Regarding security in Xi

Similar Messages

• I received a pop up regarding security certificates when opening a PDF document today.  Is it safe to say "yes" to the installation of the security updates?

  I received a pop up regarding security certificates when opening a PDF document today.  Is it safe to say "yes" to the installation of the security updates?

  If you opened it with Adobe Reader, then yes: "Yes" is safe (I just did the same thing one minute ago).

• Regarding Security in OBIEE

  Hi,
  We have 4 regions like UK, India, US, Japan.. when ever UK users logins to OBIEE the dashboard should get defaulted to UK region and user should see UK reports only.
  Similarly if a Japan, US users logins he should see reports corresponding to his region.
  At present we have a prompt where user select the region from the prompt . How to implement the security for this..
  Thanks

  Hi,
  Do the following steps and let me know if it was helpful:
  1. Create a separate table say table1 which will contain the USERID and REGION columns.
  Eg. User1 Region1
  User1 Region2 and so on
  2. Import the table in the physical layer. No need to create BM for it.Check in and save.
  3.Go to Manage - Variables and create a Session - Initialization Block with connection pool pointing to above table and query as select 'REGION1' ,REGION from table1 where USERID=(':USER')
  4. After the block is created go to Business Model and the table in which you want to implement the security.
  Table - Sources - Content tab - add the following in the where clause
  MAINTABLE.REGION IN (VALUEOF(NQ_SESSION."REGION1"))
  Save the rpd. Log in and check if it is working.
  Regards,
  Swati

• Please help me regarding Secure RMI Applet Application

  Hi Friends..
  Currently i use Java Card 2.2.1..
  I'm learning about SecureRMIDemo application that shipped with JCDK 2.2.1..
  Assume that i've loaded the SecureRMIApplet.cap successfully, and i've created the Secure RMI Client using SmartCardIO..
  And then i tried to do any process provided by Purse interface, such as debit, credit, setAccountNumber, etc..
  But i got this error message :
  java.rmi.RemoteException: Signature mismatch
       at com.sun.javacard.javax.smartcard.rmiclient.CardObjectFactory.throwError(Unknown Source)
       at com.sun.javacard.javax.smartcard.rmiclient.CardObjectFactory.throwException(Unknown Source)
       at com.sun.javacard.javax.smartcard.rmiclient.CardObjectFactory.getObject(Unknown Source)
       at com.sun.javacard.ocfrmiclientimpl.JCRemoteRefImpl.parseAPDU(Unknown Source)
       at com.sun.javacard.ocfrmiclientimpl.JCRemoteRefImpl.invoke(Unknown Source)
       at com.sun.javacard.samples.SecureRMIDemo.SecurePurseImpl_Stub.setAccountNumber(Unknown Source)
       at testRMIClient.SecureRMIClienrt.main(SecureRMIClienrt.java:27)Yes, i know that, that error message required to ensure that the application run in the Security context..
  But for me, who just getting started to Java Card Security, it becomes a problem... :(
  The message error tells that the Signature is mismatch..
  And then how to set this Signature before do any process in the SecureRMI Client application?..
  Since there's no way to set the Signature through Purse interface..
  Please help me regarding this..
  Thanks in advance..

  Thanks Shane for your reply..
  does it mean i've to send APDU?.. Because in the MySecurityService class code there's method that checks the CLA and INS byte..
  Or can i send an APDU Object while we're using the Java Card RMI Application mode?..
  Actually, in my opinion, i would say that if we use RMI mode, we don't need APDU Command anymore..
  Please correct me if i'm wrong..
  Thanks in advance..

• Regarding Security In SAP XI

  HI All,
  What is the Purpose of Security in SAP XI ???
  When We will USe it And How We Will Use this ????
  Regards
  Vamsi

  Krishna,
  If your user id is not secure then you can do any changes in XI. So to control this we need to have some secured roles for every user.
  It is used for message level security also. Check this document:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Regards,
  ---Satish

• Bit of a strange question regarding security and internet connection

  This is a bit of an odd question so bear with me for a moment.
  I sold my old G4 to someone I didn't know yesterday. While he was looking at it to make sure it was working I allowed him to plug my ethernet cable in (connected to both a netgear router and a cable modem) and go online to install an application on the computer he was buying. It did't take long and I didn't actually see what he installed but after he left and I plugged back in to my mac pro, my internet connection started suffering. It started by being very slow and then timing out with servers. I reset the modem and even bypassed the router but the connection did not improve and eventually I could only get a self assigned IP address with no internet, although the modem appeared to be fine.
  Aside from finding my I.P. address at my location, is there anything else he could have compomised security wise, either in the name of harvesting some kind of info or just creating a problem in the cable network when I let him use my connection on the g4?
  I think that most likely I'm being a little paranoid but the timing of this is a bit strange. It literally went down hill just after he left.
  Today the cable company is reporting a wider internet outage than just me but I just though I'd throw it out there to see if there are any security wholes exploitable when someone uses your internet connection (I would think and hope that there are not).
  thanks a bunch

  Well, in the closing the stable door approach it is a good idea to do a complete erase and install when selling any computer. There's lots of references to this and even one about removing a certain file so when they start up they get the brand new Mac greeting window. If you do not erase the drive using the secure erase feature in Disk Utility then with an $80 investment plus an empty spare drive the purchaser can likely recover any files you had on the computer recently if they consider it worth the effort.
  I suspect the internet issue is not related to this, especially since your ISP commented about problems.

• I did not recieve an email regarding security question at  rescue email address

  i forgot my security question answers and i asked to send me the information on my rescue email . but, i did not receive any emails despite sending it successfully from apple
  mac book pro ,OS X 10.9.4

  You need to ask Apple to reset your security questions; this can be done by clicking here and picking a method, or if your country isn't listed, filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (111158)

• Does anyone have any information regarding securing data.

  I want to secure data to assure that each department can only view their own PO's, req's, invoices and payments. Can anyone provide or direct me to the documentation on this? Thank you for any help.

  Hi,
  You can try using security hierarchy or other appropriate document security control, but I'm afraid it only works for purchasing document
  One way is to separate the OU, but that would take an implementation and maintenance effort
  Gerry

• Question Regarding Security Updates 2006-005 and 2006-006?

  Okay I just noticed Apple Security Update 2006-005 and 2006-006 are available for download. Has anyone had any problems with these updates? I remember the Security Update 2006-001 was a nightmare for me -- Safari was broken after that update I had to do a complete OS reinstall then re-update to Mac OSZ 10.3.9 Panther and I only want to update if the likelihood of any problems occuring is very slim. Anyone running Mac OS X on PowerPC chips (i.e. using a PowerBook, an older iMac, Mac Mini, PowerMac etc) or on Intel chips (i.e. MacBook Pro, the new iMacs, new Mac Mini's etc) with Mac OS X Panther, Mac OS X Tiger etc having any problems with either update?

  (10.3.9 Client) seems to have broken my CS2 Version Cue after loading Security Update 2006-006 via Software Update - 27MB or something.
  Though afterwards all apps (Illustrator 12.0.1, Acrobat 7.0.8, PS 9.0.1 and InDesign 4.0.4) open and run fine, Version Cue disappeared from the Desktop Menu and System Preferences and says it's no longer installed, all this immediately after loading the Update and restarting.
  Two restarts and a Repair Permissions haven't resolved the issue. I've downloaded the stand alone Update and have run that but without any luck. I'd had no history of any trouble with any Security Update prior to this, and have run good maintenance schedules.
  I've not seen any other posts or related issues to mine, so maybe it's just my isolated event?

• Question regarding security on this forum please

  I am new here (am assuming label 'Newbie' is related to posts etc?) - can anybody help with this please?  When I click on my user ID when I'm signed in I can see my email address under 'Public Statistics' - yet I can't see anybody else's. Is it only me that can see it? I ask because I really don't want my email address visible in case spam robots read it - this might be a silly question to an experienced user of this forum but do I need to worry? Thanks! Dave T.
  Solved!
  Go to Solution.

  No probs
  Ah, beginner status already - you could have a quick read of http://community.bt.com/t5/Forum-Guidance-Ideas/Ranking-structure/td-p/145 for a bit (12 pages!) of info regarding the ranking structure.
  -+-No longer a forum member-+-

• Question regarding security of "applets"

  As a novice "apple scripter", (since 2012) I was wondering if anyone knows how good the security is for an applet saved as "run only" I have read that one would need a decompiler, to penetrate security but the  writer said he had never seen one!
  The reason is that I have recently written a script that actually works! and it is a encryption tool to encrypt r.t.f.documents  in "text edit" and of course another to decrypt. (with a password dialog box). figured this would be useful for storing all sensitive info on my computer and in e-mails etc, so security is important to it's function.

  If you want to encrypt, why not use openssl?  It's already in OS X.
  Here's an Applescript wrapper to openssl-aes I wrote a few years ago:
  Encrypt:
  on run
            set f to choose file with prompt "Select file to encrypt:" default location alias (the path to desktop folder as text)
            my proceed_(f)
  end run
  on open f
            if (count of f) is not equal to 1 then
                      display dialog ("More than 1 file was selected") with icon stop buttons {"Cancel"} default button 1 with title "openssl aes-256"
            else
                      my proceed_(f)
            end if
  end open
  on proceed_(f)
            tell application "System Events" to set finfo to the properties of (f as alias)
            if kind of finfo is "Folder" then
                      display dialog (name of finfo & " is a Folder") with icon stop buttons {"Cancel"} default button 1 with title "openssl aes-256"
            else if kind of finfo is "Alias" then
                      display dialog (name of finfo & " is a an Alias") with icon stop buttons {"Cancel"} default button 1 with title "openssl aes-256"
            end if
            set pass1 to text returned of (display dialog "Please enter your password" default answer "" with title "openssl aes-256" with hidden answer)
            set pass2 to text returned of (display dialog "Please verify your password" default answer "" with title "openssl aes-256" with hidden answer)
            if pass1 is not equal to pass2 then
                      display dialog "Passwords do not match!" with icon stop buttons {"Cancel"} default button 1 with title "openssl aes-256"
            end if
            set encryptedFile to (f as string) & ".aes"
            tell application "Finder"
                      if exists encryptedFile then
                                set answer to the button returned of (display dialog (name of finfo & ".aes exists. Overwrite?") with icon caution buttons {"Yes", "No"} default button 2 with title "openssl aes-256")
                                if answer is "No" then
                                          error number -128 --> Cancel the script
                                end if
                      end if
            end tell
    -- encrypt:
            do shell script "/usr/bin/openssl aes-256-cbc -salt -in " & quoted form of POSIX path of f & " -out " & quoted form of POSIX path of f & ".aes" & " -k " & quoted form of pass1
    activate me
            set answer to the button returned of (display dialog ("Encryted File: " & name of finfo & ".aes" & return & return & "Secure Delete " & name of finfo & "?") buttons {"Yes", "No"} default button 2 with title "openssl aes-256")
            if answer is "Yes" then
                      do shell script "/usr/bin/srm -z " & quoted form of POSIX path of f
    activate me
                      display dialog name of finfo & " deleted" buttons {"Done"} default button 1 with title "openssl aes-256"
            end if
  end proceed_
  Decrypt:
  on run
            set f to choose file of type "aes" with prompt "Select AES file to decrypt:" default location alias (the path to desktop folder as text)
            my proceed_(f)
  end run
  on open f
            if (count of f) is not equal to 1 then
                      display dialog ("More than 1 file was selected") with icon stop buttons {"Cancel"} default button 1 with title "openssl aes-256"
            else
                      my proceed_(f)
            end if
  end open
  on proceed_(f)
            tell application "System Events" to set finfo to the properties of (f as alias)
            if kind of finfo is "Folder" then
                      display dialog (name of finfo & " is a Folder") with icon stop buttons {"Cancel"} default button 1 with title "openssl aes-256"
            else if kind of finfo is "Alias" then
                      display dialog (name of finfo & " is a an Alias") with icon stop buttons {"Cancel"} default button 1 with title "openssl aes-256"
            else if type identifier of finfo is not "dyn.age80c3px" then
                      display dialog (name of finfo & " is not an AES Encrypted File") buttons {"Cancel"} with icon stop default button 1 with title "openssl aes-256"
            end if
            set pass1 to text returned of (display dialog "Please enter your password" default answer "" with title "openssl aes-256" with hidden answer)
            set encryptedFile to f as string
            set theReversedFileName to (reverse of (characters of encryptedFile)) as string
            set theOffset to offset of "." in theReversedFileName
            set decryptedFile to (reverse of (characters (theOffset + 1) thru -1 of theReversedFileName)) as string
            set decryptedFileBaseName to do shell script "/usr/bin/basename " & quoted form of POSIX path of decryptedFile
            tell application "Finder"
                      if exists decryptedFile then
                                set answer to the button returned of (display dialog (decryptedFileBaseName & " exists. Overwrite?") with icon caution buttons {"Yes", "No"} default button 2 with title "openssl aes-256")
                                if answer is "No" then
                                          error number -128 --> Cancel the script
                                end if
                      end if
            end tell
    -- decrypt:
            try
                      do shell script "/usr/bin/openssl aes-256-cbc -d -salt -in " & quoted form of POSIX path of encryptedFile & " -out " & quoted form of POSIX path of decryptedFile & " -k " & quoted form of pass1
            on error m number n
                      try
                                do shell script "/bin/rm " & quoted form of POSIX path of decryptedFile
                      end try
    activate me
                      display dialog "Bad decrypt." & return & "Possible incorrect password." & return & return & "Deleting output file " & decryptedFileBaseName & " (if it exists)." with icon stop buttons {"Done"} default button 1 with title "openssl aes-256"
                      error number -128 --> Cancel the script
            end try
    activate me
            display dialog name of finfo & " decrypted" buttons {"Done"} default button 1 with title "openssl aes-256"
  end proceed_

• Receiving pop ups to secure my files and when I log into any website i get directed to a site with a pop up regarding security.  I assume I have a virus and not sure how to fix it

  I am receiving pop ups to security sites to secure my files etc.  I assume I have a virus but not sure how to fix it.

  There is no need to download anything to solve this problem.
  You may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
  Back up all data before making any changes.
  One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
  If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
  Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
  Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.

• Regarding security update for Flash Player 9 (Flash Player 9,0,124,0)

  We are facing issue in STOMP client because of newly
  implemented restriction on flash player.(
  http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html).
  Because of this, Our STOMP client is not able to get messages
  from activemq.
  We have tried to add socket meta files as discussed in others
  article but we were not able to get solutions.
  We have done below stuffs.
  1) Added LoadPolicy code in stompclient for getting
  policyfile from server running on 80 port.
  2) Also set xmlSocket as load policy to get connection from
  stompclient to Activemq.
  1) PolicyFile.xml(loading this also in STOMPClient.swf)
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM
  "/xml/dtds/cross-domain-policy.dtd">
  <!-- Policy file for xmlsocket://socks.example.com -->
  <cross-domain-policy>
  <!-- This is a master-policy file -->
  <site-control
  permitted-cross-domain-policies="master-only"/>
  <!-- Instead of setting to-ports="*",
  administrators can use ranges and commas -->
  <!-- This will allow access to ports 123, 456, 457, and
  458 -->
  <allow-access-from domain="*" to-ports="*" />
  </cross-domain-policy>
  2) Flash players logs(using debug version of Flash player)
  Error: Request for resource at xmlsocket://192.168.1.12:61613
  by requestor from
  http://127.0.0.1/blackwells/bid/stompclient.swf
  is denied due to lack of policy file permissions.
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/ladyguinn.swf
  OK: Searching for <allow-access-from> in policy files
  to authorize data loading from resource at
  xmlsocket://192.168.1.12:61613 by requestor from
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Policy file accepted:
  http://192.168.1.12/crossdomain.xml
  Warning: Timeout on xmlsocket://192.168.1.12:61613 (at 3
  seconds) while waiting for socket policy file. This should not
  cause any problems, but see
  http://www.adobe.com/go/strict_policy_files
  for an explanation.
  Error: Request for resource at xmlsocket://192.168.1.12:61613
  by requestor from
  http://127.0.0.1/blackwells/bid/stompclient.swf
  is denied due to lack of policy file permissions.
  OK: Root-level SWF loaded:
  http://mail.google.com/a/sigmainfo.net/im/sound.swf
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/ladyguinn.swf
  OK: Root-level SWF loaded:
  http://mail.google.com/a/sigmainfo.net/im/sound.swf
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/bill.swf
  OK: Searching for <allow-access-from> in policy files
  to authorize data loading from resource at
  xmlsocket://192.168.1.12:61613 by requestor from
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Policy file accepted:
  http://192.168.1.12/crossdomain.xml
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/bill.swf
  OK: Searching for <allow-access-from> in policy files
  to authorize data loading from resource at
  xmlsocket://192.168.1.12:61613 by requestor from
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Policy file accepted:
  http://192.168.1.12/crossdomain.xml
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Root-level SWF loaded:
  http://127.0.0.1/blackwells/bid/bill.swf
  OK: Searching for <allow-access-from> in policy files
  to authorize data loading from resource at
  xmlsocket://192.168.1.12:61613 by requestor from
  http://127.0.0.1/blackwells/bid/stompclient.swf
  OK: Policy file accepted:
  http://192.168.1.12/crossdomain.xml
  Warning: Ignoring <site-control> tag in policy file
  from
  http://192.168.1.12:843/policyfile.xml.
  This tag is only allowed in master policy files.
  Warning: Domain 192.168.1.12 does not specify a meta-policy.
  Applying default meta-policy 'all'. This configuration is
  deprecated. See
  http://www.adobe.com/go/strict_policy_files
  to fix this problem.
  OK: Root-level SWF loaded:
  http://192.168.1.12/blackwells/bid/stompclient.swf
  OK: Root-level SWF loaded:
  http://192.168.1.12/blackwells/bid/ladyguinn.swf
  OK: Searching for <allow-access-from> in policy files
  to authorize data loading from resource at
  xmlsocket://192.168.1.47:61613 by requestor from
  http://192.168.1.12/blackwells/bid/stompclient.swf
  Warning: [strict] Ignoring policy file at
  xmlsocket://192.168.1.47:843 due to incorrect syntax. See
  http://www.adobe.com/go/strict_policy_files
  to fix this problem.
  Warning: Timeout on xmlsocket://192.168.1.47:61613 (at 3
  seconds) while waiting for socket policy file. This should not
  cause any problems, but see
  http://www.adobe.com/go/strict_policy_files
  for an explanation.
  Error: Request for resource at xmlsocket://192.168.1.47:61613
  by requestor from
  http://192.168.1.12/blackwells/bid/stompclient.swf
  is denied due to lack of policy file permissions.
  3) Setting below load policy files in stompclient.mxml
  flash.system.Security.loadPolicyFile("
  http://" + server + "/crossdomain.xml");
  //flash.system.Security.loadPolicyFile("
  http://" + server + "/policyfile.xml");
  flash.system.Security.loadPolicyFile("xmlsocket://" + server
  + ":"+port);
  4) we have also changed crossdomain.xml (this is using Schema
  instead of DTD as <site-control > is not there in DTD)
  <?xml version="1.0" encoding="UTF-8"?>
  <cross-domain-policy xmlns:xsi="
  http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="
  http://www.adobe.com/xml/schemas/PolicyFile.xsd">
  <allow-access-from domain="*" />
  <site-control
  permitted-cross-domain-policies="master-only"/>
  </cross-domain-policy>

  You're welcome!
  Flash is still the same CPU hog... Good that there's [ClickToFlash|http://rentzsch.github.com/clicktoflash>!

• Regarding Security Aspects

  Hi All,
  I have been working for a project that uses OBIEE for reporting purpose mainly.
  I have designed a repository. I have following issue in security aspects.
  1> Can we restrict users to acess specific BMM Layer. Suppose i have created two BMM , one as BackOfficeBMM and SalesBMM. Any one who logs in the repository is able to access the any of the BMM. Can we set up a mechanism that the type of user is Sales so, only SalesBMM is visible to him? Or if both are visible then access restriction.
  2> Can we implement data access based on hierarchy that is row level security. Suppose i have a hierarchy in which i have Manager--> Asst. Managers-->Sales Persons Team lead--> Sales Person. That is if i logs in as manager then i am able to see reports based on total data. But if i logs on as Sales Persons Team lead then i am able to view same reports with filtered data based on his access.
  3>We can implement external table authentication by using OBIEE. But after implementing this i am not able to access my repository. Even with the administrator login. Is it necessary to define the groups and users in the repository? Can't we bring the users and groups from the external table?
  4>We can implement external table authentication. But it works on the table that has plain password. What if the table that i am using to access the authentication value has encrypted password?
  Pls help me to clear these concepts.
  I have gone through the Server Administrator guide and it provide some basic idea but if any one can provide some working example so that i can have an idea to move forward in this.
  Waiting eagerly for replies.
  Thanks in advance.
  Ashok

  Please reply if any body have any idea.
  Any suggestion will help me to move further.
  Thanks

• Any suggestions regarding security software for my MacBook?

  Just picked up a new MacBook Pro. What are the guidelines for security software (malware/spyware/anti-virus)? I have access to Norton Security Suite from Comcast. Would that be o.k. to load or would it cause problems?

  The only "need" to have an anti-virus software is if you exhange emails with Windows users and do not want to be beaten up by them when forwarding a virus infected mail.
  There are two free solutions available (ClamAvX and Sophos) that work quite well without slowing down the Mac too much.
  Although I have one of these AV apps installed, I have never come across any mail virus on my Mac over the last decade.
  No other software needed, just the usual setup for every computer:
  disable auto-login
  enable the internal firewall if your router does not have one (or you do not have a router)
  activate the password lock for the screen saver
  use your brain while browsing the internet
  The last topic is most likely the most important one