Security manager: what is it for?

Like title says...when sm is active I have to give explicit authorization for every sensible operation.
Now, say in my program I want to open a socket: why introduce a security managar and tell it I want to open it?I mean...I need to open this socket, so it's obvious I'll give my ok and this goes for every sensible operation I'll need to do!
Final user will have my program and use it: he/she can't modify my code and introduce some other sensible operation so I guess security manager is for me, the programmer...
In the end I feel like building a wall and soon after pierce through it...so why to build it in the first place?
What am I missing??

The key thing to keep in mind is that the person creating a program and the person on running the program or on whose behalf the program is run are often not the same.
Here is a sample flow.
1. Person A create a program and for sensitive operation invoke the Security Manager (SM)
2. Person B deploys the program in step 1. They may choose to run it with/without SM depending upon their risk analysis.
3. Person B, deploys a policy for the program that might allow User A some operation, while not allowing the same operation to user B.
While the default SM and the default Java Policy file is geared towards code source, there is support for subject based policy. Hope this helps.

Similar Messages

  • Enable security manager netbeans - where/how ?

    How do I enable the java security manager in netbeans ?
    for example -
    the way I do on command line is :
    java -Djava.security.policy=/Desktop/TestSecurity/pol.txt -Djava.security.manager test
    Where do I give these options -Djava.security.policy=/Desktop/TestSecurity/pol.txt -Djava.security.manager while working in netbeans...

    * reply to peter lawrey
    my browser hs gone crazy..
    nope,
    the link talks about command line argument, this one is vm argument.
    Edited by: javaflex on Jul 28, 2008 1:31 PM

  • " plug-in name does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari Security "Manage Website Settings"?

    Hi,
    Wondering why "<plug-in name> does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari > Security > "Manage Website Settings"?
    Have been trying to get to the root cause of the problem but did not find much on this. I am trying to figure out what can get the warning to go away completely than using the Allow/Always Allow options for the plug-in
    Thanks,
    Shyam

    Hi Linc,
    Thank you for your response. Here is the screenshot of the warning that I am talking about.
    Here is what I do:
    1. Launch Safari and open its Preferences. I have Safari 7.1 installed on my machine.
    2. Click Security Tab and click Manage WebSite Settings
    3. A window opens showing me all the Plug-ins that I have (listed on the left hand side).
    4. One of them is the Adobe Reader plug-in. When I click Adobe Reader, the following details about the plug-in show up on the right
    I was referring to the highlighted section that warns me about this plug-in not using the highest level of security for Safari Plug-ins.
    Note: I do not see this for all my plug-ins (QuickTime, Adobe Flash Player don't give me this warning) which tells me that there is a way to make the warning go away.
    Thanks again,
    Shyam

  • Need security management software for OS 8.6 through 9.2

    Are there any security management softwares available these days for OS 8.6 through OS 9.2? Something which lets the computer owner turn off firewire and USB is what I'm looking for. It would be nice to be able to allow only some selected USB devices, like a keyboard and a printer or scanner, and still disallow external drives or thumb flash drives, but turning off all USB would be useful on machines which don't need USB keyboards, like beige or B&W PMG3 computers or G3 iBooks.

    Are there any security management softwares available these days for OS 8.6 through OS 9.2? Something which lets the computer owner turn off firewire and USB is what I'm looking for. It would be nice to be able to allow only some selected USB devices, like a keyboard and a printer or scanner, and still disallow external drives or thumb flash drives, but turning off all USB would be useful on machines which don't need USB keyboards, like beige or B&W PMG3 computers or G3 iBooks.

  • What is everyone using for managing iPads and iPhones for an Active Directory network. We also have a BES server

    I am seeking a solution to manage iphones and ipads for my enterprise. A few are currently being used. I will need to go back and shut them down to gather the appropriate information necessary to manage them going forward. Looking for manageability, security remote wipe logging. Pretty much what I can do with a Blackberry on a bes seerver. I see several products available. Can someone point me to one that they are happy with?

    The Identity Service for Active Directory 10.3.0 is only available on Windows because it uses .Net functionality to work with AD. Even if you run everything else on Linux, you would still need a Windows server for the AD Identity Service.
    You can download it from edelivery.oracle.com as part number V14368-01. You can also find it on that site by performing a media pack search for:
    Select a Product Pack: Oracle Fusion Middleware
    Platform: Microsoft Windows (32-bit)
    Then navigate down into "Oracle® Application Server 10g Release 3 (10.1.3) Media Pack v31 for Microsoft Windows".
    The package is "Oracle WebCenter Interaction Identity Service for Active Directory 10.3.0 for Microsoft Windows".

  • Security Manager Setting for Tomcat.

    Hi,
    Can anyone show me how to setup Security Manager for Tomcat step by step ?
    What do we need to set in server.xml and tomcat policy?
    After setting, how do run Tomcat?
    I did refer to the Tomcat Security Guide, but I didn't success to setup Security Manager.
    Can anyone explain in layman term to me?
    Your help will be appreciated.
    Thank you.

    I've solved my problem.
    For those who have are interested,
    you can refer to :
    http://jakarta.apache.org/tomcat/tomcat-3.2-doc/uguide/tomcat-security.html

  • Needed urgent help for user creation in security manager in ODI 11g

    Hi Gurus,
    I have an urgent requirement in ODI security manager and i am completely helpless. We need specific steps for the user creation with sufficient priviledges. The detailed requirements are:
    1. There is a group of users under the framework team and these users should be able to edit the Knowledge modules only. All other objects (e.g. projects, interface, procedures or development related objects) should only be in read only mode for them.
    2. There is a group of users under the development team. The priviledges of these users should be mutually exclusive to that of the framework team users. i.e. the development team should be able to edit or delete all development related objects (e.g. projects, interface, proc etc.) but the knowledge modules should only be in read only mode for them.
    Now I will explain what i have tried out:
    I am working on ODI 11.1.1.5.
    I have created a user with NG DESIGNER and CONNECT profile. Dragged and dropped all the projects on the user and selected all methods in all repositories (check sign). However when i connect with that user i cannot open the KMs (as far as development team is concerned its fine) but i can also not open interfaces as well as procedures (which is not acceptable from development point of view).
    Also when i tried creating a user from the framework team point of view i could not see any option related to KMs (To give edit priviledge).
    Please help me out guys. I have also searched oracle documentation and believe me the security manager section is not very good. If you guys can help me out with specific steps it would be great (I have tried the hints given in oracle documentation and they dont work, the ODI security manager behaves strangely :-(
    Thanks in advance,
    SB

    Similar requirement here guys. Any pointers. I was able to achieve this by restricting development user from supervisor access. In that case the development user can not edit the interfaces. Any known defefct?

  • HT5312 I forgot my anwsers for my security questions what do i do?

    I forgot my anwsers for my security questions what do i do?

    The Three Best Alternatives for Security Questions and Rescue Mail
        1. Use Apple's Express Lane.
              Go to https://expresslane.apple.com ; click 'See all products and services' at the
              bottom of the page. In the next page click 'More Products and Services, then
              'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
              ID security questions' and click 'Continue'. Please be patient waiting for the return
              phone call. It will come in time depending on how heavily the servers are being hit.
         2.  Call Apple Support in your country: Customer Service: Contact Apple support. Ask
              to speak to Security Support.
         3.  Rescue email address and how to reset Apple ID security questions.
    How to Manage your Apple ID: Manage My Apple ID

  • Saving Password for a pdf file in HP Client Security Manager

    Hello,
    I want to save the password for a pdf file in the Password Manager of the HP Client Security Manager Software but the symbol for the entry of the password is not appearing on the top right of the screen. If I use the registered fingerprint a dialog opens where the Client Security Manager asks which account it should use to login. But i can't add a password for the file. The login for websites is perfectly fine. 
    Do you have any idea how to fix that?
    Is there a way to manually enter password for files?
    Thanks in advance.

    Thanks for the information.
    Suggest you to try uninstall and re-install the latest version which is - 8.3.3.1762. The direct link is:
    http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=5405363&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalState%3Didx%253D%257CswItem%253Dob_129972_1%257CswEnvOID%253D4060%257CitemLocale%253D%257CswLang%253D%257Cmode%253D%257Caction%253DdriverDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
    If this does not fix, then suggest you to log a call with technical support.
    Please do post any progress on this.

  • Is Mac's firewall sufficient or is will an additional firewall help?  What security suite do you recomend for MacBook Air with Maverick?

    Is Mac's firewall sufficient or is will an additional firewall help?  What security suite do you recomend for MacBook Air with Maverick?

    Third party security software is better at causing problems then it is at solving them.
    I recommend against them.
    If you felt it is necessary then configure the firwall software included with OS X.
    Allan

  • Setting up iPad, don't know what to select for security; WEP, WPA, WPA2, WPA Enterprise or WPA2 Enterprise.  We have service through Charter cable.

    Setting up iPad, don't know what to select for security; WEP, WPA, WPA2, WPA Enterprise or WPA2 Enterprise.  We have service through Charter cable.
    Thanks for your help!

    Choose the strongest security available on your router, preferably WPA2 using AES encryption and a long complex passphrase with at least 14 characters (the maximum is 63 characters).

  • Security Manager for decryption is not set

    Hey,
    I am using the Livecycle virtual appliance in a test version to evaluate its features. When I decrypt an encrypted document with the java API I get an error message that says that the security manager is not set.
    Is the security Manager part of the appliance?
    How can I solve that problem?
    My Code:
            //Set connection properties required to invoke LiveCycle ES                               
            Properties connectionProps = new Properties();
            connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, getConfig("lc.ejb-endpoint.url", "jnp://192.168.56.50:1099"));
            connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,Service ClientFactoryProperties.DSC_EJB_PROTOCOL);         
            connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
            connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, getConfig("lc.ejb-endpoint.username", "jjacobs"));
            connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, getConfig("lc.ejb-endpoint.password", "password"));
            //Create a ServiceClientFactory object
            ServiceClientFactory myFactory = ServiceClientFactory.createInstance(connectionProps);
            //Create an EncryptionServiceClient object
            EncryptionServiceClient encryptClient = new EncryptionServiceClient(myFactory);
            //Unlock the password-encrypted PDF document
            Document unlockedDoc = encryptClient.unlockPDFUsingPassword(pdf, pdfPassword);
            return unlockedDoc;
    Exceptions details:
    Caused by: com.adobe.internal.pdftoolkit.core.exceptions.PDFSecurityAuthorizationException: Security Manager for decryption is not set
        at com.adobe.internal.pdftoolkit.core.encryption.EncryptionImpl.getStreamEncryption(Encrypti onImpl.java:196)
        at com.adobe.internal.pdftoolkit.core.encryption.EncryptionImpl.getStreamDecryptionHandler(E ncryptionImpl.java:263)
        at com.adobe.internal.pdftoolkit.core.cos.CosEncryption.getStreamDecryptionStateHandler(CosE ncryption.java:675)
        at com.adobe.internal.pdftoolkit.core.cos.CosStream.getStreamForCopying(CosStream.java:377)
        at com.adobe.internal.pdftoolkit.core.cos.CosStream.copyStream(CosStream.java:310)
        at com.adobe.internal.pdftoolkit.core.cos.CosStream.getStream(CosStream.java:422)
        at com.adobe.internal.pdftoolkit.core.cos.CosObjectStream.getDataStream(CosObjectStream.java :130)
        at com.adobe.internal.pdftoolkit.core.cos.CosObjectStream.<init>(CosObjectStream.java:80)
        at com.adobe.internal.pdftoolkit.core.cos.CosToken.readObject(CosToken.java:576)
        at com.adobe.internal.pdftoolkit.core.cos.CosToken.readIndirectObject(CosToken.java:108)
        at com.adobe.internal.pdftoolkit.core.cos.XRefTable.getIndirectObject(XRefTable.java:607)
        at com.adobe.internal.pdftoolkit.core.cos.CosDocument.getIndirectObject(CosDocument.java:287 5)
        at com.adobe.internal.pdftoolkit.core.cos.XRefTable.getIndirectObject(XRefTable.java:599)
        at com.adobe.internal.pdftoolkit.core.cos.CosDocument.getIndirectObject(CosDocument.java:287 5)
        at com.adobe.internal.pdftoolkit.core.cos.CosDocument.resolveReference(CosDocument.java:1067 )
        at com.adobe.internal.pdftoolkit.core.cos.CosDictionary.get(CosDictionary.java:278)
        at com.adobe.internal.pdftoolkit.pdf.document.PDFCosDictionary.getDictionaryCosObjectValue(P DFCosDictionary.java:423)
        at com.adobe.internal.pdftoolkit.pdf.document.PDFCatalog.getInteractiveForm(PDFCatalog.java: 156)
        at com.adobe.internal.pdftoolkit.pdf.document.PDFDocument.getInteractiveForm(PDFDocument.jav a:521)
        at com.adobe.formServer.utils.CommonGibsonUtils.isForm(CommonGibsonUtils.java:153)
        at com.adobe.livecycle.formdataintegration.server.FormData.exportDataInternal(FormData.java: 338)
        at com.adobe.livecycle.formdataintegration.server.FormData.exportData2(FormData.java:217)
        ... 81 more

    I think you answered your own question - the PDF is password protected therefore LC can't open it to extract the data.
    You'll have to remove the security first.  You can do that in a process by using the Common.EncryptionService.Remove PDF Password Encryption operation.
    Note that you will need the document's password to remove the security.

  • Specifying system properties/security manager for OC4J

    I have a couple of related questions regarding OC4J/orion.jar:
    1. Generically, how can we specify system properties to orion.jar? Being an executable JAR, simply using -D does not work.
    2. Specifically, I need to launch the OC4J app server with a Java security manager (with associated security policies, etc.) Java's way of doing this is via -Djava.security.manager=... but this does not work with executable JARs it seems. I tried specifying these parameters via -D and I got a security exception:
    Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyP
    rmission java.protocol.handler.pkgs write)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.System.setProperty(Unknown Source)
    at com.evermind.server.ApplicationServer.initProtocolHandlers(ApplicationServer.java:652)
    at com.evermind.server.ApplicationServer.launchCommandline(ApplicationServer.java:319)
    at com.evermind.server.ApplicationServer.main(ApplicationServer.java:314)
    So, how do I install the Java security manager with orion.jar? Is there any other way to specify system properties to this, or is there any other way to install the Java security manager for OC4J?
    Any help much appreciated.
    ..Hrishi

    Thanks, that seemed to work. However it seems that spawned another little problem. I was using the -Xbootclasspath/a option while firing up orion.jar because I needed to append something to OC4J's default classpath (that is specified in orion.jar's Manifest). Now, when I start OC4J with the -D options for the security policy, it seems to ignore the -Xbootclasspath argument. I have not yet been able to confirm this fact, but based on the ClassNotFoundError I'm running into, that does seem to be the problem.
    So I guess my question is, could specifying the -D options to the executable JAR cause it to ignore any other options you may be passing to it (such as -Xbootclasspath)? Is there any sequence in which these args need to be passed?
    Thanks.
    ..Hrishi
    Hi,
    You can try this :
    - Check if you have a file java2.policy in <OC4J_HOME>\config\policy and check if the permission java.util.PropertyPermission "read,write" is granted to <OC4J_HOME>.
    if there is no file, you can create one based on <JAVA_HOME>\lib\security\java.policy and grant the approriate privileges.
    - Launch OC4J :
    java -Djava.security.manager -Djava.security.policy=<OC4J_HOME>/config/java2.policy -jar orion.jar
    OR java -Djava.security.manager -Djava.security.policy=<PATH_TO_FILE_POLICY>/<YOUR_FILE>.policy -jar orion.jar
    Maher

  • Searching for the Recording Security Manager utility

    The WLS v6.1 docs on managing security (http://edocs.beasys.com/wls/docs61/adminguide/cnfgsec.html#1074675)
    mentions a Recording Security Manager utility for detecting and resolving permission
    problems. Can someone point me to it?

    Hi Dan,
    Its available on the BEA developer center
    http://developer.bea.com/do_login.jsp
    You will need to have a login and password to access this site .
    Just search for Recording Security Manager and you will get the tool
    yeshwant
    Dan McHarness wrote:
    The WLS v6.1 docs on managing security (http://edocs.beasys.com/wls/docs61/adminguide/cnfgsec.html#1074675)
    mentions a Recording Security Manager utility for detecting and resolving permission
    problems. Can someone point me to it?

  • Cisco Security Manager IOPS for Storage (VM Deployent)

    Hi,
    I've been asked by a client about the Cisco Security Manager requirement to have 1TB of storage for events and another for archiving.
    They wish to know the IOPS requirement for this storage. Please could anyone assist in this ?
    Many thanks,
    Mark                 

    Hi,
    I'm not sure that I can really help you, but I can verify that on my CSM 4.5 server which is running normally, that service has a starup type of automatic and is in the "Started" state.
    You may want to check your system and application event logs to see if there are any messages that could explain why it stopped.
    Regards,
    Matt

Maybe you are looking for

  • CS5 AI. How to add accented text character in windows

    I am trying to get the accented (acute/forward) characters for a, e, i, o, u. (and their capital versions) in illustrator CS5 (Windows 7). I do not want to use the Glyphs - impractical. Neither do I want to use the windows character box or Alt xxxx c

  • How to synchronise my MacBook Air to my Imac

    Hello When I go to my office, I take my MacBook Air When I come back home, what i have done on my MacBook Air is not on my IMac at home. How to synchronise both, so that I can find the emails I have been wroten, the files I have done etc...

  • No signal from Airport

    new imac has just arrived along with a wireless D-Link G ADSL2+ router from my service provider. I can connecct to the internet using the etehrnet cable connection with the router but not via airport. When I open "internet connect" there is no signal

  • Hello Mac! Goodbye Pc! What should I expect?

    Hello!! I'm buying a Mac soon and I would like to know what to expect. I have not found anything that tells me what to expect. I play WoW. Do I need to buy new WoW software to install on my Mac. I know that I won't need a firewall or virus protection

  • Importing old/low quality film

    Hi. newbie here. Thanks to all you folks for helping out. I am importing footage that was converted from vhs. When I insert it into the timeline it apears in a small box in the middle of the screen. When I try using the zoom function on camera view t