source)
       at javax.swing.plaf.metal.MetalFileChooserUI.installComponents(Unknown Source)
       at javax.swing.plaf.basic.BasicFileChooserUI.installUI(Unknown Source)
       at javax.swing.plaf.metal.MetalFileChooserUI.installUI(Unknown Source)
       at javax.swing.JComponent.setUI(Unknown Source)
       at javax.swing.JFileChooser.updateUI(Unknown Source)
       at javax.swing.JFileChooser.setup(Unknown Source)
       at javax.swing.JFileChooser.<init>(Unknown Source)
       at javax.swing.JFileChooser.<init>(Unknown Source)
       at FotoUpload.createGUI(FotoUpload.java:48)
       at FotoUpload.access$000(FotoUpload.java:24)
       at FotoUpload$1.run(FotoUpload.java:86)
       at java.awt.event.InvocationEvent.dispatch(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  This is what happen when I run my code below
  * FotoUpload.java
  * Created on November 15, 2006, 11:30 AM
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  * @author Leo Liu
  import java.io.*;
  import javax.swing.JApplet;
  import java.awt.*;
  import java.awt.event.*;
  import javax.swing.*;
  import javax.swing.border.*;
  import javax.swing.JComponent.*;
  import javax.swing.filechooser.*;
  public class FotoUpload extends JApplet implements ActionListener{
      JButton BtnBrowse;
      JPanel PnlUpload;
      JFileChooser fcSelectFile;
      JTextArea log;
      private void createGUI(){
          setLayout(new BorderLayout(5,5));
          //Making Button
          BtnBrowse=new JButton("Browse");
          BtnBrowse.setToolTipText("Click on Browse to select picture");
          BtnBrowse.setAlignmentX(Component.RIGHT_ALIGNMENT);
          BtnBrowse.setPreferredSize(new Dimension(30,20));
          BtnBrowse.addActionListener(this);
          //Putting Button inside the panel and specifying the button size
          JPanel PnlBrowse = new JPanel();
          PnlBrowse.setLayout(new BoxLayout(PnlBrowse, BoxLayout.X_AXIS));
          PnlBrowse.add(Box.createRigidArea(new Dimension(30,20)));
          PnlBrowse.add(BtnBrowse);
          //Create a file chooser
          fcSelectFile = new JFileChooser();
          //Creating Panel to show selected pictures for uploading
          PnlUpload=new JPanel();
          PnlUpload.setBorder(javax.swing.BorderFactory.createTitledBorder("Place Pictures to Upload"));
          PnlUpload.setToolTipText("You can drag and drop images into this area");
          log=new JTextArea(5,20);
          log.setMargin(new Insets(5,5,5,5));
          log.setEditable(false);
          PnlUpload.add(log);
          //adding UI components to Applet
          add(PnlBrowse,BorderLayout.NORTH);
          add(PnlUpload,BorderLayout.CENTER);
      public void actionPerformed(ActionEvent e) {
          if (e.getSource() == BtnBrowse) {
              int returnVal = fcSelectFile.showDialog(this,"Select");
              if (returnVal == JFileChooser.APPROVE_OPTION) {
                  File file[]= fcSelectFile.getSelectedFiles();
                  //This is where a real application would open the file.
                  int count=0;
                  while(count<file.length)
                      log.append("Opening: " + file[count].getName() + ".\n");
                      count++;
              } else {
                  log.append("Open command cancelled by user.\n");
      public void init() {
          javax.swing.SwingUtilities.invokeLater(new Runnable() {
              public void run() {
                  createGUI();
  }It seems like I need to catch some exception or something. Can anyone help me?

• Applet security restrictions

  Can an applet make a connection to a parallel port to check for paper out??
  Would it make a differemce if it was a signed applet and what is involved in signing an applet?
  thanks in advance

  Can an applet make a connection to a parallel port to check for paper out??No.
  Would it make a differemce if it was a signed appletYes.
  and what is involved in signing an applet?Ask the correct forum. Obtaining a certificate (costs $$$) is one of the important steps.

• Do the security restrictions on applets apply to local applets?

  Hi,
  I read:
  "Current browsers impose the following restrictions on any applet that is loaded over the network:
  An applet cannot load libraries or define native methods.
  It cannot ordinarily read or write files on the host that's executing it.
  It cannot make network connections except to the host that it came from.
  It cannot start any program on the host that's executing it.
  It cannot read certain system properties.
  Windows that an applet brings up look different than windows that an application brings up. "
  What if I have a directoy called "test" on my computer with a *.html site that contains an applet (lets say testApplet.class). Can this applet then establish network connections (for example) or do the security restrictions still apply?

  Any unsigned applet running in a browser is restricted regardless of where it was loaded from. That's just the way it is.
  Either change the program to an application or look into how to "sign" the applet so that it has more freedom.

• Security restrictions , how to read access a txt file supplied in a jar

  I had written a simple application which uses file handling to display random line from a file on a swing window
  but I do not know how to give my web application permission to access a file
  when I set security permission to all, then error says the application cannot load because the code require unrestricted acess to system resources and is unsigned, I don't know how to get that certificate and I am only doing it for learning purposes.
  when I remove security permissions then it says
  access denied java.io.FilePermissions geekjoskes.txt readPlease help
  I locally signed the jar file, and give my jnlp fiel all permissions, worked fine in my system but when I access same file from local lan it sho errors ,
  please help, I have my txt file stored in my jar file with main class
  the whole jnlp file is
  <?xml version="1.0" encoding="utf-8"?>
  <!-- JNLP File for geek jokes -->     
  <jnlp spec="1.0+"
         codebase="http://localhost/javasoft/webstart/"
        href="geekjokes.jnlp">
     <information>
        <title>Geek Jokes</title>
        <vendor>Vaibhav Mishra</vendor>
        <description>Geeky jokes</description>
        <homepage href="http://scjpbeginner.blogspot.com"/>
        <description kind="short">shows random jokes</description>
        <offline-allowed/>
     </information>
     <resources>    
          <jar href="GeekJokes0.1.jar"/>  
       <j2se version="1.6+"
             href="http://java.sun.com/products/autodl/j2se"/>
       <icon href="geekjokes.gif"/>
     <icon kind="splash" href = "geekjokes.gif"/>
     </resources>
     <security>
        <all-permissions/>
     </security>
     <offline-allowed/>  
     <application-desc main-class="GeekJokes"/>
  </jnlp>Edited by: 76jsr on Aug 7, 2008 3:45 PM
  Edited by: 76jsr on Aug 7, 2008 3:49 PM

  >
  I am extremely thankful to you and finally my first little app is working thanks to you,
  here is it's link
  [http://profile.iiita.ac.in/IIT2006117/javasoft/webstart/geekjokes/geekjokes.jnlp|http://profile.iiita.ac.in/IIT2006117/javasoft/webstart/geekjokes/geekjokes.jnlp] >
  I am glad you got it working! But that launch file is still slightly invalid.
  Here is a corrected, and slightly optimized (you can leave the prefix off the href, if it is the same as the codebase), version of it.
  <?xml version="1.0" encoding="utf-8"?>
  <!-- JNLP File for GeekJokes 0.3 app -->
  <jnlp spec="1.0+"
        codebase="http://profile.iiita.ac.in/IIT2006117/javasoft/webstart/geekjokes"
        href="geekjokes.jnlp">
     <information>
        <title>GeekJokes App</title>
        <vendor>Vaibhav Mishra</vendor>
        <homepage href="http://scjpbeginner.blogspot.com"/>
        <description>Geeky Jokes</description>
        <description kind="short">Cshows random jokes</description>
        <offline-allowed/>
     </information>
     <resources>
         <j2se version="1.6+"
             href="http://java.sun.com/products/autodl/j2se"/>
         <jar href="GeekJokes0.3.jar"/>
     </resources>
     <application-desc main-class="Process"/>
  </jnlp>Very 'Geeky', BTW. ;-)
  Another few things I noted when I looked at it.
  1) There is a stray thread going after the JOptionPane is dismissed. The VM does not end, and the console (if you have it configured to pop-up for JWS apps.) stays on-screen.
  2) If all the jokes are prefixed by '* ' I would recommend removing it from every line of the source file and either re-adding it at runtime, or (preferably) not adding it at all (since it is redundant).
  3) Reconfigure the app. into a loop, and offer the user a JOptionPane with "Another Joke"/"End" instead of "OK".
  4) You can always remove that debugging line I inserted in the code to show the path to the Jar - it was just intended as a 'sanity check' during testing.
  5) Why is it Java 1.6+? JOptionPane was introduced in Java 1.2 with the first Swing implementations, and the I/O is compatible with Java 1.1.
  >
  Thanks again!!!!>Thanks are best expressed (to me) in the notation of a helpful/correct answer (which you have done), and the assignation of (the remaining) dukes*. ;-)
  * After all - checks the title - we have gotten entirely around those 'security restrictions' in a sandboxed application. The reason being that File objects are rarely the correct choice, for applets or JWS apps.

• Oracle8i JDBC Guide Example Not Working-applet security

  I was having problems with a JDK1.1.7 applet that I want to get
  working with Netscape 4.07 and my Oracle 8.0.5 installation. I
  am using Netscape's Signtool, the Capabilities classes, and I
  have packaged the Oracle classes111.zip contents into my Signed
  JAR file. I got a copy of the Oracle 8i JDBC Developer's Guide
  and Reference which has an example of what I'm trying to do.
  However, I get the same error running the example. Can anyone
  tell me what I'm doing wrong?
  Please help...
  stephen
  The Java console output is as follows:
  # Applet debug level set to 9
  netscape.security.AppletSecurityException: security.Couldn't
  connect to '47.129.164.42' with origin from ''.
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :914)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :926)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :795)
  at
  java.lang.SecurityManager.checkConnect(SecurityManager.java:718)
  at java.net.Socket.<init>(Socket.java:245)
  at java.net.Socket.<init>(Socket.java:123)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:176)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:146)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:120)
  at oracle.jdbc.ttc7.TTC7Protocol.connect(TTC7Protocol.java:983)
  at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:158)
  at
  oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:
  93)
  at
  oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:146)
  at java.sql.DriverManager.getConnection(DriverManager.java:90)
  * at java.sql.DriverManager.getConnection(DriverManager.java:132)
  at MainApplet.button2_actionPerformed(MainApplet.java:196)
  at
  MainApplet$MainApplet_button2_actionAdapter.actionPerformed(MainA
  pplet.java:255)
  at java.awt.Button.processActionEvent(Button.java:267)
  at java.awt.Button.processEvent(Button.java:240)
  at java.awt.Component.dispatchEventImpl(Component.java:1789)
  at java.awt.Component.dispatchEvent(Component.java:1715)
  at
  java.awt.EventDispatchThread$EventPump.dispatchEvents(EventDispat
  chThread.java:83)
  at
  java.awt.EventDispatchThread.run(EventDispatchThread.java:135)
  at
  netscape.applet.DerivedAppletFrame$AppletEventDispatchThread.run(
  DerivedAppletFrame.java:911)
  null

  No, it is not, but this is the reason for using Netscape's
  Capabilities API. It contains a PrivilegeManager that works with
  Java's Applet Security Manager to grant permissions for the
  applet.
  Stephen Brewell (guest) wrote:
  : Is the database server on the same machine as your web server?
  : I don't think applets can connect to a machine other than that
  : from which it was served.
  null

• Security restriction in LoginModule?

  I have implemented my own LoginModule. In the module, I try to reference an
  EJB.
  When I call PortableRemoteObject.narrow(), I get the following error:
  java.lang.ClassCastException: Cannot narrow remote object to
  net.lm.uams.service.ejb.UserAccountManagementServiceRemoteHome
  Is this because of some security restriction related to the LoginModule, or
  do you think that the problem stems from having two copies of the same EJB
  classes? If the problem is related to having two copies of the classes, how
  would I go about referencing the classes from the LoginModule without having
  them in that .jar file?
  Note that this problem isn't at weblogic startup - I have written code to
  handle this initial administrator authentication. The problem occurs later
  during form-based authentication. The publicly available pages/EJBs work
  fine.
  using WLS 7.0 on win2000.
  I'd appreciate any pointers.
  thanks
  Sean

  Bill,
  I haven't added anything at all to the classpath in my startup script. WL
  just picks up my jar in WL_HOME/server/lib/mbeantypes. I've done a
  System.getProperty() for the classpath at runtime, and it doesn't include my
  ejb.jar.
  Yesterday, I re-wrote my class to do a straight JDBC lookup to the database
  for username/pwd/roles. It's not the solution I'd prefer, because it
  introduces a reliance on the underlying database schema into the
  LoginModule. But, I don't really have time at the moment to spend
  experimenting with my original idea. Hopefully I can come back to it in the
  future.
  thanks again,
  Sean
  "William Kemp" <[email protected]> wrote in message
  news:[email protected]...
  Each enterprise application has it's own classloader hierarchy, whichmeans the
  ejbs and webapps in an EAR file are loaded by a classloader hierarchy thatis
  parented by the boot, system, and application classloaders that load theboot
  classes, java core classes, and weblogic.jar classes, and any classes thatyou
  put in the classpath when you start weblogic. The EAR file classes areloaded
  below these, hierarchically speaking.
  I am assuming that you have put your LoginModule classfile in the javaclasspath
  when you start the server. Are you perhaps putting the jar file generatedby the
  ejbc process in the java classpath when you start the server, too? Couldyou
  post your start script? Also, remember that the start script that comeswith
  weblogic prepends it's jars and what not to the existing classpath. So,that
  while you may not be explicitly adding the ejb jar file to the classpathin the
  start script, it may be already in the classpath in the currentenvironment and
  the start script is tacking that on at the end.
  Just a guess.
  Bill
  Sean Ryan wrote:
  Thanks for the response William. I have tried what you suggested, but
  the
  problem is still the same.
  If I do the jndi lookup without the narrow() part, I can execute methodson
  the resultant object using reflection. This is a bit of a hack, and not
  really a satisfactory solution.
  I have written a main() method in my class, and when I execute it (fromthe
  .jar), it can do the lookup and narrow without any difficulty.
  As I understand it, each container has its own classloader, however myclass
  is essentially executing from within weblogic. Is there a bit of a greyarea
  here in relation to class loading? Because, as I said my class worksfine
  when it is executing in a separate jvm.
  again, I would appreciate any input you can offer.
  Sean
  "William Kemp" <[email protected]> wrote in message
  news:[email protected]...
  If this was because of a security restriction, you would see a
  different
  Exception. Try putting just the compiled Home and Remote interfaces inthe
  classpath used by the LoginModule and not the jar file with thegenerated
  and
  compiled code for the stubs. You don't need them in the client becuase
  you
  are
  coding to the inteface, not the stubs.
  Bill
  Sean Ryan wrote:
  I have implemented my own LoginModule. In the module, I try to
  reference
  an
  EJB.
  When I call PortableRemoteObject.narrow(), I get the following
  error:
  >>>>
  java.lang.ClassCastException: Cannot narrow remote object to
  net.lm.uams.service.ejb.UserAccountManagementServiceRemoteHome
  Is this because of some security restriction related to theLoginModule,
  or
  do you think that the problem stems from having two copies of the
  same
  EJB
  classes? If the problem is related to having two copies of the
  classes,
  how
  would I go about referencing the classes from the LoginModule
  without
  having
  them in that .jar file?
  Note that this problem isn't at weblogic startup - I have written
  code
  to
  handle this initial administrator authentication. The problem occurslater
  during form-based authentication. The publicly available pages/EJBs
  work
  fine.
  using WLS 7.0 on win2000.
  I'd appreciate any pointers.
  thanks
  Sean

• Applet Security loading & running on local PC

  I understnd the limits of an Applet loaded from a server to a local PC. What I am trying to do is test my Applet (JApplet actually) as I create it. I have some GIF and JPG files that need to be loaded from the same DIR that the JApplets HTML file is in. When I run the Applet in appletviewer it works fine, when I run it in IE5.5 I get security errors and the Applet fails to initialize.
  I have read the online section on applet security. It seems to me that my applet 'thinks' it is being loaded from a remote server.
  The online HTML talks about a properties file that can be edited to include the rights to read and/or write to specific local files. Anybody know the name of this file ??
  It should not make a difference that I am doing my work on a W2K Server, should it ???
  Any specific help would be greatly appreciated !!

  java.security.AccessControlException: access denied (java.io.FilePermission CHR.gif read)
  All I try to do in my code is place a GIF as am Icon on a JButton.
  //add buttons to controlPanel
          for(int i=0;i<siteNames.length; i++){
              icon = new ImageIcon(icons);
  JButton b = new JButton(siteNames[i],icon);
  b.addActionListener(listener);
  b.setActionCommand(siteNames[i]);
  controlPanel.add(b);
  Where icons[i] is a string listing of GIF files. The code works fine in IE5.5 without the icons on the buttons. Only when I put the icons on the buttons do I get the access denied error.
  Any Ideas ????
  Could it be the fact that I am doing my coding and testing on a W2K Server ????

• JHeadStart Security problem-error page cannot be found- role based security

  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

  Thand you very much for your reply! Unfortunately there is a specific restriction-convention in the project I work in. I am supposed to perform role based security with my own tables and no by the jheadstart’s ones. Could you find out what is my fault with the steps I follow trying to perform the process?
  To remind you my steps I paste the following again:
  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

• Security voilation error

  I am running aan applet which I made myself and I am running it from my home directory. Earlier the applet was giving me the java.io.FilePermission error, as the applet was trying to creat a file and edit it, however after modifying the .java.policy file using the policytool method, the applet works fine but it still gives an java.lang.RuntimePermission exitVM error. I modified the .java.policy file to include the runtimepermision and added the exitVM permission but still it gives the same java.lang.RumtimePermission exitVM error.
  What culd be possibly wrong kindly help.
  Arvind.

  Kindly tell me how can deal with the error that I am facing. I want ot write an applet because I want it to be available to anyone from my homepage.
  thanks.
  The first thing that is wrong is that you wrote an
  applet. Why are you writing an applet if you want to
  do all those things that violate applet security? Why
  not just write an application and avoid all of those
  problems?

• Window 8.1 update & invalid security certificate errors

  I set up my new PC 2 days ago running Windows 8.1. I was able to visit all websites, including secure ones, w/no issues via Firefox. Last night, suddenly I was unable to access many secure websites. These include Google (Gmail) & Ilines (email). Here is a copy of the Google error:
  "mail.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"
  There is no button to bypass, as I have seen in the past. I tried deleting cert8.db which didn't resolve anything. I have also tried adding exceptions which also don't resolve the issue.
  I searched support & found the link for the MS document (link below) indicating that FF & Windows Family Safety certificates are not playing nice.
  http://support.microsoft.com/kb/2965142/en-us#appliesto
  I tried to follow the guide, but when I get to step 6, there is no Microsoft Family Safety Certificate in the Trusted Root Certificates Authorities to export. For reference, I do not specifically have Family Safety enabled & am running my PC as admin, no other users. I personally have no use for this but it is my understanding that it cannot be uninstalled, either.
  I have spent hours researching & making adjustments to different settings to no avail. It is frustrating enough setting up a new PC & transferring info w/out this extra hassle. Does anyone have any other suggestions? FF is my preferred browser, but if this can't be resolved I will need to use something else so that I can access these important websites.

  Thanks for the feedback cor-el. Here are the results:
  1. Installed Kaspersky certificate per link= no change
  2. Turned off Kaspersky= able to log in to Gmail but not the other secure sites I am having probs with
  3. Booted in Safe Networking mode= able to log in to Gmail but not the other secure sites. Same blocking errors on Gmail, etc when returned to reg mode.
  Just FYI, I get 2 different secure connection errors:
  Gmail: "mail.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"
  Ilines: "Secure Connection Failed An error occurred during a connection to mail.ilines.net. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature)"

• "Security policy error" while setting up "Microsoft Exchange Hosted Services" Exchange Account (corporate user)

  I'm a corporate user with a very large company that is using Microsoft Hosted Exchange services actually hosted by Microsoft employees at their facilities.  I called Palm support and they were clueless and zero help.  The lady pointed me to some Palm KB article that I had already read and only remotely had anything to do with my problem.  I see nothing on this error message in the forums and google searches. Sprint has even replaced my palm pre due to other reasons and the same error occurs after I configure the exchange account. I'm also seeing the error when I configure my account on my wifes brand new pixi. Both our pre and pixi already have exchange accounts successfully configured on our phones that are hosted by sherweb. The sherweb exchange accounts work without issue. I have tried configuring this microsoft hosted exchange account 5-6 times with the same result. It accepts my configuration information and adds it to the list of available email accounts in the pre. However, it keeps popping up this message stating "Security policy error: "Exchange... Tap for details" (with a yellow exclamation mark). Then it says "Security Policy Error" The account Exchange (first part of my email address) is disabled because security policies cannot be set." "Leave it disabled" or "Remove Account". I know something is working because it enforced a Password or Pin policy on to my phone which is not required unless this account has been added. I can also see it in the "Mobile Devices" section of web outlook when I login. This is the place in web outlook where you can see the last time the device synced, where you can remote wipe the phone etc. If anyone has any idea how to resolve my issue please post. Any ideas? I'm fresh out of ideas on this problem and very frustrated with Palm Developers. Just another example of poor development and testing practices by Palm. I hope they correct this issue on subsequent releases but I am only marginally optimistic that they will ever get this exchange mail support to the level necessary to support large corporations. What I do know is that my Microsoft Hosted Exchange account works fine on a Windows Mobile phone and a iPhone 3GS (confirmed by other coworks who have configured their phones using our exchange services). As a result, I have no choice but to blame Palm for this problem instead of Microsoft. Palm please fully support microsoft exchange mail users!!!!
  Post relates to: Pre p100eww (Sprint)
  This question was solved.
  View Solution.

  From my understanding of EAS and PDA devices, if the server as a policy to enforce and the device cannot provide that policy then the server will not allow the device to connect. The KB I gave you has a listing of what policies the devices supports, if your server supports more than that then it could deny the connection. As for what the iPhone does and does not do we cannot answer that due to we are not iPhone.
  I did find an article that may explain a little better for PDA and exchange: http://www.infoworld.com/d/mobilize/how-avoid-smartphone-exchange-policy-lie-004

• Remove 'Page Extraction' security restriction in PDF generated by ADS

  Hello Experts,
  I am currently working on a SAP CRM project where we are using Adobe Document Services (ADS) to generate some PDF documents from SAP.
  I have an issue with the Page Extraction security restriction associated to PDF generated by ADS.
  This cause a problem to us since we are expecting the PDF to be processed by Streamserve later on. Streamserve is then 'converting' the PDF in its proprietary format (.lxf) and is preparing a Post Script file for our printing partner.
  I have understood that Streamserve cannot processed our PDF because of the Page Extraction restriction (out from ADS, value is set to Not Allowed by default).
  I have seen the following posts in SDN:
  Page extraction property in PDF document  is set to 'not allowed'
  Document Restriction Interactive Form
  I am then getting concerned since it does not look as straightforward as I would have expected.
  --> Can anyone confirm if there is a way to set the Page Extraction restriction as Allowed?
  Via ADS configuration? Via code? Via some work in SAP (SFP, output device config...)?
  In the above SDN posts, I can read things about buying a policy server, using Adobe Acrobat Pro or Reader Extensions.
  Does anyone have a clear cut?
  Thanks a lot.
  Brice.

  Hello,
  I don´t know how to make this work. I would open the OSS message for this and want SAP to give a workaround or say clearly this cannot be done. Well... in one of the mentioned threads it is mentioned that SAP said this is the right behavior but there was not a word about if that can be changed.
  Otto
  p.s.: probably it would be better for you to send only RAW data (i mean only XML data) and make the partner work with it. If the PDF is converted to "something" by a machine, then you don´t need PDF (what is a user GUI), to send only the data should suffice, or not?

• Re: Getting around Applet security

  I don't think this is an Applet Security problem associated with accessing the xml files on the server using URL connection. This will not in itself produce the exception unless the files are on a different server to the one the Applet was loaded from.

  According to http://java.sun.com/sfaq/, There is
  no explicit support in the JDK applet API for
  persistent state on the client side. However, an
  applet can maintain its own persistent state on the
  server side. That is, it can create files on the
  server side and read files from the server
  side.
  I believe that if you use Applet.getCodeBase() you
  can get the directory containing the applet, and
  using that, you can specify exactly which files you
  want.Accessing the XML file isn't my problem it is accessing the parser. I can't access the parser on the server and it is not an option to change the policy file on all clients to allow to use their JRE's parser.

• Security Restrictions disappear when webi is modified

  Hello,
  I have the following problem with Security restrictions.
  I have created a business security profile, and assign this profile to a user directly (I have tested the same assign the profile to a group and the problem occurs too).
  The business security profile is defined this way:
  1. At the first tap (Create query), I grant all the views of the business layer and all the objects.
  2. At the second tap (Data) all objects are granted.
  3. At the filter tap, I defined the row restrictions of the profile (3 conditions with and).
  4. I assign the business profile to the user.
  The steps to reproduce the problem are:
  1.  I create a webi (with an administrator user) that uses the universe that contains the business security profile
  2. The user that have the business security profile restrictions assign, open the webi refresh and show only his data.
      The SQL of the webi query shows the security restrictions (profile filters).
  3. I modify the report (for instance, I drag a dimension on it). Save the report.
  4. The user that have the business security profile restrictions, open the modified webi refresh and show all the data (as he was an administrator user).
      The SQL of the webi query does not show the security restrictions (filters). The restrictions desappear of the SQL.
  Please, could you help me?
  Thanks
  Pilar

  Enable the following auditing on the server either through domain
  policy or local policy:
  Audit logon events - Success
  Audit Object Access  - Success
  On the Auditing tab, add Everyone with the following audit settings.