Question about code-signing

Similar Messages

• Question about Single Sign On

  Hi Gurus!
  I have a question about the following scenario:
  The login in EP6 is with the NT User (adriano.oliveira), but to access the SAP applications I need to use another User (aoliveira - the size of the NT User is bigger than SAP User length).
  I know this works with user mapping, but the problem is that each user will need to configure his mapping (5000 users). Then I think the option is to use the SAP Logon tickets.
  My doubt is: Is it possible to validate a user id at login (in the EP6 SP10) and generate the client certificate with another user id???
  Important: In the AD (Active Directory), for each NT User id, there is a field with the SAP User id. I could use this field...
  Thanks for any help.
  Regards,
  Adriano

  Adrianao,
  You can maintain reference SAP Server.
  http://help.sap.com/saphelp_nw04/helpdata/en/ed/845896b89711d5993900508b6b8b11/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0b/d82c4142aef623e10000000a155106/content.htm
  Hope this helps,
  thanks,
  Praveen

• Simple question about code

  Hello, I am beginning with SQL again after a long break and am having a niggling problem with the following code. What is going wrong? Thanks, Jonathon Sunny
  CREATE
  TABLE CHILDREN
  CHILD_ID
  INT NOT
  NULL PRIMARY KEY,
  FNAME
  VARCHAR(24)
  NOT NULL,
  LNAME
  VARCHAR(24)
  NOT NULL,
  PHONE
  CHAR(12)
  NOT NULL,
  CHECK (PHONE
  LIKE '(0[0-9][0-9])[0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]'),
  CHILDGRADE
  VARCHAR(8)
  NOT NULL,
  CHECK (CHILDGRADE
  LIKE 'BEGINNER'
  OR 'NOVICE' OR
  'SKILLED' OR
  'EXPERT'))
  CREATE
  TABLE INSTRUCTORS
  STAFF_NO
  INT NOT
  NULL PRIMARY KEY,
  FNAME
  VARCHAR(24)
  NOT NULL,
  LNAME
  VARCHAR(24)
  NOT NULL,
  PHONE
  CHAR(13)
  NOT NULL,
  CHECK (PHONE
  LIKE '(0[0-9][0-9])[0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]'))
  CREATE
  TABLE LESSONS
  LESSON_ID
  INT NOT
  NULL PRIMARY KEY,
  DAY
  DATE NOT
  NULL,
  TIME
  TIME NOT
  NULL,
  LESSONGRADE
  VARCHAR(8)
  NOT NULL,
  CHECK (LESSONGRADE
  LIKE 'BEGINNER'
  OR 'NOVICE' OR
  'SKILLED' OR
  'EXPERT'))
  CREATE
  TABLE QUALIFICATION
  QUAL_NAME
  VARCHAR(24)
  NOT NULL
  PRIMARY KEY,
  DATE_AWARDED
  DATE NOT
  NULL,
  INSTITUTIONNAME
  VARCHAR(24)
  NOT NULL)
  CREATE
  TABLE BOOK
  FOREIGN
  KEY (CHILD_ID,
  LESSON_ID))
  CREATE
  TABLE TEACH
  FOREIGN
  KEY (LESSON_ID,
  STAFF_ID))
  CREATE
  TABLE AWARDED
  FOREIGN
  KEY (STAFF_ID,
  QUAL_NAME))

  Bellow is the right one:
  CREATE TABLE CHILDREN (
  CHILD_ID INT NOT NULL PRIMARY KEY,
  FNAME VARCHAR(24) NOT NULL,
  LNAME VARCHAR(24) NOT NULL,
  PHONE CHAR(12) NOT NULL,
  CHECK (PHONE LIKE '(0[0-9][0-9])[0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]'),
  CHILDGRADE VARCHAR(8) NOT NULL,
  CHECK (CHILDGRADE = 'BEGINNER' OR CHILDGRADE = 'NOVICE' OR CHILDGRADE = 'SKILLED' OR CHILDGRADE = 'EXPERT'))
  CREATE TABLE INSTRUCTORS (
  STAFF_NO INT NOT NULL PRIMARY KEY,
  FNAME VARCHAR(24) NOT NULL,
  LNAME VARCHAR(24) NOT NULL,
  PHONE CHAR(13) NOT NULL,
  CHECK (PHONE LIKE '(0[0-9][0-9])[0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]'))
  CREATE TABLE LESSONS (
  LESSON_ID INT NOT NULL PRIMARY KEY,
  DAY DATE NOT NULL,
  TIME TIME NOT NULL,
  LESSONGRADE VARCHAR(8) NOT NULL,
  CHECK (LESSONGRADE = 'BEGINNER' OR LESSONGRADE = 'NOVICE' OR LESSONGRADE = 'SKILLED' OR LESSONGRADE = 'EXPERT'))
  CREATE TABLE QUALIFICATION (
  QUAL_NAME VARCHAR(24) NOT NULL PRIMARY KEY,
  DATE_AWARDED DATE NOT NULL,
  INSTITUTIONNAME VARCHAR(24) NOT NULL)
  CREATE TABLE BOOK (
  CHILD_ID INT NOT NULL,
  LESSON_ID INT NOT NULL
  FOREIGN KEY (CHILD_ID) REFERENCES CHILDREN(CHILD_ID),
  FOREIGN KEY (LESSON_ID) REFERENCES LESSONS(LESSON_ID))
  CREATE TABLE TEACH (
  LESSON_ID INT NOT NULL,
  STAFF_ID INT NOT NULL
  FOREIGN KEY (LESSON_ID) REFERENCES LESSONS(LESSON_ID),
  FOREIGN KEY (STAFF_ID) REFERENCES INSTRUCTORS(STAFF_NO))
  CREATE TABLE AWARDED (
  STAFF_ID INT NOT NULL,
  QUAL_NAME VARCHAR(24) NOT NULL
  FOREIGN KEY (STAFF_ID) REFERENCES INSTRUCTORS(STAFF_NO),
  FOREIGN KEY (QUAL_NAME) REFERENCES QUALIFICATION(QUAL_NAME))
  If this answers your question please mark as answer. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Question about code corner Example#33: How-to open a Bounded Task Flow in a new Browser Tab

  Hello All,
  I am implementing example #33 in code corner series Oracle ADF Code Corner</title><meta name="Title" content="Oracle ADF Code Corner"><me…
  Every thing is going fine, but there is a comment in the java code that I don't understand.
  public void onLaunchForEdit(ActionEvent actionEvent) {    
        //access the ADF binding layer and access the tree binding that
        //populates the table
          BindingContext bctx = BindingContext.getCurrent();
          BindingContainer bindings =
                                 bctx.getCurrentBindingsEntry();   
          //access the tree binding defined in the ADF binding layer
          JUCtrlHierBinding model =
                 (JUCtrlHierBinding) bindings.get("DepartmentsView1");
          //get the current selected row key from the iterator binding
          //referenced from the table binding (tree binding). Of course,
          //I could have used the iterator name directly in the binding
          //lookup, but looking up the tree binding instead allows to
          //change the tree binding iterator dependency to a later point
          //in time without breaking this functionality. Its all about
          //"weak" dependencies that give you flexibility when coding ADF
          String rwKeyString =
                 model.getDCIteratorBinding().getCurrentRowKeyString();
          launchWindow(rwKeyString);
  What does this comment mean?
           //but looking up the tree binding instead allows to
          //change the tree binding iterator dependency to a later point
          //in time without breaking this functionality. Its all about
          //"weak" dependencies that give you flexibility when coding ADF
  Is this a contrast to this line of code?
  JUCtrlHierBinding model =
                 (JUCtrlHierBinding) bindings.get("DepartmentsView1");
  I mean in this line of code we hard coded the tree binding name from the page Def? why getting the tree binding name is a best practice while getting the iterator name is not?

  What does this comment mean?
           //but looking up the tree binding instead allows to 
          //change the tree binding iterator dependency to a later point 
          //in time without breaking this functionality. Its all about 
          //"weak" dependencies that give you flexibility when coding ADF 
  Is this a contrast to this line of code?
  JUCtrlHierBinding model = 
                 (JUCtrlHierBinding) bindings.get("DepartmentsView1"); 
  Yes, it's exactly this line of code the comment is referring to. If you look at the bindings of a page you see three parts: on the left he bindings, in the middle the executables and on the right side the data control. The statement
  JUCtrlHierBinding model = 
                 (JUCtrlHierBinding) bindings.get("DepartmentsView1");
  access the binding, the tree binding to get the data. if you use the iterator which named 'DepartmentsView1Iterator' you are accessing the executable, the iterator itself. The comment now tell you that if you access the data via the tree binding, that you can change the underlying iterator to point to different data. This you can do without the need to change the code in the been, whihc is good as you (or we all) tend to forget that we have code working on the iterator, so changing things in the bindings will break the application.
  Timo

• Question about co signing or joint applicant

  My cousin asked me a question I didnt know the answer to.  So he dont have a job but his wife does.  Both of there scorea are in the 700s. They are looking to get a new car and he was wondering if he could be put on the loan even though he has no job.  Ant answers would be greatly appreciated.

  You want to use CA(Contains Any) because you want to know if there are ANY alpha characters here,  Contains Only would be if you wanted to test that it Only contains values other than alphas, in your case.
  if lv_value is initial
      or lv_value CA sy-abcde.
  endif.
  Regards,
  Rich Heilman

• How to generate csr for third party code signing cert?

  I've been reading about code signing, but can't see how to generate a csr to use with a third party CA. Does someone have a tutorial, link, suggestion?

  Hi,
  Here is an document which discussed on how to implement code signing with using third party certificate for you reference:
  http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/best_practices.doc
  For further suggestions, it is recommend you to get further support in the MSDN Forum so that you can get the most qualified pool of respondents.
  http://social.msdn.microsoft.com/forums/en-US/categories/
  Thanks
  Tiger Li 
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Renew code signing certificate

  I just wonder if there is any article about code signing with renewed certificate.  My Thawte certificate will expire soon. Let's say I renew it now and get the new certificate. My air app can update itself automatically when newer version is found. My question is, will my air app (older version signed with the old certificate) update successfully to the newer version (signed w/ renewed certificate)?

  You should use Migration feature to connect both versions of app.
  You can read Oliver's blg here:
  http://blogs.adobe.com/simplicity/install-update/

• Flash Builder Code Signing

  Hi.
  I have question about Code Singing Certificate for Adobe Air.
  I renew Code Signing Certificate to Adobe Air program in 'Flash Builder'.
  But, In program install, popup error and not installed.
  The error message is 'The application cannot be installed due to a certificate problem.
  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.'
  Why popup this error?
  If I want fix this error, what should I do?

  I should explain a little further to clarify.  If you have released an app to say, Google Play, but want to run an update to that app, then you'll have to use the exact Signing Certificate that you used to first compile the app.  Sometimes, developers forget the password that they used for the certificate, and think they can just issue another certificate under the same file name.  Unfortunately, it's not that easy.
  Now with that being said, you can still add another certificate to your app, and recompile it as normal....and everything will be fine again.  You just won't be able to upload that app to Google Play and "Update" the other app.  Make sense?

• A PKI Code Signing Certificate question.

  Hello,
  Can someone please help me with the following question.
  I have created and used a code Signing certificate from our Microsoft Enterprise CA before which works OK, but I am not sure I did it correctly, and have a few related questions please.
  what I did.
  1: Logged on the CA directly, went to the CertSvc web site, requested a code signing cert, issued it and exported it along with the private key.
  2: Imported the above certificate into CurrentUser/My store on PC and used it to sign code
  3: Took the came certificate (along with the private key, and this is where perhaps I made at least one mistake) and imported it into the 'Trusted Publishers' store the PC that will be running the signed code. This step was done so the user does not receive
  a message asking if they want to run the code signed by "AAnotherUser" as it were, as although the code is signed by a trusted CA, the user still gets this warning message as the 'Publisher' is not in the 'Trusted Publishers' list. Therefore the
  way I sorted this at the time was to take the whole certificate as above and import to this store.
  The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store? in other words should I have imported the certificate 'minus its
  private key' into the trusted publishers store?
  Also, I understand you have to have the certificate along with is private key to sign code. I am 'assuming' a Hash of the code is taken and this is signed (encrypted) with the private key (in the same way a CA signs a CSR for a WEBServer cert for example),
  is that correct i.e. is that what it mean to sign code?
  if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same value.
  Is this correct?
  My next question is regarding the private key. As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
  if the above is possible (which would make good sense to me I think) then I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me. It would also mean which every computer I logon to in the domain I would
  have access to the private key (but no other user) and therefore be able to sign code I assume. Does this last paragraph make sense can this be done/is this done?
  Basically I need to understand the above, in order to understand more about Crypto.
  I also need create a code signing cert for a 'department' of about 10 people. Therefore I was thinking about creating and AD account called 'XYZCorpCodeSigning' or what ever, and issuing a code singing cert to this entity. If the private key could be stored
  in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure, I think.
  I know there are several question above, but it would be great it they would be answered as I would help me understand more about how it all works and to solve a problem too
  Thanks very much
  AAnotherUser__
  AAnotherUser__

  > The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store
  yes, it is not correct. Only public part should be imported to a Trusted Publishers container.
  >  is that correct i.e. is that what it mean to sign code
  exactly. Encryption with private key and decrypting with public key is called "digital signature".
  > if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same
  value. Is this correct?
  yes. Client uses only public part of the certificate to validate the signature.
  > As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
  normally code signing certificates are not stored in Active Directory and should not be there, because signing certificate is included in the signature field.
  > I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me.
  this is wrong assumption. A user is responsible to protect signing private key from unauthorized use.
  > If the private key could be stored in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure
  wouldn't, because if something happens -- you will never know who compromised the key.
  as a general practice, we recommend to purchase at least few smart cards to store signing keys. Depending on a particular code development practice, there might be a dedicated employee (for example, manager of devs) who the only has access to a smart card
  (and PIN) and signs the code upon dev request. Or issue a dedicated smart card with unique signing certificate to each developer. However this will add a complexity in signing certificate trust management.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Had to change my Apple ID because the original email address is no longer valid.  How do I change the iCloud user name on iMac?  I found instructions about signing out of iCloud and signing back end.  It asks questions about contact, etc.

  Had to change Apple ID due to email address no longer valid.  Trying to change id for icloud...saw direction online about signing out of icloud and signing back in...when it ask questions about contacts, photos, etc. being deleted how do I answer those?  That just sort of freaks me out.

  For the ones that give you an option, select the option you want (keep on the Mac or Delete). For the ones that are simply warning you, click on Delete from Mac.
  They will all come back when you sign back on, since all you did was change your existing Apple ID to a new email address. It's the same iCloud account, just with a different name.
  It's the only way to get your updated ID signed onto iCloud.
  Cheers,
  GB

• Question about the Documentat​ion Tags for Source Code

  Hello,
  I have a question about CVI's automatic source code documentation. My problem is that is seems like you need to write all documentation for a specific tag on one line. If you don't, a line break will be inserted when the documentation is displayed. Suppose I want to write a large amount of documentation for the function itself, using the HIFN tag. If I don't want linebreaks to be forced in the documentation, I need to write all this documentation on one single line, which kinda messes up my code. If I split the documentation over several HIFN tags, the documentation displayed to the user might look messed up because of all the linebreaks. Is there any escape character I can put at the end of a line, allowing me to split the documentation of several HIFN lines without forcing linebreaks in the documentation?
  Thanks!
  GEMIDIS - Innovating Display Technology
  HQ Ghent, Belgium

  This information is certainly useful. Note, however, that it can also be found in the documentation
  Tag
  Description
  /// HIFN help text
  Specifies the help text for the function. Use multiple /// HIFN tags to display help text for the function on separate lines. To separate help text with an empty line, use /// HIFN on a line by itself. You also can use HTML tags, but you must enclose the tags in <HTML><BODY></BODY></HTML> tags.
  Example
  /// HIFN SampleFunction returns the value of a control.
  int SampleFunction (int controlID, ctrlType controlType, char label[], double *value)
       SomeAction;

• Some question about sql code

  for example:
  select
  from testtable
  outputs below results:
  item_desc
  950gapple(z)110ml*40
  650gbanana(z)215ml 1x18
  make above example outputs below result:
  item_desc
  a950gapplez110ml40
  a650gbananaz215ml1x18
  how to write above sql code?
  who can help me?
  thanks

  Jameel Provided solution to one of your other thread
  a question about sql code
  Try the below query. You can modify the TRANSLATE function to add the characters you want to remove from the string.
  select 'a'||replace(translate(str,'()* ','`'),'`') from testtable

• Question about port C++ code to C

  I have a newbie question about C++
  I'm being ask to port a C++ sharelib into a kernel driver for work so from C++ => C.  I'm not at all familiar with C++ but i'm making some leeway.  However i'm a little stuck, what does the following line of code in bold mean in C++ and how would I translate it into C code? 
  #include <deque>
  struct _buffer
      UINT8* buffer;
      UINT8 length;
  typedef deque< struct _buffer* > MSGQUEUE;
  I'm assuming it's type defining a deque of the struct _buffer???  but I'm confused by the <...>, what does that operator do in C++.  Is it defining a struct _buffer pointer within the deque??? 
  This might like a "DUH it means...." question to some people so sorry about the stupid question.
  --Vincent

  <> is template syntax and is generally the type of object a container holds..   So it is defining that the MSGQUEUE type is a deque holding struct_buffer*'s.

• A question about the execution order of java code

  I have a question about the order of the execution of java code.
  class myclass
  String str1 = new String("str1");
  static String str2 = new String("str2");
  static
  String str3 = new String("str3");
  myclass( )
  String str4 = new String("str4");
  static myfuntion()
  String str5 = new String("str5");
  When I new a myclass object, what is the order of execution about str1,str2.str3 ,str4?
  When I run myclass::myfunction( ) instead of new a myclass object what is the execution order about str1, str2, str3, str4, str5?
  Thanks

  hello,
  I think there may be one thing can't use println to make sure.
  class myclass
  static {  System.out.println("str1");   };
  myclass() { System.out.println("str2"); }
  then str1 appear before str2
  class myclass
  static {  String str1 = new String("str1"); };
  myclass() { String str2 = new String("str2"); }
  then
  str1 initilized before str2,
  str1 get the value str1----->after<----- str2.
  Am I right or wrong?

• About Profile manager renew code signing cert

  I am using the profile manager service in Mac OS X 10.7 Server.
  My code signing cert just got expired, and the serial no. is 1. So i followed the apple guide to renew the cert in terminal
  ipad:~ test$ sudo /usr/sbin/certadmin --recreate-CA-signed-certificate "ipad.example.com" "IntermediateCA_IPAD.EXAMPLE.COM_1" 1
  /usr/sbin/certadmin Cannot find the certificate: ipad.example.com
  I can renew the another one successfully but only this cannot renew, I don't know why (maybe related to the serial? too short?)
  Anyone know how to solve it?
  Thank you very much
  BTW, Any method can generate the cert for 10 years or renew the cert without re-enroll the device? because I don't want renew the cert every year and ask user enroll again.

  I am using the profile manager service in Mac OS X 10.7 Server.
  My code signing cert just got expired, and the serial no. is 1. So i followed the apple guide to renew the cert in terminal
  ipad:~ test$ sudo /usr/sbin/certadmin --recreate-CA-signed-certificate "ipad.example.com" "IntermediateCA_IPAD.EXAMPLE.COM_1" 1
  /usr/sbin/certadmin Cannot find the certificate: ipad.example.com
  I can renew the another one successfully but only this cannot renew, I don't know why (maybe related to the serial? too short?)
  Anyone know how to solve it?
  Thank you very much
  BTW, Any method can generate the cert for 10 years or renew the cert without re-enroll the device? because I don't want renew the cert every year and ask user enroll again.