High Security Apps

Similar Messages

• Workflow 2013 use app model for higher security levels

  In a workflow 2013, I am currently calling a workflow 2010 so that I can use the impersonate step to run steps at a higher security level than the user that submitted the workflow. In the impersonate step, everything that needs to be run at a higher security
  level are placed in the impersonate step.
   I have found that the app model in workflow 2013 looks like it replaces the impersonate step in workflow 2010, correct?
  Due to that fact if I want to use the app model in workflow 2013 instead of using the impersonate step in workflow 2010, will I need to place all actions and conditionals within in the app model step for everything that needs to be executed at a higher security
  level? If so, can you show me how to accomplish this goal?
  If this is not true, what actions and steps do I need to place within the app model so that those actions and conditionals occur at a higher security level?

  Hi wendy,
  What is app model in SharePoint 2013 workflow? Based on your description, it seems like “App Step”. Is it right?
  “App Step” provides all the workflow actions added to it, with Read from and Write to Permissions to all the Items in the Site.
  App Step is not available by default you need to activate Workflows can use app permissions feature in your Site to get this displayed for that site in SharePoint Designer.
  You need to place all actions and conditionals within the App Step for everything that needs to be executed at a higher security level.
  More information about App Step in SharePoint 2013 Designer, please refer to the links below:
  Create a workflow with elevated permissions by using the SharePoint 2013 Workflow platform
  A word about App Step in SharePoint 2013 Workflow Platform
  SharePoint Designer 2013 – The new “App Step”
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• PHP_MySQL version of a high security user authentication web app.

  Since you folks deal with PHP Application Development, I am posting this here.
  For a demo of the PHP_MySQL version of the UltraSuite High Security User Authentication Web Application, you can sign up at http://bit.ly/hgNjek.
  It  offers a multi-layered approach security approach towards protecting  important information like user authentication credentials.  Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more.
  I hope your feedback will help make the application even more useful and secure.
  Thank you!
  J.S.

  Hi,
  could you or someone tell me if ADDT supports protection against these methods you mention:
  Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more??
  And can this system work alongside ADDT?
  thanks again

• How can I Remove Firefox Hello in a high-security environment?

  Hi,
  After a recent Firefox update in a test environment for a high-security environment (I'm not at liberty to disclose the nature of this environment, sorry. Let's just say we have to disable Firefox from contacting Mozilla's servers and further disable Google's "Safe Browsing" due to possibility of inadvertent unauthorized disclosure) We have noticed a feature: "Firefox Hello", this feature causes Firefox to violate strict policy as it transforms it from being classified as strictly a "Web Browser" (which is permitted) to a "Chat Application", all of which are completely banned. Simply disabling Hello is not a sufficient option as Firefox still contains the code to run Hello, which still constitutes it a "Chat Application" as per policy. We have the capability to edit out unauthorized code from open source software internally, but we don't know where to start to remove this code from the Firefox codebase as Hello seems pretty well integrated.
  Currently I only have two options, both of which do not please me as for me personally, (I really like Firefox and have fought to include it in any environment I can):
  1. Discontinue permanent use of Firefox.
  2. Discontinue updating Firefox permanently or until Hello is removed as a non-modular element. This is unacceptable as it'd mean we can't keep it secure, which causes us to fall back to (1).
  I would graciously like any third option. Internet Explorer seems to be the only browser that provides sufficient enterprise-level control without extraneous features at the moment with the addition of Hello to Firefox. We have banned Chrome from our environment due to how tightly bound it is with Google's "Cloud" services and hope that Firefox isn't becoming a "Cloud" browser for Mozilla, Sync has already placed Firefox under the microscope as it is.
  Thank you.

  We have WebRTC traffic blocked (We have a setup that audits SSL traffic before it leaves or enters the network).
  Our primary issue with Hello is that policy classifies the actual code used to run it as being very much like an Easter Egg, code that was inserted that goes beyond the spec of being a web browser and thus difficult to audit. It's easy to block services in general, but when an a single unauthorized service becomes a core feature and has code strapped to the browser, that throws up red flags that Mozilla is moving Firefox away from being a organization-managable browser and more toward an exclusively mozilla-managed "Cloud" browser, where there is a possibility that Mozilla will seek more control over user experience that will increase attack surface.
  It's reasons like this we decline to install Chrome into our environment, because Google has several services built-in to the core of their browser and do not leverage their extensions capabilities, but rather mandates that these features "must be installed" and that users can only toggle them off.
  It's easy to uninstall an extension or to recompile with a flag, but it's hard when a vendor makes decisions for you and tells you "This is good for you, you must embrace it" irrespective of policy of organizations or even individual users wishes.
  Thank you all for this information, it will help our future audits and help determine if Firefox is right for our needs.
  Unfortunately I can't mark this thread as "Solved" since the root issue is still not solved (Mozilla's development practices making something that should be an extension, a core aspect of the browser), so marking it solved would be a lie. But thank you both nonetheless.

• Mixed bag  1.     I have a security app on my computer, Flashbrief.  I have it checked in the hide column but whenever I turn on the computer it appears in the top menu line.  2.     Whenever I turn on the computer, a new blank document window in MS Word

  mixed bag
  1.         I have a security app on my computer, Flashbrief. I have it checked in the hide column but whenever I turn on the computerit appears in the top menu line.
  2.         Whenever Iturn on the computer, a new blank document window in MS Word 2011 appears.  I do not have this listed in the login items.
  3.         I have a current model of Apple wireless mouse. It keeps getting stuck in text or e-mails and I have to somehowotherwise move the cursor to break it free.
  Help with any of these will be appreciated.
  BF

  1.         I have a security app on my computer, Flashbrief. I have it checked in the hide column but whenever I turn on the computerit appears in the top menu line.
  I've never heard of this software, and cannot find any reference to it online, which is a bit concerning.  What is it supposed to do?  There really isn't much need for security software on a Mac.
  2.         Whenever Iturn on the computer, a new blank document window in MS Word 2011 appears.  I do not have this listed in the login items.
  In Mac OS X 10.7, any applications left open when you shut down or restart are re-opened at startup, and any documents left open in an app when you quit are re-opened when you launch them again.  The former can be controlled by unchecking the box in the restart/shutdown alert:
  You will need to do this each time you shut down or restart, it won't remember that setting.
  The latter can be deactivated by unchecking the box in System Preferences -> General:
  3.         I have a current model of Apple wireless mouse. It keeps getting stuck in text or e-mails and I have to somehowotherwise move the cursor to break it free.
  That does not sound normal, but I don't use a mouse with my MBP, so I can't provide a solution, other than to try replacing the batteries in the mouse.

• Higher security if client is installed without SQL*PLUS?

  Hello,
  at work there are two installations for the Oracle client, one with and one without SQL*PLUS. Only DBAs and developers get the full installation. I can't see the additional security beside that a user cannot directly use SQL*PLUS to read data. Every user can run SQL Developer on his system so they can access the data anyway.
  Regards
  Marcus

  I can't see the additional security ..I agree. Too many people think blocking client tools means higher security. Security has to be done in the database server,not in the client tools.
  Werner

• Can I make an image display instead of flash slideshow on explorer with high security?

  I am a total flash beginner.  I created a simple flash slideshow that I want to appear on my website.  It works fine in firefox., but when viewed in explorer with high security, nothing displays unless the viewer specifically allows it. The slideshow is very prominent, and the site looks very bad when only an x shows up.   Is it possible to have a static image display in place of the slideshow, and then have the slideshow start if the viewer allows it? Is there any other way to get around this? 
  Thank you for any assistance.
  EJ

  Have you tested it with IE online or only locally?  Locally IE will usually prohibit displaying Flash content.

• On-premise High-trust App and 401 (appredirect.aspx) for anomyous user

  Hello,
  I've developed a provider hosted App. The App can be used by authenticated and anonymous users. On my development platform the App is working in both cases as expected. Then I configured a new test Server (I did all the steps for high trusted Apps) and installed
  the new App (Register app, created a new package in Visual Studio, did the changes for the TokenHelper class and so on). Now, the App ist working for authenticated users only. For anonymous users the appredirect page is asking for credentials. The SharePoint
  log contains only a few Information about the problem:
  client_id: i:0i.t|ms.sp.ext|..... and instance_id:
  https://xxx/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040
  from query string
  redirectLaunUrl after getting it from query string, web or app instance:
  https://remote-domain-app/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040
  redirectLaunUrl after getting token replacement:
  https://remote-domain-app/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040
  m_oauthAppId after NormalizeAppIdentifier() i:0i.t|ms.sp.ext|548......  Now getting app principal info.
  decided that we need to do a POST to the app.
  NOTHING MORE
  The remote IIS web allows anonymous access and I can open the remote web site as anonymous user. Tried to set the the App Principal permission again, but without luck.  When the remote web is stopped the 401 error still exist - no other error.
  I've no idea what I can check next.

  Hi,
  You can use PowerShell to get the AppPrincipal.
  $targetWeb = Get-SPSite "http://dev.my.com"
  $clientID = "82ea34fc-31ba-4e93-b89a-aa41b023fa7e"
  $authRealm = Get-SPAuthenticationRealm -ServiceContext $targetWeb
  $AppIdentifier = $clientID + "@" + $authRealm
  $appPrincipal = Get-SPAppPrincipal -Site $targetWeb.RootWeb -NameIdentifier $AppIdentifier
  I suggest you try to delete the app and use the following PowerShell script to install the APP.
  param
  [string]$Web = $(throw '- Need a SharePoint web site URL (e.g. "http://portal.contoso.com/")'),
  [string]$Source = "ObjectModel"
  Write-Host -ForegroundColor White "-------------------"
  Write-Host -ForegroundColor White "| App Installer |"
  Write-Host -ForegroundColor White "-------------------"
  Write-Host -ForegroundColor White "- "
  #Global vars
  $AppPackageName = "App.app";
  #Loads powershell settings
  Write-Host -ForegroundColor White "- Load Powershell context.."
  $0 = $myInvocation.MyCommand.Definition
  $dp0 = [System.IO.Path]::GetDirectoryName($0)
  #Loads the SharePoint snapin
  Write-Host -ForegroundColor White "- Load SharePoint context.."
  $ver = $host | select version
  if ($ver.Version.Major -gt 1) {$host.Runspace.ThreadOptions = "ReuseThread"}
  if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
  Add-PSSnapin "Microsoft.SharePoint.PowerShell";
  [void][System.Reflection.Assembly]::Load("Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c")
  #Imports the App package
  Write-Host -ForegroundColor White "- Import app package '$AppPackageName'..."
  $appPath = "C:\Projects\App\App\bin\Debug\app.publish\1.0.0.0" + "\" + $AppPackageName;
  if ($Source.Equals("ObjectModel", [System.StringComparison]::InvariantCultureIgnoreCase)) {
  $sourceApp = ([microsoft.sharepoint.administration.spappsource]::ObjectModel);
  elseif ($Source.Equals("Marketplace", [System.StringComparison]::InvariantCultureIgnoreCase)) {
  $sourceApp = ([microsoft.sharepoint.administration.spappsource]::Marketplace);
  elseif ($Source.Equals("CorporateCatalog", [System.StringComparison]::InvariantCultureIgnoreCase)) {
  $sourceApp = ([microsoft.sharepoint.administration.spappsource]::CorporateCatalog);
  elseif ($Source.Equals("DeveloperSite", [System.StringComparison]::InvariantCultureIgnoreCase)) {
  $sourceApp = ([microsoft.sharepoint.administration.spappsource]::DeveloperSite);
  elseif ($Source.Equals("RemoteObjectModel", [System.StringComparison]::InvariantCultureIgnoreCase)) {
  $sourceApp = ([microsoft.sharepoint.administration.spappsource]::RemoteObjectModel);
  $spapp = Import-SPAppPackage -Path "$appPath" -Site $Web -Source $sourceApp -Confirm:$false -ErrorAction SilentlyContinue -ErrorVariable err;
  if ($err -or ($spapp -eq $null))
  Write-Host -ForegroundColor Yellow "- An error occured during app import !"
  throw $err;
  Write-Host -ForegroundColor White "- Package imported with success."
  #Installs the App
  Write-Host -ForegroundColor White "- Install the APP in web site..."
  $app = Install-SPApp -Web $Web -Identity $spapp -Confirm:$false -ErrorAction SilentlyContinue -ErrorVariable err;
  if ($err -or ($app -eq $null)) {
  Write-Host -ForegroundColor Yellow "- An error occured during app installation !"
  throw $err;
  $AppName = $app.Title;
  Write-Host -ForegroundColor White "- App '$AppName' registered, please wait during installation..."
  $appInstance = Get-SPAppInstance -Web $Web | where-object {$_.Title -eq $AppName};
  $counter = 1;
  $maximum = 150;
  $sleeptime = 2;
  Write-Host -ForegroundColor White "- Please wait..." -NoNewline;
  $url = "$($Web)_layouts/15/appinv.aspx?AppInstanceId={$($appInstance.Id)}"
  $ie = New-Object -com internetexplorer.application
  try
  $ie.visible=$true
  $ie.navigate2($url)
  while ($ie.busy)
  sleep -milliseconds 60
  $trustButton = $ie.Document.getElementById("ctl00_PlaceHolderMain_BtnAllow")
  $trustButton.click()
  sleep -Seconds 1
  Write-Host "App was trusted successfully!"
  catch
  throw ("Error Trusting App");
  while (($appInstance.Status -eq ([Microsoft.SharePoint.Administration.SPAppInstanceStatus]::Installing)) -and ($counter -lt $maximum))
  Write-Host -ForegroundColor White "." -NoNewline;
  sleep $sleeptime;
  $counter++;
  $appInstance = Get-SPAppInstance -Web $Web | where-object {$_.Title -eq $AppName}
  Write-Host -ForegroundColor White ".";
  if ($appInstance.Status -eq [Microsoft.SharePoint.Administration.SPAppInstanceStatus]::Installed) {
  Write-Host -ForegroundColor White "- The App was successfully installed.";
  $appUrl = $appInstance.AppWebFullUrl;
  Write-Host -ForegroundColor White "- The App is now available at '$appUrl'.";
  Write-Host -ForegroundColor White "- (Don't forget to add app host name in your host file if necessary...).";
  Write-Host -ForegroundColor White "- "
  else {
  Write-Host -ForegroundColor Yellow "- An unknown error has occured during app installation. Read SharePoint log for more information.";
  More TroubleShooting Tips for High Trust Apps on SharePoint 2013
  http://blogs.technet.com/b/speschka/archive/2012/11/01/more-troubleshooting-tips-for-high-trust-apps-on-sharepoint-2013.aspx
  Thanks,
  Dennis Guo
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected].
  Dennis Guo
  TechNet Community Support

• Scale 802.1X ACS in High Security Mode any Idea's?

  Scenario
  Platform ACS V 5.1.0.44
  Switch 4510R with 8 48 port modules (384 ports)
  802.1x authentication of the ports in High Security Mode (VLAN assignments required)
  Authentication Method Cert based eap-tls to machine
  we currently have 4 Data Vlans that users and assets drop into on this switch
  How do I scale this as I cant differentiate the cert to distribute the users across the 4 vlans in ACS?
  I think I can use unique Identity groups for the MAB of assets but the users has me really scratching my head.

  Looks like a Switching group has been looking at this as a possible answer for the stack switches but I cant configure vlan groups on 4510's
  and would theres no config guide on how to apply it in ACS 5.1 (use attrib 81 like we do for vlan assignment?)
  12.2(52)SE
  IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to improve scalability of the network by load balancing users across different VLANs. Authorized users are assigned to the least populated VLAN in the group, assigned by RADIUS server.
  12.2(52)SE
  3750-E, 3560-E
  But then you get bit with even using VLAN assignments on large stacks
  •When IEEE 802.1x authentication with VLAN assignment is enabled, a CPUHOG message might appear if the switch is authenticating supplicants in a switch stack.
  The workaround is not use the VLAN assignment option. (CSCse22791)

• Moved to iAS SP3 and IIOP to secure app fails

  Hello,
  I have just moved to iAS SP3 from SP2 and our rich client nolonger asks
  me to log in?! In SP2 it did as required by the security roles in the
  deployment descriptors. In the CXS log I get the following:
  [21/Sep/2001 15:09:58:1] info: ENGINE-ready: ready: 10821
  eng =com.kivasoft.types.enumSubKeysIGDSKey@10cb03
  eng =com.kivasoft.types.enumSubKeysIGDSKey@6cb8
  eng =com.kivasoft.types.enumSubKeysIGDSKey@61a408
  eng =com.kivasoft.types.enumSubKeysIGDSKey@581784
  [21/Sep/2001 15:12:13:2] error: EB-001: Unable to locate interface
  IGXTxnAssocMgr
  [21/Sep/2001 15:12:13:4] info: PROT-006: new connection established
  I'm wondering about the second last line with the error. Anyone have any
  comments/thoughts?
  Anyone else using SP3 with an IIOP client to a secure app?
  Thanks, Jeff

  Hello,
  More info. I think it is my deployment descriptor that is the issue.
  Somehow SP2 determined what secure application an EJB belonged to and asked
  my IIOP client to ask for the user/password. Now I think I need to include
  the role information etc within the descriptors for the EJBs. I did this as
  described in the DTDs but still nothing. Does anyone have a working secure
  IIOP client running with SP3?
  Thanks , Jeff
  Jeff Williams <[email protected]> wrote in message
  news:9og3l8$[email protected]..
  Hello,
  I have just moved to iAS SP3 from SP2 and our rich client nolongerasks
  me to log in?! In SP2 it did as required by the security roles in the
  deployment descriptors. In the CXS log I get the following:
  [21/Sep/2001 15:09:58:1] info: ENGINE-ready: ready: 10821
  eng =com.kivasoft.types.enumSubKeysIGDSKey@10cb03
  eng =com.kivasoft.types.enumSubKeysIGDSKey@6cb8
  eng =com.kivasoft.types.enumSubKeysIGDSKey@61a408
  eng =com.kivasoft.types.enumSubKeysIGDSKey@581784
  [21/Sep/2001 15:12:13:2] error: EB-001: Unable to locate interface
  IGXTxnAssocMgr
  [21/Sep/2001 15:12:13:4] info: PROT-006: new connection established
  I'm wondering about the second last line with the error. Anyone have any
  comments/thoughts?
  Anyone else using SP3 with an IIOP client to a secure app?
  Thanks, Jeff

• I forgot my question security apps store help

  i forgot my question security apps store help
  <Edited By Host>

  If you only have one security question or if you have a rescue email address (which is not the same thing as an alternate email address) on your account then you should be able to reset it/them yourself : http://support.apple.com/en-us/HT6170
  If you have more than one question and don't have a rescue email address (you won't be able to add one until you can answer your questions) then you will have to contact Support in your country to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/en-us/HT5699
  If your country isn't on that page then try this form and explain and see what they reply with : https://ssl.apple.com/emea/support/itunes/contact.html
  When they've been reset, and if you don't already have a rescue email address, you can then add one for potential future use : http://support.apple.com/en-us/HT201356

• Installing Security Apps

  Does anyone have any advice/input on installing a security app on the HTC Droid incredible?  I was looking into "Lookout Mobile Security" but have been getting good and bad results.
  Any input would be appreciated.
  fm67

  This thread should help you with some insight.
  http://community.vzw.com/t5/DROID-Apps/Security-Apps-Lookout-MobileSecurity-Wave-Secure-Mobile-Security/td-p/349942

• Mobile Security Apps

  Has anyone used a mobility security program like bullguard successfully? What are are downsides?

  I have used Lookout and AVG anti-virus for almost two years without problems. I haven't looked at any other Security Apps since choosing those two.

• Security Apps Free or Pay  what's the Best out there..

  I recently got a security app from Avast it was the non cost one but with Premium it would cost $ 1.99/month or pay $14.99/year but my Question is Does paying really get ya any better protection and is there better security apps than that of Avast..
  I always thought it was a good at securing PC's but i wonder if the same holds true in the cellphones..

  You would have to be a bit more specific with what you are asking.
  What junk are you asking if it stops? Nothing ever pops up on my screen which I do not initiate. Is this what you mean? Are you asking if it stops me from accessing a website it has determined to be junk? I am not sure what you mean by stopping "junk".
  What ads do you mean, too? If an ad is a part of a website, it does not block those. I do not have popups appearing when I go to websites, though. However I don't go to a lot of websites which I am not aware of ahead of time. Once again, what ads are you asking if it stops?
  While I do not subscribe to the premium version, it does have "safe browsing" included in it.

• Iframe auto height based on content in high trust apps on premise

  Hi, 
  how to adjust the app part height based on the content, in high trust apps. 
  Thanks
  Ram

  Hi Ram,
  We can use JavaScript to adjust the iframe height, the following code for your reference:
  <script type="text/javascript">
  function iframeLoaded() {
  var iFrameID = document.getElementById('idIframe');
  if(iFrameID) {
  // here you can make the height, I delete it first, then I make it again
  iFrameID.height = "";
  iFrameID.height = iFrameID.contentWindow.document.body.scrollHeight + "px";
  </script>
  More information:
  How To Adjust IFrame Height on Its Content
  http://www.codeproject.com/Articles/19499/How-To-Adjust-IFrame-Height-on-Its-Content
  Best Regards
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]