BW Security/Authoirzations Benchmarking

We are a major industrial gases manufacturer looking to benchmark our BW Security practices to other large firms on a single instance of the ERP R/3 and BW tools.
We have developed a list of Benchmark Questions for Business Warehouse Security below.
1. Does your company use a single instance of SAP ERP and BW?
2. In the Business Warehouse, does your security set up allow people to view information for all profit centers in the company?
a. company codes?
b. sales organizations?
c. products & materials?
3. Does your security set up allow people to view all of the information within their business process (for example, Order to Cash, where a person might see receivables and sales information)?
4. Along what lines have you defined BW roles and security? (For example cube by cube, businesses within cubes, customers assigned to people, etc.)
5. How do you protect key information like customer lists, product and raw material pricing, and product recipes?
6. Is it ok if we contact someone in your company for clarification or follow-up to these answers? If so, please provide the name, email, and phone number of the contact.
If you would rather respond to me directly, that would be fine. We are looking to see how we can improve our efforts while helping the business to stay informed via BW.
Thank you,
Bill Gerlach
Air Products and Chemicals, Inc.
[email protected]
610-481-3161

hi Ravi,
also take a look this
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/39f29890-0201-0010-1197-f0ed3a0d279f
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/adeac294-0501-0010-5a97-9ac5d562b1be
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fda2a990-0201-0010-5497-b81b1556df24
hope this helps.

Similar Messages

Who is using up all my space?

Hi. I'm very new to Oracle and have run into a situation.
We have a 11g db server that we've hardened via CIS Security Configuration Benchmark. When our application (HP Operation Manager) attempts to write to one of his tables, we are seeing an error message indicating that we've exceeded quotas (in our application logs). A best as I can figure, the application is connecting to the DB as opc_op. When I log in a opc_op and select from session_priv;* I see UNLIMITED TABLESPACE. From my understanding this privilege overrides any quotas that's in place.
My question is how do I accurately determine who is writing to a particular tablespace?
TIA,
Bert

Odd;
Try this with your tablespace :
col segment_name format a22
col ts_name format a8
col owner format a8
select ds.tablespace_name                               ts_name
      ,ds.owner                                         owner
      ,rtrim(ds.segment_name||' '||ds.partition_name)   segment_name
      ,substr(ds.segment_type,1,7)                      typ
      ,to_char(ds.extents,'999')                        exts
      ,to_char(ds.initial_extent/1024,'9,999,999')      initial_K
      ,to_char(ds.next_extent/1024,'9999,999')          next_k
      ,to_char(ds.bytes/1024,'999,999,999')             size_k
      ,do.created                                       created
      ,do.last_ddl_time                                 last_ddl_time
from sys.dba_segments ds, sys.dba_objects do
where ds.tablespace_name =Best Regards
mseberg
Edited by: mseberg on Mar 28, 2012 8:36 AM

DB Security Benchmarks

Dear all,
OUR Company has got a Telco Product which has got all famous oracle products with it. i.e oracle DB,AS(SOA,AS,WEB Server,OID).
We need to make sure that our product is security complaint. Is there any set of renowned secutiry benchmarks available for the above products .. Is there any security consultants available for consultation ?.All we need is to enhance marketing adding our product is secured and making sure that it is ?
Please guide
Kai

http://www.oracle.com/technology/pub/articles/project_lockdown/index.html
HTH...

Cost and performance benchmarks for security

Looking for cost and performance benchmarks on the
Cryptograhic toolkit - 8i supplied package,
Oracle Label Security (OLS)
Virtual Private Database (VPD)
Please send any suggestions to my email address - thanks

Looking for cost and performance benchmarks on the
Cryptograhic toolkit - 8i supplied package,
Oracle Label Security (OLS)
Virtual Private Database (VPD)
Please send any suggestions to my email address - thanks

Security Filtering on the v7 Web Server using sed_request

I have been trying to improve protection of an application from cross-site scripting and SQL injection attackes. The ideal solution is the modsecurity rulebase but this is for Apache 2 only so I haev been looking for other solutions. I'm not going to guarantee all of the following since I haven't finished testing it but it looks hopeful so far as an avenue for investigation.
A direct port of the modsecurity engine to the Sun One / iPlanet web server has been started, with an unsupported implementation with near complete functionality in the version 7 codebase, but not all keywords required for the rules are available in this release and it remains unsupported for production use. A simpler but fully supported solution is the sed filter; which is also provided with the version 7 product, but as a separate NSAPI plugin implementing the sed_request and sed_response server application functions (SAFs) which could theoretically be lifted out and run against earlier versions of the web server.
So, how does the sed filter help? Well, although the functionality is less than that of the full modsecurity engine and performance is more limited, as implementing the Unix stream editor (sed) support for simple basic regular expressions it is possible to port some of the key modsecurity rules. The approach is a simple one:
* Choose the key rules for modsecurity that are to implemented, e.g. SQL injection, cross-site scripting, etc
* Open the rule set for each and copy out the extended regular expression
* Translate the extended regular expression to a standard basic regular expression, including replacing the found string with nothing
* Import the new sed rule into the obj.conf for the web server instance
This is best explained with a simple example.
First download the modsecurity source code from http://www.modsecurity.org and unpackage the tarball. In the resulting directory tree go to the rules/base_rules subdirectory and open the modsecurity_crs_41_sql_injection_attacks.conf file. In this file are a number of security rules defined, but a simple examination of each will show the format, the phase and a description after the SecRule keyword and some type information. Note that many of the security rules can be applied unchanged by the unsupported Sun One / iPlanet modsecurity engine that will be a full implementation in a future release. After the type information the extended regular expression used to define when the rule is to be applied can be found. For example, consider one SQL injection rule:
SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\buser_tab_columns\b" \
"phase:2,rev:'2.0.5',capture,t:none,ctl:auditLogParts=+E,pass,no
log,auditlog,msg:'Blind SQL Injection Attack',id:'959536',tag:'WEB_ATTACK/SQL_INJECTION',tag:'WASCTC/WASC-19',tag:'OWASP_TOP_10/A1',tag:'OWASP_AppSensor/CIE1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar
:tx.sql_injection_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%
{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}"
In this the extended regular expression saying when this rule applies is "\buser_tab_columns\b"
which tells the rules engine to look for the phrase user_tab_columns in the input stream.
We want to replace this with nothing, so a sample sed rule for this would be
sed="s/\buser_tab_columns\b//g"
This says to replace all occurences found in the stream with nothing.
Taking this to its extreme, which will not result in the fastest processing, but will ptotect from cross-site scripting and SQL injection POST attacks against a back end Oracle environment, we end up with a complex segment of an obj.conf for Oracle iPlanet Web Server 7.09. Details are in the next post.

This is something like:
<Object name="default">
Input fn="insert-filter"
method="(GET|POST|HEAD)"
filter="sed-request"
sed="s/</\\</g"
sed="s/%3c/\\</g"
sed="s/%3C/\\</g"
sed="s/>/\\>/g"
sed="s/%3e/\\>/g"
sed="s/%3E/\\>/g"
sed="s/\x2Eexecscript\b//g"
sed="s/<body\b.*?\bonload\b//g"
sed="s/\blivescript://g"
sed="s/\bsettimeout\b[^a-zA-Z_0-9]*?//g"
sed="s/\x3C ?iframe//g"
sed="s/\bsrc\b[^a-zA-Z_0-9]*?\bjavascript://g"
sed="s/\bsrc\b[^a-zA-Z_0-9]*?\bvbscript://g"
sed="s/\btype\b[^a-zA-Z_0-9]*?\btext\b[^a-zA-Z_0-9]*?\becmascript\b//g"
sed="s/\x2Ecookie\b//g"
sed="s/\x3C\x21\x5Bcdata\x5B//g"
sed="s/\x2Eaddimport\b//g"
sed="s/\bhref\b[^a-zA-Z_0-9]*?\bjavascript://g"
sed="s/\btype\b[^a-zA-Z_0-9]*?\btext\b[^a-zA-Z_0-9]*?\bjscript\b//g"
sed="s/\balert\b[^a-zA-Z_0-9]*?\x28//g"
sed="s/\btype\b[^a-zA-Z_0-9]*?\bapplication\b[^a-zA-Z_0-9]*?\bx-vbscript\b//g"
sed="s/\x3C ?meta\b//g"
sed="s/\bsrc\b[^a-zA-Z_0-9]*?\bhttp://g"
sed="s/\btype\b[^a-zA-Z_0-9]*?\btext\b[^a-zA-Z_0-9]*?\bvbscript\b//g"
sed="s/\bhref\b[^a-zA-Z_0-9]*?\bvbscript://g"
sed="s/\burl\b[^a-zA-Z_0-9]*?\bjavascript://g"
sed="s/\x2Einnerhtml\b//g"
sed="s/\x40import\b//g"
sed="s/\x3C ?script\b//g"
sed="s/\btype\b[^a-zA-Z_0-9]*?\btext\b[^a-zA-Z_0-9]*?\bjavascript\b//g"
sed="s/\x2Efromcharcode\b//g"
sed="s/\burl\b[^a-zA-Z_0-9]*?\bvbscript://g"
sed="s/\bsettimeout\b[^a-zA-Z_0-9]*?\x28//g"
sed="s/<(a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)[^a-zA-Z_0-9]//g"
sed="s/(asfunction|javascript|vbscript|data|mocha|livescript)://g"
sed="s/(fromcharcode|alert|eval)\x73*\x28//g"
sed="s/<!\x5Bcdata\x5B|\x5D>//g"
sed="s/['\"<]xss['\">]//g"
sed="s/(88,83,83)//g"
sed="s/'';!--\"<xss>=&{()}//g"
sed="s/&{//g"
sed="s/<!(doctype|entity)//g"
sed="s/(?i:<style.*?>.*?((@[i\\\\])|(([:=]|(&[#\x28\x29=]x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\\\]|(&[#()=]x?0*((40)|(28)|(92)|(5C));?)))))//g"
sed="s/(?i:[ /+\t\"\'`]style[ /+\t]*?=.*?([:=]|(&[#()=]x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\\\]|(&[#()=]x?0*((40)|(28)|(92)|(5C));?)))//g"
sed="s/(?i:<object[ /+\t].*?((type)|(codetype)|(classid)|(code)|(data))[ /+\t]*=)//g"
sed="s/(?i:[ /+\t\"\'`]datasrc[ +\t]*?=.)//g"
sed="s/(?i:<base[ /+\t].*?href[ /+\t]*=)//g"
sed="s/(?i:<link[ /+\t].*?href[ /+\t]*=)//g"
sed="s/(?i:<meta[ /+\t].*?http-equiv[ /+\t]*=)//g"
sed="s/(?i:<?import[ /+\t].*?implementation[ /+\t]*=)//g"
sed="s/(?i:<embed[ /+\t].*?SRC.*?=)//g"
sed="s/(?i:[ /+\t\"\'`]on\x63\x63\x63+?[ +\t]*?=.)//g"
sed="s/(?i:<?frame.*?[ /+\t]*?src[ /+\t]*=)//g"
sed="s/(?i:<isindex[ /+\t>])//g"
sed="s/(?i:<form.*?>)//g"
sed="s/(?i:<script.*?[ /+\t]*?src[ /+\t]*=)//g"
sed="s/(?i:<script.*?>)//g"
sed="s/(?i:[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).*?(((l|(\\\\u006C))(o|(\\\\u006F))(c|(\\\\u0063))(a|(\\\\u0061))(t|(\\\\u0074))(i|(\\\\u0069))(o|(\\\\u006F))(n|(\\\\u006E)))|((n|(\\\\u006E))(a|(\\\\u0061))(m|(\\\\u006D))(e|(\\\\u0065)))).*?=)//g"
sed="s/(?i:[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).+?(([.].+?)|([\x5B].*?[\x5D].*?))=)//g"
sed="s/\bsys\x2Euser_catalog\b//g"
sed="s/\bsys\x2Euser_tables\b//g"
sed="s/\bcharindex\b//g"
sed="s/\bsys\x2Eall_tables\b//g"
sed="s/\bsys\x2Euser_constraints\b//g"
sed="s/\bselect\b.{0,40}buser\b//g"
sed="s/\bwaitfor\b[^a-zA-Z_0-9]*?\bdelay\b//g"
sed="s/\bselect\b.{0,40}\bsubstring\b//g"
sed="s/\bsys\x2Euser_triggers\b//g"
sed="s/\blocate[^a-zA-Z_0-9]+\x28//g"
sed="s/\bsys\x2Euser_tab_columns\b//g"
sed="s/\battnotnull\b//g"
sed="s/\bsys\x28tab\b//g"
sed="s/\bselect\b.{0,40}\bascii\b//g"
sed="s/\bsys\x2Euser_views\b//g"
sed="s/\binstr[^a-zA-Z_0-9]+\x28//g"
sed="s/\bsys\x2Euser_objects\b//g"
sed="s/\buser_tables\b//g"
sed="s/\buser_tab_columns\b//g"
sed="s/\ball_objects\b//g"
sed="s/\bsubstr\b//g"
sed="s/\bsysdba\b//g"
sed="s/\btextpos[^a-zA-Z_0-9]+\x28//g"
sed="s/\buser_password\b//g"
sed="s/\buser_users\b//g"
sed="s/\buser_constraints\b//g"
sed="s/\bcolumn_name\b//g"
sed="s/\bsubstring\b//g"
sed="s/\bobject_type\b//g"
sed="s/\bobject_id\b//g"
sed="s/\buser_ind_columns\b//g"
sed="s/\bcolumn_id\b//g"
sed="s/\btable_name\b//g"
sed="s/\bobject_name\b//g"
sed="s/\brownum\b//g"
sed="s/\buser_group\b//g"
sed="s/\butl_http\b//g"
sed="s/\bselect\b.*?\bto_number\b//g"
sed="s/\bgroup\b.*\bbyb.{1,100}?\bhaving\b//g"
sed="s/\bselect\b.*?\bdata_type\b//g"
sed="s/\bisnull\b[^a-zA-Z_0-9]*?\x28//g"
sed="s/\bunion\b.{1,100}?\bselect\b//g"
sed="s/\binsert\b[^a-zA-Z_0-9]*?\binto\b//g"
sed="s/\bselect\b.{1,100}?\bcount\b.{1,100}?\bfrom\b//g"
sed="s/\x3B[^a-zA-Z_0-9]*?\bdrop\b//g"
sed="s/\bloadb[^a-zA-Z_0-9]*?\bdata\b.*\binfile\b//g"
sed="s/\bselect\b.*?\bto_char\b//g"
sed="s/\bdbms_java\b//g"
sed="s/\bnvarchar\b//g"
sed="s/\butl_file\b//g"
sed="s/\binner\b[^a-zA-Z_0-9]*?\bjoin\b//g"
sed="s/\bselect\b.{1,100}?\bfrom\b.{1,100}?\bwhere\b//g"
sed="s/\bintob[^a-zA-Z_0-9]*?\bdumpfile\b//g"
sed="s/\bdelete\b[^a-zA-Z_0-9]*?\bfrom\b//g"
sed="s/\x3B[^a-zA-Z_0-9]*?\bshutdown\b//g"
sed="s/\bautonomous_transaction\b//g"
sed="s/\bdba_users\b//g"
sed="s/\bselect\b.{1,100}?\btop\b.{1,100}?\bfrom\b//g"
sed="s/\b(?:coalesce\b|root\x40)//g"
sed="s/\b(?:(?:rel(?:(?:nam|typ)e|kind)|to_(?:numbe|cha)r|d(?:elete|rop)|group\b[^a-zA-Z_0-9]*\bby|insert|where)\b|s(?:(?:ubstr(?:ing)?|leep)[^a-zA-Z_0-9]+\x28|(?:hutdown|elect)\b)|(?:b(?:enchmark|in)|find_in_set|position|mid)[^a-zA-Z_0-9]+\x28|c(?:o(?:n(?:cat[^a-zA-Z_0-9]+\x28|vert\b)|unt\b)|ha?r\b)|u(?:n(?:hex[^a-zA-Z_0-9]+\x28|ion\b)|pdate\b)|l(?:o(?:cate|wer)[^a-zA-Z_0-9]+\x28|ength\b)|a(?:ttn(?:ame|um)\b|scii[^a-zA-Z_0-9]+\x28)|h(?:aving\b|ex[^a-zA-Z_0-9]+\x28))//g"
sed="s/(?:[\\\x28\x29\x25#]|--)//g"
sed="s/\b(?:benchmark|encode)\b//g"

Most secure method of adding windows for my limited purposes?

I only need windows on this particular computer, a Macbook 13 inch 2.1 Ghz with 2 GB RAM ("111.47 GB hard disk space capacity") to run Internet Explorer in those instances where my Mac browsers (Safari, Firefox, Opera thus far) will not work on some part of a website (for instance, try ordering something on equifax.com - a major site that's not fully mac compatible). I have the latest update of Leopard. I bought the computer in the past three weeks and have run software update regularly.
I did not want to put windows on this computer when I originally bought it. Now it appears from the failure of Mac browsers to work in some situations, I have to put windows on. I'm not even sure I can find XP although I had it on my old HP desktop I'm getting rid of. I might be forced to buy Vista and I don't have probably enough space for it to run well, do I? Do I need to upgrade to 4 gb RAM? Expensive.
Anyway, for security purposes, I want to be very cautious in how I use windows. I found keyloggers and periodically had files show up on my old windows computer in AVG, Ad-Aware, Spybot and other programs that worried me (most recently "Omniquad" kept showing up even after I deleted it and AVG free has no notes on what this means).
Is the least vulnerable way as far as internet viruses to run windows on my Mac to just install it in BootCamp assistant and reboot when I need it? Or theoretically is there any more vulnerability if I use VMware Fusion or Parallels with it? Do I first set it up in Bootcamp assistant (what partition size?) before I worry about choosing Vmware Fusion or Parallels? Or do I need to install one of those before I install windows?
What was it someone was saying in a different thread about needing to edit one's "virtual machine" -- see below:
+"One other tip, I would recommend editing the virtual machine before activation of windows to use emulate the same MAC address for your virtual ethernet card in parallels as for your real network card. This seems to convince WIN XP at lease that it is the same machine whether you boot it through boot camp or through Parallels. Otherwise, activation quickly becomes a pain."+
(Where would my virtual machine be?)
And also, do I need to do some special reconfiguration with my router manufacturer (Linksys) after adding windows through bootcamp and/or Parallels/Vmware in order for the the windows side to connect to the internet as my Mac is doing?
Also: should I get Windows XP Professional or Vista in this situation with the small Macbook and limited needs? I hope XP will still be used years from now.
P.S. I wish it weren't so hard to find out how to do all this. It makes me not want to go through this again with another computer and I actually need another.

VMWare Fusion and Parallels create Virtual Machines. When you are running Windows inside the Mac os
you are running a Windows Virtual Machine. A Virtual Machine accesses the physical machine differently than a Boot Camp installation, since it is going through Fusion or Parallels, which is why set-up is trickier. See this wiki article: http://en.wikipedia.org/wiki/Virtual_machine
XP Pro was originally aimed at businesses and power users. It can access 2 physical processors (in contrast to two cores on one processor), so it benchmarks faster on my Mac Pro which has 2 dual core processors. It also has some advanced networking features. I use both XP and XP Pro at home and don't notice much difference in day to day use. You did buy the superior version of XP, and since it is aimed at businesses, Microsoft will continue to provide security updates for it long after they stop providing them for XP. So you will get some value from buying it.
Its great that you are checking the AV Comparative site for yourself and not just relying on my opinion. The version of Avira they are using in the tests however is the Premium version, not the free version. If you notice on the AV Comparatives site, there are 2 types of tests, on demand and proactive. One reason I prefer paid versions of anti-virus software is that only they provide proactive protection. On demand protection relies on signature files that the AV company provides your copy of the program - when you update an AV program you are updating the signature files. Signature files allow the program to recognize any known virus. They will not catch something new - this is why when a new virus arrives it spreads so quickly - no one has a signature file for it so their AV program doesn't recognize it as a threat. Then your AV program gets a signature file update and you can scan and find the virus. Proactive protection works differently. It looks for certain features in a file that are common to virus files. If the file fits this profile, the program will block it even though it doesn't have a signature file for that particular virus yet. So while everyone else gets the virus maybe you don't (if you notice, the success rate for proactive protection is much lower than on demand). Yet some programs, like NOD32 and (usually) Kaspersky do proactive much better than other programs (don't know why Kaspersky slipped so much this time). I prefer NOD32 because it not only rates advanced plus in both on demand and proactive but also update signature files very quickly, uses few system resources so it doesn't slow you down, and works quietly behind the scenes
(Kaspersky can bug you to death sometimes).

Permission issue with red hat 5. security patch

Hi Experts,
We have a 4 node oracle 11.1 RAC in red hat 5.1 linux.
the sys admin install red hat 5 version 1.1.2 june 2009 security benchmark in RAC.
But the one node does not restart after implement security benchmark and patch task was stopped.
OS person finial start up this node.
However I got one message as
[oracle@sale1 a bin]$ ./crs_stat -t -v
-bash: ./crs_stat: Permission denied
From other node, i saw all components are offline.
what kind of issue is for this point? how to debug and fix it?
Thanks for help!
Regard
Jim

Thanks for your help.
Log into root user and I got massage as -bash: ./crs_stat: No such file or directory.
I checked system that all file is belong root and remove all oracle/orainstall owner from system.
OS will work on it.
I will let you know it later.
Jim

ID Server and Policy Agent for AS .. is secure?

Hello there,
I have a question. Quite critical question, concerning iPlanetDirectoryPro cookie. If I've got it right, this cookie contains SSO Token. And the SSO token can be used with identity server to obtain any SSO assetion. I've experimentaly confirmed this.
Now, can anyone tell me why this cookie is sent to any host in my domain? The default after instalation is "bgs.sk". This default value enables any host in my domain to impersonate me. Well, I still can change this, but it is now good to have insecure default values anyway, is it?
Second, and more critical problem: I have Policy Agent installed on my Application Server. It looks like the agent requires access to the iPlanetDirectoryPro cookie to work correctly. But, if my application server has my SSO token, it can impersonate me anywhere. Not a good situation at all. That would mean security hole as big as hangar doors.
Are my assumptions correct? Am I overlooking something?
(All valid for ID server 6.0 and Liberty protocols)
Thanks for any help.

Although Sun promote Identity Server by emphasizing its Liberty/SAML feature, the product itself use a proprietary protocol for SSO and CDSSO.
As all we know, this product could be totally useless without Sun's Policy/J2EE Agent deployed. But ironically these agents communicate with Identity Server in its own way, nothing to do with SAML, XACML, or even SOAP.
The agent approach is usually not a good idea. We saw more and more problem raised from fields related to agent stability and scalability. We never see any performance benchmark data from Sun. Since the communication between agt and Identity Server are proprietary, no ISV can make agent for this product. You have to wait for Sun for agent support if you have new system not on the support matrix.
In addition to agent, another big issue of Identity Server is its complex DIT structure. In fact, we prefer to have RDBMS as Identity Server's repository. Sun abuse ldap just because this company doesn't have any database product but still want to provide a pure Sun platform (JES) to customer. So they compromise the architecture for business reason, I'd like to tell you, I don't like the way Identity Server store data in DIT, I don't like the console UI (its for technical geek), and on one in our company dare to do any configuration change.
Now Sun put Identity Server as the core of its JES product stack. If you have time to take a look at how the SJS Portal use Identity Server and how SSO between Portal channel and Email/Calendar Server are achieved, you'll find that you just buy a "framework" (I mean Identity server), not a product, because you have to do every integration work by intensively coding.
I predict that Identity Server will be significantly rearchitctured in the near future, otherwise we don't see any benefit this product can bring to me. It is a headache for deployment as well as maintenance. If you just need Single Sign-On, there are lots alternative to achieve, Sun's Identity Server is really overkill. It's authentication feature is ok, but authorization feature (policy, role) is very limited. If you have lots of Windows/IIS web app need to do SSO with Identity Server, god bless you... you better have a sharp programmer to wrap up the C API so as your ASP programmer can leverage Identity Server SDK, and you got to pray for IIS agent behave well. In addition, don't forget to learn more about JATO if you want to do some fancy customization on the default login page.

Any security hole in this programm?

The code below is a benchmarking harness for sorting algorithms.
//a driver
public class TestSort {
     static Object[] testData = {
          0.3, 1.3e-2, 7.9, 3.17
     public static void main(String[] args) {
          // TODO Auto-generated method stub
          Sort bsort = new SimpleSortDouble();
          SortMetrics metrics = bsort.sort(testData);
          System.out.println("Metrics: " + metrics);
          for (int i = 0; i < testData.length; i++)
               System.out.println("\t" + testData);
//used for storing statistic data
public class SortMetrics implements Cloneable {
     public long probeCnt,               //data probes
          compareCnt, //comparing two elements
     swapCnt;     //swapping two elements
     public void init()
          probeCnt = swapCnt = compareCnt = 0;
     public String toString()
          return probeCnt + " probes" + compareCnt + " compares" + swapCnt + " swaps";
     /**overriding clone */
     public Object clone()
          try
               return super.clone();
          catch (CloneNotSupportedException e)
               throw new InternalError(e.toString());
//this is the main framwork
public abstract class Sort {
     private Object[] values;
     private final SortMetrics curMetrics = new SortMetrics();
     /** Invoked to do the full sort*/
     public final SortMetrics sort(Object[] data)
          values = data;
          curMetrics.init();
          doSort();
          return getMetrics();
     public final SortMetrics getMetrics()
          return (SortMetrics)curMetrics.clone();
     protected final int getDataLength()
          return values.length;
     protected final Object probe(int i)
          curMetrics.probeCnt++;
          return values[i];
     protected final int compare(int i, int j)
          curMetrics.compareCnt++;
          Object d1 = values[i];
          Object d2 = values[j];
          if (d1 == d2)
               return 0;
          else
               return (Double.parseDouble(d1.toString()) > Double.parseDouble(d2.toString()) ? -1 : 1);
     protected final void swap(int i, int j)
          curMetrics.swapCnt++;
          Object tmp = values[i];
          values[i] = values[j];
          values[j] = tmp;
     protected abstract void doSort();
//used to define a sorting alogrithm
public class SimpleSortDouble extends Sort {
     @Override
     protected void doSort() {
          // TODO Auto-generated method stub
          for (int i = 0; i < getDataLength(); i++)
               for (int j = 0; j < getDataLength() - i; j++)
                    if (compare(i, j) > 0)
                         swap(i, j);
This is a question in �the java programming language(Third Edition) Page102�. I was required to find at least one security hole in �Sort� class that would let a sorting algorithm cheat on its metrics without being caught, assuming that the sorting algorithm author doesn�t get to write method �main�.
In my naive opinion this framework is well-designed, since I find all the access method that shouldn�t be extended are declared final. It�s really hard for me to figure out any security problem.
I�m very eager to know the answer, please enlighten me!

How about this
Object[] theList = new Object[getDataLength()];
for(int i=0; i<theList.length; i++){
theList[i] = probe(i);
// we now have a local copy of the list.
// we can do as many comparisions as we like on our local copy,
// and just mirror the swaps with the sorting algorithm.
for (int i = 0; i < getDataLength(); i++)
for (int j = 0; j < getDataLength() - i; j++)
      if (theList.compareTo(theList[j] > 0)
swap(i, j);
Thus we can falsify the number of comparisions we actually do.
With a bit more effort, you can sort the list, figure out the minimum number of swaps needed to move the original list to the sorted one, and apply those ones.
The trick is to avoid calling probe, compare and swap as much as possible.By calling probe once for each element, we no longer have to call compare to compare them.

Mac Book Pro hangs when installing Security Update 2013-002 (ver 1.0) on Lion 10.7.5

I am running Lion 10.7.5 on a 13" MacBook Pro (late 2011) with the latest software updates and everything has been working perfectly.
Last night I tried to do a Software Update and it said there is a Security Update 2013-002 (ver 1.0) recommended. I installed it and the progress bar went to about 50% and then stopped. I waited more than 2 hours and the mac locked up. Had to do a hard reboot. Tried to install this Security update again after rebooting. The mac froze again (spinning wheel).
Any ideas?

OK. Let's try running the computer in Safe Mode then a normal restart. The initial startup into safe mode will take some time so be patient. A progress bar will eventually appear then disappear. Once safe mode is complete you will see a login window. Login with the desired account and password. Wait for the startup to fully complete before restarting. The point here is to clear some caches and other files that may become corrupted.
If you happen to own a utility such as Mountain Lion Cache Cleaner I would use it to clear out all the user, system, and font caches. An immediate restart is needed upon completion. At least this way we can rule out corrupted caches.
Meanwhile you can check out:
Kappy's Personal Suggestions About OS X Maintenance
For disk repairs use Disk Utility. For situations DU cannot handle the best third-party utility is: Disk Warrior; DW only fixes problems with the disk directory, but most disk problems are caused by directory corruption. Drive Genius provides additional tools not found in Disk Warrior for defragmentation of older drives, disk repair, disk scans, formatting, partitioning, disk copy, and benchmarking.
Four outstanding sources of information on Mac maintenance are:
1. OS X Maintenance - MacAttorney.
2. Mac maintenance Quick Assist
3. Maintaining Mac OS X
4. Mac Maintenance Guide
Periodic Maintenance
OS X performs certain maintenance functions that are scheduled to occur on a daily, weekly, or monthly period. The maintenance scripts run in the early AM only if the computer is turned on 24/7 (no sleep.) See Mac OS X- About background maintenance tasks. If you are running Leopard or later these tasks are run automatically, so there is no need to use any third-party software to force running these tasks.
If you are using a pre-Leopard version of OS X, then an excellent solution is to download and install a shareware utility such as Macaroni, JAW PseudoAnacron, or Anacron that will automate the maintenance activity regardless of whether the computer is turned off or asleep. Dependence upon third-party utilities to run the periodic maintenance scripts was significantly reduced after Tiger. (These utilities have limited or no functionality with Snow Leopard, Lion, or Mountain Lion and should not be installed.)
Defragmentation
OS X automatically defragments files less than 20 MBs in size, so unless you have a disk full of very large files there's little need for defragmenting the hard drive except when trying to install Boot Camp on a fragmented drive. But you don't need to buy third-party software. All you need is a spare external hard drive and Carbon Copy Cloner.
Cheap and Easy Defragmentation
You will have to backup your OS X partition to an external drive, boot from the external drive, use Disk Utility to repartition and reformat your hard drive back to a single volume, then restore your backup to the internal hard drive. You will use Carbon Copy Cloner to create the backup and to restore it.
1. Get an empty external hard drive and clone your internal drive to the
       external one.
2. Boot from the external hard drive.
3. Erase the internal hard drive.
4. Restore the external clone to the internal hard drive.
Clone the internal drive to the external drive
1. Open Carbon Copy Cloner.
2. Select the Source volume from the left side dropdown menu.
3. Select the Destination volume from the left side dropdown menu.
4. Be sure the Block Copy button is not depressed or is ghosted.
5. Click on the Clone button.
Destination means the external backup drive. Source means the internal startup drive.
Restart the computer and after the chime press and hold down the OPTION key until the boot manager appears. Select the icon for the external drive and click on the upward pointing arrow button.
After startup do the following:
Erase internal hard drive
1. Open Disk Utility in your Utilities folder.
2. After DU loads select your internal hard drive (this is the entry with the
       mfgr.'s ID and size) from the left side list. Note the SMART status of the
       drive in DU's status area. If it does not say "Verified" then the drive is
       failing or has failed and will need replacing. SMART info will not be
       reported on external drives. Otherwise, click on the Partition tab in the
       DU main window.
3. Under the Volume Scheme heading set the number of partitions from the
       drop down menu to one. Set the format type to Mac OS Extended
       (Journaled.) Click on the Options button, set the partition scheme to
       GUID then click on the OK button. Click on the Partition button and wait
       until the process has completed.
Restore the clone to the internal hard drive
1. Open Carbon Copy Cloner.
2. Select the Source volume from the left side dropdown menu.
3. Select the Destination volume from the left side dropdown menu.
4. Be sure the Block Copy button is not selected or is ghosted.
5. Click on the Clone button.
Destination means the internal hard drive. Source means the external startup drive.
Note that the Source and Destination drives are swapped for this last procedure.
Malware Protection
As for malware protection there are few if any such animals affecting OS X. Starting with Lion Apple has included built-in malware protection that is automatically updated as necessary.
Helpful Links Regarding Malware Protection:
1. Mac Malware Guide.
2. Detecting and avoiding malware and spyware
3. Macintosh Virus Guide
For general anti-virus protection I recommend only using ClamXav, but it is not necessary if you are keeping your computer's operating system software up to date. You should avoid any other third-party software advertised as providing anti-malware/virus protection. They are not required and could cause the performance of your computer to drop.
Cache Clearing
I recommend downloading a utility such as TinkerTool System, OnyX 2.4.3, or Cocktail 5.1.1 that you can use for periodic maintenance such as removing old log files and archives, clearing caches, etc. Corrupted cache files can cause slowness, kernel panics, and other issues. Although this is not a frequent nor a recurring problem, when it does happen there are tools such as those above to fix the problem.
For emergency cleaning install the freeware utility Applejack. If you cannot start up in OS X, you may be able to start in single-user mode from which you can run Applejack to do a whole set of repair and maintenance routines from the command line. Note that AppleJack 1.5 is required for Leopard. AppleJack 1.6 is compatible with Snow Leopard. (AppleJack works with Snow Leopard or earlier.)
Installing System Updates or Upgrades
When you install any new system software or updates be sure to repair the hard drive and permissions beforehand. I also recommend booting into safe mode before doing system software updates.
Backup and Restore
Having a backup and restore strategy is one of the most important things you can do to maintain your computer. Get an external Firewire drive at least equal in size to the internal hard drive and make (and maintain) a bootable clone/backup. You can make a bootable clone using the Restore option of Disk Utility. You can also make and maintain clones with good backup software. My personal recommendations are (order is not significant):
1. Carbon Copy Cloner.
2. Deja Vu
3. SuperDuper!
4. Synk Pro
5. Tri-Backup
Visit The XLab FAQs and read the FAQs on maintenance and backup and restore.
Always have a current backup before performing any system updates or upgrades.
Be sure you have an adequate amount of RAM installed for the number of applications you run concurrently. Be sure you leave a minimum of 10% of the hard drive's capacity or 20 GBs, whichever is greater, as free space. Avoid installing utilities that rely on Haxies, SIMBL, or that alter the OS appearance, add features you will rarely if ever need, etc. The more extras you install the greater the probability of having problems. If you install software be sure you know how to uninstall it. Avoid installing multiple new software at the same time. Install one at a time and use it for a while to be sure it's compatible.
Additional suggestions will be found in:
1. Mac OS X speed FAQ
2. Speeding up Macs
3. Macintosh OS X Routine Maintenance
4. Essential Mac Maintenance: Get set up
5. Essential Mac Maintenance: Rev up your routines
6. Five Mac maintenance myths
7. How to Speed up Macs
8. Myths of required versus not required maintenance for Mac OS X
Referenced software can be found at CNet Downloads or MacUpdate.

Sap-security: Myths about CUA

can anybody plz tell me, what is the process of creating/maintaining CUA by a sap-security admin?
Edited by: Julius Bussche on Oct 15, 2010 10:41 AM

Not sure what you meant by that "wilderness" comment... (though I use it myself sometimes
I have a customer implementing new systems on release 7.10 so they have no legacy CUA or coding etc.
They are using CUA from SolMan for all logical systems (ERP; BW, PI, SolMan) with the exception of the ERP productive client where the users are provisioned via SAML (currently external ID mapping for initial loads, later federation).
We have 3 million SU01 users...
CUA is very rubust, and if you understand how it works and what the tweaks are then it works like a charm.
Even when the "C" in "CUA" becomes a hassle with decentral admin requirements (user groups are a classic example in the master) then there are simple ways to deal with most of them in SHD0.
If you have already consolidated your systems or even implementing new ones, then you should not exclude CUA as an option.
My benchmarks are:
- CUA is easy to implement but requires a central guru for the tool. A knowledgeable admin can get it up and running in a few days.
- IdM is infact a development environment and not only a tool. It is an organizational project (possibly beyond company boundaries) which an admin cannot perform on their own.
Depending on the requirements and systems in the landscape, you choose the tool.
CUA is not obsolete!
Cheers,
Julius

Error Installing Security Update 2008-002 PPC 10.4.11

Software Update was unable to install this update, it moved the .pkg file to the trash.
I moved the .pkg file back to the Desktop, tried again, it failed.
I downloaded the .dmg/.pkg from the Apple web, tried agagin, it failed.
Is anyone able to install the Security Update 2008-002 PPC on their G3 in 10.4.11? I was able to reboot fine, everything else seems to be working properly anyway.

I can't really say which of the 10.4.point OS versions is faster, I think 10.4 and 10.3 both ran really well on my G3 with the 1GHz G4 upgrade. Definitely better than 10.2. 10.4 seems faster, but that may be due to my striped RAID I'm now using, booting and launching apps is pretty responsive.
In the too-much-information department...but since you asked, here are some of the peak numbers (uncached sequential read 256K blocks) from Xbench tests, not sure how good a test this is, but results will always vary a little from test to test. Is anyone getting much better performance than this, and if so what are you using?
For the G3 Desktop: (some tests were done in earlier configurations of my machine that no longer match the config listed in my signature)
15 MB/sec on built in
40 MB/sec on PCI-ATA66: 60 GB Maxtor 5T060H6 ATA/100 7200RPM
40 MB/sec: 320 GB OWC Neptune ST3320620A 7200RPM FW 400 on PCI-USB/FW external port
45 MB/sec: 120 GB Maxtor 6Y120P0 ATA/133 7200 RPM on PCI-ATA66
47 MB/sec: 120 GB Seagate ST3120026A ATA/100 7200 RPM on PCI-ATA66
70 MB/sec: SeaMax 120+120 on a PCI-ATA66RAID, I know the drives don't match, but hey, they're close enough.
My MacBook:
43 MB/sec: 160GB 5400RPM Hitachi HTS541616J9SA00 SATA
Is there a better benchmark utility to measure hard drive speeds? I am surprised the MacBook isn't faster with the SATA drive.

Help me with Running SpecjAppServer2004 benchmark

I am trying to run SpecjAppServer2004 on Weblogic 9.0 server.I have created a domain and deployed SpecjAppServer.ear on the admin server.I have the ear file from the disclosure archive og specj result submission.
But when i ran the benchmark with 30 injection rate, no load is there at the server.So i want to know, if i disable native io,and want to use execute queues, how I can do that.I am using different execute queues for different interfaces(dispatch-policy is included in application xmls).
The config.xml file i used is given below and all the threads for execute queue "default" are idle.It also says that the number of Socket Readers is 4.How?
Please help me
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/90/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/domain.xsd">
<name>SpecjAppServer_Domain</name>
<security-configuration>
<name>SpecjAppServer_Domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xsi:type="wls:default-role-mapperType"></sec:role-mapper>
<sec:authorizer xsi:type="wls:default-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}6b3pwzdi0MWd4xJQRL9V8azRZJyAXK8KkGRKTjZ3FJfUzxzClL32YdAjxw8y6XKQSuTSF5jmVE6EL8R1aTeH1uOFls2Ch+gj</credential-encrypted>
<node-manager-username>xua5WFT4K9</node-manager-username>
<node-manager-password-encrypted>{3DES}odrmII7Q/Ev+JBz7yYfEhQ==</node-manager-password-encrypted>
</security-configuration>
<log>
<name>SpecjAppServer_Domain</name>
<file-name>logs/SpecjAppServer_Domain.log</file-name>
</log>
<server>
<name>SpecjAppServer</name>
<native-io-enabled>false</native-io-enabled>
<ssl>
<name>SpecjAppServer</name>
<enabled>false</enabled>
<login-timeout-millis>25000</login-timeout-millis>
<identity-and-trust-locations>KeyStores</identity-and-trust-locations>
</ssl>
<log>
<name>SpecjAppServer</name>
<file-name>logs/SpecjAppServer.log</file-name>
</log>
<instrument-stack-trace-enabled>false</instrument-stack-trace-enabled>
<execute-queue>
     <name>default</name>
     <thread-count>50</thread-count>
     <threads-increase>1</threads-increase>
     <threads-minimum>50</threads-minimum>
</execute-queue>
<execute-queue>
<name>deliveryQueue</name>
<thread-count>100</thread-count>
<threads-increase>1</threads-increase>
<threads-minimum>100</threads-minimum>
</execute-queue>
<execute-queue>
<name>mfgQueue</name>
<thread-count>150</thread-count>
<threads-increase>1</threads-increase>
<threads-minimum>150</threads-minimum>
</execute-queue>
<execute-queue>
<name>webQueue</name>
<thread-count>300</thread-count>
<threads-increase>1</threads-increase>
<threads-minimum>300</threads-minimum>
</execute-queue>
<use81-style-execute-queues>true</use81-style-execute-queues>
<listen-port>7001</listen-port>
<web-server>
<web-server-log>
<file-name>logs/access.log</file-name>
<logging-enabled>false</logging-enabled>
</web-server-log>
<keep-alive-enabled>true</keep-alive-enabled>
<keep-alive-secs>120</keep-alive-secs>
<default-web-app-context-root>/DefaultWebApp</default-web-app-context-root>
</web-server>
<listen-address></listen-address>
<accept-backlog>5000</accept-backlog>
<server-version>9.0.0.0</server-version>
<default-file-store>
<name>SpecjAppServer</name>
<directory>SpecjAppServerFileStore</directory>
<synchronous-write-policy>Direct-Write</synchronous-write-policy>
</default-file-store>
</server>
<embedded-ldap>
<name>SpecjAppServer_Domain</name>
<credential-encrypted>{3DES}MBvn6Ve0ic0jUp2LBDBanpG5bwDE60P7BKnA1Tb6cC4=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.0.0.0</configuration-version>
<app-deployment>
<name>SPECjAppServer</name>
<target>SpecjAppServer</target>
<module-type>ear</module-type>
<source-path>E:\SpecJAppServer2004_weblogic\jars\SPECjAppServer.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<jms-server>
<name>SpecjJmsServer</name>
<target>SpecjAppServer</target>
</jms-server>
<web-app-container>
<relogin-enabled>true</relogin-enabled>
<allow-all-roles>true</allow-all-roles>
<filter-dispatched-requests-enabled>true</filter-dispatched-requests-enabled>
<rtexprvalue-jsp-param-name>true</rtexprvalue-jsp-param-name>
<jsp-compiler-backwards-compatible>true</jsp-compiler-backwards-compatible>
</web-app-container>
<jms-system-resource>
<name>jms_module</name>
<target>SpecjAppServer</target>
<sub-deployment>
<name>SpecQueueConnectionFactory</name>
<target>SpecjAppServer</target>
</sub-deployment>
<sub-deployment>
<name>ReceiveQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<sub-deployment>
<name>BuyerQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<sub-deployment>
<name>FulfillOrderQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<sub-deployment>
<name>LargeOrderQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/jms_module-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>SpecjAppServer</admin-server-name>
<jdbc-system-resource>
<name>SpecDataSource</name>
<target>SpecjAppServer</target>
<descriptor-file-name>jdbc/SpecDataSource-5808-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain>

Please check the run.properties file under specj config directory. If the doAudit parameter is set to 1 and you do not run the chart application you will not see any load or output.

Performance benchmarks?

Hello,
Has anyone done any performance benchmarking on Portal Server? (Or know
where I can find such information?)
I'm curious to know:
1. Given iPlanet's recommended hardware, how many concurrent users does
this support with decent performance (SSL to gateway to non-SSL server)?
2. How does the product scale...e.g. if I wanted to have 250 concurrent
gateway users (running SSL), what hardware is recommended? 500 users?
1000 users?
3. Has anyone tried (or does the product even support) the use of SSL
accelerator cards on the gateway machine?
Any help is appreciated.
Thanks,
Murray

Hi.
We did some benchmarking in january, at the SUN iforce center in holland,
using iPlanet Portal Server SP2 Hotpatch3.
We focused on measuring:
1) Average time to log in to portal(with default channels, netlet set up) as
a function of simultaneous users
2) Average time to do a "standard operation" inside portal.
Our results supported the numbers from iPlanet saying thath one could have
250 simultaneous "secure" users pr CPU in this setup. (SP2 HP3)
This "guaranteed" number of simultaneous users pr CPU for iPS 3 SP3 is said
to be increased to 1500.
We used SUN E 220 s with 2x450 MHZ CPUs and 1 G RAM.
The performance increased remarkable when we went from gateway and server on
1 machine, to separate gateway and server.
Tore
"Murray Bodor" <[email protected]> wrote in message
news:[email protected]..
Hello,
Has anyone done any performance benchmarking on Portal Server? (Or know
where I can find such information?)
I'm curious to know:
1. Given iPlanet's recommended hardware, how many concurrent users does
this support with decent performance (SSL to gateway to non-SSL server)?
2. How does the product scale...e.g. if I wanted to have 250 concurrent
gateway users (running SSL), what hardware is recommended? 500 users?
1000 users?
3. Has anyone tried (or does the product even support) the use of SSL
accelerator cards on the gateway machine?
Any help is appreciated.
Thanks,
Murray

Security Audit Applications

Hi all,
having recently attended a very good presentation by Pete Finnegan on the subject of Oracle security audits I have been investigating what products are available and found threre is a lot of choice, the main two commercial ones being NGS SQuirrel and AppDetective.
I was wondering what experiences and opinions anyone has regarding the products and their functionality and whether thay are much better than freeware utilities such as OScanner written by Patrik Karlsson or the CIS Oracle database security benchmark tool?
Any feedback is much appreciated
Cheers
Phil

Phil,
My company has not released for the general public, an Oracle scanning tool which reports based on GRC mandates like SCAP, PCI, etc. Let me know if you would like some information. [email protected]

BW Security/Authoirzations Benchmarking

Similar Messages

Maybe you are looking for