Secure Port for SqlDeveloper
Hi All,
I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.
My laptop will the one only allowed to connect to the PROD using OEM and SqlDev . How do I configure it?
What port does Sqldev uses? is it the same listener port 1521? same like the OEM 1158?
Thanks....
yxes2013 wrote:
I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.Nonsensical question. SQL-Developer does not listen on a network port. The port it uses will be a client port in the dynamic port range - created when SQL-Developer connects to the Listener port on the Oracle server.
Also, opened ports are by their very nature not secure. There is thus no such thing as an open and secure port. Open a port as a listening endpoint on a public NIC, and that port, with that service, is exposed to attack.
The only way to "secure" a port is to remove that from the public network interface all together and run it on localhost (making it a local port only, and inaccessible to everyone else). And this has very limited use. An external client can only use that port via a ssh local tunnel. Which in turns requires you to make port 22/tcp public.
Similar Messages
-
one of usb port in my macbook pro havent work after i ve updated latest security update for osx 10.7.5, how do i know what is cause that usb port is good or bad
On a Mac running v10.7.2, the only way to reinstall Safari is to reinstall OS X using OS X Recovery.
Safari 5.1.1 is for Snow Leopard. It will not run on a Mac with v10.7 installed. -
Recommended port-security settings for ASA HA failover
I have a pair of ASA 5510s configured in active/standby mode. I have already configured the failover settings on the firewalls. Both firewalls are connected to a 2960G. I made a change to the interfaces on the 2960 to allow 2 mac addresses on each port. Here is the switch port config:
interface GigabitEthernet0/8
description ASA-Primary-Out
switchport access vlan 200
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 500
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
Upon testing failover via the failover active command, I get port-security errors on the outside interface for each device:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address aaaa.bbbb.cccc on port GigabitEthernet0/8. After a few minutes, the error goes away and I can then connect to each firewall. It seems that it still waits for the aging time to expire before allowing the other MAC address. Shouldn't the "maximum 2" setting allow for both mac addresses?
I'd rather not have to hardcode the firewall's MAC addresses on each switchport because I could see this causing problems for us down the road. Is there anything else that can be done?Hello,
This is expected because of the way ASA failover works. When a failover event occurs, the 2 units will swap their IP and MAC addresses (i.e. the Active unit is always using the same IP and MAC, but this role changes between the 2 physical units).
Per the port-security config guide:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_fx/configuration/guide/swtrafc.html#wp1090391
"...if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged."
Since the MAC address moves to the other switchport when the failover happens, a violation is being logged.
-Mike -
What are the security risks for opening port 80 on workstations?
Hello all,
in our environment, there is an application which open port 80 on workstations when installed, but it is not allowed on preimeter FW
could you please advise what are the security risks for leaving port 80 opened on the workstations? or it is considered secure unless it is not allowed on the preimeter FW?
thanks alot & regardsHi R.Naguib.
The 80 port is open by default through the firewall on Windows system, it is used by a http protocol by a browser.
As for the network or hardware Firewall settings, I suggest to turn to the network administrator for details.
Regards
Wade Liu
TechNet Community Support -
Risk & Security vulnerability for using default ports
Dear All,
As far as I know, Oracle does not recommend to use default ports for
security purposes. Searching out of Oracle community found that some people
think that it does not matter any more. However, it can have some vulnerability
and, I think, security risk & auditors would not like to see that.
I have found that in 2012 ORacle Tns listener port 1521 had a vulnerability
issue with oracle database 11gR1 and 11gR2, but how about Oracle 12?.
Also, I was searching something similiar for Oracle OAM, SOA, OIM, OAAM, but still cannot
find anything.
Thanks
Georgina Acuna-RiveraDo you happen to have such a storage peripheral attached to your M3000?
If yes, then it is probably reachable through the M3000's IP address. You will need to log a support ticket with HP and get guidance how to get into the array's FCAL controller and investigate the issue.
If you do not have an HP array attached to your M3000, then log a support case with Oracle and arrange for a field service engineer to visit the site to manipulate the password for its `admin` account (since that special account is likely needs service-employee-only access).
Either way, you need to get accurate technical support and this forum is NOT official tech-support. -
Unable to securely request for a page
Question:
a) I'm unable to securely request for my webpage : https://127.0.0.1:8443/Blah , instead I get the following Error:
Firefox can't establish a connection to the server at localhost:8443.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
On Internet Explorer I simply get:
Internet Explorer cannot display the webpage
b) How do I know which SSL Implementation my tomcat is making use of: JSSE/APR
Details:
web.xml
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="Your_WebApp_ID"
version="2.5">
<description>The standard web descriptor for the email client</description>
<servlet>
<servlet-name>AuthenticateUser</servlet-name>
<servlet-class>MailBoxController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticateUser</servlet-name>
<url-pattern>/ControlPanel</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>401</error-code>
<location>/authenticationFailed.jsp</location>
</error-page>
<context-param>
<param-name>serverName</param-name>
<param-value>Gmail</param-value>
</context-param>
<context-param>
<param-name>port</param-name>
<param-value>993</param-value>
</context-param>
<context-param>
<param-name>ip</param-name>
<param-value>imap.gmail.com</param-value>
</context-param>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<listener>
<listener-class>Logger</listener-class>
</listener>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>administrator</role-name>
</security-role>
</web-app>
tomcat-users.xml :
<tomcat-users>
<role rolename="administrator"/>
<user username="admin" password="system123#" roles="administrator"/>
</tomcat-users>
Following tag was added in web.xml in conf of tomcat :
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Can anybody please help me with my problem. Am I going wrong with configuring SSL?
Thanks
KrutikaI did add these lines:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/Krutika Ravi/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
to the web.xml contained in conf folder of tomcat.
But didn't fiddle with server.xml -
After un-commenting
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
in server.xml contained in conf folder I get the following exceptions
Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
.6.
Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
ndom [true].
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.AprLifecycleListener initializ
eSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8080"]
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-ap
r-8443"]
java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
using SSL with APR
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
a:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
81)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService
.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connecto
r[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService
.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initializati
on failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
83)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be d
efined when using SSL with APR
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
a:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
81)
... 13 more
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2945 ms
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
\Blah.war
Jul 25, 2012 11:11:44 PM org.apache.catalina.loader.WebappClassLoader validateJa
rFile
INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
Offending class: javax/servlet/Servlet.class
Logger Contructor
Servlet Context has been initialized
Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\docs
Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\examples
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\host-manager
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\manager
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\ROOT
Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8080"]
Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2728 ms
Edited by: 948555 on Jul 25, 2012 10:42 AM -
How to Open Ports for HP Printers for all computers within the network (router)
Hi,
I have the EA6700 router and a few HP printers and Multi purpose printers/scanner/fax ...
When installing the print drivers, they are ok. Sending to printers are not a problem. However, the problem comes with scanning.
The HP Software ask to open a port for it... How do I do that? I checked, it seems other computers are affected by it too after changing to this new router.
I read that it can be done on the "App and gaming" section at the Security page. Do I go to the port forwarding section? But it only forward to one computer. that doesn't work...
I'd like to open a port and a lot of other IPs can print and scan from it.
ThanksPorts are not needed to be opened on the LAN side of the router for Printers and Scanners. I recommed that tiy contact hp for help and information regarding setup and configuration of those devices. Also the addition of a external Gb network switch for these devices is recommended as well. Would help eliminate any un-necessary router configuration or processing.
-
Creating new logical ports for WSDL with several port types not working
Hi all,
I am trying to integrate some BODS webservice into the BPM. I am using CE 7.2 Kernel Version: 7.20.3710. When I am trying to assign a provider system in the application configuration I get following error:
The provider system successfully found the needed service, but its wsdl is without webservice policy. Thus the generated client configuration might not work because of different configurations between service and client (most probable a difference in the security settings). Either assign a provider system with access to wsdl with policy or manually create the client configuration.
The regarding provider system is using a communication profil where the authentication method is set to "none". Normally this configuration should work, but it isn't.
So I started to create new logical ports for each port type. But then I get the error:
Port type name of loaded WSDL does not match the port type name of the Service Reference.
I checked already the port type names in the WSDL but they are 100% the same. What I found was that the configuration is always trying to use the first port type in the WSDL. So I am not able to configure the other port types in the service group.
I also tried to do the same thing using a WSDL with just one port type and surprise it is working...
I hope somebody can help me out
Thanks in advance
AndyHi Andy,
Please check this Link: https://cw.sdn.sap.com/cw/docs/DOC-45012
Regards,
Naresh B -
Example wsdl and logical port for consumer proxy anyone ?
Hi,
Could please somebody give me an example of external WSDL file and logcial port created for the WSDL file in SOAMANAGER ?
I need to create manually logical port for my consumer proxy and I am missing something because my logical port is not active.
Any example is more than welcome.
I need to know how to populate fields manually on the following tabs based on the info in a WSDL file:
Consumer Security Additional Information Web Service Addressing Messaging Transport settings Message Attachments Operation specifi
Thanks and Regards
Agnieszka
The message, I am getting, when creating logical port is:
Operation 'SrtFmStatefulTf' not found [NS: 'urn:sap-com:document:sap:soap:functions:mc-style']
I think that maybe something is wrong with my wsdl.
Edited by: Agnieszka Domanska on Nov 17, 2010 5:41 PMHi Milan,
this kind of error occurs when there is no service and end point description in the WSDL of provider who's service you are trying to consume using Consumer Proxy.
Just open the provider's WSDL URL that you have given while creating Logical port for the consumer proxy and check if service and end point exists there.
Thanks
Sunil Singh -
Getting Error message while trying to access security editior for a IDT universe
Hi,
I have created universe in SAP BO4.1, using IDT.
I have applied row level security for User Groups using Security Editor.
I have published the changes to repository.
But when I am trying to re open the security editor for that universe its throwing error:
"Unable to load security for universe ID ATF10O... (IDT 022123)."
I am not able to edit row level security, even this security restriction is not restricting data in WebI report.
Thanks for your response.Hi Sonal,
The local file of Business Security Profile is missing or damaged.
Resolution
Use the workflow to reset the problematic Business Security Profile in the filestore. After that, you can manually re-create the new Business Security Profile to make it working.
Logon to CMC and find the ID of the universe with issue(e.g. 9010).
Logon to Query Builder (http://<web server>:<port>/AdminTools/).
Find the detail information about this universe with the following SQL statement:
select * from CI_APPOBJECTS where SI_ID = 9010
In the Search Results List, you will find a row with the title of SI_SL_BSPS (Business Security Profile), note down the number of it(e.g. 9016).
Then search with the following SQL statement in the Query Builder:
select * from CI_APPOBJECTS where SI_ID = 9016
In the Search Results List, SI_PATH is the local file address of the Business Security Profile (e.g. frs://Input/a_146/035/000/9106/).
Then you can back up the file and delete it.
Select a Business Security Profile without issue and rename it as the deleted one.
Put the new normal Business Security Profile under the location of the deleted file.
Then you can delete it in the IDT and recreate it normally.
Refer: SAP Note - 2080272 - Error "Universe access failure Unable to load security for Universe ID XXX (IDT 022123)" appears when editing a Business Security Profile in Information Design Tool
--Raji. S -
proxy Please specify secure port
All,
I got following messages said:
Fri Dec 29 17:09:46 CST 2000:<I> <WebLogicServer> WebLogic Server started
Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port in the properties. Using default ports 7001/7002 See release notes for more info
Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port in the properties. Using default ports 7001/7002 See release notes for more info
We use WL as proxy server to host the web. There have another 2 clustering machines behide it running WL 5.1 w/SP6. weblogic.properties in proxy server configured as following:
# THE WEBLOGIC PROPERTIES FILE
weblogic.system.listenPort=80
weblogic.password.system=wwwadmin
weblogic.allow.execute.weblogic.servlet=everyone
weblogic.httpd.register.cluster=\
weblogic.servlet.internal.HttpClusterServlet
weblogic.httpd.initArgs.cluster=\
defaultServers=web1:80|web3:80
weblogic.httpd.defaultServlet=cluster
weblogic.security.ssl.enable=true
weblogic.system.SSLListenPort=7003
weblogic.httpd.register.authenticated=weblogic.t3.srvr.ClientAuthenticationServlet
weblogic.security.certificateCacheSize=3
weblogic.httpd.register.AdminCaptureRootCA=admin.AdminCaptureRootCA
weblogic.security.clientRootCA=SecureServerCA.pem
weblogic.security.certificate.server=democert.pem
weblogic.security.key.server=demokey.pem
weblogic.security.certificate.authority=ca.pem
weblogic.httpd.register.Certificate=utils.certificate
weblogic.allow.execute.weblogic.servlet.Certificate=system
weblogic.httpd.enable=true
weblogic.system.nativeIO.enable=true
weblogic.system.enableConsole=true
weblogic.system.executeThreadCount=50
weblogic.system.maxLogFileSize=1024
weblogic.httpd.enableLogFile=true
weblogic.httpd.logFileName=access.log
weblogic.httpd.enableEvents=false
weblogic.httpd.session.enable=true
weblogic.httpd.session.cookie.name=WebLogicSession
weblogic.allow.execute.weblogic.servlet.classes=everyone
weblogic.httpd.register.*.html=weblogic.servlet.FileServlet
weblogic.httpd.register.*.jpg=\
weblogic.servlet.FileServlet
weblogic.httpd.register.*.gif=\
weblogic.servlet.FileServlet
weblogic.httpd.initArgs.*.html=defaultFilename=index.html
weblogic.httpd.register.proxy=weblogic.t3.srvr.HttpProxyServlet
weblogic.httpd.initArgs.proxy=redirectURL=http://web1/
webLOGic.httpd.documentRoot=public_html/
Your input are very appreciated!
Brian
There won't have 2 lines proxy server message again. But now i got following message said:
<Proxy> IOException after server.proxy()....coneection refused
java.net.Connection: Connection refused
What's the minimum setting in weblogic.properties to setup a WL as a proxy server. WL will be 5.1 w/ SP6.
"Ronan Brady" <[email protected]> wrote:
>Your properties line
> weblogic.httpd.initArgs.cluster=defaultServers=web1:80|web3:80
>should read
> weblogic.httpd.initArgs.cluster=defaultServers=web1:80:7003|web3:80:7003
>
>See extract from release notes below:
>
>Additional details on ISSUES 31822:
>
>The following diagram illustrates the differences between setting
>secureProxy="ON" and secureProxy="OFF".
>This feature is set in the WebLogic properties file.
>
>secureProxy=ON
>
>BROWSER<------>HTTPS------>PROXY<------>HTTPS----->WEBLOGIC SERVER CLUSTER
>
>secureProxy=OFF
>
>BROWSER<------>HTTPS------>PROXY<------>HTTP----->WEBLOGIC SERVER CLUSTER
>By passing the secureProxy parameter as an initial argument (in WebLogic
>init.Args) in the cluster servlet and setting it to ON, SSL between the
>proxy and the clusters will be enabled. Below is a demonstration of how to
>turn on the secure proxy feature:
>
>weblogic.httpd.register.cluster=weblogic.servlet.internal.HttpClusterServlet
>weblogic.httpd.initArgs.cluster=\
>defaultServers=server1:7001:7002|server2:7001:7002,\
>secureProxy=ON
>
>
>"Brian Lin" <[email protected]> wrote in message
>news:[email protected]...
>>
>> There still has 2 lines message shown on proxy server:
>> <proxy> Please specify secure port in the properties. Using default ports
>7001/7002 See release notes fore more info.
>>
>> I can see static html on browser now, but servlet and ejb. Before added
>weblogic.security.SSLListenport on command line, the console will said
>undefined this property. But it seems to me not working anyway with message
>returned on proxy server.
>>
>>
>> "Tao Zhang" <[email protected]> wrote:
>> >It should be weblogic.security.SSLListenPort not
>> >weblogic.system.SSLListenPort.
>> >Brian Lin <[email protected]> wrote in message
>> >news:[email protected]...
>> >>
>> >> But proxy server doesn't work in progress (idle).
>> >>
>> >> "Tao Zhang" <[email protected]> wrote:
>> >> >It means that you have to put the listening port and ssl listen port
>in
>> >the
>> >> >2 clustering machines.
>> >> >If you don't use ssl, you can ignore this message.
>> >> >
>> >> >
>> >> >Brian Lin <[email protected]> wrote in message
>> >> >news:[email protected]...
>> >> >>
>> >> >> All,
>> >> >>
>> >> >> I got following messages said:
>> >> >> Fri Dec 29 17:09:46 CST 2000:<I> <WebLogicServer> WebLogic Server
>> >started
>> >> >> Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port
>in
>> >the
>> >> >properties. Using default ports 7001/7002 See release notes for more
>info
>> >> >> Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port
>in
>> >the
>> >> >properties. Using default ports 7001/7002 See release notes for more
>info
>> >> >>
>> >> >> We use WL as proxy server to host the web. There have another 2
>> >clustering
>> >> >machines behide it running WL 5.1 w/SP6. weblogic.properties in proxy
>> >server
>> >> >configured as following:
>> >> >> -------------------------------------
>> >> >> # THE WEBLOGIC PROPERTIES FILE
>> >> >>
>> >> >> weblogic.system.listenPort=80
>> >> >> weblogic.password.system=wwwadmin
>> >> >> weblogic.allow.execute.weblogic.servlet=everyone
>> >> >> weblogic.httpd.register.cluster=\
>> >> >> weblogic.servlet.internal.HttpClusterServlet
>> >> >> weblogic.httpd.initArgs.cluster=\
>> >> >> defaultServers=web1:80|web3:80
>> >> >> weblogic.httpd.defaultServlet=cluster
>> >> >> weblogic.security.ssl.enable=true
>> >> >> weblogic.system.SSLListenPort=7003
>> >> >>
>> >> >>
>> >>
>>
>>>weblogic.httpd.register.authenticated=weblogic.t3.srvr.ClientAuthenticatio
>n
>> >S
>> >> >ervlet
>> >> >> weblogic.security.certificateCacheSize=3
>> >> >> weblogic.httpd.register.AdminCaptureRootCA=admin.AdminCaptureRootCA
>> >> >> weblogic.security.clientRootCA=SecureServerCA.pem
>> >> >> weblogic.security.certificate.server=democert.pem
>> >> >> weblogic.security.key.server=demokey.pem
>> >> >> weblogic.security.certificate.authority=ca.pem
>> >> >> weblogic.httpd.register.Certificate=utils.certificate
>> >> >> weblogic.allow.execute.weblogic.servlet.Certificate=system
>> >> >>
>> >> >> weblogic.httpd.enable=true
>> >> >> weblogic.system.nativeIO.enable=true
>> >> >> weblogic.system.enableConsole=true
>> >> >> weblogic.system.executeThreadCount=50
>> >> >>
>> >> >> weblogic.system.maxLogFileSize=1024
>> >> >> weblogic.httpd.enableLogFile=true
>> >> >> weblogic.httpd.logFileName=access.log
>> >> >> weblogic.httpd.enableEvents=false
>> >> >> weblogic.httpd.session.enable=true
>> >> >> weblogic.httpd.session.cookie.name=WebLogicSession
>> >> >>
>> >> >> weblogic.allow.execute.weblogic.servlet.classes=everyone
>> >> >> weblogic.httpd.register.*.html=weblogic.servlet.FileServlet
>> >> >> weblogic.httpd.register.*.jpg=\
>> >> >> weblogic.servlet.FileServlet
>> >> >> weblogic.httpd.register.*.gif=\
>> >> >> weblogic.servlet.FileServlet
>> >> >> weblogic.httpd.initArgs.*.html=defaultFilename=index.html
>> >> >> weblogic.httpd.register.proxy=weblogic.t3.srvr.HttpProxyServlet
>> >> >> weblogic.httpd.initArgs.proxy=redirectURL=http://web1/
>> >> >> webLOGic.httpd.documentRoot=public_html/
>> >> >> -------------------------------------------------
>> >> >>
>> >> >> Your input are very appreciated!
>> >> >>
>> >> >> Brian
>> >> >
>> >> >
>> >>
>> >
>> >
>>
>
>
-
Serial port for console access to switch
Just got a Netgear L2 Switch, and need to use VT100 terminal emulation to connect to the switch's serial port.
Does anyone know how to enable the Xserve's serial port for this type of job? When running Zterm for OS X I get an "Error: 16 opening port" and I'm at a loss for how to do it. I've heard that USB to Serial adapters have been working, but it seems silly that the serial port wouldnt work.Thanks Camelot, your advice was spot on.
Just to close the topic:
Edit "/System/Library/StartupItems/SerialTerminalSupport/SerialTerminalSupport"
and change the line:
ENABLESERIALTERMINAL=$TRUE
to
ENABLESERIALTERMINAL=$FALSE
also, may be redundant with the last step but I edited /etc/ttys and changed:
tty.serial "/usr/libexec/getty serial.9600" vt100 on secure
to
tty.serial "/usr/libexec/getty serial.9600" vt100 off secure
Finally, dont be an idiot like I am, and leave the XServe case lock on... this will prevent the port from operating, and cause you to go crazy.
TwoNine -
Do I need to open ports for NTP?
I just noticed that my hwclock was off by nearly 30 seconds. It's almost certainly due to the recent initscripts update.
As I was looking into resetting the clock, I found out that openntpd is deprecated so I've switched to ntp, configured the daemon, reset the time with ntpd -q, and started the daemon. The time is not accurate again.
I remember back when I first installed Arch I tried to set up ntp but it didn't seem to work, so I tried openntpd and stuck with that. I reached the conclusion that ntp required open ports, which I felt was unnecessary given that openntpd could do the same thing without open ports.
Now that I'm looking at it again, I can't find any definitive answer...
Do I need to open ports for ntp if I only want to sync the system that it's running on?ISC ntpd (the ntp package) will open UDP 123 on all your interfaces regardless of what you do with it. It will work anyway even if you block this port in iptables, assuming that you're allowing responses to established traffic as usual - your outbound mobilization requests to your chosen servers will be enough to allow the responses, and the same with further traffic sent for the lifetime of ntpd. Using iptables like this is probably the easiest way to secure ntpd.
There's also some defense in depth you can do:
- run ntpd as non-root
- run it chrooted to some safe directory (really only makes sense when doing non-root as well, since root can break out of a chroot)
- apply ntpd's built-in access controls (see examples in ntpd.conf, and full docs in ntp_acc(5))
I accomplish the first two of these by chowning /var/lib/ntp (and any contents) to ntp:ntp (so ntpd can write ntp.drift there when non-root), by using a driftfile path relative to the chroot in ntp.conf, and by setting NTPD_ARGS="-g -i /var/lib/ntp -u ntp:ntp" in /etc/conf.d/ntp-client.conf.
For the third, I chose to not allow any remote traffic to initiate anything with my ntpd, with this /etc/ntp.conf:
server ac-ntp0.net.cmu.edu iburst
server ac-ntp1.net.cmu.edu iburst
server ac-ntp2.net.cmu.edu iburst
server ac-ntp3.net.cmu.edu iburst
server ac-ntp4.net.cmu.edu iburst
restrict default nomodify nopeer noquery
restrict 127.0.0.1
driftfile /ntp.drift
Note the two "restrict" lines. The first shuts out remote access of most kinds, and the second allows the local machine all the access that would also be denied to it as well otherwise by the first rule. Note also the driftfile path, relative to the chroot of /var/lib/ntp/.
With all these security features, ISC ntpd can be just as safe as openntpd.
The use of the "iburst" keyword on the server lines to recover more quickly from out-of-contact conditions is also quite nice, and not rude to the remotes like "burst" would be.
One of the nicest other features of ISC ntpd is that it's smart enough to notice when network state changes occur, like bringing a VPN up/down, changing routes, or switching from wired to wireless and back. openntpd tended to just lose connections in these cases. -
Secure LDAP for GWIA Address book
I've setup the GWIA 7.0.3 May 2009 code set and configured for Secure LDAP.
I'm using the same *.b64 and *.key files we use for all our POA and MTAs.
I cannot get the Novell LDAP address book to connect to 636.
Is there a document I can use to help me figure this out.
I can revert to 389 but that port is not open through the firewall.
MikePOP and IMAP both work on secure port
>>>
From: jgrubbs<[email protected]>
To:novell.support.groupwise.7x.gwia
Date: 9/9/2009 6:36 PM
Subject: Re: Secure LDAP for GWIA Address book
Does POP3 work on the secure port?-- Jeff Grubbs
Novell Technical Support Engineer II
[email protected]-------------------------jgrubbs's Profile: http://forums.novell.com/member.php?userid=41638View this thread: http://forums.novell.com/showthread.php?t=385674 -
Error: Specify secure port in the property Using ports 7001/7002
Hi,
I have two node cluster using WL6.1, and Solaris.
Then, I also setup NSAPI plug in, and specify 2 nodes
in obj.conf file. But I tried to browse the URL.
I have "Secure port in property..." error message.
I check the SSL property in domain->servers->SERVERNAME
Enabled:checked
Listen Port: 9002
Server Key File Name: config/mydomain/demokey.pem
Server Certified File Name: config/mydomain/democert.pem
Server Certifiled Chan File Name: config/mydomain/ca.pem
Is the above correct setup?
What am I missing?
Thanks,
// hiromu
Ok.. That makes more sense.
So, before we fix the error message, I want to understand your architecture.
You have NES(Iplanet) proxying requests to 2 managed servers that are
clustered.
Your managed servers also have the HttpClusterServlet setup to proxy back to
those two instances? I think you may be a bit confused.
The HttpClusterServlet is usually installed on another instance of
WebLogic(managed server) if you are not using Iplanet, IIS, or Apache as a
frontend WebServer. When you use the HttpClusterServlet, that WebLogic
instance will act as a WebServer proxying requests to OTHER backend WebLogic
Servers.
In your case, you probably do not need to use the HttpClusterServlet as you
are using Iplanet to proxy the requests.
In any case, here is the fix to your problem:
Refer to:
http://e-docs.bea.com/wls/docs61///////adminguide/http_proxy_cluster.html
The documentation says the format of specifying the defaultServers is
host1:port:secport|host2:port:secport.
Therefore, you need to add the secure port even though you aren't using it.
Let's assume your secure port is 9002, then your entry should be:
<init-param>
<param-name>defaultServers</param-name>
<param-value>cyberia:9001:9002|sun-timmy:9001:9002</param-value>
</init-param>
Regards,
Eric
"hiromu kato" <[email protected]> wrote in message
news:[email protected]...
>
> Eric,
>
> The error message is from the managed server log as
>
> ####<Oct 2, 2001 9:26:02 PM PDT> <Notice> <WebLogicServer> <cyberia>
<cluster2>
> <ListenThread> <system> <> <000201> <ListenThread liste
> ning on port 9001, ip address 10.10.102.189>
> ####<Oct 2, 2001 9:26:04 PM PDT> <Notice> <Cluster> <cyberia> <cluster2>
<main>
> <system> <> <000102> <Listening for multicast messages
> (cluster bvcluster2) on port 9001 at address 237.0.0.1>
> ####<Oct 2, 2001 9:26:04 PM PDT> <Notice> <WebLogicServer> <cyberia>
<cluster2>
> <main> <system> <> <000330> <Started WebLogic Managed S
> erver "cluster2" for domain "mydomain" running in Production Mode>
> ####<Oct 2, 2001 9:26:16 PM PDT> <Info> <HTTP> <cyberia> <cluster2>
<ExecuteThread:
> '11' for queue: 'default'> <> <> <101047> <[WebAppS
> ervletContext(1524862,bv,/bv)] HttpClusterServlet: init>
> ####<Oct 2, 2001 9:26:16 PM PDT> <Error> <HTTP> <cyberia> <cluster2>
<ExecuteThread:
> '11' for queue: 'default'> <> <> <101048> <Please
> specify secure port in the properties. Using ports 7001/7002. See release
notes
> for more info>
> ####<Oct 2, 2001 9:26:16 PM PDT> <Error> <HTTP> <cyberia> <cluster2>
<ExecuteThread:
> '11' for queue: 'default'> <> <> <101048> <Please
> specify secure port in the properties. Using ports 7001/7002. See release
notes
> for more info>
> ****************
>
> I got the above error when I set web.xml
> <?xml version="1.0" ?>
>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
1.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
>
> <web-app>
>
> <servlet>
> <servlet-name>HttpClusterServlet</servlet-name>
>
<servlet-class>weblogic.servlet.internal.HttpClusterServlet</servlet-class>
> <init-param>
> <param-name>defaultServers</param-name>
> <param-value>cyberia:9001|sun-timmy:9001</param-value>
> </init-param>
> <init-param>
> <param-name>DebugConfigInfo</param-name>
> <param-value>ON</param-value>
> </init-param>
> </servlet>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>/</url-pattern>
> </servlet-mapping>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>*.jsp</url-pattern>
> </servlet-mapping>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>*.htm</url-pattern>
> </servlet-mapping>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>*.html</url-pattern>
> </servlet-mapping>
> </web-app>
>
> **********************
> My obj.conf of the NES is
>
> Init fn="load-modules" funcs="wl_proxy,wl_init"
shlib=/mebsuta/b/webserver/https-http-mebuta-hkato-50005/plugins/libproxy.so
> Init fn="wl_init"
>
> Init fn=load-types mime-types=mime.types
> Init fn="load-modules"
shlib="/mebsuta/b/webserver/bin/https/lib/libNSServletPlugin.so"
>
funcs="NSServletEarlyInit,NSServletLateInit,NSServletNameTrans,NSServletServ
ice"
> shlib_flags="(global|now)"
> Init fn="NSServletEarlyInit" EarlyInit=yes
> Init fn="NSServletLateInit" LateInit=yes
>
>
> <Object name="weblogic" ppath="*/weblogic/*">
> Service fn=wl_proxy WebLogicCluster="cyberia:9001,sun-timmy:9001"
PathTrim="/weblogic"
> </Object>
>
> <Object name="si" ppath=*/servletimages/*">
> Service fn=wl_proxy WebLogicCluster="cyberia:9001,sun-timmy:9001"
> </Object>
>
>
> <Object name=default>
> NameTrans fn="NSServletNameTrans" name="servlet"
> NameTrans fn="pfx2dir" from="/servlet"
dir="/mebsuta/a/hkato/docs_50005/servlet"
> name="ServletByExt"
> NameTrans fn=pfx2dir from=/ns-icons dir="/mebsuta/b/webserver/ns-icons"
name="es-internal"
> NameTrans fn=pfx2dir from=/mc-icons dir="/mebsuta/b/webserver/ns-icons"
name="es-internal"
> NameTrans fn="pfx2dir" from="/help"
dir="/mebsuta/b/webserver/manual/https/ug"
> name="es-internal"
> NameTrans fn="pfx2dir" from="/manual"
dir="/mebsuta/b/webserver/manual/https"
> name="es-internal"
> NameTrans fn=document-root root="/mebsuta/a/hkato/docs_50005"
> Service method="(GET|HEAD|POST|PUT)" type=text/jsp fn=wl_proxy
WebLogicCluster="cyberia:9001,sun-timmy:9001",
> PathPrepend=/jspfiles
> PathCheck fn=unix-uri-clean
> PathCheck fn="check-acl" acl="default"
> PathCheck fn=find-pathinfo
> PathCheck fn=find-index index-names="index.html,home.html"
> ObjectType fn=type-by-extension
> ObjectType fn=force-type type=text/plain
>
> Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
> Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
> Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
> #AddLog fn=flex-log name="access"
> </Object>
>
> <Object name=cgi>
> ObjectType fn=force-type type=magnus-internal/cgi
> Service fn=send-cgi
> </Object>
>
> <Object name="servlet">
> ObjectType fn=force-type type=text/html
> Service fn="NSServletService"
> </Object>
>
> <Object name="jsp092">
> ObjectType fn="type-by-extension"
> ObjectType fn="change-type" type="magnus-internal/jsp092"
if-type="magnus-internal/jsp"
> Service fn="NSServletService" type="magnus-internal/jsp092"
> </Object>
>
> <Object name="ServletByExt">
> ObjectType fn=force-type type=magnus-internal/servlet
> Service type="magnus-internal/servlet" fn="NSServletService"
> </Object>
>
> <Object name="es-internal">
> PathCheck fn="check-acl" acl="es-internal"
> </Object>
>
>
> Thank you for the help,
>
> // hiromu
>
Maybe you are looking for
-
The file "iTunes Library.itl" cannot be read...
Ok, here's my problem. I'm trying to figure out how to transfer over all my songs, videos & playlists from iTunes to a new computer. I don't have the new one hooked up yet b/c I need to save all my files first. Well, I thought I was going to need the
-
Keeping Row Highlighted In Master-Detail Table
JDev 11.1.2.0 I have a small .jsf page with a master-detail setup, using 2 tables. When I select a row in the master table, the detail table is populated as expected. When I select a row in the detail table, the row is no longer highlighted on the ma
-
How to copy notes from ipad to another ipad?
I'd like to copy some notes from my old ipad to my new ipad2, anyone knows what to do it? Much thanks. Beau
-
How do I delete items from my Cloud content?
I would like to delete some of my purchases from my iCloud account. How do I do this?
-
Problems updating to ios5, not eligible for the requested build?
I am trying to update to ios5 and itunes gives me an error saying that the device is not eligible to the requested build.