Prevent viewing of source files - security-constraint

Similar Messages

• How can we prevent viewing the source code  of JSP by the user

  Dear sirs,
  how can we prevent viewing the source code by the user ( from the browser for the Viwe Sorce option) for a JSP file that use struts frame work.
  infact i don't wan the user to view the javascript that in incorporated in the JSP for various purpose...
  thanks and regards...
  Sudheesh K S
  INDIA

  Dear sirs,
  how can we prevent viewing the source code by the
  user ( from the browser for the Viwe Sorce option)
  for a JSP file that use struts frame work.
  infact i don't wan the user to view the javascript
  that in incorporated in the JSP for various
  purpose...
  thanks and regards...
  Sudheesh K S
  INDIAJSP and Servlets are programs/scripts that run on the server. The user/clients only sees the HTML output generated by the server. If you want to hide JavaScript from casual users then you can put the JavaScript code in a seperate file. This file can however be read from the Cache.

• Viewing Java Source File

  Why do we get a line saying 'create or replace' at the top when viewing java source shouldn't this read, as a minimum, 'create java source named "java object name" as'

  Bump
  I'm also still getting this in 919; any response from the team?
  thanks,
  William

• How to prevent viewing a .doc file without logging?

  Hi,
  I have a file called phoneNumbers.doc(MS-Word doc) file. When a user presses the link for this file, I want to show him only if the user is logged in, if not re-direct to login.jsp page. How do I make sure if the user is logged in. I am using Tomcat 4.X as my jsp and servlet engine. I want to prevent users to see this if they directly enter the url without logging in.
  Does any body have any idea, how I can use security realms in tomcat to achieve this or any other way? Please Help!
  Thanks in advance.

  Do you have any kind of DB in the background of this?
  Is it just an JSP page with an HTML link?
  This might sound like a lot of work to do, but here's what I suggest:
  1) Create a JSP login page that will forward to the servlet mentioned above
  2) Have your servlet check in a DB if the person's information is correct. If so, JSP:FWD to the JSP with the link, else back to login page
  3) Before going to the JSP with the link, your servlet should get a session and set a session variable called "IsLogged" to "1", for example.
  4) On the JSP with the link, change the link to be a function call in your JSP. This function will check "IsLogged". If the value is "1", show DOC, else JSP:FWD to login page. You can also have a Javascript popup tell the user that he/she is not logged in.
  5) Finally, on the JSP with the link, you should have a log out button that will essentially set "IsLogged" to "0" and JSP:FWD to the login page. Make sure that the login page has some kind of message that says that you have logged the person out, or else it can be confusing to find onesself on a logIN page when we just logged OUT.
  This is just an idea, but I have done this many times before and it works beautifully.
  Hope this helps,
  Haig

• I cannot view my source files - all are white!!!!!

  I got Premiere Elements v 9.0 installed on Windows XP last week by IT dept. But something is wrong.
  I cannot view any .wmv or .mov files (havent tried any more yet). I add my clips to the project but when playing them all I get is a white screen. In timeline I can see snapshot images as usual. 
  Can you help us with some hints? I doubt there are any experienced moviemakers at IT at all. I probably need to get the fix and tell them what to do.
  The project settings seems perfect. The clip I added in timeline "shows green" (no rendering needed). So I doubt that is the problem.
  Please help - I need to start up a real project this week.

  When one encounters display issues, the first thing that I recommend checking is the video card/chip's video driver.
  What make/model of video display adapter do you have?
  What is the currently installed video driver?
  Can you go to the video card/chip mfgr's. We site, plug in your card/chip's number, and your OS, and check for an updated driver?
  Note: do not trust Windows, or any utility, to tell you if you have the latest video driver. They will be at least 6 mos. out of date.
  Note also: if you have a Dell, Lenovo, HP, Toshiba, or other mainstream computer company's system, check on their Web sites, as many re-wrap video drivers from nVidia, ATI/AMD and Intel. If you have an Intel integrated graphics chip, you might have difficulty finding a newer driver, but still look for one.
  Do you have a laptop, or desktop computer?
  Good luck,
  Hunt

• Dynamic rendered component doesn't appear in source file! How to get hold

  I have three select components on my page, the 1st one is selectOneRadio2, the 2nd one is selectManyCheckbox1, and the 3rd one is selectOneRadio3. The selectManayCheckbox1 and selectOneRadio3 do not display at the same time. Their rendered properties are dynamically set in the managed bean depending on the choice of the selectOneRadio2. It toggles between those two components just fine when I set the rendered property in the managed bean dynamically in a value change event, however when I tried to retrive the value from the 3rd component selectOneRadio3 which was not rendered initially (or by default), I get nothing. When I viewed the source file after the component is rendered on the page, that component is not in the source file at all, and I saw the default rendered 2nd component (selectManyCheckbox1) instead!!! How can I get hold of the later rendered component (selectOneRadio3)???
  <tr:selectOneRadio value="#{bindings.expenseTypeList1.inputValue}"
  label="Expense Type"
  binding="#{backing_eef_expense.selectOneRadio2}"
  id="selectOneRadio2"
  valueChangeListener="#{backing_eef_expense.expenseTypeChange}"
  autoSubmit="true">
  <f:selectItems value="#{bindings.expenseTypeList1.items}"
  binding="#{backing_eef_expense.selectItems2}"
  id="selectItems2"/>
  </tr:selectOneRadio>
  <tr:panelGroupLayout binding="#{backing_eef_expense.panelGroupLayout3}"
  id="panelGroupLayout3"
  partialTriggers="selectOneRadio2">
  <tr:selectManyCheckbox label="Multi Choice"
  rendered="#{backing_eef_expense.renderMultiChoice}"
  binding="#{backing_eef_expense.selectManyCheckbox1}"
  id="selectManyCheckbox1"
  valuePassThru="true">
  <f:selectItems binding="#{backing_eef_expense.selectItems4}"
  id="selectItems4"
  value="#{backing_eef_expense.itemList2}"/>
  </tr:selectManyCheckbox>
  </tr:panelGroupLayout>
  <tr:panelGroupLayout binding="#{backing_eef_expense.panelGroupLayout4}"
  id="panelGroupLayout4"
  partialTriggers="selectOneRadio2">
  <tr:selectOneRadio label="Single Choice"
  rendered="#{!backing_eef_expense.renderMultiChoice}"
  binding="#{backing_eef_expense.selectOneRadio3}"
  id="selectOneRadio3" valuePassThru="true">
  <f:selectItems binding="#{backing_eef_expense.selectItems3}"
  id="selectItems3"
  value="#{backing_eef_expense.itemList2}"/>
  </tr:selectOneRadio>
  </tr:panelGroupLayout>
  I use Trinidad components because it's a migrated application from 10g to 11g. I'm using 11g now.
  Edited by: SophiaM on Feb 3, 2011 10:23 AM

  Hi Joonas, Thank you for your replay. I don't know the answer to your question.
  First, I have no idea if that will cause any problem, or the libraries would have conflict or not if I use both within the same application. We are very careful about that becaue we had a lot trouble when we did the migration. A LOT of things were broken after the migration and some of the issues were caused by conflict on libraries. That's why although I am creating new pages in the application, I still carefully stay with Trinidad components.
  Second, out of curiosity from your suggestion, I tried to add ADF library and technology into my project, I still don't see the ADF components avaiable in my Component Palette panel, even after I restarted JDeveloper. So I don't know how to switch it even if I dare.
  I just read something like this, seems apply to my situation:
  Your correct in the fact that rendered=false is useless. However, that is not how it's typically used. Typically this will be bound to a backing bean which will allow you to turn the component on/off. You should use a hidden input field and a switcher if you need to keep the value in the form submission. Adam is totally correct in that it will break a bunch of stuff if we all of a sudden just "turned it on" because people have come to expect the current behavior.
  Do you know what a switcher is?

• *Stupid Noob Alert* Viewing Sample AS3 files?

  Hoping someone can help me out...
  I've been trying to view sample source files and clearly I'm doing something wrong. When I open the file, the assets and stuff appear in the library,
  but I can't find the actions code and the movie won't play as supposed to.
  If anyone is so inclined to check it out, is there anything more to viewing the below sample file than opening it in flash cs5?
  File:
  http://ukaszblog.com/catch-the-falling-fruits-flash-game-part-2/
  from this site:
  http://ukaszblog.com/catch-the-falling-fruits-flash-game-part-2/

  I couldn't tell you, it could all be created using actionscript.  Just look thru all the files that came with what you downloaded and you'll find the .as files that are used.

• The XML Source file is unavailable for viewing

  Same java application is deployed on two different servers. One server is in the intranet zone and the second one is in the internet zone. The request sent to the server is an xml file and the response from the server is also an xml.
  In intranet server, when we are trying to view the source of the response xml file , we are getting a prompt displaying the message "The XML Source file is unavailable for viewing".
  But in internet server, when we are try the same, we are getting a valid xml resposne. We are using IE 6.0 - SP1 browser.
  We tried the same in the mozilla browser and found the same results. Any suggestions on this?

  One possibility is the IE security settings under tools/internet options. The intranet site may have a lower security setting than the internet site. The browser may not ne letting the internet site download the xml.

• I can no longer view source files in Firefox 6. This is very important for my job as an SEO consultant.

  Under View I can no longer read the Source files for a webpage. As an SEO consultant this is vital for my work. Please can you restore this feature for FireFox 6.

  You can also use these shortkeys:
  * Web Console -> CTRL + SHIFT + K
  * Scratchpad -> SHIFT + F4
  * View Page Source -> CTRL + U
  * Error Console -> CTRL + SHIFT + J
  Check and tell if its working.

• Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?

  Is there an Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?  Latest version I can download is 4.2.1
  I assume no fix is available, does anyone know if I'm still vulnerable to the security bug?

  No fix is needed since that vulnarability isn't in 4.2.1.

• Can't see Source Files in Destinatio​n View

  I added my executable to the [Program Files] / Dryness Fraction directory and a Help File to the [Public App Data] / Dryness Fraction directory in the Source Files -> Destination View window of my Installer.
  However now I can't see them anymore and I can't seem to add them again either - which leads me to suspect that they are there, but are not being displayed for some reason (see Source Files_BAD.jpg attachment).  I can for instance click on some other folder and the little blue transfer arrow is enabled allowing me to add say the Executable files to that particular folder.
  What it should look like, in another Installer I did, is the attachment Source Files_GOOD.jpg
  Is there a way I can refresh the View so that the files appear again?
  Chris
  Attachments:
  Source Files_BAD.jpg ‏158 KB
  Source Files_GOOD.jpg ‏176 KB

  Hi Chris,
  Unfortunately, there isn't a refresh button in the installer builder. I believe you are right in thinking that the files have already been added. 
  Have you tried building another installer and see if you can replicate this issue? If you went through with the installer builder, could you see the files in the appropriate locations on the target machine after installation?
  I would also recommend creating a new folder in Destinations. Then try to add the executable into the new folder in the Source File. Give that a shot and see if you can see your executable in the new folder. Please refer to the attached screen shots for more detail.
  I hope this helps,
  Josh L.
  Applications Engineer
  National Instruments
  Attachments:
  Create new folder.png ‏91 KB
  source file add.png ‏117 KB

• What is the best practice in securing deployed source files

  hi guys,
  Just yesterday, I developed a simple image cropper using ajax
  and flash. After compiling the package, I notice the
  package/installer delivers the same exact source files as in
  developed to the installed folder.
  This doesnt concern me much at first, but coming to think of
  it. This question keeps coming out of my head.
  "What is the best practice in securing deployed source
  files?"
  How do we secure application installed source files from
  being tampered. Especially, when it comes to tampering of the
  source files after it's been installed. E.g. modifying spraydata.js
  files for example can be done easily with an editor.

  Hi,
  You could compute a SHA or MD5 hash of your source files on
  first run and save these hashes to EncryptedLocalStore.
  On startup, recompute and verify. (This, of course, fails to
  address when the main app's swf / swc / html itself is
  decompiled)

• Where does Lightroom put HDR in the grid view? Is there anyway to have Lightroom stack the HDR file with the source files?

  I can't decipher where (and why) the program is putting the HDR image in the grid. I stack all of my HDR source images so they are easy to track and manage. Other apps/plugins allow you to stack resulting images with their source image. That would be great if there's a way to set that in LR preferences.

  Thanks, but this doesn't really answer the question about stacking the HDR file with the source files. Yes, it does put the file in the same folder, however many of my folders have 100s of images (that often look similar) and as far as I can tell, LR places them randomly in the sort order. It doesn't appear to put them at the beginning or end of the sort (usually by date), but somewhere randomly in the middle. Even if it could be made clear what method it is using to sort them, that would help locate one file among hundreds.
  Ideally, however it should allow you to stack with the stacked source files. Is there anyway to do this? If not, is it a feature that could be requested?

• Handling source files for multiple versions

  Ok, I've looked around on the web and multiple discussions and have yet to find an answer. We currently have two authors working on the same help project that we have handled relatively successfully under RoboSource. Our development environment has changed so that we need to be able to support multiple versions of the help at once ie- release branch vs development branch that we want documented but it is not yet slated to be in the release.
  I've looked at the help for RoboSource and there is an idea of branching but not much help on how this is done or if it really maintains two sets of the files, etc. I've also seen some postings on the forum for this that have gone unanswered. Makes me suspect that perhaps RoboSource doesn't really support multiple versions of help source files. I would be happy to admit that I'm wrong here.
  Another option to solve our challenge is by committing our source files to the development source system, SVN. I've noticed some threads discussing this. I'm unsure from reading these posts if RoboHelp alerts you when you are about to modify a file, such fpj or hhk, that is being used by someone else like RoboSource does. Since we still have two authors playing in the same help project it would be most efficient if it would notify us before letting us write over one another's work.
  Can anyone shed some light on:
  1) does RoboSource really support multiple versions of the help source files and how it is done?
  2) does RoboHelp notice when a file is locked in SVN and notify the other author to keep hands off until it is committed again?
  3) is there somewhere better for me to research this?
  Thanks you for any assistance you can provide,
  Nita

  We're using RSC 3.1 with RH 8 and with RH X5, and we've found that this is actually a two-step process:
  Branching is the method for copying a snapshot of a folder (to establish two branches of the same source).
  Reconciling (AKA forward/back patching) is the method for synchronizing edits between branches (or not, as the case may be).
  For example, a "V12.3" branch of the "main" source has been prepared for one customer's specific needs. All edits to "main" will be forward patched to "V12.3," but edits to specific areas of "V12.3" will not be back patched to "main."
  Tim, my boss, prepared the tutorials below, as much for himself as for us, and I have only stripped the screenshots to protect our intellectual property. Note also that we reference two publish locations, one for internal reviewing, and one for Release Engineering to include in our nightly product builds. Your environment might only have a single publish destination. Note also that the output files are never added to RSC.
  Pay special attention to your folder naming process before you start, by anticipating any potential future branching needs. Folder renaming after the fact can be problematic in RH and RSC.
  Good luck,
  Leon
  ===================================
  Branching Projects in RoboSource 3.1
  Since the Help for RoboSource and Robohelp lack a proper explanation for branching and updating configuration files to support proper branching, this document has been created to assist in creating future branches.
  Creating New Local Directories
  Individuals must create new local path directories on their systems. We use the following conventions:
            Ex. C:\902_imsmerge\projects (source folder)
            Ex. C:\902_imsgenerate\mergedProjects (output folder)
  Create New Server Directories
  New server directories need to be created in two locations for holding the output files.
  One is for the Robohelp output that gets put in the nightly .war file and checked into Perforce.
  The other is in the wwwroot of our IIS server for our doc web site.
  They are defined as follows:
  \\docsql01\Documentation\RoboHelp\9.0.3\imsgenerate
  \\docsql01\Inetpub\wwwroot\help_sys\9.0.3
  Create new directories with the correct branch number.
  Using RoboSource View Manager to Create a Branch
  You use the View Manager to create a new branch. In RoboSource 3.1, a branch is just a different type of view.
  Assume the version_903 branch has already been created. To create a new branch, click the Create button and name the new branch (version_910), leaving a blank root folder.
  Click on Set Root to define the root folder for the new branch.
  Select the root for the branch and click OK.
  Select the view (branch) and click Properties. In the Properties window, select Branch as the Type, then click Close.
  In the View Manager, check the check box to enable the view.
  Setting the Local Path for the New Branch
  Select the new branch and right-click.
  Type in or browse to the correct local path, check the Apply Recursively box, click Apply. Close the Properties window.
  Editing .xpj Files
  The .xpj files in the new branch need to be edited to point to the new branch. THIS IS VERY IMPORTANT. IF NOT DONE ROBOHELP WILL CHECK IN CHANGES TO BOTH THE BRANCH AND THE ROOT.
  One line in each project’s .xpj needs to change. See below.
  This value must match the branch the project lives in. In our above new branch example this would be changes to %version_910.
  In a merged project, you can change all these at once with the FAR tool.
  Edit the .ssl and .sss files
  These files need to be edited to redefine the generating and publishing paths. Note that this can also be accomplished with the FAR tool, or by having each writer do it through the GUI.
  ssl Files
  The .ssl files contain the data for the generate path. Although there might be seven .ssl files for each project, you only need to edit the ones for your Primary Layout and one or two others that you might also use.
  Make sure the generate path is defined correctly.
  sss Files
  The .sss file defines the publishing paths. This edit can also be done through the GUI if necessary.
  ====================================
  Forward and Back Patching in RoboSource
  This document describes the procedure of forward or back patching files (.htm or .gif) between branches in the RoboSource system. The RoboSource product uses a feature called Reconcile Changes to accomplish patching between branches.
  Example Scenario
  Throughout this document we will use a real life example from the refwindows project.
  We have edited the version 9.0.3 security_master_folder.htm file in RoboHelp.
  Now, we need to backpatch it to version 9.0.2.
  Selecting Folders or Files to Reconcile
  You can select either:
  A single file for reconciliation
  The source folder, or
  The destination folder
  If you have just one file to reconcile, you will probably want to use the single file method. If you have several files to reconcile, you will need to use the folder method.
  Working from the Source Folder
  Select the source folder (folder that contains the updated file) in source control. In our case, %version_903/refwindows.
  Select Reconcile Changes … from the Action menu. This opens the Reconcile window.
  Select the appropriate option in the Reconcile window.
  In our example we select the first option to reconcile from %version_903 because that is where our updated file is. Make sure the correct project is selected in the drop-down list. ($/version_902/refwindows).
  Other Options
  Reconcile changes made in another branch *into %verison_903/refwindows. This is the option you would use if you have an updated file in another branch that you want to put in 903.
  Reconcile changes made locally (in c:\903_imsmerge\projects\refwindows) and %version_903/refwindows. We would most likely never use this option.
  Reconcile changes made in another database *into* this database. Do not use.
  None of the above, let me select what to Reconcile. This one sounds like it would be a good option, but it gets even more complicated.
  Wildcard Filter. Use this to display only certain file types. For example, *.htm;*.gif;*.jpg would filter on those file types.
  Click OK to open the Difference Reconciliator window.
  Notice that this window shows all files in the project that have differences such as the .ssl and .xpj files.
  IMPORTANT: NEVER reconcile these files, they are supposed to be different.
  You can prevent these files from displaying by using the Wildcard Filter discussed above.
  Select the appropriate file (security_master_folder.htm). This window will allow you to replace the file in the version_902 project unfortunately, it will also allow you to replace the updated file with the older one. Be Careful Here.
  You can also View Differences from this window by clicking the View Differences link.
  Click the Replace button in the $/version_902 pane.
  You will get a confirmation dialog. Before clicking OK, take the time to read the question. This is your opportunity to catch potential mistakes!
  You will then get the Reconcile Checkout dialog.
  Be sure Perform the action directly on the Server is checked, click OK.
  You see that the Difference Reconciliator window now indicates No changes to merge from %version_903/rewindows/security_master_folder.htm in the $version_902 pane.
  Close the window.
  Check the Destination Folder
  In the source control window go to the destination branch and check the project. You can see in this shot that the security_master_folder.htm file now shows the date it was replaced, and that the server version is now different from your local version.
  Working from the Destination Folder
  If you had chosen the destination folder and select Reconcile Changes, the same window would have opened but with different options.
  Here you would have selected the second option to reconcile into $/version_902.
  You can do it either way, just pay careful attention to the options. The rest of the process is the same.

• Security constraint in Web.xml of tomcat

  Hi
  I have a web-application running on tomcat . Inside the context folder i have several directories having some pre-defined configuration files . But the user is able to directly access them by typing the path including the fileName in the URL ( I have disabled the listings property however)
  How can i prevent accessing the specific files .... I tried using
  <security-constraint>
  <display-name>Security constarint</display-name>
  <web-resource-collection>
  <web-resource-name>Java Application</web-resource-name>
  <url-pattern>/folder/*</url-pattern>
  <auth-constraint>
  <role-name>tomcat</role-name>
  </auth-constraint>
  </web-resource-collection>
  <auth-constraint>
  <role-name>tomcat</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>OnJava Application</realm-name>
  </login-config>
  This seems to be working fine , but when the user enters the wrong security info thrice , 401 error page is coming instead i want my custom page . Hence i configured an error page for 401 code which overwrited the earlier behavaiour ie.. that BASIC authentication popup is not coming
  Can any one let me know how to go about this

  Hi ,
  I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Declarative Security Test</web-resource-name>
  <url-pattern>/SuperServlet</url-pattern>
  <url-pattern>/*</url-pattern>
  <http-method>post</http-method>
  <http-method>get</http-method>
  </web-resource-collection>
  <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
  <auth-constraint>
  <role-name>guest</role-name>
  <role-name>member</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>guest</role-name>
  <role-name>member</role-name>
  </security-role>
  The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help.