Bi related security kt points

Similar Messages

• Securing single point of entry doc-lit web services

  I am designing doc-lit web services with a single point of entry, but the doc can contain requests of various types, with varying levels of authorization on the 'methods' being called by the web service as a result of the passed requests. I'm looking for a standards-compliant means of accomplishing this, or at least some method that will not be insanely difficult to move to a standards-based security implementation when they become available. I do not want to use SSL/TLS, but do want to stick to standards including WS-Security, XML-Encryption and XML-DSig. I would also like to use OID/SSO with certificate-based authentication.
  What are my options as far as existing tools, techniques, etc for this in a Java/Oracle environment? Is there anything in Oracle BPEL that could help me in this quest?
  Appreciate any advice, pointers, shared experiences, etc on this - I'm a little lost in the trees right now!
  Thanks Much,
  Jim Stoll

  Eric - appreciate the tip. The link to the JDev files for the OBE article doesn't work though (ie, in the article, there is a link to download the source for the project) - is there an alternate way that I could get hold of that code? Even something as simple as someone emailing it to me would work - I desperately need to move forward on this stuff. (There's another sample at http://www.oracle.com/technology/products/jdev/101/howtos/securews/index.html, but that one throws exceptions and I can't seem to get any help on it via the forum or Oracle Support, either...)
  Thanks for your assistance!
  Jim

• Problems conecting to WPA security access point [solved]

  I am trying to set up a wireless in my university (to the access point). I have IBM ThinkPad R61 notebook with Intel ipw4965 wireless card. I have installed ipw4965, iwlwifi, netcfg2, wpa_supplicant by pacman and I have succsesfully configured my home wireless with WPA security. Has anybody any suggestions what is wrong with my configuration?
  University gives this information:
  The example of .config:
  CONFIG_IEEE8021X_EAPOL = y
  CONFIG_EAP_MD5 = y
  CONFIG_MSCHAPV2 = y
  CONFIG_EAP_TLS = y
  CONFIG_EAP_PEAP = y
  The example of wpa_supplicant.conf:
  network={
  ssid="MIF"
  eap=PEAP
  key_mgmt=WPA-EAP
  identity="my user name"
  password="my password"
  phase1="peaplabel=0"
  phase2="auth=MSCHAPV2"
  My configuration:
  My wpa_supplicant.conf:
  ctrl_interface=/var/run/wpa_supplicant
  eapol_version=1
  ap_scan=1
  fast_reauth=1
  network={
  ssid="MIF"
  eap=PEAP
  key_mgmt=WPA-EAP
  identity="my username"
  password="my password"
  phase1="peaplabel=0"
  phase2="auth=MSCHAPV2"
  My [mifwifi] (wireless profile in /etc/network.d/mifwifi):
  DESCRIPTION="MIF wireless"
  CONNECTION="wireless"
  INTERFACE=wlan0
  SCAN="yes"
  SECURITY="wpa"
  ESSID="MIF"
  USEWPA="yes"
  IP="dhcp"
  TIMEOUT=20
  WPAOPTS=""
  When I try to run [netcfg2 mifwifi] to set up university wireless I get the error similar to this:
  ctrl_interface=/var/run/wpa_supplicant
  ctrl_interface_group=0
  Passprase must be between 8..63 characters
  P.S. Sorry for my language mistakes, I just learning English.
  Last edited by Edd (2008-02-07 07:56:10)

  Hello,
  If you want to use your wpa_supplicant.conf file, you should set SECURITY="wpa-config" in your netcfg2 profile, and add WPA_CONF=/path/to/wpa_supplicant.conf (in the same file).  The passphrase error is probably caused by the fact that netcfg2 is not reading your wpa_supplicant conf file, and there is no password defined anywhere else.

• Bw related security and authorizations

  Hi,
  Can anyone please explain in details about BW security and authorizations related?What are tools used for Bw security?
  Sridhar

  Hi,
  Take a look at the links below also search in SDN then you can find many threads , materials related BW security.
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorizationinSAPNWBI
  http://www.*********************/bw_security/bw_security.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/39f29890-0201-0010-1197-f0ed3a0d279f
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fda2a990-0201-0010-5497-b81b1556df24
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/adeac294-0501-0010-5a97-9ac5d562b1be
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  Regards.

• Process-related Security Questions

  Having just come off an SAP Project (Go-Live was Jan 2!), and being tasked with Security (no training, but nevermind that), the questions that are coming up have to do more with the authorizations process than how to perform a task.  Case in point, the users need access NOW, our current process is cumbersome (adding a transaction to a role in DEV, test it in QAS, then move to PRD after approval).  I have been creating Z roles left and right because of the missing authorizations and users having to perform their job duties in SAP (the nerve!).  This process is a bear, and I have yet to get my arms around it.  Eventually, the thought is to have some type of web forms that the business owner can fill out to submit/approve changes (adding a transaction to a role, creating a new role, giving a user a new role, user position changes, etc.), but right now I'm drowning in a sea of emails!  Any suggestions from someone who has survived this and came out sane?  Thanks!

  And to save you from a lot of overtime and hard pushing from users. See that you get an emergency procedure in place, Think like:
  1 a way that allows you (ONLY AFTER Approval of the responsible person in the Business) to grant temporary wide roles to a user that can not do their JOB. This buys you time to bring in a PROPER solution.
  2 a way to speed up the whole process of approval and transports based on the severity of the error. And remember the severity level can ONLY be decided upon by the right management level in the business. Highest level is: No one involded leaves and all will only be working on the solution until the problem is Solved IN the production system.
  It is all a mather of proper procedures and right approvel level. Be sure never to be left to have to decide these things yourselve. Do not get tricked in designing flashy formes etc as they do not do the Job. a simple a4 with the procedure including the nescesarry info lined out is sufficient for the time being. The rest can follow when you survived the first couple of weeks and the pressure is dropping.
  One thing to remember also when processes fail after go live you can blame it on incorrect testing before go-live.
  For your next project remember to put testing of security roles high on the agenda.

• Related to flash point in cg02

  Hi,
  what is table and field name from which we get the value of flash point in case of dangerous and non dangerous goods? no F1 help available for that.
  thanx in advance.
  regards
  saurabh

  992748 wrote:
  Hello experts,
  I'm little newbie to RMAN recovery. Please help me in these doubts:
  1. If I have datafiles, archive logs & control files backup, but current online REDO logs are lost, then can I perform incomplete database recovery ?yes, if you have backups of everything else
  2. Till what maximum time/scn can incomplete database recovery be performed ??Assuming the only thing lost is the redo logs, you can recover to the last scn in the last archivelog.
  3. What is role of online REDO logs in incomplete database recovery ? They provide the final redo changes - the ones that have not been written to archivelogs
  Are they required for incomplete recovery ?It depends on how much incomplete recovery you need to do.
  Think of all of your changes as a constant stream of redo information. As a redolog fills, it is copied to archive, then (eventually) reused. over time, your redo stream is in archivelog_1, continuing into archvivelog_2, then to 3, and eventually, when you get to the last archivelog, into the online redo. A recovery will start with the oldest necessary point in the redo stream and continue forward. Whether or not you need the online redo for a PIT recovery depends on how far forward you need to recover.
  But you should take every precaution to prevent loss of online redo logs .. starting with having multiple members in each redo group ... and keeping those multiple members on physically separate disks.

• Problem related to break-point in SAP biller direct

  Hi All,
  I am new to SAP biller direct.We are using ECC 5.0 system as the back end system.We created an implementation for  the BADI 'APAR_EBPP_GET_DATA'.I wanted to debug this BADI.So i set a breakpoint at a particular line.When I opened biller direct web application , no dubugging session opens at any point.Any idea why this is happening.
  <removed_by_moderator>
  Edited by: Julius Bussche on Jun 23, 2008 9:55 PM

  If this is a production system, then debugging might have been disabled; so the backend is saying "no way". Contact your basis folks and ask them.
  Other than that, I am afraid you are not even left with the last resort option of debugging it anymore...
  How about writting really, really good code which does not require debugging?
  Cheers,
  Julius

• Question of file size related to power point

  I am a relatively new user to Premier Pro and currently have simple editing needs.  I am creating a powerpoint presentation in 2010 with multiple video clips (no audio).  The file size (powerpooint) has become too large (@ 300MB).  I plan to use a progam called Captivate to voice over the presentation.  This will then save and will be used on a secure webserver.  My concern is the file size will be unreasonable to download for the end user.  After much trial and error I chose to use WMV, H264p, 29.97 and changed the bitrate to 4000 to reduce the video size.  Other codecs would not show in powerpoint 2010 and quicktime created huge files.  I have 2 questions 1. any recommendations on reducing video file size without sacrificing quality (currently 1 min of video= @ 28MB).  Note I am using a fast blur to conceal patient's identity. 2. any suggestions on program similar to Captivate that may handle larger files for download.
  I appreciate any guidance.
  Thank you.

  There's really only two ways to reduce the file size of a video clip - make it shorter, or reduce the bitrate.

• Relation betn Measuring Point & Classification

  In Transaction Ik03, After entering measuring point ... Press enter.Now go to GOTO-->Classification.
  On this screen we have two fields characteristic description & value.
  i want the table or function module which give the relationship betn this value & measuring point.
  Thanks In advance....

  hi Yogesh,
  Measurement document is in table IMRG. IMPTT is the table storing Measuring point. You can start at these tables.
  regards,
  Vinoth

• Tools related to anchor points are not working, can't add a point to paths or convert a point.

  Having a lot of issues manipulating points on paths in Illustrator CC - this is a fundamental feature of creating vector graphics and it's very annoying I'm paying for this and it's just not working. Eating up a lot of my time simply because I can't select or convert or add the anchor.

  bella,
  Presuming we are not just talking about more or less hidden Anchor Points as in View>Show/Hide Edges/Bounding Box, you may try to start on the following list (5) seems unlikely in this case).
  You may try the following (you may have tried/done some of them already) and see whether it helps (the following is a general list of things you may try when the issue is not in a specific file; 3) and 4) are specifically aimed at possibly corrupt preferences):
  1) Close down Illy and open again;
  2) Restart the computer (you may do that up to 3 times);
  3) Close down Illy and press Ctrl+Alt+Shift/Cmd+Option+Shift during startup (easy but irreversible);
  4) Move the folder Other options (follow the link with that name) with Illy closed (more tedious but also more thorough and reversible);
  5) Look through and try out the relevant among the Other options (follow the link with that name, Item 7) is a list of usual suspects among other applications that may disturb and confuse Illy, Item 15) applies to CC, CS6, and maybe CS5);
  Even more seriously, you may:
  6) Uninstall, run the Cleaner Tool (if you have CS3/CS4/CS5/CS6/CC), and reinstall.
  http://www.adobe.com/support/contact/cscleanertool.html

• Proxy Object related issue - Basis point of view

  Hi Guys,
  I am working on an interface Proxy(BW) to file.   I am done with all the required settings viz. activating ABAP proxies etc.  Created new package and assigned the SAI_TOOLS & SAI_SMXS in the use access of my package.
  While activating the proxy I am getting very weired error and the surprisingly EXECUTE_ASYNCHRONOUS method is invisible.  It was never occured in my other Proxy-file scenarios.
  I am getting error as "Insufficien use access for the package".
  The table sructure seems to be using “CONTROLLER”  as one of its fields/components.  When we check “CONTROLLER”, it seems to be having Component type “PRXCTRLTAB”.  When we further check “PRXCTRLTAB”, it belongs to the package “SAI_PROXY_PUBLIC” which is for “ES Tools: Proxy Public Interfaces”. 
  Am I missing anything?
  Your inputs are highly appreciated.
  Thanks & Regards
  Viji

  The other proxy scenarios you are using has the same package or different ones. The error seems to authorizations to package. Did you compare the authorizations of other package with the new one you created. Please compare  or try to delete the proxy and again activate the IR objects and create the SPROXY

• Question re install newer Safari over old one AND related security quesiton

  Hello. I have a friend who never updates anything on her older Mac and has a 1. number something Safari browser. (It has a Mac OS X, not sure what version.) I tried to update it from Apple's website, but a message appeared saying it might be a bogus website to which I was referred. 1) could machine be infected? 2) is there any special step to downloading a newer browser over an older one? 3) do you recommend any free program to search out infections first? (she will retrieve the OS X disk so I can give her a new user account password since she's forgotten hers).

  Hi lichens:
  Open disk utility (should be in your utilities folder), highlight your file, and click on repair permissions. Repair disk is a different process that "fixes" directory problems. That is found by booting from your software install DVD. DO NOT actually run the software install. Rather, select disk utility, highlight your HD, and then run the process.
  Ask away - I am glad to try to help.
  Barry

• Best Practice for Security Point-Multipoint 802.11a Bridge Connection

  I am trying to get the best practice for securing a point to multi-point wireless bridge link. Link point A to B, C, & D; and B, C, & D back to A. What authenication is the best and configuration is best that is included in the Aironet 1410 IOS. Thanks for your assistance.
  Greg

  The following document on the types of authentication available on 1400 should help you
  http://www.cisco.com/univercd/cc/td/doc/product/wireless/aero1400/br1410/brscg/p11auth.htm

• A Security Weakness When Signing without a Timestamp

  Hi Guys,
  I am exploring the need of timestamping PDF documents using Adobe Acrobat wrt security. I see a lot of signatures made without timestamps and I see an issue here mentioned below. If my assumption is valid then Ideally Adobe Acrobat should strongly mandate to use timestamps with revocation information.
  The scenario:
  A user uses a high trust credential to legitimately sign PDF documents but chooses not to use a Timestamp to avoid costs.  These documents have an embedded signature plus the signer’s certificate chain CRLs and/or OCSP responses (but no trusted timestamp).
  At a point in time (let’s say 1 June 2012) the credential and PIN is stolen.   If the theft is before the end of validity period the credential is of course revoked. However if the theft is of an expired credential it can’t be revoked and most people would not notice and perhaps would not even care.  Let us further assume the thief gains access to a number of old signed documents.  Of course in theory this is not a problem, because these documents are signed and therefore protected and can’t be changed. However the thief now has access to a range of valid CRLs and/or OCSP responses that were properly valid from before the theft and can use them to their advantage.  These documents may even be widely published or perhaps received anyway by an insider thief.
  The thief can use the stolen credential and can sign a document at any date/time of their choosing up to 1 June 2012 (by varying their local system date/time) to one that lies within the validity period of any previous OCSP/ CRL data they have captured. Even though the signature covers the validation data this is all done at what seems like a legitimate time. 
  Trust Threat Analysis:
  A stolen credential and PIN can easily be used at a local desktop time (set to anything you like).  With PDF editing software – no problem for a hacker of course – you can embed a CRL that shows the stolen credential as good during any period up to the revocation or expiry.  The hacker just needs to select a signing date/time that is within a CRL validity period for one of the CRLs they have access to.  The selected CRL is then re-used as part of the signing process on a fraudulent document.
  It is now up to the receiving software to make the right trust decision – and a trusted timestamp should always be used to make a trustworthy historic decision.  If there is no embedded trusted timestamp the receiver software could decide to verify the signature at (a) the current time or (b) the (untrusted) time indicated by the signer.  Any software that uses option (b) and trusts the (untrusted) time in the signature rather than defaulting to current time creates a substantial trust issue.  The whole purpose of using and attaching a valid, trusted signature time stamp is to independently confirm the accurate date/time of (potentially untrusted) third party signing events.  The timestamp cannot be re-used since it covers the signature details.  Any substantial variance in time between the signer’s time and the timestamp time is peculiar but systems should always default to trusting the signature timestamp date/time.
  Ideally PDF signing software used by a signer that fails to obtain a timestamp should not allow the document to be signed.  If the policy is to sign with a long-term signature then the timestamp must be present to confirm the time.  Some software products create confusion by allowing the timestamp to be missed if it cannot be obtained.  This means that a document that should have a life of several months or years should actually be seen to have an issue immediately after certificate revocation or expiry (could be in a few days or months).  Using such software, users will not be aware of the issue until the problem has manifested itself.
  Any Comments?
  Regards,
  Wahaj

  The settings for the warning messages have been removed from the user interface (Bug 513166).
  You need to change the related security.warn_* prefs directly on the <b>about:config</b> page.<br />
  Filter: security.warn
  To open the <i>about:config</i> page, type <b>about:config</b> in the location (address) bar and press the "<i>Enter</i>" key, just like you type the url of a website to open a website.<br />
  If you see a warning then you can confirm that you want to access that page.<br />
  *Use the Filter bar at to top of the about:config page to locate a preference more easily.
  *Preferences that have been modified show as bold(user set).
  *Preferences can be reset to the default or changed via the right-click context menu.

• Performance tuning & Securing MX 7 on IIS 6

  I never had much at all to do with Coldfusion and have just been asked to look into making some security and performance suggestions for a small Windows 2003/IIS 6 server farm using Coldfusion MX 7.
  This is what I was planning;
  Configure all IIS websites to use a seperate IIS application pool (security)
  Configure all IIS websites to use a seperate windows user account for authentication (security)
  Configure IIS content expiration (performance)
  Configure IIS file compression and static file caching (performance)
  Use 3rd party anti leech tool (security/performance)
  Problem is although I am familiar enough with IIS, I don't really have a good understanding of how Coldfusion MX 7 hangs together. From what I've read to date (which is pretty limited) it appears as if Coldfusion doesn't use IIS for much more than serving HTTP requests. Is this an accurate summation?
  If so, then how does Coldfusion interact with IIS? Particularity in relation to the points I mentioned above? I read a guide on securing Coldfusion MX 7 on IIS from the Adobe website and it makes no mention of doing the segregation I listed above, and one of my colleagues told me that Coldfusion doesn't even use IIS application pools or worker processes (not sure how this would even be possible) and handles content compression and caching itself as well as security.
  Basically, any pointers/advice on how Coldfusion MX 7 interacts with IIS 6 and if the points I made are valid in an IIS/Coldfusion environment would be greatly appreciated.
  Cheers!

  Distributed Mode is what you are after.
  http://www.adobe.com/support/coldfusion/administration/cfmx_in_distributed_mode/
  Although written a few years ago, it'll still point you in
  the right direction.
  Andy