Script and Security

Similar Messages

• When trying to creat a desktop icon, it does not go to the URL.....instead I get 'script' and not a website......the script has http//etc but I am not directed to the website......I previously had IE 8 (on Vista).....is that the problem...

  Question
  When trying to create a desktop icon, it does not go to the URL.....instead I get 'script' and not a website......the script has http//etc but I am not directed to the website......I previously had IE 8 (on Vista).....is that the problem?I do not have any installed plugins....at least none that I know of.....remember I am a new user......Basically, the desktop icon is not going directly to the Mozilla FF to get me to the web site I need to go to.....FF works when I use the Mozilla FF icon.....just not the icons I create.....THANKS!!! I have also tried reinstalling FF and get the same results.....HELP!!!

  The address beginning with file:/// denotes a saved file (local file). The file may not be present. You can try dragging the site icon of this page on the left edge of the location (Address) bar and release it on the desktop. Please try opening it. If it still shows an error it could be a problem with the system's zone permissions. You can try setting each zone in the Windows Control Panel or IE > '''Internet Options''' > '''Security''' tab to '''Default Level'''.

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• SAP XI: How To Write Shell Script And use it in File Adapter On XI Server

  Hi,
  I want to split file at sender side in XI using Shell Script and then after i want to do
  Mapping.
  Can anyone tell me what exactly it means "write a script in UNIX shell on XI SERVER"?
  Regards,
  Akshay.

  Hi,
  You can execute a Unix script running in the XI server from the File communication channel. Ie. if you want to do something which was not part of XI adapter configuation , then you can make use of external unix script and you can execute those from the XI.
  For this, write a unix script and place in the XI OS level provided that path is accessible from PI Channel.
  E.g
  So u can use this in either Sender Channel to modify the data before it reaches into the Integration Server or in Receiver channel it is generally used to transfer the files into different location via Secure FTP
  SAP help: http://help.sap.com/saphelp_nw2004s/helpdata/en/bc/bb79d6061007419a081e58cbeaaf28/content.htm
  Blog:/people/sameer.shadab/blog/2005/09/21/executing-unix-shell-script-using-operating-system-command-in-xi
  XI  can be in any OS.
  Hope this helps,
  Rgds,
  Moorthy

• IE 11 Restricting Running Scripts and ActiveX Controls on Local Files

  I have been coding for my MediaWiki pages and needed to test these pages with IE 11. However, whenever I open a file in IE 11, an annoying message saying "IE 11 Restricted this website from running scripts and ActiveX controls." How do I do a
  one-time fix to stop this from happening in future to local files?

  to test your WEBSITE.... publish it to a web server. eg. localhost/test.local
  web servers and browsers use http(s), not the file: protocol.
  Questions regarding Internet Explorer 8, 9 and 10 and Internet Explorer 11 for the IT Pro Audience. Topics covered are: Installation, Deployment, Configuration, Security, Group Policy, Management questions. If you are a consumer looking for answers or to
  raise a question, it's highly recommended you head on over to http://answers.microsoft.com/en-us
  Rob^_^

• User provisioning  Calc Scripts and Filters overlapping

  User Provisioning.
  Calc Scripts and Filters.
  When assigning filters, it works great, sets the right user roles to read and/or write on different members of a base.
  But then, "calc" rights override the Filters settings, allowing the user to write on the entire members and childs of the DataBase.
  Is there any way to assign Calc Scripts and widen the user rights through filters or some other way to prevent writting access to the entire members?
  Regards.
  Running on:
  Windows 2003 R2 x64.
  Essb 9.3.0.0.0
  Running on:
  Windows 2003 R2.
  SharedServices 9.3.0.0.0 WebLogic Express Based.

  Hi and thank you very much for your answer.
  I have, exactly 9.3.0.0 both, Essbase (now Analytic Server) and Shared Services, and yes, you're right about your comment, but the problem is I don't manage the security from EssBase I do it from SharedServices, because the EssBase users was "Externalized" and now all the security settings are managed with SharedServices.
  A coworker said me the same you did, but I think we can't do that any more because the security externalization.
  I really apreciate your help and time.
  Thanks
  Adrian

• Query By Example and security issues

  HI,
  I have started looking at security issues in our ADF application.
  Is the default implementation of Query By Example (QBE) on a table safe from Cross Site Scripting and SQL Injection?
  In other words, can a user enter some value in a QBE input field that can either:
  - execute a malicious script (CSS)
  Or
  - somehow change the underlying will change the SQL query
  I am more worried about SQL Injection as QBE takes input from a web user, and makes a corresponding SQL query to the database.
  Are there any ways to prevent any of these?
  Thanks

  Timo thanks for your answer.
  So far I am confident on the following (based on responses and other reading):
  1) default implementation of Query By Example (QBE) (e.g. search fields) is "safe /safer" from/on SQL injection issues.
  2) User entered data  via non QBE fields (I assume this is "For other input text you" Timo mentions) should by checked against special characters (> < etc) to "prevent " cross side scripting.
  However, should I do 2) for QBE filters on alphanumeric columns (default implementation) ? I can do it, but if I do it I would loose some searching functionality
  as >, < are valid wildcard characters.
  Thanks

• Why do I always get a message saying unresponsive script and I often get a message that Firefox is unresponsive

  I get a message quite frequently, like every time I'm on the computer, that says Warning-unresponsive script and I can click continue if I want. Also Firefox is unresponsive quite often. A quick visit on the computer turns into an hour long event.

  Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
  See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
  Your above posted system details show outdated plugin(s) with known security and stability risks.
  * Shockwave Flash 10.0 r45
  * Java Plug-in 1.4.2_03 for Netscape Navigator (DLL Helper)
  Update the [[Java]] plugin to the latest version.
  *http://java.sun.com/javase/downloads/index.jsp (Java Platform: Download JRE)
  Update the [[Managing the Flash plugin|Flash]] plugin to the latest version.
  *http://www.adobe.com/software/flash/about/

• SQL Server upgradation Issue : 2012 to 2014. A job step received an error at line 1 in a PowerShell script. The corresponding line is 'set-executionpolicy RemoteSigned -scope process -Force'. Correct the script and reschedule the job.

  Message
  Executed as user: CORPTST\XXXXX. A job step received an error at line 1 in a PowerShell script. The corresponding line is 'set-executionpolicy RemoteSigned -scope process -Force'. Correct the script and reschedule the job. The error information returned
  by PowerShell is: 'Security error.  '.  Process Exit Code -1.  The step failed.
  I receive this error during the sql server job 'syspolicy_purge_history' execution  when sql server got upgraded form SQL Server 2008 to 2014.

  Hi Vishnu,
  According to the error message, it also occurs in SQL Server 2012.  Here is a feedback about the error in the link below.
  https://connect.microsoft.com/SQLServer/feedback/details/754063/sql-server-2012-syspolicy-purge-history-job-step-3-fails-with-security-error
  To resolve this issue, please change the value of the following registry key from ‘RemoteSigned’ to ‘Unrestricted’. For more details, you can review this similar
  blog.
  HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.SqlServer.Management.PowerShell.sqlps120\ExecutionPolicy
  Thanks,
  Lydia Zhang

• HTML 98: Learn HTML, CGI, Perl, Unix and Security, Mar19th-20th / San F

  --- HTML '98 ---
  Learn the Languages of the World Wide Web
  March 19th - 20th
  Hyatt Regency Hotel - San Francisco, CA
  Please, do not reply to this message. Use the address
  at the end of this message. Thank you.
  HTML '98 is divided into four main training sessions:
  - HTML Basics Tutorial - UNIX & Security for the World Wide Web
  - Building CGI Scripts - JAVA Tutorial.
  ======== March 19th ========
  ==> Reception (8:45am)
  ==> Session I (9am - 12:30) ** HTML Basics Tutorial **
  This section will teach you the basics of HTML for building Web Sites
  on the WWW. You'll learn:
  - how to write the code from basic page design and format styles
  - building tables, links, interactive maps, frames and forms
  - adding audio and video to Web Sites
  You'll walk away from this session with the expertise to build Web
  pages using HTML for publication on the World Wide Web.
  ***Who should attend: Beginners to HTML and programming for the Web.
  ==> Lunch (12:30 - 1:15pm)
  ==> Reception (1:00pm)
  ==> Session II (1:15pm - 5:00pm) ** Building Scripts **
  In this course, you'll learn how to create scripts to:
  - process forms
  - build on-line database facilities
  Using Perl and CGI (Common Gateway Interface) you'll walk away from
  this session with the skills to use programs in the advanced
  programming languages of the WWW that interface and support HTML
  creations.
  ***Who should attend: Those with knowledge of HTML and attendees
  of the HTML Basics Tutorial Session.
  ======== March 20th ========
  ==> Reception (8:45am)
  ==> Session III (9am - 12:30) ** UNIX & Security for the WWW **
  UNIX is a popular and reliable operating system for managing Internet
  applications. This section reviews:
  - how to upload and manage your Web site in Unix
  - the basic commands for establishing and using UNIX to administer and
  support Web Sites and Internet-related programs.
  - Unix file editing, security and access permissions
  You'll walk away with the expertise to upload and download HTML files
  and scripts to your server for publication on the World Wide Web;
  editing files directly on the server using UNIX tools and setting up
  UNIX file permissions.
  In the Security section, you'll learn all about:
  - Firewalls and the safeguards to protect internal proprietary data
  from outside sources
  - encryption technology and HTTP servers that support encryption,
  - basic set-up and usage procedures.
  ***Who should attend: Those with knowledge of HTML and attendees
  of the HTML Basics Tutorial Session and CGI Scripts session.
  ==> Lunch (12:30 - 1:00pm)
  ==> Reception (1:00pm)
  ==> Session IV (1:15pm - 5:00pm) ** JAVA Tutorial **
  In this session you'll learn :
  - how to write, compile and execute JAVA applets
  - implementation of Object Oriented code using JAVA
  - JAVA class libraries.
  You'll learn the effective use of multimedia, graphics and animation
  in JAVA and JAVA Scripts. Find out how to handle error conditions and
  make your JAVA program robust and maintainable.
  ***Who should attend: Those with knowledge of HTML and
  attendees of the HTML Basics Tutorial Session, Building Scripts and
  UNIX for World Wide Web and Security session.
  -----------------xxx-----------------
  Pricing: ** LEARN IT ALL ** FULL SEMINAR (all sessions): $580.00
  ------- One Session: $220.00 Two Sessions: $350.00
  Three Sessions: $480.00
  *** Group discounts and non-profit rates are available. ***
  For more information about HTML '98 or to register for the tutorial:
  call (703) 461-3688, email: [email protected]
  Register online at: http://www.eih.com
  To receive the HTML '98 Seminar Information Kit, please call us at
  (703) 461-3688 or email us at [email protected]. Please include your name,
  company/organization name, telephone and FAX number. Thank you.
  EIH Corporation
  Corporate Training Division
  8000 Towers Crescent Drive
  Tysons Corner
  Vienna, VA 22182
  Fax: (703) 760-7899
  Email: [email protected]

  ls -l /var/run/lighttpd/
  And how are you spawning the php instances? I don't see that in the daemons array anywhere.
  EDIT: It looks like the info in that page is no longer using pre-spawned instances, but lighttpd adaptive-spawn. The documentation has been made inconsistent it looks like.
  You will note that with pre-spawned information, the config looks different[1].
  You need to do one or the other, not both (eg. choose adaptive-spawn, or pre-spawn..not both).
  [1]: http://wiki.archlinux.org/index.php?tit … oldid=8051 "change"

• What is the diff b/w Sap Scripts and Smart Forms

  Hi,
        Whats the diff b/w SAP Scripts and Smart Forms..
           I need the internal explanation for both Smart Forms and SAP Scripts mean when we execute what happens whether Print Program r Forms starts execution 1st  and SIMILARLY FOR SMARTFORMS WHETHER FM'S  R FORMS.
  Thanks & Regards,
  Gopi.

  Hi
  Difference with SMARTFORMS vs. SapScript(SE71)
  The Following are the differences :-
  a) Multiple page formats are possible in smartforms which is not the case in SAPScripts
  b) It is possible to have a smartform without a main window .
  c) Labels cannot be created in smartforms.
  d) Routines can be written in smartforms tool.
  e) Smartforms generates a function module when activated.
  f) Unlike sapscripts (RSTXSCRP), you cannot upload/download Smartform to your local harddisk.
  It was said that it was provided in CRM 3.0 version, but not available in R/3. You can download smartforms into Local PC in a XML format. In the same way you can upload this XML format into Smartform. From the smartform editor itself you can call download option, if you are working in CRM 3.0 environment.
  In R3 also, you can download into XML format. However, it's not sure about uploading. Refer to the program 'SF_XSF_DEMO'.
  In 4.7 Enterprise, other have seen this utlity which is completey missing in 4.6c. There is functionality to downlaod a complete form or only a particular node. (Utilities -> Download form). It will create a XML file and save it in the hard disk.
  For others, if you want to download/upload the Smartforms source, you will need the help from the Basis people. What you can do is to create a Transport and then FTP down to your local harddisk. When you need the Smartform source in another system, you have FTP up the Smartforms file back to the SAP server. Finally, the Basis team, will tp it into your system.
  g) The protect and endprotect command in sapscript doesn't work with smartforms. For example on a invoice: First data of position no 80. is printed on page one, other data of position no 80 is printed on page 2. And there's nothing you can do about it. Actually, there is something you can do about it. By using a folder node and checking the 'protect' checkbox, everything in that folder will be page protected.
  check out this link:
  http://www.sap-img.com/smartforms/sap-smart-forms.htm
  Reward points if helpful.
  Regards,
  Swathi.

• Mail attachment: difference between script and app bundle?

  Hiya Folks,
  I am trying to make an application in Applescript that will receive a file, then create a new email (in Mail.app) with that file attached. I would prefer it to be an app, rather than a script when it's finished. I have a script that appears to work.
  This simple script will put up a Choose File window asking for a file, then bring Mail to the front and create a new message, with the selected file attached (it won't send it). For debugging, I made a dialog box pop up showing the path to the file selected:
  -- begin script
  set OpenedFile to choose file
  display dialog "OpenedFile: " & OpenedFile
  tell application "Mail"
  activate
  set newMessage to make new outgoing message with properties {subject:"Subject", content:"Content"}
  tell newMessage
  set visible to true
  tell content
  make new attachment with properties {file name:OpenedFile} at after the last paragraph
  end tell
  end tell
  end tell
  -- end script
  So I tried to make that into an app onto which I could drag n drop a file, and have Mail make a new message with that file attached. Try saving this following script as an Application or an Application Bundle:
  -- begin script
  on open OpenedFile
  display dialog "OpenedFile: " & OpenedFile
  tell application "Mail"
  activate
  set newMessage to make new outgoing message with properties {subject:"Subject", content:"Content"}
  tell newMessage
  set visible to true
  tell content
  make new attachment with properties {file name:OpenedFile} at after the last paragraph
  end tell
  end tell
  end tell
  end open
  -- end script
  Run the first script as a script, and it works as advertised. Drag a file onto the second script saved as an app, and the message is created, but no attachment.
  Note that the path displayed in the pop-up is the same for both scripts.
  Anybody know what I'm doing wrong?
  Thanks for your help,
  Drewstre

  on open (dragged_items)
  my handleFiles(draggeditems) -- Send selected items to custom handler.
  end open
  on handleFiles(localItems)
  tell application "Mail" -- Use terms of 'Mail'
  activate -- Launch 'Mail'.
  -- Add text to 'Subject' and 'Message' fields.
  set newMessage to make new outgoing message with properties {subject:"Subject", content:"Content"}
  tell newMessage -- Set focus to 'newMessage'
  set visible to true -- Make message visible.
  repeat with i in local_Items -- Cycle through the dragged items, adding each to new message.
  tell content to make new attachment with properties {file name:i} at after the last paragraph
  end repeat
  end tell
  end tell
  end handle_Files
    Mac OS X (10.4.4)  

• I am trying to load a 2006 package in cd form onto my apple mac when I try and down load it it comes up in like foreign script, and says does not operate dos, can anyone help I am a lot of a novice. grateful - Carol

  Yes Im a lot of a novice so be patient with me lol I am trying to put a 2006 Edition of a weight programme on my laptop, but when I down load it it just comes up in weird script and says cannot operate in Dos mode can anyone help.
  Thanks

  Welcome to Apple Support Communities.
  Sounds like you have a program designed to run on Microsoft Windows, or even older (1980's) MS-DOS, rather than Mac OS X. If you have Windows on your Mac installed via Boot Camp, try booting into Windows first, and then loading the CD.  If you don't have Windows, it's probably cheaper to buy a new program designed for Mac than to purchase a copy of Windows (US$120 or more), not even knowing for certain if your old program will run.

• I have forgotten my apple security questions, when I go to My Apple ID and click on password and security, there is no option to reset my security questions even though I have a rescue email adress, how do i reset my security question ?

  I have forgotten my security questions but when I click on My Apple ID and got to password and security, there is no option to rest my questions and/or send my self a rescue email, what do I do now ?

  You need to contact Apple. Click here, phone them, and ask for the Account Security team, or fill out and submit this form.
  (89174)

• How to change the Default login script and the USER login script in Netware3.12

  I need to cut down the disk map from Neware 3.12 in Win98 client's PC.
  please tell me
  how to change the Default login script and the USER login script in
  Netware3.12 ?
  Or is there any other ways to do this thing?
  Thanks a lot!

  On 4/6/2006 [email protected] wrote:
  > how to change the Default login script and the USER login script in
  > Netware3.12 ?
  Please repost in the discontinued.forums.
  Edison Ortiz
  Novell Product Support Forum SysOp
  (No Email Support, Thanks !)