Security issues for mail relay.

Similar Messages

• Security issues for Discoverer 10g apps 12i

  gurus,
  I have couple of things to get it done at client.
  We are on Oracle Apps rel 12i with dicoverer 10g.
  Did anyone setup MOAC to be enabled and operational in business areas?
  Setting up secure responsibilities in discoverer for MOAC?
  Any setup needs to be done for custom report security in discoverer ?
  thx

  Hi,
  I did setup new MOAC security profiles and assigned multiple organizations to that profile for testing purpose.
  After this, I did run concurrent program "Security List Maintennce" etc...
  Tested Upding profile at user level or responsibility level.
  On APPS side fine.
  I need the some basic steps on setup of security issues for discoverer side.
  1) Business areas (any security steps need to be followed in order to access data for single or multi-org)
  2) Custom Reports ( any security setup or any moac security profile setting against responsibilty for accessing single or multi-org data)
  Since we dont have default operating unit parameter as specified in the concurrent program, how do you restrict data?
  3) Reconciling security approach r12 with discoverer (any steps need to be followed here after r12 configuration with security issues)
  4) Custom Views ( any steps to be followed for single or multi-org data as security aspect)
  Looking for info on these setups.
  Thx

• About "kernel.exec-shield" and "because they will bring security issue" for linux ASE

  In " ASE Quick Installation Guide for Linux", "kernel.exec-shield=0" and  “kernel.randomaize-va-space=0” should be set.
  But SuSE engineers say that  “kernel.exec-shield=0”and “kernel.randomaize-va-space=0” will bring the OS security issue.
  Customer want to know why ASE need the above parameters ?
  Has anybody the idea for customer's question?

  If the parameters are not set as documented, attempts to start additional engines beyond the first one will fail, generating stack traces.
  ASE acts in many ways like it's own operating system, scheduling individual user connections (spids) to actively run (note that ASE was developed well before native threading was commonly available).  Each spid has it's own stack information that gets swapped in when it is set to "running" state on the engine and swapped out when it yields the engine.  The mechanics of this is not that different from the buffer overrun exploits described in the Red Hat document linked to by the
  install guide, http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
  and the exec-shield mechanics definatately interfere ASE's operations when ASE is using multiple dataserver processes (engines) that swap spids around.
  -bret

• Report distribution.xml Issue for Mailing!!!

  In my distribution.xml file for mailing.
  1. I want a to create hyperlink in email body for which few parameters need to come from report like formname,org_id & reqno which are already in .rdf.
  I tried this in body but its NOT working like it works in subject cc bcc etc. to display
  <body srcType="text" >
  http://dw123:8889/forms90/f90servlet?config=myApp&firstparam=po_requisition_approval&secondparam=&amp;&lt;org_id&gt;&thirdparam=&amp;&lt;reqno&gt;
  </body>
  2.how can i use anchor tag of html in this above xml body .
  For the same link i want to create a anchor tag and i wil give some desc.
  for eg. "click here to approve"
  by clicking on text the above link need to executed.
  Quick response will be appreciated.
  Thanks in Advance.

  Hi dmars,
  What u said i right?
  But still i did'nt got what i need.
  i.e i want to replace the variable to actual data from report under email body
  like i do in to,cc,bcc while mailing.
  for eg here is my dist.xml file
  <destinations>
  <!-- Send a mail for each warehouse with the corresponding file attaceed-->
  <foreach>
  <mail id="ex2"
  to="&amp;&lt;email&gt;"
  from="[email protected]"
  subject="Auto Mail - Request for Purchase ">
  <body srcType="text">
  Dear &amp;&lt;name&gt;
  Please find the attached RFP (Request for Purchase) with the Mail.
  Thank you,
  </body>
  </mail>
  </foreach>
  variable "to" is coming from report.
  In the same way i want under body after Dear, the varible need
  to be place which is too from report.
  But this Dear &amp;&lt;name&gt; does'nt work WHY???
  </destinations>

• Security issues for Flash cookies, Local Shared Objects, .sol files

  Good day, all
  I just found out a bit about flash cookies from Wikipedia and http://epic.org/privacy/cookies/flash.html
  I was wondering if there was a security issue with these (as opposed to privacy issues)?
  It seems easy enough to prevent them being stored or delete them after they are set.
  Thanks,
  Hugh

  Hello Patricia,
  You wrote,
  I came to this forum to see if I could find out how to delete adobe's flash cookies
  You have to do it online via this website.
  Macromedia's Website Storage Settings panel
  Note: As the site says, the dialogue box is not an image, "it is the actual settings manager"
  I just tried it out and deleted the flash content from How Stuff Works, then revisited the site (How Stuff Works) and it didn't add it back, so it seems to work as stated.
  regards roam

• Update Secure Certificate for Mail (Identification and Encryption)

  Hello...
  Can you help?
  I have several email addresses; all of which have valid secure certificates (stored by default automatically in Key Chain).
  Whereas previously the certificates did not feature my name, new ones have been issued which do.
  So... my question is as follows:
  How do I point Mail to use the new certificates that have my name engrained within, opposed to the older ones which do not?
  Thank you, in advance.
  A

  Hi ... I have been struggling with exactly this point, too. Try out the new Leopard feature called "New preferred Identity". For this open keychain, go to my certificates and control-click on each certificate individually as choose "new preferred identity". Here you can type the e-mail address and choose one of your certificates to be used "preferably". This is the official Apple way of doing it and you may read further information in the support section. Please let me know if it works with you!
  In any case, it hasn't worked for me. I had to delete all old certificates for the same e-mail address and keep only the most recent one with my real-life name in it (you can delete right in keychain). After restart mail.app only uses the new certificate for signing e-mails.
  You would expect that deleting the old certificate destroys your ability to read the older encrypted e-mails. But the good news is that everytime you open an e-mail with your old certificate mail.app will add the old certificate back to keychain and you can again read your encrypted e-mails which used the 'public' key from the old certificate. Although mail.app will add the old certificates again it will continue to use the new certificate. I call this a work-around because really the "new identity preference" should have worked.
  I hope I helped you.
  Valentin.

• Where can I submit a potential security issues for OSX10.8.4?

  This morning I found a potential security bug that allowed me to access files, applications and settings for my MBP before the OS had time to confirm my login credentials. I'm sure there are people looking to exploit this so I want to know if there is a place that I can submit the issue online or via telephone.

  http://www.apple.com/feedback/macbookpro.html

• A "security issue" for property list in library of flash document

  Please take a look at this screen-shot I have taken from the library in a flash document.
  see in the link below, you have to copy and paste it in your browser.
  http://askervgs.wikispaces.com/file/view/library.jpg/505738374/library.jpg
  As you see the modified dates for all these components are 28 April-2014 and for last component it is 29 April-2014.
  What is strange is that the flash document itself is claimed to be created in a local exam: date on 30.April 2014 !!
  How is it possible the components in the library are modified two days before the document itself is created?
  Dose it mean that the student has had access to these components two days before the actual exam date????
  *** All other students flash documents look normal and all dates for anything they have created  i
  their flash document library are actual exam date: i.e. 30.April 2014 between 08.00 - 14:00. 
  Please help to clarify this issue?
  Thanks for any help!

  Thank you for your answer!
  They use school laptops, and I will later check the date/time on this person's computer, but something which contradicts the "wrong date" case is that I have received three more files(one open office writer text file) from the same student, all created and modified on 30. April 2014, which was the actual exam date.
  So until know it seems that this student has had access to the exam file and prepared the main fla file 2 days prior to the exam date.
  This is quite possible because we use previously given  samples in local exams, (digitally available for "some nerds").
  But technical question is:
  Do the dates listed in flash-library for created components actual dates which match users computer dates/times?

• Security issues for Java server side code

  When reading the Oracle 8i documentation regarding using JDBC
  with Java running within the database, I found that the Oracle-
  specific call 'defaultConnection()' can be used instead of the
  standard 'getConnection()'.
  This appears to be what I want to use as it avoids Net8.
  However, in the documentation it states that the user ID and
  password are ignored. Is there no way, then, of implementing
  user based security in a Java program using defaultConnection()?
  Thanks,
  null

  Hi Kiran
            See u know how to call serverside java objects from remoteobject?  If u know that every thing same that replace coldfusion and place ur java stuff
            but nothing will change at client side cairngorm architecture.. use blaze ds server to connect with the server and make a remote call to the server and have fun.
           i think u know how to initialize services in cairngorm framework and make some struff on delegate and call serverside java methods from remote object service.
            u can try this dont try for examples in the net or something.. u have a complete knowledge on cairngorm framework .. and just u want to develop j2ee applications ..
            make try with sample applications with j2ee server.. its very easy and little interesting.. make some pojos in serverside to communicate with the database and call that methods..
              i think this will help u and i dont have perfect example for serverside java code...
                 this is not and example in cairngorm and java .. but u know cairngorm  and i am posting here only the tutorial how to communicate with java methods
           read this article    http://www.adobe.com/devnet/flex/articles/file_upload.html

• MII Workbench and java security Issue for jdk7

  Hello all,
  I am using MII version 12.2.2 Build(234) and java version jdk7.
  Now,I am not able to open or create a transaction in workbench.
  In java console, an error is shown below:
  AWT-EventQueue-0 [ERROR] - java.lang.ExceptionInInitializerError
       at com.sap.lhcommon.expressioneval.ExpressionLoader.<clinit>(ExpressionLoader.java:282)
       at com.sap.xmii.bls.expressioneval.TransactionFunctions.<clinit>(TransactionFunctions.java:27)
       at com.sap.xmii.xacute.editors.common.FunctionsComboBox.createBox(FunctionsComboBox.java:45)
       at com.sap.xmii.xacute.editors.common.FunctionsComboBox.<init>(FunctionsComboBox.java:39)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.createExpressionEditorPanel(LinkEditorPanel.java:1033)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.initialize(LinkEditorPanel.java:316)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.<init>(LinkEditorPanel.java:198)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorBottomPanel.<clinit>(LinkEditorBottomPanel.java:28)
       at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.initDisplay(TransactionInfo.java:353)
       at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.createNewFile(TransactionInfo.java:149)
       at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction.createFileInfoObject(NewAction.java:194)
       at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction$1.construct(NewAction.java:115)
       at com.sap.lhcommon.gui.ThreadCreator$2.run(ThreadCreator.java:96)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.security.action")
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass0(Unknown Source)
       at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
       at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at com.sap.lhcommon.expressioneval.functions.DecodeFunction.<clinit>(DecodeFunction.java:83)
       ... 14 more
  I also modified the 'java.policy' file. But it did not work. I am still getting the same error.
  Kindly advise..
  Thanks,
  Ritwika.

  I do not yet know the security implications of doing what I did to fix this issue, but here is my solution.
  I added the following to the jre7 java.policy file in the section "grant {":
  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.action";

• Secure Connection for Mail in ColdFusion

  Hi,
  Can anyone help me out on this:
  I wished to know as to how can we configure the SSL with respect to Mail (Enable SSL socket connections to mail server ), in Cold Fusion 7.
  As the Admin of the same is not having the above mentioned Check Box to do so. The same is present in for higher version of Cold Fusion (i.e ColdFuion 8.0.1)
  Waiting to hear
  Thanks
  Simar

  Google this: Cfmail Gmail, and you'll find a good tutorial on how to 
  enable SSL programmatically.
  Sincerely,
  Michael
  El 11/05/2009, a las 1:22, spsb84 <[email protected]> escribió:
  >
  Hi,
  >
  Can anyone help me out on this:
  >
  I wished to know as to how can we configure the SSL with respect to 
  Mail (Enable SSL socket connections to mail server ), in Cold 
  Fusion 7.
  As the Admin of the same is not having the above mentioned Check Box 
  to do so. The same is present in for higher version of Cold Fusion 
  (i.e ColdFuion 8.0.1)
  >
  Waiting to hear
  >
  Thanks
  Simar
  >

• Secure way for SMTP relay for DMZ server

  Hi,
  I would like to know if there is a secure way to allow SMTP relay from server in DMZ.  This is our Exchange server configuration.
  All Exchange server roles installed on a single server.
  No Edge server.
  Thanks in advance.

  Hello
  if haven't got relay connector, need create one receive connector add only one dmz ip and if application can authentication use that authentication method, if cant use any auth method  enable anoynous relay.
  sorry my english

• Security Issues for Remote Login to ECC Server

  Hi,
  I have configured the saprouter so that people can remotely access the SAP ECC Servers outside the local area network. The saprouttab file contains the following entry:
  P * * *
  The parameter login/no_automatic_user_sapstar has also been set to a value 1.
  The user DDIC and SAP* can only be accessed using the master password, which is provided at installation time.
  Is my network secure enough? Or do I need to take into account some more steps / measures?
  Regards.

  Hello,
  Generally its not recommended to open up your network in the manner you have mentioned, however if its a requirement you cannot deny here is what first comes to my mind:
  Use the 'S * * *' instead of 'P * * *' (unless you are using ITS/J2EE and letting people access using HTTP(S)) , this will ensure that people are able to access only SAP protocol and not any other protocol
  Use the following link to understand options of saprouter table.
  http://help.sap.com/saphelp_47x200/helpdata/en/4f/992dfe446d11d189700000e8322d00/frameset.htm
  Also,
  It will be a good idea to allow access only to a particular IP Address i.e. the SAP Application Server instead of the entire IP range.
  instead of
  S * * *
  something like:
  S * <sap server ip address> *
  Regards,
  Siddhesh

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.

• Open mail -relay problem !

  Hi,
  My Internet/Mail server is Netra i with Solaris 2.5.1.
  I received e-mail from mail-abuse org saying that my mail server is open for mail-relay.
  How can I disable it ?
  Thanks Ivan

  Hello there,
  I believe that is true with sendmail 8.6 version which was shipped
  with Solaris 5.5.1 or 5.6. You will need to apply the latest
  5.5.1 sendmail patch (103594-19) which upgrades 5.5.1 sendmail
  to be equivalent to sendmail 8.8.8+sun patches.
  Unlike previous versions, sendmail 8.8 can be configured not to
  pass on mail from one user outside the local domain to another in sendmail.cf
  FYI, mconnect <your hostname> will show the current sendmail rev.
  Hope this helps.
  Hae
  Sun Developer Technical Support