Application architecture in secure environment

Similar Messages

• Enterprise Manager in secure environment with no internet access

  I have Oracle 11g installed in a secure isolated environment, which means there is limited access to the servers, and definitely no internet access from that environment.
  I am looking to configure Enterprise Manager / Database control.
  I can successfully start up the application server on my database server, and connect to this from a web browser within my secure environment.
  However when I try to display the Performance tab, nothing is displayed.
  I understand this screen uses an ActivX component.
  Is the use of the ActivX component going to have problems because my servers have no direct internet access, or should this not make any difference?
  Thanks
  Paul Graves

  No this is not going to make any difference.
  You don't need any internet connection at all for working with OEM GC.
  Maybe, if you want to configure the Patch Setup to receive Patch Adviories from My Oracle Support, but even then you can do without a connection from you server(s) to the internet.
  Asuming that you are using OEM GC 10.2.0.5, you will also be needing the installation of Flash Player and Adobe SVG Plugin, both to be installed in your browser.
  Kind regards
  Rob
  For more information on working with OEM GC, you might want to check http://oemgc.wordpress.com

• How can I Remove Firefox Hello in a high-security environment?

  Hi,
  After a recent Firefox update in a test environment for a high-security environment (I'm not at liberty to disclose the nature of this environment, sorry. Let's just say we have to disable Firefox from contacting Mozilla's servers and further disable Google's "Safe Browsing" due to possibility of inadvertent unauthorized disclosure) We have noticed a feature: "Firefox Hello", this feature causes Firefox to violate strict policy as it transforms it from being classified as strictly a "Web Browser" (which is permitted) to a "Chat Application", all of which are completely banned. Simply disabling Hello is not a sufficient option as Firefox still contains the code to run Hello, which still constitutes it a "Chat Application" as per policy. We have the capability to edit out unauthorized code from open source software internally, but we don't know where to start to remove this code from the Firefox codebase as Hello seems pretty well integrated.
  Currently I only have two options, both of which do not please me as for me personally, (I really like Firefox and have fought to include it in any environment I can):
  1. Discontinue permanent use of Firefox.
  2. Discontinue updating Firefox permanently or until Hello is removed as a non-modular element. This is unacceptable as it'd mean we can't keep it secure, which causes us to fall back to (1).
  I would graciously like any third option. Internet Explorer seems to be the only browser that provides sufficient enterprise-level control without extraneous features at the moment with the addition of Hello to Firefox. We have banned Chrome from our environment due to how tightly bound it is with Google's "Cloud" services and hope that Firefox isn't becoming a "Cloud" browser for Mozilla, Sync has already placed Firefox under the microscope as it is.
  Thank you.

  We have WebRTC traffic blocked (We have a setup that audits SSL traffic before it leaves or enters the network).
  Our primary issue with Hello is that policy classifies the actual code used to run it as being very much like an Easter Egg, code that was inserted that goes beyond the spec of being a web browser and thus difficult to audit. It's easy to block services in general, but when an a single unauthorized service becomes a core feature and has code strapped to the browser, that throws up red flags that Mozilla is moving Firefox away from being a organization-managable browser and more toward an exclusively mozilla-managed "Cloud" browser, where there is a possibility that Mozilla will seek more control over user experience that will increase attack surface.
  It's reasons like this we decline to install Chrome into our environment, because Google has several services built-in to the core of their browser and do not leverage their extensions capabilities, but rather mandates that these features "must be installed" and that users can only toggle them off.
  It's easy to uninstall an extension or to recompile with a flag, but it's hard when a vendor makes decisions for you and tells you "This is good for you, you must embrace it" irrespective of policy of organizations or even individual users wishes.
  Thank you all for this information, it will help our future audits and help determine if Firefox is right for our needs.
  Unfortunately I can't mark this thread as "Solved" since the root issue is still not solved (Mozilla's development practices making something that should be an extension, a core aspect of the browser), so marking it solved would be a lie. But thank you both nonetheless.

• Secure Environment  - SSL

  Hi
  We recently move an app from a development environemnt to a production environment using SSL. When we navigate from one screen to another ( on nearly every screen ) we get the message about leaving and then entering a secure environment. However, all is within the same application so we should not be leaving and re-entering. The production application is accessed through a web server which just proxies through requests.
  Any help is appreciated

  Not using hardcoded links, the problem was being caused by a popup window that
  tells you the application is loading data. We removed this and the issue went
  away.
  thanks for the response
  "Kai" <[email protected]> wrote:
  >
  Are you using hardcoded links starting with http://?
  kai
  lanoc <[email protected]> wrote:
  Hi
  We recently move an app from a development environemnt to a production
  environment using SSL. When we navigate from one screen to another
  ( on nearly every screen ) we get the message about leaving and then
  entering a secure environment. However, all is within the same application
  so we should not be leaving and re-entering. The production application
  is accessed through a web server which just proxies through requests.
  Any help is appreciated

• How do I make a "security environment"?

  I need to do something I don't even know if is possible..
  We have a code that handle crypted data, and we have another software that is open source and need to manipulate this data, both are desktop stand alone softwares.
  I'm wondering, is there a way to create a "secure environment" to use the open source software as a plugin, restricting this software's access do external world (I don't want it to externalize my decrypted data)?
  Any help would be appreciated.

  You can install a home grown SecurityManager in your main application. Whatever security policy you define for that SecurityManager will apply to plugins and libraries. You can forbid socket access, file access, system properties etc etc.
  You have a steep learning curve. A starting point is [http://java.sun.com/docs/books/tutorial/security/tour2/step2.html|http://java.sun.com/docs/books/tutorial/security/tour2/step2.html].

• How to open -pdf in a secure environment

  Opening PDF files from a secured account on Internet (e.g. telephone billing info) does not work. in Safe as the file is shown as _pdf (underscore instead of dot).  We suspect this problem started after installing CS6, but are not sure. Win 7, IE 9, Reader XI

  PDF on a regular website can be opened and downloaded. However, PDF on a secure website (https) looks normal with normal icon but double click gives screen for open / save / save as. ‘Open’ gives no result, no error message either. ‘Save’ or ‘save as’ shows screen with filename ending on _pdf, which cannot be opened or saved, no error messages either. Changing the filename into .pdf gives the same reaction: nothing happens, no error messages.
  The same files can be opened on a different PC win7, IE9, Reader XI and similar software, but without CS6.
  Van: Pat Willener [email protected]
  Verzonden: 3 november 2012 5:19
  Aan: EllyHo
  Onderwerp: how to open -pdf in a secure environment
  Re: how to open -pdf in a secure environment
  created by Pat Willener <http://forums.adobe.com/people/pwillener>  in Adobe Reader - View the full discussion <http://forums.adobe.com/message/4820274#4820274

• Patching/updating Java Applications in the WebLogic environment.

  Hi All,
  I'd like to get some feedback on our process and hear if there is some better/different
  ideas out there on how to handle patching/upgrading java applications in the WebLogic
  environment.
  Here is our process:
  1) We build using ANT our Enterprise application.
  2) We deploy our application using InstallAnywhere to drop the structure into
  an environment.
  If a patch or update is needed, we again build the Patch/Update using ANT, generating
  checksums for each file in every ear/war/jar file as well as any supporting files
  (.xml, .properties, .sh, etc.) used in the production structure. We then compare
  checksums against what is in production and come up with PATCH_(ear/war/jar) files
  with only the changed classes and duplicate production structure with the changed
  supporting files.
  Using ANT scripts and InstallAnywhere, we backup the files to be replaced in production,
  overwrite supporting files, extract packages (ear/war/jar), overwrite classes
  with new ones, re-package the ear/war/jar files into production environment and
  restart the server.
  We patch at a class level due to the configuration settings internal to the package
  files (ear/war/jar) that we don't want the customer to have to re-configure everytime
  we do a partial release.
  Right now, the whole process is automated except the creation of the Patch ANT
  script that extracts, overwrites updated classes, updates manifests, then re-packages.
  Any ideas on improvements or complete re-engineering of our process to help so
  we can get closer to 100% automation?
  Thanks,
  John

  The chances of two applications running at exactly the same time are miniscule. If they each have a connection to the database, and are both trying to modify the same table, then chances are one will be slightly after the other its changes would be committed last. In the case where one might delete a row just before another tries to access that row, you're going to have some sort of problem. However, those circumstances are pretty rare, and even so, some small amount of exception handling can deal with them gracefully.

• Saving Opened attachments in a secure environment (no local drive access)

  We are evaluating Windows 7 and Office 2010 in a secure environment and have a strange issue when saving opened Office attachments from Outlook 2010.
  If an Office (Word, Excel or Powerpoint) file is opened from a received email within Outlook 2010 and a user then attempts to save, they are presented with a restriction error message as below:
  This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
  Upon clicking OK, they are then presented with a Save As dialogue box in the correct location (i.e. their redirected Home Drive location on a network share).
  We block any access to the C:\ drive (or any local drives other than the optical drive) and the users have a roaming non-cached profile.
  The OutlookSecureTempFolder value in the registry is C:\Users\%username%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\RANDOMSTRING\
  I tried altering this to a network location which I knew the user would have write access over, but Outlook just overwrote my custom value with a new one of its own.
  I ran ProcMon and determined that the machine is getting ACCESS_DENIED when trying to create files in that location.
  Any ideas?

  I've the same problem too.
  to have more than one approuved locations displayed, you have to enable this policy too:
  Places Bar Locations
  the office 2010 GPO.
  Specify the same locations you have approuved in the other GPO
  click User
  Configuration, click Administrative
  Templates, click Microsoft
  Office 2010, double-click File
  Open/Save dialog box, and then click Places
  Bar Locations.
  Problem solved for me.
  Thanks to all of you. I've spend a lot of time on this problem. 

• Oracle ERP and CRM Application Architecture Direction

  Not sure if this is out of topic for this forum but it seemed the closest I could find. If it is out of topic could someone please point me in the right direction?
  Im looking for the architectural direction Oracle is taking for their ERP and CRM applications. Specifically as Oracle moves their applications to the Oracle 9iAS application server will Oracle be changing their application architecture to a Service Oriented Architecture (SOA) as other ERP and CRM vendors are? If not what architecture will the Oracle applications follow?
  Phil Montagliano
  Xerox Corporation
  XIM/Technology, Strategy & Architecture
  161 South Chestnut Street Email: [email protected]
  One City Centre / 0875-05B Phone: (585) 423-8831
  Rochester, NY 14604 Fax: (585) 423-4848

  Hi,
  bit confuse about your question. are you looking for techniacal architecture or looking for business prospective?
  Kindly elaborate your question.
  Yogi
  [email protected]

• Best use of framework events in application architecture

  Hello,
  I apologize in advance if this is not the appropriate forum to be posting about Flex framework questions.  I considered the Cairngorm forum, but thought the question applied more broadly to all flex frameworks. That, and it seems that the Cairngorm forum isn't really very active.
  My question is about using frameworks for application architecture. Reading the "Introducing Cairngorm" document,  I see that it specifically says that Cairngorm events are just those events that will handle business logic (things like grabbing data from a server, committing data to a server, etc).  So then, how does a view interact with a controller when changing state?
  Let's say I have two or three different views of the same data and I have a buttonbar to switch to the view I want. Is it then typical to dispatch a Cairngorm (or Mate/Swiz/Pure MVC, etc..)  event to the controller to change the view state of the application?  Does this effectively mean that for every button a user can click on, we'll have an event and a command associated with that event to perform some change of state or business logic? With a moderately complicated application, with several different screens, a few forms, a couple of lookups, i.e. lots of buttons for user input, that seems like an awfully huge number of events/commands...? Or do you dispatch a regular old flash Event to handle this? Or does the view data bind to the model to change the view state?
  Obviously there's never any single correct answer to application architecture questions, but I'd like to know if there's any general best practices that I should follow. I don't want to under-architect OR over-architect my app.  I'm new to Flex programming and would like not to code something egregiously ugly.
  Thanks,
  Cory

  Hi,
  Consider this, there is no such thing as an enterprise level RIA, the whole concept behind thin client was to restrict the enterprise requirements to the backend, that being said if we assume that a flex application is specifically for the client end and can maintain its own state and that MVC frameworks are more about enterprise solutions then the whole framework argument becomes what it is, academic BS.
  <start rant>
  Its really simply, in half a century nothing has changed, you have rules and requirements(model), you have access to that(view) and you wrap it up as a program/application(controller) so  why do you need convoluted multilayer abstraction of functionality to make things work ? maybe so those that can't get a real development job can run around and preach at conferences, how else could they feed their adopted kids.
  So all those nice buzzwords, design patterns(the new age terminology for modular architecture), model/view/controller, borg coding(resistance is futile) is all very fine if you want to act smart but producing quality code actually means you are smart. As you may have guessed I am not a strong proponent of MVC frameworks, and I don't even need to get into the argument that everytime a 'framework' expert gets control of a project that isn't done in their MVC  poison of choice it gets a rewrite, clients really love those associated costs and retesting requirements.
  </end rant>
  You only need 1 framework for flex and thats the flex framework.
  Have a read this blog, the section on MVC and Flex is very interesting if not overly polite.
  http://www.herrodius.com/blog/216
  David

• ADF Application Architecture

  Hi All,
  I am new to ADF and working with some vendor to transform our in-house Oracle Form Application to ADF Application and we have more than 300 Oracle Forms to translate.
  Basically after the login page, we will have a main menu, and then from the main menu, user can access to different modules (e.g. Customer Profile / Supplier Profile / Order Processing etc..). One of the critical point is that there will different shared variable pass from the main menu to each module and from each module back to the main menu.
  We have successfully translate a few Oracle Form to ADF JSF Application. However, before continue the project, we would like to confirm the application architecture.
  Checking on Oracle Website / different ADF forum, basically they will packaging all their ADF program in 2 different approach.
  Approach (1):
  i) Create a common workspace which put all the common EO, VO, AM, Task Flow Template, Page Template, Skin, etc and export as an ADF Library
  ii) Create different Bounded Task Flow Workspace with its corresponding Model and View Controller for different modules (e.g. Customer Profile / Supplier Profile / Order Processing etc..) and then export as an ADF Library
  iii) Create a master workspace with View Controller to contains an Unbounded Task Flow to tier all the different modules together as an EAR file.
  Approach (2)
  i) Create a common workspace which put all the common EO, VO, AM, Task Flow Template, Page Template, Skin, etc and export as an ADF Library
  ii) Create different workspace with its corresponding Model and View Controller for different modules (e.g. Main Menu / Customer Profile / Supplier Profile / Order Processing etc..) and then export as an EAR file
  From Approach (2), when I need to pass parameter from Main Menu to Customer Profile, since they are from different application, I can only pass it through URL or database. But it seems to be not a very approach. May I know is there other way to passing parameter between different ADF Application ?
  From Approach (1), it seems that the parameter can be passed using the bean since they are under one master workspace. However, from some of the forum said, if there is too many modules (my case is ~ 300 modules, there will be a problem on the CPU, RAM and JVM may not be able to start.
  May I know is it correct from my assumption ? Also may I know which approach should I use ? Thanks !!
  Best Regards,
  Eric

  Hi Timo,
  Thanks for your reply. Yes I have watch the ADF Architecture TV Episode too. But I still cannot figured out which approach I should using. From the video, it said that sum of the parts may risk from the start up of JVM when you have too many application. Pillar architecture can solve that problem however parameter may need to pass through different ADF application since they are compiled as different EAR file. But passing the parameter through URL / database package seems not an excellent idea.
  Moreover, since all those ~300 modules are different and may not related from each other, so it may not be a suitable case to put multiple forms into one ADF application in my case. Also our system have frequently change request from the user and those request are usually handled by different developer. So I guess it may be better to put it in different ADF application instead of putting in a single one.
  Any advice ?  Thanks !
  Eric

• How to run java application without having java environment in  a machine

  can i run java application without having java environment(JVM) in a machine.I mean i dont have installed j2se or jdk in my machine.And i have an j2ee application running on another host which is built in swings.I want to access that application in my machine
  can any one help regarding my problem

  If you only need to access the program from one machine and you are running a Unix-like operating system (e.g., Linux, Solaris), you can use the remote display capabilities of X11. In this case you have to choose the host where the app will be displayed when you start it:
  $ DISPLAY=<hostname>:0.0
  $ export DISPLAY
  $ java ...
  If you want to be able to display it on both machines at the same time, or if you are using windows, then try something like VNC (http;//www.realvnc.com). Or if you are running windows and your version supports it, you can use windows remote desktop.

• Error message: 'you can't open the application because the Classic environment is no longer supported'

  I get the error message 'you can't open the application because the Classic environment is no longer supported', when will this issue be fixed? I need to use a program to analyse videos called 'J watcher' that is vital for my thesis. It worked in the last operating system but refuses to open in this one. When will this issue be fixed/what can I do about it?

  Is there any way to fix this?
  Yes, but it's not easy.
  I've only tested this on Snow Leopard, but I think it will work in Lion. You need to have Java installed, which it's not by default in Lion. Since I'm not using Lion myself, I can't tell you how to do that.
  Download the Java/Mac version (1.0) of the application from JWatcher Downloads. You'll get a zip archive. Expand it. Now you have an application called "JWatcher_V1.0." This is only the installer. It won't run, because it has PowerPC-only version of the Java application stub.
  Select the line of text below in your browser and copy it to the clipboard:
  /System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/MacOS
  In the Finder, select Go > Go to Folder... from the menu bar (this menu may be slightly different in Lion.) Paste the clipboard contents into the text box. You should now see a folder with two files in it, one of which is named "JavaApplicationStub." Leave that window open.
  Now right-click on the icon of JWatcher_V1.0 and select "Show Package Contents" from the contextual menu. A new Finder window opens. Open the folder called "MacOS". Inside that folder is a file also named "JWatcher_V1.0". Move it to the Trash. Drag the file JavaApplicationStub to where it was. Rename the file (it will be copied, not moved) JWatcher_V1.0. Close the Finder window.
  Now double-click the installer. It should launch. Install the application wherever you choose. You're not done yet.
  The installer creates a folder named, once again, "JWatcher_V1.0". Inside it is an application. That, too, is named "JWatcher_V1.0". Select it, and do exactly the same thing you did before with the installer: replace the binary inside with a copy of JavaApplicationStub.
  You should now be able to run it.

• Can you use an application in hyper-v environment in Windows server from each client computer or that is not possible?

  hi,
  I like to know besides running 2 or more operating systems,like exchange or SQL  ect .
  what other benefits it has for example when you install 2-3  applications in t hyper_v environment can you use those applications from each client computer or that is not possible at all. ( I don't mean cloud )
  thanks
  johan
  h.david

  thanks,
  so , now what is the benefit of hyper-v role on essential 2012r2 .  it that means that I can install only one operating system on it only one instance and no more. also I can run some applications on this server  just like you say with RDP licence
  for each user to acces this virtual server!
  and if I want more instances then I have to get datacenter.
  johan
  h.david

• ERP and CRM Application Architecture Direction

  Not sure if this is out of topic for this forum but it seemed the closest I could find. If it is out of topic could someone please point me in the right direction?
  Im looking for the architectural direction Oracle is taking for their ERP and CRM applications. Specifically as Oracle moves their applications to the Oracle 9iAS application server will Oracle be changing their application architecture to a Service Oriented Architecture (SOA) as other ERP and CRM vendors are? If not what architecture will the Oracle applications follow?
  Phil Montagliano
  Xerox Corporation
  XIM/Technology, Strategy & Architecture
  161 South Chestnut Street Email: [email protected]
  One City Centre / 0875-05B Phone: (585) 423-8831
  Rochester, NY 14604 Fax: (585) 423-4848

  Hi,
  bit confuse about your question. are you looking for techniacal architecture or looking for business prospective?
  Kindly elaborate your question.
  Yogi
  [email protected]