"darwin application" run by Guest. Security issue?

Jolly good day everyone.
I have just received reports by trusty little "Little Snitch" that "Darwin" wants to connect to several servers across the web. In fact it didn't want to stop, so I opened the activity monitor only to find that Darwin was run by the user "guest". I killed the little app along with "Mdimport" (which I believe is spotlight, but it was also run by "Guest") and nothing happened, so I suppose it wasn't the Darwin that's the lower level of MAc OsX.
Well?

Doesn't sound too good, someone might have used your Guest account to access your computer. Let me make a wild guess the password for Guest was "Guest"...
Delete the guest account, make sure the firewall is turned on, run a check for trojans.
I'm no expert by any means, but that's your best bet. Don't expect too much help on this board regarding security issues, as you see you hardly get a reply although this seems like a severe security issue.
People take it for granted that OsX is safe, so they are uneducated, but it's not. In fact that makes it very dangerous. With Windows you know they're going to hack the crap out of you so you take the right steps to prevent it.
With more and more Macs coming to use we'll see more hackers getting interested so you better be prepared

Similar Messages

  • Application running in OC4J (10.1.3.4)Getting issue in OC4J (10.1.3.5) Ver.

    Hi,
    Below log issue appearing while deploying same application running in OC4J (10.1.3.4 Getting issue in with OC4J (10.1.3.5) .
    Tried importing relevant jar files into our application library
    backport-util-concurrent-3.1.jar
    com.springsource.edu.emory.mathcs.backport-sources-2.2.0.jar
    clover-2.4.2.jar
    js-14.jar
    Still issue is not resolved, Any one please advice, We are using Spring, Struts 1.2 and Hibernate 3.0 in this applicaiton.
    at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
    at java.lang.Thread.run(Thread.java:595)
    02-14@07:49:28 DEBUG (ClassUtils.java:164) - Class [edu.emory.mathcs.backport.java.util.concurrent.ConcurrentHashMap] or one of its dependencies is not present: oracle.classloader.util.AnnotatedClassNotFoundException:
    Missing class: edu.emory.mathcs.backport.java.util.concurrent.ConcurrentHashMap
    Dependent class: org.springframework.util.ClassUtils
    Loader: fzgpdtp.web.fzgpdtp:0.0.0
    Code-Source: /u01/app/oracle/product/oas/1013/j2ee/FZGPExternal/applications/fzgpdtp/fzgpdtp/WEB-INF/lib/spring-2.5.2.jar
    Configuration: WEB-INF/lib/ directory in /u01/app/oracle/product/oas/1013/j2ee/FZGPExternal/applications/fzgpdtp/fzgpdtp/WEB-INF/lib
    This load was initiated at fzgpdtp.web.fzgpdtp:0.0.0 using the loadClass() method.
    The missing class is not available from any code-source or loader in the system.
    02-14@07:49:28 INFO (ContextLoader.java:188) - Root WebApplicationContext: initialization started
    02-14@07:49:28 INFO (AbstractApplicationContext.java:412) - Refreshing [email protected]18d085a: display name [Root WebApplicationContext]; startup date [Tue Feb 14 07:49:28 GST 2012]; root of context hierarchy
    02-14@07:49:28 INFO (XmlBeanDefinitionReader.java:309) - Loading XML bean definitions from class path resource [../config/services-applicationContext.xml]
    02-14@07:49:29 ERROR (ContextLoader.java:214) - Context initialization failed
    java.lang.NullPointerException: name
    at java.util.zip.ZipFile.getEntry(ZipFile.java:247)
    at java.util.jar.JarFile.getEntry(JarFile.java:204)
    at java.util.jar.JarFile.getJarEntry(JarFile.java:187)
    at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:674)
    at sun.misc.URLClassPath.getResource(URLClassPath.java:161)
    at sun.misc.URLClassPath.getResource(URLClassPath.java:213)
    at java.lang.ClassLoader.getBootstrapResource(ClassLoader.java:1113)
    at java.lang.ClassLoader.getResource(ClassLoader.java:974)
    at oracle.classloader.PolicyClassLoader.findJREResource(PolicyClassLoader.java:1233)
    at oracle.classloader.JVMSearchPolicy.findResource(JVMSearchPolicy.java:36)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.getResource(PolicyClassLoader.java:1763)
    at java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:1159)
    at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:139)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:322)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:296)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:92)
    at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:123)
    at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:423)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:353)
    at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:254)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:198)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
    at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1279)
    at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:848)
    at com.evermind.server.ApplicationStateRunning.getHttpApplication(ApplicationStateRunning.java:435)
    at com.evermind.server.Application.getHttpApplication(Application.java:592)
    at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.createHttpApplicationFromReference(HttpSite.java:2280)
    at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.<init>(HttpSite.java:2199)
    at com.evermind.server.http.HttpSite.addHttpApplication(HttpSite.java:1833)
    at oracle.oc4j.admin.internal.WebApplicationBinder.bindWebApp(WebApplicationBinder.java:304)
    at oracle.oc4j.admin.internal.WebApplicationBinder.bindWebApp(WebApplicationBinder.java:120)
    at oracle.oc4j.admin.internal.WebApplicationBinder.bindWebApp(WebApplicationBinder.java:92)
    at oracle.oc4j.admin.internal.ApplicationDeployer.bindWebApp(ApplicationDeployer.java:825)
    at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:276)
    at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:100)
    at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
    at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
    at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
    at java.lang.Thread.run(Thread.java:595)
    02-14@08:17:17 INFO (ContextLoader.java:188) - Root WebApplicationContext: initialization started
    02-14@08:17:17 INFO (AbstractApplicationContext.java:412) - Refreshing [email protected]f20d33: display name [Root WebApplicationContext]; startup date [Tue Feb 14 08:17:17 GST 2012]; root of context hierarchy
    02-14@08:17:18 INFO (XmlBeanDefinitionReader.java:309) - Loading XML bean definitions from class path resource [../config/services-applicationContext.xml]
    02-14@08:17:18 ERROR (ContextLoader.java:214) - Context initialization failed
    java.lang.NullPointerException: name
    at java.util.zip.ZipFile.getEntry(ZipFile.java:247)
    at java.util.jar.JarFile.getEntry(JarFile.java:204)
    at java.util.jar.JarFile.getJarEntry(JarFile.java:187)
    at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:674)
    at sun.misc.URLClassPath.getResource(URLClassPath.java:161)
    at sun.misc.URLClassPath.getResource(URLClassPath.java:213)
    at java.lang.ClassLoader.getBootstrapResource(ClassLoader.java:1113)
    at java.lang.ClassLoader.getResource(ClassLoader.java:974)
    at oracle.classloader.PolicyClassLoader.findJREResource(PolicyClassLoader.java:1233)
    at oracle.classloader.JVMSearchPolicy.findResource(JVMSearchPolicy.java:36)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.askParentForResource(PolicyClassLoader.java:1405)
    at oracle.classloader.SearchPolicy$AskParent.findResource(SearchPolicy.java:78)
    at oracle.classloader.SearchSequence.findResource(SearchSequence.java:142)
    at oracle.classloader.PolicyClassLoader.getResourceUsingPolicy(PolicyClassLoader.java:1490)
    at oracle.classloader.PolicyClassLoader.getResource(PolicyClassLoader.java:1763)
    at java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:1159)
    at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:139)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:322)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:296)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:92)
    at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:123)
    at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:423)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:353)
    at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:254)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:198)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
    at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1279)
    at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:848)
    at com.evermind.server.ApplicationStateRunning.getHttpApplication(ApplicationStateRunning.java:435)
    at com.evermind.server.Application.getHttpApplication(Application.java:592)
    at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.createHttpApplicationFromReference(HttpSite.java:2280)
    at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.<init>(HttpSite.java:2199)
    at com.evermind.server.http.HttpSite.addHttpApplication(HttpSite.java:1833)
    at oracle.oc4j.admin.internal.WebApplicationBinder.bindWebApp(WebApplicationBinder.java:304)
    at oracle.oc4j.admin.internal.WebApplicationBinder.bindWebApp(WebApplicationBinder.java:120)
    at oracle.oc4j.admin.internal.WebApplicationBinder.bindWebApp(WebApplicationBinder.java:92)
    at oracle.oc4j.admin.internal.ApplicationDeployer.bindWebApp(ApplicationDeployer.java:825)
    at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:276)
    at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:100)
    at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
    at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
    at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
    at java.lang.Thread.run(Thread.java:595)
    02-14@08:26:01 INFO (ContextLoader.java:188) - Root WebApplicationContext: initialization started
    02-14@08:26:02 INFO (AbstractApplicationContext.java:412) - Refreshing [email protected]125560f: display name [Root WebApplicationContext]; startup date [Tue Feb 14 08:26:02 GST 2012]; root of context hierarchy
    02-14@08:26:02 INFO (XmlBeanDefinitionReader.java:309) - Loading XML bean definitions from class path resource [../config/services-applicationContext.xml]

    Hi there,
    Check for jars you are importing with JVM. The version of jre and its compatibility with imported jars.
    Hope it helps !
    Reg,
    MS

  • Please check for security vulnerabilities in Preview and Movie applications; there may be security vunerabilities also using through Adobe and Word 2010 using the Lion OS X.  Please reply as to fix these "issues" as my iMac is being hacked by a Tmobile.

    Please check for security vunerabilities in Preview, the "Movie" application, and Adobe.  My computer has been hacked into using a T-Mobile smartphone.
    I have nosy relatives and neighbors.

    If you're trying to report a security vulnerability in Mac OS X, this isn't the right forum. Try https://ssl.apple.com/support/security/
    You'll also need to add way more detail than you've given here. There's nothing actionable in your post that gives any kind of clue as to what kind of security issue you think you've uncovered.

  • Im running os x10.9.1 macbook pro  do i have a security issue??

    im running os x10.9.1 macbook pro  do i have a security issue??

    If you mean this:
    goto fail
    there is a potential problem, though it's not known to have been exploited. If you're concerned, you can avoid it by temporarily switching from Safari to either Firefox or Chrome when using a public Wi-Fi hotspot.

  • HT5655 I followed all the instructions to update Flash Player, but the installation fails at around 90%, it says that there is an Application running (Safari) bit I actually close all Apps. already. can someone help me with this issue ?? Thanks

    I have followed the instructions to update Flash Player, the Installation Fails at about 90%, it says that there is an Application running (Safari) and it says to close all the apps. and start again ... but I already close all the Applications ... none is running ... can someone help me with this issue ??? Thanks ...

    Dear Dominic
    Brilliant reply. Simple English. Simple to follow instructions. And it worked immediately, first time.
    Why couldn't the Apple and Adobe corporations get their programming right first time? We spend billions of UK pounds and US dollars with them. They reply with incompetent programming such as this, and arrogance to their customers in issuing faulty systems without doing the most rudimentary checks.
    Anyway, I certainly shan't be buying another Apple as this is the most unreliable, most incomprehensible, most illogical and downright thoughtless shoddy piece of computer kit which I have ever owned. And all of it is rubbish ~ emails disappear, photos can't be organised properly, spreadsheets don't work, Pages is laborious… the list goes on and on...
    But thanks to you Dominic, I have been able to load Adoble Flashj… maybe eyou should get  a job at Apple, and set them all on the right course to how to work simply and correctly with customers.
    Thanks again,
    David

  • Security Issue while running client object code

    Hi Team,
    I have client object code to create SharePoint list items and i am using the below codes,
     ClientContext clientContext = new ClientContext("MyCompanySiteName");
     List olist = clientContext.Web.Lists.GetByTitle("Employee");
     ListItemCreationInformation itemCreateInfo = new ListItemCreationInformation();
      for (int i = 13; i <= 25; i++)
                        ListItem oListItem = olist.AddItem(itemCreateInfo);
                        oListItem["Title"] = "TEST" + i.ToString();
                        oListItem.Update();
                        clientContext.ExecuteQuery();
    Here my question is , i have list with 4 mandatory fields and i have run this code against the same list.
    Where i can able to create list items without filling mandatory fileds using this above code.
    How we are creating list items , without entering/filling Mandtory fields in SharePoint list.
    Is this security issue or bug in SharePoint client object code.
    Thanks
    S.Jeeva
    Jeeva

    Hi!
    I agree with sadomovalex.
    This is by design and it is not security issue, it is rather consistency issue. It should be resolved via checking for required values before use or via implementing event receivers that throw errors if the required values are not set.
    If my suggestion helped you to solve your problem, please don't forget to mark it as Answer

  • How to avoid of application running on Oracle 10g to be copied?

    I am a newbie to the security issues, so I need your help, please, where to start / what to read:
    I have an application running across many customers on Oracle 10g. I have faced lately that our users
    can use their daily backups to establish a totaly new database on a same / different server
    and point our application to use it as well.
    Is there any way to avoid it? F.e. I thought to use SELECT * FROM v$instance; to get the server instance details, and
    in result with some other function to obtain, let say, local server's (WIN2003) details,
    such as HD Serial Number, MAC number or so and then to check these values each time user runs the application.
    Is it the correct way? What are the basics here at all?
    Many thanks in advance to all!

    A lot of enterprises, however, actively avoid systems which are locked down to a particular server for very legitimate reasons. If my data center dies in the middle of the night, I sure don't want to have to call your mobile phone so that you can get to a computer, log in to the office network, and get me a new key so that I can finish my emergency failover. If I've got dozens of applications, I absolutely don't want to do that with dozens of different vendors.
    It sounds like your problem, though, isn't that users are installing your software on multiple computers it's that they are accessing functionality they haven't licensed. That is generally a much easier problem to solve and doesn't require you to lock anything down to a particular machine. You can create a table LICENSED_CONTENT, for example,
    CREATE TABLE licensed_content (
      client_id    NUMBER,
      content_type VARCHAR2(30),
      key          RAW(128)
    )In this case, KEY is, say, a hash (using the DBMS_CRYPTO or DBMS_OBFUSCATION_TOOLKIT packages if you'd like) of the client_id, content_type, and a bit of salt (i.e. a fixed string that only you know). When you sell a license to manage diamond content, you provide a script that inserts the appropriate row in the LICENSED_CONTENT table. When your application starts up, it reads the LICENSED_CONTENT table and verifies the hash before allowing users to access that type of content. This allows legitimate customers to move the software from one system to another but prevents them from accessing new functionality without a new license.
    Justin

  • Security issue - or not? (remote trigger SMC startup)

    Hi,
    During installation of a few zones on a Sol10U2 system today, I noticed that simply running an nmap scan on a freshly installed and booted zone would cause the SMC to start:
    Starting Solaris Management Console server version 2.1.0.
    endpoint created: :898
    Adding instance of solaris_providerpath
    Adding class Solaris_LocalFileSystem
    Adding class Solaris_Directory
    Adding class Solaris_Mount
    Adding class Solaris_UFS
    Adding class Solaris_HSFS
    Adding class Solaris_UFSMount
    Adding class Solaris_HSFSMount
    Adding class Solaris_LocalFSResidesOnExtent
    Compilation succeeded.
    Adding class Solaris_DiskDrive
    Adding class Solaris_DiskPartition
    Adding class Solaris_MediaPresent
    Adding class Solaris_LogicalDisk
    Adding class Solaris_PhysicalMedia
    Adding class Solaris_Disk
    Adding class Solaris_PhysicalPackage
    Adding class Solaris_RealizesExtent
    Adding class Solaris_RealizesDiskPartition
    Adding class Solaris_RealizesDiskDrive
    Adding class Solaris_DiskPartitionBasedOnDisk
    Adding class Solaris_DiskPartitionBasedOnFDisk
    Adding class Solaris_SCSIController
    Adding class Solaris_IDEController
    Adding class Solaris_MPXIOController
    Adding class Solaris_USBSCSIController
    Adding class Solaris_GenericController
    Adding class Solaris_SCSIInterface
    Adding class Solaris_MPXIOInterface
    Adding class Solaris_IDEInterface
    Adding class Solaris_ExtraCapacityGroup
    Adding class Solaris_MPXIOGroup
    Adding class Solaris_ControllerLogicalIdentity
    Adding class Solaris_MPXIOCtrlrLogicalIdentity
    Adding class Solaris_ControllerComponent
    Adding class Solaris_MPXIOComponent
    Adding class Solaris_StorageLibrary
    Compilation succeeded.
    Adding class CIM_ManagedElement
    Adding class CIM_SettingData
    Adding class CIM_Share
    Adding class CIM_FileShare
    Adding class CIM_NFSShare
    Adding class CIM_SharedElement
    Adding class CIM_HostedShare
    Compilation succeeded.
    Adding class Solaris_NFSShare
    Adding class Solaris_NFSShareSecurity
    Adding class Solaris_NFS
    Adding class Solaris_PersistentShare
    Adding class Solaris_MountSetting
    Adding class Solaris_NFSMountSetting
    Adding class Solaris_ShareSetting
    Adding class Solaris_NFSShareSetting
    Adding class Solaris_ShareService
    Adding class Solaris_MountService
    Adding class Solaris_NFSMount
    Adding class Solaris_NFSShareSecurityModes
    Adding class Solaris_NFSShareDefSecurityMode
    Adding class Solaris_HostedShare
    Adding class Solaris_PersistentShareConfiguration
    Adding class Solaris_PersistentShareForSystem
    Adding class Solaris_NFSShareEntry
    Adding class Solaris_SharedElement
    Adding class Solaris_NFSExport
    Adding class Solaris_SharedFileSystem
    Compilation succeeded.
    Adding instance of solaris_providerpath
    Adding instance of solaris_providerpath
    Adding class Solaris_VMStateDatabase
    Adding class Solaris_VMSoftPartition
    Adding class Solaris_VMExtent
    Adding class Solaris_VMStripe
    Adding class Solaris_VMConcat
    Adding class Solaris_VMMirror
    Adding class Solaris_VMRaid5
    Adding class Solaris_VMTrans
    Adding class Solaris_VMHotSparePool
    Adding class Solaris_VMDiskSet
    Adding class Solaris_VMStorageVolume
    Adding class Solaris_VMConcatComponent
    Adding class Solaris_VMDriveInDiskSet
    Adding class Solaris_VMExtentBasedOn
    Adding class Solaris_VMSoftPartComponent
    Adding class Solaris_VMExtentInDiskSet
    Adding class Solaris_VMHostInDiskSet
    Adding class Solaris_VMHotSpareInUse
    Adding class Solaris_VMHotSpares
    Adding class Solaris_VMMirrorSubmirrors
    Adding class Solaris_VMRaid5Component
    Adding class Solaris_VMStatistics
    Adding class Solaris_VMStripeComponent
    Adding class Solaris_VMTransLog
    Adding class Solaris_VMTransMaster
    Adding class Solaris_VMUsesHotSparePool
    Adding class Solaris_VMVolumeBasedOn
    Adding class Solaris_DiskIOPerformanceMonitor
    Compilation succeeded.
    Adding instance of solaris_providerpath
    Adding class Solaris_ActiveUser
    Adding class Solaris_ActiveProject
    Adding class Solaris_ProcessStatisticalInformation
    Adding class Solaris_UserProcessAggregateStatisticalInformation
    Adding class Solaris_ProjectProcessAggregateStatisticalInformation
    Adding class Solaris_ProcessStatistics
    Adding class Solaris_ActiveUserProcessAggregateStatistics
    Adding class Solaris_ActiveProjectProcessAggregateStatistics
    Compilation succeeded.
    Registration setup: 8/8 (Executing SUNWpmgr_reg.sh)
    Registering components: 64/64 (Registering PatchMgrCli.jar)                 er)
    Solaris Management Console server is ready.For interest, the nmap result is:
    toby@deepthought ~ $ nmap -v 192.168.1.122
    Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-08-29 20:39 EDT
    DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
    Initiating Connect() Scan against 192.168.1.122 [1672 ports] at 20:39
    The Connect() Scan took 44.49s to scan 1672 total ports.
    Host 192.168.1.122 appears to be up ... good.
    Interesting ports on 192.168.1.122:
    (The 1662 ports scanned but not shown below are in state: closed)
    PORT     STATE SERVICE
    21/tcp   open  ftp
    22/tcp   open  ssh
    23/tcp   open  telnet
    79/tcp   open  finger
    111/tcp  open  rpcbind
    513/tcp  open  login
    514/tcp  open  shell
    898/tcp  open  sun-manageconsole
    4045/tcp open  lockd
    7100/tcp open  font-service
    Nmap finished: 1 IP address (1 host up) scanned in 44.874 seconds(port 7100 is actually a non-standard VNC server which was carried over from the global zone)
    Of course, this is immediately before running Solaris Security Toolkit (jass) to apply a secure profile.
    Does it matter that this SMC startup can be triggered so easily remotely?

    It just struck me odd that simply port-scanning the
    machine could produce this behaviour, and I wonder if
    it might be a security issue.Probably not directly. Sun has distributed several items in the past that launch via inetd connections (calendar manager and font server were two common ones). Just because it launches doesn't mean it's a security problem. The application itself may require authentication after running.
    Of course the resources required by the process may be non-trivial, and the application may have security issues, but the fact that it launches isn't a direct indication of a problem.
    Darren

  • Does introduction of HADB add any security issues?

    Did the introduction of HADB for providing reliable state introduce any
    security issues? If so, what options are available for the user?

    Firstly the application tier would typically run behind the DMZ, so it
    would have the same protection as any other business logic running in
    this tier. Additionally, if highly sensitive data is stored in
    HttpSession then the HADB tier can be pushed further into the corporate
    network (i.e. behind further layers of protection).

  • RMI security issue

    Hi, there!
    This is cross-post from "NetWeaver AS, Java" forum.
    I have a security issue when I try to run RMI client code in the web application on the Web AS 2004s. There is
    lookup statement in JSP or servlet code:
    Naming.lookup("//server/RemoteClass")
    which throws
    java.io.AccessControlException: access denied (java.io.FilePermission
    D:\usr\sap\AS1\JC00\j2ee\cluster\server0\apps\sap.com\MyEntApp\servlet_jsp\MyWebApp\work\com\mycompany\packagename\RemoteClassImpl_Stub.class read)
    I have investigated where "java.security.policy" parameter is setup, there has value "./java.policy". This file is
    regenerated each time when web AS is started, thus I created another policy file, granted file permission for
    above path and set it as -Djava.security.policy in server start parameter. It doesn't resolve problem, I have
    investigated this parameter doesn't correlate with real application run-time permissions. Has anybody ideas?
    Thanks
    P.S. This code works fine as a standalone application.

    File Name : policy.txt
    grant     {
         permission java.security.AllPermission;
    };Run ur program as follows:
    java -Djava.security.policy=policy.txt <Java Client >

  • AIR security issue??

    Has anyone find out AIR's file system could easily delete dll
    file in C:/WINDOWS/?
    This is a security issue that is one of my friend found out.
    Any explanation? Thanks first!

    This is not a vulnerability, but rather by design. AIR
    applications are desktop applications, and like any desktop
    application they have access to system files, such as those found
    in c:\windows.
    Users are protected from desktop applications not because the
    applications can't access the filesystem but because the
    applications have to be _installed_ before they are run. Contrast
    this to web applications, which can be run without being installed
    but have greatly restricted access to the system.
    AIR has a carefully vetted installation process for
    applications, designed to help users make good decisions about
    which applications they trust. Users should never install
    applications that they do not trust.
    regards,
    Oliver Goldman | Adobe AIR Engineering

  • Jdeveloper WS Proxy client and ADFpage both throwing security issues

    Hello experts, can you please help me. I have web service deployed on weblogic server.
    I have not set any credential for this web service. I can test the service from SOAPUI without providing any credentials.
    Then I generated WS proxy client using Jdeveloper. When I try to run the client, I do not know why I get security execption (shown below) eventhough I have not secured the web service deployed on weblogic server.
    java.lang.SecurityException: keyStoreFilename is either null or empty string
    at weblogic.wsee.security.util.CertUtils.getCertificate(CertUtils.java:87)
    at pilot1.ContactWSPortTypePortClient.getBSTCredentialProvider(ContactWSPortTypePortClient.java:104)
    at pilot1.ContactWSPortTypePortClient.setPortCredentialProviderList(ContactWSPortTypePortClient.java:78)
    at pilot1.ContactWSPortTypePortClient.main(ContactWSPortTypePortClient.java:46)
    Process exited with exit code 0.
    Here is my client class :
    public static void main(String[] args) {
    try {
    contactWSService = new ContactWSService();
    ContactWSPortType contactWSPortType = contactWSService.getContactWSPortTypePort();
    Map<String, Object> requestContext = ((BindingProvider) contactWSPortType).getRequestContext();
    setPortCredentialProviderList(requestContext);
    // Add your code to call the desired methods.
    // QueryPageInputSecondPage qpisp= new QueryPageInputSecondPage(); //I have commented it in order to resolve security issue
    System.out.println("Inside the client class");
    } catch (Exception ex) {
    ex.printStackTrace();
    Inside the method setPortCredentialProviderList(), I have not provided any credentials, keystores etc. Because weblogic is not setup with SSL and also I have not set up any authorization or authentication for the web service. I do not know why I am able to test it through SOAPUI and why not using WS proxy.
    I also tried to invoke the web service from ADF page by creating data contorl. I did not provide any policy details because there is not security enabled for the web service on weblogic server. Even when I run the ADF application, I get below security error :
    <Error while invoking endpoint "http://10.1.1.59:7010/ContactWSWebSvc/ContactWSPortTypePort" from client; Security Subject: anonymous>
    ####<Jul 9, 2012 10:02:31 AM EDT> <Error> <oracle.adf.model.connection.webservice> <dmnov23-HP> <DefaultServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <a7d8487bcbe16046:-44aec1c2:1386c02f9ac:-8000-000000000000007f> <1341842551474> <BEA-000000> <Failed to execute a SAAJ interaction.
    javax.xml.ws.soap.SOAPFaultException: java.lang.NullPointerException
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:1024)
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:808)
    at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:235)
    Appreciate your quick response.
    thanks a lot
    jyothi
    Edited by: Jyothi on Jul 9, 2012 2:45 PM
    Edited by: Jyothi on Jul 9, 2012 2:48 PM

    Also, I do not know why the Jdev classpath is set with lot of jar files. May be that is how the Jdeveloper is setup when we install since it has to support lot of applications. I am really shocked to see this.
    When I run the WS proxy client (java client) for this webservice from Jdeveloper, it is finally throwing java.lang.SecurityException: keyStoreFilename is either null or empty string error. As I mentioned earlier, I did not provide any credentials or keysotre details inside setPortCredentialProviderList(). I am totally confused why Jdeveloper is behaving like this for unsecured web service.
    C:\Program Files\Java\jdk1.6.0_31\bin\javaw.exe" -server -classpath C:\JDeveloper\mywork\Application2\.adf;C:\JDeveloper\mywork\Application2\Pilot1\classes;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\glassfish.jsf_1.0.0.0_1-2-15.jar;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\glassfish.jstl_1.2.0.1.jar;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\javax.jsf_1.1.0.0_1-2.jar;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\wls.jsf.di.jar;C:\fmu\oracle_common\modules\oracle.idm_11.1.1\identitystore.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adfm.jar;C:\fmu\oracle_common\modules\groovy-all-1.6.3.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adftransactionsdt.jar;C:\fmu\oracle_common\modules\oracle.adf.view_11.1.1\adf-dt-at-rt.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adfdt_common.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adflibrary.jar;C:\fmu\oracle_common\modules\oracle.xdk_11.1.0\xmlparserv2.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\db-ca.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\jdev-cm.jar;C:\fmu\oracle_common\modules\oracle.ldap_11.1.1\ojmisc.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\commons-el.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\jsp-el-api.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\oracle-el.jar;C:\fmu\oracle_common\modules\oracle.adf.security_11.1.1\adf-share-security.jar;C:\fmu\oracle_common\modules\oracle.adf.security_11.1.1\adf-controller-security.jar;C:\fmu\modules\javax.activation_1.1.0.0_1-1.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\adf-share-support.jar;C:\fmu\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-ca.jar;C:\fmu\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-base.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\adflogginghandler.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\adfsharembean.jar;C:\fmu\oracle_common\modules\oracle.jmx_11.1.1\jmxframework.jar;C:\fmu\oracle_common\modules\oracle.jmx_11.1.1\jmxspi.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\bc4j-mbeans.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\bc4jwizard.jar;C:\fmu\oracle_common\modules\oracle.javatools_11.1.1\resourcebundle.jar;C:\fmu\modules\javax.mail_1.1.0.0_1-4-1.jar;C:\fmu\oracle_common\modules\oracle.ldap_11.1.1\ldapjclnt11.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-api.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-common.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-ee.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-internal.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-unsupported-api.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-manifest.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jacc-spi.jar;C:\fmu\oracle_common\modules\oracle.pki_11.1.1\oraclepki.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_core.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_cert.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_xmlsec.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_ws_sx.jar;C:\fmu\oracle_common\modules\oracle.iau_11.1.1\fmw_audit.jar;C:\fmu\modules\javax.security.jacc_1.0.0.0_1-1.jar;C:\fmu\oracle_common\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\fmu\jdeveloper\BC4J\jlib\bc4jtester.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adfm-debugger.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\regexp.jar;C:\fmu\oracle_common\modules\oracle.help_5.0\ohj.jar;C:\fmu\oracle_common\modules\oracle.help_5.0\help-share.jar;C:\fmu\oracle_common\modules\oracle.bali.share_11.1.1\share.jar;C:\fmu\jdeveloper\jlib\jewt4.jar;C:\fmu\oracle_common\modules\oracle.help_5.0\oracle_ice.jar;C:\fmu\jdeveloper\ide\lib\idert.jar;C:\fmu\jdeveloper\ide\lib\javatools.jar;C:\fmu\wlserver_10.3\server\lib\weblogic.jar;C:\fmu\oracle_common\modules\oracle.mds_11.1.1\mdsrt.jar;C:\fmu\oracle_common\modules\oracle.mds_11.1.1\oramds.jar;C:\fmu\modules\javax.servlet_1.0.0.0_2-5.jar;C:\fmu\modules\javax.jsp_1.2.0.0_2-1.jar;C:\fmu\jdeveloper\ide\macros\..\..\..\wlserver_10.3\server\lib\ojdbc6.jar;C:\fmu\oracle_common\jlib\commons-cli-1.0.jar;C:\fmu\oracle_common\modules\oracle.xmlef_11.1.1\xmlef.jar;C:\fmu\oracle_common\modules\oracle.dms_11.1.1\dms.jar;C:\fmu\oracle_common\modules\oracle.xdk_11.1.0\xml.jar;C:\fmu\oracle_common\modules\oracle.javacache_11.1.1\cache.jar;C:\fmu\oracle_common\modules\oracle.ucp_11.1.0.jar;C:\fmu\oracle_common\modules\oracle.odl_11.1.1\ojdl.jar;C:\fmu\oracle_common\modules\oracle.javatools_11.1.1\javatools-nodeps.jar;C:\fmu\modules\javax.management_1.2.1.jar;C:\fmu\modules\javax.management.j2ee_1.0.jar;C:\fmu\jdeveloper\ide\macros\..\..\..\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n.jar;C:\fmu\modules\glassfish.el_1.0.0.0_2-1.jar;C:\fmu\oracle_common\modules\oracle.jrf_11.1.1\jrf.jar;C:\fmu\modules\com.oracle.toplink_1.0.0.0_11-1-1-5-0.jar;C:\fmu\modules\org.eclipse.persistence_1.1.0.0_2-1.jar;C:\fmu\modules\com.bea.core.antlr.runtime_2.7.7.jar;C:\fmu\oracle_common\modules\oracle.toplink_11.1.1\javax.persistence_2.0_preview.jar;C:\fmu\modules\com.bea.core.apache.xercesImpl_2.8.1.jar;C:\fmu\modules\glassfish.jaxb_1.0.0.0_2-1-12.jar;C:\fmu\modules\javax.xml.bind_2.1.1.jar -Djavax.net.ssl.trustStore=C:\fmu\wlserver_10.3\server\lib\DemoTrust.jks pilot1.ContactWSPortTypePortClient
    java.lang.SecurityException: keyStoreFilename is either null or empty string
         at weblogic.wsee.security.util.CertUtils.getCertificate(CertUtils.java:87)
         at pilot1.ContactWSPortTypePortClient.getBSTCredentialProvider(ContactWSPortTypePortClient.java:104)
         at pilot1.ContactWSPortTypePortClient.setPortCredentialProviderList(ContactWSPortTypePortClient.java:78)
         at pilot1.ContactWSPortTypePortClient.main(ContactWSPortTypePortClient.java:46)
    Process exited with exit code 0.

  • Forest trust - security issues and how to avoid

    Hi guys,
    I have few questions.
    1/Planning do Forest trust.We have Forest + Domain functional level at WS 2003 level.
    In case of trust what are the security issues and how to avoid them? Meant something like browsing in AD, possible hacking from new destination etc.
    2/ What in case that the trust will not be possible create because of security reasons (rejected by other company)? What can be an workaround for that? I have idea with resource forest or ADFS? Any other ideas?
    Thanks in advance or for a good link to study about.
    Petr Weiner

    Other than broad general answers it is difficult to answer this from the negative side.  I work in a very large company where we have hundreds of domains with one way trusts in place and I don't believe we have any security issues in place.  With
    the large numbers of domains we can't operate in any other fashion.  We have a user forest and many resource forests.  All of our domains and forests are operated and maintained within the company but if you have domains operated by different departments
    then you can run into issues on who trusts.  Also if you need to have a situation where you need to trust other companies then you start to look at ADFS, you can also use it internally for many applications as well as cloud services.  But as I already
    mentioned you haven't detailed what exactly is going on so it is hard to try and give you a concrete answer.
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

  • Project research on security issues

    Ok, I am in desperate need of some help with security issues for a login page. Here is my situation. I am a student newly introduced to Oracle although I know a fair amount about databases. We have been assigned a project to create a system for starters for churches in IL to be able to have a place to store attendence for classes, services, groups, events, etc... In addition they can store personal info of members, teachers, pastors, visitors, etc... Eventually the system will move into holding monetary data for the churches and security will be a real must.
    It has been assigned to me to find the best probable login system that we can use. We have ORACLE 8 educational version at our disposal. I know absolutely nothing about Oracle and its application or web server. I need to know where to begin and what to look up to create a login page with good authentication and a secure system to make sure a user is a web user is truly an authorized user. We are using PL/SQL programming to create the web pages.
    Where do I begin looking up matterial that will help me decide what type of security to use? Is storing user names and passwords for users from different churches in a table in the database secure?
    I am truly a newbie and I could use some guidance just to get me started in the right direction. If anyone can give me an ICQ discussion zone that would be nice too.
    Thanks in Advance!

    That's avery broad question. Without knowing what apps you run, how you are connected to the internet, whether or not you download pirated stuff or whatever how can anyone give you a definitive answer?

  • How to protect an application running on IIS with OAM 11gR2

    Hello Gurus,
    I have a question regarding protecting an application running on IIS with OAM 11gR2. We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page. These is all solaris. I am protecting other applications like pplsoft moduels with this OHS instance and OAM server. There is another application that I need to protect which is itself running on IIS windows machine. I need guidance as to -
    1.) Do I need to install a windows version of webgate to protect this IIS based application?
    2.) Or I can still protect and proxy requests from this application to current OHS instance? How can I do this?
    3.) Or Do I need to proxy requests directly from IIS to OAM weblogic server?
    Please advise to the earliest as this is an urgent issue.
    Thanks !!

    From your description it is not clear how exactly architecture looks like
    We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page.
    is this OHS centralized login farm ? (Case 1)
    OR is this OHS server (with webgate) acting as virtual web server hosting multiple web sites so that request to any site passes through this OHS/webgate (Case 2)
    1.) Do I need to install a windows version of webgate to protect this IIS based application?
    If case 1 then you need to install 10g webgate on top of IIS server to protect this application
    If case 2 then you can just proxy request from OHS to IIS server. As every request passes through OHS user will be authenticated before request hits IIS
    Look at Product documentation for virtual web sites : http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/shared.htm#autoId12
    It has steps to protect virtual web sites.
    Also you need to make sure no one hits IIIS web sites directly.
    Hope this helps

Maybe you are looking for

  • Sold-to Party (Document header)

    Hi, when i create a sales order by a certain type and if in sold-to-party field i write a certain customer, a popup dialog Sold-to Party (Document header) appears with some information fields: Postal code, Email, Fax, Street adress,PO Box addres,Comm

  • Follow/read a growing binary file

    Hello, Application space: 1 - I have an application that has created and opened a binary file, and is is writing data to it on a continual basis. 2 - Using another program written in Labview, I need to open this file for reading, get all the data ava

  • Invalid handle to path? Help!

    I dowloaded a program LOGOS and it keeps on crashing. Their tech people said it came down to this problem. Can anyone help me with this 'path'? She said it may be something with LION and not being downloaded properly? Error detail: IOException: Inval

  • How to fetch check number details

    Hi ,           My requirement is to fetch the check number from payr table using CHECT field .            but relation ship i taken from bseg table.            i am giving query as follows           select single chect from payr into a_chect where vb

  • MACbook Pro Operating VERY slow

    Let me first clarify, I have a mid 2010 Macbok Pro with a 2.53 GHz Intel Core i5 processor, 8 GB of 1067 MHz DDR3 Memory with a 500 GB Sata Disk Hard drive. I have had speed issues since downloading OSX Mavericks and my problem keeps getting worse. A