Security Manager and Policy Files

Similar Messages

• OWSM Vs OSB: Security, Management and Monitoring

  Has anyone done a comparison of the Security, Management and Monitoring capabilities of OSB 10gR3 and OWSM?
  I think both of them have a place in the architecture, but I am looking for pointers on the overlapping capabilities in terms of security and service monitoring. When is one preferred over the other with pros and cons.
  Thanks,
  -J

  In short OSB you configure process by process. OWSM is a layer you can put across your whole enterprise.
  Other than that the functionality is very similar.
  cheers
  James

• Java Web Start and Policy File

  Hi,
  I've a problem for Java Web Start (JWS) in working with Policy File.
  I like to apply a policy file for a JWS application to fine tune the secuirty setting instead of granting permission in JWS.
  For an applet environment, I can apply policy file like this:
  appletviewer -J"-Djava.security.policy=all.policy" writeFile.html
  However, in JWS environment, I try to apply in JNLP file as below but fail:
  <?xml version="1.0" encoding="UTF-8"?>
  <jnlp spec="1.0+"
  codebase="http://130.18.52.226:8080/testing/"
  >
  <information>
  <title>JWS JFrame App</title>
  <vendor>Java Developer Connection</vendor>
  <homepage href="http://java.sun.com/jdc" />
  <description>Demonstration of JNLP</description>
  <icon href="hsbc.gif" width="32" height="32" />
  </information>
  <resources>
  <j2se version="1.3*" />
  <property name="java.security.manager" value="x" />
  <property name="java.security.policy" value="testing.policy"/>
  <jar href="testing.jar"/>
  </resources>
  <application-desc main-class="JWSJFrameApp" />
  </jnlp>
  The error message like this:
  Java Web Start Console, started Tue Sep 03 09:59:36 CST 2002
  Java 2 Runtime Environment: Version 1.3.0 by Sun Microsystems Inc.
  java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.manager write)
  java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
  Could anyone please help on this!
  Many thanks!
  Regards,
  Simon Ho

  There are two problems with what you are trying to do.
  First, setting a property PROP=VALUE in the jnlp file does not mean that java will be launched -DPROP=VALUE, instead, javawebstart will call System.setProperty(PROP,VALUE) before your apps main() is called. The difference is, the property will not be set at the time the VM is initialized.
  Second, the javaws security policy will not allow you to set arbitrary properties in an unsigned application. Only properties begining with "jnlp." or "javaws." (and possibly a few other specific props known to the native javaws code) can be set in an application unless <all-permissions> is specified and the app is signed.

• Help needed about HTTPS and policy files !!

  Hi everyone,
  my Web Start application crashes with a SSLPeerUnverifiedException when I
  try to connect to the server with HTTPClient :
  // proxy settings
  HTTPConnection.setProxyServer(ipProxy, portProxy);
  // connection
  HTTPConnection con = new HTTPConnection("https", serverName, -1);
  // Post (then there is a SSLPeerUnverifiedException....)
  HTTPResponse rsp = con.Post("/myurl.jsp, toSend, ct_hdr);
  My application runs in a secure environnement configured by the javaws.policy :
  grant codeBase "file:${jnlpx.home}/javaws.jar" {
  permission java.security.AllPermission;
  and the ${user.home}.java.policy (shared by another application, an applet I think) :
  keystore "file:${user.home}/xxxxxxxxxxxxxxxxxxxxx.p7c";
  grant codebase "https://xxxxxxxxxxxxxxx/-" signedby "xxxxxxxxxx" {
  permission java.lang.RuntimePermission "usePolicy";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "setIO";
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "stopThread";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.provider";
  permission java.lang.RuntimePermission "loadLibrary.*";
  permission java.security.SecurityPermission "insertProvider.SUN";
  permission java.security.SecurityPermission "insertProvider.JCRYPTO";
  permission java.security.SecurityPermission "insertProvider.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "putProviderProperty.JCRYPTO";
  permission java.security.SecurityPermission "putProviderProperty.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "removeProviderProperty.JCRYPTO";
  permission java.security.SecurityPermission "removeProvider.JCRYPTO";
  permission java.security.SecurityPermission "removeProvider.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "removeProvider.SUN";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.io.FilePermission "<<ALL FILES>>", "write,read,delete";
  permission java.net.NetPermission "specifyStreamHandler";
  permission java.net.SocketPermission "localhost:1024-", "listen";
  permission java.net.SocketPermission "*", "connect,accept,listen,resolve";
  permission java.awt.AWTPermission "accessClipboard";
  permission java.lang.RuntimePermission "queuePrintJob";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
  grant codebase "file:/myApplication/-" {
  permission java.security.AllPermission;
  In this file (.java.policy) when I replace "codebase "https://xxxxxxxxxxxxxxx/-""
  by "codebase "http://xxxxxxxxxxxxxxx/-"" everything works fine !! It's very very
  very very strange...
  my application is launched by Web Start 1.2 and use JRE 1.4.1
  Any ideas ? Please, I become crazy...

  In this file (.java.policy) when I replace "codebase
  "https://xxxxxxxxxxxxxxx/-""
  by "codebase "http://xxxxxxxxxxxxxxx/-"" everything
  works fine !! I am not so sure that a code source cares for whether the resource is downloaded with s-http or normal http. Is the distinction important for the policy file?
  You could go digging in the RFC that describes what a URL is (because that is what the code source is).
  Also you could switch on a nice flag in you server environment that output information if security things go wrong: -Djava.security.debug=failure
  In the output you should see from where your code is loaded. If it says http and not https, then that is what should appear in your policy file.

• CSM (Cisco Security Manager) automated policy discovery

  Hi,
  Does anybody know if it possible to automate a policy discovery on a group of objects?
  Essentially I have two CSM servers running in seperate locations, one primary and one secondary and want the secondary to do an automated policy discovery on a number of ASAs to keep the secondary database/policies up to date.
  I can't find any obvious way to do this.
  All the best,
  Andy

  Farruk,
  Many thanks for the link.
  Requirements:
  To install Security Manager in a dual-node HA environment, you need two servers that can access a shared storage array.
  Unfortunately this is not an option for the current setup, which is why I am having to revert to a active/active type setup.
  The secondary CSM will be happy if it does a policy discovery. It's just a matter of finding out how to get this automated discovery on a regular basis.
  All the best,
  Andy

• Java Networking and policy file

  Two part question,
  First I writing a applet that is working with sockets, I've compared this and a delphi program and it seems that the delphi program is writing to and recieving from the socket at a faster rate (four second delay for the applet) then the applet. There is no extra code besides opening the client socket and writing and receiving data.
  Second question is is there a way to allow an applet to write to a socket below 1024 without having a java.policy file. If I do need the policy file is there a way to change it from the applet, or to set an work around permission. I'm writing an applet to work with a protocal that generally lives on a socket below 1024.
  Thanks in advance

  There is a way to let an applet access the lower sockets, but you need to sign it. And in order to sign it you need a key from verisign or Thawte. In fact, there are 2 different keys you need, one for Netscape and one for MS. But the netscape one might be the only one that you need.
  Other then signing it, you have to edit your browser preferences to let applets have full access to your system. sorry :(

• Cisco Security Manager and User-aware firewall rules

  Hello !
  I have a firewall ASA which is managed with CSM and I try to create some user-aware rules. To do this, I need to match CSM with an Active Directory server.
  I added an AAA server group matching my Active Directory server in the Identity Setting menu from Security Manager Administration and when i click on "Test", I obtain the error message "Unsuccessful Bind prevented to fetch data, please reconfigure AAA server".
  What can I do to solve this problem ?
  Thank you !
  Stephane

  You can contact your local AM to get an evaluations version, this is related to the new 'restricted' downloaded access on CCO. You need to have a service contract assocaited for that 'specific' product to download software (I know it does not make sense in case of an evaluation).
  And you also have the following alternate:
  Note:
  This download does not include  CiscoWorks Resource Manager Essentials (RME). For customers that wish to  also evaluate CiscoWorks RME or that prefer a media format rather than a  large download, an evaluation DVD can be ordered from Cisco  Marketplace. At http://www.cisco.com/pcgi-bin/marketplace/welcome.pl,  navigate to the Collateral and Subscriptions Store and search for part  number EVAL-CSMGR-4.0.
  Regards
  Farrukh

• Tomcat50-jwsdp Security Manager and RMI

  I need to know how to configure the Tomcat 5.0 security manager to run RMI applications.
  I'm building a jax-rpc application that uses RMI to access a back-end process.
  I cannot run RMI because no security manager is running:
  java.rmi.RemoteException: java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
       java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
       java.lang.ClassNotFoundException: wxservice.remote.WebService$Listener (no security manager: RMI class loader disabled); nested exception is:
       java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
       java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
       java.lang.ClassNotFoundException: wxservice.remote.WebService$Listener (no security manager: RMI class loader disabled)However, when I try to enable security using the command
  C:\tomcat50-jwsdp\bin\catalina.bat run -securityI get the following exception:
  java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.commons.launcher.waitForChild read)
          at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
          at java.security.AccessController.checkPermission(AccessController.java:427)
          at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
          at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
          at java.lang.System.getProperty(System.java:627)
          at org.apache.commons.launcher.ChildMain.run(ChildMain.java:199)Any help would be sincerely appreciated.

  First of all, you don't have to use RMISecurityManager as the security manager at all. It's a legacy class from Java 1.1. times that the RMI tutorials continue to refer to, see this thread:
  http://forum.java.sun.com/thread.jsp?forum=58&thread=161874
  Secondly, it is tricky but Java 2 allows a security manager to be set more than once -- it all depends on whether the currently installed manager allows to be replaced [RuntimePermission("setSecurityManager") permission].
  Finally, if you expect that the user will define a security policy through command line, all you have to do is code something like this:
  if (System.getSecurityManager() == null)
     System.setSecurityManager(your_security_manager);to set yours only when nothing was set on the command line.
  Vlad.

• Security Manager and RMI

  I am developping an application that uses RMI.
  So in the code i must declare the RMISecurityManager as the security manager. But if the user specify the standard security manager on the command line it dont works.
  I understand why, because my question is :
  How the user can ensure that my application is safe if he cannot specify the basic security manager on the comnd line ( -Djava.security.manager ) ?
  tom

  First of all, you don't have to use RMISecurityManager as the security manager at all. It's a legacy class from Java 1.1. times that the RMI tutorials continue to refer to, see this thread:
  http://forum.java.sun.com/thread.jsp?forum=58&thread=161874
  Secondly, it is tricky but Java 2 allows a security manager to be set more than once -- it all depends on whether the currently installed manager allows to be replaced [RuntimePermission("setSecurityManager") permission].
  Finally, if you expect that the user will define a security policy through command line, all you have to do is code something like this:
  if (System.getSecurityManager() == null)
     System.setSecurityManager(your_security_manager);to set yours only when nothing was set on the command line.
  Vlad.

• Security passwords and invisible files

  Please can anyone tell me how to set my Macbook so a password is needed to log in – and can a password also be applied to an external drive (i.e. Time Machine)?
  I heard that it is possible to make a confidential Word file invisible. Please does anyone know about this?
  thanks in advance

  Please can anyone tell me how to set my Macbook so a password is needed to log in
  Baltwo's got you set on this one. However, since you seem to be concerned about security, it's important to understand that a login password is an obstacle that would take a determined and knowledgeable hacker maybe 5 minutes to bypass, and it doesn't even require hard-to-find knowledge. You can find the instructions for resetting your account password on Apple's web site.
  Only encryption can actually protect data. If you have data that is sensitive, put it on an encrypted sparse bundle disk image created with Disk Utility. That will ensure that it remains safe, no matter what... provided you pick a decent password and don't do something dumb like stick it on a Post-It on the side of the computer!
  and can a password also be applied to an external drive (i.e. Time Machine)?
  No. Encrypt the source data, then that data will also be encrypted in the backup.
  I heard that it is possible to make a confidential Word file invisible.
  Sure, but don't mistake this for security. It's not remotely secure. Encryption is far, far better. However, if you really insist on hiding some files, just open the Terminal, type "chflags hidden " (minus the quotes, with the space at the end) and then drag the file in question onto the Terminal window. Hit return and the file will disappear. (Making it reappear this way requires knowing how to specify the file's path in the Terminal, since you can't see it to drag it anywhere. But the command would be identical, except with "nohidden" instead of "hidden".)

• HP Protect Tools Security Manager and Windows 7

  I need assistances for my HP ProBook 4440s. There is no HP Protect tools security manager in installed in the system.I also want to install  figer print security system.Kindly assist where necessary,
  Thanks,
  k.dineysh

  You need to contact HP Technical Support since the fingerprint reader is part of their hardware configuration and HP would be the source for support of the fingerprint reader.
  The HP Support website is found @
  http://www8.hp.com/us/en/contact-hp/contact.html
  There is also an HP Consumer Support forum @
  http://h30434.www3.hp.com/psg/
  There is even a dedicated thread for your problem found @
  http://h30434.www3.hp.com/t5/Other-Notebook-PC-Questions/HP-Probook-4530s-fingerprint-reader-not-working/m-p/1372895#M40259
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• HP ProtectTools Security Manager and Windows 10

  I am going to be updating to Windows 10, howevver it is saying that the HP ProtectTools Security Manager is not compatible with Windows 10. 2 questions I have. The first is: Is there going to be a replacement for these tools for Windows 10?Second is: How do I uninstall the tools so that I can proceed, properly?

  Indeed! These instructions are useful but there is a newer version of Client Security Manager http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_141863_1 Just to inform others users, HP protect tools security Manager has been rebranded to Client Security Manager. So it's the same software, they just change the name and the logo

• Rules Manager and Expression filer on XE

  Has any one installed Rules Manager and Expression filter on an XE database? Would love to check it out on XE. Looks like it is not pre-installed. I was able to run the install scripts. I noticed one error though. It seemed to indicate jvm is not installed on XE. Tried to locate initjvm scripts. Either the script name has changed in XE or it is not there. This is a quick question in case somebody has gone down this path. I will post more details soon when I get sometime to look at the full log.

  Read the post about javavm. I could not find the post where Tom has said it would be very problematic to install javavm on XE. I guess Rules Manager and Expression filter on XE is not possible or very difficult.

• Is there a way to lock or secure imovie and its files

  Hello and as always thanks for all the help in my previous posts.
  I frequently review and edit video that needs to remain secure during the editing process.
  Before I import it and when I'm done with a project I can secure it in several ways, but while working on it in imovie its wide open to anyone who opens the app. My mac is under my control, but life goes on around my work and my Mac is used for other things as well.
  Is there a way to either lock imovie so it can't be opened without a password and is there a way to hide/secure the folders the program uses?
  thanks in advance.
  Marc

  The default location for your iMovie files is in your User account (the icon with the house on it).
  Other users of the machine should have their own User account (guest user) and they will not have access to your files but can continue to use iMovie.

• Media Manager and .motn files

  Hi all,
  I am having a strange problem....I have Media Managed a number of projects, and they have .motn files (either media that was on the timeline, sent to Motion, modified, then saved, OR, I used a Master Template in FCP that I made in Motion). When I open the MM'd project on my computer everything is fine, but on a different computer, FCP cannot find the .motn file. I assume it is because the template or associated files are on my system, but I would hope that Media Manager would create a .mov from that .motn file so it can open on a different system. Does anyone have any experience with this issue?
  Thanks,
  Dave

  Great explanations, but I want to make sure my workflow is sound before tossing something. Given that this is an integrated suite, I'm not too comfortable needing to do the following, so please correct me if I am wrong, or share the better way. After I Media Mange my Final Cut project, I need to:
  1) create a new folder called "media" inside the "media" folder Media Manager created.
  2) drag and drop the motion media from the media folder(s) created with "Copy to Folder" (explained above) into the media folder I just created.
  Question: Is my assumption correct that I do not need to drag and drop things like "wisp04," "basic blur" or "texture 01"? If so, why on earth are they included?
  If this is the workflow, I shutter to think how many people have lost media files because they assumed incorrectly everything was being collected via FCP Media Manager. Is there a step-by-step somewhere that you can point me to? Bonus questions: Can you speculate the reason or advantage of doing it this way? Do you think Apple should improve it? Thanks!