Security at root_menu issue

Similar Messages

• MapViewer integrated in Apex - Securing MapViewer Cookie Issue

  Hello,
  I'm trying to secure my Mapviewer accesses. My MapViewer is contained in an apex page. As said in documentation (1.8.2) I have to used cookie to pass username(or what I want to authenticate the user) to the database. For doing this I have to put a package in my map schema and to configure datasource to use it.
  Package code(nothing special) :
  create or replace
  PACKAGE BODY web_user_info AS
  w_name VARCHAR2 (32767);
  PROCEDURE set_user(p_name IN VARCHAR2)
  AS
  BEGIN
  INSERT INTO TABLE1 VALUES('set machin');
  COMMIT;
  INSERT INTO TABLE1 VALUES('set_user:'||p_name);
  COMMIT;
  w_name := LOWER (p_name);
  END;
  PROCEDURE clear_user
  AS
  BEGIN
  INSERT INTO TABLE1 VALUES('clear machin');
  COMMIT;
  INSERT INTO TABLE1 VALUES('clear_user:'||w_name);
  COMMIT;
  w_name := null;
  END;
  FUNCTION get_user RETURN VARCHAR2
  AS
  BEGIN
  RETURN w_name;
  END;
  END web_user_info;
  Datasource definition :
  <map_data_source name="cuc"
  jdbc_host="localhost"
  jdbc_sid="xxxxx"
  jdbc_port="1521"
  jdbc_user="xxx"
  jdbc_password="xxxxxxxxxxxxx"
  jdbc_mode="thin"
  number_of_mappers="3"
  allow_jdbc_theme_based_foi="true"
  plsql_package="web_user_info"
  />
  It works like that except that it return J2EE authentication(oc4jadmin). set_user and clear_user are well executed.
  Cookie Issue :
  To make this work with cookie information I have to add a attribute to the datasource definition :
  web_user_type="LOGIN_USERNAME_COOKIE"
  This cookie is present in my apex page, details :
  Name     LOGIN_USERNAME_COOKIE
  Value     the_name
  Domaine (host)     localhost
  Chemin d'accès (path)     /apex/
  Sécurisé     non
  Expire le     À la fin de la session
  It doesn't work with my cookie, the clear_user is well executed but set_user is no more executed.
  Did someone already get through the cookie authentication feature ?

  yes i checked this site, but i still couldn't reach the answer of my challenge, in how to specify urlParamNQID and urlParamSID , how or where i can get value of these parameters or what should i pass there !?

• Secure Zone Login Issues:  It worked great and now just stopped.

  The secure zone on my client's site worked great for about a month and now it just stopped.  All of a sudden it won't let us type into the username and password boxes.  We can click on the "remember me" button and the "submit button" but not type.  I've tried deleting and redoing the code and still nothing.  Our issue is occuring most when used with Chrome's browser.  Any thoughts or suggestions?

  Thanks for your reply, Liam.  Oddly enough I was just reading your expectional contributor profile that popped up in my side collumn.
  Here is the link to the site.  The login works fine in Safari, it's just a problem with Chrome I believe.
  www.myadvancedpt.com
  The login area is in the bottom right of the footer titled "Employee Login."

• Web service security policies interoperability issue with WCF

  Hi,
  I've created a web service in Jdeveloper 11g which I have deployed to a stand alone weblogic server 10.3. I also created a web service proxy in Jdeveloper 11g that works perfectly. The service is using Wssp1.2-2007-Https.xml policy.
  I have the requirement of a C# consumer, but when I run svcutil to generate the client class and config, it throws the following warning:
  A security policy was imported for the endpoint. The security policy contains requirements that cannot be represented in a Windows Communication Foundation configuration. Look for a comment about the SecurityBindingElement parameters that are required in the configuration file that was generated. Create the correct binding element with code. The binding configuration that is in the configuration file is not secure.
  What security policy is compatible with WCF?
  Thanks,
  Miguel.

  I had the same issue and solved it like this:
  Create a signed certificate, import it into your keystore and use that as Signature Key alias in both the client as the server security. Make sure the user with the same name exists in the realm on the server.
  Hope this helps,
  Lonneke

• Web Service Security X509 token issue...

  Hi All,
  I have an issue with using X509 certificates. Please find the details attached below:-
  I used the following link to create a simple keystore using 3rd party tools:-
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/CreateKeyStore_howto.htm
  NOTES:
  1) I think the above link creates self signed certificates.
  2) The signature and encryption key for both the web service and proxy created below are the same.
  As can be seen from this link, two certificates are created with aliases sam and dave. I then used the following link to secure the web service and proxy:-
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
  This link uses the OAS manager to set the keytoll related properties. These entries are already into system-jazn-data.xml. A point to note here is that the aliases of the certificates are stored in system-jazn-data.xml.
  My oracle-webservices.xml has the mapping attribute of the verify-x509-token token set to CN (Common Name). Hence I changed the above entries in system-jazn-data to reflect the common names instead of the aliases.
  However the standalone OC4J server still throws the following error whether I try to run the proxy with the mapping attr set to alias or CN in the jazn file:-
  07/07/05 20:58:14 Oracle Containers for J2EE 10g (10.1.3.1.1) initialized
  2007-07-05 20:58:39.876 ERROR Cannot authenticate X509 certificate, User CN=Sam
  Cooke, OU=samDept, EMAILADDRESS=[email protected], O=samOrg, L=samCity, ST=samState
  , C=US does not exist in our system
  07/07/05 20:58:39 javax.security.auth.login.LoginException: Cannot authenticate
  X509 certificate, User CN=Sam Cooke, OU=samDept, EMAILADDRESS=[email protected], O=
  samOrg, L=samCity, ST=samState, C=US does not exist in our system
  I have not exported any certificates from client to serve or vice versa.
  Please could someone help out? This is urgent.
  Regards,
  Lester.

  I had the same issue and solved it like this:
  Create a signed certificate, import it into your keystore and use that as Signature Key alias in both the client as the server security. Make sure the user with the same name exists in the realm on the server.
  Hope this helps,
  Lonneke

• Security.properties file issue - Need help

  Hi Friend,
  I am trying to setup SUN IDM connection pool and getting this error. Can some one help me how to fix this issue.
  java.io.FileNotFoundException: C:\Sun\AppServer\config\security.properties (The
  system cannot find the file specified)
  at java.io.FileInputStream.open(Native Method)
  at java.io.FileInputStream.<init>(FileInputStream.java:106)
  at com.sun.enterprise.util.Utility.getPropertiesFromFile(Utility.java:42
  at com.sun.enterprise.iiop.POAEJBORB.<clinit>(POAEJBORB.java:78)
  at java.lang.Class.forName0(Native Method)
  at java.lang.Class.forName(Class.java:242)
  at org.omg.CORBA.ORB.create_impl(ORB.java:295)
  at org.omg.CORBA.ORB.init(ORB.java:336)
  at com.sun.enterprise.util.ORBManager.createORB(ORBManager.java:138)
  at com.sun.enterprise.util.ORBManager.init(ORBManager.java:65)
  at com.sun.enterprise.naming.SerialInitContextFactory.<init>(SerialInitC
  ontextFactory.java:31)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
  orAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
  onstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  at java.lang.Class.newInstance0(Class.java:350)
  at java.lang.Class.newInstance(Class.java:303)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
  54)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.InitialContext.<init>(InitialContext.java:197)
  at com.waveset.util.JdbcUtil.getDataSourceObject(JdbcUtil.java:571)
  at com.waveset.repository.RelationalDataStore.setupJdbc(RelationalDataSt
  ore.java:3834)
  at com.waveset.repository.RelationalDataStore.init(RelationalDataStore.j
  ava:3779)
  at com.waveset.install.RepoMan.check(RepoMan.java:1194)
  at com.waveset.install.RepoMan.setRepo(RepoMan.java:1082)
  at com.waveset.install.RepoMan.main(RepoMan.java:1314)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.waveset.util.CommandProcess.invokeMain(CommandProcess.java:212)
  at com.waveset.util.CommandProcess.launch(CommandProcess.java:162)

  Hi rhayn, I think you're getting confused about what "file sharing" really is used for. You need to say to yourself "do I want someone on another machine to access these files?" If yes, you need file sharing; if no, forget about it.
  So, the second user, are they on another machine or are they using the same mac as you?
  Just as in windows, when you share a folder over the network, you can set different permissions on the "share" compared to the permissions on the files and folders themselves. In all cases, the most restrictive permissions apply. Therefore if you give read/write to the shared folder (the "share"), but a folder is read only (to the second user), they will be able to view the list of files in that folder, but not open them (equivalent to the windows permission called "list folder contents"). If the folder was read/write, the second user can create files and edit them. If the folder is read/write and existing files are read only, they can open them but not save changes. Where OS X differs from windows is the mechanism for setting permissions; OS X uses the unix/posix permission system. In addition, if you are the owner of the folder or file, you can always do anything with the folder or file.
  All of the above paragraph is only information you need to use IF the other user is connecting to your mac from ANOTHER computer across a network.

• How to resolve "Secure Connection Failed" issue

  I am running Firefox 4.0.1 on Windows 7. I get the message "Secure Connection Failed" ... and ........
  Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.
  (Error code: sec_error_reused_issuer_and_serial)
  I found the help info on how to deal with that here somewhere, and followed all of the steps. It would appear that the help info I followed was for an earlier version of Firefox (I was able to follow it on machine running version 3.5.15).
  I deleted all the certificates involved, and went back to the page (immedieately, after quit/restart, ....) and I simpy get the same error page as I initially got.
  There is NO mention of "...Or you can add an exception". I attempted to add an exception "manually" ... and got essentially the same certificate right away upon clicking "Get Ceritificate" ... the same error code is reported as was originally reported.
  It would appear I am stuck in a never ending loop.
  So, how do I get out of this one ?
  Thanks
  PS: The affected site is actually a system internal to my company - a copier .... though I do not believe that should make any difference to the actual answer.

  I should add that I can make an exception in IE, but I'd just as soon use Firefox.
  Also, should add that I'm using Firefox 5.0 and all of the workarounds appear to be for earlier versions.

• Security on Content issue

  Hi
  I have an issue that hopefully someone may help me with, i need to create a page that will show links to documents. All users of the Portal will have access to this page, but their view of the documents should be limited to the ones that they have access to view. I have achieved this quite easily using categories and the page security. The problem occurs when i want to allow multiple groups to be able to view the documents, and multiple departments i.e certain members of i.t, sales and hr but no one else. If someone adds a report onto the page, ideally they would add it to a region and this region would allocate it to either public users, department users and then a third region that would allow people from various departments to access it. What would be the best approach to this as i dont particularly want users to click on access and add groups of users in.
  Thanks,

  hi,
  i suggest the following scenario to be considered as an option for you:
  first, if i understand your post correctly you want to achieve seperating content management from content publishing which is a very good approach.
  one page group where you manage/upload/modify your documents (items) and another page group where you publish those documents to the audience in form of links to those documents.
  the way to do this best is to have one page group for content management - the page group where the actual documents live, including the security information who has access to which documents. now you need another page group to publish those items. the best way to do this to add custom search portlets to this page and confiure them to use the autoquery functionality. for the end-user this will look like any other portlet but in the background it dynamically queries items based on the search criteria you entered. for example: all documents for category 'SALES', etc. the advantage using the custom search portlet is that security is automatically handled for you. depending on the user that is logged in it will display different results taking security into account without any configuration from your side.
  hope this helps.
  regards,
  christian

• Directory Security Strange Permissions Issues (Windows Server 2003 running Active Directory)

  I have a user that all of a sudden was not able to open 70% of her files located on a file server, Windows Server 2003 running Active Directory, from her laptop. The same user can access all the same files from a different machine, logging on with the same
  credentials. Just looking for a point in the right direction and a possible theory as what could cause this problem, an why all of a sudden. I did go back through the logs but nothing sticks out. For the most part the logs on the server and the laptop are
  pretty clean. 
  Both machines are Latitude E5420s running Windows 7 Enterprise Service Pack 1. Both machines are 64bit and connect to the network via hard-wire, not wireless.
  Thanks in advanced.
  Grajek

  I would recommend proceeding that way:
  Check that your DCs are in a healthy state and AD replication is fine: It might be that the user is member of security groups and the membership is not getting replicated properly which can cause this random behavior. You can use
  dcdiag and repadmin for checks and you can refer to my recommendations here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  Make  sure that the file server is reachable from the user client computer. Start with
  ping and nslookup. Also, you need to make sure that the traffic between the client and the server is not blocked or filtered. You might want to temporary disable security software for testing
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• ASA EasyVPN with Secure unit authentication issues

  Hi everyone,
    We have a VPN setup with EasyVPN with a requirement of secure unit authentication.  We are having intermittent issues with it.  Sometimes the client ASA will boot up and appears to attempt negotiate the VPN connection. Other times, it comes up fine and the credentials can be entered to connect.  I also noticed that when we tried user authentication, the Cisco phone behind the ASA would never work, even though we had it's mac address in the bypass list on the client ASA.  If someone has an example configuration, would appreciate it. Since it works sometimes, I wouldn't think a firewall would be blocking the connection.  I can upload snippets of the configuration later if needed.
  Thanks,
  Bill Hendrix

  Found the issue.  Problem was in configuration of the IPSec IKEV1 connection profiles under:
  Remote Access VPN>Network (Client) Access IPSec Connection profiles.
  In the profile config under Advanced>IPsec>IKE Authentication.
  We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.

• Mobile - Secure zone login issues

  Hi All,
  I'm able to log in to BC sites with secure zones using a samsung galaxy s1 and iphone pretty consistently however when using a samsung galaxy s2
  I can't login - tested over 3 sites so I know it's not the code on the page interfering with login.
  Anyone else have issues logging in to secure zones with mobiles?
  Thanks,
  Nathan

  Sure,
  Using the Default browser on
  Samsung Galaxy s2
  firmware version : PDA:LP8 / PHONE:LPS / CSC:LP4 (XSA)
  firmware version : PDA:LPW / PHONE:LQ6 / CSC:LP6 (XSA) upgraded to see if it would help but no luck
  1. Click the link to login (either on login form or just clicking on a link to a page within the zone I'm trying to log in to).
  2. Enter correct username and password (multiple testings and changes of password have been tested)
  3. In either case, URL will change to /Default.aspx?PageID=######
  Sometimes it will show /Default.aspx?PageID=######&Error=Thank+you+for+logging+in.
  On some of the websites I've tried - Creating a new customer on the samsung galaxy s2 will register the new user for the zone - but the form will not allow the user to be logged directly in on submission - error page " We're not able to log you in "  appears however the user is created, assigned to zone and can be used fine on a desktop.
  Content that should be accessible once logged in - isn't (example. Login changes to logout, customer name "Hi Firstname lastname" won't display etc. because it's just not logging in.)
  Zone subscription is checked, works on Samsung Galaxy s1 as it should.
  Galaxy S
  Operating System
  Linux Android
  Screen Resolution
  800 x 1130
  Web Browser
  Android Webkit 4.0
  Browser Size
  800 x 1130
  IP Address
  withheld
  Color Depth
  32
  Javascript
  Enabled
  Flash Version
  11.1.111
  Cookies
  Enabled
  User Agent
  Mozilla/5.0 (Linux; U; Android 2.3.3; en-au; GT-I9000 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
  Galaxy S2
  Operating System
  Android Android4.0.4
  Screen Resolution
  480 x 800
  Web Browser
  Android Webkit Browser --
  Browser Size
  320 x 456
  IP Address
  withheld
  Color Depth
  32
  Javascript
  Enabled
  Flash Version
  11.1.115
  Cookies
  Enabled
  User Agent
  Mozilla/5.0 (Linux; U; Android 4.0.4; en-au; GT-I9100 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

• ADF Security using sqlauthenticator issue unable to login

  Hi,
  AM using jdev 11.1.2.3
  I followed these blogs to configure adf security using sql authenticator
  http://biemond.blogspot.in/2008/12/using-database-tables-as-authentication.html
  http://hazem-adf-tips.blogspot.in/2012/06/adf-security-database-authentication.html
  am unable to login.. I can able to see the users and roles in WL admin console. When i am giving the user credentials it is redirecting to error page saying unauthorized .
  plz can anybody help me out from this issue.
  Thanks,
  Nitesh

  HI Timo,
  I have created application roles admin and user. Unable to create enterprise role with same name. When i am trying to map application role with enterprise role it is not displaying in mapping window..
  The following log message
  Removing existing role admin
  creating new role admin.
  with this it is recreating the new role and role id gets change when ever i m restarting my server and deploying the application..
  Thanks,
  Nitesh

• 10.6.5 Security update WIFI issues

  Everything was fine until I received a 10.6.5 Security Update. Now I don't have any WIFI. I've done everything as far as resetting all settings, etc. No issues with router as it works fine with other devices. Any suggestions?

  I am having the same issues. I'm not sure that the update was what caused the issues but it seems to have made it worse. I can get it to connect for a minute up to sometimes 30 min. Once it drops the connection I cannot get it to re-connect and the MacBook cannot see any of the networks in my neighborhood.
  I have reset permissions, reset the PRAM, run all daily, weekly, and monthly scripts, and run just about everything on Onyx that I think would fix the issue. I am at a loss.

• Re-Imaging and Security Related Trust Issues

  Hello,
  Yesterday, I asked the question about how to fix having trust issues all the time when re-imaging computers in a school environment. I am using Windows Server 2008R2 and a Windows 7 Image created in FOG image program. The machines we use are HP5100 Desktop
  machines.  I didn't feel that I properly explained in the first post how we re-image the machines. I am hoping this will give you a better idea of what we are doing, and you can help me figure this issue out. Thank you in advance.
  Step 1: Bring Windows 7 Image down to an HP5100 Desktop, update plugins and send image update back up in Fog
  Step 2: Delete all machines out of the active directory for specified labs.
  Step 3: Re-image school labs of 30 machines each
  Step 4: Rename each machine with unique id, example : BJSHS203S01DW7 (name of school, lab #, Student #, and OS)
  Step 5: Join the domain
  Step 6: Make necessary adjustments, and use deep freeze to freeze machines up
  Those are the steps we use when re-imaging, and so far for the past two years we have sporadic issues with two labs in particular with receiving trust-relationship message, and also sometimes get a message that says there are no servers available. When this
  happens, then I need to go to the machine unfreeze it, unjoin the domain, delete the name from the active directory, and then rejoin the domain. Sometimes this works but more often than not it doesn't work so well, and then I have to go through the whole process
  again. We do not use sysprep on our machines.
  So my question is this : What am I doing wrong? Is there anything you can recommend to fix this problem so that I don't have to continue to fix the machines and waste time?
  Thank you in advance, I appreciate your help!!
  Angie

  Deep Freeze may be causing your problems.  Have you read this article from Deep Freeze makers about trust relationship issues?
  http://support.faronics.com/Knowledgebase/Article/View/365/8/computers-running-deep-freeze-loose-connection-to-or-fall-off-the-domain-with-an-error-that-the-trust-relationship-between-the-domain-controller-and-the-workstation-has-failed

• Cannot access iTunes Store - "connection timed out" or "secure connection failed" issues.

  If you are having problems connecting to the iTunes Store to:
  (a)     activate a new iPod, iPhone or iPad; or
  (b)     re-activate an existing iPod. iPhone or iPad after upgrading the OS for the device,
  then hopefully this article will assist.
  It is assumed that have encountered the following problem. When you connect your device to your PC the device is recognised by iTunes, but the main window simply displays the name of the device (e.g. iPad). The progress bar at the top says "accessing the iTunes Store", but it stalls and eventually there is an error message saying something like "connection timed out".
  There are a number of variants of this problem, but the common thread is that your device is unable to access the iTunes Store to authenticate a new device or after upgrading the OS on an existing device.The first recaction is to check that your Internet connection is ok and that that "itunes.exe" a not being blocked by your Windows or third party firewall settings, but the problem persists.
  Having recently experienced this problem and scouring the Internet for a solution, I eventually solved it using the following approach:
  (a)     Check that you are connected to the Internet (i.e can browse the web).
  (b)     Open iTunes and choose "Run diagnostics" from the help menu and then select the "networking connectivity" option (uncheck the other options) and click "next" twice. A report will show the results with a "green" or "red" dot next to each item. You should see a "green" dot next to the first two items ("Network interfaces verified" and "Internet connection verified"). However there will probably be a "red" dot next to the third item "Secure link to iTunes Store verified". 
  The important thing to note is that a secure connection could not be established. This is an indication that your wireless security is the problem. It does not satisfy the security level expected by the iTunes Store. It seems that an unsecure connection or one using outdated encryption (such as WEP) is no longer sufficient for the iTunes Store. This may be why the problem has emerged with the most recent versions of iTunes. The now widely used wireless encryption standard WPA or WPA2 is expected.
  So you need to check your router wireless security settings and, if you have a PC that uses a wireless connection to the router, make sure its settings  match. The following is a guide bearing in mind that there are many different types of routers and Windows OS.
  Router
  TIP: If you have a wireless connection from your PC to your router, then check your PC wireless security options first to see that "WPA" or "WPA2" are available (see below) as it will be a pain to change your router settings only to discover that your PC does not have the same options.
  (a)     Most routers can be accessed using your web browser by typing in the router's address (e.g. http://192.186.1.1). If you don't know the address look at the mannual that came with your router as it will tell you how to do this.
  (b)     Once your browser displays the router interface you may be prompted for a username and password. These may be the default factory or ones that you have created previously. If the username or password has not been changed, but you don't remember of know what they are again go to the mannual that came with your router as it will have that information.
  (c)     Assuming that you are able to access your router interface, look for the "wireless" tab or menu and a sub-menu or option for the "security settings". They'll be there somewhere. Once you find the security options you can select the encryption level. As stated above, you should choose "WPA" or "WPA2". You will then be asked to create a network key which can be anything with the required number of letters and/or digits.
  (d)     Once your finished write the settings down (including the key) as you will need them for your PC if you have a wireless connection to the router. Save the changes (if prompted to do so) and re-boot your router.
  PC Wireless
  (a)     Again the appoach that you need to take will depend on your OS (XP, Vista or Windows 7), but generally speaking if you go to the "network" on your PC there will be the option to highlight it and right click or choose a "properties" item. I vaugely think this can be done in XP by right clicking the wireless icon in the taskbar and navigating to the dialogue box that shows your network. In Windows 7 you will need to go to the "Network and Sharing Center" and then choose "Manage wireless networks".
  (b)     At some point (sorry to be vauge) you will find the wireless network security options for your network. Select the same level of encrytion ("WPA" or "WPA2") and type in the same network key that you chose for your router. Save the changes and your wireless connection should come to life. If not then make sure that you have put in the correct settings before freaking out.
  Back to iTunes
  Once you are connected to your router again (wirelessly or by lan), then plug in your device and open iTunes. As before it will try to access the iTunes Store, but hopefully you won't have any problem establishing a secure connection and you'll be up and running.
  Best of luck!      

  Something is still blocking iTunes, do you have any other firewall installed?
  When you say you removed Norton, to you mean you uninstalled it. An uninstalled Norton security product can still bock iTunes as some of it is left behind.
  Several people have found that using the Norton Removal Tool to remove all traces of Norton fixes this problem.
  http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039?OpenDo cument