Does Thawte Java Developer Certificate Fix Empty Security Dialog Problem?

Similar Messages

• Does JDK (java development kit) already comes installed on the Macbook?

  Does JDK (java development kit) already comes installed on the Macbook?
  I was at the Oracle website and noticed they have a JDK version for Windows, Linux and Solaris, but I couldn't find one for Mac OS. How is possible to develop in Java if you are using a Mac? Does the JDK already comes with it?

  No.

• What does a java developer needs to know?

  I'm studying "thinking in java", and trying to learn how to make GUI's with swing.
  i feel i'm progressing, specially because this is the first programming language i'm studying seriously. i want to work as a java programmer. i want to learn it very well. I got a class about UML, and we are learning the basics using the book of booch, rumbaugh and jacobson. but only the basics(for now). my question is this:
  if i want to be a really good java programmer, what else do i have to study?do i have to know UML very well or not? i think it's not enough knowing the language to be able to work and understand it as a whole.i need your help because here in argentina i don't know many java programmers, and i know that there in the USA you got better(and moore) programmers than us(surely you are some of them).
  if you know good books, i hear you suggestions too.
  i apologize for my english.
  Thank you

  Just a couple of thoughts:
  Firstly, although huge, Thinking in Java (IMHO) is not a good place to start for Swing - it is very light-weight in this area.
  I recently started to teach myself Swing and I haven't yet seen a book that has tempted me to part with cash. I followed all the Swing related tutorials, dredged these forums every day, and did a couple of throwaway projects. I am no expert now, but this approach got me through. You can also search the forum for books that others may recommend.
  As for other things you need to know - I would say that kind of depends on what you want to do. Do you want to build web-based apps, desktop apps, apps that run on your TV top or in your hand? Give some thought to that and it will help you narrow down the list of complimentary skills you need.
  In ANY case, make sure you have a thorough understanding of OOP, go through the Sun tutorials, and get yourself as well-grounded in the basics as you possibly can. You can then move forward.
  Good Luck,
  Steve

• Add Files java applet does not trust our certificate

  We have installed Novell Filr and it is working great except for one issue. The java applet that runs when the Add Files button is clicked does not trust our certificate authority. We purchased and installed a SSL certificate, and both IE and Firefox accept it (before installing, we got a certificate warning every time we went to Filr).
  The certificate authority is Starfield Secure Certificate Authority, and we use certificates from them for our websites and mail servers, so I do not understand why this applet and/or Java do not.
  Is there any way to stop the scary warning message our users get. FYI - this happens the first time the Add Files button is clicked in each session.
  Paul Rebmann

  Originally Posted by jmarton
  na paul wrote:
  >
  > We have installed Novell Filr and it is working great except for one
  > issue. The java applet that runs when the Add Files button is clicked
  > does not trust our certificate authority. We purchased and installed
  > a SSL certificate, and both IE and Firefox accept it (before
  > installing, we got a certificate warning every time we went to Filr).
  >
  > The certificate authority is Starfield Secure Certificate Authority,
  > and we use certificates from them for our websites and mail servers,
  > so I do not understand why this applet and/or Java do not.
  >
  > Is there any way to stop the scary warning message our users get.
  > FYI - this happens the first time the Add Files button is clicked in
  > each session.
  That sounds a little different than what this was designed to fix, but
  by any chance have you installed the updated Java applets on the Filr
  appliance?
  http://download.novell.com/Download?...d=zRrgEN6Kvxo~
  Your world is on the move. http://www.novell.com/mobility/
  BrainShare 2014 is coming. http://www.novell.com/brainshare/
  Hi Paul
  Whatever you do it will not work properly especially when some of the users try to use "edit in place". Save yourself the headache and install trusted certificate (primary and intermediate) then even Java will work ok.

• Adobe Creative Suite 5.5 Design Standard for PC, Installed however does not lauch as folder is empty, why? How do I fix it?  Is there any customer service with Adobe or are we just Adobe orphans with an expensive product that we have to figure out on our

  Adobe Creative Suite 5.5 Design Standard for PC.  Installed but program does not launch as folder is empty.  An ideas?

  Alis63462271 did you receive any specific errors when you installed Creative Suite 5.5 Design Standard?  You can find details on how to locate and interpret the installation log files at Troubleshoot with install logs | CS5, CS5.5, CS6, CC.

• Does XAML pose any threat to Java development?

  Note: I may be ranting and some of you may think I'm stupid for raising such a topic but I have to get this off my back!! ;-)
  Okay this article (http://linuxtoday.com/news_story.php3?ltsn=2004-02-24-023-26-OP-CY-DV) kind of got me a bit ticked off, however there was a reference to some microsoft Technology called XAML, a kind of XML user interface language.
  I'm sure this is the same as the BeanBox designer whereby Java interfaces are actually constructed based on XML (or is it NetBeans?).
  If this so called technology from MS arises, surely there will be a way to parse the XML and run it in Java as well? Do we really need a technology like this in Java?
  Anyhow to also comment on the aforementioned article, it appears that the market isn't fully aware of tools and technologies available for deployment to reduce the so called cost of Java.
  For small enterprise solutions who the heck would spend $10k+ on web logic when there are other enterprise servers available at 1/10th the cost???
  I don't think it's a review on making Java open source but perhaps making people [namely the commercial market] more aware of what their options on Java development technologies are available.
  I'm not trying to start a MS vs Sun war here or .Net vs Java but how can such a narrow topic article be published?
  Anthony

  I'm sure this is the same as the BeanBox designer whereby Java interfaces are actually constructed based on XML (or is it NetBeans?).I can't say for BeanBox, but the NetBeans one doesn't use XML for logical statements, which XAML can.
  It's a lot closer in spirit to [url http://www.xmluk.org/members/standard/34n007.htm]ISMID though it seems to have gone through [url http://www.mozilla.org/xpfe/xptoolkit/xulintro.html]XUL to get to this millenium.
  If this so called technology from MS arises, surely
  there will be a way to parse the XML and run it in
  Java as well? Probably not without contravening either a patent or a copyright. one solution may be to [url http://aspn.activestate.com/ASPN/Mail/Message/xml-dev/1882979]reformulate ISMID at its next update
  Do we really need a technology like this in Java?Maybe. In many cases I'm using XML as a declarative syntax, both for GUI and for data, then XSLT to generate Java code. The same applies to anyone whose generated classes from XSD- a declarative syntax is mapped to classes which embody the declared static data, and simple processes to manipulate that data.
  Pete

• Applet does not get client certificate from browser (Firefox, IE7)

  I'm writing a web service which runs Tomcat through Apache. One critical requirement is that the service be able to invoke certain device drivers on the end user's machine. Fortunately, there is a Java API for this, so this requirement can be fulfilled using an applet.
  Here's the problem. This is a B2B application, so we're using SSL and requiring client authentication. I'm no web security guru, but I managed to get SSL set up through Apache (with a self-signed certificate for now; we'll get a real one from a real CA when we're ready to go to production). I also managed to set up client authentication by creating my own CA and generating a client certificate, which I then copied to my test client (Win XPSP2) and imported into both Firefox (2.0.0.15) and IE (6.0.2900). The applet is signed with a real certificate, and that causes no problems. And all of the pages for my web service work as expected.
  All except one. The page which is supposed to load the applet pops a dialog stating 'Identification required. Please select certificate to be used for authentication', and presents a list of zero certificates.
  Actually, I get this dialog in Firefox on my XPSP2 box, and also when I test on a Vista Home Premium box running IE 7.0.6000. Puzzlingly, this behavior does NOT occur on my XPSP2 box when running through IE 6.0. It seems that with XPSP2 and IE 6.0, the JVM can manage to obtain the required client certificate from the browser and pass it along to Apache, but the JVM can't do this when running in Firefox or in IE 7.0 on Vista.
  I have gone to the Java Control Panel and verified that the 'Use certificates and keys in browser keystore' option is selected on both boxes.
  I've done a fair amount of research for this (including in this forum) and see that this appears to be a chronic difficulty with applets. What makes it worse is that I don't think I can use the standard workaround, which is to download the applet from a different host/virtual host, because the applet needs to communicate with the web service. Since we have the additional layer of Tomcat container-managed user authentication, the applet needs to be communicating with the server using the same session token as everything else.
  So at this point, I'm stuck. Does anyone know a solution to this problem? Two thoughts (I'm reaching at straws here):
  1) I have the certificate imported in both Firefox and IE as a 'personal' certificate. Is there someplace else I can put it so the JVM will know how to find it? A rather old thread in this forum mentioned something about setting properties in the Java Control Panel, but I see no place in the JCP to specify such properties, so I'm guessing that solution is no longer operative.
  2) I'm using a trick I found on the internet to make the applet load cleanly with both Firefox and IE, namely, I'm using the <OBJECT> tag to specify the applet class and codebase for IE, and then using <COMMENT><EMBED ... /></COMMENT> within the <OBJECT> declaration to specify the information for Firefox. Is there some other way of doing the markup that will give the JVM a hint that it should get a certificate from the browser?
  BTW . . . I would hate to drop support for Firefox, but if someone has an IE-only solution, I'll take it. Unfortunately, I reckon a Firefox-only solution would not fly.
  Thanks all.

  My applet is also signed by a valid certificate. The question of whether the applet is signed/self-signed/unsigned >isn't an issue --- I just wanted you to make sure the Applet runs because it is a know valid Java2 Applet that is 100% signed properly and verified to run.
  This eliminates the possibility that it is a JVM issue. However after reading your message further I am afraid
  it is not relevant to your issue.
  due to the client authentication, my browser (Firefox, IE7) refuses to even download the applet.
  I went to your site, and I can see your applet in both Firefox and IE6. However, I don't believe your site is set up >quite like mine, because it appears I can run your applet whether I have imported your X509 certificate or not. What I >did was:If that is true we are all dead :) No I think you just missed the cert in the IE databse. It doesn't have to be in the
  Applet database to function. Surprise!
  Check your IE/tools/internet options/content tab/certificates/trusted root certification authorities.
  I then opened the Java control panel and verified that the certificate isn't listed there, either. So unless the certificate >is being cached/read from some other location (which could be, this certificate stuff is largely black magic to me), >then your server isn't requiring client authentication, either accidentally or by design.No HyperView is a valid java2 Applet and actually writes to a file "hyperview.dat" though it is probably empty.
  If you click on a component in the view and then on the view and type "dumpgobs" it shoud write out some data about the current graphics objects so you can see it has complete read/write access..
  Further it opens up a complete NIO server ands starts listening for connections on a random port
  (Echoed in your java console) You can connect to it with telnet and watch impressive ping messages all day :)
  This all goes back to a few years BTW back before there was a plugin and there was only Netscape & IE.
  There are actually 2 certificate databases and what loads where depends on which type of cert you are using. Now self signed or not doesn't matter but what does matter is the type of certificate. IE: is it RSA/DSA/Sha1
  etc. The Netscape DB was a Berkley DB and MS used whatever they use. The Cert is a DSA/Sha1 cert
  which I like the best ATM as it (X fingers it stays so) always has worked.
  Sadly that tidbit doesn't help you either I am afraid.
  What I'm trying to do is require client authentication through Apache by including the following markup in a virtual >host definition:
  SSLCACertificateFile D:/Certificates/ca.crt
  SSLVerifyClient require
  SSLVerifyDepth 1You got me there I avoid markup at all costs and only code in C java and assembler :)
  Now unless I am wrong I think you are saying that you want the Applet to push the certificate to the server
  automatically and I don't think this happens. Least I have never heard of this happening from an Applet automatically.
  On my client machine, I have a certificate which was generated using OpenSSL and the ca.crt file listed. Testing >shows that the server is requiring a certificate from the client, and the web browser is always providing it.
  The problem is that when the browser fires up the Java plugin to run an applet, there is not sufficient communication >between the browser and the plugin so that the plugin can obtain the certificate from the browser and provide it to >the server.
  So the server refuses to send the applet bytecode to the JVM, and we're stuck.In terms of implementation ease I think you may have the cart before the horse because I think it would be far easier to run an Applet in the first place to do the authentication, and then send, for example, a jar file to bootstrap and run
  (or some classes) in the event the connection is valid. Then again one never knows it all and there may be some classes which enables the plugin as you wish. I have never heard of this being done with the plugin the way you suggest.
  I am thinking maybe there is another method of doing this I do not know.
  Did you try pushing the cert via JavaScript/LIveConnect?? That way it could run before the Applet and do the authentication.
  Maybe someone else has other ideas; did you try the security forum??
  Sorry but I am afraid that is not much help.
  I did snarf this tidbit which may have some relevance
  The current fix for this bug in Mantis and 1.4.1_02 is using JSSE API, Here are the step:
  In Java control panel, Advanced tab -> Java Runtime Parameters, specify:
  -Djavax.net.ssl.keyStore=<name and path to client keystore file>
  -Djavax.net.ssl.keyStorePassword=<password to access this client keystore file>
  If it is a PKCS12 format keystore, specify:
  -Djavax.net.ssl.keyStoreType=PKCS12
  In our future JRE release 1.5, we will create our own client authentication keystore file for JPI and use that for client authentication, for detail info, please see RFE 4797512.
  Dennis
  Posted Date : 2005-07-28 19:55:50.0Good Luck!
  Sincerely:
  (T)
  Edited by: tswain on 23-Jul-2008 10:07 AM

• Untrusted server cert chain & does not recognize the certificate authority

  I have java code that makes an ssl connection to an HTTPS server.
  The code workes fine when I connect to a server that has a
  certificate that was issued by a recognizable authority.
  But when I try to connect to our test HTTPS server which has a
  certificate that was created by ourselves for debug, I get this
  java exception: "untrusted server cert chain".
  When I connect to our test HTTPS server with a browser, I get
  this message from the browser in a popup window:
  "www.xyz.com is a web site that uses a security certifcate to
  identify itself. However netscape 6 does not recognize the
  certificate authority that issued this certificate."
  At this point I am able to accept the certificate in the popup
  window and continue.
  Question: In my java code how can I accept a certificate
  that was signed by an unrecognizable authority just like the
  browser can. Or during debug, how can I set an override
  to accept ALL certs no matter what.
  Thanks.....Paul

  You will have to import your server test certificate into your client machine keystore. By default the keystore will be the 'cacerts' file in JAVA_HOME/jre/lib/security, get your server certificate in .pem format and use keytool to import it to the client.
  keytool -import -alias <anything> -file <full path of .pem file> -keystore <full path of cacerts file>
  The keystore password is 'changeit' by default, keytool comes with the JDK.
  The reasoning behind this is to prevent the misuse of test certificates, the client has to consciously import an untrusted certificate. When you install a real certificate on your server the client will be automatically validated if bought from a trusted CA (Thawte, Verisign).
  Take a look at the java.security.KeyStore class, you can use it to view your certificate chain.
  Ronny.

• Java security dialog freezes Java & browser when loading signed applet

  Hi,
  I have a slightly unusual scenario: I have two signed applets. One is developed by me and another one by somebody else. Let's call them Applet A and Applet B.
  Here is what hapens:
  1)Applet A loads
  2)Security dialog for Applet A - "yes, trust this vendor"
  3)applet A loads applet B with the following code taken from this sample:
  http://www.java-tips.org/java-se-tips/java.applet/have-an-applet-launch-another-applet.html
  Class appletClass = Class.forName(appletToLoad);
  Applet realApplet = (Applet)appletClass.newInstance();
  realApplet.setStub(this);
  setLayout( new GridLayout(1,0));
  add(realApplet);
  realApplet.init();
  realApplet.start();
  4) Applet B loads
  5) Applet B security dialog shows up, but it is gray. From this point on, nothing resonds. The java console is gray, all browser windows are frozen, the dialog is gray and frozen. I can move it around, but it leaves trails.
  The only hint that I have is that the last security dialog is a modal dialog, but it seems like it's pushed twice, possibly causing a deadlock?
  This is what I see in the trace file:
  security: Certificate has been verified with Root CA certificates successfully
  security: No timestamping info available
  basic: Modality pushed
  basic: Modality pushed
  Usually a "Modality pushed" is followed by a "Modality Popped".
  Does anyone have any idea how I can go about resolving this problem? This is not an issue if I manually import the certificate for Applet B into the java cert. store.
  Thanks.

  Were you able to figure out the problem? I have the same issue and it is killing me. Please share with me anything you found.

• Java Applet Certificate Signing Window comes up BLANK!

  Hi Everyone I have a problem where
  Java Applet Certificate Signing Window comes up BLANK!
  It comes up as blank gray panel with the java logo on the upper left.
  the title bar says "Java Plugin Security Warning"
  And I can't figure out what to do to make it come up properly. I tried double clicking it dragging it around to make it repaint itself nothing happens.
  I have tried clearing temp files deleting files from IE, deleting cookies, clearing the history.
  Now i'm going to restart the computer and see if it works.
  It is supposed to give me buttons.
  1. Accept for this session
  2. Grant
  3. Deny
  4. View Certificate
  But does anyone have any idea how to address this issue ?
  Stephen

  You might try setting the trace level to 5 in the plugin's Java console and looking what it spits out while the applet is launching. I remember seeing loads of information in there including stuff relating to certificate validation. It might be helpful.
  The trick to getting this info during start up:
  1) get the plugin to load by directing your browser to page with a known applet. Write your own little stub applet and load it or go to http://java.sun.com/. There's an applet on that page.
  2) bring up the plugin's console if it's not already and then go to a blank page.
  3) set the trace level to 5 in the console. (just press the 5 key).
  4) go to the page that launches your applet. You'll have tons of information pour out in your console.
  Happy hunting.

• Entry for host name is missing or empty (Secure Store key: admin/host/).

  Hi All,
  I am in the process of installing EP7 on SLES9 and MaxDB 7.6 on a clustered HA environment where the SCS, DB and JC components are installed under and referenced by their virtual hostname (eg. sapinst SAPINST_USE_HOSTNAME <virt name>).
  The SCS instance is installed, the Database Instance is installed and I'm currently in the process of Installing the JC and Deploying the EP packages. 
  During the installation, SDM is put into standalone mode and sapinst tries to deploy the package EPBC06_0.SCA where it fails and the sdm_server.err shows :
  "com.sap.sdm.serverext.servertype.inqmy.TargetEngineConfigurationException: Cannot retrieve Engine logon data from Secure Store: Entry for host name is missing or empty (Secure Store key: admin/host/).        at com.sap.sdm.serverext.servertype.inqmy.InQMyTargetSystemConfigurator.getLoginDataFromSecStoreInQMyTargetSystemConfigurator.java:286)        at com.sap.sdm.serverext.servertype.inqmy.InQMyTargetSystemConfigurator.getEngineLoginDataInQMyTargetSystemConfigurator.java:197)        at com.sap.sdm.serverext.servertype.inqmy.EngineStateServiceImpl.determineCurrentEngineStateEngineStateServiceImpl.java:53)        at com.sap.sdm.app.proc.deployment.states.State.determineJ2EEEngineState(State.java:97)        at com.sap.sdm.app.proc.deployment.states.StateBeforeFirstDeployment.getJ2EEEngineStateChangeDescriptionStateBeforeFirstDeployment.java:75)        at com.sap.sdm.app.view.proc.deployment.mapper.StateMapper.map(StateMapper.java:56)        at com.sap.sdm.app.view.proc.deployment.mapper.FlowMapper.map(FlowMapper.java:28)        at com.sap.sdm.app.view.session.AppViewUpdater.updateAppView(AppViewUpdater.java:22)        at com.sap.sdm.app.view.session.AppViewUpdater.sessionStateChanged(AppViewUpdater.java:18)        at com.sap.sdm.app.proc.deployment.impl.SessionStateObserversImpl.notifySessionStateChangedSessionStateObserversImpl.java:46)        at com.sap.sdm.app.proc.deployment.states.InstContext.processEventServerSide(InstContext.java:85)        at com.sap.sdm.app.proc.deployment.states.InstContext.processEvent(InstContext.java:59)        at com.sap.sdm.app.view.controllers.DeployEventProcessor.processEvent(DeployEventProcessor.java:11)        at com.sap.sdm.client_server.deployserver.DeployCmdProcessor.processEvent(DeployCmdProcessor.java:264)        at com.sap.sdm.client_server.deployserver.DeployCmdProcessor.process(DeployCmdProcessor.java:108)        at com.sap.sdm.gui.server.GuiAdminRoleCmdProcessor.processGuiAdminRoleCmdProcessor.java:72)        at com.sap.sdm.is.cs.session.server.SessionCmdProcessor.process(SessionCmdProcessor.java:67)        at com.sap.sdm.is.cs.cmd.server.CmdServer.execCommandCmdServer.java:76)        at com.sap.sdm.client_server.launch.ServerLauncher$ConnectionHandlerImpl.handle(ServerLauncher.java:286)        at com.sap.sdm.is.cs.ncserver.NetCommServer.serveNetCommServer.java:43)        at com.sap.sdm.is.cs.ncwrapper.impl.ServiceWrapper.serveServiceWrapper.java:39)        at com.sap.bc.cts.tp.net.Worker.run(Worker.java:50)       at java.lang.Thread.run(Thread.java:816)"
  The same problem occurs if I try to deploy this package or any other package using SDM in standalone or integrated mode. 
  configtool -> Secure Store -> admin/host/<SID> is the virtual hostname of the JC instance.
  I've tried the following to no avail:
  - Changed configtool -> Secure Store -> admin/host/<SID> to be the physical hostname of the box.
  - Changed configtool -> Server -> Dispatcher -> Service -> P4 -> bindhost (from 0.0.0.0 to JC virt IP).
  - Changed the <Host> entry in sdmrepository.sdc from <phys hostname> to <jc virt hostname>.
  The SAPLOCALHOST, SAPGLOBALHOST all seem to be set correctly in the SAP profiles.
  Has anyone had this issue?  If so, what do I need to check/change?  Any ideas?
  Notice the message does not reference the <SID> in "admin/host", could this be related to the issue?  If so, what can cause this?
  TIA
  Anthony

  Hi All,
  Just an update, I was able to get around my problems by patching the 2004s media from sp6 to sp8, uninstalling my scs, and database and re-installing from the patched media.

• 7 Things every Adobe AIR Developer should know about Security

  7 Things every Adobe AIR Developer should know about Security
  1. Your AIR files are really just zip files.
  Don't believe me? Change the .air extension to zip and unzip
  it with your favorite compression program.
  What does this mean for you the developer? What this means is
  that if you thought AIR was a compiled protected format, alas it is
  not.
  2. All your content is easily accessible in the AIR file.
  Since we now that the AIR file is really just a zip file,
  unzip it and see what's inside. If you have added any content
  references when you published the AIR file, voila, there it all is.
  What does this mean for you the developer? Well, you content
  is sitting there ripe for the picking, and so is everything else
  including you Application descriptor file, images etc.
  3. Code signing your Air app does nothing as far as security
  for you.
  All code signing your app does is verify to the end user that
  someone published the app. I does nothing as far as encryption and
  does nothing to project your content.
  What does this mean for you the developer? We'll you should
  still do it, because getting publisher "unknown" is worse. It also
  means that joe hacker would not be able decompile your entire app
  and republish it with the same certificate, unless they
  somehow got a hold of that too.
  4. All your AIR SWF content is easily decompilable.
  Nothing new here, it's always been this way. Type flash
  decompiler into google and you'll find a variety of decompilers for
  under $100 that will take your AIR content swf and expose all your
  source code and content in no time.
  What does this mean for you the developer? All you content,
  code, urls and intellectual property is publicly available to
  anyone with a decompiler, unless you do some extra work and encrypt
  your swf content files, which is not currently a feature of AIR,
  but can be done if you do your homework.
  5. Your SQLite databases are easy to get at.
  SQLite datatbases can be accessed from AIR or any other
  program on you computer that knows how to work with it. Unless you
  put your database in the local encrypted datastore, or encrypt your
  entire database it's pretty easy to get at, especially if you
  create it with a .db extension.
  What does this mean for you the developer? We'll SQLite is
  very useful, but just keep in mind that your data can be viewed and
  altered if you're not careful.
  6. The local encrypted datastore is useful, but....
  The local encrypted datastore is useful, but developers need
  a secure way of getting information into it. Storing usernames,
  passwords and urls in clear text is a bad idea, since as we
  discussed, you code is easy to decompile an read. By putting info
  into the local encrypted datastore, the data is encrypted and very
  difficult to get at. The problem is, how do you get it into there,
  without have to store any info that can be read in the air file and
  without the necessity of communicating with a web server? Even if
  you called a web service and pushed the returned values into the
  datastore, this is not ideal, since you may have encoded the urls
  to you web service into your code, or they intercept the results
  from the web service call.
  What does this mean for you the developer? Use the local
  datastore, and hope that we get some new ways of protecting content
  and data form Adobe in the next release of AIR.
  7. There are some things missing form the current version of
  AIR (1.1) that could really help ease the concerns of people trying
  to develop serious applications with AIR.
  Developers want more alternatives for the protection of local
  content and data. Some of us might want to protect our content and
  intellectual property, remember not all of us are building toys
  with AIR. Other than the local encrypted datastore there are not
  currently any built in options I'm aware of for encrypting other
  content in the AIR file, unless you roll your own.
  What does this mean for you the developer? We'll I've been
  told that Adobe takes security very seriously, so I'm optimistic
  that we'll see some improvements in this area soon. If security is
  a concern for you as much as it is for me, let them know.

  Putting "secret data" as a clear text directly in your code
  is a broken concept in every environment, programing language.
  Every compiled code is reversible, especially strings are really
  easy to extract.
  There is no simple, straightforward way to include secret
  data directly with your app. This is a complicated subject, and if
  you really need to do this, you'll need to read up on it a bit.
  But in most cases this can be avoided or worked around
  without compromising security. One of the best ways is to provide
  the user with a simple "secret key" alongside the app (best way is
  the good old login/password). The user installs the app, and
  provides his "secret key", that goes directly into
  EncryptedLocalStore, and then you use this "secret key" to access
  the "secret data" that's stored on your server. Then you can
  transfer the "secret data" directly into EncryptedLocalStore.
  As for the whole thread:
  Points 1-5 -> Those points do not concern AIR apps only.
  If you are developing an application in any language, you should
  follow those rules, meaning:
  - Code installed on users computer is easy accessible
  - Data stored locally is easy accessible, even if it
  encrypted using any symmetric-key encryption, because the
  encrypting algorithm and encryption key is in your source code (you
  could probably write a book on using public-key encryption so let's
  just leave it for now ;)
  Point 6 -> Is a valid one. All your app security should
  relay on the EncryptedLocalStore. But it is your job to get the
  data securely into the ELS, because there is no point to encrypt
  data that can be intercepted.

• Removing Java Development toolkit 6.0.160.1

  How do I go about Removing Java Development toolkit 6.0.160.1?

  In Windows Explorer, locate C:\Program Files\Java\jre6\bin\new_plugin\ - in there should be file named npdeploytk.dll
  Exit Firefox, rename the file for now, (i.e., DISABLED-npdeploytk.dll then restart Firefox and see if the Java Deployment Toolkit is gone. Then you can delete it.
  You should update Java to version 1.6.0.20. Start>Control Panel>Java, Update tab, click Update.
  NOTE: Each update will reinstall the Java Deployment Toolkit. The security issue causing older versions to be disabled has been fixed, so it won't prompt you to disable the latest version.
  If you are on Windows 64-bit, go to C:\Program Files (x86)\Java\jre6\bin\new_plugin\ instead.

• Urgent Requirement : Sr.Java Developer

  Hi ,
  We have an urgent requirement for the position of Sr.Java Developer
  Location: Chicago, IL
  Duration : Straight Hire-Full Time
  Availability : Immediate
  Description:
  The primary role of the position is to design, develop and support application software for one or more business functions of the client.
  The role will be related to the processing of new business/clients and setting up relevant workflow and processes.
  This position is also related to ensuring integrity and quality in the technical development, security, and systems support practices.
  Technical skills:
  &#61656; Proficient in J2EE design and development
  &#61656; Experience with Spring, Struts, and Hibernate frameworks
  &#61656; database Strong development and design. Preferably SQL Server
  &#61656; Understanding of Service-Oriented Architecture using web services
  &#61656; Solid experience in XML using XSD and XSLT
  &#61656; Good understanding of data distribution protocols using FTP or E-Mail
  &#61656; have Must also strong web programming skills (HTML, JavaScript, AJAX)
  for developing and maintaining web-based applications.
  &#61656; Able to configure and install development tools and implement development environments
  &#61656; Desired experience with Spring MVC
  &#61656; Configuration management using Subversion
  &#61656; Working knowledge of Linux and Windows
  Other skills, and abilities:
  &#61656; sphere IBM Web Portal experience
  &#61656; Self-managing, in a fast paced development environment.
  &#61656; knowledge Extensive of software development life cycle and accepted practices.
  &#61656; and Strategic analytical thinking skills with an ability to solve problems and make decisions.
  &#61656; of Knowledge .Net (C#)
  &#61656; in Effective communicating with, and interacting with fellow team members on a technical and non-technical level
  &#61656; Understanding of financial products. (Futures, fixed income, equities, etc).
  Essential Functions:
  &#61656; expertise Uses in appropriate techniques and tools to design, develop and maintain effective application software, reporting to technical lead.
  &#61656; Participates to the development and implementation of standards related to the application development, security and system support activities.
  &#61656; formal Performs and informal reviews of software development processes and products to ascertain quality and adherence to standards.
  &#61656; Establishes and maintains control procedures for version control.
  Monitors and tracks quality related issues and problems through to resolution.
  Reports To: Technical team leader
  Works With: Customers, Business Managers, Functional Project Managers, Technical Project Managers, Developers
  Please send your updated resume ASAP.
  Thanks and Regards,
  AVVAL
  Mohammed Wajid
  Making IT Better
  Regency Towers Center
  Tower Floor
  1415 West 22nd Street
  Oak Brook IL 60523
  [email protected]
  http://www.AVVAL.com
  Dir:
  630.929.3096

  ¿do you need Functional Consultants? I mean people knowing at a great extent the main functionalities of Oracle Applications?
  If so, can you inform the modules?

• WebLogic Administrator / Java Developer position in Miami

  We are currently looking for a WebLogic Admin for a client in the Miami, FL area (Permanent position)
  This right candidate must have experience with the following technical skill sets:_
  &middot; Extensive experience with WebLogic and SQL Server
  &middot; Solid expertise as WebLogic Administrator | Web Administrator | Java Developer
  &middot; Strong experience in Web hosting infrastructure
  &middot; Experience in WebLogic installation, configuration, and tuning;
  &middot; Performed application deployments and diagnosing performance related issues with WebLogic;
  &middot; Worked with BEA/Oracle WebLogic Technical Support in resolving the critical issues by analyzing the logs and config files and follow up on the open incidents;
  &middot; Extensive experience in WebLogic Administration, monitoring and troubleshooting;
  &middot; Ability to analyze the results of monitoring systems to identify problem areas;
  &middot; Experience in writing WLST scripts for deployment, start and stop servers;
  &middot; Solid experience using Java, doing systems maintenance or new functionality development
  &middot; Worked closely with development and testing teams to implement fixes in Production under strict time constraints;
  &middot; Involved in troubleshooting for production issues and escalating as per the requirement;
  &middot; Experience in writing scripts to handle complex automation / administration;
  Some Preferred Experience:_
  &middot; Past experience in the financial sector would be preferred
  If you are interested, know anyone or have any questions please feel free to call or email me at (561) 745-6945 or [email protected]
  Thanks in advance,
  Bob Kelly
  Edited by: user10768768 on Jan 7, 2009 6:41 AM
  Edited by: user10768768 on Jan 7, 2009 6:41 AM

  Well Doug, kudos for (at least for now) not cross posting this advert to every forum here. And though your post (loosly speaking) does fall under the forum topic of "...general topics related to the Java programming language." most folk here take that to mean programming and development topics, not job postings.
  On another note - I see you worked at Everest, I worked at Aquila, weren't they related (dim memory)
  Take care
  Lee