Oracle Apps secure code review

Similar Messages

• Testing oracle apps security in reports

  Hi,
  I have a report which is running fine in Report builder 6i and also in Oracle apps(this is a customized report for oracle apps).
  Now I need to test the security in Oracle apps. As per the advice provided in metalink I added
  1) added a user parameter P_CONC_REQUEST_ID
  2) added "srw.user_exit('FND SRWINIT');" to the BeforeReport trigger
  3) added "srw.user_exit('FND SRWEXIT');" to the AfterReport trigger
  But now when I try to run in Oracle apps it gives below error
  REP-1416: 'beforereport': User exit 'FND'. IAF GET: unknown column 'P_CONC_REQUEST_ID'.
  Please help on how to solve this issue. Any help is appreciated

  Thanks for the reply. The problem still persists.
  The same metalink gives another solution as below but when I add the below to the report I couldn't compile. It gives "identifier hr_standard.event must be declared". Anyone used this before, if so how to use the same.
  3. If the issue is not resolved try placing the calls mentioned in 2 with
  hr_standard.event('BEFORE REPORT');
  hr_standard.event('AFTER REPORT');
  Metalink is
  How To Enable Hr Security on Custom Reports? [ID 369345.1]

• Can VPD Virtual Private DB in 10g replace Oracle Apps security rules?

  I read the recent article in Oracle Magazine called 'Testing Database Security', especially the section on Virtual Private Database (VPD), caught my attention. Can this feature of the 10g database be used by the Oracle Apps to restrict access to data through the apps login? We just moved to 10g.
  Our current data security is enabled by leveraging security rules attached to responsibilities. Our security rules restrict by operating unit, of which there are 89. It would be great if VPD could be used, as it might replace the need to create 89 separate security rules. We would maintain just one set of policies.
  Does anyone know if this can be used on the applications level? If anyone has done this, do you know of a documentation link that would help?
  Thanks for your insight.

  Sebes,
  Thanks for the link...it sounds like it may be part of the Oracle future landscape, but for now, we will have to live with security rules.
  Sincerely,
  Brenda

• Oracle apps security

  Hi
  how to prevent the attacks over the web application level for example: developer post the .jsp page through url: http://server.ten.com:(port):/OA_HTML/xxy.jsp. But this jsp page include having many special characters, that mean , &, " etc. I need only values not a special character. so I have to restrict those special character above mentioned jsp page (xxy.jsp). but I don't no how to do that, please give me the solution.
  Regards
  A

  Pl see you other post oracle apps
  Srini

• Validate Oracle Apps Username and Password via ADF?

  Hello. I'm trying to verify a persons user id and password in ADF 11g. I snagged the FND classes to be able to do this, and am calling it as follows:
  AppsContext ac = new AppsContext("/home/workspace/idev.dbc");
  boolean loginStatusCode = ac.getSessionManager().validateLogin(userName, password);
  if(loginStatusCode == true)
  return "success";
  else
  return "failure";
  This works in the Application Module tester, and works as a standalone program. However, when I run it in weblogic I get a class cast exception (this can be fixed by removing the ojdbc5 & 6 files in the lib folder and replacing them with the ojdbc14 jar) Unfortunately, it fixes that problem but then all the ADF stuff breaks.
  Has anyone used Oracles apps security for logging in a user? Or, is there a way to have Weblogic use the ojdbc14.jar for a singular deployment? Here's the class cast I get:
  oracle.jbo.JboException: JBO-29000: Unexpected exception caught: java.lang.IllegalAccessError, msg=tried to access class oracle.jdbc.driver.OraclePreparedStatement from class oracle.apps.fnd.common.ProfileCache
  Thanks in advance.

  Hi,
  you can also validate an FND login using the FND_WEB_SEC.validate_login package if it's easier.
  Brenden

• When accessing the any tasks from Fusion Applications homepage, "An error was received for the task Manage Worker Goal Setting Lookups. This task is identified with the code HRG_MANAGE_WORKER_GOAL_SETTING_LOOKUPS that invokes program /WEB-INF/oracle/apps/

  We have installed HCM and CRM modules on Fusion Application 11.1.7 version.
  This is 2 node architecture ie IDM components installed in one node and Fusion components installed in another node.
  We are able to start the IDM components and Fusion components successfully, but when users are trying to access any task from Fusion application home page, they are getting the below error
  A portlet consumer error was received for the task Manage Worker Goal Setting Lookups. Report the error details to the following owning product Goal Management.
  An error was received for the task Manage Worker Goal Setting Lookups. This task is identified with the code HRG_MANAGE_WORKER_GOAL_SETTING_LOOKUPS that invokes program /WEB-INF/oracle/apps/fnd/applcore/lookups/publicUi/flow/ManageCommonLookupsTF.xml#ManageCommonLookupsTF of module code fndSetup. Review the consumer and producer logs for more details on this error.

  This may be related to the other issue regarding "FUSION_APPS_WSM_APPID-KEY" as the logs contains exceptions like:
  oracle.wsm.policymanager.PolicyManagerException: WSM-02081 : Failed to login to perform requested action.
  Please refer to document Fusion Application Service Account Password Expiration Causes Portlet Producer Errors (1486388.1) for steps on how to verify and set the password. There is also exception:
  javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User FUSION_APPS_PROV_PATCH_APPID denied
  This is also likely caused by an expired password, please see Fusion Apps Servers Are Not Starting Up - Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired (1629927.1).
  Jani Rautiainen
  Fusion Applications Developer Relations
  https://blogs.oracle.com/fadevrel/

• When I try and download an app it is saying my billing security code is invalid, but it was working fine

  When I go into  download an app in the appstore it is saying my billing security code is invalid,It was working fine before.

  Same thing happend here.  Yesterday I called and chatted with a lady who told me right away that they are having issues with people validating their credit cards.  She told me to contact support by email, which I did twice, they replied with the following:
  1. Contact your bank or credit card company and ask to speak with the fraud/security department.
  2. Tell the representative that your security code is being rejected. Ask them to review your account to see what might be preventing you from using the card to purchase from the iTunes Store. Ensure that they thoroughly review your account until they locate and resolve what is causing the issue.
  3. The bank or credit card company will need to remove any holds on your account.  The bank or credit card company could also bypass the authorization process.
  I tested my card with another trusted service who asked to verify with the security code and it worked fine.
  I guess at this point you could call your bank (just in case) or just wait.

• Security code issue in iTunes review in iPhone 5

  Hi
  When I'm reviewing my apple and billing information, I used a debit card information. After entering all the correct informations including security code, It's showing an error in security code. I tried so many times but no use. Please help me out

  Not on that account if you don't have a credit card. There are instructions on this page for how to create a new account without giving credit card details : http://support.apple.com/kb/HT2534 - if you want to use the same email address on the new account then try changing it on the existing one via Settings > iTunes & App Store on your phone, Store > View Account on your computer's iTunes, or http://appleid.apple.com (you can create a new email address via http://gmail.com or http://hotmail.com to replace it with)

• Creating security similar to Oracle Apps

  We have an application that has security similar to Oracle Apps. i.e. maintaining the users and roles (responsibilities) within our application. Discoverer has a special login mechanism for Oracle Apps users. Is there a way to configure Discoverer to work with other application which has similar secuirity mechanism?

  Hi Maruthi
  I'm afraid I have no documentation to point you at because this was done for a specific client and I have just not had the time to put together some generic documents. I can't use the client's documents because that would be unethical and has pictures of their data.
  Nevertheless, here is an overview.
  1. Look at all of the Oracle base tables and determine which ones have one of the following: ORG_ID, Set of Books ID (SOB_ID) or Chart of Accounts ID (COA_ID).
  2. Look at the same tables and run some scripts such as this: SELECT COUNT(*) FROM TABLE
  3. For all such tables that have more than say 200,000 rows add one partition for each ORG_ID, SOB_ID or COD_ID
  4. As you know, when a user logs in using an Apps account, the system sets a SYS_CONTEXT variable identifying the ORG_ID that user has access to. This is fine for tables that have an ORG_ID, but for those which only have a SOB_ID or COA_ID you can't use the ORG_ID. Therefore, what you do is create a new table, let's call it ORG_ORGANIZATIONS, that links an ORG_ID with its associated SOB_ID and COA_ID. The table is indexed on the ORG_ID.
  5. Create one function per type, thus one for ORG_ID, SOB_ID and COA_ID.
  For ORG_ID - function named 'DP_ORG_SECFUNC, the heart of the function is:
  select substr(userenv('CLIENT_INFO'),1,5) into x_org_id from dual;
  v_statement := 'ORG_ID = '||x_org_id;
  return (v_statement);
  For SOB_ID - function named 'DP_SOB_SECFUNC, the heart of the function is:
  select substr(userenv('CLIENT_INFO'),1,5) into x_org_id from dual;
  SELECT SET_OF_BOOKS_ID INTO v_set_of_books_id
  FROM ORG_ORGANIZATIONS WHERE ORG_ID = x_org_id;
  v_statement := 'SET_OF_BOOKS_ID = '||v_set_of_books_id;
  return (v_statement);
  For COA_ID - function named 'DP_COA_SECFUNC, the heart of the function is:
  select substr(userenv('CLIENT_INFO'),1,5) into x_org_id from dual;
  SELECT SET_OF_BOOKS_ID INTO v_chart_of_accounts_id
  FROM ORG_ORGANIZATIONS WHERE ORG_ID = x_org_id;
  v_statement :='CHART_OF_ACCOUNTS_ID = '||v_chart_of_accounts_id;
  return (v_statement);
  6. Create a view for each table you want to protect. For example, here is the code that creates a view for AP_INVOICES_ALL
  CREATE OR REPLACE VIEW DV_AP_INVOICES_ALL
  AS SELECT * FROM AP_INVOICES_ALL ;
  SHOW ERRORS
  EXEC DBMS_RLS.ADD_POLICY('APPS', 'DV_AP_INVOICES_ALL', 'SecByOrg', 'APPS', 'DP_ORG_SECFUNC', 'SELECT');
  Notice how this view is being protected by a policy that when anyone runs a SELECT against this view a VPD policy kicks in and calls the ORG security function.
  7. Change all of your code that Discoverer is pointing at to use new views similar to the above.
  I hope this helps
  Best wishes
  Michael Armstrong-Smith
  URL: http://learndiscoverer.com
  Blog: http://learndiscoverer.blogspot.com

• TS2446 My phone want let me download apps I put the password in then it's say billing options which tell me I have invalid security code

  My phone want let me download any apps when I put the password in it take me to billing option which tell me I have the wrong security code and that's the security code that was on the card on the account

  iTunes Store: My credit card's security code or zip code does not match my bank's records
  http://support.apple.com/kb/TS1646

• I tried to buy an app and itunes keeps asking for a security code.  What is a security code?  I do not have one.  I have a password.

  I tried to buy an app and itunes keeps asking for a security code.  What is a security code?  I only have a password! And ID

  Are you using a credit card?
  http://store.apple.com/au/help/payments#creditus
  Security codes
  The credit card security code is a unique three or four digit number printed on the front (American Express) or back (Visa/MasterCard) of your card.

• HT1725 For about three weeks I haven't been able to download any apps, not even the free ones.   My apple id billing information says that my security code on the back of my credit card is invalid. I called apple support and they told me to go to the expr

  For about three weeks I haven't been able to download any apps, not even the free ones.   My apple id billing information says that my security code on the back of my credit card is invalid. I called apple support and they told me to go to the express lane website but I still cant find a fix for my problem. If you could help me out that would be superb!!!!

  Is the address on your iTunes account exactly the same (format and spacing etc) as on your credit card bill : http://support.apple.com/kb/TS1646 ? If it is then you could try what it says at the bottom of that page :
  If the issue persists, contact your credit card company and verify that they and any company they use to process credit card authorisations have the correct information on file.
  And/or try contacting iTunes support : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page

• HT3702 i owe money, and the app store wont let me download free apps, if i get more money in my account, will my card be active again and will it accpet the security code?

  I owe money and the billing information is telling me that my security code is invalid. If i get money in my account, will i be able to put in my security code again and purchase apps and music again?

  Is the address on your iTunes account exactly the same (format and spacing etc) as on your credit card bill ? If it's not then that might be the reason that you are getting the security code error : http://support.apple.com/kb/TS1646 ? If it is then you could try what it says at the bottom of that page :
  If the issue persists, contact your credit card company and verify that they and any company they use to process credit card authorizations have the correct information on file.
  And/or try contacting iTunes support : http://www.apple.com/support/itunes/contact/ - click on Express Lane, then iTunes > iTunes Store

• My app store will not let me update or get new apps which are all free and it keeps telling me to enter my billing info and when i do that it sayd my security code ain't right and won't let it go through..how do i fix this??

  my app store will not let me update or get any apps..they keep asking me for my billing info through my card and i enter my info and it says the security code is wrong when i know its right...how can i fix this? whats the problem?

  Select None for payment method >  iTunes Store: Changing account information
  If None is not available > Why can’t I select None when I edit my payment information?
  Yes, you can redeem an iTunes gift card for current purchases.
  How to Redeem iTunes Gift Cards and content codes
  And you can check the balance of a redeemed card >  Account Home - Apple Store

• My iPhone 4gs won't let me download any apps because the security code is invalid? I enter everything correct and my address, don't understand why this is happening! Help please

  I just need to be able to download apps and my phone keeps saying the security code is invalid which doesnt make sense because I enter everything correct and it's really fustrating I've been to the apple store I've called support and they can't seem to fix it! Can somebody please help me? I thought apple was suposta be easy to use :\

  This can sometimes happen because there is a missmatch between the billing address entered on your iTunes account and the billing address from your bank records.  See http://support.apple.com/kb/TS1646.