Priviledges question

Similar Messages

• Question about Roles And priviledges

  I have designed my database and i have generated the ddl script. Now I want to design or somehow to create the system roles and system priviledges for every role.
  for example:
  CREATE ROLE DOCTOR;
  GRANT SELECT ON DOCTOR TO DOCTOR;
  So is there any way to do that from Enterprise manager or jdevelopper gui? Can I generate the dcl script somehow?

  aa8a14cf-4c39-4940-8315-e35d47cccb28 wrote:
  I know which roles and system privileges should be created. How am i gonna create them and generate the dcl script?
  You've been shown two variants on how to have "sql write sql" to create a script.  We assumed you know how to use sqlplus to run a script, and in this case to spool the output of the script we showed to create the script you want. (That was covered in my commend "I leave the details as an exercise for the student")
  Since you wanted a script we also assumed NOT using a GUI.  Live by the GUI, die by the GUI.
  But since it seems our assumptions were false ...
  Log on with sqlplus and do the following:
  set echo off feedback off verify off head off trimsp on tab off lines 512 pages 0
  spool doit.sql
  select 'grant '||privilege||' on '||owner||'.'||table_name||' to '|| role||';'  from ROLE_TAB_PRIVS WHERE ROLE='DOCTOR';
  spool off
  edit doit.sql
  After examining and doing a sanity check on 'doit.sql', you just execute it in sqlplus ..
  sql> @doit

• I have two questions and appreciate anyones help, First I can not seem to copy music from a legitimately purchased CD into my iTunes library or i pod, can anyone help me with this? it used to work. i have i pod touch and second-.

  Thank you for any help I appreciate it. Apple products came highly recomended to me, and I have been largely happy with my i phone, i pod, i pad mini and macbook. I admit I tunes always confused me, it is so hard to copy things back and forth from computer to device or vice versa. Most importantly my partner has given me a set of CD with audio books, legitimate CD's not burned copies, and I wish to play them on my i pod touch. I have donethis before with CD''s, however now I look i see all the songs and audio books from CD's have been removed from my device after synch with my itunes on my macbook??? and I can no longer cooy the new CDs on to there? i try put them in the library, and they show up but they are not in black printing like the other songs, they are a faded grey color. They play on the mac book in itunes, so i know they are THERE, they just wont go on my device??? What am I doing wrong and why did all my other ones turn to grey gaded text and go off my i pod.
  Furthermore, i thank anyone who takes time to help me, it isnt your job, it is apple's job, but they want me to pay forty bucks for the priviledge of contacting them for help because my warranty expired !! They obviously did something with a new update of their i tunes, there should be NO DIFFICULTY copying audio books i legally own the CD for onto my i pod, why is it so impossible? I have asked my father, my brother, my flat mate, no one can work it out, so its not just that im an idiot.
  People warned me that apple does things like this, makes stupid programs like i tunes, that make nothing but trouble so you have to pay to ask for help, and make it so you have to buy everything from their library not on CD. I woudl buy from them if they had the audio books and songs I wished to purchase but they don't always have what i want. And if they did why shoudl i pay AGAIN when i paid for the CD already , i paid for the I pod, i legally own them both so why can i not put my own music on there??? It makes me miss my simple MP3 player where i just plugged it to my computer and copy/paste. It really makes me wonder why when i POD is so much more expensive why its so much more trouble and you have to pay to ask for help??? I really have enjoyed my macbook (After being windows used all my life), i love my i pad and i phone, and until now i adored my i pod, but if it's not going to let me listen to my own music and audio files i may as well throw it in the trash and go get a mp3 player, and warn everyone I know.     If there IS a way to copy my own music to the device then WHY IS IT SO HARD?? Just to make people pay to ask for help or what?
  I am a loyal apple customer, All my devices are apple and until now i have been happy and willing to pay more for a good product. But i tunes is ridiculous! It's already synched things i didnt want synched and deleted things i didn twant deleted, and thats fine i told myself maybe im too dumb and dont get it. buT i've been trying all week and asked other peopel and still cant get this simple task done, and after purchasing their devices and recommending them to my friends, its a slap in the face to say they wont even let me ask a support question without paying forty bucks!  Thanks for nothing apple.
  A very unhappy customer-- not just that i cant pplay my music and audio books, but that i cant even contact anyone for help without paying after i purcahsed four different products off them in the two years!

  The sort fields should generally be empty unless you've putting in custom values to sort solo artists by their surnames. You can apply common changes to thousands of tracks at once, just don't apply the wrong change because there is no undo.
  It is a good idea to backup before undertaking large scale changes. See this backup tip for a suggested approach.
  tt2
  Message was edited by: turingtest2

• Few Questions on OBIEE Architecture

  This is just a continuation of this thread:
  Confused on BI Publisher and BI Presentation Services
  So just want to know how the whole process takes place, from RPD, XDO, NSQconfig..
  So from Step 1 =)
  From what I understand as of now is I need to go to Administration Tool, create first a repository? Then go to BI Presentation Services to create reports ( using Answers )? When does the user creation comes into place? What is the purpose of BI Publisher? I've already setup a few things on BI Publisher like User, Roles, etc. but still not on the part of creating a report. Sorry If I ask too many questions, I'm just trying to understand what's the relationship of each tool. I've checked the docs and mostly they're just diving into modifying configs without really explaining why. ( at least that's how I saw it ) =)
  Thank you very much again!

  Wow - where do we start !
  Remember they are two seperate products, OBIEE and its related configs / components (RPD, BI Server, BI Presentation services - Answers, Dashboards, ibots etc)
  BI Publisher, formerley XML Publisher, sucessor to Oracle Reports.
  They fall under the Oracle BI Stack.
  Loads of info on our website, link in the previous post you mentioned.
  'Roles' in OBIEE can determine - Authorisation ie what you can do in the sytem or "Priviledges". What objects (reports / dashboards) you can use and can also be used for data security filters (Like a OBIEE 'virtual private database' version of the real Oracle DB option 'VPD')
  Roles in BI Publsher typically can mean the same, who can create folders, who can create reports, who can run them , who can create data sources etc. Sometimes you have to use a system specific role name, sometimes you can create your own names and reference them as you please (BIP roles are typically one of a pre-defined set, OBIEE roles can be called whatever you want)
  Sounds hard at first and without prior experience but seriously, there are some very very good blogs out there, as mentioned in previous response, we also have a lot of info on our website (Peakindicators.com)
  Feel free to email me.

• I'm am trying to upgrade to the newest ITunes version.  Whenever I try to do anything like this I get the following message "The installer has insufficient priviledges to access this directory...."  Can anyone help?  Thanks

  I am trying to download the newest version of ITunes.  When I try the download, it starts and after a bit the following message appears "The installer has insufficient priviledges to access this directory: C:\ProgramData\Microsoft\Start\Menu\Programs\ITunes The installation can not continue...."
  Can someone please help?
  Thanks,
  I'm Always Confused

  B Noir --
  I can't tell you how much I appreciate your taking the time to help me with this problem.  I'm doing a healing technician training class at my church, and have most of my study material on my ipod.  It cashed this weekend which hindered my preparation for my class tomorrow night.  I went to the local "Apple Store" late last night and they could get me up and running.   They suggested that I call the APL CARD line which I did today, but they gave me a nice run around seccession, and did nothing.  Then I was lead to "Google" my question, which eventually lead me to the "Apple" site.  Praise the LORD for your help and may you be richly blessed with multiplied blessings in all that you put your hands to do.  May you receive a great harvest.  As far as I'm concerned you were used by the LORD, and are the real genius!!!
  Thanks
  JimTalbot7

• Open Directory and LDAP questions/difficulties

  Hi, my company is about to try out OSX Server to replace our old Irix file server. In order to do this we need to run through a number of tests in order to validate the idea. Basically, the test setup is a PM G5 running OSX Server 10.4 and a connected Mac and/or PC on the G5's second ethernet port as test clients. The first ethernet port is connected to the local subnet (192.168.1.x) and, ideally, the OSX Server should have its own subnet on the second port and serve DHCP, AFP and SMB to that port only, along with an OD shared directory providing both authentication and home directories for users. (later on, if all is successful, it will serve those services on the company subnet). DNS is supplied by a separate server on the subnet (DNS caching server running tinydns)
  I've read my way through the OSX Server documentation, and gathered all the information the Worksheet requires. The problems started occuring because we installed OSX Server over an OSX Client and broke off the Server Assistent, because we were worried at the time that turning on a Windows PDC would collide with our current (and very flaky) Samba server running on the Irix machine, and that DHCP might also collide with our current dhcp server.
  As a consequence, we tried to set it up via the Server Admin Panel, Network Prefs, and the Workgroup Manager, after having connected the second ethernet port of the G5.
  Doing this, and setting the OD service to an OD Master, along with a Search base of dc=hostname, dc=domain, dc=tld has not exactly changed much. The problem is that the info panel says that LDAP is not running. This confuses me no end. I thought OD was based upon LDAP. The server name in the Server Admin panel is hostname.local. And now I get to my real questions (finally):
  1.Would it be better to just wipe the machine and start again using the Assistent, and set up the ODMaster that way?
  2.When is an ODMaster not a local directory and when is it a shared directory (the hostname.local worries me)
  3.What services exactly need to be running for the ODMaster to function properly
  3.How do I configure the local subnet on the second port (should I use the Gateway Assistent or do it by hand), and how do I only serve those services to that port (do I do it by setting the router/gateway for those services as the IP of the second port or as localhost).
  4.Do I need to simply enable LDAPv3 on the clients and set the search path to automatic to get the clients to Autheticate?
  5.Do user and groups added to the hostname.local become part of the OD Domain?
  I'm sorry if I come across as a total newbie. I'm used to doing most of this on the commandline in Linux (except for LDAP, which is new to me), and the GUI. I have managed to entangle myself quite nicely in all this and could really use some pointers.
  Thanks in advance
  Theo.
  PowerBook G4   Mac OS X (10.4.7)  

  1. Starting with a freshly installed OS X Server is recommended, but start no services at first, you need working DNS with reverse zone for the server IP to run OD Master (and other services). If the server domain is to be different from the existing network domain name setup DNS in OS X for the test domain.
  2. I'm not sure I understand the question. LDAP/OD can be used on the server to "house" the user accounts but you don't have to bind computers to it.
  If you don't use the more advanced possibilities with LDAP/OD I don't think the clients even need to have LDAP configured to be able to authenticate.
  hostname.local = hostname and the standard Bonjour domainname .local ?
  3a. DNS, so that reverse lookup works for the hostname before setting up OD Master. OD needs a "true" domainname Bonjour isn't sufficient. Setup/use something like mydomain.private.
  3b. You don't need to do NAT, you can also route between two subnets (you would need a static route in your Internet router too).
  If you want NAT you can use the GW assistant. The interface on the top of the list in Network config (where you can add more/alias interfaces) is the "main" interface used as the "WAN"/"Internet" interface.
  4. If the clients are "standalone" (not bound to the OD domain or not using server based homefolders and such) I think you only need LDAP if you want the clients to be able to search for info in OD/LDAP. Not needed for authentication.
  You can send out LDAP info with DHCP.
  5. If you mean you add/enter users and groups to OD/LDAP directory it just means you can have different servers/clients using a central repository(?) for authentication purposes.
  If you add (bind) machines to the domain you can to control what clients can do locally (priviledges), which applications they can run and so forth.
  In /etc/smb.conf you can say which interface to use för samba (don't remember what to enter though). And if using the firewall (you must if you want NAT) you can stop Bonjour (mDNS - multicasts) from entering the "old" network if you like/need.

• Two Federation Questions

  Hey experts,
  I have my federation working with a producer and consumer but I'm having some permission problems I think:
  1) In my consumer I can't see any roles in UserAdmin when selecting Role, "my Producer", and * in the search criteria fields even though I have a role there. However if I give j2ee_guest in "my producer" the super_admin_role priviledges then I see a ton of roles.
  2) In my consumer under Content Admin | Portal Content | Netweaver Content Producers | "my Producer" I can see the entire Portal Content tree. Shouldn't I only be able to see the PCD directory that I established in:
  Syss Admin | Sys Config | Service Configuration | com.sap.portal.ivs.wsrpservice | AutoGenProcuder1_0 service?
  Any help is appreciated.
  Mike

  Jo,
  Netweaver 7.0 sp18
  my question: 1) In my consumer I can't see any roles in UserAdmin when selecting Role, "my Producer", and * in the search criteria fields even though I have a role there. However if I give j2ee_guest in "my producer" the super_admin_role priviledges then I see a ton of roles.
  elaboration:
  a) In the consumer portal going to User Administration | Identity Management | Search Criteria using in the dropdown: Role, "my Producer", * result => I can not see any roles from the producer.
  b) If I go to my producer portal and modify the user j2ee_guest and give him the super_admin_role then when following a) above result => I can see roles in the producer
  my question: 2) In my consumer under Content Admin | Portal Content | Netweaver Content Producers | "my Producer" I can see the entire Portal Content tree. Shouldn't I only be able to see the PCD directory that I established in:
  Sys Admin | Sys Config | Service Configuration | com.sap.portal.ivs.wsrpservice | AutoGenProcuder1_0 service?
  elaboration: In the service AutoGenProcuder1_0 service it explicitly asks for a PCD directory called "content_root_folder" that I presume is the pcd directory structure that is to be federated. So, I have defined there a directory structure lower in the portal_content tree, i.e. I have not just defined "portal_content" there but "portal_content/blah ... /blah .... /blah ...."
  I hope that helps explain.
  Mike

• Basic Security & form printing questions.

  Hi, I am not an Oracle Forms developer yet, just gathering info, but I have 2 probably simple questions for you forms experts out there that maybe you can help me with.
  Lets say that this new application will have 10 users and I create a main menu with 5 categories. Can forms allow me to give 4 users read/viewable rights to, lets say 3 categories,instead of all 5 categories? Bsically I just need to know if it offers some kind of security that I can create for each individual user.
  The next question is if I create 10 forms that is supposed to 'retrieve' data, but I need to also have these 10 forms print out 'without' the data. Do I need to create 20 forms, or is 10 sufficient and oracle would allow me to print the forms out either with or without data.
  Thank you in advance
  null

  There is menu-level security, meaning that only users that have certain roles may execute certain menu choices.
  There's no special security at form level, apart from the database level security.
  If a database user does not have insert, update & delete priviledges on a datablock in the form (but has the select priviledge), then, he won't be able to change the data in that block using the form, and if he'd try to, he'd get an error when trying to commit the changes.
  Well, you may use set_block_property(your_block, update_allowed, property_true) or set_block_property(your_block, update_allowed, property_true) in the when new-form-instance trigger to make the form behave as you will when opened by a given database user.

• Some basic questions about JAAS

  I am confused about the general use of the JAAS mechanism in Java. Hopefully someone can answer these hopefully not too naive questions:
  1. Does it ever make sense to use java.net.Authenticator instead of JAAS?
  2. JAAS allows the definition of an assumedly text based Configuration file that instructs the LoginContext how to stack various login mechanisms on top of each other. Wouldn't this be easily hacked by the user, where one would only need to edit this known file and remove the authentication requirement(s)?
  3. I am confused about the utility of the Subject.doAs... priviledged security actions. Specifically, does this absolutely prevent a hacker from running the program in a debugger and running certain bytecode? I have read the tutorial section on what Subject.doAs... provides, but does this stop a hacker from obtaining the PrivilegedAction object (or code inside it) and somehow executing that code in a debugger or in a custom jar?
  Thank You,
  Eric

  I'll follow up to my own post with two more questions:
  4. The app I'm targeting here is a JavaWebStart client, that connects to a remote server app. Assuming I use JAAS on the client, do I also use it on the server to re-check the client-login (to prevent a hacker from circumventing the client-side JAAS authentication checks)?
  5. If I use JAAS for authorization in a JavaWebStart app, but I need the JNLP to include the following:
  <security>
  <all-permissions/>
  </security>
  Does this completely circumvent any authorization checks I need to do using JAAS, seeing as I'm already granting all-permissions to the Java security module?

• ExpressInstall Questions

  I have a 2 questions about the ExpressInstall feature
  available in the
  Flash Player Detection Kit located at:
  http://www.adobe.com/products/flashplayer/download/detection_kit/
  First Question:
  What is the lowest version of a published Flash file that
  this requires?
  I didn't see any mention of that in the documentation or
  perhaps I
  missed it.
  Second Question:
  I develop educational games and much of our target audience
  views our
  content at schools where the computers aren't always the
  latest and
  greatest and may not have the priviledges that a normal user
  may have in
  terms of administering the system. The ExpressInstall feature
  basically
  downloads the current version of Flash and then executes that
  file which
  then instructs the user to close the browser so that the
  installation
  can continue. But if the user does not have enough
  priviledges to
  install the updated player the ExpressInstall is of no use to
  them and
  will continue to request that upgrade the flash.
  That being the case, would it be better to always just do a
  JavaScript
  Flash Player Detection instead? Or do you guys feel they are
  one in the
  same. I don't feel they are since one will try the install if
  told to;
  whereas the other is simply an informative message letting
  them know
  they need to upgrade.
  Thanx,
  ~Anil

  from the wired computer , access the router using http://192.168.1.1 . the default password is admin
  on the router ui , click on the "wireless" tab , change the ssid - any non-linksys name , channel - 11 , ssid broadcast - enabled
  go to the "wireless security" subtab .. change the security mode to WEP - 64 bits , default transmit key - 1 , enter a 10 digit hexadecimal number in the WEP key 1 field , passphrase - empty
  under the "advanced wireless settings" , change the beacon interval - 50 , Fragmentation threshold - 2304 , RTS threshold - 2307

• Checking user priviledges

  what's the query to check some user priviledges?

  Arif, your question is a little vague. Try the following article to find information related to user object privileges and to user system privileges:
  How do I find out which users have the rights, or privileges, to access a given object ? http://www.jlcomp.demon.co.uk/faq/privileges.html
  HTH -- Mark D Powell --

• Question about AUTOTRACE, SP2-0618 and SP2-0611

  Good morning,
  I wanted to look at the execution plan(s) for some sample queries. I did a little research using Google, found out about autotrace, plan_table, plustrace role and utlxplan. I followed the instructions I found but the result isn't quite as expected.
  Here is an output of a freshly started session:
  0 01:50 [SS1TB Attic-Z] [5G] [750M] Z:\Documentation\Oracle\
  Oracle Concepts\Scripts>sqlplus hr/abc123
  SQL*Plus: Release 11.2.0.1.0 Production on Sun Aug 8 01:50:16 2010
  Copyright (c) 1982, 2010, Oracle.  All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> select count(*) from plan_table;
    COUNT(*)
           2
  SQL> set autotrace on
  SP2-0618: Cannot find the Session Identifier.  Check PLUSTRACE role is enabled
  SP2-0611: Error enabling STATISTICS report
  SQL> select count(*) from plan_table;
    COUNT(*)
           2
  Execution Plan
  Plan hash value: 3662021055
  | Id  | Operation          | Name       | Rows  | Cost (%CPU)| Time     |
  |   0 | SELECT STATEMENT   |            |     1 |     3   (0)| 00:00:01 |
  |   1 |  SORT AGGREGATE    |            |     1 |            |          |
  |   2 |   TABLE ACCESS FULL| PLAN_TABLE |     2 |     3   (0)| 00:00:01 |
  Note
     - dynamic sampling used for this statement (level=2)
  SQL>1. the first select is there to ensure I have a plan_table, that checks.
  2. When I set autotrace on, I get SP2-0618 and SP2-0611 for reasons that I cannot figure out.
  3. the second select is there to find out if the autotrace in step 2 had any effect. It did since now the explain plan is displayed.
  The question is: if it is working (as step 3 demonstrates) then why I am getting those errors in step 2 ? and what do I have to do to not get those errors anymore ?
  Thank you (again!) for your help,
  John.
  Note: I created the plustrace role, granted it select on v_$sesstat, v_$statname, v_$session, then I granted plustrace to hr. Was there something else needed ?

  Hi John,
  It looks like that, for PLUSTRACE it is important for the user to be logged out when the role is granted otherwise, it looks like there is a part of the process that doesn't "stick".That's not just with the PLustrace role. Any role would be working when the next time the user is going to log in. Please see below where using two sessions, I shall grant a user some privs and would see whether its working for the user or not.
  *Session1BANNER
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  PL/SQL Release 11.2.0.1.0 - Production
  CORE    11.2.0.1.0      Production
  TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production
  SQL> create user john identified by john;
  User created.
  SQL> grant connect to john;
  Grant succeeded.
  SQL> create role dangerous ;
  Role created.
  SQL> grant drop any table,create any index to dangerous;
  Grant succeeded.
  SQL> conn john/john
  Connected.
  SQL> select * from session_privs;
  PRIVILEGE
  CREATE SESSIONSo far, what I did that I created a user John, granted him a direct priviledge. There is a role also that's prepared and would be granted to the user while still he being connected. See below, this is the second session,
  SQL*Plus: Release 11.2.0.1.0 Production on Sun Aug 8 15:33:09 2010
  Copyright (c) 1982, 2010, Oracle.  All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> grant dangerous to john;
  Grant succeeded.I would check the available permissions for the user in the session. This command was entered in the first session where the user john was already connected.
  SQL> /
  PRIVILEGE
  CREATE SESSIONYou can see that there is no change in the session privs. Now, let's disconnect and connect again,
  SQL> disconn
  Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> conn john/john
  Connected.
  SQL> select * from session_privs;
  PRIVILEGE
  CREATE SESSION
  DROP ANY TABLE
  CREATE ANY INDEXAll he privs are active now for the user.
  Now, the privs in the role, if would be updated, would be reflecting right away in the user's currently connected session. I added one more priv to the role in the 2nd session and it was coming in the 1st session, see below please,
  session-2
  SQL> grant alter any table to dangerous;
  Grant succeeded.
  SQL>
  session-1
  SQL> /
  PRIVILEGE
  CREATE SESSION
  ALTER ANY TABLE
  DROP ANY TABLE
  CREATE ANY INDEX
  SQL>I copied extra lines I guess, deleted them now.
  Aman....
  Edited by: Aman.... on Aug 8, 2010 3:56 PM

• Deployment and Deployer Role; a question

  Hi All,
  I have a question about the Deployer Role in WLS8.1/WLI8.1. I was playing around
  with this Deployer Role and created a user with it. This is in WLS8.1. what i
  was thinking was that this user (a deployer user) could be able to deploy/undeploy/redeploy
  applications .....which worked fine.....BUT this is what i have found to be incorrect
  since i want this my Deployer user to have the priviledge for deployments ONLY.
  The user that i created can also change JMS, JDBC connection pool settings .........which
  in my case is incorrect.
  can somebody please suggest some workaround for this .....i want my Deployer user
  to do ONLY deployment stuff and not ANYTHING ELSE(like JMS,JDBC stuff or etc).
  -steve

  1. The AM agent can return ldap attributes after authentication. What you can do is use Sun Directory Server Proxy to provide a virtual view of both LDAP and your DB to AM.
  2. Sun Role Manager is a tool for role mining and attestation, ie it helps with compliancy verifications which is required by many businesses these days. Sun Identity Manager does not need Sun Role Manager if you just want to provision roles for your users, however, as it appears to be the case in your envirionment, the roles created by IDM are exported to SRM for compliance verifications.

• Really basic question: why?

  Why does Java Web Start exist?
  If you want a Java application to run in a browser, isn't easier just to write an applet?

  This sounds good, but it looks to me like Java Web
  Start really doesn't deliver on its promise.It has some issues that are left to be resolved (download of a special JRE seems not to work, some proxy related madness, some stuff involving admin priviledges is not easy..) but in general it is much easier to use than the bl**dy browser plug ins.
  I believe it is the easiest method to deploy Java apps over the web.
  got to install a JRE and JWS in a completely separate
  process, and if something causes the client-side
  configuration to change, it fails.It comes down to one install (JWS which includes the JRE or the new 1.4 JDK/JRE, which includes JWS).
  I still can't it to install correctly, and can't get the demos to run. What system, what problem?
  For my application, running in a browser is ok. I've
  seen some articles that suggest that you can get out
  of the sandbox with a signed applet, although a brief
  look suggests that the procedure for installing a
  certificate is a headache.You sign the jars (one command line call) and your users have to click "yes, I accept" one time - this is not too much asked.
  So the question remains: why use JWS, given that
  installation is more difficult than for an applet?You can do real apps (not bound to the browser windows) and you can deploy different versions (updating is easy).
  All in all this is a developing technology, which is already very useful.
  Regards,
  Marc

• Several Questions Regarding Educational Versions of Software

  Alright, I have several questions regarding eduational software from Adobe.  I will be attending school in the near future (now I am not enrolled in any type of school) and I notice that Adobe has huge discounts on 'educational software'.
  What exactly is the difference between the 'retail' version of a program and an educational version?  Do you need some sort of student ID to activate an educational version, or proof that you're in school, or anything special like that?  I've noticed people selling unopened educational versions on eBay and from what I hear there are no differences between the software, but this makes me wonder... why the price difference?
  Also, I plan on buying another Mac in the near future - probably for school.  My second questions is - with this software (educational), can I put the programs on both my Desktop and my Laptop, or will they only work registered to one person on one computer?  I've heard from people that serial numbers can only be activated so many times.
  Final question.  My hard drive recently crashed, and I lost a good bit of stuff and had to re-install everything.  If this would happen again, can I re-install all of the Adobe programs to a new hard drive?  Or am I going to encounter the whole 'serial numbers can only be activated so many times' thing?
  Okay.  I think that about does it.  Any input would be great.  Thanks.
  -Mike

  In terms of contents, there is normally no real difference between the retail and educational/student editions. There may be some extra fonts or clipart in the retail version, but this varies from release to release and from product to product.
  You must qualify to purchase an educational/student version. Such qualifications are listed on Adobe's website. Normally you must provide proof of such qualification to whoever sells such software licenses to you. You cannot buy now on the basis that you will be a student in the future. You must have the student status at the time of the purchase.
  Unlike retail versions, educational/student versions of Adobe software are not transferable. Sales of such "unopened" software on eBay should be regarded with suspicion. Authorized Adobe resellers do not offer software sales on eBay. The software is either stolen, used (but repackaged), or pirated.
  Most Adobe software, including the Creative Suite software, may be simultaneously activated on up to two computers owned and used by only one individual. The second computer is typically a mobile computer if the first computer is a home computer for students. For retail, typically the first computer is one's office computer and the second computer is a mobile or home computer. The computers are not to be running the software simultaneously. And no, two students can't share a single copy on two separate computers.
  The software may be activated and deactivated but after 20 or so such cycles, you will need to call Adobe and explain what's going on to obtain any additional such cycles. If you are activated on two systems and a disk drive or computer blows out and you need to reinstall the software without having had the ability to deactivate on the blown system, Adobe's activation support group will normally grant you an extra activation, assuming that you don't have a record of abusing the priviledge (such as claiming your disk drive crashes once a month!).
          - Dov