Security Issues with uploading files into APEX - How is anti-virus handled?

Similar Messages

• Mime Type issue with .docx Files in Apex 4.0

  We are having issues with windows 2007 .docx documents that are when they are viewed on windows 2007 machines with ie8. If I look in the storage table the mime type is not set correctly. It is being set as application/octet-stream. When we download the file one windows 7/IE8 either the browser thinks it is a zip file or it does not recognize it.
  If I go into the back end and update the table with the correct mime type application/vnd.openxmlformats-officedocument.wordprocessingml.document it works fine.
  We have tried to update mime types on the apache server but this does not help.
  Apex seems to be deciding what mime type to populate the table with.
  It seems like I need to update apex somehow to recognize that a .docx extension should be stored as type mime type application/vnd.openxmlformats-officedocument.wordprocessingml.document.
  Does anyone know how I would do this?
  We are running Apex 4 on 10g IAS with mod/plsql
  are application is setup very similar to what is describe in this document by David Peak
  http://www.oracle.com/technetwork/issue-archive/2009/09-jan/o19browser-087025.html
  Edited by: user7660930 on Apr 18, 2011 7:40 AM

  I thought about trying to do something similar to the code above but would prefer that apex would work properly.
  I created a page with the sql region and added this code
  owa_util.print_CGI_ENV
  when I run it it shows the following environment variables. It look like the WebDB environment HTTP_ACCEPT value needs to be updated. Does any one know how to update this information on a 10gIAS server and were it is stored? I have some documenation on WebDB but none of it seems to point to the correct location of the files and there are no admin pages
  PLSQL_GATEWAY = WebDb
  GATEWAY_IVERSION = 2
  SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
  GATEWAY_INTERFACE = CGI/1.1
  SERVER_PORT = 4445
  SERVER_NAME = admsunxapp04.ad.jocoks.com
  REQUEST_METHOD = GET
  QUERY_STRING = p=301:1:3167922978599440:::::
  PATH_INFO = /f
  SCRIPT_NAME = /pls/apex/sand
  REMOTE_ADDR = 172.16.14.100
  SERVER_PROTOCOL = HTTP/1.1
  REQUEST_PROTOCOL = HTTPS
  REMOTE_USER = APEX_PUBLIC_USER
  HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; Tablet PC 2.0)
  HTTP_HOST = admsunxapp04.ad.jocoks.com:4445
  HTTP_ACCEPT = image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
  HTTP_ACCEPT_ENCODING = gzip, deflate
  HTTP_ACCEPT_LANGUAGE = en-US
  HTTP_ORACLE_ECID = 1303315270:172.16.2.9:3032:0:2526,0
  WEB_AUTHENT_PREFIX =
  DAD_NAME = apex/sand
  DOC_ACCESS_PATH = docs
  DOCUMENT_TABLE = wwv_flow_file_objects$
  PATH_ALIAS =
  REQUEST_CHARSET = AL32UTF8
  REQUEST_IANA_CHARSET = UTF-8
  SCRIPT_PREFIX = /pls
  HTTP_COOKIE = ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL; ORA_WWV_ATTRIBUTE_PAGE=4651%2C%23ALL; ORA_WWV_REMEMBER_UN=ADMIN:apex_app; ORA_WWV_USER=8A32E6579024A4F4; oracle.uix=0^^GMT-5:00; DEVL=WaSkGBNfJ6-Vgpw-6HXpHvM8:S

• DW CS5 -- Issues with uploading files to server

  Hi everyone -- I recently took over control of a website that hasn't been updated in years. I am in charge of redesigning the site, but need to keep what we have up-to-date until the new site is ready to roll out. I received the FTP info for the server and got site files into local folders so I can make changes. I've made changes to one file (index.html) and am trying to put that file back onto the server; but in the file transfer process, the dependent files do not get uploaded (I get a message saying "'fileName' - same - not transferred"). The one file that I have changed, and Dreamweaver says has been uploaded, is not updating on the web. I checked the file on both my local and remote view and both reflect the changes I have made -- just not the actual site on the web.
  I'm sure that's a little confusing, so I'll try to summarize (with bulletts!):
  I have correct FTP info to server
  I downloaded site files from server to local folders
  I edited index page, and put the file to the server
  Dreamweaver indicates that the file has been successfully uploaded
  Local view shows edits I have made
  Remote view shows edits I have made
  Other dependent files have not been uploaded ("'fileName' - same - not transferred" error message)
  Actual website does not reflect changes made to index page
  What am I doing wrong????
  Thanks in advance for any help you can provide!

  Filezilla is a free, open source FTP client. It's a standard desktop application. An FTP client connects to a server using the File Transfer Protocol and allows you to transfer files up to the server (upload) or download files from the server (download).
  Why use a separate FTP client rather then the FTP functionality built-in to Dreamweaver? Because, in my experience, it works better the Dreamweaver's sometimes flakey FTP functionality and it's easier to troubleshoot FTP issues.
  In Firefox, to clear the cache, go to Tools -> Advanced -> Click Network Tab -> Click "Clear Now" button. Hit F5 to refresh the page and see what changes (if caching was the issue). If nothing changes then for some reason your files are not being uploaded properly to the server. In that case I'd check to make sure you're loading your files to the correct directory on the server (usually a folder called "httdocs" or "www" - check with your hosting company to amke sure).
  Hope this helps.

• Issue with Upload wizard in APEX 4.2

  Hi,
  We have APEX 4.2. We have a table with 70 columns. So to load data to that table we are using upload data wizard. Due to 50 columns limitation in APEX upload wizard, we have divided the upload file in two parts , file 1 with first 40 columns and file 2 with 30 columns and both of them have same primary keys included.
  When we load the data to the table through file 1 , data is loaded successfully but when we try to load file 2 , wizard shows data was updated but the data is not reflected in the table. What could be the reason ? Please advice.
  Regards,
  Andy

  Hi Pat,
  So currently we are using the following approach
  1. Split the file into two files (file 1 and file 2) with primary key included in both the files.
  2. We have two temp tables where these files will be uploaded resp, and it will also capture the username in the tables.
  3. When the 2nd file is done uploading ,we match the # of rows in both the tables by that user if it matches we run a sql to insert/update data in the actual table.
  4. If the record count doesn't match (means if file 1 and file 2 are not in sync) we delete the data from the temp tables just for that user and then user can reload it.
  5. Once the insert/update is done and when the user tries to load the file again , we delete old data from the temp tables just for that user.
  So every time user loads data ,it will maintain data only for that load.
  So this way multiple users are able to upload files.
  Also currently we finished development of alternate method to load entire file at once.In this approach we are not using upload utility, we have option where user can upload the file (1st page of upload utility) and then procedure is kicked of to get the file from wwwv_flow_files (APEX table) from a BLOB column.
  Data is parsed using a procedure and then inserted/updated into the original table.
  I hope this helps. Kindly let me know if you need more details.
  Thanks and Regards,
  Andy

• Possible Security issue with .zip files

  I found a potential issue with expanding .zip files. In the cases I've seen, the .zip files were created on Windows using Winzip. After copying the files to my OS X system, I double-clicked the file to expand the files and folders. (In this case the zip files was a Ruby on Rails web application.) In looking at the files in the terminal, all the files had wide open permission - 777 - all users had full access to all files!
  I had to go through and reset the permissions (755 for folders, 644 for files), and had to reset the execute permission on the Ruby script files.
  I'm going to test some more with more zip files, but this could be a potentially huge problem.
  Also, I noticed that the files had the "extended attribute" of com.apple.quarantine set on each file - which I assume is being set as a function of being downloaded via Safari from my webmail (Gmail) account. The .zip file had this attribute set, and when expanded it propagated to each file and folder.

  The files don't have any security on them from windows - windows doesn't know anything about unix permissions.
  I've compressed other files and folders on Windows and decompressed them in Tiger without a problem. I would think, at a minimum, the files would inherit the permissions of the parent folder I expanded them into.

• Upload files into apex using plsql

  i use apex upload option to upload files in to flow_files. Now it has to be deon via PL/SQl process. Via PL/SQL Process the files has to be uploaded on to apex application flow files tables .
  the data input to my application come not from same apex another but from extenal source via plsql procedure.
  is it possible ?
  thanks
  Raj

  Just for completeness ...
  Got this to work, but it's a pl/sql issue as opposed to an APEX issue.
  Anyway, if anyone needs to have the ability to read multiple files then a quick easy way to do it (as lomg as they know the file names that will be read), is to create a directory on the database which points to the actual harddrive on your PC, then create a table (called an external table) and read from that external table as if it was an actual database table ...
  1 - Log on as sys and grant CREATE ANY DIRECTORY to whatever user you are logging in as (assuming you are not using sys to create apps)
  2 - Create a directory e.g....CREATE OR REPLACE DIRECTORY GB_TEST AS 'c:\gbtest';
  3 - Create an external table as ...
  CREATE TABLE gb_test
  (file_name varchar2(10),
  rec_date date
  rec_name VARCHAR2(20),
  rec_age number,
  ORGANIZATION EXTERNAL
  TYPE ORACLE_LOADER
  DEFAULT DIRECTORY GB_TEST
  ACCESS PARAMETERS
  RECORDS DELIMITED BY NEWLINE
  FIELDS TERMINATED BY ','
  LOCATION ('data1.csv','data2.csv','data3.csv','data4.csv')
  PARALLEL 5
  REJECT LIMIT 20000;
  That's it then ...
  select * from gb_test
  where file_name = 'xxx'
  will return all the data where the file_name = 'xxx'
  very easy to use.

• Is anyone else having issues with importing files into FCP X

  Trying to import .mov files from older system into FCP X on a new iMac with Lion OSX.  Anyone else having similar issues?

  What kind of files are they?
  You may open them in Quicktime Player, and do a "Get Info" on them, and post that information here.
  It may be that they use some codec that FCP X can't handle.
  If that is the case, use the excellent and free program MPEG Streamclip to save them to Quicktime format using the ProRes codec.

• Issue with uploading files from photo booth

  Whenever I want to upload a photo booth picture from my computer, I hit upload and go to the photo booth section of the window that pops up. However, the photo previews displayed only show my first fifty or so photos (I have over 400 in there), and I have to click in and out of the photo booth folder until it shows all of my photos to choose from. Does anybody else have this problem/know how to fix it?

  I think your question should go in the Bridge forum,
  http://forums.adobe.com/community/bridge
  This one is only for discussions on the forums themselves,

• Issues with uploaded files and timestamps

  Hi All,
  I am building an app that will have 2 csv's uploaded daily, and compare results. The problem I have is that I can't seem to get the data into tables using the timestamp datatype.
  I fixed this by making the columns varchar2 rather than timestamp in a stage table, and am now trying to write a sql query that would move the data to the original tables.
  I have tried the "insert into <table_name> select ..." without any success.
  I get a "ORA-01401: inserted value too large for column" error.
  I have tried to use timestamp(0) - (6) as the datatype, and have tried to use the to_timestamp(field,'YYY-MM-DD-HH24.MI.SS')
  Here is my table(s) - note that the temp table is exactly the same, except the timestamps are converted to varchar2
  CREATE table "PRINT_RESULTS" (
     "OUTPUT_FILE"            VARCHAR2(65)       NOT NULL,
      "FOLDER_ID"               NUMBER                NOT NULL,
      "TIME_PROCESSED"   TIMESTAMP(0)       NOT NULL,
      "TIME_RECEIVED"       TIMESTAMP(0)       NOT NULL,
      "FILE_SIZE"                  NUMBER(10,0)       NOT NULL,
      "PROGRAM_USED"      VARCHAR2(50)      NOT NULL,
      "PRINT_FILENAME"      VARCHAR2(55)      NOT NULL,
      "DOCUMENT_CNT"       NUMBER(7,0)         NOT NULL,
      "SHEET_CNT"               NUMBER(7,0)        NOT NULL,
      "IMPRESSION_CNT"     NUMBER(7,0)         NOT NULL,
      constraint  "HVP_PRINT_RESULTS_PK" primary key ("ID")
  )And here is the select statement I have been using: insert into PRINT_RESULTS <br>Select "OUTPUT_FILE", "FOLDER_ID",
  to_timestamp("TIME_PROCESSED",'YYYY-MM-DD-HH24.MI.SS'),
  to_timestamp("TIME_RECEIVED",'YYYY-MM-DD-HH24.MI.SS'),
  etc...Any ideas would be greatly appreciated.
  Thanks in advance...
  Corey

  Corey,
  1) What does the data look like in your VARCHAR2 columsn TIME_PROCESSED and TIME_RECEIVED?
  2) What happens if you change your INSERT INTO SELECT, and for the timestamp columns in your select clause, change those for the time being to TO_TIMESTAMP(null)? Does the error still occur?
  Joel

• Issue with permissions to upload files into Apache web server to OS 10.8.2

  Hello everyone;
  I setted up Apache web server and mysql to OS 10.8.2 Mountain Lion. It's working fine except for the permissions. I can't upload files into the web site directory. Doesn't recognize, e.g., the PHP function "move_uploaded".
  One problem for my is that I can't modify the permissions by "Terminal" app since it telling me that the "Process completed" and I can't write any script.
  Any suggestion will be welcome.
  Thanks in advance.

  My only question now would be how to speed up Safari's 6.0.1 performance in 10.8.2 or do I just accept that it's a little slower than it was, which is fine. Are other folks having this issue?
  I was primarily passing along info about my particular download speed and for the Web Confidential 3.8 people: make a backup of your passwords b4 installing 10.8.2 or be prepared to upgrade.

• Privacy/Security Issue with Adobe Flash 10

  Not sure if anyone has noticed this or not, but there is a
  bizarre (if minor) privacy/security issue with Adobe Flash Player
  10. I came across it while attempting to upload a file to Flickr.
  Previous versions of AFP do not exhibit this problem.
  Specifics: using Firefox 3.x, Vista.
  The problem: When Flickr calls the "open file" dialogue in
  Flash 10 (in order to upload files) via the "Upload Photos and
  Videos" link, at the bottom of the dialogue, to the right of the
  "File Name" box, sits a common UI element that brings up a dropdown
  menu of what appear to be (or at least are supposed to be) recently
  viewed or downloaded or accessed files. Actually I'm not sure how
  Flash 10 compiles or accesses this list of files, but at any rate,
  a list of files come up.
  The problem is that, as far as I can tell, the list of files
  that come up reference a long list of files, some that are very old
  and that no longer exist, and that there is no way that I can find
  to clear the list. This is a minor security/privacy issue, as
  generally there should be a way to prevent a dialogue from
  displaying a long list of past-accessed files by clearing a cache
  somewhere or other -- imagine if it was impossible to clear the
  history of a web browser, for example -- this would be considered a
  pretty significant privacy issue. I have tried everything from
  flushing the browser cache to uninstalling and reinstalling the
  browser to uninstalling and reinstalling Adobe Flash to using the
  Flash Settings Manager to clear out the Flash saved sites to
  turning off Vista indexing to clearing out Vista's Recent Items
  list. None of these actions did anything to clear out this list of
  files. I can find no references to these files anywhere when I use
  Vista Search (with unindexed and system files searched as well),
  and I can find no reference to the files anywhere in the registry
  (I checked just in case Flash 10 was storing this index in some
  really bizarre place.) I've linked to a screenshot below of what
  I'm talking about -- most of the files listed below were deleted a
  long, long time ago, and so I have no idea why this dialogue refers
  to them.
  Screenshot
  Is there a simple work-around for this that I'm unaware of?
  Even if there is, there needs to be some more obvious way to clear
  out this list. Where is this information being stored, and what
  criteria does this list use to "put a file on the list"?

  Thanks for putting me on the right scent. That's what I'd
  originally thought, too -- it's just that the file-> open dialog
  was giving an entirely different list of files with other
  applications, so I assumed that it must be Flash that was the
  culprit. Turns out the reason it was different with Flickr was
  because it was restricting the file results via a long string of
  video and picture filetypes that are compatible with the Flickr
  service.
  It turns out the information I'm looking for is buried deep
  within the registry. The only way to clear out this list of files
  is to delete the following key (or specific subkeys):
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidl MRU
  Seems more than a little stupid to store such information in
  the registry if security is your concern. Vista beguiles me
  sometimes.

• Help with Upload file to Server Examples

  I have been working with the examples for how to upload a file to the server. Though i got the example to work. there is one more thing i need to do. i need to allow the user to be able to select multiple files.  In the example when you click on Upload, it opens a MS window to allow you to select a file. This example does not allow you to select more then one file though. I found another example for selecting multiple files but this one differs very much in that the person who make it "Ryan Favro" created a whole new GUI window to select multiple files. those his example works great, i dont want a special window to select files, i want the MS window to do it.
  Is there a way to make the original example that uses the MS window to allow the user to select multiple files ?
  I have attached the example that uses the MS window.

  Hi,
  Use this code. May be it helps u.
  fileuploadapp.mxml
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" xmlns:com="test.*" layout="absolute"
      creationComplete="initApp()" viewSourceURL="srcview/index.html">
      <mx:Script>
          <![CDATA[
              import mx.controls.Alert;
              private const _strDomain:String = new String("http://localhost:8400/");
              private const _strUploadScript:String = new String(_strDomain + "ProcessFileUp/UploadFile");
              // Initalize
              private function initApp():void {
                  Security.allowDomain(_strDomain);
          ]]>
      </mx:Script>
      <mx:Canvas width="400" height="300" horizontalCenter="0" verticalCenter="0">
          <com:FileUpload
              width="100%" height="100%"
              uploadUrl="{_strUploadScript}"
              uploadComplete="Alert.show('File(s) have been uploaded.', 'Upload successful')"
              uploadIOError="Alert.show('IO Error in uploading file.', 'Error')"
              uploadSecurityError="Alert.show('Security Error in uploading file.', 'Error')"/>
      </mx:Canvas>
  </mx:Application>
  fileuoload.mxml
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Panel xmlns:mx="http://www.adobe.com/2006/mxml" xmlns:com="*"
      layout="vertical" width="100%" minWidth="400" height="100%" minHeight="200"
      title="Upload Files" creationComplete="initCom()">
      <mx:Metadata>
          [Event(name="uploadComplete", type="flash.events.Event")]
          [Event(name="uploadProgress", type="flash.events.ProgressEvent")]
          [Event(name="uploadCancel", type="flash.events.Event")]
          [Event(name="uploadIOError", type="flash.events.IOErrorEvent")]
          [Event(name="uploadSecurityError", type="flash.events.SecurityErrorEvent")]
      </mx:Metadata>
      <mx:Script>
          <![CDATA[
              import mx.controls.*;
              import mx.managers.*;
              import mx.events.*;
              import flash.events.*;
              import flash.net.*;
              private var _strUploadUrl:String;
              private var _refAddFiles:FileReferenceList;   
              private var _refUploadFile:FileReference;
              private var _arrUploadFiles:Array;
              private var _numCurrentUpload:Number = 0;           
              // Set uploadUrl
              public function set uploadUrl(strUploadUrl:String):void {
                  _strUploadUrl = strUploadUrl;
              // Initalize
              private function initCom():void {
                  _arrUploadFiles = new Array();               
                  enableUI();
                  uploadCheck();
              // Called to add file(s) for upload
              private function addFiles():void {
                  _refAddFiles = new FileReferenceList();
                  _refAddFiles.addEventListener(Event.SELECT, onSelectFile);
                  _refAddFiles.browse();
              // Called when a file is selected
              private function onSelectFile(event:Event):void {
                  var arrFoundList:Array = new Array();
                  // Get list of files from fileList, make list of files already on upload list
                  for (var i:Number = 0; i < _arrUploadFiles.length; i++) {
                      for (var j:Number = 0; j < _refAddFiles.fileList.length; j++) {
                          if (_arrUploadFiles[i].name == _refAddFiles.fileList[j].name) {
                              arrFoundList.push(_refAddFiles.fileList[j].name);
                              _refAddFiles.fileList.splice(j, 1);
                              j--;
                  if (_refAddFiles.fileList.length >= 1) {               
                      for (var k:Number = 0; k < _refAddFiles.fileList.length; k++) {
                          _arrUploadFiles.push({
                              name:_refAddFiles.fileList[k].name,
                              size:formatFileSize(_refAddFiles.fileList[k].size),
                              file:_refAddFiles.fileList[k]});
                      listFiles.dataProvider = _arrUploadFiles;
                      listFiles.selectedIndex = _arrUploadFiles.length - 1;
                  if (arrFoundList.length >= 1) {
                      Alert.show("The file(s): \n\n• " + arrFoundList.join("\n• ") + "\n\n...are already on the upload list. Please change the filename(s) or pick a different file.", "File(s) already on list");
                  updateProgBar();
                  scrollFiles();
                  uploadCheck();
              // Called to format number to file size
              private function formatFileSize(numSize:Number):String {
                  var strReturn:String;
                  numSize = Number(numSize / 1000);
                  strReturn = String(numSize.toFixed(1) + " KB");
                  if (numSize > 1000) {
                      numSize = numSize / 1000;
                      strReturn = String(numSize.toFixed(1) + " MB");
                      if (numSize > 1000) {
                          numSize = numSize / 1000;
                          strReturn = String(numSize.toFixed(1) + " GB");
                  return strReturn;
              // Called to remove selected file(s) for upload
              private function removeFiles():void {
                  var arrSelected:Array = listFiles.selectedIndices;
                  if (arrSelected.length >= 1) {
                      for (var i:Number = 0; i < arrSelected.length; i++) {
                          _arrUploadFiles[Number(arrSelected[i])] = null;
                      for (var j:Number = 0; j < _arrUploadFiles.length; j++) {
                          if (_arrUploadFiles[j] == null) {
                              _arrUploadFiles.splice(j, 1);
                              j--;
                      listFiles.dataProvider = _arrUploadFiles;
                      listFiles.selectedIndex = 0;                   
                  updateProgBar();
                  scrollFiles();
                  uploadCheck();
              // Called to check if there is at least one file to upload
              private function uploadCheck():void {
                  if (_arrUploadFiles.length == 0) {
                      btnUpload.enabled = false;
                      listFiles.verticalScrollPolicy = "off";
                  } else {
                      btnUpload.enabled = true;
                      listFiles.verticalScrollPolicy = "on";
              // Disable UI control
              private function disableUI():void {
                  btnAdd.enabled = false;
                  btnRemove.enabled = false;
                  btnUpload.enabled = false;
                  btnCancel.enabled = true;
                  listFiles.enabled = false;
                  listFiles.verticalScrollPolicy = "off";
              // Enable UI control
              private function enableUI():void {
                  btnAdd.enabled = true;
                  btnRemove.enabled = true;
                  btnUpload.enabled = true;
                  btnCancel.enabled = false;
                  listFiles.enabled = true;
                  listFiles.verticalScrollPolicy = "on";
              // Scroll listFiles to selected row
              private function scrollFiles():void {
                  listFiles.verticalScrollPosition = listFiles.selectedIndex;
                  listFiles.validateNow();
              // Called to upload file based on current upload number
              private function startUpload():void {
                  if (_arrUploadFiles.length > 0) {
                      disableUI();
                      listFiles.selectedIndex = _numCurrentUpload;
                      scrollFiles();
                      // Variables to send along with upload
                      var sendVars:URLVariables = new URLVariables();
                      sendVars.action = "upload";
                      var request:URLRequest = new URLRequest();
                      request.data = sendVars;
                      request.url = _strUploadUrl;
                      request.method = URLRequestMethod.POST;
                      _refUploadFile = new FileReference();
                      _refUploadFile = listFiles.selectedItem.file;
                      _refUploadFile.addEventListener(ProgressEvent.PROGRESS, onUploadProgress);
                         _refUploadFile.addEventListener(Event.COMPLETE, onUploadComplete);
                      _refUploadFile.addEventListener(IOErrorEvent.IO_ERROR, onUploadIoError);
                        _refUploadFile.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onUploadSecurityError);
                      _refUploadFile.upload(request, "file", false);
              // Cancel and clear eventlisteners on last upload
              private function clearUpload():void {
                  _refUploadFile.removeEventListener(ProgressEvent.PROGRESS, onUploadProgress);
                  _refUploadFile.removeEventListener(Event.COMPLETE, onUploadComplete);
                  _refUploadFile.removeEventListener(IOErrorEvent.IO_ERROR, onUploadIoError);
                  _refUploadFile.removeEventListener(SecurityErrorEvent.SECURITY_ERROR, onUploadSecurityError);
                  _refUploadFile.cancel();
                  _numCurrentUpload = 0;
                  updateProgBar();
                  enableUI();
              // Called on upload cancel
              private function onUploadCanceled():void {
                  clearUpload();
                  dispatchEvent(new Event("uploadCancel"));
              // Get upload progress
              private function onUploadProgress(event:ProgressEvent):void {
                  var numPerc:Number = Math.round((event.bytesLoaded / event.bytesTotal) * 100);
                  updateProgBar(numPerc);
                  var evt:ProgressEvent = new ProgressEvent("uploadProgress", false, false, event.bytesLoaded, event.bytesTotal);
                  dispatchEvent(evt);
              // Update progBar
              private function updateProgBar(numPerc:Number = 0):void {
                  var strLabel:String = (_numCurrentUpload + 1) + "/" + _arrUploadFiles.length;
                  strLabel = (_numCurrentUpload + 1 <= _arrUploadFiles.length && numPerc > 0 && numPerc < 100) ? numPerc + "% - " + strLabel : strLabel;
                  strLabel = (_numCurrentUpload + 1 == _arrUploadFiles.length && numPerc == 100) ? "Upload Complete - " + strLabel : strLabel;
                  strLabel = (_arrUploadFiles.length == 0) ? "" : strLabel;
                  progBar.label = strLabel;
                  progBar.setProgress(numPerc, 100);
                  progBar.validateNow();
              // Called on upload complete
              private function onUploadComplete(event:Event):void {
                  _numCurrentUpload++;               
                  if (_numCurrentUpload < _arrUploadFiles.length) {
                      startUpload();
                  } else {
                      enableUI();
                      clearUpload();
                      dispatchEvent(new Event("uploadComplete"));
              // Called on upload io error
              private function onUploadIoError(event:IOErrorEvent):void {
                  clearUpload();
                  var evt:IOErrorEvent = new IOErrorEvent("uploadIoError", false, false, event.text);
                  dispatchEvent(evt);
              // Called on upload security error
              private function onUploadSecurityError(event:SecurityErrorEvent):void {
                  clearUpload();
                  var evt:SecurityErrorEvent = new SecurityErrorEvent("uploadSecurityError", false, false, event.text);
                  dispatchEvent(evt);
              // Change view state
              private function changeView():void {
                  currentState = (currentState == "mini") ? "" : "mini";
          ]]>
      </mx:Script>
      <mx:states>
          <mx:State name="mini">
              <mx:SetProperty name="height" value="60"/>
              <mx:SetProperty name="minHeight" value="60"/>
              <mx:SetStyle target="{btnView}" name="icon" value="@Embed('assets/application_put.png')"/>
          </mx:State>
      </mx:states>
      <mx:transitions>
          <mx:Transition fromState="*" toState="*">
              <mx:Resize target="{this}" duration="1000"/>
          </mx:Transition>
      </mx:transitions>
      <mx:Canvas width="100%" height="100%">
          <mx:DataGrid id="listFiles" left="0" top="0" bottom="0" right="0"
              allowMultipleSelection="true" verticalScrollPolicy="on"
              draggableColumns="false" resizableColumns="false" sortableColumns="false">
              <mx:columns>
                  <mx:DataGridColumn headerText="File" dataField="name" wordWrap="true"/>
                  <mx:DataGridColumn headerText="Size" dataField="size" width="75" textAlign="right"/>
              </mx:columns>
          </mx:DataGrid>
      </mx:Canvas>
      <mx:ControlBar horizontalAlign="center" verticalAlign="middle">
          <mx:Button id="btnAdd" toolTip="Add file(s)" click="addFiles()" icon="@Embed('assets/add.png')" width="26"/>
          <mx:Button id="btnRemove" toolTip="Remove file(s)" click="removeFiles()" icon="@Embed('assets/delete.png')" width="26"/>
          <mx:ProgressBar id="progBar" mode="manual" label="" labelPlacement="center" width="100%"/>
          <mx:Button id="btnCancel" toolTip="Cancel upload" icon="@Embed('assets/cancel2.png')" width="26" click="onUploadCanceled()"/>
          <mx:Button label="Upload" toolTip="Upload file(s)" id="btnUpload" click="startUpload()" icon="@Embed('assets/bullet_go.png')"/>
          <mx:Button id="btnView" toolTip="Show/Hide file(s)" icon="@Embed('assets/application_get.png')" width="26" click="changeView()"/>
      </mx:ControlBar>   
  </mx:Panel>
  Regards,
       Shivang

• Severe Security Issue with Sharing Permissions and Windows

  I recently discovered a severe Security issue with the windows sharing an permission settings:
  I have two users, an admin user and a parental controlled user. On my mac mini, i have a external harddrive connected. On the harddrive, i have three folders, Itunes, Iphoto (Package) and a Temp Folder. I want to share the Harddrive RW for the admin, but only R for the parental user. But the Temp folder should be accessible for RW for the parental as well.
  1. I set the Drive checkbox "ignore ownership" off.
  2. I set the permissions of the drive to admin RW, parental R and Everyone to "no access"
  3. I apply to enclosed Items
  4. I set the permission of the Temp folder to admin RW, parental RW and Everyone to "no access"
  5. I apply to enclosed Items
  6. I go to "File Sharing" in the Preferences and activate SMB sharing for both users
  7. I delete all previous shares
  8. I add the Disk and use the proposed permissions which are admin RW, parental R, Everyone "no access"
  9. I add the Temp folder and use the proposed permissions which are admin RW, parental RW, Everyone "no access" - Funny, there is a new Group called "Temp" created which has custom access on both sharepoints
  10. I connect to the mac over a Windows machine (NTLM auth set appropriatly). Now I try to create a folder on the root of the Disk share, I get a denied message.
  BUT WHEN I GO INTO A SUBFOLDER (eg. ITUNES or IPHOTO), WHICH HAS ALSO JUST "R" PERMISSION FOR THE PARENTAL USER, I AM ABLE TO RW, DELETE AND DO EVERYTHING!!!
  TO RECAPITULATE: THE SHARING PERMISSIONS ARE "R", AND THE FILE PERMISSIONS IN THE RESPECTIVE FOLDERS FOR THE RESPECTIVE USER ARE ALSO JUST "R". BUT THE USER CAN DO EVERYTHING IN THE SUBFOLDERS!!!

  I recently discovered a severe Security issue with the windows sharing an permission settings:
  I have two users, an admin user and a parental controlled user. On my mac mini, i have a external harddrive connected. On the harddrive, i have three folders, Itunes, Iphoto (Package) and a Temp Folder. I want to share the Harddrive RW for the admin, but only R for the parental user. But the Temp folder should be accessible for RW for the parental as well.
  1. I set the Drive checkbox "ignore ownership" off.
  2. I set the permissions of the drive to admin RW, parental R and Everyone to "no access"
  3. I apply to enclosed Items
  4. I set the permission of the Temp folder to admin RW, parental RW and Everyone to "no access"
  5. I apply to enclosed Items
  6. I go to "File Sharing" in the Preferences and activate SMB sharing for both users
  7. I delete all previous shares
  8. I add the Disk and use the proposed permissions which are admin RW, parental R, Everyone "no access"
  9. I add the Temp folder and use the proposed permissions which are admin RW, parental RW, Everyone "no access" - Funny, there is a new Group called "Temp" created which has custom access on both sharepoints
  10. I connect to the mac over a Windows machine (NTLM auth set appropriatly). Now I try to create a folder on the root of the Disk share, I get a denied message.
  BUT WHEN I GO INTO A SUBFOLDER (eg. ITUNES or IPHOTO), WHICH HAS ALSO JUST "R" PERMISSION FOR THE PARENTAL USER, I AM ABLE TO RW, DELETE AND DO EVERYTHING!!!
  TO RECAPITULATE: THE SHARING PERMISSIONS ARE "R", AND THE FILE PERMISSIONS IN THE RESPECTIVE FOLDERS FOR THE RESPECTIVE USER ARE ALSO JUST "R". BUT THE USER CAN DO EVERYTHING IN THE SUBFOLDERS!!!

• Security issue with unlocking my iPhone 4?

  I'm not sure if anyone here will be able to help me but I am trying to get my iPhone unlocked with AT&T. I bought my iPhone on contract through AT&T in December 2010. My account is in good standing. I paid my ETF, it's technically eligible to be unlocked. I called AT&T on April 9th for an unlock and it's now April 19th and still no wordd from them. I've called several times and they won't tell me what's going on other than that "there is a security issue with unlocking my iPhone and the issue is with Apple, but they are working on it." From my understanding, all AT&T needs is the unlock code to enter into the system and unlock it from there. I don't know what security issues could possibly exist that would create a problem. The only thing I can think of is that when I orginally bought my iPhone it turned out to be a lemon and had to get it replaced the day after I bought it. I did this through an Apple store since it was around Christmas. The IMEI number on my phone doesn't match the one AT&T has on file, but that shouldn't matter? I gave them the right IMEI number that is on my current phone. Does anyone know what "security issues" can exist when it comes to unlocking an iPhone 4?

  Don't stress over the words used by the customer service people at AT&T. Half of them don't know what they're talking about more than half the time.  You are probably correct in that it has something to do with their database being inaccurate. 
  Give it a few days, then contact them again and ask for it to be escalated.
  Ignor rNair. The idea that Apple made it mandatory for AT&T to do anything is complete and total bunk. (S)He has no idea what (s)he's talking about

• Using latest version of fireFox to access Think Central, pages will not load and they say that this is a security issue with FireFox?

  Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
  Some have no problem accessing the lesson plans.
  Most when they login click on a lesson plan and an icon shows up that says loading but never does.
  If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
  Think Central support says this is a security issue with Firefox.
  I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
  I have allowed the pop ups to the think Central web site.
  Any help would be appreciated

  Are there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
  Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand.