Security Exception with JavaHelp and Webstart

Similar Messages

• Secured server with SSH and VPN?

  Hi,
  Have an Archbox at home and when I'm traveling I would like to connect to my Archlinux box at home to grab files and such things.
  Using ADSL with a static IP and a D-Link router.
  If I create a portfowarding rule of port 443 to my Archlinux box and user it to connect with SSH and VPN is that secured enought?
  I have family photos and stuff on the server that I don't want to be hacked or spread. Not a high target for hackers but for scriptkiddies!
  So, will a portforwarding rule and a use of SSH daemon and a VPN Server software make me secure all the way, the VPN and SSH is encrypted right?
  Any suggestions of a good VPN application?
  Server daemon for the "archserver" and clients for my laptop with dualboot, vista and archlinux.

  Yeah, SSH or OpenVPN should be perfectly fine.
  However, why port 443? If someone is scanning a large range of IP-addresses for commonly open ports to find active servers, they will most likely scan port 21, 22, 25, 80, 110, 443, etc. as these ports usually run the most interesting services.
  Since it has no impact on the usability, choose a high port, between 10000-65000, which is not commonly used. That way your system will not be identified as active by a simple portscan searching for active servers.
  You don't have to be worried about attacks targeted directly against you, if you don't have anything interesting on your system, a cracker wouldn't spend time on manually breaking into your system. Just mask yourself from worms etc. by using uncommon ports. Using SSH or OpenVPN will handle encryption, which ensures data integrity, even when you're connected to an unencrypted hotspot somewhere in the world on your vacation
  If you setup OpenVPN, you'll also have the possibility of routing all your Internet traffic throught your home system, which can be very handy in terms of surfing and checking mail from unencrypted hotspots around the world.

• Handshake Exception with Firefox and Jetty Servlet Container

  We do have a strange problem with Firefox 2 and Jetty 6.1 (a Servlet Container) using HTTPS to communicate: At some stage Firefox (FF) sends a ClientHelloV2, to which Jetty responds with a ServerHelloV3. This leads to a handshake failure for this handshake and for any subsequent attempt.
  To avoid the handshake failures there are 2 options:
  1.) restart FF
  2.) change the servername or port, by using ssltap [2] as a proxy.
  [FF] --> [ssltap] --> [Jetty]
  That way it is possible to change the port without restarting
  FF and Jetty, and to debug the SSL traffic.
  Both options make FF to start a SSL session, by sending a ClientHelloV3. Then everything works until we get to the same stage described above.
  h2. Logs:
  From what I can see in the logs of ssltap, Firefox is sending some data, which might be something like a partial handshake (?).
  --> [
  alloclen = 63 bytes
  (63 bytes of 63)
  [Wed Jan 09 12:18:41 2008] [ssl2] ClientHelloV2 {
  version = {0x03, 0x00}
  cipher-specs-length = 36 (0x24)
  sid-length = 0 (0x00)
  challenge-length = 16 (0x10)
  cipher-suites = {
  (0x000039) TLS/DHE-RSA/AES256-CBC/SHA
  (0x000038) TLS/DHE-DSS/AES256-CBC/SHA
  (0x000035) TLS/RSA/AES256-CBC/SHA
  (0x000033) TLS/DHE-RSA/AES128-CBC/SHA
  (0x000032) TLS/DHE-DSS/AES128-CBC/SHA
  (0x000004) SSL3/RSA/RC4-128/MD5
  (0x000005) SSL3/RSA/RC4-128/SHA
  (0x00002f) TLS/RSA/AES128-CBC/SHA
  (0x000016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
  (0x000013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
  (0x00feff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
  (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
  session-id = { }
  challenge = { 0xa954 0x2122 0x3e82 0xb993 0xd72f 0xea54 0x779f 0x958c }
  The server responds with:
  <-- [
  (1161 bytes of 1156)
  SSLRecord { [Wed Jan 09 12:18:41 2008]
  0: 16 03 00 04 84 |....�
  type = 22 (handshake)
  version = { 3,0 }
  length = 1156 (0x484)
  handshake {
  0: 02 00 00 46 |...F
  type = 2 (server_hello)
  length = 70 (0x000046)
  ServerHello {
  server_version = {3, 0}
  random = {...}
  0: 47 84 ad 91 a1 f6 cb e5 f8 e2 f0 46 60 4b dd 48 | G����.&#9574;.�.�F`K.H
  10: 13 a8 93 96 d2 4f 2b d8 2d fe 49 2f 22 e5 29 5e | .����O+�-.I/".)^
  session ID = {
  length = 32
  contents = {..}
  0: 47 84 ad 91 84 b7 ef 62 92 fb 03 d7 8a 41 ae 82 | G������b��.�.A�.
  10: d5 57 a3 e0 24 cc b5 2e b2 c7 29 3d 3a 37 a6 11 | &#305;W��$&#9568;�.&#9619;�)=:7�.
  cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA
  0: 0b 00 02 f6 |....
  type = 11 (certificate)
  length = 758 (0x0002f6)
  CertificateChain {
  chainlength = 755 (0x02f3)
  Certificate {
  size = 752 (0x02f0)
  data = { saved in file 'cert.001' }
  0: 0c 00 01 38 |...8
  type = 12 (server_key_exchange)
  length = 312 (0x000138)
  0: 0e 00 00 00 |....
  type = 14 (server_hello_done)
  length = 0 (0x000000)
  +Then FF responds with a handshake failure:+
  --> [
  (7 bytes of 2)
  SSLRecord { [Wed Jan 09 12:18:41 2008]
  0: 15 03 00 00 02 |.....
  type = 21 (alert)
  version = { 3,0 }
  length = 2 (0x2)
  fatal: handshake failure
  0: 02 28 |.(
  I am pretty stuck. Do you have any idea? Or can you give me any advice, how to further investigate this problem?
  Thanks,
  -Stefan
  [2] http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html

  I did some more analysis:
  When I replace the keystore by another keystore provided by the Jetty
  distribution, Firefox will not complain about the handshake
  exception. Nevertheless there are handshake exceptions, and the SSL
  level switches from TLS to SSLv3.
  Now I guess the question is: What is the difference between the two
  keystores?
  Answer: As far as I can see, the Keystore provided in the Jetty distro
  has expired in 2001, while my keystore is still valid (although also
  self-generated).
  Could it be, that Firefox some is less strict regarding handshake
  failures, after you have told it to accept an expired certificate?
  I am not sure whether this is problem of JSSE, or not? What do you think?

• Keep losing my secure wifi with iPhone and ipad with newest iOS update.  PC still connected

  Keep losing my secure wifi on my ipad and iphone with newest iOS update. My PC is still connected to same secure wifi. Any ideas.

  Contact xFinity (Comcast) to turn off dynamic channel switching if on and have it set to a fixed channel.
  Usually WiFi routers will only change channels to the least busy when they are initially powered up.

• Ora 24960 exception with VC9 and Oracle 11g - 11.1.0.6.0 client

  Hi,
  We have developed a OCCI client application using 10g express edition and visual studio 2003. It was working fine. Now we have migrated to 11g (11.1.0.6.0) client with visual studio 2008. VC version 9. We have migrated all .dll and .lib files based on oracles following link.
  http://www.oracle.com/technology/tech/oci/occi/occidownloads.html
  Now while trying to make connection it's throwing ORA 24960 exception. (the attribute OCI_ATTR_USERNAME is greater than the maximum allowable length of 255)
  but the attribute length is very less.
  connection = env->createConnection (oraUser,OraPass,conne);
  Anybody can help immediately please?

  Hi,
  Are you compiling in debug mode and using the Instant Client SDK by chance? If so, I suggest taking a look at My Oracle Support Note:747933.1 (ORA-24960 Error When Trying to Connect in Debug Mode With OCCI Instant Client). Essentially the issue is that the OCCI files included with Instant Client SDK do not include the oraocci11d.lib library.
  Regards,
  Mark

• Security problem with tomcat and Ms Access

  Hi there,
  I have read some other posts about this problem but I still do know what the solution is... I am using Tomcat 5.5 and Java 1.5 with Windows Vista Beta
  I have a class to connect de a Ms access, using ODBC. If I test it with a console main it works fine but when I try to connect using a servlet it does not work and I got this error trace:
  java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.jdbc.odbc)
       java.security.AccessControlContext.checkPermission(Unknown Source)
       java.security.AccessController.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
       java.lang.ClassLoader.loadClass(Unknown Source)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1267)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
       java.lang.ClassLoader.loadClassInternal(Unknown Source)
       java.lang.Class.forName0(Native Method)
       java.lang.Class.forName(Unknown Source)
       model.Conect.GeneraConexion(Conect.java:17)
       model.Mediador.creaConexion(Mediador.java:12)
       model.TestServlet.processRequest(TestServlet.java:23)
       model.TestServlet.doGet(TestServlet.java:35)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       java.lang.reflect.Method.invoke(Unknown Source)
       org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
       java.security.AccessController.doPrivileged(Native Method)
       javax.security.auth.Subject.doAsPrivileged(Unknown Source)
       org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
       org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
  Any ideas? Thanks a lot in advanced.
  LJ

  Hi there,
  I have read some other posts about this problem but I still do know what the solution is... I am using Tomcat 5.5 and Java 1.5 with Windows Vista Beta
  I have a class to connect de a Ms access, using ODBC. If I test it with a console main it works fine but when I try to connect using a servlet it does not work and I got this error trace:
  java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.jdbc.odbc)
       java.security.AccessControlContext.checkPermission(Unknown Source)
       java.security.AccessController.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
       java.lang.ClassLoader.loadClass(Unknown Source)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1267)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
       java.lang.ClassLoader.loadClassInternal(Unknown Source)
       java.lang.Class.forName0(Native Method)
       java.lang.Class.forName(Unknown Source)
       model.Conect.GeneraConexion(Conect.java:17)
       model.Mediador.creaConexion(Mediador.java:12)
       model.TestServlet.processRequest(TestServlet.java:23)
       model.TestServlet.doGet(TestServlet.java:35)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       java.lang.reflect.Method.invoke(Unknown Source)
       org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
       java.security.AccessController.doPrivileged(Native Method)
       javax.security.auth.Subject.doAsPrivileged(Unknown Source)
       org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
       org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
  Any ideas? Thanks a lot in advanced.
  LJ

• Is there any way to synch recurring events, including exceptions, with google and with iphone?

  This seems to be on ongoing problem, which makes it difficult to synch my google calendar, needed for outside users, and the thunderbird (lightning) version. When i change ONE ocurrence, in Thunrderbird, the event disappears from gogole (and iphone synched calendar.) If I change either in google or on iphone, sometimes the exception does not appear in Thunderbird. Plenty of blogs pose the same question. Are there plans to "fix" it?
  Thank

  No. With IOS 5 you will be able to sync/backup wirelessly  but it will be over wifi.
  http://www.apple.com/ios/ios5/features.html

• How to solve the exception with socket and PrintWriter constructor

  I am working on a socket communication program and everything works fine on my computer until my boss moved my code to his computer. The following is the client code.
  The client program terminate with exception "Couldn't get I/O for the connection to local host." I have no idea how to solve the problem because there is no way out if the two statements (socket constructor and PrintWriter) fail.
  /*the program shall close connections and exit if the user clicks 'e'.*/
  public class LocalClient extends JPanel implements KeyListener {
  Socket localSocket = null;
  PrintWriter out = null;
  BufferedReader in = null;
  char fromServer = ' ';
  public LocalClient() {
  try {
  localSocket = new Socket("a029243.cs.uregina.ca", 4444);
  out = new PrintWriter(localSocket.getOutputStream(), true);
  } catch (UnknownHostException e) {
  System.err.println("Don't know about local host.");
  System.exit(1);
  } catch (IOException e) {
  System.err.println("Couldn't get I/O for the connection to
  local host.");
  System.exit(1);
  addKeyListener(this);
  }//end of constructor
  /*the component needs to be focused in order to respond to user input */
  public boolean isFocusTraversable() {return true;}
  public void keyPressed(KeyEvent evt) {
  public void keyReleased (KeyEvent evt) {
  public void keyTyped(KeyEvent evt) {
  System.out.println("key typed is called ");
  char fromClient=evt.getKeyChar();
  if (fromClient!= ' ') {
  if (fromClient=='e')
  try {
  out.close();
  localSocket.close();
  System.exit(1);
  } catch (IOException e)
  {System.out.println("connection closed");}
  else {
  System.out.println("Client: " +
  fromClient);
  out.println(fromClient);
  out.flush();}
  public static void main(String[] args) throws IOException {
  JFrame frame1=new JFrame();
  Container contentPane=frame1.getContentPane();
  LocalClient lc = new LocalClient();
  contentPane.add(lc);
  frame1.pack();
  frame1.setSize(50,50);
  frame1.setVisible(true);
  }//end of main
  } //end of class

  Add e.printStackTrace() or System.out.println(e) to the catch block of the IOException. The IOException has a message about what went wrong.

• Security Exception with applets

  Hello,
  How do I overcome the securityexception I face with applets? My appletviewer works fine when I try to read data from a local text file. But the browser doesn't seem to. It says access to the text file is denied!!!

  Appletviewer works but only in debug, isn't it?
  If you can read file from local, you must sign you applet by jarsigner tool contributed in your JDK.
  If you have not certificate for sign, you can generate your own certificate:
  1.generate key (name of the key will be tstkey)
  keytool -genkey -keyalg rsa -alias tstkey
  2. complete data
  3. export key (will be in your current directory in file tstcert.crt)
  keytool -export -alias tstkey -file tstcert.crt
  4. make *.jar file
  jar cvf MyApp.jar
  5. check *.jar file
  jar tvf MyApp.jar
  6. sign applet
  jarsigner MyApp.jar tstkey
  7. check sign of applet
  jarsigner -verify -verbose -certs MyApp.jar
  Tha is all. At this moment is your applet signed and you can write or read local file.
  BR
  -koalix-

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• Security Issues with Win7 and CS4

  In CS4, When I try to save a file to which I have made a change, I get the message:
  "Could not save N.....(title) because the file is locked. Use the Properties command in Windows Explorer to unlock the file"
  Really? I have 10's of thousands of files which, if I want to add a layer and save, I have to go back to Bridge, locate in Explorer, click Properties and change "All Users" to full control.
  That's obscene!
  When I get there, "Everyone" is highlighted and given only read and read/execute permissions, on the Security tab. The file isn't locked AFAIK The "Read" box is blank. I can change permissions, but it's good for only this one file, and when looking at Security settings globally, "Everyone" isn't listed.
  I need to find a global way around this, and I cannot find it. I am logged on as Admin, and I know there is another layer of Admin. Can that be invoked globally, and how? Is this the right way or is there another? Is it a Photoshop problem or OS problem?
  Thanks!

  That's where I looked, but that's not the right place.
  Nothing like noodling a paradox like the Russell "Set of All Sets" to get you going!
  I went back to XP to see what happens there. No problem. BUT, I did see a commonality (the paradox breaker looms!) Both the "Edit" folder and "N" drive are shared on the network.
  I broke the connection and now it works fine.
  If you go to a particular folder or drive in Win7 and click "Share", the first line in the menu that opens says "Nobody"!!
  Need I say more?
  Thanks, Charlie. You did help.

• Security issues with applets and windows Vista when printing to file

  Hi, everyone
  I am currently developing an application that prints out the result of some calculations.
  from a Javascript file, the output finally ends up in a java applet that should print the file in a special printer.
  For debugging purposes I have created a File printer that creates a file from the output comming to the printer; this way I can debug what commands the printer is receiving.
  This worked well on Windows Xp; Vista always asks for permissions for the applet, and altough I guarantee these permissions, printer is not allowed to create the output file and reports an error writing
  after a little research, I have found that java applets have all permissions when certificated as trusted applications; all but file creating permissions
  anyone has any idea of how could I fix this problem?
  Thanks in advance

  HI,
  Have you actually signed your applet? If the signers certificate is the trusted key store for Java it should treat your applet as trusted. You can use a self signed certificate for testing as long as the cert is in the trusted key store.
  Some links that might help:
  [http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html]
  [http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/rsa_signing.html]
  Cheers,
  Shane

• File not found exception with Xalan and JRE 1.4.x

  Hi everybody.
  I'm trying to apply an XSL transformation to a XML file within a Java application.
  No problem if I use JRE 1.3, but if I use JRE 1.4.x I've the following exception:
  javax.xml.transform.TransformerException: File "C:\testweb.xml" not found.
  I can ensure to you guys that the file exists.
  Any Idea????? Thanx
  Here attached is the code I use:
  8<----------------------------------------
  TransformerFactory tFactory = TransformerFactory.newInstance();
  Transformer transformer = tFactory.newTransformer(new StreamSource(xslFile));
  transformer.transform(
  new StreamSource(Constants.getMenuPath()),
  new StreamResult(
  new FileOutputStream(
  Settings.getMenusRelativeDirectory() + outputFile)
  ---------------------------------------->8

  OK I got it.
  It is necessary to use prefix "file:///" before file name.
  Thanx everyway.

• Secure Proxy with user name and password.

  I'm trying to develop a tool that can go out to the internet through a secure proxy with username and password, and download a file from a secured site, (https). Anyone have any experince with this, I've looked at a few things but nothing has really been helpful.

  Do you have an http proxy that requires authentication? If so, what type of authentication? Basic? Digest? NTLM if your proxy is on IIS?

• Getting started with JavaHelp

  Hello,
  I just have a couple of high-level questions here.
  We've got a tool called RoboHelp that generates, among other things, a .chm file. I spent a couple of hours trying to get that darn .chm file to work from withing the client of our J2EE application (run via webstart to connect to the server), with no joy.
  Turns out a .chm isn't what we need. Some reasearch revealed that JavaHelp is most likely the tool of choice for help documentation.
  Our documentation person is the one generating the help documentation, my job is to make it work in the GUI client. Supposedly RoboHelp can work with JavaHelp to generate the needed .hs file. I set the GUI client up to read the .hs, including the JavaHelp Jar, all that stuff. It should work.
  The problem: Our less-technical documentation person is having trouble doing anything with JavaHelp, and wants to revert back to the .chm, perhaps stored on the web server, or some such nonsense. I think we should use JavaHelp. She says that JavaHelp doesn't support a bunch of stuff she put into the help document, such as bullet lists, tables, and fonts.
  Does she have a point? I downloaded and read bits of the Users Guide, and it does say that fonts aren't supported (Section 2.7.4.5 has the info. isn't that a critical failure??) though I don't see anything about tables and bullet lists.
  Is this help system complex enough that we should assign a developer, rather than a documenter, to the task?
  Has anyone here used RoboHelp? Does it work with JavaHelp, or should we scrap it in favor of JavaHelp? Is there any way to use the source material (that generated the .chm file, which looks very nice, by the way) to easily generate the .hs that goes in the client-side .jar?
  I appreciate any help here, folks. Sorry for my ignorance, I'm just trying to determine if I need to take over these documentation tasks at this point.
  --- Eric

  Java help may not support font. but font should not be used anyways. use cascading style sheet instead. both chm and java help spport it.
  I am not sure about RoboHelp but you may choose a tool using which you can document in a single format and generate output in various formats like html, java help, html help(chm), oracle help for jeava, pdf, etc.
  There are many such tools freely available .