HTTP Strict Transport Security (HSTS) support in Weblogic?

Similar Messages

• HTTP Strict Transport Security support in Weblogic 10.3.3+

  Hi Gurus,
  1) Does Weblogic 10.3.3+ support HTTP Strict Transport Security (HSTS)?
  2) Has anyone experienced with implementation of the HTTP Strict Transport Security (HSTS) header in Weblogic 10.3.3?
  Thanks in advance.
  James

  Hi John,
  Here are your answers :)
  1) WebLogic 10.3 supports SCA. The Tech Preview, as its name tells, was a preview of the final release which is now out. The full package installer will provide the latest version of WebLogic 10.3.
  2) Since the Tech Preview is incomplete compared to the version you can find on OTN, no need to download it.
  However, I experienced some problems using SCA on a sample domain.
  I had to unzip another complementary JAR to make it work. This JAR was supplied with the TP. I may send you a copy through email if you wish since the JAR is nowhere to be found.
  But please note that BEA has chosen to use a Fabric3 implementation. Oracle has its own. Thus I don't think this SCA implementation will last long in WebLogic ... (http://fabric3.codehaus.org/)
  I bet that in a very next future, with the 11G version, SCA will full work and won't have anything to do with Fabric3.
  Hope this helps.
  Regards.
  Edited by: Maxence Button on Nov 9, 2008 2:52 PM

• Is there a way to disable the HSTS ( HTTP Strict Transport Security ) list built into Firefox or to allow exceptions?

  HSTS is problematic in that it incorrectly assumes that all users trust the default list of CAs and makes the adding of exceptions impossible even by advanced users.
  For example, torproject.org is inaccessible on Firefox unless I am willing to trust DigiCert to never sign a fake certificate either by negligence or by court order of any country in witch they operate, thereby making every https: site ( not just torproject.org ) vulnerable to a MITM attack.
  A user disabling CAs in the browser is not unreasonable given the ever growing list of CAs built into Firefox ( each one a potential point of failure ), the number of CAs that have been recently compromised and the very low standards required to obtain a certificate.
  While I understand the desire to protect the average user who doesn't understand how certificates work and will click past warnings without reading them, this protection should not come at the expense of more security conscious users.
  I would recommend an about:config setting that would allow the creation of exceptions by users who explicitly choose to do so.
  So far the only kludge I have been able to come up with is to modify c:\program files\mozilla firefox\xul.dll with a hex editor and replace the sites on the list ( this is far from an ideal solution ).

  dumdidadida: Thanks for your reply, but it doesn't address the problem. HSTS is designed to FORCE the use of https, this is a good thing in most cases. However, HSTS is problematic in that it incorrectly assumes that all users trust the default list of CAs and makes the adding of exceptions impossible even by advanced users.
  torprojec.org is just an example, this effects every HSTS site. You can reproduce this problem yourself in version 17 or later if you temporary disable "DigiCert High Assurance EV Root CA" in your certificate store and then visit torproject.org. You will notice the ability to add exceptions has been removed and that the cert_override.txt file found in the user's profile is also ignored.

• How to edit HSTS (HTTP Strict Transport Security) settings?

  I want the connections to some particular sites to be always using https, so I need to edit Firefox's HSTS settings, but I don't know where the HSTS setting file is. Can anyone tell me how to accomplish this task?
  I use both Ubuntu 14.04.1 and Windows 8. So solutions for Linux and Windows are both welcome and needed.
  (I know there is an add-on called "Force TLS," but I hope to do it without an add-on.)

  hello, please use the addon you already know about in order to edit these settings: https://addons.mozilla.org/firefox/addon/force-tls/
  the hsts settings would be stored within the permissions.sqlite database in your profile but manually editing it could do more harm than good...

• Consuming an External Web Service using HTTPS and WS Security

  Hello everyone,
  I'm having a problem setting the security information in a SOAP header using a generated ABAP Client Proxy to consume an external web service that requires a User ID and Password in the Header section of the SOAP message.  I need to use HTTPS. I'm on a WAS 7.01 SP08 system so from my readings, SAP is supposed to be able to add the username and password into the header section of the message.  I can't seem to get SAP to add this information added to the header.
  Here are the steps that I have taken to set the security values.
  1) Created the client proxy from the WSDL in SE80.  Basic Authentication on the Configuration tab was turned on automatically.
         Note, Transport Security is set to None.  I cannot change it.
  2) Created an outbound set user name profile in transaction WSPROFILE with the appropriate username and password.
  3) Added the profile to the default port in transaction LPCONFIG as an outbound under the WS Security section of the screen.
  When I called the external Web Service, I got back the following error message:
  com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5509E: A security token whose type is [http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken] is required.
  So, after reading through this Forum, I saw that I needed to use the SOAMANAGER.  I set up a Proxy in the SOAMANAGER and manually created the Logical Port.  This was the only way I could figure out how to set the Authentication Settings in the Logical Port to "User ID / Password".  I then entered the User ID and Password.
  However, I am still getting the same error message.  I feel I am close but missing some small configuration to tell SAP to use WS Security with a Username token.
  I'm not sure what I'm doing wrong, so any help would be appreciated.
  Thanks,
  Stephen

  I had this error again so I thought I would post my solution:
  The issue is SAP needs to know the certificates being used by the web site being called.  These certificates are automatically installed in your browser but need to be manually installed in SAP.  This is what I did:
  How to find/install new certificates
  Make sure you run Internet Explorer as an Administrator so you can export the certificates
  Go to the web site that SAP is trying to call in Internet Explorer
  Double click on the lock in the address bar
  View certificates
  Find the certificates that are being used
  Tools --> Internet Options --> Content --> Certificates
  Click on the “Trusted Root Certification Authorities” tab
  Find the certificate identified in step iii
  Export as a CER certificate
  Click on the “Intermediate Certification Authorities” tab
  Find the certificate identified in step iii
  Export as a CER certificate
  Go to STRUST in SAP
  Import the Certificates in the “Anonymous” or “Standard” SSL client
  Save
  RESTART the ICM via t-code SMICM  <-- Critical!!!
  Test

• Dose JCA support only Weblogic server 6.0 without SP1 ?

            I got a error message when starting weblogic server with SP1 in which
            configured the connector architecture beta implentation.
            Dose JCA support only Weblogic server 6.0 without SP1 ?
            How do i configure JCA on WLS6.0 with SP1 if it supports that?
            Taesun.
            Error message(exception) is following as :
            <2001-03-14 PM 02:11:41> <Emergency> <Server> <Unable to initialize the se
            rver: 'Fatal initialization exception
            Throwable: java.lang.VerifyError: Cannot inherit from final class
            java.lang.VerifyError: Cannot inherit from final class
            at java.lang.ClassLoader.defineClass0(Native Method)
            at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
            at
            java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
            1)
            at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
            at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
            at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
            at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
            at
            weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
            .java:50)
            at
            weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
            5)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:245)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:225)
            at
            weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
            rNamingNode_WLStub.java:248)
            at
            weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
            ava:81)
            at
            weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
            r.java:76)
            at
            weblogic.transaction.internal.TransactionService.initialize(Transacti
            onService.java:38)
            at
            weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
            46)
            at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
            at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
            at weblogic.Server.main(Server.java:35)
            '>
            The WebLogic Server did not start up properly.
            Exception raised: java.lang.VerifyError: Cannot inherit from final class
            java.lang.VerifyError: Cannot inherit from final class
            at java.lang.ClassLoader.defineClass0(Native Method)
            at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
            at
            java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
            1)
            at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
            at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
            at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
            at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
            at
            weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
            .java:50)
            at
            weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
            5)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:245)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:225)
            at
            weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
            rNamingNode_WLStub.java:248)
            at
            weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
            ava:81)
            at
            weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
            r.java:76)
            at
            weblogic.transaction.internal.TransactionService.initialize(Transacti
            onService.java:38)
            at
            weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
            46)
            at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
            at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
            at weblogic.Server.main(Server.java:35)
            Reason: Fatal initialization exception
            

            I got a error message when starting weblogic server with SP1 in which
            configured the connector architecture beta implentation.
            Dose JCA support only Weblogic server 6.0 without SP1 ?
            How do i configure JCA on WLS6.0 with SP1 if it supports that?
            Taesun.
            Error message(exception) is following as :
            <2001-03-14 PM 02:11:41> <Emergency> <Server> <Unable to initialize the se
            rver: 'Fatal initialization exception
            Throwable: java.lang.VerifyError: Cannot inherit from final class
            java.lang.VerifyError: Cannot inherit from final class
            at java.lang.ClassLoader.defineClass0(Native Method)
            at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
            at
            java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
            1)
            at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
            at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
            at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
            at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
            at
            weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
            .java:50)
            at
            weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
            5)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:245)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:225)
            at
            weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
            rNamingNode_WLStub.java:248)
            at
            weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
            ava:81)
            at
            weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
            r.java:76)
            at
            weblogic.transaction.internal.TransactionService.initialize(Transacti
            onService.java:38)
            at
            weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
            46)
            at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
            at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
            at weblogic.Server.main(Server.java:35)
            '>
            The WebLogic Server did not start up properly.
            Exception raised: java.lang.VerifyError: Cannot inherit from final class
            java.lang.VerifyError: Cannot inherit from final class
            at java.lang.ClassLoader.defineClass0(Native Method)
            at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
            at
            java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
            1)
            at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
            at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
            at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
            at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
            at
            weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
            .java:50)
            at
            weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
            5)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:245)
            at
            weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
            ef.java:225)
            at
            weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
            rNamingNode_WLStub.java:248)
            at
            weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
            ava:81)
            at
            weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
            r.java:76)
            at
            weblogic.transaction.internal.TransactionService.initialize(Transacti
            onService.java:38)
            at
            weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
            46)
            at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
            at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
            at weblogic.Server.main(Server.java:35)
            Reason: Fatal initialization exception
            

• Versions supported by Weblogic 8.1

  Hi,
  I am very new to java and weblogic. I am about to install weblogic 8.1 Service Pack 5. I wants to know which are best version of jdk, servlet/jsp, ejb and tomcat supported by weblogic 8.1.
  Please help me ..............
  Thanks & Regards
  -Sandeep

  Hi Sandeep,
  WLS 8.1 supports the JSP 1.2 specification from Sun Microsystems. JSP 1.2 includes support for defining custom JSP tag extensions. (See Programming JSP Extensions)
  WLS 8.1 also supports the Servlet 2.3 specification from Sun Microsystems.
  WLS 8.1 supports the Enterprise Java Beans 1.1 and 2.0 specifications.
  Please refer to the following links for additional information
  http://e-docs.bea.com/wls/docs81/jsp/intro.html
  http://e-docs.bea.com/wls/docs81/upgrade/upgrade51to81.html
  Cheers
  -raj

• Using weblogic security roles in authentication: weblogic 9

  Hi All,
  I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:
  weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: LTVORole.
  But I have defined the role LTVORole in weblogic using the administrator console.
  below are the details of what I have done:
  Web.xml:
  ========
  <?xml version='1.0' encoding='UTF-8'?>
  <j2ee:web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee">
    <j2ee:welcome-file-list>
      <j2ee:welcome-file>login.jsp</j2ee:welcome-file>
      <j2ee:welcome-file>index.html</j2ee:welcome-file>
      <j2ee:welcome-file>index.htm</j2ee:welcome-file>
    </j2ee:welcome-file-list>
    <j2ee:login-config>
      <j2ee:auth-method>FORM</j2ee:auth-method>
      <j2ee:form-login-config>
        <j2ee:form-login-page>/login.jsp</j2ee:form-login-page>
        <j2ee:form-error-page>/error.jsp</j2ee:form-error-page>
      </j2ee:form-login-config>
    </j2ee:login-config>
  <security-constraint>
    <display-name>checkAccountConstraint</display-name>
  <web-resource-collection>
    <web-resource-name>checkAccountCollection</web-resource-name>
          <url-pattern>test.jsp</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
          <role-name>LTVORole</role-name>
    </auth-constraint>
    </security-constraint>
  </j2ee:web-app>Weblogic.xml
  ===========
  <?xml version="1.0" encoding="UTF-8"?>
  <ns:weblogic-web-app xmlns:ns="http://www.bea.com/ns/weblogic/90">
    <security-role-assignment>
      <role-name>LTVORole</role-name>
     <externally-defined/>
    </security-role-assignment>
  </ns:weblogic-web-app>I have created the role in weblogic in the menu
  security realms > myrealm > roles and policies > Global Roles > roles > LTVORole
  Is it the right way to define a role?
  Please help me find where I am going wrong.
  Thanking you all in advance,
  Gireesh

  Hi All,
  I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:
  weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: LTVORole.
  But I have defined the role LTVORole in weblogic using the administrator console.
  below are the details of what I have done:
  Web.xml:
  ========
  <?xml version='1.0' encoding='UTF-8'?>
  <j2ee:web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee">
    <j2ee:welcome-file-list>
      <j2ee:welcome-file>login.jsp</j2ee:welcome-file>
      <j2ee:welcome-file>index.html</j2ee:welcome-file>
      <j2ee:welcome-file>index.htm</j2ee:welcome-file>
    </j2ee:welcome-file-list>
    <j2ee:login-config>
      <j2ee:auth-method>FORM</j2ee:auth-method>
      <j2ee:form-login-config>
        <j2ee:form-login-page>/login.jsp</j2ee:form-login-page>
        <j2ee:form-error-page>/error.jsp</j2ee:form-error-page>
      </j2ee:form-login-config>
    </j2ee:login-config>
  <security-constraint>
    <display-name>checkAccountConstraint</display-name>
  <web-resource-collection>
    <web-resource-name>checkAccountCollection</web-resource-name>
          <url-pattern>test.jsp</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
          <role-name>LTVORole</role-name>
    </auth-constraint>
    </security-constraint>
  </j2ee:web-app>Weblogic.xml
  ===========
  <?xml version="1.0" encoding="UTF-8"?>
  <ns:weblogic-web-app xmlns:ns="http://www.bea.com/ns/weblogic/90">
    <security-role-assignment>
      <role-name>LTVORole</role-name>
     <externally-defined/>
    </security-role-assignment>
  </ns:weblogic-web-app>I have created the role in weblogic in the menu
  security realms > myrealm > roles and policies > Global Roles > roles > LTVORole
  Is it the right way to define a role?
  Please help me find where I am going wrong.
  Thanking you all in advance,
  Gireesh

• Oracle support for Weblogic 7 under LINUX

  Hi,
  Does anyone know what happened to oracle support in weblogic 7.0 for linux platform,
  as it seems that the drivers are not included? Are there any discussions on that
  topic anywhere?
  thanks.
  Zlatko

  It DOES appear that there is support for WebLogic jDriver for Oracle on Linux:
  see http://e-docs.bea.com/wls/certifications/certifications/redhat_linux.html#39532
  The strange thing here is that, apparently, the Oracle drivers located @ lib/linux/i686/oci817_8/libweblogicoci38.so
  and lib/linux/i686/oci817_8/libweblogicoxa38.so are "Type 2" ODBC drivers which
  require an Oracle client to be installed on the WebLogic machine, but Oracle doesn't
  support installation of the client on RedHat 7.2, which is required (according
  BEA's doc) for installation of WebLogic 7.0. Can someone reconcile this apparent
  conflict?
  Laurent Goldsztejn <[email protected]> wrote:
  Hi,
  There is currently no support for WebLogic jDriver for Oracle on Linux
  with WLS 7.0. Please check the following page for update on this topic.
  http://www.weblogic.com/platforms/index.html#jdbc
  Zlatko Mesaros wrote:
  Hi,
  Does anyone know what happened to oracle support in weblogic 7.0 forlinux platform,
  as it seems that the drivers are not included? Are there any discussionson that
  topic anywhere?
  thanks.
  Zlatko
  Thank you,
  Laurent Goldsztejn
  Developer Relations Engineer
  BEA Support

• How NOT to do security & customer support

  Our Skype account was suspended, for reasons unknown to me - but understandable, since security is important.
  (And no, it was not one of those pesky scam emails, and OF COURSE I tried to log in directly via Skype (on both my Mac and my iPad) and not via the provided link and proceeded from there)
  The problem is that, in order to unlock my account, I have to answer questions that I never knew I was going to be asked:
  For us to lift the restriction on your account, please provide us with the following information:
  1) In what year did you create your account?
  WTF? That was AGES ago! Somewhere between 2004 and 2008 I think.
  2) In which country/region did you create your account?
  WTF? Can't remember if I started using Skype when I worked in New Zealand, Scotland, or Germany. I still mostly use iChat and FaceTime.
  3) What payment method did you use?
  WTF? I think PayPal but I'm not sure - too long ago. And the credit card I might have used has expired years ago.
  4) Tell us the details of up to three of your Skype contacts. You can use their actual name or Skype Name if you know it.
  Is that ANY of your business??? Isn't that kind of information supposed to be private??? That’s pretty much an admission that they snoop through all your stuff …
  Please be aware that if the information you will provide us are missing or incorrect, we are unable to verify your identity and process your request.
  So after 10 (?) years we lost our Skype account and contacts in it.
  I can't even contact their support or the forum because - you guessed it - YOU HAVE TO LOG INTO YOUR SKYPE ACCOUNT FIRST!!!
  IMBECILES!
  The SOFTWARE isn't very good, but the COMPANY behind it is simply atrocious! But what can you expect from Microsoft?!
  What is really annoying is that nowhere, absolutely nowhere, am I being told what "unusual activity" is taking place. To be honest, I doubt there even IS any unusual activity - otherwise a simple password reset would have done it.
  The ONLY way I was able to contact them was by logging in with my Hotmail account (which I did not really want to do as they are separate accounts). Thanks Microsoft - I guess that was the aim of this little exercise … still can't get into our Skype account but now I can contact their “help” …
  I got to “chat” with “Dan A.” who says “sorry” a lot and explains that management sets the bar for “security” very high. Asking obscure questions which users can't answer isn’t “high standards”, that’s INCOMPETENCE!
  After going through all kind of hoops we arrive at:
  "I really want to help you on this since it is clearly your account, But since I have to follow our process with regards to account's security, I really recommend you to go through this verification. I am sorry, I am just following orders. I am very very sorry."
  Unbelievable. There is a VERY lonely brain cell at the other end of the line …
  So I ask for the problem to be escalated up the ladder. Answer:
  "I hope I can escalate this, but since your account is blocked we need to verify your account first."
  I think that brain cell just self-destructed.
  The sheer INCOMPETENCE at Microsoft is mind-blowing!
  So what am I supposed to do? Guess all possible combinations until I hit the right one so that their "high security standards" are fulfilled?
  Years of contact details and some money down the drain because Microsoft **bleep**ed up as usual. Bad security, incompetent support, out of this world arrogance. I just KNEW they would **bleep** up Skype when they took over - 2.8 was the last decent version (and I hope you all are aware that the ONLY reason to force people onto the newer versions and make it incompatible with the old one was so that they and the NSA can listen in).

  As Costa Rica isn't on this page : http://support.apple.com/kb/HT5699
  then try contacting Support via this form and explain that you've forgotten your answers, don't have a rescue email address, and your country isn't on the HT5699 page and see how they reply : https://ssl.apple.com/emea/support/itunes/contact.html
  When they've been reset you can then use the steps half-way down this page to add a rescue email address for potential future use : http://support.apple.com/kb/HT5312 .

• Data types supported in weblogic web service

  I have used byte[] (base64) array to pass binary data using weblogic in a web service, since byte[] is a java datatype that is supported, is there a definite guideline available that byte [][] ( multi-dimensional array} is not supported in weblogic 8.1? (I have tried and failed with byte [][])
  Thanks

  Hi gchirrav ,
  Multi-Dimentional array support not listed in supported Data Types in weblogic 8.1.
  Go through the following link, you will find supported data types.
  http://e-docs.bea.com/wls/docs81/webserv/implement.html#1054236
  ----Anilkumar kari

• WL's WS-Security stack support

  Hi
  Sorry for crossposting. Just after publishing on "Java Technology & XML"topic I found a WL specific one.
  The original post is WL's WS-Security stack support
  To save your time I'll copy/paste it here..
  Hi
  3 questions regarding WL10 support of web service security spec's stack support.
  1. What are additional ws-sec specs supported by WL10 (no doubt, the basic, WS-Sec. is supported)? - what is about WS-Sec. conversation, WS-Trust, Federation etc?
  2. In case I need to handle verification of tokens by myself, what is the best way to be involved? Are there special hook ups of WL i have to implement, or I can add my JAAS LoginModule with some specific name and it will be used?
  3. Once the WS-Sec authentication was successfully performed, does WL10 execute the call in bounding to Subject?

  Thanks Patrick! That thread helped. I got the proxy service to use the customized WS-Policy.
  Do you know of any tool to create the password digest given a plain text password? Also, is there any particular algorithm that weblogic uses to store the digest in the authenticator? I am currently using soapUI to act as a client for unit testing purposes. I tried supplying the WSS header with the inbuilt feature of 'Add WSS Username Token' in soapUI. It adds the username, password digest, nonce and created date. However, I get the 'Failed to assert identity with UsernameToken' exception in the log. The request never gets through.
  Edited by: SOAer on Apr 8, 2011 9:07 AM

• Secure Kerberos Support in BPC v10 SP13?

  Hi guys.
  I have been asked by the business to confirm that BPC supports secure (aka 'double-encrypted') Kerberos.
  The only documentation I can find on this on the SAP site relates to either NW or MS version through CMS.
  I will be installing using the "Windows" authentication option, so does this support encrypted Kerberos out of the box?
  I am looking at BPC MS v10 SP13.
  Thanks

  Hi,
  I'm investigating the same issue.
  I found some oss note about BPC MS installation with Kerberos (eg http://service.sap.com/sap/support/notes/1961655) and some about issue resolutions.
  http://service.sap.com/sap/support/notes/1988971
  http://service.sap.com/sap/support/notes/1968584
  In the meanwhile did you tried to configure BPC with kerberos?
  Thanks for sharing
  GFV

• Does Cisco Cloud E-mail Security Solution Support IPv6?

  For the Cisco Cloud E-mail Security Solution - does it support both inbound and outbound IPv6?  Are there any limitations?  I know the IronPort E-mail Security Appliances supports IPv6 - but specifically interested in the cloud service.
  Thanks,
  --Jim

  arkhane wrote:
  Hi.
  Does anyone could explain me about SSL/TLS?
  Here is the situation:
  E72 allows in securîty settings to select SSL/TLS. I selected it for both accessing and sending mails and I can logon to my POP and send with SMTP.  So apparently no problem.
  But I asked my internet provider if they support SSL/TLS and they told me no they does not support it....so my question is does really SSL/TLS works in my situation and my provider has no clue on security settings or SSL/TLS does not work but it has no incidence on using my mails as I said I can receive mails and send mails even if those security settings are selected...?
  Thanks if anyone could explain me this.
  Some e-mail providers like Gmail use SSL/TLS.
  http://mail.google.com/support/bin/answer.py?answer=13287
  ‡Thank you for hitting the Blue/Green Star button‡
  N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

• HTTP method POST is not supported by this URL

  Hi everyone,
  I'm having a problem in my application.
  I used the ADF Security Wizard to enable the ADF Security in my application. So, it created the pages login.html, error.html and welcome.jsp.
  The problem is when I try to sign in in my applicaton. On the page login.html I filled in the fields username and password and click on the button to post the form. But when the form is posted I get the message: "HTTP method POST is not supported by this URL".
  The form is posted to the bean j_security_check.
  Does anybody know why is it happening? What should I do to fix it?
  Thanks a lot
  Daniel
  Edited by: [email protected] on 23/02/2010 05:37

  Normally when you get this error, your username/password is not correct.
  It's not a clean way of errorhandling. I have had the same issue and after a while i noticed the password i entered was not correct.