Possible (and secure) architectures for E-Recruitment Web Enabled???

Similar Messages

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• How do I reset my security questions? Normally people are saying something about a rescue email or a thing that will show where your password and security are for me it just shows my two questions  and that is it.- Help

  How do I reset my security questions? Normally people are saying something about a rescue email or a thing that will show where your password and security are for me it just shows my two questions  and that is it.… Help

  Go to Appleid.apple.com and choose Manage ID you can change them from there.
  You can add a rescue email if you don't have one there too.

• Drag and drop option for hierarchy through Web Template

  Hi All,
  I have 2 hierarchies in one report. For example Product Hierarchy and Customer hierarchy. I would like to have an option in query where I can select the node from each hierarchy and the report is displayed only for the selected node/nodes. I am using Web Template. I used "Hierarchy filter" web item and was able to achieve this. But I would like to have a drag and drop option.
  I mean when I use Hierarchy filter web item, I have to select the particular node in the hierarchy. and then the report (Web Item - Table) is displayed based on the selection. But I would like to drag the node from the hierarchy and drop it to the report (Web Item - Table) and the report is displayed for the selected hierarchy node.
  Is this possible? How? Do I have to write any Java code or we can achieve this with BI Standard functionality.
  Regards.
  Parin Gandhi.

  This is not possible using Standard BI web functionality.
  If you are an expert with JavaScript and BI Web APIs you can probably write JS code to do this.

• WAD 7 and Custom CSS for a single Web Template

  Hell GURUs,
  We were used to create custom CSS for every template (WAD 3.x).
  We could not find a way to do the same with WAD 7.
  We don’t want to create many Portal Themes in order to overcome this problem; moreover certain objects like hierarchies can not be formatted correctly spoiling the theme editor.
  As I said our goal is to have the maximum flexibility like before; hence, can you please suggest us a way to create a custom CSS for a single template?
  Thank you very much
  Matteo Mariniello

  Hi,
  You can create CSS style sheet in BI 7 as MIME object and use the same in your web templates.
  go to the transaction SE80 -> MIME Repository -> SAP -> BW -> Customer ( path may different as per the system setting.
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/d8e0a488ef05f6e10000000a11466f/content.htm
  Hope this will help you.
  Shakeel.
  Edited by: Shakeel Ahmed on Feb 23, 2008 10:42 AM

• How to find the Connection and Security Code for iPad?

  I have a Canon ImageRunner 3025 at the office. I want to connect it with my iPad. I've downloaded the Canon Print & Scan App, but the app requires a Connection code and Security code.  Where can I find this on the printer? 

  Hi, thanks for posting! Canon does not provide direct support for imageRUNNER series products, but your dealer will be able to help you! If you don't have a dealer, please call us at 1-800-OKCANON (652-2666) and we will be happy to provide dealers who are in your area.

• Basic schema design and security mechanisms for slowing down bandwidth

  Hi to all!
  At first I am sorry for a lot of noob questions - I am just beginner in networking.
  I have LAN with 1 SW (cisco catalyst 2950 series), 1 R (cisco 2501), one Apache server on Linux machine (Fedora) and 5 computers . My task is to test my application for preventing DoS attacks on the computer with Apache. My network design is on the image, but if will be necessery, I can change it (I can use more switches and routers like this). So my noob questions are:
  1.) will this desing work? How can I connect these to LANs to router? do I need one more router? can I connect SW ethernet port to router's console port?
  2.) I have erased SW and R configuration. I have configured only interfaces and RIP protocol with networks 10.0.0.0/8 and 192.168.0.0/24. what else I need to configure for making possible viewing webpage from computer with apache on other computer?
  3.) what is "ip http server" setting?
  4.) i need to send TCP, UDP, HTTP and ICMP packets from computers to apache (is it default allowed?).
  5.) i need to use all bandwidth for DoS attack, so i need to disable security mechanisms (configurations are erased, so what else do i need to disable or set up?) I heard only about storm-control, but it is disabled.
  6.) do I need to setup something like this for full speed on devices?
  interface range fa 0/1 - 3
  speed 100
  duplex full
  7.) last question is, I want to monitor protocols and ports of packets sent from computers to apache computer or bandwidth usage (bits/s). Does have SW/R some mechanisms for statistics like this?
  Thank you very much.
  Matej

  Matej Mihalech wrote:Hi to all!At first I am sorry for a lot of noob questions - I am just beginner in networking.I have LAN with 1 SW (cisco catalyst 2950 series), 1 R (cisco 2501), one Apache server on Linux machine (Fedora) and 5 computers . My task is to test my application for preventing DoS attacks on the computer with Apache. My network design is on the image, but if will be necessery, I can change it (I can use more switches and routers like this). So my noob questions are:1.) will this desing work? How can I connect these to LANs to router? do I need one more router? can I connect SW ethernet port to router's console port?2.) I have erased SW and R configuration. I have configured only interfaces and RIP protocol with networks 10.0.0.0/8 and 192.168.0.0/24. what else I need to configure for making possible viewing webpage from computer with apache on other computer?3.) what is "ip http server" setting?4.) i need to send TCP, UDP, HTTP and ICMP packets from computers to apache (is it default allowed?).5.) i need to use all bandwidth for DoS attack, so i need to disable security mechanisms (configurations are erased, so what else do i need to disable or set up?) I heard only about storm-control, but it is disabled.6.) do I need to setup something like this for full speed on devices? interface range fa 0/1 - 3speed 100duplex full7.) last question is, I want to monitor protocols and ports of packets sent from computers to apache computer or bandwidth usage (bits/s). Does have SW/R some mechanisms for statistics like this?Thank you very much.Matej
  The 2950 switch and 2501 router are pretty old, low specification devices, so you might run into performance problems. Be aware of this. The 2950 also is not, from memory, a layer 3 switch, so it does *no* routing.
  To answer your questions 9I'm assuming some basic knowlege of how to use IOS, so these commands are indicative only).
  The 2501 has only one ethernet port, so you can't connect the way you have in your diagram. Youc an not connect an ethernet port to the router console port - the console port is a serial connection, by default running at 9600/8N1, and is not convertable to ethernet.
  To make your required network work, you'd need to do the following.
  1) Configure your 2501 ethernet port for dot1q VLAN trunking by doing something like this
  interface fastethernet0
  no shutdown
  speed 100
  duplex full
  no ip address
  interface fastethernet0.2
  encapsulation dot1q 2
  ip address 10.0.0.4 255.0.0.0
  interface fastethernet0.3
  encapsulation dot1q 3
  ip address 192.168.0.1 255.255.255.0
  Setup in this manner you don't need routing protocols such as RIP because both routes will be directly connected, and the router will know how to get between them without anything fancy.
  Then connect the ethernet interface of your 2501 to a port on your 2950 switch - I'll assume it's a 24 port switch, so I'll use interface f0/24
  Create VLAN's 2 & 3 for your devices by doing this (2950 is so old the IOS method us creating VLAN's won't work, from memory)
  vlan database
  vlan 2 name workstations
  vlan 3 name server
  interface f0/24
  switchport trunk encapsulation dot1q
  switchport mode trunk
  speed 100
  duplex full
  switchport trunk allowed vlans 2-3
  You can create a VLAN interface for management of your switch at the same time if you like
  interface vlan2
  ip address 10.0.0.7 255.0.0.0
  no shutdown
  Then connect your devices. You will need to configure each switchport into an appropriate VLAN - for example, if you are connecting your server to port f0/23
  interface f0/23
  switchport mode access
  spanning-tree portfas
  switchport access vlan 3
  Use "switchport access vlan2" for your workstation ports.
  The "ip http server" setting on switches/routers enables management via the web - on these old devices, turn it off, as it's next to useless. Type "no ip http server" in configuration mode.
  There is no packet filtering or security enabled on these devices by default, so you can just sling whatever you like at the Apache server.
  Unfortunately, owing to the fact you only have one ethernet port to uplink to the router, you will never be able to saturate the server. The best you will manage is 50 megabits per second (half in, half out) because you have to trunk back to the switch to get to the server. If you really need to flood the server, you either need a better router (one wit two ethernet ports) or a layer-3 capable switch (so you can eliminate the trunk and just use the in-built routing capabilities between subnets).
  And finally - you won't be able to monitor protocols/ports using this hardware. You *could* setup a MONITOR/MIRROR port and use a separate PC running wireshark or something to monitor the trunk port, but that'd need additional hardware (PC's), and a bit more configuration.
  Phew. Hope that helps a bit. Basically, to do the loading you want, you need better/different hardware, but you can come close with what you've got.
  Cheers.

• Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

  We would like users to be able to connect remotely over the Internet from their personal devices to their primary Windows 7 workstation (a physical box on their desk) by using the Microsoft RDP Client For Windows, Mac, iOS and Android.  There is no
  plan to use RDWeb or Remote Apps, or VDI.  Just plain remote access to their desktop PC without VPN plus a third party 2nd factor authentication product that can text them back a code to enter with their AD credentials (AuthAnvil or Duosecurity)
  We do not have TMG or ISA.
  We would like to get these services all running in a single server and be as simple as possible while still being very secure.
  The recommendations I see seem to suggest putting the RDG in a DMZ with either a domain controller on a new domain with a one-way trust to your internal domain or else a read-only domain controller on your domain and then RD Session Host and License server
  located on different servers on your internal LAN.
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  That sounds like a lot of separate servers and cost for not a lot of users in our environment.
  Do we even need a separate session host server if there are no RDP sessions being hosted directly on the servers because  the users are only being redirected to connect to their workstations and will never be using terminal sessions on the server?
  Can the RODC or the Domain controller on new domain with the one-way trust be the same server as the Remote Desktop Gateway server and not separate servers?
  What is the most minimalist way to set this up with good security when opening all the ports needed to authenticate with internal DC is not secure enough?

  #2 sounds like we would need 2 Essentials servers and we will not have that.
  We currently have Server 2008 R2 and have 2012 Standard licenses that are not yet used.
  We have much more than 75 users total, but 75 is more than the number of users that will probably take advantage of using RD Gateway any time soon.  It will probably take time to catch on.
  If RD Gateway usage was to get super popular and more than 75 users were depending on access to it, then we could financially justify paying to buy all the CALs needed to run RD Gateway without Essentials.  Right now, they are skeptical that it will
  be worth spending much money on this and don't want to invest a lot  of money up front.
  My understanding is that if we have 75 or fewer users using RD Gateway then we need to by no CALs, just apply a Server Standard Edition License to the server, but if we had 76, we would need to turn off Essentials and buy 76 new CALs.
  Or would we need to add 50 CALs to the 25 that automatically come with Essentials?
  Also does "turning off" Essentials mean we would have to reinstall and redeploy the RDG or is it just a matter of enabling the RD license server and adding purchased CALs?
  No, when you buy essentials you get the right to create 25 users that access the server, when you create the 26th user you will need to have 26 CAL and RDS CAL. 

• How to install eclipse and MyEclipse and use it for jsp-servlet-web service

  hi ,
  please help me to install eclipse 3.1 and How to integrate MyEclipse to do jsp-servlet programming and web services.
  please also help me to include application server like tomcat and axis and use that environment in MyEclipse ide.
  please help me.....

  At the time of installation , you can't change SID XE.
  After installation, you can add another service name
  Check following thread for more details
  Re: How to create service on Oracle 10g XE
  - Virag Sharma
  http://virag.sharma.googlepages.com
  http://viragsharma.blogspot.com

• Flex mobile project: web root and root path for a remote web service?

  Hi all,
  i'm trying to set up the testdrive tutorial for flex mobile project, with flash builder 4.5
  and php data.
  I've uploaded the files on my remote web space (e.g. http://mywebsite.org, and the
  test file is http://mywebsite.org/TestDrive/test/test.php... and it works
  correctly)... But when i'm setting properties of the project, i don't know what
  to write into the web root and root path fields... I thing root path is simply
  http://mywebsite.org... and whatever i write in the other fields (output folder
  too) i have errors when i click on "validate configuration"...
  What should i put into those fields? is zend framework (and gateway.php)
  strictly necessary?
  As you can see... i'm a bit confused....
  Many thanks for any help
  Bye
  Alex

  I thought it was a simple question...
  No advice?

• What are the BP and BF need for E- Recruitment configuration?

  Dear All,
  We are going to implement E-Recruitment.
  System is ECC6,  EHP6 and portal 7.3
  Client is Indian
  We are going to deploy below Business Packages in portal.
  BP Recruiter
  BP Recruiter Administrator
  We are going to activate below Business Functions in ECC.
  HCM_ERC_CI_1
  HCM_ERC_CI_2
  HCM_ERC_CI_3
  HCM_ERC_CI_4
  Are there any other to deploy BP and activate BF?
  Please guide me on this.
  Regards
  Anoku

  Hi Anoku,
  Please check the prerequisites for the business functions. You can find the documentation regarding the business functions in transaction SFW5.
  For example: Starting from HCM_ERC_CI_2, you will need to activate HCM_ERC_SES_1 as a prereq.
  Keep in mind: You only need to activate the business functions which bring you the functionality you need.
  Regards,
  Luk

• HT204088 Inspite of submitting all requiredFields I am not getting purchase History and Security code for redeeming.I have clicked for purhase of Sri Sri Shankar's Rudra Album but unable to get it loaded on my I pod  What do I do ? Reply to me by Laila no

  Dear Customer Care I Tune,
    I have been trying to down load "Rudra"Album of Sri Sri Ravi Shankar, A religious & Spiritual Hymn. from I tune store. The price was shown as Rs 120/= I clicked on buy and filled the details of my debit card (ICICI Bank India)which created account but I could not fill up code for redeeming or security code being asked for ,with the result the my purchse is not getting authorised (I presume.)I am unable to get the Music on my I pod. To my  Earlier complaint I got Reply under follw up #272091438 from your customer care miss Laila. I was asked to action as suggested in the link. But inspite of following the insructions as suggested in the link I could not get Purchse details and order number as envisaged in the instructions. Can  I expect some working suggestins and advice .
    Anant Pashilkar
  Presenlty I am at Austine Texas
  <Personal Information Edited By Host>

  Most of the people on these forums, including myself, are fellow users - you are not talking to iTunes Support here. I've asked the hosts to remove your email address and phone number from your post.
  If you are currently in Texas in the US then you won't be able to buy from the Indian iTunes store - you need to be within a country to use its store, so to use the Indian store you will need to be in India.
  In terms of the redeem code that you mentioned, entering an iTunes gift card is optional and they are country-specific and they are not available in all countries - I don't think that are available in India, so I don't think that you could fill it in anyway. For the bank card, i don't think that debit cards are now accepted as a valid payment in the store, there have been a number of posts recently about them being declined, and they are not listed on this page.

• Customer Include and search help for E-Recruiting

  Hello All,
  I've added a field to customer include field for table hrp5122.  I want to add search help BUPA to that field.  When I do that I get an error when the page is to be displayed.
  I would like to use the search help instead of filling in the value table for the domain used for this field.  Currently this is the only way, I know, how to make a customer include field appear with drop down list values on the web.
  If you have been able to use a search help on a field that is displayed on the Web please respond with the steps on how to do it.
  Thanks,
  Alisa

  Never mind.  User error.  My search help was not working properly.

• Best FREE cleanup and security software for macbook?

  I need something reliable and efficient to cleanup and use my Macbook Pro safely. 
  I know there are some expensive options but would like suggestions for good, FREE software!
  Thanks

  The Mac OS is based on Unix and does a very good job of cleaning up after itself. I can't think of anything you'd really need unless you want to clear caches or something on a regular basis. In that case I would recommend the free Onyx utility. Read Thomas Reed's excellent article on the 'myth of the dirty Mac' here - http://www.reedcorner.net/the-myth-of-the-dirty-mac/.
  As for anti-virus software, you really don't need it, either. However, if you're just paranoid and coming from the PC world, you might want to read Thomas' excellent discussion of Mac malware here - http://www.reedcorner.net/mmg/.
  If you want to install some sort of free a/v software, I believe that Thomas recommends both ClamXav and Sophos. If you feel that you need them, download them.
  Good luck,
  Clinton

• 'Sensible' Definition & Security settings for a Production APEX environment

  Hi Folks.
  What's the feeling on Definition and Security settings for a production APEX application?
  Here are my settings for my UAT environment (not quite in production just yet)
  Debugging: NO
  Status: AVAILABLE
  Build Status: RUN APPLICATION ONLY
  Authorization Scheme : MUST NOT BE PUBLIC USER
  Session State Protection: ENABLED
  In the APEX Administration setup, access to my site is restricted by IP also. As a consequence I think it's buttoned down quite tightly but, eventually, we plan to open this up to the Big Bad Web!!
  What are your thoughts on the pro's and con's, the why's and wherefore's of one setting or another.
  I'm hoping this thread will prove to be a good forum for discussing APEX application security configurations and a reference for others.
  Please feel free to link to whitepapers of relevance.
  Maybe someone could take up the challenge of producing an 'UNHACKABLE' :-) APEX website?
  Simon.

  Hi Simon,
  If you're just talking about instance settings, then you might also add to that using the 3.1 runtime only instance.
  If we're opening it up to application design, well...that's a whole other matter ;)
  John.
  http://jes.blogs.shellprompt.net
  http://www.apex-evangelists.com