HTTP URL problem: Security issue

Similar Messages

• HTTP URL problem

  Hi all,
         I am trying to get the data from the Siebel server.For this I am using Siebel sender adapter using HTTP transport protocol.
          In sender adapter it is asking port number. I have given here abap port...is it correct?
          To trigger the data in siebel I have build a workflow.In workflow we have to supply method name and URL. I have given method as POST.
         Could anybody give me the inputs for build the URL.
  Thanks,
  sekhar

  Hi Sekhar,
  I have exactly similar scenario as yours. I am also using the sender iWay adapter using HTTP Transport protocol.
  The HTTP port defiend in SMICM is 8001. Do we have to use this port in the CC configuration for sender iWay Adapter.
  Will it use the sender agreement or the message will be directly posted to XI pipeline if i use the HTTP port of the ABAP stack.
  At present the HTTP port defiend in SMICM is not working for me and the messsge goes directly to the XI pipeline without using the Communication Channel.
  Instead of siebel sytem i am using HTTP Client to send the data as siebel system is not available now.
  Regards,
  Nilesh

• Acrobat javascript URL property security warning

  Since Adobe implemented enhanced security in Acrobat/Reader if you simply read the URL used to open a PDF you get a security nag screen asking if you want to block or allow the action.
  My question is this:  why is simply reading a document's URL a security issue? 

  just a note:
  WebService URLs are only internal, so cannot be reached!

• OS X10.4.11 update, Safari won't connect to secure (HTTPS) URLs

  Didn't find any discussion of this particular symptom of the update, so thought I'd ask.
  Installed 10.4.11 update over the weekend, which contained Safari v3.0.4. After the (uneventful) install and reboot, I'm unable to connect to any secure (HTTPS) URL. Browser seems to work on non-secure connections (HTTP). My FIREFOX browser on the same machine still works.
  Haven't experienced any crashing or other OS issues, only the "Can't make a secure connection" with Safari (so far).
  Suggestions would be appreciated.

  Did you recently install the latest Security upgrade, but did not "repair permissions" on the restart? If so, that's your answer. I have found it essential to "Repair permissions" before and after any Apple system update, or Security update. Otherwise oddities may appear in the operating system.
  Also, sometimes reapplying the Combo Update specific to your current version of OS X remedies these types of problems. Here too, it's important to "repair permissions" etc.

• Problems with Flash Security issues and Captivate projects

  Hello,
  We're putting together a flash based eLearning course that has been created primarily in Adobe Captivate with flash plugins. The course consists of several modules, all which are embedded into HTML files that are linked to each other.
  Our client wants the project on a CD, which is starting to create some problems. Everytime the project goes to open another HTML/flash page, the security issue comes up that mentions that the flash player is trying to communicate to the internet.
  Now usually the way to get around this is to go into the security settings and add the CD as an accepted URL - however we can't do this for several reasons. The main one is that we are encasing it within Firefox Portable (included within the CD and as such, read only) and the computers it is being used on may not be connected to the internet.
  Any idea how we can get around this? Are the flash player settings stored somewhere locally on your computer, and can we configure them there? (perhaps through an ini or something) to place on the CD with the plugin for Firefox Portable? Is there a simpler way to address this that we're just not seeing?
  Thanks,

  Hi there
  I agree with Michael.
  Server2Go is also what I'd have offered. The mention of Firefox portable sound intiguing, but I'm really skeptical that it will do what is needed in this case.
  In case it will help, here are some steps for Server2Go.
  Download the Server2Go software from http://www.server2go-web.de/download/download.html
  Choose the Micro package
  This should result in receiving a zip file named distribute_apache1.3_micro.zip
  Unzip the contents of the zip file to the root of your hard drive ( C:\ )
  This should create a folder named distribute_apache1.3_micro
  Open this folder and delete the following files and folders inside:
  Files:
  splash.bmp
  logo.ico
  readme.txt
  Folders:
  dlls
  dbdir
  cgi-bin
  Open the htdocs folder and delete all files and folders inside.
  Copy all of your Captivate output files to the htdocs folder
  Rename the HTML page Captivate created to index.htm
  Copy the contents of the distribute_apache1.3_micro folder to the CD-ROM and test!
  Hopefully this helps... Rick
  Click here for Adobe Certified Captivate and RoboHelp HTML Training
  Click here for the SorcerStone Blog
  Click here for RoboHelp and Captivate eBooks

• Problems with SAP BC to post a request to https URL

  Hello,
  in a integration scenario one of our partners wants to send a xml to our server via https.<br/>
  I tried this internal with a test business connector. I simple use the WmPublic.pub.client http service.<br/>
  I try to post a record to an https:// URL and get an error. It seems that there is some trouble with the ssl handshake. However it is working in the browser.<br/>
  The option Security -> Certificates -> Trusted Certificates -> CA Certificates Directory is 'unspecified'. Therefore no server certificate should be reject.<br/>
  <br/>
  Now I got an 'iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure<br/>
  ' error. I do not find any helpful entries in this forum. Did anyone solve this issue?<br/>
  <br/>
  Thank you,<br/>
  Nils<br/>
  <br/>
  error:<br/>
  2009-08-03 10:08:13 CEST iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure<br/>
       at iaik.security.ssl.r.f(Unknown Source)<br/>
       at iaik.security.ssl.x.b(Unknown Source)<br/>
       at iaik.security.ssl.x.a(Unknown Source)<br/>
       at iaik.security.ssl.r.d(Unknown Source)<br/>
       at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)<br/>
       at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)<br/>
       at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)<br/>
       at com.wm.net.NetURLConnection.trySSLConnect(NetURLConnection.java:691)<br/>
       at com.wm.net.NetURLConnection.httpsConnect(NetURLConnection.java:562)<br/>
       at com.wm.net.NetURLConnection.connect(NetURLConnection.java:171)<br/>
       at com.wm.net.HttpURLConnection.getOutputStream(HttpURLConnection.java:419)<br/>
       at com.wm.net.HttpContext.getOutputStream(HttpContext.java:578)<br/>
       at com.wm.net.HttpContext.getOutputStream(HttpContext.java:554)<br/>
       at com.wm.net.HttpContext.post(HttpContext.java:338)<br/>
       at pub.client.http(client.java:512)<br/>
  <br/>
  SAP BC Info:<br/>
  Software <br/>
  Product webMethods Integration Server <br/>
  Version 4.6 (Standard Encryption)    Release Notes  <br/>
  Updates BC46_CoreFix7  <br/>
  Build Number 940 + CoreFix 7 [Fixes 1-205 + SP1-3] <br/>
  SSL Standard (40-bit), Provider: IAIK 2.6 <br/>
    <br/>
  Server Environment <br/>
  Java Version 1.3.1_20 (47.0) <br/>
  Java Vendor Sun Microsystems Inc. <br/>
  Java Home /usr/jdk1.3.1_20/jre <br/>
  Java VM Version 1.3.1_20-b03 <br/>
  Java VM Info Java HotSpot(TM) Client VM (mixed mode) <br/>
  Classpath /usr/local/sapbc46/server/updates/BC46_CoreFix7.jar<br/>
  /usr/local/sapbc46/server/lib/server.jar<br/>
  /usr/java/lib/i18n.jar<br/>
  /usr/java/jre/lib/rt.jar<br/>
  /usr/java/lib/i18n.jar<br/>
  /usr/java/jre/lib/rt.jar<br/>
  /usr/java/lib/i18n.jar<br/>
  /usr/java/jre/lib/rt.jar<br/>
  /usr/java/lib/i18n.jar<br/>
  /usr/java/jre/lib/rt.jar<br/>
  /usr/java/lib/i18n.jar<br/>
  /usr/java/jre/lib/rt.jar<br/>
  /usr/java/lib/i18n.jar<br/>
  /usr/java/jre/lib/rt.jar<br/>
  /usr/local/sapbc46/server/lib/classes<br/>
  /usr/local/sapbc46/server/lib/client.jar<br/>
  /usr/local/sapbc46/server/lib/mail.jar<br/>
  /usr/local/sapbc46/server/lib/server.jar<br/>
  packages/SAP/code/classes<br/>
  packages/SAP/code/jars/static/inqmyxml.jar<br/>
  packages/SAP/code/jars/static/jARM.jar<br/>
  packages/SAP/code/jars/static/jCO.jar<br/>
  packages/SAP/code/jars/static/sapjco.jar<br/>
  packages/SAP/code/jars/static/sapxmltoolkit.jar<br/>
  packages/WmPartners/code/classes<br/>
  packages/WmWin32/code/classes <br/>
  OS Linux <br/>
  OS Platform i386 <br/>
  OS Version 2.6.18.8-0.13-default <br/>
  Current User sapbc <br/>
  Working Dir /usr/local/sapbc46/server<br/>

  Ok - in this case you need to include to session based SSL setup in your flow (scenario).
  The pub.security:setKeyAndChain and pub.security:clearKeyAndChain services are used to control which client certificate
  the SAP BC server presents to remote servers. You need to use these services to switch between certificates and
  certificate chains if you are not using aliases for remote servers.
  List of services to be used:
  pub.security:clearKeyAndChain
  -- Associates the default key and certificate chain with the subsequent set of invoked services.
  pub.security:setKeyAndChain
  -- Processes a digital signature to make sure that the provided data has not been modified. The signature input is the DER encoding of the PKCS#7 SignedData object.
  pub.security.pkcs7:sign
  -- Creates a PKCS7 SignedData object.
  pub.security.pkcs7:verify
  -- Processes a digital signature to make sure that the provided data has not been modified.
  pub.security.util:createMessageDigest
  -- Generates a message digest for a given message.
  pub.security.util:getCertificateInfo
  -- Retrieves information (e.g., serial number, issuer, expiration date) from a digital certificate.
  pub.security.util:loadPKCS7CertChain
  -- Converts a certificate chain that is in PKCS7 format to a list (a one-dimensional array) of byte arrays.
  Example:
  Invoke pub.client:http to send data to Company D.
  Invoke pub.security:setKeyAndChain using the key and certificate chain for Company B.
  Invoke pub.client:http to send data to Company B.
  Invoke pub.security:setKeyAndChain using the key and certificate chain for Company C.
  Invoke pub.client:http to send data to Company C.
  Invoke pub.security:clearKeyAndChain to revert back to the default key and certificate chain for Company
  Au2019s server.
  Invoke pub.client:http to send data to Company D.
  Edited by: Kai Lerch-Baier on Aug 3, 2009 1:47 PM

• Problem while creating partner link using https URL

  Hi,
  To create the partnerlink using https URL, I had done the following:
  -Imported the self signed certificate into the OraBPELPM_\jdk\jre\lib\security\cacert
  -Added following entries in OraBPELPM_1\integration\jdev\jdev\bin\jdev.conf
  AddVMOption -Djavax.net.ssl.keyStore=E:\OraBPELPM_1\jdk\jre\lib\security\cacert
  AddVMOption -Djavax.net.ssl.keyStorePassword=esbtest123
  I am not able to create partner link using URL https://localhost/orabpel/default/ErrorHandlerBPEL/1.0/ErrorHandlerBPEL?wsdl .
  Able to create partnerlink using same URL if I replace https with http.
  Did I miss any other configuration that needs to done to create partnerlink using https in JDeveloper BPEL Designer.
  Thanks,
  -Vidya

  Hi,
  I  too have the same issue. Appriciate if you share some knowledge on this issue.
  Thanks
  Aravinda

• Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  The official communication is now posted to
      https://blogs.oracle.com/security/entry/security_alert_cve_2014_7169

• HT5919 My company will not allow us to download iOS 7 due to software / security issues on our end. The problem is I need to download numbers but it says I need iOS 7. Is there any way to get an earlier update that's doesn't require ios7?

  My company will not allow us to download iOS 7 due to software / security issues on our end. The problem is I need to download numbers but it says I need iOS 7. Is there any way to get an earlier update of numbers that's doesn't require ios7?

  Thank you so much! It's updating now. I'm hoping that once the update is finished that it will sync like normal as well. Of course I'm still a bit confused/concerned about how it refused to update on it's own, but for now that's not a problem. Hopefully from now on there won't be any more problems.

• Testing  HTTP URL that causes a network problem

  Hi all,
  I'm developping an applet for multiple unlimited files downloading using HttpConnection .
  i want to implement the following feature :
  In the case of an error occurring due to network problems during file download; the applet must be able to reconnect and resume the data transfer without downloading the entire file(s).
  well i need to test this feature ; so i'm looking for some HTTP URL that can cause network probs so i can catch the error and retry connection etc...
  can someone point me where to find such HTTP files for my test ?
  thanks.

  >
  I can do this with FTP since it has commands to do
  this but I don't know of any using HTTP unless one
  uses a Servlet (or some other agent on the server) to
  process a download request for a file starting at
  some offset.
  Actually i did it only using HttpConnetion class and inputstream using some work arounds to keep track of the offset during download (actually i'm saving the offset to a temporary proprieties file that i'm reading again to get specific offset and resuming the download from last point)
  That is one way. You could also use an HTTP 'tunnel'
  that forwards all requests to an HTTP server but
  within the 'tunnel' you could at random close the
  connection.I will go for throwing exception manually ; but i'm curious to know how an HTTP tunnel works.
  thanks.

• Can I create a form that doesn't trigger Acrobat's JavaScript disabled / security issues warning?

  Hello,
  Can I create a pdf that doesn't trigger Acrobat's JavaScript is currently disabled and this document uses it for some features.  Enabling JavaScript can lead to potential security issues.
  I even get this error when I create a blank pdf.
  I'm not using any JavaScript in the form and the nature of the message might tend to be a bit scary to some people since it mentions enabling JS can lead to potential security issues.  I basically want to disable the messaging of a feature I'm not even using.
  Anyone know if this is possible and if so, how I go about it?
  Thank you.

  Hi,
  I too share your frustration!!
  Unfortunately I do not have a complete answer for you.
  From the start I must say that Stefan Cameron has been very helpful (http://forms.stefcameron.com/2010/01/14/acrobatreader-9-3-now-available/), however I have not had sufficient time available to deal with the issue (or find a satisfactory resolution).
  The original post that Srini shared with you related to an XFA form that had FormCalc and Javascript in it. I will now share with you another situation that is closer to your experiences.
  Sometimes where we have a complex solution/form, we often give our users a PDF with instructions and demonstrations. We generate these using Adobe products:
  LiveCycle Designer ES to generate the solution/form;
  Captivate to record the demonstration (.swf);
  Acrobat to package it up in a static PDF.
  The screen shots below are from a PDF that includes written instructions and six Flash (.swf) files. The PDF does NOT include fields/form objects and does NOT include any FormCalc or Javascript.
  One of the big sells in Acrobat 9 was that Adobe had fully integrated Flash (Adobe product, ex. Macromedia) into Acrobat 9. This mean that .swf files could run natively inside a PDF. Brilliant!!!  The website today is still pushing this message, for example:
  Now bear in mind that the following screenshots are from a PDF that does not contain any scripting - its sole purpose is to "inform" the user, "look as good as the work I put into it", incorporate instruction and "multimedia" in a "single polished file" and I should be "confident that my audience will be able to view my work exactly as intended".
  Not so!!
  When the user now opens the form, all looks OK. No warning. They can read the instructions and scroll down to the multimedia (.swf files).
  However when the user clicks on the multimedia, the yellow bar appears:
  I go through the "trust" process:
  And the PDF looks like it is OK, no yellow bar. When I click on the multimedia, it begins to play - yes!! BUT ONLY FOR A SECOND OR TWO AND THEN IT STOPS AND GOES BACK TO THE START - AGGGGHHHHHHH!!!!!. I would apologise for shouting, but this is beyond frustration. The work in capturing six screencasts in Captivate, annotating them, publishing to .swf and packaging up in Acrobat has been a complete waste of time. Worse than that I now have several PDFs out there, that do not work. Good advertisement for my business? I don't think so!!
  The document that Stefan provided (Managing JavaScript Execution in the Acrobat Family of Products) does not mention Flash/.swf as being a problem. However I would recommend that you go through this document, as it may help you.
  So, where to now? I don't know. The previous posts and Stefan's responses have several urls that may help. You should maybe consider logging your experiences as a bug (log at Adobe).
  In the meantime good luck,
  Niall
  UPDATE:
  This behaviour (.swf playing for only a few seconds) happens in PDFs where the .swf is inserted as legacy media to run in earlier versions of Acrobat/Reader. In this case Acrobat/Reader is making an external call to Flash Player. Hence the yellow bar. However it does not explain why the Flash video still does not play when trusted.
  If the .swf is added into the PDF as Flash media to run on Acrobat 9 and above, then it works without displaying the yellow warning bar.
  So maybe any feature of your PDF that calls an external resource is likely to show the yellow warning bar.

• SERVER URL problem

  Hey, I have been testing apps on my development server with the client on the same computer. Now i wanna connect through another computer. My problem is knowing the url of my server. Am i to set it my self? where?..Thanks

  I think you might be running into Flash Security Issue. Do following steps:
  Open your client .swf or .html in Flash Player(or your browser) from another computer. Right click on .swf , it should give you pop up menu with options like Settings and Global Settings. Click on Global Settings. It will take you to page on web : http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html. You will few links :- Click on What are security settings?. Then click on Global Security Settings panel link which would be there on the page.
  It will show up Dialog box: Do following steps
  Click on Always Allow and then click on Edit Locations drop down. Click on Add Location. Browse for your client file or  add the folder where you have your client .swf or .html or you can add whole drive for now say C:\.
  Now close the page.
  Close the .swf or .html file which you are using as client.
  Open it back now and put IP of FMS server like mentioned in previous posts like :- rtmp://x.y.z.w/vod
  To answer to what you asked : IP of FMS is same as IP of of the computer where your FMS is.
  Please let us know if you are still running into issue.

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Security Issue with Apple ID

  Today while using my iphone and trying to use facetime for the first time since updating to IOS6, my phone asked me if I wanted to use some email address that I do not have for facetime. What? The message pretty much said that this email address was linked to my apple ID. So I got to work logged into AppleID.Apple.com and saw the email address verified and also saw it displayed as an alternate apple id. Immediately, I changed my Apple ID password and called apple at 1800myapple since that is the number on the website and try to talk to someone that could assist me with this severe issue. Anyway, my iphone went dead and the people on the phone couldn't connect me to anyone because I couldn't give them a serial number to an apple device. I tried to explain to the technicians that this is a problem with my ID and that the alternate ID has access to everything that my Apple ID has access to. Both times the call went nowhere. This is ridiculous. Why can't I talk to a security team? Why is the technician telling me that I can manage my ID from the website, when I know that I am looking at the website and I cannot remove the alternate ID? How did this ID get associated with my account and why did I never receive an email informing me of the change?
  Since Apple has other services and not just products STOP ASKING FOR A SERIAL NUMBER AND ASSIST THE CUSTOMER WITH THE ISSUE especially since it is a SECURITY ISSUE.

  oh man, I know exactly what you're talking about. i have a relatively easy to guess apple id email and everybody in the world thinks it's theirs... but once I turned on two-step authentication, the emails stopped completely.  here's a faq about it:
  http://support.apple.com/kb/HT5570
  once i turned that on, whenever they'd want to reset my password, they would get asked for my recovery key, which they don't have, haha!  victory is mine.

• Java IDE Security Issues

  I'm evaluating Java IDE's. My boss wants me to evaluate IDE security issues. I can't think of any issues, or how an IDE can have anything to do with security, but didn't want to sweep it under the rug without asking all of you security experts.
  Are there any security concerns when selecting a Java IDE?

  Yeah, you confirmed what I already knew I suppose.
  Unfortunately, I know nothing if this organization, as
  I'm only consulting. The management here INSISTS that
  security be addressed, but I think it's out of scope
  for Java IDE selection. Thanks!In that context, things like "supports HTTPS and ssh access for remote development" may be exactly what they're looking for. It lets managers say "Yes we considered security in making this purchase, and yes the developers of this tool take security seriously." Doesn't mean that security is ever going to impact the actual use of the product.
  Remember that a portion of any management decision goes to insuring you can show a good-faith effort to avoid problems, when/if they happen down the road and someone's looking for a fall guy...
  Good luck!
  Grant