How to design applications with security in mind?

Hi there,
I�m looking for a book/website anything that can enhance my ability to design security applications in terms of authentication and authorization. I mean, how to set �Groups� of users and to allow/disallow them to use certain functionalities, how to set LEVEL of users, how to log all events, etc�
Thanks

I think you need more than an article you need a book. There is alot that makes a secure system secure.
As just an example a system I am battling with currently has well defined sets of permissions and resources. Resources are accessed through the permissions set to users and/or groups. The owner of the resource is who sets these permissions. This is all good except that the ownership of resources can be pushed and not just pulled.
This means the rest of the security is rather a waste of time because that's a rather large flaw.
At any rate. There is a lot to consider and just one article won't cover it. You should be looking for a book and/or resources that deal with this topic ad nauseum.

Similar Messages

  • How to run applications with options in IDEs like Netbeans

    Hi, I'm new to the Netbeans IDE and I'm wondering how to run applications with options.
    Normally I'd enter the following in the command line:
    java -Djavax.net.ssl.keyStore=mykeystore -Djavax.net.ssl.keyStorePassword="..." TLSServer
    java  -Djavax.net.ssl.trustStore=mytruststore -Djavax.net.ssl.trustStorePassword="..." TLSClient localhostProblem is, I've no idea how to do the same thing in IDE's like Netbeans and I can't any settings to add options like "-Djavax.net.ssl.keyStore=mykeystore" before running the application. Any help will be appreciated.
    Message was edited by:
    Wolfgard

    Right-click the project, click properties, clicl run, and add parameters to VM Options.

  • Error deploying application with security polices: ORA-00904

    Hi all,
    I am using Jdeveloper 11.1.1.0 and I am trying to deploy an ADF application with secure polices on WebLogic Server 10.3.1
    I have deployed the application to an EAR file and I have installed it using the weblogic console, after having defined the JDBC connection.
    Have I anything to do for implementing the security polices? Miss anything?
    Because when I launch the application from Jdeveloper I have no errors, while when I try to go to the URL where I have deployed the application, after loggin in, I have this error:
    Caused by: java.sql.SQLSyntaxErrorException: ORA-00904: "myEntityObject"."myField": invalid identifier
    at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:91)
    at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133)
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
    at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1034)
    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:194)
    at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:791)
    at oracle.jdbc.driver.T4CPreparedStatement.executeMaybeDescribe(T4CPreparedStatement.java:866)
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1187)
    at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3386)
    at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3430)
    at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1491)
    at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:128)
    at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:3915)
    ... 91 more
    ## Detail 0 ##
    java.sql.SQLSyntaxErrorException: ORA-00904: "TICKETEO"."ID_CATEGORIA_APERTURA": identificativo non valido
    at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:91)
    at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133)
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
    at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1034)
    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:194)
    at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:791)
    at oracle.jdbc.driver.T4CPreparedStatement.executeMaybeDescribe(T4CPreparedStatement.java:866)
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1187)
    at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3386)
    at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3430)
    at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1491)
    at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:128)
    at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:3915)
    at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:3867)
    at oracle.jbo.server.QueryCollection.getEstimatedRowCount(QueryCollection.java:3517)
    at oracle.jbo.server.ViewRowSetImpl.getEstimatedRowCount(ViewRowSetImpl.java:2318)
    at oracle.jbo.server.ViewObjectImpl.getEstimatedRowCount(ViewObjectImpl.java:8782)
    at oracle.adf.model.bc4j.DCJboDataControl.estimateRowCount(DCJboDataControl.java:1551)
    thanks
    Andry
    Edited by: user10799119 on 4-set-2009 3.50

    Hi,
    sincerly now I don't remember what was the problem, but it seems to me the solution was in one of these four settings:
    1) check Admin Server when I create the JDBC connection.
    2) before deploying the application to an EAR file, you don't forget to uncheck Auto-generate and synchronize weblogic-jdbc.xml Descriptors during deployment in Application properties --> deployment
    3) in your application module --> configuration change the connection type from jdbc URL to JDBC DataSource
    4) at the end of your URL of the deployed application don't insert the ".jspx" after your page name
    Hope this helps
    Regards

  • How to design templates with Microsoft Excel

    Hi
    When creating a new template in EBS, we have "Microsoft Excel" as one of the the template types (just like RTF). How to design the template if Excel is selected as the template type. I uploaded a blank EXCEL file and the concurrent program errors out with "Excel Processing" exception.

    hi,
    r u uploading the blank excel..r the excel u got from the Analyzer for Excel from the BIpublisher.
    One small clarification on my previous post..like the .xdo not the excel name.Inside the excel it is the sheet name.
    If u uploading the excel that u got from the Analyzer for excel means it should work.
    Plz select the template type as Excel after uploading the template.
    Its working for me.
    This link will be helpful for u
    http://blogs.oracle.com/xmlpublisher/2007/05/16/
    Edited by: Ananth.v on Mar 4, 2010 3:07 PM

  • How to create applications with forms61?

    I am using forms6i. i want to know how to create a standalone
    application with this. please give me what are the components
    required to create an application with forms6i. can i use
    crystal reports to generate reports instead of oracle reports
    with the combination of forms?

    Well to create a stand alone application all you need is the
    executable (FMX) and the runtime - thats it!
    As for using Crystal Reports - yes you could use ORA_FFI to
    integrate.
    Regards
    Grant Ronald
    Forms Product Management

  • How to hide applications with out having to type command+option+H?

    How can you hide applications with out having to type command+option+H?

    Click the middle bubble/button.  The app will "move" in the dock to the far right next to the trashcan.

  • I have been asked by my IT department how a LabVIEW application is secure

    In general how does a standard LabVIEW application respond to these requirements:
    The runtime environment shall not be susceptible to buffer overflows, SQL injection, LDAP and XPath injection, code injection or any other injection flaws. Malicious file execution and insecure direct object references shall be prevented at all times. 

    I know certain ActiveX actions that are deemed "security risks" will now generate errors in the LabVIEW Run Time Engine unless the registry of the host computer has been specifically modified to allow such ActiveX calls.
    I guess my point is, NI does take some steps to prevent some issues at the run-time level regardless of how your code is written, so if that is the level <they> are concerned about, I would reach out to my local NI Field engineer and/or NI Customer Support and ask for help in how to answer <them>.
    As Sam_Sharp pointed out, there are several things that are difficult/impossible for the RunTimeEngine to protect against, in any language.  If the author of the code does stupid things or deliberately has maliscious intent, there are many things they can do that is outside the bounds of an RTE.   In LabVIEW, some of the 'holes' in other languages are hard (impossible??) to do.  For example, you as a coder, do not have access to creating and manipulating pointers, so you can't create code that intentionally overwrites other [edit: memory-]sectors in the host machine memory.  So that would also be a case of where the run-time-engine (and its memory manager) plugs (or significantly shores up) things and makes it "safer".
    The main security threats I see coming from the LV RTE engine is that there is no way the RTE can protect against malicious file removals, file hashing, injecting bad commands and/or data into network(s) and databases etc., beyond the protection offered by the OS (file/folder permissions) and IT infrastructure (firewalls, database query protections etc.).
    Not sure any of that helps you out or not.. A dialoge with NI seems required for you, perhaps bring together reps' from both parties (NI field engineer and your IT people) so that they can get a line of communication going.
    QFang
    CLD LabVIEW 7.1 to 2013

  • How do i deal with 'security certificate' issues on my iPad2? I'm unable to answer the security questions that pop up when Im trying to download an app because the pop up does not load properly...

    Basically my Ipad2 stopped allowing me to go to sites such as Tumblr a little while ago. It wouldn't display the page properly because of 'security certificate' issues. This in itself would not have been such a problem, but when I went to the App store to try and download the Tumblr App, a pop up appeared asking me to answer some security questions before I could successfully install the App. However, the pop up would not display correctly because of 'security certificate' issues and as a result I can't download any apps from the App Store. Can anyone help with this??

    Well, I maged to delete some stuff, download the update...
    My Mac mail is still not ok. Still only displays today, yesterday and everything is the 16th of the month previous to this?
    All a bit strange to say the least any suggestons on how to resolve this.
    I now have a second issue in all my emails at the very top of each it describes in detail the full information of
              Delivered-To:  
              Received:  
              Received:  
              Received:  
              Received:  
              X-Received:  
              Return-Path:  
              Received-Spf:
              Authentication-Results:
              Content-Type:  
              Mime-Version:  
              X-Mailer:  
              X-Cloudmark-Analysis:  
    Surely this should not be displayed rather insecure I would think. Any suggestions on how to amend

  • How to develope application with multiple schema

    Hi,
    In my application, there is 3 schema, forms are from different schema, but the database is one. How should I manage it, When i open the form with different schema I am not getting the expected result,
    I am using Oracle 10g Forms & Database
    Thanks in advance
    Rizly

    hi,
    what database-user is the user connected with, when executing the forms ? Is it one of the three schemaowners or has each logical user his own database-user?
    About your db-objects:
    I would create 3 roles, one for each schema, and grant the needed privileges for one schema to the according role
    Example:
    CREATE ROLE RL_SCHEMA1;
    GRANT SELECT, INSERT, UPDATE, DELETE ON SCHEMA1.TABLE RO RL_SCHEMA1;
    ...Then you can grant the roles to the databaseuser you are connected with at runtime.
    If you use named users (each logical user has it's own database-user) then you assign each user only those roles he needs.

  • NAM 5.1 How to create Application with port range from cli?

    Hello,
    I can create new Applicaion with port range from GUI, but I can not do it from CLI
    If I do it by CLI as a:
    nam# application
    nam# name mkst-cur-A
    nam# match udp 16001-16009
    nam# exit
    then
    nam# show application app-tag 268435576
    custom:120 (268435576) mkst-cur-A
      udp 16001
    nam#
    But if I do it by GUI and than
    nam# show application app-tag 268435576
    custom:120 (268435576) mkst-cur-A
      udp 16001 - 16009
    nam#
    How to do it by CLI?

    Hi Alexey,
    Sure, the function you're looking for is in the ANALYSIS panel under the "CUrve Fitting" palette-- it's called "Linear Mapping".  You will need to create the desired X channel prior to calling this function, though, so you will probably need to use the ANALYIS function "Generate Numeric Channel" in the "Channel Functions" palette.
    Brad Turpin
    DIAdem Product Support Engineer
    National Instruments

  • How to design universe with tables from two databases using a db link?

    I am building a universe (v3.1) that has tables from two different oracle db instances.  My dba created synonyms for me and there is a database link in place.  I don't know how to get this working in Designer.  I can see the views under my ID when I browse to insert a table, but there is no structure.  I think I have to create a new strategy.  I attempted to do that, but the directions aren't very clear to me, and it isn't working.  Any help or advice would be greatly appreciated.  Thanks!!

    i've been working with DB links much before, but this was since long time ago before i join the Business Intelligence field
    from my understanding that you Have link from DB1 to DB2
    and from your user in DB1 you can access tables and view from DB2
    if you are using your user to create a universe im not sure if you can use tables from DB2 or not
    and you dont see the tables of the link in the Universe
    but you can try to create a drived table selecting from any tables from DB2
    for example
    select id,name from user.table2@mylink
    check this way and give me your feedback
    good luck

  • How to  Integrating applications with full message control

    Hi All,
    I have a scenario where in I have to access three different Application databases and integrate them.
    I have some Business validations to be performed on the Application Tables of the three.
    I need some control of the message. This is Integration should choose a sender based on the data in a Tag
    Questions:
    1) Should I have to go for an integration process?
    2) Can I retrieve data from a tag from the outbound interface? How to do that?
    3) Can I call a synchronous Jdbc adapter from the process, get the response and based on that take a decision? Which step will help me to call an adapter?
    Please help me with some of your suggestions and ways to proceed.
    Regards,
    Meher

    Hi Meher,
    >>>>Should I have to go for an integration process?
    Yes
    >>>>Can I retrieve data from a tag from the outbound interface?
    Yes, of course
    >>>>How to do that?
    With a mapping
    >>>>Can I call a synchronous Jdbc adapter from the process, get the response and based on that take a decision?
    Yes
    >>>>Which step will help me to call an adapter?
    A send step
    Regards,
    Udo

  • How to open applications with Automator?

    How would I got about opening, say, Contacts, Mail, etc using Automator? I then will want to map it onto F13-F19.
    I'll also want to open specific Web pages by pressing a Fn key.
    FWIW, with the method described in this article I can open Contacts but then it tries to open specific contacts (I think) and results in a dialog I have to dismiss. I just want to open the app.
    TIA,
    David

    Sorry, I meant to provide the article's URL: http://www.makeuseof.com/tag/fkeys-launching-applications-finder-items-mac/

  • How open an application with labview

    I need to open an application to use a camera and store data before using tis data in labview but i don't now how to call an app in a VI

    Look for "System Exec", it's in the Communications palette.
    LabVIEW Champion . Do more with less code and in less time .

  • Deploying application with security polices on Jdeveloper 11.1.1.0

    Hi all,
    I am using Jdeveloper 11.1.1.0 and WebLogic Server 10.3.1
    I have an application that uses security polices (file jazn-data.xml) and when I launch it from Jdeveloper it works. Now I am trying to deploy it, but I have some problems.
    I have try to follow this link:
    http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
    but is not update
    I have tried to follow this:
    http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/csfadmin.htm#CACDJHGE
    but when I launch this command:
    migrateSecurityStore.py -type credStore
    -configFile jpsConfigFileLocation
    -src srcJpsContext
    -dst dstJpsContext
    I can't understand where are the file: jpsConfigFileLocation, srcJpsContext, dstJpsContext. In what folder are there?
    Are there my links correct? Or are there links or manual simpler to add security to a deploy?
    Thanks
    Edited by: user10799119 on 4-set-2009 3.52

    Hi,
    migrateSecurityStore.py -type credStore
    -configFile jpsConfigFileLocation
    -src srcJpsContext
    -dst dstJpsContext
    +[-overWrite trueOrFalse]+
    +migrateSecurityStore(type="credStore", configFile="jpsConfigFileLocation", src="srcJpsContext", dst="dstJpsContext", [overWrite="trueOrFalse"])+
    The meaning of the arguments (all required except overWrite) is as follows:
    *+
    configFile specifies the location of a configuration file jps-config.xml relative to the directory where the command is run. Typically, this configuration file is created just to be used with the command and serves no other purpose. This files contains two jps-contexts that specify the source and destination stores.
    In addition, if the migration involves one or two LDAP-based stores, then this file must contain a bootstrap jps-context that refers to the location of a cwallet.sso file where the credentials to access the LDAP based involved in the migration are kept. See second example below. For complete details, see Section 15.4.7, "Specifying Bootstrap Credentials Manually."
    *+
    src specifies the name of a jps-context in the configuration file passed to the argument configFile. This context identifies the source credential repository.
    *+
    dst specifies the name of another jps-context in the configuration file passed to the argument configFile. This context identifies the target credential repository.
    *+
    overWrite specifies whether a target credential matching a source credential should be overwritten by or merged with the source credential. Set to true to overwrite the target credential; set to false to merge matching credentials. Optional. If not specified, defaults to false. When set to false, if a matching is detected, the source credential is disregarded and a warning is logged.
    JPS config is located in <wls install dir>\user_projects\domains\base_domain\config\fmwconfig . The two context references, like srcJpsContext, reference a named area in the jps config file. I agree that the text is a bit hard to parse. So they are no files to search but entries in the file you reference in the "config" parameter
    Frank

Maybe you are looking for

  • Help help help

    IM TRYING TO DOWNLOAD IOS7 AND MY PHONE SAYS : "Your iphone could not be activated because the activation server cannot be reached. try connecting your iphone to itunes to activate it, or try again in a couple minutes. if this problem persists, conta

  • Rp_provide_from_last

    hi friends, What is the proper use of RP_PROIVDE_FROM_LAST. thanks, SK

  • How to remove fonts from system: Adobe Devanagari, Adobe Gurmukhi, Adobe Fan Heiti Std, Myriad Arabic, Myriad Hebrew

    It seems that you (Adobe) have added fonts (Adobe Devanagari, Adobe Gurmukhi, Adobe Fan Heiti Std, Myriad Arabic, Myriad Hebrew) to my system, that I can't easily remove and it is quite frustrating as they appear every time I am looking for fonts and

  • 10.4.9 Killed al my apps

    Did the update in the "proper" way. Repaired prefs etc... Used the combo update - even though I didn't really need to. The only apps that now work are the Microsoft Office ones. Looks like I am gonna have to clean install. The machine that it is on i

  • InDesign CS3/Snow Leopard long print delay. Solved yet?

    I have Adobe CS3 Design Premium running on Snow Leopard 10.6.8 (on a Mac Mini dual core Intel w/ plenty of RAM) and while using In Design I am experiencing delays of 38-45 seconds when I use the print command (w/ spinning beach ball), even with simpl