Query By Example and security issues

Similar Messages

• Query By Example and LOV

  Hi all,
  I need to do query by example and let the user choose from the LOV before executing the query. I want the user to click on the button that will make the form enter the query mode and then lauch the LOV automatically. I tried to make LOV automatic display on but it would result the LOV to be display again after I execute the query.
  Thanks in advance for your help.

  Write a trigger that openes the LOV using show_lov builtin.
  Then use the value that is returned in a set_block_property('block',DEFAULT_WHERE...)
  builtin. and then issue an execute_query.
  you then don't need to go into enter query mode.
  (If you return the LOV value to a field you might want to clear the block before you execute query or you'll get asked to save your changes.

• Query by example and outer join supported?

  Does TopLink support outer joins when using query by example and cursored streams? I am having problems getting this to work. It seems to completely ignore the requested outer join.
  I have tried several variations of what is below, but have never seen TopLink generate the outer join. This is against Oracle 9i on TopLink 9.0.4.5.
  Customer 1->1 Address (using valueholder indirection)
  ReadAllQuery q = new ReadAllQuery();
  q.setReferenceClass(Customer.class);
  QueryByExamplePolicy policy = new QueryByExamplePolicy();
  policy.addSpecialOperation(String.class, "like");
  q.setQueryByExamplePolicy(policy);
  ExpressionBuilder builder = q.getExpressionBuilder();
  Expression addressExp = builder.getAllowingNull("address");
  q.addJoinedAttribute(addressExp);
  q.addOrdering(addressExp.get("city").ascending());
  q.useCursoredStream(end-start, end-start);
  q.setExampleObject(exampleCustomer);
  CursoredStream stream = (CursoredStream)s.executeQuery(q);
  ...iterate through the stream...
  Note, that the database level relationship is expressed through a target foreign key.
  (     addressMapping.addTargetForeignKeyFieldName("ADDRESS.CUSTOMER_ID", "CUSTOMER.CUSTOMER_ID");)
  Any help would be appreciated.
  Thanks,
  Kevin

  Kevin,
  I spoke too soon. All you need to do is use the getAllowingNull in the ordering expression and not use the addJoinedAttribute. With this you can use query-by-example with additional outer-joined ordering.
  Here is an example based on the Employee demo:
  ReadAllQuery raq = new ReadAllQuery(Employee.class);
  ExpressionBuilder eb = raq.getExpressionBuilder();
  raq.addOrdering(eb.getAllowingNull("address").get("city").ascending());
  Employee exampleEmp = new Employee();
  exampleEmp.setLastName("%");
  // My default constructor populates the period so I'll null them so
  // they are not included in the selection criteria of the example object
  exampleEmp.getPeriod().setStartDate(null);
  exampleEmp.getPeriod().setEndDate(null);
  QueryByExamplePolicy policy = new QueryByExamplePolicy();
  policy.addSpecialOperation(String.class, "like");
  raq.setQueryByExamplePolicy(policy);
  raq.setExampleObject(exampleEmp);
  List emps = (List) session.executeQuery(raq);
  I hope this helps,
  Doug

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.

• DB Link working method and security issue.

  Hi All,
  I need some clarification how db link works.
  If I am having DB link and done some DML operations. After that I have done some DML opearation on the local database. I haven't commited the data yet. Then DB Link goes down. What will happen?
  In my case from local database if i am issuing
  select * from emp@iasdb
  then it shows updated data.
  If i am connecting to target database then it shows non updated data. How it is possible?
  What happen when DB Link goes down? Which database (taget / local) will keep lock of tables / rows I am updating?
  Tom can you please help me.
  Regards,
  Pritesh.

  If i am connecting to target database then it shows non updated data. How it is possible?Changes are visible only to the session doing the changes (until saved). Works even if the changes are across databases.
  If remote DB goes down, this is what you get on local DB:
  commit
  ERROR at line 1:
  ORA-02054: transaction 6.34.41922 in-doubt
  ORA-02068: following severe error from REMOTE_DB
  ORA-12152: TNS:unable to send break messageand if you now try to access the objects that were updated by above in-doubt transaction, you get this:
  select * from t
  ERROR at line 1:
  ORA-01591: lock held by in-doubt distributed transaction 6.34.41922ORA-01591 lock held by in-doubt distributed transaction string
  Cause: An attempt was made to access resource that is locked by a dead two-phase commit transaction that is in prepared state.
  Action: The database administrator should query the PENDING_TRANS$ and related tables, and attempt to repair network connection(s) to coordinator and commit point. If timely repair is not possible, the database administrator should contact the database administrator at the commit point if known or the end user for correct outcome, or use heuristic default if given to issue a heuristic COMMIT or ABORT command to finalize the local portion of the distributed transaction.

• Journaling and Security Issues

  I am adding a 750GB external HD to my system as a scratch disc and as a backup for my files. I plan to use PGP to protect sensitive data on the drive. If I enable journaling, won't this create a copy of the data that is not protected? Is it best to keep journaling off to protect sensitive files?
  And, if journaling is enabled, how large is the journal and how long does the data remain in the journal? Is there any way to wipe that data after a while or is it constantly replaced with new data?
  Finally, is it more likely that a drive will fail without journaling turned on as implied by some of the Apple documentation?
  Thanks for your input.

  Depending on what program you are using, in most cases the performance will be better leaving the scratch space on the internal drive.
  That's not quite how Journaling works. It's not a backup of files but rather a log of changes made to the volume directory. This is how Apple explains it: http://docs.info.apple.com/article.html?artnum=107249
  No. Journaling shouldn't have any affect on a drives physical attributes but it does help prevent directory corruption.
  Now Time Machine on the other hand does pose a security issue.
  George

• Dynamic List and Security Issue

  Hi
  I have a Dynamic List Wizard for orders, which the user can click on edit to edit or modify the order and if the user choose "Yes" to submit ( the order form has a submit filed which has Yes / No Values)then the EDIT button disappear and the user has no more control on the record(using show if conditional Region server behavior).
  - Now i noticed that when i click on the edit the address bar includes the (www.mysite.com/form.php?order_id=1) now say the order Number 2 is already submitted (still on the list but no Edit button for it) if i write 3 or 4 or any other number instead of 1 at the address bar (www.mysite.com/form.php?order_id=3) the record which has the order number 3 displays on the screen and then you can edit it and when click update the Edit Button becomes Active which destroy the whole concept.
  so, how to fix that?

  Hi Lorie,
  Taking it a step further
  interesting that you´re mentioning this -- because I was just in the middle of finding a workaround for the very same issue ;-)
  I actually did find a pretty easy solution, which basically goes like this:
  1) wrap the whole table *plus* any possibly added hidden fields located below this table in a "Show IF conditional region" behaviour -- but make sure to *not* include the buttons within the "KT_bottombuttons" div in here.
  2) as I assume that your "supplier_name" column holds a numeric value which equals the user´s "kt_login_id" Session Variable (which it should !), define the following conditions for the "Show IF conditional region" behaviour:
  Expression 1: choose "supplier_name" from the tNG recordset
  Condition: ==
  Expression 2: choose Session -> kt_login_id
  3) tick the Has ELSE option
  4) confirm with OK
  5) replace the default "has Else" message with something meaningful like "you can´t edit this record !"
  Switching to Code view and navigating to the very start of your "Show IF conditional region" should display something like this:
  if (@$row_rsqueryname['supplier_name'] == @$_SESSION['kt_login_id']) {
  When viewing the modified Dynamic Form in a browser, you´ll note that this solution will indeed display the form instances for all "authorized" records, whereas those form instances which don´t match the required credentials will be replaced with that "has else" message.
  BUT !! This solution has one major drawback which I haven´t been able to resolve yet :: when the Dynamic Form goes into Insert Record mode
  (means when you click the "add new" link in the Dynamic List), all inner form instances will display that "has else" message.
  The only workaround I currently can come up with is to have the List´s "add new" link point to a separate "add_new.php" page that´s going to insert a single record.
  Cheers,
  Günter Schenk
  Adobe Community Expert, Dreamweaver

• 802.1x multipoint authenticator and security issue

  Hi everybody
  Let say we have following set up:
  host1
  host2   ) ----------------hub------ f1/0-switch( authenticator)-------------------------Radius server.
  host3
  The switch is configured as follows.
  Switch(config)#interface FastEthernet 1/0
  Switch(config-if)#dot1x port-control auto
  Switch(config-if)#dot1x host-mode multi-host
  Let  say only host1 has valid credentials and the rest hosts i.e h2,h3 are  rogue hosts.  host1 sends authentication request and successfully  authenticated and switch transition its port to an authorized state.  But does it not mean  the other hosts h2 and h3 which were not  authenticated but yet are able to access network ?
  thanks and have a great weekend.

  This board is more for Wireless Security not LAN. but I would think it's because you are connecting through a hub instead of a switch. Hubs share the data, so when the switch gets the auth for the valid client it turns that port as it should.
  Now an invalid client connects and because the port is already thinking the client is valid, it passes all the traffic.
  Make sense?
  Steve
  Sent from Cisco Technical Support iPhone App

• Creating second user account on TC. No separate folder and security issues

  Hi,
  I've had my TC for some time, and after some start-up triuble all is working very nicely now.
  That is, until I wanted to set up the TC for my girlfriends backups too. On my mac, i created a user account for the TC, and i see two folders when i connect to the TC: "Timecapsule" and "MyAccountName". Now when i did the same on the other Macbook, i get only the "Timecapsule" account, not a folder (or sharepoint) with her account name. Also, I saw that as the sparsebundle files are on the 'main' sharepoint, it is possible to access both from both computers, wierd.
  Any thoughts on how I can use 1 TC for 2 computers with 2 sharepoints for both?
  So, on my own computer i would have a general folder and a personal folder, on the other the same...
  Help much appreciated!

  To clarify: When i connect to the TC, i mount two volumes, but on the other Macbook, I only get the main volume, not the specific user volume.

• JSP development and security issue

  I saw several "serious integrations" and also some postings
  here which are suggesting to put a jsp in /public_html directory...
  Be aware, that nothing will prevent a user from uploading
  a new jsp to this location and then executing it from a
  remotely client, which can seriously damage your system!

  Correction: I made an assumption that "/public_html"
  has (in the many cases) write access, since people are posting
  files in this public access directory...

• Security issues (ACLs)

  I'm still struggling with ACLs and security issues within iFS.
  We intend to use the iFS as document store. In order to eliminate redundancy no document will be stored twice within the document store.
  iFS Folders act as organizational units. Each department has got its folder as base for their part of the document store.
  Now I need to find a way, so that department a can place the same document in its own folder as department b (for example "link" it via WebUI) while being able to modify the ACL independently of department b.
  The last hint of an oracle guy (forgot the name) was to use agents to adjust the ACLs.
  Now that I've got this solution working I must see that this approach is no solution. It adjusts the ACLs whenever a document is added to a folder. This will delete the changes to the ACLs which were made by department a (assuming the folder belongs to department b).
  Merging two ACLs is not a trivial task (at least for me) and is also unwanted, since I have to remove changes of one department from the whole ACL when the document is removed from the Folder again (which is also an impossible task).
  Since I see no solution without several months of implementation work (adding link objects to iFS which represent a document within a Folder and control its ACL) I'm asking again for some advice.
  I am amazed that no other applications require this functionality. It is a common task to provide different views with different privileges onto the same set of data. Even database is able to do this. Why is iFS unable to do this ?
  Regards,
  Jens
  null

  <BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR>Originally posted by Alison Stokes:
  Your statement :
  "being able to modify the ACL independently of department b"
  indicates that you want to maintain two separate ACLs for a single document. This is currently not supported. To allow department a and b to each modify the access privileges to the document, they must share a single ACL. To allow the departments to both modify the ACL, you would grant both departments the 'Grant' permission in the ACL's access control list. Subsequently, they will be able to see and modify the access privileges granted to the members of the other department.
  We are currently considering enhancing the ACL model for a future release. You're input is valued greatly.
  <HR></BLOCKQUOTE>
  At least someone got my point. (seems to be a rather difficult topic to explain)
  Yes. I do not want two departments to able to modify each others ACLs.
  Whenever someone would delete an ACE or even Document of the other department (intentionally or by accident) my phone would asking me why the ACL has been modified without their knowledge. But I want to able to supply the same dokument to more than one department with a separate ACL for each department. (modifiable by the responsible person of the department)
  Regards,
  Jens
  null

• Query by example questions

  I have a couple questions. I have been using query by example and I really like it. What I want to do though I haven't seen, and i am new enough to toplink that i dont know the best way to do it.
  Say I have a table t with 1 column (name : varchar2)
  What I want to do is a query on name using the like operator (I know how to do this), what I dont know how to do is tell it to ignore case. So for example
  select * from t where upper(name) like 'BU%'; something to this effect.
  Any help greatly appreciated. If I cant do this with query by example which query method would you suggest?

  If you use a QueryByExamplePolicy, you should be able to specify to use likeIgnoreCase for String.
  i.e.
  queryByExamplePolicy.addSpecialOperation(String.class, "likeIgnoreCase");
  If you were using the Expression API this would be,
  builder.get("name").toUpperCase().like("BU%");
  or,
  builder.get("name").likeIgnoreCase("BU%");

• Security Issue - LDAP Authentication and supply of empty passwords

  Security Issue with OC4J and JAZN LDAP Realm
  Product Versions:
  OC4J 9.0.3
  Infrastructure 9.0.2.1
  When using form based authentication or basic authentication in a WebApp, OC4J authenticates any existing user that as a password defined with an empty password.
  Example: If you have a user with the username "user" and password "password". In the login of the WebApp if you supply only the username, OC4J authenticates the user.
  Notes:
  - If we supply a wrong password we are not authenticated
  - If we supply the correct password we are authenticated.
  To reproduce the problem, I have used Oracle callerInfo jazdemo, configured to used the JAZN LDAP Realm named sample_subrealm, that is installed with 9ias infrastructure
  Notes: If I use JAZN XML Realm everything works as expected.
  Bruno Antunes
  Java Software Engineer

  Jeremy - You'd have to use database authentication to achieve that. Create a DAD without specifying a username/password and change the app's current authentication scheme to DATABASE. Then users can login using their database account credentials. LDAP won't be used when you do this so you'll have to keep the database account passwords in sync with LDAP somehow if that's important.
  Scott

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• My account was deleted for security issues. I made a new account, but I can't syncronise my apps with this new account. I bought a new Iphone and would like to transfer the apps ans music on this new one. Can somebody help me?

  My account was deleted for security issues. I made a new account, but I can't syncronise my apps with this new account. I bought a new Iphone and would like to transfer the apps ans music on this new one. Can somebody help me?

  Why would you make a new account?  This will likely cause many problems.  Just get you old account enabled.
  Apple ID: "This Apple ID has been disabled for security reasons" alert appears
  Frequently Asked Questions About Apple ID
  Everything you purchased with the old account will always be tied to that account.  You will have to authorize the computer for that account and you will have to update the apps from that account.