Regarding apex security

Similar Messages

• Did you get a letter from adobe regarding a security incident?

  Hello Adobe forum participants. This may be my first and last posting. I recently received a letter from Adobe systems regarding a security breach. The letter said that my info was caught up in the digital snatch and grab opperation. The letter basically states that i should do the cover-your-financial-*** dance by monitoring my accounts and obtaining a free credit report. It also directed me to some good info provided by the Federal Trade Commission at consumer.gov/idtheft
  The most disturbing part of the letter came from it's recomendation that i activate my "complimentary membership" with protectmyid.com. Luckily before hitting return after filling out the first page of the sign-up page, I decided to google this company and see what was being said about them and their service.
  Long story made short, do some research before give away your sensitive info. I've never done business with this company, I have no personal knowledge of any wrong doing on their behalf but if you read the testimonials provided by people who signed up for the id-protection service you may find yourself pumping the breaks as I did.
  Why Adobe would recomend that we use this service is a mystery to me, and yes, I asked.
  I used the chat option under customer service and asked,
  "Can you please tell me why Adobe would direct me to a Company with questionable credentials to resolve the recent security problems you've been experience?"
  The person, whom I'm sure was providing me with scripted answers said this;
  "I would request you to write us an email to [email protected] and the relevant team will check on this and contact you back via confirmation email."
  Fair enough. The guy was scencere, empathetic, and very professional. I'll be sending that email to customer servicee as soon as i finnish this post.
  The bottom line is, I love the Adobe brand. The Creative cloud is an awsome service for a complete novice like me. Their are definate risks associated with doing business online but the only way to minumize them is to either discontinue your online commerce, or research the hell out of anyone claiming to be able to provide a service in exchange for sensitive finacial information. I need all three of my pennys. what about you?

  Thinking of signing up for the @adobe Creative Cloud? Some of these horror stories might change your mind. http://forums.adobe.com/community/creative_cloud
  Remember to change your passwords and check your bank account for the next several month to make sure the hackers  that got all that sensitive data from Adobe don't access your accounts.
  New Adobe Survey. If you are not happy with CC being the only choice, let them know. http://deploy.ztelligence.com/start/survey/survey_taking.jsp?PIN=16BNF7XXXKLNX

• APEX Security Integration To E-Business Suite

  Hi all,
  I am reasonably new to APEX and the Forum so please excuse me if this question has been posted previously.
  I am looking at creating applications that leverage the user and organization security that is inherent within E-Biz Suite to control access and data returned within my APEX applications.
  Environment Details:
  O/S: Sun Solaris Unix
  APEX: 3.0.1
  E-Biz: 11.5.10.2 (no SSO)
  APEX and E-Biz use same Apache HTTP Server
  I plan to access the APEX application from a custom Menu item on E-Biz and automatically authenticate the E-Biz user's credentials within APEX processes to determine USER_ID, ORG_ID, SECURITY_GROUP_ID, etc for access control of the returned data queries. The APEX application will be primarily reporting on E-Biz data.
  I would prefer to utilize APEX rather than built custom modules in Application developer Framework (ADF).
  Are there any whitepapers, best practices, or individuals experiences available on this subject that you could share with me please.
  Many thanks :-)
  Kind Regards,
  Gary.

  Hi Gary,
  maybe get in contact with Scott Spendolini from Sumner Technologies (http://sumnertechnologies.com/), I think these guys have some experience integrating APEX with eBusiness Suite.
  Patrick
  My APEX Blog: http://inside-apex.blogspot.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/

• MapViewer integrated in Apex - Securing MapViewer Cookie Issue

  Hello,
  I'm trying to secure my Mapviewer accesses. My MapViewer is contained in an apex page. As said in documentation (1.8.2) I have to used cookie to pass username(or what I want to authenticate the user) to the database. For doing this I have to put a package in my map schema and to configure datasource to use it.
  Package code(nothing special) :
  create or replace
  PACKAGE BODY web_user_info AS
  w_name VARCHAR2 (32767);
  PROCEDURE set_user(p_name IN VARCHAR2)
  AS
  BEGIN
  INSERT INTO TABLE1 VALUES('set machin');
  COMMIT;
  INSERT INTO TABLE1 VALUES('set_user:'||p_name);
  COMMIT;
  w_name := LOWER (p_name);
  END;
  PROCEDURE clear_user
  AS
  BEGIN
  INSERT INTO TABLE1 VALUES('clear machin');
  COMMIT;
  INSERT INTO TABLE1 VALUES('clear_user:'||w_name);
  COMMIT;
  w_name := null;
  END;
  FUNCTION get_user RETURN VARCHAR2
  AS
  BEGIN
  RETURN w_name;
  END;
  END web_user_info;
  Datasource definition :
  <map_data_source name="cuc"
  jdbc_host="localhost"
  jdbc_sid="xxxxx"
  jdbc_port="1521"
  jdbc_user="xxx"
  jdbc_password="xxxxxxxxxxxxx"
  jdbc_mode="thin"
  number_of_mappers="3"
  allow_jdbc_theme_based_foi="true"
  plsql_package="web_user_info"
  />
  It works like that except that it return J2EE authentication(oc4jadmin). set_user and clear_user are well executed.
  Cookie Issue :
  To make this work with cookie information I have to add a attribute to the datasource definition :
  web_user_type="LOGIN_USERNAME_COOKIE"
  This cookie is present in my apex page, details :
  Name     LOGIN_USERNAME_COOKIE
  Value     the_name
  Domaine (host)     localhost
  Chemin d'accès (path)     /apex/
  Sécurisé     non
  Expire le     À la fin de la session
  It doesn't work with my cookie, the clear_user is well executed but set_user is no more executed.
  Did someone already get through the cookie authentication feature ?

  yes i checked this site, but i still couldn't reach the answer of my challenge, in how to specify urlParamNQID and urlParamSID , how or where i can get value of these parameters or what should i pass there !?

• APEX Security: Multiple session cookies in one browser

  Hi all,
  I use mozilla firefox as web browser. When I open a new tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the session id and the browser the session cookie WWV_CUSTOM-F....
  When I now open the next browser tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the new session id and the browser the session cookie WWV_CUSTOM-F... with new content. My session from the first browser tab will be killed, because the session cookie for this session was deleted/replaced by the session cookie from the second tab.
  Is it possible to have multiple APEX sessions opened in one browser in multiple tabs?
  Regards

  Hi PaulP,
  it's simple.
  Unzip bsApex2 http://www.betasoftware.it/codice/bsApex2.zip
  If not installed, install Microsoft .NET Framework 4 Client Profile.
  Configure bsApex.exe.config
  <?xml version="1.0" encoding="utf-8" ?>
  <configuration>
    <appSettings>
      <!-- Application Title -->
      <add key="aTitolo" value="Apex Desktop by Beta Software snc" />
      <!-- Short application title -->
      <add key="aTitoloBreve" value="Apex Desktop" />
      <!-- Window height -->   
      <add key="aAltezza" value="960" />
      <!-- Window width-->
      <add key="aLarghezza" value="1200" />
      <!-- Close botton text -->
      <add key="aChiudi" value="Close" />
      <!-- Print botton text -->
      <add key="aStampa" value="Print" />
      <!-- Application icon-->
      <add key="aIcona" value="bsApex.ico" />
      <!-- Client -->
      <add key="aCliente" value="Apex Community" />
      <!-- Application address -->
      <add key="aIndirizzo" value="http://apex.oracle.com/pls/otn/f?p=23873:1" />
    </appSettings>
  </configuration>Run bsApex.exe, that's all.
  Regards,
  Gianluigi

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• Mail form editor: error message regarding "non-secure active code"

  Hi,
  I'm using the editor for mail forms in CRM 2007. I'd like to create a form containing pictures, personalized fields (e.g. salutation) and hard-coded text.
  However, when stepwise adding all of these elements, error message "The content you have entered may contain non-secure active code; so it has been deleted." is displayed in the screen where all elements are shown, so, some kind of WYSIWYG error message. It's not a message of the browser, it's displayed directly in the middle of the content screen and all text, images and fields inserted in the mail before are gone.
  Any idea?
  Regards
  Wolfgang

  Hi,
  In one of my previous project I had similar type of issues when designing the mail form, the HTML code changes were happening. SAP follows specific HTML version and you have to stick to that version when coding. Ideal would be design the HTML code and test it bit by bit to ensure that the same is acceptable.
  Regards,
  Deepak
  P.S. English word for ausführbaren is probably executable
  Edited by: Deepak Ahuja on Feb 10, 2009 1:28 PM

• APEX secure LDAP 636 S-LDAP

  I am looking for a secure way of connecting APEX to LDAP. I want the communication to be secure using port 636. Has anyone done this?? I have been looking for a link on google an Oracle but I have not had any luck. Both systems are linux and I am connecting to eDirectory. I have it working on 389 I just to encrypt the data connection.
  A step by step plan would be helpful
  Thanks in advance,
  JJ

  Create a new Authentication Scheme based on pre-configured scheme from gallery. Pick Show Login Page and Use LDAP Directory Credentials. You can use the standard page 101 login page or a custom one if you built it.
  You'll then be presented with the LDAP host page. You'll need to fill in the details for your installation. I used our LDAP IP address, port 389 and then in the LDAP DN string I used CSWG\%LDAP_USER%.
  This method only validates that the user is in LDAP. It does not incorporate any other group security. It's just a basic validation against LDAP.
  Hope you find this usefull.
  Bruce
  CSWG\ is valid for my shop, you'd need to subsitute yours for mine.

• Need opinions/links/etc... regarding Oracle security for a custom app

  Okay it's an open ended question but I need some help figuring out what we should be doing.
  We have an old legacy Sybase system written in Powerbuilder which they want to move to a web app. Great! That means we get new toys. Problem, it's a standalone system now being merged into a web system. We're looking at Oracle 10.2 and App Server to run everything. We're not sure about reporting yet.
  Here's my question. What/how is everyone using for user account security? I'll have say 5000 users at different locations in the world. Let's say you have sites A, B and C. I'll ultimately need to be able to allow Mr. Smith at Site A to create info which nobody at site B or C is allowed to see. But then Mr. Smith's manager should be allowed to see all the work done by his people so he technically has visibility to everything at site A regardless if he created it or not. The company VP & Presidents need to see everything from sites A, B and C. (Also possibly allow someone to 'grant' access to another person's info. ie - someone at site A allowing someone at site B to view their info by some interface setting)
  Now there's a second level of sensitivity. Say unclassified, classified and top secret. Each employee, regardless of where they sit in the heirarchy tree above, can only see documents up to their sensitivity level. So someone with classified access can see unclassified and classified items, but not top secret.
  Now I've looked at Oracle row level security and it looks like exactly what I'll need but that means that every user, needs to be a database user? I've never worked with something like that. The only other way I'm aware of doing this, would be have the application developers code all the checks into the system based on user info. That leaves lots of maintenance headaches and we will need a reporting tool so then we have to recreate all that info on the report side as well. (which is actually the way the current standalone system works. One main user to do the connections, then we have a "user table" to check rights, password & so forth).
  Is it unheard of to create a custom app (that's the key, there is no COTS for this), then have all the user accounts be stored as actual Oracle users? For a web app, I'm used to a single user being the "pass through" for any connections to the database then pass that back to the user. Are there any considerations or tricks to integrate Oracle user creation into the system or it's as simple as have the app run the correct sql from an account with the correct permissions?
  How else can this be done or how else is everyone doing it? Any links to info would be great and most appreciated. Stories and how you did it type of info is also real good!
  Thanks.

  Pierre,
  That helped a lot. I ended up ordering one of Tom's recommended books on security. I also was able to find a few examples (once I figured what I needed to be looking for) that got me up and running with a test instance to play with.
  Thank you very much!

• Regarding BW security

  Hi All,
  Could you please share some BW Security documents.
  This is very Urgent...Please...
  Thanks
  Vasu

  Hi,
  Check these below links.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.highlightedcontent?documenturi=/help/sdn_nw04/saphelp_nw04/helpdata/en/52/671595439b11d1896f0000e8322d00/content.htm
  http://help.sap.com/saphelp_bw33/helpdata/en/be/076f3b6c980c3be10000000a11402f/frameset.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/39f29890-0201-0010-1197-f0ed3a0d279f
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/adeac294-0501-0010-5a97-9ac5d562b1be
  hope this helps
  Thanks,
  Sankar M

• Regarding the security code to connect my iPhone to iTunes.

  Is there any way to use the computer to do the security code? My iPhone is destroyed and I need to do the security code to be able to take a backup of it. Please help me!

  people repairing iphones aren't able to do it. if you've made a backup in itunes prior to right now, you can restore from that backup even if you've got a passcode lock on the device by putting it into DFU mode. However, you're saying that you're trying to back up your device which can only be done if the phone isn't locked with a passcode. If there were a way around this, people could steal other people's phones with passcode locks on them, plug said stolen phone into a computer, bypass the lock, then make a backup of someone else's information. This simply cannot be done for security reasons

• Regarding Apex Report

  Hi all
  Anyone know how to compose a well-formatted form and report in APEX? Currently we are using ACCESS and SQL Server Reporting service to make formatted report (User can print them out, fill in and archive then), but I haven't found any in APEX. I know creating a page as HTML may be one of the solution but we have to customize it with a huge effort. Is there any other express way of doing this?
  Thanks
  Daniel

  Have you tried using the PDF Printing option for the apex reports? Search this forum on pdf printing. There are also some other options for a more professional layout.
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.opal-consulting.de/training
  http://apex.oracle.com/pls/otn/f?p=31517:1
  ------------------------------------------------------------------------------

• Regarding ADF Security

  hi,
  I have enabled the ADF security from application --> configure ADF Security .
  while configuring ADF Security Wizard,
  1>i have selected the ADF Authentication model/ form Based Authentication .
  2> in the Application roles I have added a role (manager). and added a user in that *(manager1).*
  In my application i have 3 pages*.(home.jspx, search.jspx, setting.jspx)*
  1>in home.jspx i have 2 go links to the search and setting pages i.e. search and setting respectively.
  here my requirement is only the user with role manager should be able to access the setting page. I tried it by using granted to roles in the edit
  authorization of setting.jspx. but it is of no use i.e allows all the users to access the setting page.
  can anybody suggest any idea?....

  hi Frank,
  Thanks for the reply. i just followed what you have told ..i.e
  While configuring adf security i selected adf authentication and authorization with no automatic grants. and after successful log in it should go to the home.jspx.
  in the application role setting ...
  1> i created a role manager.
  2> added a user manager1 to role manager
  3> created a application role appmanager
  4> added manager to appmanager.
  and in the application policy setting
  1> for home page and search page - ( granted to role= anonymous_role)
  2> manager setting(pagdef) - (*granted to role = appmanager*)
  Here the problem is , after giving username and password when i click on submit it is giving an error that Error 500--Internal Server Error how can i solve this?...

• HT5312 i could not received email regarding reset security question

  Dear apple staffs,
  I forgot my security question to purchase apps on store but after I press reset security question and I send email  until now until i can't receive the email. pls. reply.

  Hi there,
  Why dont you just change your Apple ID (your email)? Make a new Apple ID and do the security questions that you will remember. Also, make sure you write down all the info with your Apple ID for later refrence.
  To create a new Apple ID, follow the easy steps below:
  Settings > Itunes and App stores > Tap "Apple ID: (YOUR APPLE ID IS HERE!)" > Tap "Sign Out" > Tap "Create New Aple ID"

• Regarding PDF Security

  Hello,
  We recently created a PDF, and specified in Distiller v. 8.1.3 that the PDF be accessible for reading only if the user enters a password. We also specified that no one can change the document without a separate and different password.
  However, when this PDF is opened up in a common tool called CreativDoc PDF Editor, and the read password is entered, anyone can change the doc to their heart's content. They can also then save the document (with or without changes), and the password restrictions are removed.
  Do these controls in Distiller really actually secure the doc? Is there any way to actually completely secure the document? We noticed that in Adobe software, we were not able to remove the password restrictions. Apparently, Adobe is the only software that honors these restrictions?
  We want the users of the PDFs to be able to open them (with a password). We don't want them them to be able to change the documents. Is there actually anyway to keep them from changing the document using readily-available software?
  I searched google for more information, and came across the following article:
  http://www.cs.cmu.edu/~dst/Adobe/Gallery/PDFsecurity.pdf
  Are the conclusions of the author of this document true?

  If I tell you I will have to kill you.
  Many 3rd party products do not honor Acrobat's password security. You can use digital certificates and policy servers for better security.
  There is always a way around security, it is just a matter of time and money.
  And if I can print a PDF, and then scan the PDF, OCR the PDF, I will be able to edit the PDF.