Do the security restrictions on applets apply to local applets?

Similar Messages

• I am getting this statement: The security restrictions of Firefox limit you to copy to clipboard. Please open 'about:config' and set the 'signed.applets.codebase_principal_support' to true. After that, please try again.

  from World of Lordcraft: free browser game

  Try this extension - Allow Clipboard Helper: <br />
  https://addons.mozilla.org/en-US/firefox/addon/852

• Security Restrictions disappear when webi is modified

  Hello,
  I have the following problem with Security restrictions.
  I have created a business security profile, and assign this profile to a user directly (I have tested the same assign the profile to a group and the problem occurs too).
  The business security profile is defined this way:
  1. At the first tap (Create query), I grant all the views of the business layer and all the objects.
  2. At the second tap (Data) all objects are granted.
  3. At the filter tap, I defined the row restrictions of the profile (3 conditions with and).
  4. I assign the business profile to the user.
  The steps to reproduce the problem are:
  1.  I create a webi (with an administrator user) that uses the universe that contains the business security profile
  2. The user that have the business security profile restrictions assign, open the webi refresh and show only his data.
      The SQL of the webi query shows the security restrictions (profile filters).
  3. I modify the report (for instance, I drag a dimension on it). Save the report.
  4. The user that have the business security profile restrictions, open the modified webi refresh and show all the data (as he was an administrator user).
      The SQL of the webi query does not show the security restrictions (filters). The restrictions desappear of the SQL.
  Please, could you help me?
  Thanks
  Pilar

  Enable the following auditing on the server either through domain
  policy or local policy:
  Audit logon events - Success
  Audit Object Access  - Success
  On the Auditing tab, add Everyone with the following audit settings.

• Security restrictions on offline form

  In my application, I have a form with a submit button of control type 'regular'. It can be downloaded on local hard disk filled and saved. But for the same form, I changed the control type of submit button to 'submit' and ran the application again. Now when I download the form and fill it, I cant save any of the form data. I see that the security restrictions on the form now have changed. Any idea if I can set these security restrictions so that I can still save the form data?

  Marlon,
  We also have similar requirement. So we logged an SR with Oracle. We got response as
  =============================================================================================================================
  No but there is an enhancement request
  OER does not provide the ability to enforce assignment of specific asset tabs to specific users/roles. 
  True need to file enhancement request
  Oracle® Fusion Middleware Configuration Guide for Oracle Enterprise Repository
  11g Release 1 (11.1.1)
  Part Number E16580-04
  http://docs.oracle.com/cd/E14571_01/doc.1111/e16580/rbac.htm
  10309159 - TAB LEVEL SECURITY - AUTHORISATION
  Use Case
  If I give a user with Tester Role and a user with Lead Developer Role
  approval capability (ie. Tester Role should only approve "Testing" tab and
  Lead Developer Role should only approve "Technical" tab).  They should only
  be able to see the other tabs but not approve anything. e.g. the Lead
  developer should only approve the "Technical" tab.
  ================================================================================================================================

• How do I verify the security update for 7.1.6 is installed?

  I have over 200 classroom PCs I need to install the security patch linked below on. How can I verify it's correctly installed since there is no visible change to the software, not even on the Help-About screen.
  http://docs.info.apple.com/article.html?artnum=305531
  (This is for Quick time for Windows)
  Windows   Windows XP Pro  

  If you install QT 7.1.6, it says 7.1.6 in the help screen. If you install the newly released security update, nothing changes to show the security update has been applied. It still says 7.1.6 in the help screen. Even running the patch manually, it gives no indication it has successfully installed.
  I am required to install this patch on about 200 clasroom machines but have no way to verify which ones get the patch and which don't. Apparently I can't even go around to each of them and manually verify.

• Oracle Security Patch Error while applying --The filename, directory name,

  Hello,
  I am running into strange error while applying Oracle Security Patch 68 by using Opatch.
  Supposedly, All the environment variables are set properly.
  ACTIVE_STATE_PERL=true
  DBMS_TYPE=ORA
  dbs_ora_tnsname=YBQ
  JAVA_HOME=C:\jdk1.3.1_10
  OPATCH_DEBUG=TRUE
  ORACLE_HOME=E:\oracle\ora92
  ORACLE_SID=YBQ
  Path=E:\oracle\OPatch;C:\jdk1.3.1_10\bin;E:\oracle\Perl\bin;E:\oracle\ora92\jre\1.4.2\bin\client;E:\oracle\ora92\jre\1.4.2\bin;E:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\VERITAS Shared;\NetBackup\bin;C:\Program Files\Windows Resource Kits\Tools\;C:\Program Files\Support Tools\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;E:\usr\sap\YBQ\SYS\exe\run
  Installed Active Perl. latest version
  downloaded Opatch 1.0.0.50
  and the patch number 3738339
  I went to that directory and run the command :
  perl opatch.pl apply
  It started of well.
  OPatch version is: 1.0.0.0.50
  Using ORACLE_HOME/oui to look up oui libs...
  Oracle Home = E:\oracle\ora92
  Location of Oracle Inventory = E:\oracle\ora92\inventory
  Oracle Universal Installer shared library = E:\oracle\ora92\oui\lib\win32\oraInstaller.dll
  Path to Java = "E:\oracle\ora92\jre\1.4.2\bin\java.exe"
  Location of Oracle Inventory Pointer = N/A
  Location of Oracle Universal Installer components = E:\oracle\ora92\oui
  Required Jar File under Oracle Universal Installer = jlib\OraInstaller.jar
  find under OH/oui/jlib
  found OraInstaller.jar
  Checking if this is a RAC system...
  Accessing inventory... This may take up to 300 seconds.
  (retry 10 times, delay 30 seconds each time)
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;.:E:\oracle\ora92\jlib\srvm.jar" opatch/O2O "e:\oracle\ora92" "E:\oracle\ora92\oui" opatch.pl 1.0.0.0.50"
  Result:
  ----- DEBUG is ON -------
  oracle.installer.startup_location will be set to E:\oracle\ora92\oui
  oracle.installer.oui_loc will be set to E:\oracle\ora92\oui
  oracle.installer.scratchPath will be set to /tmp
  opatch.local_node_only is OFF
  retryOption is ON: 10
  delayOption is ON: 30
  Few more stuff here .. not pasting the entire contents
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;." opatch/CheckConflict "E:\oracle\ora92\oui" "e:\oracle\ora92" opatch.pl 1.0.0.0.50 3738339 "3741539 3528282 3516951 3622875 3668572 3371796 3239873 3356103 3543125 3666502 2800494 2824035 2964252 3617042 3320622 3571233 3253770 3492040 3566469 3354470 3625370 3583686 3150750 3617519 3635177 3597640 3749394 3542588 3698501 2954891 2918138 3559212 3518909 3412818 3430832 3172282 3358490 3637624 3458446 3179637 2810394 3668224 3609791 3566813 3475932 2338704 3412136 3388633 3540576 3571226 3575743 2690205 3240280 3509265 3177513 3575747 3811906 3554319 3752406 3323435 " E:\3738339\etc\config\actions"
  Result:
  opatch.pl version: 1.0.0.0.50
  Copyright (c) 2001-2004 Oracle Corporation. All Rights Reserved.
  The filename, directory name, or volume label syntax is incorrect.
  Error in executing Java program to check conflict
  ERROR: OPatch failed during pre-reqs check.
  Now there is no problem with executing the last java program in the same prompt by removing the first and the last double quote "
  Please advise.
  Thanks in advance.

  hi somnath,
  this is the portal content management forum. for your database question please use the database forums:
  http://forums.oracle.com/forums/index.jsp?cat=18
  thanks,
  christian

• There,are,restrictions,to,opening,PDF,files,on,an,Pad,or,Android,Device,that,will,open,in, Microsoft,Internet,Explorer,desktop,or,laptop.,If,I,bought,a,Windows,8.1,tablet,and,had,Ad obe,reader,installed,would,I,then,be,able,to,open,the,secure,document,wit

  There,are,restrictions,to,opening,PDF,files,on,an,iPad,or,Android,Device,that,will,open,in ,Microsoft,Internet,Explorer,desktop,or,laptop.,If,I,bought,a,Windows,8.1,tablet,and,had,A dobe,reader,installed,would,I,then,be,able,to,open,the,secure,document,with,Internet,Explo rer?

  What's,with,the,commas?
  If you have a tablet that runs full Windows 8 - not Windows 8 RT, which is limited.
  And if you install the full Adobe Reader for Windows, not the special Adobe Reader Touch for Windows 8.
  Then you will have the same features as a desktop.
  Unless they can't be accessed in touch mode, since it isn't a touch app.

• Using the Security Manager to restrict access to a single package

  After reading up on the Security Manager, the package.access property and the use of the [accessClassInPackage RuntimePermission|http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html#RuntimePermission] , it seemed to me that it would possible to set up the following: I have a security-sensitive code base packaged in a jar, and I want to make sure that only one client code base that I specify is permitted to access it. The idea here is to prevent malicious code from executing anything in the sensitive code base; the sensitive code is only accessible to one client that I name in a security policy file. Perhaps rather foolishly, I advised a client to consider this before testing out a sample myself, because much to my surprise, it appears to me that it isn't possible to get the Security Manager to do this at all. Am I missing something? I'm a bit startled by this conclusion -- it seems like such an obvious use for the Security Manager, I'm hard-pressed to be believe that it can't be done, and more inclined to suspect that I'm going about it wrong.
  Here's what I thought I could do: set up the package.access property so that it denies access to any package; then in the policy file, grant the RuntimePermission/accessClassInPackage to the client code base that is permitted to access the sensitive code.
  Of course, you wouldn't want the package.access property to exclude all packages in the global java.security file, because then no code could be accessed at all. It would be necessary to use the trick of resetting the package.access property within the code, as [illustrated in the secure coding guidelines|http://java.sun.com/security/seccodeguide.html#1-1a] .
  But the problem lies in the idea of "use the package.access property to deny access to +any+ package". There doesn't seem to be any way to use wildcards or the like with the property -- it has to specifically name packages (or package prefixes) to which access is forbidden. It wouldn't do to try to name the packages to which I'm trying to prevent access, since we're trying to prevent access from malicious code -- the attacker could just choose package names that aren't on the list. I'd really need to say that access is denied to all packages, except for those in the permitted code base, but the security mechanisms for package access don't seem to allow that.
  Moreover, the trick of changing the value of package.access can't be done within the client code -- otherwise, the attacker client would just set the property to his own purposes. But it can't really be done within the sensitive package either, because the whole idea is to prevent access to that package, and by the time it's busy setting the property, it's already too late, because the package has to have been accessed by a client to get there at all.
  It seems to me that this a symptom of something I've never really understood about the design of the Security Manager -- you can grant permissions to specific code bases, but you can't revoke permissions from specific code bases, let alone all code bases. What I want to do here is grant access permission to one specific code base and revoke it from all others. There doesn't seem to be any way to express that with the mechanisms of the Security Manager.
  The more I look at it, the more it seems that there's just no way to use the Security Manager this way -- set up package access so that a specific code base can only be accessed by one specific client code base. There are surely other ways to get the effect that I'm looking for, but as far as I can tell, none of them involve restricting package access (for example: define a custom permission, grant it only to the permitted client. and check against that permission within the sensitive code base; meaning that the sensitive code has to be accessible to anyone in the first place). This conclusion really surprises me (not to mention my bit of embarrassment with the client); wouldn't this be precisely the sort of thing the Security Manager ought to be good for?

  You're looking at this back to front. The security policy file is there for the client to decide how much access he is going to give this application, not for to application to restrict who can use it. If you want to control what used to be called 'state orientation' you can do that directly by looking down the stack trace inside your code.

• What the security deposit APPLIED?

  I have been used Family Plan with my brother.
  And we stopped the Verizon Service during last 3 months cuz we went our hometown country.
  And then, we back, now, I checked my bill history, there is "Security deposit Applied".
  We don't have social numbers so we had to pay the security service fee each $400 at last year June.
  And one year laster, June this year, we could back Security deposit. but where they gone?
  for check? for my bank account? where? I couldn't get the deposit and my brother too!
  And what is the A/P credit return?
  I attached the photo of my bill.

      Jsueh2,
  This is something I would be wondering about too and we'd be happy to answer it for you. Although I do not have all the details since I'm not able to access your account I can give you some helpful general information. A security deposit is applied to an account when the account is no longer in good standing and has a past due balance that needs to be paid. A/P Credit Return means that after the deposit was applied there was a credit balance of $292.73 remaining, which we will send to you in a check. Is this account closed at this time?
  SarahO_VZW
  Follow us on Twitter @VZWSupport

• I do not know the security questions and when do I apply for the questions do not come to on Emile rescue!! What is the solution..?

  I do not know the security questions and when do I apply for the questions do not come to on Emile rescue!! What is the solution..?

  If the email hasn't arrived after a few hours and isn't in a spam filter, click here, phone Apple, and ask for the Account Security team.
  (87129)

• SSM KPI Security:Restricting the measures to Users

  Hi
  I want to restrict only few KPIS(measures) to be accessed by a particular user. I was able to restrict only 22 measures(4 KPIs), beyond which i get an error.But this user should be able to access 20 KPIs(20*5 measures).  The syntax that i used:
  INDEX USER
       CASE USER1
            SELECT VARIABLES KPI59_ACT,KPI59_TAR,KPI59_TRD,KPI59_TARDEV,KPI59_TRDDEV,KPI20_ACT,KPI20_TAR,KPI20_TRD,KPI20_TARDEV,KPI20_TRDDEV,KPI58_ACT,KPI58_TAR,KPI58_TRD,KPI58_TARDEV,KPI58_TRDDEV,KPI57_ACT,KPI57_TAR,KPI57_TRD,KPI57_TARDEV,KPI57_TRDDEV,KPI2_ACT,KPI2_TAR,KPI2_TRD,KPI2_TARDEV,KPI2_TRDDEV
  ENDINDEX
  1. Is there any way that i can restrict the access to 20 KPIs (20*5 measures)?
  I also tried the following syntax but of no avail:
  For example here i tried restricting access to 3 KPIs(each of which has 5 measures:Tar,Act,Trend,Gap Performance,score)
  SELECT VARIABLES KPI1_* , KPI21_* , KPI33_*
  2. Is there a limit on the number of characters used in the select statement because of which only few measures were included in my case?

  Hello!
  I would suggest in these cases to use the folowing syntax:
  INDEX USER
  CASE USER1
  SELECT VAR KPI59*
  SELECT VAR PLUS KPI20*
  SELECT VAR PLUS KPI58*
  SELECT VAR PLUS KPI57*
  ENDINDEX
  When you are trying to just exclude one (or even just a few) measure(s), it will be more effective to type it like this:
  INDEX USER
  CASE USER1
  SELECT VAR *
  SELECT VAR MINUS KPI20*
  SELECT VAR MINUS KPI58*
  ENDINDEX
  After creating the SECURITY procedure, run it with
  job SECURITY
  command in IDQL command line. You will then be able to see right away if and where any syntax error occurs.
  Hope this helps!
  BR,
  Ricardo Vieira

• How to lower the security of applet ?

  How to lower the security of applet because i want the web browser to communicate with com port.

  Sign the applet and hope the user trusts it:
  Signing applets:
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and reply 18 for the java class file using doprivileged
  Still problems?
  A Full trace might help us out:
  http://forum.java.sun.com/thread.jspa?threadID=656028

• What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

  What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

  You want to allow someone to open your document and fill out the form (in the fields you have created), but not change or edit the form, right? Here's the answer - assuming you are using Acrobat Pro and someone will be opening the PDF using at least Acrobat Reader 9 and up:
  Tools > Protection > Encrypt < Encrypt with Password
  Answer YES to change the security.
  A new window opens:
       Do NOT select Document Open (or that will require a password to open the document.)
       Select: Permissions (Check the box next to "Restrict editing and printing of the document.")
       Change the following 2 settings from the drop-down box:
            Printing Allowed: Select High Resolution
            Changes Allowed: Select Commenting, filling in form fields, and signing signature fields
            Leave selected: "Enable text access for screen reader devices for the visually impaired"
            Change Permissions Password (insert a strong password)
            Leave all other settings alone in "Options"
            OK - OK
            Re-enter the Permissions Password (the one you entered above)
            OK - OK
            Save the PDF to apply the security [notice that (SECURED0 will appear after the document title]

• Security restrictions , how to read access a txt file supplied in a jar

  I had written a simple application which uses file handling to display random line from a file on a swing window
  but I do not know how to give my web application permission to access a file
  when I set security permission to all, then error says the application cannot load because the code require unrestricted acess to system resources and is unsigned, I don't know how to get that certificate and I am only doing it for learning purposes.
  when I remove security permissions then it says
  access denied java.io.FilePermissions geekjoskes.txt readPlease help
  I locally signed the jar file, and give my jnlp fiel all permissions, worked fine in my system but when I access same file from local lan it sho errors ,
  please help, I have my txt file stored in my jar file with main class
  the whole jnlp file is
  <?xml version="1.0" encoding="utf-8"?>
  <!-- JNLP File for geek jokes -->     
  <jnlp spec="1.0+"
         codebase="http://localhost/javasoft/webstart/"
        href="geekjokes.jnlp">
     <information>
        <title>Geek Jokes</title>
        <vendor>Vaibhav Mishra</vendor>
        <description>Geeky jokes</description>
        <homepage href="http://scjpbeginner.blogspot.com"/>
        <description kind="short">shows random jokes</description>
        <offline-allowed/>
     </information>
     <resources>    
          <jar href="GeekJokes0.1.jar"/>  
       <j2se version="1.6+"
             href="http://java.sun.com/products/autodl/j2se"/>
       <icon href="geekjokes.gif"/>
     <icon kind="splash" href = "geekjokes.gif"/>
     </resources>
     <security>
        <all-permissions/>
     </security>
     <offline-allowed/>  
     <application-desc main-class="GeekJokes"/>
  </jnlp>Edited by: 76jsr on Aug 7, 2008 3:45 PM
  Edited by: 76jsr on Aug 7, 2008 3:49 PM

  >
  I am extremely thankful to you and finally my first little app is working thanks to you,
  here is it's link
  [http://profile.iiita.ac.in/IIT2006117/javasoft/webstart/geekjokes/geekjokes.jnlp|http://profile.iiita.ac.in/IIT2006117/javasoft/webstart/geekjokes/geekjokes.jnlp] >
  I am glad you got it working! But that launch file is still slightly invalid.
  Here is a corrected, and slightly optimized (you can leave the prefix off the href, if it is the same as the codebase), version of it.
  <?xml version="1.0" encoding="utf-8"?>
  <!-- JNLP File for GeekJokes 0.3 app -->
  <jnlp spec="1.0+"
        codebase="http://profile.iiita.ac.in/IIT2006117/javasoft/webstart/geekjokes"
        href="geekjokes.jnlp">
     <information>
        <title>GeekJokes App</title>
        <vendor>Vaibhav Mishra</vendor>
        <homepage href="http://scjpbeginner.blogspot.com"/>
        <description>Geeky Jokes</description>
        <description kind="short">Cshows random jokes</description>
        <offline-allowed/>
     </information>
     <resources>
         <j2se version="1.6+"
             href="http://java.sun.com/products/autodl/j2se"/>
         <jar href="GeekJokes0.3.jar"/>
     </resources>
     <application-desc main-class="Process"/>
  </jnlp>Very 'Geeky', BTW. ;-)
  Another few things I noted when I looked at it.
  1) There is a stray thread going after the JOptionPane is dismissed. The VM does not end, and the console (if you have it configured to pop-up for JWS apps.) stays on-screen.
  2) If all the jokes are prefixed by '* ' I would recommend removing it from every line of the source file and either re-adding it at runtime, or (preferably) not adding it at all (since it is redundant).
  3) Reconfigure the app. into a loop, and offer the user a JOptionPane with "Another Joke"/"End" instead of "OK".
  4) You can always remove that debugging line I inserted in the code to show the path to the Jar - it was just intended as a 'sanity check' during testing.
  5) Why is it Java 1.6+? JOptionPane was introduced in Java 1.2 with the first Swing implementations, and the I/O is compatible with Java 1.1.
  >
  Thanks again!!!!>Thanks are best expressed (to me) in the notation of a helpful/correct answer (which you have done), and the assignation of (the remaining) dukes*. ;-)
  * After all - checks the title - we have gotten entirely around those 'security restrictions' in a sandboxed application. The reason being that File objects are rarely the correct choice, for applets or JWS apps.

• Research on the Security of NGDC Based on ASP

  Research on the Security of NGDC Based on ASP
  Zhang Li Gong Jianya Zhu Qing
  Key Words
  active server pages (ASP); national geospatial data clearinghouse (NGDC); geographic information system (GIS); Internet
  Abstract
  On the basis of the authors? experience of setting up an NGDC Web site, this paper attempts to present some significant aspects about the security of NGDC based on ASP. They include data storing, database maintenance, new technical support and so on. Firstly, this paper discusses how to provide the security of data which is saved in the host of NGDC. The security model of ?New works ?DB Sever-DB-DB Object? is also presented. In Windows NT Server, Internet Information Server (I IIS) is in charge of transferring message and the management of Web sites. ASP is also based on IIS. The advantages of virtual directory technique provide by IIS are emphasized.
  An NGDC Web site, at the Research Center of GIS in Wuhan Technical University of Surveying and Mapping is also mentioned in this paper. Because it is only an analogue used for case study, the transmission of digital spatial products is not included in the functions in this NGDC Web site. However, the management of spatial metadata is more important and some functions of metadata query are implemented in it. It is illustrated clearly in the functional diagram of the NGDC Web site.
  1 Introduction
  Needless to say, it is very important for most GIS users to acquire and integrate the geospatial information from various districts. However, the current situation of geospatial information production and dissemination in the world is still unsatisfactory. On one hand, users do not know where the geospatial data files are stored and what geospatial data is useful for their applications, or have not necessary computer facilities. On the other hand, due to the lack of coordination and cooperation, the duplication of geospatial data production widely exists. Most of geospatial information is stored by different organizations including governmental organizations, commercial companies. What?s more, the lack of geospatial data exchange and sharing mechanism results in relative low benefit of geospatial data use. It is difficult for some products to get necessary information from other producers to integrate with or to update their own databases. In short, the value of geospatial information has not been shown exactly in GIS industry of China.
  It is obvious that the information distribution technique based on Internet can play a great role in GIS industry. National Geospatial Data Clearinghouse users will be able to query what geospatial data is being produced, how about is quality, where it is produced, and how to get the geospatial data economically and conveniently.
  2 NGDC and ASP technology
  As mentioned above, NGDC is a geospatial information distributed network system which is concerned with geospatial data producers, managers and users. So the relationship among them must be harmonized. The NGDC provides the service of geospatial information through internet. In detail, it will allow various data formats to exist in this opened geospatial information service system and it supports the share and query of the geospatial data from different sources. The main mission of NGDC is to offer a means of fast, efficient, safe, economical service of geospatial data provision to users. At the same time, it will offer means for data providers to advertise their new products and collect users? demands and feedbacks in order to promote the geospatial data production.
  To date, the model of NGDC is usually described as a provider-oriented model. In this model, every geospatial data provider is linked with internet as an NGDC node... user?s access NGDC nodes through internet and browses the catalogues of geospatial data stored in NGDC, and then they query the metadata about the available products for their applications. After selecting the desired data set, the user can send an order to the relevant producer on-line or by E-mail system. If users can not find the geospatial data available in this NGDC node for their applications, they will be able to access other NGDC nodes.
  So the construction of NGDC is concerned with the planning and maintenance of dynamic Web sites linked with internet. Since Active Server Pages (ASP) came out with its peculiar characteristics several years ago, which is applied to the construction of more and more dynamic Web sites in the diverse fields? In comparison with common gateway interface (CGI), ASP is more effective and flexible as a server scripts environment.
  With html pages, script commands and active X components, ASP can set up dynamic, interactive and efficient Web server programs. It is not important whether browsers can run those ASP codes, because all of ASP programs including scripts plugged in html, such as VBScript, JScript, are executed in servers. ASP programs will send a series of commands to the script engine, and then the script engine translates the commands into some codes which can be executed by servers. After running the executive codes, the results will be sent by servers to users? browsers in html. In this way, it is sufficient for browsers to have basic function of browse. As a result, the speed of the system increases rapidly.
  NGDC Web site provides users with a catalogue of geospatial data entity, data entity and the relevant metadata. Therefore it is inevitable to access various databases in the construction of NGDC. It is convenient to connect database systems with ASP plug-in Active X components, so Web pages can be linked to all kinds of databases which provide ODBC interfaces for other programs. Active X components provide the objects whose tasks are to finish certain functions. So Active X components are of great significance in setting up Web programs.
  3 Research on security of NGDC
  This paper attempts to present some significant aspects about the security of NGDC base on ASP, such as data storing, database, maintenance, new technical supporting and so on.
  3.1 Security of data storing
  The information stored in NGDC includes geospatial data, relevant metadata and catalogues of data products. The maintenance of all the information is a very hard task. Of course, the security of data storing is included in it. From the point of system maintenance, the security of data storing in NGDC is concerned with disk error-tolerance and back-up supporting.
  With the rapid development of manufacturing technique of hard disk, the life-span of hard disk has been lengthened. Disk error-tolerance decreases usually the possibility of data-losing because of errors of hard disks. It is inevitable that some errors cannot be limited in spite of any error-tolerance system. In order to maintain the security of data, the significance of data should be assessed firstly and so should the loss of data-losing. There are three kinds of dump plans for database or data files: full data dump, increment data dump and combination of them. As in NGDC the need of data back-up depends on its significance.
  3.2 Security of database maintenance
  As for popular large-scale database systems such as Microsoft SQL Server, Sybase, Oracle, Informix, security maintenance is implemented by four levels of ?New works ?DB Sever-DB-DB Object? security model. Every user has his network login ID and his password, with which the user ID and the password, users can login into network. Take Windows NT Server for example, Windows NT Server provides some security maintaining methods such as encoded password, minimum password length and so on.
  In general, network cannot automatically permit its network users to access databases in it. The fact that a user can access databases does not mean that he can automatically access databases in it. Only those users who have their database user IDs stored in system tables in database can access database.
  3.3 Security with ASP
  In the environment of Windows NT Server, Internet Information Server (IIS) is in charge of distributing information and maintenance of Web sites. ASP is also based on IIS. When users access some ASP files in their browsers, the relevant ASP scripts will run in server and the results will be sent users in Web pages.
  Virtual directories are different from physical directories in hosts or servers. Net work administrators may make good use of the mechanism of virtual directory in order to maintain the security. IIS supports virtual directory which plays a great role in the security maintenance of Web sites. Firstly, virtual directory conceals the information about actual directory structure. In normal browsers, users can get the path information of a certain Web site; the directory information of Web sites will be exposed to users linked with Internet. As a result, it is easy for the Web sites to be attacked by hikers. Secondly, it is convenient to transfer the WWW service from one server to another without updating the code in Web pages if there is the same virtual directory structure in two servers. Finally, when putting Web pages into virtual directories, administrators can assign different attributes to the directories. For example, in the construction of NGDC Web site, it is important to put normal html files and ASP files into different virtual directories. The attribute of directories in which normal html files are stored may be ?Read? while the attribute of directories in which ASP files are stored may be ?Execute?. On one hand, it simplifies the maintenance and management of NGDC Web sites. On the other hand, ASP source files will never be sent to user browsers. In other words, hikers cannot get the ASP source codes through their browsers. Thus it improves the security of ASP files.
  4 An NGDC model Web site in WTUSM
  Some other security aspects in operational model, programming, management in the plan and construction of NGDC should be concerned. As an example the construction of an NGDC model Web site is presented below in order to explain the security maintenance of NGDC in detail. On the basis of authors? research on relevant problems, this NGDC model Web site was planned and deployed in early 1999. As a model project, the purpose of construction of this Web site is to provide some useful experiences for other projects on NGDC. Therefore the process of geospatial metadata plays a great role in this Web site. In fact, there are not actual geospatial data products stored in this NGDC model Web site. The main task of this Web site is to provide relevant geospatial metadata services, so the functions of data product maintenance cannot be found. Geospatial metadata is stored into meta-database in Microsoft SQL Server. With ?New works -DB Sever-DB-DB Object? security model in Microsoft SQL Server, the relations between user and access rights are set up. In order to simplify the problem, those two tasks are assigned to two DB users. One is a user who is the owner of DB objects. (Of course, he has all rights to access, update and delete DB objects); the other is a normal user who can only access DB objects such as tables. While developing ASP programs in the integrate developing environment of Microsoft Interdev, the functions may be fulfilled by script programs running either in clients or in servers. As a result, it improves the confidentiality of ASP programs and the efficiency of NGDC service system.
  In the NGDC Web site, something has been done in order to improve the security of operation: a table named providers? information table is stored in NGDC to keep some useful information about relevant geospatial data providers, such as name, ID, passwords, contact methods and son on. The information may be a long, irregular string whose length is less than 1024. It is produced and maintained by NGDC. The providers? information table is stored in the server in NGDC. In this way, data producers provide geospatial products together with their identifying information through Internet.
  5 Conclusions
  In short, it is very convenient and efficient to distribute geospatial data in the NGDC nodes through internet. On the other hand, with the development and construction of NGDC, there will come more and more challenges and problems about the security of NGDC. Obviously some researches and discussions in this field need to be further carried on.

  Jaya
  We have two ways to achieve this scenario
  1.Going with PCR where we Query No of Years Completed
  2. Going for Custom Function
  In the above two ways  we have to maintain the year of completion in Date Specification Either Manually or Thorugh Dynamic Action which shd automaticallly update....IT00041
  I prefer the second one since PCR is some wht complicated