Basic Doubt about security

Dear All,
I am trying to implement following functionality. Can you suggest how i should go about implementing this in actual code.
I have an J2EE application consisting of swing client and server components deployed on J2EE complient server. Now whenever a client tries to log in to system the username and password info is transmitted to server for authentication. Here i need to introduce a functionality by which password and may be user name is encrypted to before it is sent to app server and then app serve at it's end will decrypt before authenticating the user.
Now theoritically i am planning to do following : using public/private key encryption. Client will encrypt the required string using public key and send it to server. Server will now decrypt using the private key which is available at it's end. The client and the app server aer on physical different machines. Does this make sense ? And is it correct ?
Now my questions :
Is my mechenism correct ?
How to generate public/private keys ? is it using keytool but what are steps?
How should transfer of these key take place ?
If keys are generated using API rather then keytool how to transmit these keys to server?
If keys are generated using keytool still how to distribute these keys and use the same in the program while doing encyrption/decryption ?
Kindly reply soon. This is urgent. Thank you in advance
Sachin

I would suggest making an SSL connection to the server which verifies the password (and if it is not too computationally intensive, then for data as well). Java 1.4 has SSL functionality built-in (you just need to do some key management on the server end -- if you get a certificate from a provider that is preloaded).

Similar Messages

Doubtful about security of oracle's Wrap code!

Dears
I am little bit doubtful about security of oracle's own Wrap code like package "sys.utl_smtp" .
Someone can easily Unwrap it without source code?
How it possible? whats your opinion about this? please can anybody clear me.
Regards
Abdul Halim
Edited by: Abdul Halim on May 31, 2013 8:14 PM

Halm, you are operating under the mistaken belief that your code deserves hiding from the customer and competitors to begin with. Why? All you are doing in the code is performing DML. It is not like your application is the only one in the world that performs its function.
If someone really wanted to they could figure out what your code is basically doing just by looking at the table and file data before and after running the code. By careful manipulation of the data and studying the results they can figure out what is being done and then develop their own specific of the how it is done. One can also look at Oracle's internals as the code is being processed both using Oracle provided views and direct peaking at Oracle's shared memory. Then there are tools like sql trace which will captute the SQL, waits, and binds for the process.
But all of this is kind of mute in that most shops do not have the talent to write their own unwrapper nor has the shop purchased an unwrapper so if you wrap the code it is going to be secured from most users and competitiors. I would just recommend that potential customers not purchase your product becuase the customer is going to need access to the code either for debugging (bugs will exist in the code) or tuning. Likely both.
IMHO -- Mark D Powell --

Doubt About Security Levels

Hi Experts,
I want to know more About Security Levels.
1..What r the Security Levels
2..Why Do we need
3..Where we can give the Security Levels
Please Clarify me
Regards
Khanna

Hi Rajesh,
You can define a security level for incoming messages handled by certain HTTP-based sender adapters.
Possible HTTP security levels are (in ascending order):
-- HTTP without SSL
-- HTTP with SSL (= HTTPS), but without client authentication
-- HTTP with SSL (= HTTPS) and with client authentication
This will clear most of ur doubts
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
Regards,
Prateek

Basic doubt about Primary Key/Foreign Key in Oracle Tables

Hi,
I have a doubt whether Primary Keys/Foreign Keys are allowed in Oracle. Some of the people I know are telling me that Oracle does not encourage having Primary Keys/Foreign keys in its database tables.
However if I go to the ETRM and look for information about some of the Oracle Tables, I am informed that Primary Keys do exist. However I am being told that ETRM is not a reliable way of having correct information about table structure.
It would be great if any one of you provides me with some insight in this. Any pointers to a document would be great.
Thanks

It is not that PK/FKs are disallowed in Oracle Apps (there are some on the standard Oracle Apps tables), but they are typically not used. I am not positive what the logic behind this is, but my guess is that it was party due to the earlier versions of Oracle Apps pre-dating declarative database referential integrity in Oracle DB and also on performance issues with the standard referential integrity with the earlier versions of declarative database referential integrity.
As far as eTRM is concerned - I understood that the data is based on a design repository rather than a physical Oracle Apps DB. So all of the information in there is logically correct, but not necessarily enforced via the standard Oracle DB declarative referential integrity (rather by the application code or APIs).

Basic doubt about Primary Keys/Foreign Keys in Oracle Tables

Hi,
I have a doubt whether Primary Keys/Foreign Keys are allowed in Oracle or not. I have been informed that Oracle does not encourage having Primary Keys/Foreign keys in its database tables. Instead it urges users to have unique constraints on the requisite columns.
However if I go to the ETRM and look for information about some of the Oracle Tables, I am informed that Primary Keys do exist. At the same time, I am being told that ETRM is not a reliable way of having correct information about table structure (at least the Primary Key information).
It would be nice if any one of you provides me with some insight in this. Any pointers to a document would be welcome.
Thanks

FYI,
There is seprate forum for Core Sql quieries
PL/SQL
Thanks

Few basic doubts about accessing AM from backing bean class

Hi ADF experts,
I have just started working in ADF Faces.I made a sample search page.My page is attached to a managed backing bean. I have attached command button on my page to a custom method in backing bean class.
So on, click of button this method is called in backing bean.Now, i have few doubts:
1)How to get values of various UI beans in this event code?
2)I am accesing AM , in my method with this code:
FacesContext facesContext = FacesContext.getCurrentInstance();
ExternalContext extContext = facesContext.getExternalContext();
Application app = facesContext.getApplication();
DCBindingContainer binding = (DCBindingContainer)app.getVariableResolver().resolveVariable(facesContext, "bindings");
//Accessing AM
ApplicationModule am = binding.getDataControl().getApplicationModule();
iS this correct ?
3) After getting handle of am how to call my custom method in AM Class?there was "invokeMethod" API in application module class in OAF, is there any such method here?
Please help me.
--ADF learner.

Thanks for ur response Frank, actually I am from OA Framework back ground.It would be great if help us a little with ur valuble thoughts.
OA Framework also uses bc4j in model layer of framework. We have a requirement where our existing developers from OA Framework have to move to ADF to make a new application where time lines are quite strict.If this would not be possible we will switch to plain jsp and jdbc,but our tech experts say ADF Faces is the best tech.
In OA Framework, Application Module is key class for all busiess logic and Controller is used for page navigation. So, I m just trying to find the same similarity , where we write we add all event codes in custom action methods in the backing bean class of page, which we consider equivalent to process form request method in Controller class of OAF.
But there are two things, I still want to know:
1)While page render, how to call specific AM methods(like setting where clause of certain VOs)
2)In action methods, the way i described(I found that in one thread only)to access AM, what is wrong in that?Also, I went through
http://radio.weblogs.com/0118231/stories/2004/09/23/notYetDocumentedAdfSampleApplications.html
where coule of examples use similar approach to access AM from backing bean class and call custom methods of AM(Doing various, deletes etc from VOs).
3)In these methods can we set any property of beans on the page, I am asking because in OAF, generally we use PPR for js alternatives.But all properties of beans cannot be set in post event.
Thanks and Regards
--ADF Learner

Basic doubt about XML file generation

Hi,
I am new to Java. I am facing some trouble designing and implementing a particular problem involving XML files.
Problem:
I have an XML file which contains a set of properties and their default value. What I need to do is to read another file/stream which will have name=value strings and then, for all the names that I find there, change default value to current value. These names can appear in any order. For example,
<name1 value=default1/>
<name2 value=default2/>
<name3 value=default3/>
And I will get something like "set name3=value3 name1=value1" (This data comes to me from a stream -usb device- and not from a file). Then I should change it to
<name1 value=value1/>
<name2 value=default2/>
<name3 value=value3/>
What is the best possible way to do this in Java? This has to go into an embedded system so it will be nice if it can be done with minimum memory and less processing power.
I am currently reading J2EEtutorial (1.4). I have not read much. But I am confused if I should be using SAX, DOM or XSLT. To speak the truth, I don't even know the difference between all those. Any help will be greatly appreciated.
Thanks & Regards,
Suseelan

Use a DOM parser to parse the original XML.
DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder domBuilder = domFactory.newDocumentBuilder();
Document document = domBuilder.parse( inputStreamToFile );Then read in the contents from your USB stream into say an array or Vector. Then go through each child node in the domBuilder class, get the nodes name and see if it's in the Vector of objects from the USB stream. If it is, then replace the "Value" attribute in the dom node with what is in the Vector.
Make sense?
Message was edited by:
bryano

Sales order.. basic doubt about payment terms

hello,
I am trying to create a sales order with 2 materials,
I am getting 2 different Payments Terms, why I am getting so, I belive terms of payments are copied from Customer Master data. My SP, SH, BP, Payer are all same.
please let me know, what else should I check.
thank you
madhu.

Hi Roberto,
Thanks for quick reply, can you kindly let me know in more details. where should I look for these condition recordes. If I see the pricing condition types in pricing anlysis, Can I see them ..pls let me know
thank you. awarded points.
thank you once again.

Basic doubt about ITAB

Dear All,
techinicallly is there any difference between.
data : it_mara type standard table of mara.
t_mara type mara occurs 0.
Which is better way to define. I know both are internal tables without header.
onemore thing, header that it is obsolete to use "occurs 0", is this right.
Please let me know.
Regards
madhu

Hi,
Yes...you should use only table declarations without the occurs clause. This improves performance a lot. And this kind of declarations has become mandatory with the ECC6.0 release.
Try practicing to declare without the occurs clause.
Thanks,
Subramanian

Doubt About GPO - Security Zones

I have Windows Server 2008 R2 and GPOXX with settings about Security Zones and run normally.
I need create another GPOYY with settings about Security Zones different than GPOXX.
My doubt is: When I create GPOYY and my settings won't occur conflict in my GPOXX? I don't can problem in my environment production in my GPOXX.
Thanks a bunch!

Hi,
>>My doubt is: When I create GPOYY and my settings won't occur conflict in my GPOXX?
As long as the settings we configure don't conflict with each other, there won't be conflict between GPOs. If the setting in GPOYY and GPOXX conflict with each other, saying we enable a setting in the former GPO and disable the same setting in the latter
GPO, then there will be conflict and the GPO processed at last will be the winning GPO for applying the setting.
Regarding group policy precedence, the following article can be referred to for more information.
Group Policy processing and precedence
http://technet.microsoft.com/en-us/library/cc785665(v=ws.10).aspx
Best regards,
Frank Shen

Wondering if I should upgrade from OS 10.6.8 to yosemite as search engines are acting a little weird - fan can come on, slow to shut down and also concerned about Security as my OS is older and no longer upgraded etc...?

Problem description:
Wondering if I should upgrade to Yosemite from Mac pro 10.6.8 as search engines are not always responding well - Fan comes on with firefox/safari is not always responding on some sites - also concerned about security issues as my system is older and not able to receive ? I have used etrecheck and copied results here - Any help/suggestions much appreciated - Thanks kindly!
EtreCheck version: 2.1.8 (121)
Report generated February 7, 2015 10:41:15 AM EST
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
    MacBook Pro (13-inch, Early 2011) (Technical Specifications)
    MacBook Pro - model: MacBookPro8,1
    1 2.3 GHz Intel Core i5 CPU: 2-core
    4 GB RAM
        BANK 0/DIMM0
            2 GB DDR3 1333 MHz ok
        BANK 1/DIMM0
            2 GB DDR3 1333 MHz ok
    Bluetooth: Old - Handoff/Airdrop2 not supported
    Wireless: en1: 802.11 a/b/g/n
    Battery Health: Normal - Cycle count 303
Video Information: ℹ️
    Intel HD Graphics 3000 - VRAM: 384 MB
        Color LCD 1280 x 800
System Software: ℹ️
    Mac OS X 10.6.8 (10K549) - Time since boot: 1:24:41
Disk Information: ℹ️
    Hitachi HTS545032B9A302 disk0 : (298.09 GB)
        - (disk0s1) <not mounted> : 210 MB
        Macintosh HD (disk0s2) / : 319.73 GB (198.41 GB free)
    OPTIARC DVD RW AD-5970H
USB Information: ℹ️
    Apple Inc. FaceTime HD Camera (Built-in)
    Apple Inc. BRCM2070 Hub
        Apple Inc. Bluetooth USB Host Controller
    Apple Inc. Apple Internal Keyboard / Trackpad
    Apple Computer, Inc. IR Receiver
Thunderbolt Information: ℹ️
    Apple, Inc. MacBook Pro
Configuration files: ℹ️
    /etc/hosts - Count: 15
Kernel Extensions: ℹ️
        /System/Library/Extensions
    [not loaded]    com.olympus.DSSBlockCommandsDevice (1.1.0) [Click for support]
Problem System Launch Daemons: ℹ️
    [not loaded]    org.samba.winbindd.plist [Click for support]
Launch Agents: ℹ️
    [not loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
    [loaded]    com.adobe.CS5ServiceManager.plist [Click for support]
Launch Daemons: ℹ️
    [loaded]    com.adobe.fpsaud.plist [Click for support]
    [loaded]    com.adobe.SwitchBoard.plist [Click for support]
    [loaded]    com.microsoft.office.licensing.helper.plist [Click for support]
User Launch Agents: ℹ️
    [loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
    [loaded]    com.adobe.ARM.[...].plist [Click for support]
    [loaded]    com.google.keystone.agent.plist [Click for support]
User Login Items: ℹ️
    Flux    Application (/Applications/Flux.app)
Internet Plug-ins: ℹ️
    JavaAppletPlugin: Version: 13.9.8 - SDK 10.6 Check version
    FlashPlayer-10.6: Version: 16.0.0.305 - SDK 10.6 [Click for support]
    QuickTime Plugin: Version: 7.6.6
    AdobePDFViewerNPAPI: Version: 10.1.12 [Click for support]
    AdobePDFViewer: Version: 10.1.12 [Click for support]
    DivXBrowserPlugin: Version: 1.4 [Click for support]
    Flash Player: Version: 16.0.0.305 - SDK 10.6 [Click for support]
    SharePointBrowserPlugin: Version: 14.1.0 [Click for support]
    Google Earth Web Plug-in: Version: 7.1 [Click for support]
    Silverlight: Version: 4.1.10329.0 [Click for support]
    iPhotoPhotocast: Version: 7.0 - SDK 10.7
Audio Plug-ins: ℹ️
    iSightAudio: Version: 7.6.6
3rd Party Preference Panes: ℹ️
    Flash Player [Click for support]
    Growl [Click for support]
Time Machine: ℹ️
    Time Machine information requires OS X 10.7 "Lion" or later.
Top Processes by CPU: ℹ️
         7%    WindowServer
         1%    plugin-container
         1%    firefox
         0%    fontd
         0%    Flux
Top Processes by Memory: ℹ️
    515 MB    firefox
    52 MB    mds
    43 MB    WindowServer
    43 MB    Finder
    34 MB    plugin-container
Virtual Memory Information: ℹ️
    2.14 GB    Free RAM
    745 MB    Active RAM
    475 MB    Inactive RAM
    929 MB    Wired RAM
    231 MB    Page-ins
    0 B    Page-outs
Diagnostics Information: ℹ️
    Feb 7, 2015, 09:16:09 AM    Self test - passed

... Fan comes on with firefox/safari is not always responding on some sites -
An SMC reset may resolve the otherwise inexplicable fan behaviour. Be sure to read the procedure carefully and follow all the steps exactly as written, even if they seem inapplicable or trivial.
Fixing a modified Hosts file requires specific instructions. Apple Support Communities contributor and EtreCheck author etresoft recently added a User Tip discussing that concern, and how to correct it: Fixing a hacked /etc/hosts file
Back up your Mac prior to making any changes to its file system. To learn how to use Time Machine read Mac Basics: Time Machine backs up your Mac.

Basic questions about JAAS capabilities

I've never used JAAS for authentication or authorization in a Java app before. Can somebody that has (or at least has some experience and knowledge about JAAS) please answer the following couple of basic questions about it? (I know I could probably answer these myself with a few hours of reading.)
1. Can I use JAAS to restrict the users that can execute specific methods of my code?
2. If the answer to #1 is yes, is there a way to programmatically determine if a JAAS login user has the permissions to run a method before actually calling that method. In other words, can I ask something like canUserExecute(method) or do I have to just put the call to the method in a try/catch and catch a security exception of some type?
3. Is it fairly simple to have JAAS authenticate against a Windows Domain or a LDAP server?
4. Are there programmatic ways to add or edit user information in JAAS?
Answer to any of these questions are greatly appreciated. I'll even toss a couple of Dukes to the people that answer each question. Thanks in advance.

You might look at the AfterthoughtSoft-Secure product at http://www.advancedmodelingconcepts.com. It is designed to do just that and will easily allow you to connect to users/group repositories that are in anything from a simple text file all the way up to Kerberos V.
You can contact the author of the product (me) at bart dot jenkins at gd-ais dot com.
bart

Basic questions about SOLMAN

SOLMAN gurues:
Im an HCM consultant, and I dont know why ended up being responsible for creating a CHARM demo in our system. I have some initial doubts that I hope you can help me with:
I need to customize a demo for a maintenance cycle (neither an upgrade nor a project):
1) I dont get the idea of the "project cycle", lets suppose I create a project for maintenance of our live system, we have several modules which have little implementations every day. Lets suppose that the FI module is in testing phase and HR in customizing phase, which would be the real phase of the project cycle? Do I have to create a project everytime a change request is requested in the system? Im quite confussed about this!
2) Is there any easy to follow step by step to make a simple customizing of CHARM for maintenancing?
3) Which roadmap is recommended for maintenancing??
Thank you very much!!
Federico.
Edited by: Federico on May 11, 2010 11:01 AM

Hi
I think you are confused because you are talkng about 2 diff functionalities
1. moving and managining changes
CHARMS or Change Request Management fucntionality
2. Storing documentation
Project Management
Both are diff things and diff way is req to customization for it
I recommend you to go for SAP training for solution manager
as there are plenty of functionalities and all need lot of customization as you do in HCM area for using HCM functionalities via spro etc.
Last but not the least it is not a simple tool like LSMW etc but it is a Technology which provides end to end solution management with help of several inbuilt feature and functionality and is pretty huge.
hope it clarifies basic doubt.
Regards
Prakhar

Doubt about proxies implementation

hi experts i have small doubt about proxies implementation
1. if we r implementing client proxies, it means sap r/3(proxy)->>xi->>>file
     system.here where we have to execute the SPROXY transaction. in sap r/3 or
     in the xi server.and the next thing is where we have to write the report program
     to trigger the interface.in sap r/3 or in the xi server.
2. if we r implementing server proxies, it means File->>xi->>>sap r/3
    (proxy).here where we have to execute the SPROXY transaction. in sap r/3 or
     in the xi server.
please clear me
Regards
giri

Sreeram,
The Integration Server and the client on which you generate the proxies should not be the same. If they are different then yes, you can use another client in your XI box itself to generate proxies and trigger the call to XI.
If you see this blog by Ravi ( incidentally he is my boss as well ) this is exactly what we have done as well.
/people/ravikumar.allampallam/blog/2005/03/14/abap-proxies-in-xiclient-proxy
When you say XI, you mean the Client on which the Integration Server is running! XI is basically a R3 instance with more functionality and its own Integration Engine.
Regards
Bhavesh

[svn] 1053: Basic and custom security-constraint samples were added to the team app mainly for the doc team to have a reference .

Revision: 1053
Author: [email protected]
Date: 2008-04-01 11:35:28 -0700 (Tue, 01 Apr 2008)
Log Message:
Basic and custom security-constraint samples were added to the team app mainly for the doc team to have a reference. The custom authentication sample uses the new ChannelSet.login and ChannelSet.logout methods.
Modified Paths:
blazeds/branches/3.0.x/apps/team/WEB-INF/flex/remoting-config.xml
blazeds/branches/3.0.x/apps/team/WEB-INF/flex/services-config.xml
Added Paths:
blazeds/branches/3.0.x/apps/team/features/security-constraints/
blazeds/branches/3.0.x/apps/team/features/security-constraints/README.txt
blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Basic.m xml
blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Custom. mxml
Removed Paths:
blazeds/branches/3.0.x/apps/team/features/remoting/remoting_AMF_SecurityConstraint_Basic. mxml

Congrats to Carmelo!
Windows Phone and Windows Store Apps Technical Guru - February 2015
Carmelo La Monica
Windows Phone 8: control Nokia Maps (Part 3)
JH: "Part 3 of the series how to work with the Nokia maps control. As the previous articles this one contains a lot of code snippets and some pictures. Good work!"
Ed Price: "A great topic, a fantastic breakdown of sections with clear descriptions, and a nice mix of code formatting and helpful images! Another stellar article from Carmelo! Great job including the link back at the end to the portal
article!"
Ed Price, Azure & Power BI Customer Program Manager (Blog,
Small Basic,
Wiki Ninjas,
Wiki)
Answer an interesting question?
Create a wiki article about it!

Basic Doubt about security

Similar Messages

Maybe you are looking for