Display system security file fragmentation_percent

Hi - I'm trying to run the MAXL command to display how fragmented my security file is but in the log, I keep getting this error message about 'Syntax error near security'. I am on Essbase 7.0
OK/INFO - 1051034 - Logging in user planning.
OK/INFO - 1051035 - Last login on Monday, March 01, 2010 11:59:39 AM.
OK/INFO - 1241001 - Logged in to Essbase.
MAXL> display system security file fragmentation_percent;
ERROR - 1242021 - (1) Syntax error near ['security'].
MAXL> alter application 'UAT2NYPF' enable connects;
OK/INFO - 1056013 - Application UAT2NYPF altered.
MAXL> logout;
User planning is logged out
MaxL Shell completed

Is there anything that can be done, in terms of maintenance, for the security file for Essbase 7.0?
Over the weekend, our server guys rebooted the Essbase server, essbase service never came up this morning. I launched essbase in the command prompt and it gave me an error message about bad security file.
I replaced the security file from a backup, but if these corruptions can be avoided by doing maintenance on the security file, then I am looking for some ways to automate that maintenance process on a bi weekly basis.
Thanks
Edited by: CLAU on Mar 1, 2010 9:56 AM
Edited by: CLAU on Mar 1, 2010 10:10 AM

Similar Messages

How to display system security events logs in Cisco router 4980

Hi,
in order to perform acceptance tests following the installation of a Cisco 4980 router cluster, I need to verify that any system security events are logged and I can diplay them on the CLI output (for example with the #show logging command).
By system security events logs, I mean for example bad authentification on the switch, creation/deletion/modification of a user accoount, telnet connexion attempt while this protocol is not allowed, etc...
With the #show logging command, I have security events related to access-list, or configuration changes (even if these ones are not really verbose on waht have been changed), but no "system" security events.
Here is my logging initial logging configuration on these routers:
logging rate-limit 1 except errors
logging console critical
logging monitor critical
But I also tried like this:
logging rate-limit 1 except errors
logging console informational
logging monitor critical
logging history informational
logging facility auth
But exactly the same result...
Is this feature exist or not ?
If yes, how to configure it ?
Thanks.
Julien

Here is a script that will copy the previous days events and save them to "C:\". The file name be yesterdays date ex "04-18-2010-Events.csv"
Const strComputer = "."
Dim objFSO, objWMIService, colEvents, objEvent, outFile
Dim dtmStartDate, dtmEndDate, DateToCheck, fileDate
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
'change the date form "/" to "-" so it can be used in the file name
fileDate = Replace(Date - 1,"/","-")
Set outFile = objFSO.CreateTextFile("C:\" & fileDate & "-Events.csv",True)
DateToCheck = Date - 1
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, True
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
For each objEvent in colEvents
outFile.WriteLine String(100,"-")
outFile.WriteLine "Category = " & objEvent.Category
outFile.WriteLine "ComputerName = " & objEvent.ComputerName
outFile.WriteLine "EventCode = " & objEvent.EventCode
outFile.WriteLine "Message = " & objEvent.Message
outFile.WriteLine "RecordNumber = " & objEvent.RecordNumber
outFile.WriteLine "SourceName = " & objEvent.SourceName
outFile.WriteLine "TimeWritten = " & objEvent.TimeWritten
outFile.WriteLine "Type = " & objEvent.Type
outFile.WriteLine "User = " & objEvent.User
outFile.WriteLine String(100,"-")
Next
outFile.Close
MsgBox "Finished!"
v/r LikeToCode....Mark the best replies as answers.

What is component used to display system files in FTP

Hello,
I would like to know what is the component that is used to display system files and remote server files in a FTP.
e.g
File Name || File Type || File Size
1.jsp JSP file 1kb
2.java JAVA file 10 kb
Do we need to use JTable to display the headers and a JTree to display the system files? Please help
Thanks
james

Hi James,
Actually, I am developing where one of its modules is a ftp client.
Mainly, it has 2 panels with JTree's one with the local files and the other, with the remote files.
Have a look to the following links, the are very useful:
About JTree's:
http://www.fawcette.com/javapro/2003_01/magazine/features/bkurniawan/default_pf.asp
http://java.sun.com/products/jfc/tsc/articles/treetable1/
and the java tutorial
In this link there is a example, simple but it works really well:
http://www.hipp-online.de/download/version.php?WAppFtp1.4_en
hope it helps,
sergio

Total lock-ups with fan running - translate system.log file please!?

Hi, all. My late 2005 2.3 gig dual G5 has been experiencing random lock ups for as long as I can remember. My system is up to date and I have tested each pair of the 5 gigs of ram that I have and the system freezes with each pair. It can happen at any time, when I am doing absolutely nothing, for example, overnight. I am at my wits end!
Here's the system log file for the latest freezes. Can anyone tell me what's going on here??? I really need to get to the root of this problem. Thanks so so much in advance.
Apr 12 17:32:52 Marc-Weinbergs-Computer kernel[0]: AFP_VFS afpfs_Reconnect: connect on /Volumes/Macintosh HD failed 89.
Apr 12 17:32:52 Marc-Weinbergs-Computer kernel[0]: AFP_VFS afpfs_unmount: /Volumes/Macintosh HD, flags 524288, pid 62
Apr 12 17:44:46 Marc-Weinbergs-Computer /Library/Application Support/FLEXnet Publisher/Service/11.03.005/FNPLicensingService: Started\n
Apr 12 17:44:46 Marc-Weinbergs-Computer /Library/Application Support/FLEXnet Publisher/Service/11.03.005/FNPLicensingService: This service performs licensing functions on behalf of FLEXnet enabled products.\n
Apr 12 18:01:06 Marc-Weinbergs-Computer KernelEventAgent[62]: tid 00000000 received unknown event (256)
Apr 12 18:01:49 Marc-Weinbergs-Computer KernelEventAgent[62]: tid 00000000 received unknown event (256)
Apr 12 18:08:29 Marc-Weinbergs-Computer diskarbitrationd[69]: SDCopy [1056]:36091 not responding.
Apr 12 18:16:18 Marc-Weinbergs-Computer KernelEventAgent[62]: tid 00000000 received unknown event (256)
Apr 12 18:16:53 Marc-Weinbergs-Computer KernelEventAgent[62]: tid 00000000 received unknown event (256)
Apr 12 19:24:12 Marc-Weinbergs-Computer ntpd[191]: time reset -0.650307 s
Apr 13 01:05:45 Marc-Weinbergs-Computer ntpd[191]: time reset -0.496917 s
Apr 13 03:15:03 Marc-Weinbergs-Computer cp: error processing extended attributes: Operation not permitted
Apr 13 07:15:03 Marc-Weinbergs-Computer postfix/postqueue[1778]: warning: Mail system is down -- accessing queue directly
Apr 13 03:15:03 Marc-Weinbergs-Computer cp: error processing extended attributes: Operation not permitted
Apr 13 15:53:53 Marc-Weinbergs-Computer KernelEventAgent[62]: tid 00000000 received unknown event (256)
Apr 13 15:53:54 Marc-Weinbergs-Computer KernelEventAgent[62]: tid 00000000 received unknown event (256)
Apr 13 22:15:48 localhost kernel[0]: standard timeslicing quantum is 10000 us
Apr 13 22:15:47 localhost mDNSResponder-108.6 (Jul 19 2007 11: 33:32)[63]: starting
Apr 13 22:15:48 localhost kernel[0]: vmpagebootstrap: 506550 free pages
Apr 13 22:15:47 localhost memberd[70]: memberd starting up
Apr 13 22:15:49 localhost kernel[0]: migtable_maxdispl = 70
Apr 13 22:15:49 localhost kernel[0]: Added extension "com.firmtek.driver.FTATASil3132E" from archive.
Apr 13 22:15:49 localhost kernel[0]: Added extension "com.firmtek.driver.Sil3112DeviceNub" from archive.
Apr 13 22:15:49 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Apr 13 22:15:49 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Apr 13 22:15:49 localhost kernel[0]: using 5242 buffer headers and 4096 cluster IO buffer headers
Apr 13 22:15:49 localhost kernel[0]: AppleKauaiATA shasta-ata features enabled
Apr 13 22:15:49 localhost kernel[0]: DART enabled
Apr 13 22:15:47 localhost DirectoryService[75]: Launched version 2.1 (v353.6)
Apr 13 22:15:49 localhost kernel[0]: FireWire (OHCI) Apple ID 52 built-in now active, GUID 001451ff fe1b4c7e; max speed s800.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:48 localhost lookupd[71]: lookupd (version 369.5) starting - Sun Apr 13 22:15:48 2008
Apr 13 22:15:49 localhost kernel[0]: USBF: 20.590 OHCI driver: OHCIRootHubPortPower bit not sticking (1). Retrying.
Apr 13 22:15:49 localhost kernel[0]: Extension "com.microsoft.driver.MicrosoftKeyboardUSB" has no kernel dependency.
Apr 13 22:15:49 localhost kernel[0]: AppleSMUparent::clientNotifyData nobody registed for 0x40
Apr 13 22:15:49 localhost kernel[0]: Security auditing service present
Apr 13 22:15:49 localhost kernel[0]: BSM auditing present
Apr 13 22:15:49 localhost kernel[0]: disabled
Apr 13 22:15:49 localhost kernel[0]: rooting via boot-uuid from /chosen: 82827EDF-0263-3B93-BEED-4B114E820B85
Apr 13 22:15:49 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Apr 13 22:15:49 localhost kernel[0]: Got boot device = IOService:/MacRISC4PE/ht@0,f2000000/AppleMacRiscHT/pci@9/IOPCI2PCIBridge/k2-sat a-root@C/AppleK2SATARoot/k2-sata@0/AppleK2SATA/ATADeviceNub@0/IOATABlockStorageD river/IOATABlockStorageDevice/IOBlockStorageDriver/ST3320620AS Media/IOApplePartitionScheme/AppleHFS_Untitled1@10
Apr 13 22:15:49 localhost kernel[0]: BSD root: disk0s10, major 14, minor 12
Apr 13 22:15:49 localhost kernel[0]: jnl: replay_journal: from: 8451584 to: 11420160 (joffset 0x952000)
Apr 13 22:15:50 localhost kernel[0]: AppleSMU -- shutdown cause = 3
Apr 13 22:15:50 localhost kernel[0]: AppleSMU::PMU vers = 0x000d00a0, SPU vers = 0x67, SDB vers = 0x01,
Apr 13 22:15:50 localhost kernel[0]: HFS: Removed 8 orphaned unlinked files
Apr 13 22:15:50 localhost kernel[0]: Jettisoning kernel linker.
Apr 13 22:15:50 localhost kernel[0]: Resetting IOCatalogue.
Apr 13 22:15:50 localhost kernel[0]: Matching service count = 1
Apr 13 22:15:50 localhost kernel[0]: Matching service count = 1
Apr 13 22:15:50 localhost kernel[0]: Matching service count = 1
Apr 13 22:15:50 localhost kernel[0]: Matching service count = 1
Apr 13 22:15:50 localhost kernel[0]: Matching service count = 1
Apr 13 22:15:50 localhost kernel[0]: Matching service count = 3
Apr 13 22:15:50 localhost kernel[0]: NVDANV40HAL loaded and registered.
Apr 13 22:15:50 localhost kernel[0]: PowerMac112ThermalProfile::start 1
Apr 13 22:15:50 localhost kernel[0]: PowerMac112ThermalProfile::end 1
Apr 13 22:15:50 localhost kernel[0]: SMUNeo2PlatformPlugin::initThermalProfile - entry
Apr 13 22:15:50 localhost kernel[0]: SMUNeo2PlatformPlugin::initThermalProfile - calling adjust
Apr 13 22:15:50 localhost kernel[0]: PowerMac112ThermalProfile::adjustThermalProfile start
Apr 13 22:15:50 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
Apr 13 22:15:50 localhost kernel[0]: BCM5701Enet: Ethernet address 00:14:51:61:ee:78
Apr 13 22:15:50 localhost kernel[0]: BCM5701Enet: Ethernet address 00:14:51:61:ee:79
Apr 13 22:15:51 localhost lookupd[86]: lookupd (version 369.5) starting - Sun Apr 13 22:15:51 2008
Apr 13 22:15:51 localhost kernel[0]: jnl: replay_journal: from: 21611008 to: 7857152 (joffset 0x952000)
Apr 13 22:15:51 localhost kernel[0]: jnl: replay_journal: from: 673280 to: 24382976 (joffset 0x952000)
Apr 13 22:15:51 localhost kernel[0]: jnl: replay_journal: from: 3890176 to: 6294016 (joffset 0x7d01000)
Apr 13 22:15:51 localhost diskarbitrationd[69]: disk0s10 hfs 82827EDF-0263-3B93-BEED-4B114E820B85 NewestSeagate /
Apr 13 22:15:52 localhost kernel[0]: NVDA,Display-A: vram [90020000:10000000]
Apr 13 22:15:52 localhost mDNSResponder: Adding browse domain local.
Apr 13 22:15:53 localhost kernel[0]: hfs mount: enabling extended security on Maxtor
Apr 13 22:15:53 localhost diskarbitrationd[69]: disk1s3 hfs 0DBE2113-B1F5-388F-BF70-2E366A095330 Maxtor /Volumes/Maxtor
Apr 13 22:15:54 localhost kernel[0]: NVDA,Display-B: vram [94000000:08000000]
Apr 13 22:15:54 Marc-Weinbergs-Computer configd[67]: setting hostname to "Marc-Weinbergs-Computer.local"
Apr 13 22:15:54 Marc-Weinbergs-Computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Apr 13 22:15:56 Marc-Weinbergs-Computer diskarbitrationd[69]: disk2s3 hfs 971CABB3-C211-38FC-8E91-6B4F8EA5FA20 B08-09-07 /Volumes/B08-09-07
Apr 13 22:15:56 Marc-Weinbergs-Computer loginwindow[110]: Login Window Started Security Agent
Apr 13 22:15:57 Marc-Weinbergs-Computer kernel[0]: AppleBCM5701Ethernet - en1 link active, 1000-Mbit, full duplex, symmetric flow control enabled
Apr 13 22:15:57 Marc-Weinbergs-Computer configd[67]: AppleTalk startup
Apr 13 22:15:57 Marc-Weinbergs-Computer TabletDriver[119]: #### GetFrontProcess failed to get front process (-600)
Apr 13 22:15:59 Marc-Weinbergs-Computer configd[67]: posting notification com.apple.system.config.network_change
Apr 13 22:16:00 Marc-Weinbergs-Computer configd[67]: posting notification com.apple.system.config.network_change
Apr 13 22:16:00 Marc-Weinbergs-Computer configd[67]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-net work
Apr 13 22:16:00 Marc-Weinbergs-Computer configd[67]: posting notification com.apple.system.config.network_change
Apr 13 22:16:01 Marc-Weinbergs-Computer lookupd[123]: lookupd (version 369.5) starting - Sun Apr 13 22:16:01 2008
Apr 13 22:16:01 Marc-Weinbergs-Computer kernel[0]: HFS: Removed 2 orphaned unlinked files
Apr 13 22:16:01 Marc-Weinbergs-Computer diskarbitrationd[69]: disk3s3 hfs CDA8BCC5-0CE4-33E8-A910-4B0952DBC230 FullBU-09-07 /Volumes/FullBU-09-07
Apr 13 22:16:04 Marc-Weinbergs-Computer configd[67]: target=enable-network: disabled
Apr 13 22:16:05 Marc-Weinbergs-Computer configd[67]: AppleTalk startup complete
Apr 13 22:16:09 Marc-Weinbergs-Computer TabletDriver[237]: #### GetFrontProcess failed to get front process (-600)
Apr 13 22:16:09 Marc-Weinbergs-Computer launchd[241]: com.wacom.wacomtablet: exited with exit code: 253
Apr 13 22:16:09 Marc-Weinbergs-Computer launchd[241]: com.wacom.wacomtablet: 9 more failures without living at least 60 seconds will cause job removal
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:28 EDT 2008] : ATA device 'ST3320620AS', serial number '6QF0L6LR', reports it is functioning at a temperature of 95.0F (35C) degrees.
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:28 EDT 2008] : Spare blocks for ATA device 'ST3320620AS', serial number '6QF0L6LR', appear to still be available. (Total Available: 36) (Use Attempts: 0)
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:29 EDT 2008] : ATA device 'ST3320620AS', serial number '6QF0LGS4', reports it is functioning at a temperature of 100.4F (38C) degrees.
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:29 EDT 2008] : Spare blocks for ATA device 'ST3320620AS', serial number '6QF0LGS4', appear to still be available. (Total Available: 36) (Use Attempts: 0)
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:29 EDT 2008] : ATA device 'ST3320620AS', serial number '9RV000FC', reports it is functioning at a temperature of 95.0F (35C) degrees.
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:29 EDT 2008] : Spare blocks for ATA device 'ST3320620AS', serial number '9RV000FC', appear to still be available. (Total Available: 36) (Use Attempts: 0)
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:29 EDT 2008] : ATA device 'Maxtor 6B300S0', serial number 'B6211G0H', reports it is functioning at a temperature of 89.6F (32C) degrees.
Apr 13 22:16:29 Marc-Weinbergs-Computer /Applications/DiskWarrior.app/Contents/MacOS/DiskWarriorDaemon: [Sun Apr 13 22:16:29 EDT 2008] : Spare blocks for ATA device 'Maxtor 6B300S0', serial number 'B6211G0H', appear to still be available. (Total Available: 63) (Use Attempts: 0)
Apr 13 22:16:54 Marc-Weinbergs-Computer /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder: _TIFFVSetField: tiff data provider: Invalid tag "Copyright" (not supported by codec).\n
Apr 13 22:16:54 Marc-Weinbergs-Computer /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder: _TIFFVSetField: tiff data provider: Invalid tag "Copyright" (not supported by codec).\n
etc.

Hi-
The machine seems to be having trouble with loading certain drivers, but, as this isn't a crash log, and doesn't show the "hang-up" or freeze, it's hard to tell.
Noted possibilities are:
-Microsoft keyboard (possible USB power problem)
-firmtek driver (from archive) questionable due to the "archive" annotation
-Wacom tablet driver, causing system problems
Running in Safe mode without freezes would help to determine if one of these drivers is the problem.
Other possibilities are outdated drivers, or simply a need to reinstall the OS.
If unnecessary, removing the driver(s) would be a good idea.
External USB and Firewire devices are all suspect, should all be disconnected, revert to Apple keyboard, and test system performance. Adding one device at a time, and testing each will be necessary to clear each device.
I have experienced system trouble when a Wacom tablet was not connected, but the driver was left installed.
Disabling the driver from Startup items may be necessary to test without the Wacom tablet connected.

Firefox will not display my HTML file as its contents - only displays the HTML text (firefox 5.0).

I can download a file as a Firefox file (zipped) and it displays successfully. Then I can save the file as a text file and see the HTML text.
When I work on the HTML text file and then try to display the modified file in Firefox 5.0 and Windows XP, Firefox will only show the HTML text, not the display of the contents of the file.

Make sure that the file has a .html file extension if you want Firefox to render the content.
Your above posted system details show outdated plugin(s) with known security and stability risks.
*Shockwave Flash 10.0 r32
Update the [[Managing the Flash plugin|Flash]] plugin to the latest version.
*http://www.adobe.com/software/flash/about/

How to secure file

Hi
I m coding . I want to secure my file so that no body can make changes in it.can u tell how?
Thanks.

hi rani patil ji,
pls see the below link..
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/37bef2c0-0d01-0010-58ac-d1286bb09b6
securing files in abap
After doing all kind of ABAP work for many years, its often amusing for me to see such a system as SAP R/3 being so vulnerable and so unprotected from attacks and sabotage. The system has very strong security mechanisms, so complicated that it probably takes years to build up the experience managing all that, but those things can be used to restrict access for normal users. Anyone who wants to target it can find some ways, combining existing functionality, holes not closed by administrators, probably complemented by social engineering. It seems that its just because normally the people that have an access to such system are too busy to screw it. But what if some nice behaving well paid consultant is actually looking to sell your data? Or if someone unhappy with the very wise executive decision to let a crowd of folks go look for another job wants to say the last word? The fact is, and I like to repeat it every time I hear that someone has decided to strip us of some authorisations, that anyone with some technical SAP experience will always find the way. Or lets say, most likely will.
Before I go further, let me give a couple of notices:
Some things discussed below were actually tried by me, on various versions of SAP. It can happen that some trick I tried several years ago is already blocked by SAP. I never want to try certain tricks again - its not good, and I dont have my own SAP system to play with. I assume no responsibility on the results of trying those innocent tricks.
The first thing that you learn as an ABAPer is that you can read the data directly from SAP database tables. And not only read, but also update. Direct updates, unless done on customers own tables, in theory can break the SAP warranty. But we have to do this from time to time, and there is nothing more simple that can screw up the whole system. Just one line of code. But hey, its not only about sabotage! What about messing with the accounting? Or changing your own user account information? During the SAP boom days (end of 90s), a code to get yourself the best authorisation available in the system was circulating over the Net. Simple updates of USR* tables. The guy who wrote it pulled it back later because he didnt feel well about it.
Most companies have a policy of not allowing direct updates of SAP tables, but not every company enforces it through QA process. I remember how did I learn that direct updates are not good. It was probably a couple of months after I took my BC400 course that I got a task of programming a mass update of customer master. I think it was that simple update of KNVV that got my change back from QA with a big red cross. Good work! Thats when I understood also how important the quality assurance is.
The next funny thing you learn as an ABAP programmer is that there are some system variables. And also that they can be manipulated too. What is especially useful its changing the value of return code SY-SUBRC after failed authorisation check. Yes, you need to be authorised to change values in debugger, but this is what we all have in development systems, and for some limited periods even in production. No big deal if its dev? But it can be a good starting point and a gate to other systems! And it brings even more fun if when doing some nasty update, you change the current user ID to be stored as who has updated it to some other than yours!
Though at some critical points SAP checks the authorisation other than with standard authority-check and SY-SUBRC, most of time its still good old return code, and it doesnt look like its going to change. But why should we ABAPers care if under the debugger, we can change almost any SAP program without asking SAP or our admin for access key. Just jump over it! (Kind of open-source - feel free to modify if you need to!) Then, why not to transport this change to the productive system if management thinks that having QA folks go through each modified piece of code that is going to be transported is a waste of corporate money? As if its not the code that runs the enterprise blood through the servers.
But its not only the code. There is a useful transaction SE16N, where SAP has implemented a command (&sap_edit) that allows you to modify just any table in SAP. The command name implies that its internal use only and should be reserved for SAP support folks, but I have never seen it asking whether I am an SAP employee. Oh, there are change documents that they use to track all those changes, but there is also a menu item to delete them, and after all, why not to play with the table storing them directly? OK, to do all those things you need to be authorised, but dont give up: there are debugger (see above) and other tricks (see below) that get us there.
That was about changing the data, but sometimes even reading can be considered as a biggest sin. At some point in SAP career, everyone will see authorisation hysteria. It starts with some global effort to strip us of our rights. Sure, we developers should be hanged after seeing some secret production data, so to prevent the mass executions, they first revoke the rights for standard business transactions. Then, normally several years after that, someone says hey! those potentially bad bad guys have SE16 and can view data just from any table! Oh my! Now we set the authorisations for each table. S_TABU_DIS is the cure! And the tables are gone for us, forever. No, wait! we have database views! and many other things that you get using where-used-list for the table in question in SE11 (a very special SAP feature nearly unknown to professional accountants). There is even more. There are hundreds of funcion modules in SAP and the changes always are that after investing some time into research, but still considerably less than we spend explaining that if we are supposed to analyse production problems, we need some more authorisation to do that, we can find some magic function module that, being called directly in SE37, gives us the data we need. And dont forget that very often developers are given rights to schedule background jobs that run with any user they want and then read the output. No limits - it can be helped only by a different authorisation process, where everything in a system is really integrated. For example, database views inherit authorisation of tables, and SELECTs check things like S_TABU_DIS authomatically. But overhead of doing that will probably make the systems unusable.
As so many things can be done if we got enough authorisations, one would ask whats the big deal? Just stop giving the debug with change authorisation away and this will save the system from abuse. Well, there are always countermeasures. Each system has some special users that have special authorisations. And frequently those users are maintained as default login user for some RFC connection. One very well known example is the user of the APO CIF interface. Till mid-2006, it was a general advice from SAP to give that interface user SAP_ALL authorisation. Now, years after introducing CIF, they have issued an OSS note that describes a safer setup. But the system that still has the old setup, or has some other user for interfacing with other systems, there are fancy things one can do with that. You need just a debug session without change authorisation and some RFC-capable function on the target system. A good one is, for example, RFC_READ_TABLE, which is present on all systems regardless of which applications are installed. When called under debugger in SE37 with appropriate RFC destination, the function jumps into the target system, and your session does this together. The place to watch is the function SFCS_FA_FUNCTION_INVOCE, where the remote call happens. If you follow the cross-system call with Step-Into, you can then open a new window on the target system that will be running not with your poor user, but with that special one! While this is a very common approach to interfacing two systems, if a special authorisation somes into question, then building the interface with an intermediate system to prevent abuse of RFC could solve the problems, but the complexity will be the price to pay.
The next inviting feature of SAP is the ability to run operating system commands on the application server. This can be done either with the function SXPG_COMMAND_EXECUTE or directly with CALL SYSTEM. The former does some security checks to prevent running some commands that can harm the system but this check is of course very limited as SAP can never know what command is dangerous on your system. The most dangerous of all that is that the command will be run as a subprocess, with the same OS user as that of the SAP instance. Which means, you can run a process with the same OS authorisations as SAP, having access to the same data etc. The most simple sabotage by stopping the SAP at most needed moment (scheduled by cron if its running on UNIX) is obviously stupid, but what about manipulating some files (e.g. with data for or from external systems) or even transport files? With transport files, its not that straightforward as it used to be as now files are compressed (in older versions, you could modify program source code right in the transport files), but if they are not encrypted, they can be used to implement custom logic directly or plant a back doors for later time.
You are not convinced because all you can do is to run a single command? Well, this single command can get you a terminal window on your PC, running a shell on the application server! Just install an X server on the PC and launch something like xterm on the app server, setting the display parameter to the PC - takes several seconds. X applications like xterm are present in all default UNIX installations. If the SAP is running on a Windows machine, its not better, because you can always have a Cygwin environment (the same one used to get an X server on your PC), and all you need is to transfer several files to the SAP server, which can be done easily with direct FTP, file upload functions or network shares. As soon as you get a terminal, running other things is becoming much easier! Unless some knowledgeable admin restricts the authorisations to the maximum extent, erases unneeded OS applications from the server and, best of all, restricts the network connections between the server and the rest of the network. Interfaces could use some TCP ports that are opened only between certain machines on the network and the rest - closed for more security. But I dont believe anyone in the world is doing that. Thats waste of corporate money and lost of convenience after all!
Lets say, we got some hole to get through. What can be done in some short time? For sure, well want to plant a backdoor to ease our later activity. No system has better resources for that. They could set the system level to productive to forbid the changes, they kick us with developer keys and object access keys. But all we need is just one ABAP command, INSERT REPORT. Surprisingly, this one doesnt care at all what program are you going to modify. THERE ARE NO CHECKS! It can be anything, anywhere including production system, and on execution, SAP doesnt care if you dont have development authorisation. So, well start with that, having that one line hidden in some nice customer program, sneak through the absent or sleepy QA procedures and we are ready for a next assignment.
All those simple tricks above can be dealt with and holes can be closed. But because doing that required some effort, and knowledge and money is an important prerequisite, most likely we will live with that for years from now. Which is not really bad - if we save some time when analysing a production problem, well probably have more time to do a proper code review, and do many other things right. There should be more tricks and Ill be glad to know and discuss them (for fun, not for breaking!), so any comments will be very welcomed.
regards
karthik
pls reward me points if the above is usefull to you

Account Name field of 4663,4660 displays System Account(FileServer$) instead of userName when Deleting a Folder

Account Name field of 4663,4660 displays System Account(FileServer$)
instead of userName when Deleting a Folder :
A Folder with files & subfolders are deleted.The following sequence events 4656,4663,4660,4658 are logged for parent folder,subfolders
and files in the security event log.For parent folder and subfolders events, the Account Name field of event id 4656 displays the user who deleted the folder,but the Account Name field of event id 4663,4660 diplays the SYSTEM account ie)FileServer Name instead
of username.This is not occuring for files inside the subfolders
Actually we correlate 4663,4660 with handle id and process id to make sure the file/ folder is deleted.Using this above correlation we
can not able to find out user ,because it shows servername$ for folder deletions not files.So my question is why windows logging servername$ in 4663,4660 events only for folder deletions.
The above issue happening only for
* parent folder and sub folders and not for files inside them.
* deletion through network share and not locally.
Sample Events of 4656,4663,4660
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 11-09-2012 20:03:41
Event ID: 4656
Task Category: File System
Level: Information
Keywords: Audit Success
User: N/A
Computer: FS01.test.com
Description:
A handle to an object was requested.
Subject:
Security ID: S-1-5-21-34352134455-267854504-159913591-49381
Account Name: vijay
Account Domain: test.com
Logon ID: 0x7e95119f
Object:
Object Server: Security
Object Type: File
Object Name: \Device\HarddiskVolume4\ShareA\testFolder
Handle ID: 0x7498
Process Information:
Process ID: 0x4
Process Name:
Access Request Information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Accesses: DELETE
Access Mask: 0x10000
Privileges Used for Access Check: -
Restricted SID Count: 0
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 11-09-2012 20:03:41
Event ID: 4663
Task Category: File System
Level: Information
Keywords: Audit Success
User: N/A
Computer: FS01.test.com
Description:
An attempt was made to access an object.
Subject:
Security ID: SYSTEM
Account Name: FS01$
Account Domain: test.com
Logon ID: 0x3e7
Object:
Object Server: Security
Object Type: File
Object Name: \Device\HarddiskVolume4\Shared\testFolder
Handle ID: 0x7498
Process Information:
Process ID: 0x4
Process Name:
Access Request Information:
Accesses: DELETE
Access Mask: 0x10000
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 11-09-2012 20:03:41
Event ID: 4660
Task Category: File System
Level: Information
Keywords: Audit Success
User: N/A
Computer: FS01
Description:
An object was deleted.
Subject:
Security ID: SYSTEM
Account Name: FS01$
Account Domain: test.com
Logon ID: 0x3e7
Object:
Object Server: Security
Handle ID: 0x7498
Process Information:
Process ID: 0x4
Process Name:
Transaction ID: {00000000-0000-0000-0000-000000000000}

HI,
When you configure the Auditing Entry for the user account on the shared folder, if the setting is Files only, it might be the cause of your problem . If so, you can try to configure "Apply onto" as The folder, subfolders and files.
Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Was advised to delete system configuration file from hard drive and now computer will not start - any help would be appreciated.

Downloaded Yosemite and since then cannot connect to internet or bluetooth mouse - was advised to delete system configuration file from the hard drive and since then cannot start up computer. Any help would be appreciated - cheers.

Boot the MBP with the OPTION+COMMAND+R keys down. The result should be a display showing a revolving globe. By following the instructions, you will be able to reinstall the original OSX. Then you may reinstall Yosemite.
A solid Internet connection will be required.
Ciao.

Can't access safe mode to delete System Security fake anti virus virus. HELP.

Hi, our SL500 has become infected with "System Security" fake anti virus software. We have tracked down how to remove it.
http://www.geekstogo.com/forum/system-security-malware-t222291.html
However when we get to the "reboot your computer in safe mode" (see instructions below) we can't as this is not possible.
We have tried F8...........Repeatedly . And also Run->msconfig->BOOT.INI->/SAFEBOOT . But to no avail . Actually we get a pop up stating that Windows can not find said command and have we typed it in correctly . Please could some one help us as this is driving us insane . One last thing . A computer WITHOUT a "safe mode " option, isn't that kinda of unsafe and a tad.....
Thanks in advance.
Instructions for malware removal.
You will need to print out a copy of these instructions, or save them to NotePad and put a shortcut to the file on the desktop so that you can refer to while you complete this procedure as you will be required to boot into Safe Mode where you wont have internet access.
Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Run MBAM again, only this time perform a full scan and post the log.
Please click here to download AVP Tool by Kaspersky.
Save it to your desktop.
Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.
Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
In your next reply I would like to see:
C:\RSIT\info.txt
MBAM log
Kaspersky AVP scan results
Also let me know how the computer is behaving.
This post has been edited by Octagonal: Dec 27 2008, 08:08 AM

Thanks for trying to help. Sadly, I followed the instructions and it rebooted to the blue screen again.
It's going to have to go to Apple for repairs now. I'm out of options.
I am wondering how much easier it would have been if I'd created a time machine restore point. I got what I deserved for failing to do that, but I'm doubtful even that would have worked in this case. It does seem to be because of that piece of widely reported malware that didn't want to leave without causing damage.
The most frustrating aspect is the safe boot. I get to the desktop but without any menu, finder or dock. It seems to be similar to the problem below...
http://www.macsmarts.com/?p=109
But that's for Tiger. I tried that to no effect.
Like I said, it's going to have to go to Apple now because I've done so many things I don't know if I'm just digging myself a deeper hole.
Thanks again for offering help.

Want to open a new browser window and display the html file in locale disk.

Hi,
I want to open a new browser window and display the html file in local drive. The below html applet work in local system successfully. But i deploy the same in web server (Tomcat) and try the same in client machine it does not work. Please help.
Note:
The class below fileopen.FileOpen.class i make it as a jar and put it in jre\ext folder at the client machine.
------------------------------------FileOpen.html(Tomcat)-----------------------------------------------------
<html>
<body >
<applet code="OpenFile.class" archive="loadfile.jar" width="100" height="100">
<param name="path" value="file://c:/open.html" />
</applet>
</body>
</html>
-------------OpenFile.java in server(Tomcat)--------------------------------------------
public class OpenFile extends Applet implements ActionListener{
String path = "";
fileopen.FileOpen open = null;
Button b = null;
public void init(){
path = getParameter("path");
b = new Button("Open");
b.addActionListener(this);
add(b);
public void actionPerformed(ActionEvent ae){
try
open = new fileopen.FileOpen(this,path);
catch (Exception e){
e.printStackTrace();
-------------------------------------------FileOpen.java /Client JRE/ext----------------------------------------------------
package fileopen;
public class FileOpen
AppletContext context = null;
URL url = null;
public FileOpen(Applet applet,String path)
try
if(null != applet){
context = applet.getAppletContext();
if (null != path)
url = new URL(path);
context.showDocument(url, "_blank");
}catch(Exception ex)
ex.printStackTrace();
Please help to solve this issue very urgent.
Thanks in advance.
By,
Saravanan.K.

zzsara wrote:
I want to open a new browser window and display the html file in local drive. ...Did you ever pause to consider how ridiculous that is?
The best audience for applets is people off the internet. 'People off the internet' might be using a computer that has no (what was it?) 'open.html' in the root of the C: drive. In fact (shock horror) they may not even be running Windows, and would therefore probably have no 'C:' drive at all.
If you do not intend to distribute this to people off the web, an application makes a lot more sense, but even then, you cannot rely on the document being there unless you 'put it there' (during installation, for instance).
As the other poster intimated, applets can load documents off the local disk as long as they are trusted. Here is an example*, but note that it is not so rash as to presume any particular path or file, and instead leaves it to the user to choose the document to display.
* The short code can be seen at SDNShare on the [Defensive Loading of Trusted Applets|http://sdnshare.sun.com/view.jsp?id=2315] post.
On the other hand, a sandboxed applet can load any document coming from its own server via URL, or get showDocument(URL) to work. In that case, the JRE must recognize that the URL is from its own server, so the best way to form URLs for applet use is via the URL constructor
new URL(getDocumentBase(), "path/to/open.html");That is how I form the URL in this [ sandboxed example of formatting source|http://pscode.org/fmt/sbx.html?url=/jh%2FHelpSetter.java&col=2&fnt=2&tab=2&ln=0]. Of course, in this case the applet loads the document, then parses the text to draw the formatted version, but the point is that an URL produced this way will work with showDocument(URL).
I am pretty sure showDocument() in an applet off the internet will work with an URL pointing to a foreign (not its own) server, but it will not be able to load documents off the end user's local disks.
I suggest a couple of things.
- Try to express this problem in terms of what feature it is that you want to offer the end user. Your question jumps directly to a bad strategy for achieving ..who knows what? An example of a feature is "Shows the applet 'help' files on pressing F1".
- A good way to indicate interest in a solution is to offer [Duke stars|http://wikis.sun.com/display/SunForums/Duke+Stars+Program+Overview] to match that interest.
Edit 1:
..and please figure out how to use the CODE tags.
Edited by: AndrewThompson64 on Sep 12, 2008 11:14 PM

Are there suggestions for managing Multiple VMWare Fusion systems sharing files with a MacBook? Suppose I have enough ram for 3 servers to share files.

Suppose I have enough ram for 2 or three VMWare fusion systems to that could benefit from file sharing. Is it possible to configiure each VMWare funsion instance to have a common read only file share on my desktop and a common read/write area on on my desktop?
This would allow me to extend the power and mustle of my Mac Book Air, Retina Display system to its best advantage. Whether native Mac processing or speciality linux or Windows systems as needed.
I am having trouble allowing more than one system to share the same read only and the same read/write areas so that software does the file locking and merge controls. Even if these do not share a common read/write area, it would be truly handy for drive space management for them to share a common read only area.
Thanks for your thoughtful input.
20 year IT Professional that loves Mac visual interfaces, outstanding performance and a *nix command line.
Don

It really denpends on the os running in the vm and what the permissions are set to on those shares.
I run a few vms on both a mac at home and windows at work and all other computers in my home or at work can connect to the vms without any problems. Even multiple computer at the same time.
It also depends on how you have set the vm up for networking. If you are setting it up as nat, instead of bridged, that can also cause problems access it from multiple system. With nat the vm is on its own network branch.

Using IFRAME in JSF to display a PDF file

2 all,
How do i display a PDF file inside a JSF page in a IFRAME tag?
I store the PDF file location (like d:\images\pdf1.pdf) in my database. I cant give this location directly into the src attribute cos then the file will be rendered to only users who have access to that folder (the application is a internet application). IFRAME would be ideal as the display is very very neat (esp for pdf files).
To get this working i tried the examples given in balusc blogs (on image servlet) but the problem is that my servlet is not getting called. Find below the web.xml and imageDisplay.jsp pages that i tried
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>WorkFlowTool</display-name>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<filter>
<filter-name>MyFacesExtensionsFilter</filter-name>
<filter-class>org.apache.myfaces.webapp.filter.ExtensionsFilter</filter-class>
<init-param>
   <param-name>maxFileSize</param-name>
   <param-value>20m</param-value>
</init-param>
</filter>
<filter>
<display-name>SecurityCheckFilter</display-name>
<filter-name>SecurityCheckFilter</filter-name>
<filter-class>filters.SecurityCheckFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFacesExtensionsFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>MyFacesExtensionsFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>MyFacesExtensionsFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityCheckFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Image Servlet</servlet-name>
<servlet-class>servlets.ImageServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Image Servlet</servlet-name>
<url-pattern>/imageServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/jsp/index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/jsp/error.jsp</location>
</error-page>
<resource-ref>
<res-ref-name>jdbc/JDDS</res-ref-name>
<res-type>java.lang.Object</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</web-app>
imageDisplay.jsp
<HTML>
<HEAD>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
<f:loadBundle basename="messages" var="msg" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<LINK rel="stylesheet" type="text/css" href="../theme/Styles.css"
     title="Style">
</HEAD>
<body topmargin="0" leftmargin="0">
<f:view>
     <h:form id="CaseLookUp">
          <h:dataTable value="#{pc_ImageDisplay.dataModel}" var="var">
               <h:column id="one">
                    <f:facet name="header">
                         <h:outputText value="H1" id="HOne"/>
                    </f:facet>
                    <h:outputText value="#{var.caseID}" id="IDONE"/>
               </h:column>
               <h:column id="two">
                    <f:facet name="header">
                         <h:outputText value="H2" id="HTwo"/>
                    </f:facet>
                    <h:graphicImage value="imageServlet?file=#{var.PODocPath}" id="image"/>
               </h:column>
          </h:dataTable>
     </h:form>
</f:view>
</body>
</HTML>The image servlet is what i got from balusc's site (http://balusc.blogspot.com/2007/04/imageservlet.html).
I dont know why my servlet is not getting called. Can someone help me with this pls?
okay let me post the modified code for my image servlet here
public class ImageServlet extends HttpServlet {
     private static final long serialVersionUID = 1L;
     public void doGet(HttpServletRequest request, HttpServletResponse response) {
        // Define base path somehow. You can define it as init-param of the servlet.
//        String imageFilePath = "/images";
        // In a Windows environment with the Applicationserver running on the
        // c: volume, the above path is exactly the same as "c:\images".
        // In UNIX, it is just straightforward "/images".
        // If you have stored images in the WebContent of a WAR, for example in the
        // "/WEB-INF/images" folder, then you can retrieve the absolute path by:
        // String imageFilePath = getServletContext().getRealPath("/WEB-INF/images");
        // Get file name from request.
        String imageFileName = request.getParameter("file");
        System.out.println("Inside the image servlet ---->>>> " + imageFileName);
        // Check if file name is supplied to the request.
//        if (imageFileName != null) {
//            // Strip "../" and "..\" (avoid directory sniffing by hackers!).
//            imageFileName = imageFileName.replaceAll("\\.+(\\\\|/)", "");
//        } else {
//            // Do your thing if the file name is not supplied to the request.
//            // Throw an exception, or show default/warning image, or just ignore it.
//            return;
        // Prepare file object.
        File imageFile = new File(imageFileName);
        // Check if file actually exists in filesystem.
        if (!imageFile.exists()) {
            // Do your thing if the file appears to be non-existing.
            // Throw an exception, or show default/warning image, or just ignore it.
            return;
        // Get content type by filename.
        String contentType = URLConnection.guessContentTypeFromName(imageFileName);
        // Check if file is actually an image (avoid download of other files by hackers!).
        // For all content types, see: http://www.w3schools.com/media/media_mimeref.asp
        if (contentType == null || !contentType.startsWith("image")) {
            // Do your thing if the file appears not being a real image.
            // Throw an exception, or show default/warning image, or just ignore it.
            return;
        // Prepare streams.
        BufferedInputStream input = null;
        BufferedOutputStream output = null;
        try {
            // Open image file.
            input = new BufferedInputStream(new FileInputStream(imageFile));
            int contentLength = input.available();
            // Init servlet response.
            response.reset();
            response.setContentLength(contentLength);
            response.setContentType(contentType);
            response.setHeader(
                "Content-disposition", "inline; filename=\"" + imageFileName + "\"");
            output = new BufferedOutputStream(response.getOutputStream());
            // Write file contents to response.
            while (contentLength-- > 0) {
                output.write(input.read());
            // Finalize task.
            output.flush();
        } catch (IOException e) {
            // Something went wrong?
            e.printStackTrace();
        } finally {
            // Gently close streams.
            if (input != null) {
                try {
                    input.close();
                } catch (IOException e) {
                    e.printStackTrace();
                    // This is a serious error. Do more than just printing a trace.
            if (output != null) {
                try {
                    output.close();
                } catch (IOException e) {
                    e.printStackTrace();
                    // This is a serious error. Do more than just printing a trace.
    }

Thanks Balusc!!
I have made use of your code to display PDF files in an IFRAME tag too!!! I just dint believe that this would be possible. Please just take a look at my JSP page.
<h:form id="CaseLookUp">
     <%
     String path = request.getContextPath()+"";
     out.print(path);
     %>
<iframe scrolling="auto" src="<%=path%>/imageServlet?file=D:\70-229 V5.pdf" width="80%" height="600" ></iframe>
     </h:form>

System.Security.VerificationException: Operation could destabilize the runtime during code coverage run in visual studio

I have a unit test that basically does the following:
Creates an app domain using minimum priviledges. The MarshalByRefObject that is living in the app domain, loads another assembly to execute. This new assembly basically takes in a data object defined in a separate assembly, and returns a
new data object of that type.
All this works fine in debug mode, or when running w/out code coverage. The Sandbox assembly is signed.
The exception that gets thrown is this:
Test method TestProject1.UnitTest1.TestMethod1 threw exception:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.VerificationException: Operation could destabilize the runtime.
ClassLibrary3.Bar..ctor()
ClassLibrary2.Foo.TestMethod(Bar testBar)
System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
ClassLibrary1.RemoteSandBox.Execute(String assemblyPath, String scriptType, String method, Object[] parameters)
ClassLibrary1.RemoteSandBox.Execute(String assemblyPath, String scriptType, String method, Object[] parameters)
ClassLibrary1.SandBox.Execute(String assemblyPath, String scriptType, String method, Object[] parameters) in c:\users\la22426\documents\visual studio 2010\Projects\TestProject1\ClassLibrary1\Sandbox.cs: line 43
TestProject1.UnitTest1.TestMethod1() in c:\users\la22426\documents\visual studio 2010\Projects\TestProject1\TestProject1\UnitTest1.cs: line 21
Unit Test code:
[TestClass]
public class UnitTest1
[TestMethod]
public void TestMethod1()
using (SandBox sandbox = new SandBox())
string assemblyLocation = Path.Combine(Environment.CurrentDirectory, @"..\..\..\ClassLibrary2\bin\Debug\ClassLibrary2.dll");
object result = sandbox.Execute(assemblyLocation, "ClassLibrary2.Foo", "TestMethod", new Bar() { X = "test" });
Assert.IsNotNull(result);
Data Object code:
namespace ClassLibrary3
[Serializable]
public class Bar
public Bar() { }
public string X { get; set; }
Assembly to execute code:
namespace ClassLibrary2
public class Foo
public Bar TestMethod(Bar testBar)
return new Bar() { X = testBar.X };
Sandbox code:
namespace ClassLibrary1
public class SandBox : IDisposable
AppDomain Domain { get; set; }
RemoteSandBox RemoteSandBox { get; set; }
public SandBox()
var setup = new AppDomainSetup()
ApplicationBase = AppDomain.CurrentDomain.BaseDirectory,
ApplicationName = Guid.NewGuid().ToString(),
DisallowBindingRedirects = true,
DisallowCodeDownload = true,
DisallowPublisherPolicy = true,
//DisallowApplicationBaseProbing = true,
var permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissions.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
this.Domain = AppDomain.CreateDomain(setup.ApplicationName, null, setup, permissions,
typeof(RemoteSandBox).Assembly.Evidence.GetHostEvidence<StrongName>());
this.RemoteSandBox = (RemoteSandBox)Activator.CreateInstanceFrom(this.Domain, typeof(RemoteSandBox).Assembly.ManifestModule.FullyQualifiedName, typeof(RemoteSandBox).FullName).Unwrap();
public object Execute(string assemblyPath, string scriptType, string method, params object[] parameters)
return this.RemoteSandBox.Execute(assemblyPath, scriptType, method, parameters);
public void Dispose()
if (this.Domain != null)
AppDomain.Unload(this.Domain);
class RemoteSandBox : MarshalByRefObject
public RemoteSandBox()
public object Execute(string assemblyPath, string scriptType, string method, params object[] parameters)
//we need some file io permissions to load the assembly
new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, assemblyPath).Assert();
Assembly assembly;
try
assembly = Assembly.LoadFile(assemblyPath);
finally
CodeAccessPermission.RevertAssert();
Type type = assembly.GetType(scriptType, true);
MethodInfo methodInfo = type.GetMethod(method);
object instance = (methodInfo.IsStatic) ? null : Activator.CreateInstance(type);
object returnVal = null;
returnVal = methodInfo.Invoke(instance, parameters);
return returnVal;

I marked the shared data library with the attributes:
[assembly: AllowPartiallyTrustedCallers]
[assembly: SecurityRules(SecurityRuleSet.Level2, SkipVerificationInFullTrust = true)]
And then marked the data class Bar with the attribute:
[SecuritySafeCritical]
And got a little more insight into what's going on:
Test method TestProject1.UnitTest1.TestMethod1 threw exception:
System.MethodAccessException: Attempt by security transparent method 'Microsoft.VisualStudio.Coverage.Init_d2f466df4c65e2a7bb5d7592c49efef0.Register()' to call native code through method 'Microsoft.VisualStudio.Coverage.Init_d2f466df4c65e2a7bb5d7592c49efef0.VSCoverRegisterAssembly(UInt32[],
System.String)' failed. Methods must be security critical or security safe-critical to call native code.
Microsoft.VisualStudio.Coverage.Init_d2f466df4c65e2a7bb5d7592c49efef0.Register()
ClassLibrary3.Bar..ctor() in c:\users\xxx\documents\visual studio 2010\Projects\TestProject1\ClassLibrary3\Bar.cs: line 13
TestProject1.UnitTest1.TestMethod1() in c:\users\xxx\documents\visual studio 2010\Projects\TestProject1\TestProject1\UnitTest1.cs: line 21
Since the injected code coverage il is doing some native stuff, it's throwing. Any ideas on how to allow this?

Solaris 8, 9 and 10 Security Files

Good Morning:
I am hoping that someone out there can confirm the following scenario:
I want to use a standardized set of security files for all my operating systems Solaris 8, 9, and 10. The files from Solaris 10 and are listed below:
/etc/default/passwd
/etc/default/login
/etc/security/policy.conf
The questions I have are as follows:
1. With the understanding that some of the security features may not work in Solaris 8 or Solaris 9, is there a problem in using these files across the all Operating systems?
2. Are there any known issues with this approach?
Mark K.

Lars,
Use ldmp2v to convert existing physical server to VM and
Convert Solaris 8 and 9 physical servers to container in Solaris 10 VM?
Is that what you are saying?
Major constraint I have is, applications running in the current physical servers have no vendor support, vendor doesn't exist any more. Application has been locked to run only on the same OS version. What I am worried is, while running ldmp2v should not prevent the application coming up in the new virtualized environment. Keeping that in mind, I gave a thought like
1. Install and configure the CDOM (control domain)
2. configure and Install LDOMs with Solaris 10 OS
3. Run flar on the existing Solaris 10 physical server
4. Transfer the flar created to Solaris 10 LDOM and configure it as a zone
5. For Solaris 8 and 9, create LDOMs with Solaris 10 OS
6. Install additional patches and packages needed for supporting Solaris 8 and 9 zones
6. create flar images on the existing Solaris 8 and 9 physical servers
7. transfer the images to newly created LDOM and configure the zone.
8. Current servers sun4u which has to be converted to sun4v.

How to display a html file without tags?

Hello,
I am new for Java programming. Now i have to display a html file without all the tags. My code is the fllowing:
u = new URL("http://www.ncbi.nlm.nih.gov/entrez/viewer.fcgi?db=protein&val=55584070");
BufferedReader in = new BufferedReader(new InputStreamReader(u.openStream()));
while ((s = in.readLine()) != null) {
System.out.println(s);
in.close();
Unforturnately, the output is the soucecode of the html file and I just want the content.
Please help me.
Thanks a lot in advance,
Danica

Here's a simple example
http://forum.java.sun.com/thread.jspa?threadID=293830
I haven't tested it, but I bet camickr did.

Display system security file fragmentation_percent

Similar Messages

Maybe you are looking for