Is thr way to applet write file, client machine without entry in policy
hi,
is there any way to allow applet write file in local machine (client ) without entry in policy file... i feel this extra step to clients...
To achieve this what are class i have to implements...
No, thank God there isn't.
Similar Messages
-
How can i format my external hard drive to write files from Mac without loosing the files that i alredy have on my external hard when i used it with windows?
I have been using Windows to write files to my 1TB WD external hard drive and I do not want to format to loose the files capacity of around 500GB
Someone, Please helpHi Allen,
Is there any way to store the back up to Mac and restore after formating? -
Print report from client machine without showing in screen
Hi guys!!
I m using (forms10g+ 10gAS). I want to Print report from client machine without showing in the screen/monitor.
Currently I m generating report in pdf format. From the pdf I m printing the document.
But my requirements is to print directly to the printer without showing preview
Thanks in advance
MokaremMaybe this will help:
http://forums.oracle.com/forums/thread.jspa?messageID=1209371�
Gary -
How applet write file in local system by URL instead of FileOutputStream()
hi,
how can applet write a file in local system through URL instead of FileOupStream()
plz.....plz.....plz......
URL url = new URL(" file://c:/temp.txt");
in this url how applet can write
plz....URL uses http to cummunicate, this means you can send and receive data using the http
protocol.
The OS doesn't do anything with this, you need a http server to interpret these messages
and take appropriate action (with server side script or CGI).
So if the client has a http server installed and has server side script thad does
something with your http request (that's what a url does) than it is possible.
Since both having a http server , server side script and or CGI have nothing to do with
signed applets I will not answer your question here.
But the mail reason I won't answer it is because it makes no sence to use a URL to write
to the local file system. -
Applet write file on coming server without servlet
Hi, I have an applet that needs to write a new file on the server that's LOADED FROM. Here are my questions:
1) can the applet write this file WITHOUT using a servlet on the server side?
2) if it's possible, could someone send me an example to explain how to do it?
Thanks in advance, have a nice day1) can the applet write this file WITHOUT using a
servlet on the server side?No,it can't. Well, on the server is not necessary to
have a java servlet but you should have "something"
that can receive your data, understand it and save it.
A small PHP script is enough.
Hope this help -
Apparent gap in java applet security on client machine
I know about signing applets, and both the new and original security models for applets. For my purposes, the original security model for applets is just about perfect. My applets do not need access to the client machine hardware, nor do they need to access any machine other than that which provides them to the client (at least at present).
What I have been told is that it is not possible for a server of any kind (DB, servlets, &c.) to authenticate an applet. The claim was made that all the security was designed for client security and that a developer's only option is to trust the client machine.
I can exchange information among my servers over SSL, and secure communications between by servers and applet clients. However, what is there to prevent a bad guy from breaking into a client machine and then capturing and modifying the applet I am relying on to protect the client's sensitive data? Signing the applet tells the user that the applet has not been modified from what I have produced, and so the user should feel confident enough to run it. But what if the applet and related web page is cached, and someone who has, legitimately or not, access to the machine and tries to use the cached copy for inappropriate purposes?
If my servers can not verify that the applet code accessing them is mine, rather than a variant created to mimic my applet, then that certainly creates a risk for my code, but doesn't it also create a security risk for the client? After all, it is the client's sensitive data I am trying to protect, and I can envision a situation in which a bogus applet mascerades as mine and sends that sensitive data to a bad guy's machine; all this while giving the user the illusion that his data is safe.
The gap here is either in my understanding of this technology or a gap in java security, so I'll put the question another way also. Is it possible for a server (e.g. an application server such as Tomcat or Sun's application server) to verify that the applet code used to try to connect with them is in fact the applet code that was signed on and served from the same machine and not malicious code masceraing as my code? If so, how does that work, and how does the programmer do it?
Thanks,
Tedthe jar file reqiured is jmf.jar this jar file will there in
jmf_home/lib
for example in my mechine
C:\Program Files\JMF2.1.1e\lib this jar file contain all the file reqired to run the application
i think you may need some of the dll files also to run see
if reqiured the then it may throw exception
java.lang.UnsatisfiedLinkError then put respective dll file to workiing folder or the system32 folder -
Remote Client Applet -Write File - Cannot be Done
I've concluded that it is not possible for an applet embedded in a web-browser to write to a clients hard-disk no matter what you do with signing, policytool or RSA certificates.
HDWe can write, if the applet or jar file is signed
-
Signed applets called from javascript - how/where to load policy file?
I'm running into some apparently well-known problems with signed applets accessing a client machine's hard drive.
So, I can get things to work if I place the following two lines in my 'local' JDK installation:
permission java.io.FilePermission "${user.home}/x.properties", "read,write";
permission java.util.PropertyPermission "user.home", "read";These let me a) read the user's home directory and b) read/write a file that's located there.
What I don't want to do is edit the java.policy file, but I'm having problems loading a separate policy file. The app server we run with our product is jetty, and I'm assuming I would be passing in the '-Djava.security.policy=='filename' with the other jetty start-up parameters- is this a correct assumption? And, what path do I give for the file, will I need to put it somewhere in the .war file we distribute, or in the JDK installation on the server? If it's on the server, will client machine's know about these extra rights?
I'd REALLY appreciate any help I could get on this...
thanks in advance,
+0^^Maybe you didn't realize but my previous post was sarcastically ment:
"hello SUN security stop bugging me in writhing this malicious program"
and
"hello SUN security, I'm a good boy now trust what I'm doing"
Are in a practical sense exactly the same.
SUN should either remove the stack check or the doprivileged. The stack check takes up
valuable resources for nothing since a malicious program can easily circumvent that.
Your post about a malicious user abusing your (CA) signed applet to ruine someone's
system is correct, it would not be difficult. A CA signed applet will not even ask a user to
trust or not. This is one of the reasons we have the usepolicy in affect, but this cannot be
used on "grandma's old PC" since it's too complicated for users to do such things.
YOU seem to be the one to blame, not the hacker! (The user accepted YOUR
certificate!).Actually you are to blame, because you made software that exposes a vonurability
other people can take advantage of.
what you can do before calling the doprivileged private method is check the call stack.
So your signed applet has a public method checking the callstack, if this lookes OK
that method will call the private doprivileged method.
Here is the example
package t;
import java.util.Properties;
import java.applet.Applet;
public class test extends Applet {
public test(){
startingPrivileged();
public void startingPrivileged(){
System.out.println("this is the stack");
try{
throw new Exception("get the call stack");
}catch(Exception e){
StackTraceElement stack[] = e.getStackTrace();
for (int i=0; i<stack.length; i++) {
System.out.println("file: " + stack.getFileName() + " method: " + stack[i].getMethodName() + " class: " + stack[i].getClassName() + " at " + new Integer(i).toString());
// this is a really simple check to see if this method was started from the t. package
// a good hacker can just create it's own package named t and take advantage of this method
// if this method was started from the same package there is no reason to make this method
// public, protected would work.
// there must be a better way to check if this method was called by "your" or "trusted" code
if(stack[1].getClassName().startsWith("t.")){
dosomePrivileged();
private void dosomePrivileged(){
System.out.println("this is the method that does privileged stuff");
public static void main(String args[]) {
new test(); -
Saving The Report File (PDF) on Client Machine/PC
Hi Everyone,
I am using Oracle Application Server 10g (10.1.2). I have a form that calls a report (both forms and report version are 10.1.2) with ASYNCHRONOUS option and creates a file in PDF format. The report is running fine and is creating the PDF file fine BUT on the application server.
I need to know if there is a possibility of either creating the file on the client machine/pc or transferring the file from application server to client PC. I would prefer the first option that is to create the file on client PC so the client can print or browse the report later. The second option would be ok if there is no solution for first option but I am assuming that it would take twice as much time. First to create the report on Application Server then to transfer the file from AS to client PC.
I have already included webutil library and object library but could not find a way to save the file on client PC using any of the APIs.
I would appreciate if some one provide me detail information. I mean syntax on how to either create the file on client PC or how to transfer the file created on application server to client PC. I would like to know where the report is created on Application server as the path will be required for transfer.
Thanks in advance.
KhalidInstead of just creating the file, open the file in a
browser using rwservlet. That way the client can see
it and save in his PC whenever he wants to.
Try:
...write code to get report id...you must be already
having this...
then continue....
:global.report_server_name:=<servername>;
reports_servelet:='/reports/rwservlet';
REPORT_MESSAGE := RUN_REPORT_OBJECT(REPORT_ID);
vjob_id :=
substr(report_message,length(:global.report_server_na
e)+2,length(report_message));
hidden_action :=
reports_servelet||'/'||'getjobid'||vjob_id||'?server='
||:global.report_server_name;
--WEB.SHOW_DOCUMENT(hidden_action);
Basically you get the objid for the report you ran
and open it in the browser.
Hope this helps.Hi,
First of all thanks for you kind reply. Actaully user has an option to preview report and it is working fine. The reports run and display under browser as either PDF or HTML depending on option selected by user. These reports can be saved on client machine without any problem as you mentioned.
The problem with this form is that as soon as it execute the report it exit out of form. So the reports that are previewed run under SYNCHRONOUS mode and reports that are creating files run in ASYNCHORONOUS mode. I can run preview reports also in ASYNCHOROUS mode and I have already tried it by creating TIMER and WHEN_TIMER-EXPIRED trigger and commenting EXIT_FORM built-in. But as mentioned since the form exit out WHEN_TIME_EXPIRED does not fire and it does not display the report on the browser. I can see the status of the report in print queue when it is finished successfully.
If the report is not displayed after running in ASYNCHOROUS mode then I will be unable to save the file. That is the reason we created the FILE creation option and thought we will find a way to create/save the file on client PC but I am having hard time to do that.
I am sure I have made myself clear. Bottom line is that previewing a report in a browse is an option but will not work for long reports and if we run in background then it will not display in a browser as form exits after calling the run_report_object to run report so WHEN-TIMER-EXPIRED is not there to show the report when it is finished.
Thanks
Khalid -
Read and Write Files to user from Forms Server
We are developing an application that requires us to rread and write files to the user system. We are deploying using the developer/forms server and this is not happenning. The text_io package and the d2wkutil operate on the application server system, not the user system. So is there a method to read the file contents into the app and write files out to the user system across the web. Thanks.
developer6 can interact with javabeans. the javabean runs as an applet on the client machine. all you have to do is setup a javabean that read and write to your client machine.
when you test your application, work with java console open so you'll be able to debug your appliacion, if you'll receive java security execption you may need to sign this javabean. look at sun site for info regarding the usage of javakey for signing java classes and jars. -
How to put image file on client machine through JBOSS
I need to imlement the functionality like google map on website, where my server is JBOSS
server. We used the newest technology SVG(scalable vector graphics) which doesn't loose the
image quaility on increasing the size of the image.
we are doing backend processing of the image and throwing the png images on the client.
machine. I already written a program which can be used at the time of zooming and panning
of the image and can throw the image but that is all PC based. but when I am implementing
on the server it is giving error because code is not getting any output directory to save
the image on sever.
Please tell me if that can be happen through caching or how can I save image on
client machine without user authenication and can retrieve on the web page. so that my
server doesn't have extra load.hi jagdish,
Check this thread. discussed uploading file step by step
Re: How to upload and search a document in KM
Regards,
Ganesh N -
Connecting to sql server database mdf file without installing sql server on client machine?
I am creating a window application that need to use sql server database. I want to install this application to client machine without installing sql server so that my application can still connect to a database i.e mdf file that i will be providing at client
system.
How can i connect to a database(mdf) on client machine through my window application without installing sql server. ? I dont know is it possible or not.
If possible what will be the connection string in that case. Database need not be used in network.you cant connect and view the internals of mdf file unless it being attached to a sql server instance as a database.
The sql server instance can be installed in any box which is in the same domain and then you can connect from your application to it.
Please Mark This As Answer if it solved your issue
Please Mark This As Helpful if it helps to solve your issue
Visakh
My MSDN Page
My Personal Blog
My Facebook Page -
Generating outputfile on client machine.
Hi.
We all use various development tools such sqlplus, pl/sql developer, toad etc...
some time (most of the time) user comes with adhoc requirement.
so we write some code, (which we only know) and get the output.
so we 'spool' and dbms_output to write line.
dbms_output has buffer restriction.
is there any package which will write to client machine directly. (utl_file writes on db server, so it is not useful. text_io/client_text_io work inside forms)
regardsSimple answer no. How can server-side code (like PL/SQL) hack its way across a network into some unknown client platform (could be Windows, Linux, OS/X, etc), and break into that client platform's file system to write data to it?
More complex answer. Quite easy within the proper concepts of client-server. Top of the list is having the client use a browser to "access" the data - and the developers writing PL/SQL procedure that, instead of using DBMS_OUTPUT, uses the HTP package instead. In this case the PL/SQL code "writes"to a HTML buffer (page). This buffer is then rendered by the user's browser.
The components underneath this is Apache and MOD_PLSQL (Oracle's HTTP Application Server), or DBMS_EPG.
Even easier is using APEX - Oracle's Application Express. -
Can Web Start call earlier installed versions on client machine?
Can Web Start invoke earlier installed versions of the
JRE on a client machine, without invoking a download?
I ask because I have tried to so, unsuccessfully,
using the versions attribute of the j2se element.
In the usenet thread 'Jar test, with 1.4 VM?',
Usenet Message ID:
[email protected]
http://groups.google.com/groups?selm=1170640609.025666.236030@s48g2000cws.googlegroups.com
(follow the Google link at the top, to the thread)
I was attempting to confirm that a Jar file I
was deploying, was 1.4 compatible.
The test failed, because despite that the (1)
user who attempted it had a working 1.4.2 install,
the JNLP file (which declared version='1.4'),
was prompting for a download. The user was
not prepared to do that, understandably -
that was exactly what I was trying to avoid
doing, myself.
Since then, I did further testing locally -
trying to get a 1.5 launch when my current
Java is 1.6 - I have a number of 1.5 versions.
No request for '1.5', '1.5.0_08' or '1.5*' worked
(OK - that last one was just a WAG*), every time
I was prompted for download (which also failed,
as an aside!).
What am I getting wrong?
Do I misunderstand the intent of the j2se element
finding earlier verions? Is it only versions that
were installed by web start?
Is my understanding of how to use the version
attribute, incorrect?
* Where are the detailed instructions on the
allowable forms of the version attribute?
Neither the spec. nor developers guide seem
to go into it in any detail. Some of the forms
I have seen around the forum were (AFAIR)..
<!-- Suggests 1.4 preferred? -->
version="1.4 1.5+"
<!-- Suggests 1.4 only? -->
version="1.4"
<!-- Suggests 1.4.2 preferred, if microversion
13+ is found, else 1.5+? -->
version="1.4.2_13+ 1.5+"FWIW - here is the JNLP I am currently using
for the test, it is 'live and public'..
<?xml version='1.0' encoding='UTF-8' ?>
<!--
If you see this message in your browser, it means the
browser is not correctly set up to handle the JNLP file
type, that launches Java applications within a secure
environment, that cannot access your computer, or data.
To get the browser (and PC) correctly set up to handle
this type of file, visit ..
http://www.java.com/
..to install the free, secure, Java Plug-In made
by Sun Microsystems.
-->
<jnlp spec='1.0'
codebase='http://www.athompson.info/family/'
href='thompson-1.4.jnlp'>
<information>
<title>Thompson Family Genealogy</title>
<vendor>Andrew Thompson</vendor>
<description kind='one-line'>
The ancestors of William Robert Ramshaw Thompson
</description>
<offline-allowed />
<shortcut online='false'>
<desktop/>
</shortcut>
</information>
<resources>
<j2se
version="1.4"
href="http://java.sun.com/products/autodl/j2se" />
<jar href='genj-applet.jar' main='true' />
</resources>
<applet-desc
main-class='genj.applet.Applet'
name='genealogy'
codebase='./index.html'
width='300'
height='170'
>
<param name='GEDCOM' value='thompson.ged' />
<param name='ZIP' value='thompson.zip' />
</applet-desc>
</jnlp>Using your tips, I was able to find the 1.5
JRE's listed in the Java control panel
(of an XP Pro box) and see they had no
checkmark for 'enabled'.
After enabling 1.5.0_08, I was successfully
able to launch the application (OK - applet
really) using the 1.5.0_08 JRE.
Thanks.
As an aside, I had to specify '1.5.0_08'
exactly to get that JRE. This is fine for
local testing, but sometimes it is handy
to ask others to help test via the web,
and it would be nice if I could make it less
specific (e.g. '1.5', to get any installed
and enabled JRE that is a 1.5 variant)
Do I understand wrong? Should that work,
to specify '1.5' and get a '1.5.0_08' JRE that
is installed and enabled? -
Is it possible to export (expdp) oracle table from client machine ?
Is it possible to export (expdp*) oracle table from client machine, without using Remote desk top connection ?*
1) Database-10g server is in America
2) client machine is in India
3) Oracle client-10g software is installed in my machine
4) I am able to connect to the server, could see all tables
5) one table is with 35 million record, I wanted to export this table using data pump, is it possible?
note: without using Remort desk top connection.Hi
I used the following syntax , but I am getting error
6) connect sys as sysdba
create directory test_dir as '/dbusr1/exp_test'
grant read, write on directory test_dir to user1;
7) expdp user1/pwd1@xyz tables=test_1 directory=test_dir dumpfile=test_file.dmp logfile=test_file.log
8) Errors
In linux prompt I am getting this error
-bash: expdp: command not found
In windows cmd prompt I am getting this error
ORA-39002: invalid operation
ORA-39070: Unable to open the log file.
ORA-29283: invalid file operation
ORA-06512: at "SYS.UTL_FILE";, line 488
ORA-29283: invalid file operation
9) why ?
-- Does the user ( "user1") should have any system level privilege ? to export his own table?
-- This folder ('/dbusr1/*exp_test'*) has write privilege in os level.
Thanks in advance
sbmk_design
Edited by: sbmk_design on Aug 24, 2009 12:06 AM
Maybe you are looking for
-
Verbose Boot. How to get rid of it?
My Mac Pro boots with a bunch of what look like Unix line-items showing in white monospaced text on surround lines of black. How did I do that? How do I turn them off? At one point it seems to be saying that it is in dev mode with a "verbose boot."
-
I change the title of certain files I use for work in Goodreader or Save to PDF then transfer to iBooks for use. All of a sudden no matter what I name the file it turns up in iBooks as UNTITLED. Anyone know why?
-
My battery all of a sudden won't stay charged. Any suggestions?
MY BATTERY WON'T STAY CHARGED ALL OF A SUDDEN. ANY SUGGESTIONS?
-
Availability check for std SD query.
Hi, I need 4 SD report (either STD/Custom) with the following requirement. Please suggest if there any STD SD query available for the same and where I can check? 1) Report for top 10 customers based on Inquiry/Order 2) Report on top sectors/Divisions
-
Missing nvarchar fields in hsodbc connection
I need read access from an Oracle 10.2.0.4 database (Win 2003 Server) to a MS SQL Server 2005 database using collation: SQL_Latin1_General_CP1_CI_AS. The tables have nvarchar and ntext columns. The oracle database has the following nsl_database_param