Security (permissions)

Hello,
As I understand permissions can be set on beans and their methods, but what if I need to check object state to decide whether user can change it or not?
What I need is to implement permissions system that can be changed on the fly and some advanced checks are required (objects states + users permissions on objects states).
Can I implement it using standart J2EE security featurs? System must be configurable (need to develop administration tool that will allow permissions assignemnt to the users and objects (for axample object can be changed if it is in state 'A' and user 'Paul' can change it)). I need to make it in one way not in several (not like: one part using standart J2EE features and other using my own permission system).
With regards,
Pavel Krupets

Pavel,
I belive you are looking for a way to configure access to your components such that who can access them
is a function of component state. You can write portable components such that this is the case, but J2EE
does not standardize how one might configure the impact of component state on such a policy model.
On all J2EE platforms, you can configure role membership such that it effects who can do what given a
static model for what roles are able to do what in each component state. You can either protect different
methods with different roles, or test the caller for membership in a specific role seclected by the
component based on the state of the component.
As an added consideration, the Java Authorization Contract for Containers (JACC), which is a required
element of all J2EE 1.4 containers, defines a pluggability model for policy providers and a way (policy
context handlers) for such providers to obtain from the container the parameters of the component
invocation. The parameters of the invocation are not quite the same thing as the instance state, but one
way that you could accomplish much of what you are trying to do would be to develop a custom policy
provider that could be configured to apply the parameters of the invocation in its policy decisions. As a
result of JACC, on dispatch into the component, a proper access control context including a subject
representing the component runAs identity has been bound to the call thread, and thus you can use the
j2se security api's to check whether that context is granted any j2se security permission.
Custom policy providers are an evolving J2EE capability, so I must confess that you would
likely encounter portability challenges should you adopt this approach. I described it to you to
expose our thinking regarding how we believe more sophisticated access control functionality
could be integrated with the j2ee container security architecture.
Ron Monzillo

Similar Messages

  • Windows Update files: Security permissions has "unknown user"

    Ok, this is weird. I have 30 files added in a November Windows update with a compile date or add-to date of 11/21/14. If I look at one of the files. MsSpellCheckingFacility.exe.  I can see it is a legit file.
    https://www.virustotal.com/en/file/e9dcf987838e9a70fca4e1b1dda217bd1e309cd4f6bac47402120f76aac6edc7/analysis/
    However, the security permissions on the file are strange.  The user TrustedInstaller is the owner.  Now that seems to be typical when the file is a Microsoft updated file.  However, the file also has a user added that is unknown.
    user ? S-1-14-21
    Umm, why is this?  Its 30 files like this all REAL Microsoft files....all apparently part of the update.  All scanned against virustotal as being revised about that date/time.  Did Microsoft release an Update Build with files as a part
    of that build that had Microsoft users still attached to them?

    Hi!
    This machine is joined to a domain? This SID with parameter "-21-" indicates a domain. If so, it is needed to verify on local polices if any user had permission on domain workstations enforced by network Administration.
    But when researching by SID "S-1-14-21" we have no
    reference, as parameter "-14-" is not commonly used.
    From articles bellow, we can find how SID works and the well known SIDs:
    http://msdn.microsoft.com/en-us/library/dd302645.aspx
    http://technet.microsoft.com/en-us/library/dn743661.aspx
    As this is not a known SID, I suggest you to try to use the script on link bellow to determine who is the user account:
    http://blogs.technet.com/b/heyscriptingguy/archive/2004/12/03/how-can-i-determine-the-sid-for-a-user-account.aspx
    The problem can be a user account that had already deleted (this is why SID is not resolved to a name) or a problem on WMI component that is not able to resolve SID.
    If not successfull with article above, please post a screenshot on file permission in order to help you further.
    Cheers!
    Alan Martins

  • Security Permissions from Management Console Not Being Replicated on SQL Server Database

    Hi Everyone,
    We have been encountering issues with access to Reporting Services for most console users since we upgraded to SCCM 2012 R2. We have observed that since the R2 upgrade, security permissions
    that are set in the console are not being replicated on the SQL database. Users/Groups that had access prior to the R2 upgrade are now only able to access Reports via the web interface. All new users/groups are not able to get access at all.
    We are not sure what the problem could be and would appreciate any guidance.
    We have tried the following without success:
    Manually adding new users/groups to the database
    Reinstalling the the Reporting Service point and Reporting Service, Removing all of the security groups from the console and from the database, and Adding the security groups back
    to the console.
    Our current environment:
    SCCM 2012 R2
    1 Site
    Primary Site:
    OS: Server 2008 R2
    Roles: Site Server / Software Update Point / Management
    Point
    SQL Server
    OS: Server 2008 R2
    SQL Version: Microsoft SQL Server 2008 R2
    Roles: Site Database Server / Reporting Services Point

    Thanks for your feedback.
    Permissions
    We have two main types of users: Full Administrators and local departmental IT administrators. (Local IT Admins only have full control over their own departmental collections. They have Read/Add to All Systems.)
    The only account that's currently able to run Reports from both the console and web is the admin account used to perform the R2 upgrade. 
    Full Administrator
    Role: Full Administrator
    Scope: All instances of the objects that are related to the assigned security roles.
    Local Departmental Administrator
    Role: Full Administrator & Read/Add
    Scope: Main Departmental Collection (Full Admin) & All Systems, All Users, and All User Groups (Read/Add)
    Report Service Execution
    On the database, we have tried assigning the Report Service Execution Account to the built-in Network Service Account, Local Service Account, and to a separate AD role account.
    Error Messages
    Console: We are able to select reports from the Console however nothing appears when we click on Run.
    Web: Generating Reports from the Web works for only the Full Administrators. Nothing appears for a Local Departmental Admin.
    This is a partial output from srsrp.log:
    Set configuration    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Check state    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Check server health.    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Successfully created srsserver    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Reporting Services URL from Registry [http://132.205.120.154/ReportServer/ReportService2005.asmx]    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Reporting Services is running    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Retrieved datasource definition from the server.    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    [SCM-SQL.concordia.ca] [CM_SCM] [ConfigMgr_SCM] [SCM-SQL.CONCORDIA.CA]    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    [MSSQLSERVER] [1] [] [CONCORDIA\SVC-SCM_REPORT]    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    [1] [0]    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Confirmed version [10.50.2811.0] for the Sql Srs Instance.    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Retrieved datasource definition from the server.    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Updating data source {5C6358F2-4BB6-4a1b-A16E-8D96795D8602} at ConfigMgr_SCM    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Loading localization resources from directory [E:\SMS_SRSRP\SrsResources.dll]    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Looking for 'English (United States)' resources    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Looking for 'English' resources    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Found resources for 'English'    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:05 PM    2588 (0x0A1C)
    Confirmed the configuration of SRS role [ConfigMgr Report Users].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Confirmed the configuration of SRS role [ConfigMgr Report Administrators].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Confirmed the security policy for folder [/].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Confirmed the security policy for folder [/ConfigMgr_SCM].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Confirmed the security policy for folder [/ConfigMgr_SCM/Asset Intelligence].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)
    Error retrieving users - [The EXECUTE permission was denied on the object 'spGetReportUsers', database 'CM_SCM', schema 'SCCM_Rpt'.].    SMS_SRS_REPORTING_POINT    3/10/2015 2:28:06 PM    2588 (0x0A1C)

  • Security Permissions Violation in my application

    In my application rarely security permissions are violating
    what may be the reasons.

    We are Not GOD............. Give more details.. what kind of application, where the security policy is defined, how users are getting in to applications.. bla bla

  • Fine grained security permissions

    I think fine grained security permissions are needed. If I use all permissions on a signed jar, that would grant too many permissions to the application. If I do not use all permissions, I can not use System.setSecurityManager(myOwnSecurityManager).
    When all permissions are used, after my own security manager is set, the old security policy appears to be valid still.
    Any comments? How can I easily apply my own policy to a WebStart based application?

    I did additional tests. It looks that when the security manager is activated, even the simplest JSP application is no longer working. It is simple to simulate (jdev 10.1.2 + ias 9.0.4.0.0):
    1. Create a new Web project containing a jsp page
    2. Deploy the application to the AS
    3. Test the JSP page. It works.
    4. Activate the security manager (add -Djava.security.manager into the Java options of the j2ee container)
    5. Restart the j2ee container and test. Crash
    Any idea?
    thanks

  • DPM 2012 R2 UR4 - DPM could not set security permissions on the replica or recovery point volume that was created.

    Hi All,
    I am running a fresh install of SCDPM 2012 R2 with a protection group that is backing up the 'C:\', Bare Metal and System State of some VMs. If i add any additional servers to the group since the first creation it returns the following error: 
    Modify protection group: System State & Bare Metal Recovery failed:
    Error 419: DPM could not set security permissions on the replica or recovery point volume that was created.
    Error details: The process cannot access the file because it is being used by another process
    Recommended action: Review the error details, take appropriate action and retry the operation.
    If i re-create the whole protection group it works fine.
    Could any one advise any further diagnostics I can do to try and locate the reason behind not being able to modify the group after the first creation? I can add new servers to other PGs without any issues.
    Thanks in advance,
    Dan

    If you are protecting any of the system state/BMR protection. Can you stop protection by deleting the older recovery points and then recreate the protection group.
    This thread mentions this to be a hardware issue, albeit with less information on what exact hardware issue:
    https://social.technet.microsoft.com/Forums/en-US/480679c2-1079-4847-ab38-5cc8f454ef86/error-419-dpm-could-not-set-security-permissions-on-the-replica-or-recovery-point-volume-that-was?forum=dataprotectionmanager
    Regards, Trinadh [MSFT] This posting is provided AS IS with no warranties, and confers no rights. If you found the reply helpful, please MARK IT AS ANSWER. Looking for source of information for DPM? http://blogs.technet.com/b/dpm/ http://technet.microsoft.com/en-in/library/hh758173.aspx

  • You do not have security permissions to complete this operation. Contact your administrator for more information.

    Hi everyone,
    I had a little trouble finding this on ony forums, so i decided to write it myself.
    I have setup on my Windows server 2008 machine fax server manager. It is working well (recieving faxes and forwarding it through email)
    It has been setup with a d-link external fax modem.
    Everytime i try to connect my client computer (windows vista business 32 bit)  to the fax server through windows keep getting " you do not have security permissions to complete this operation. Contact your administrator for more information."
    I am having a little trouble getting around it as i am the system administrator and have all the rights to do this. I have also added extra to my account fax rights as i thorght, that could of been the problem. I have also added my account in the fax server manager, but that did not work as well.
    Everything is set up on a domain and the server that is running fax service manager is on it aswell, not sure what could be the problem.
    Thank you in advanced for your help

    Hi,
    Thanks for the post.
    First, I would like to confirm if the issue occurs with the Domain Admins.
    If so, please check if the relevant group policies are set appropriate.
    To resolve this issue, make sure that the Network Service account and the Local Service account is added to the following policy settings on the domain controller:
    ·         Adjust memory quotas for a process
    ·         Generate security audits
    ·         Log on as a service
    ·         Replace a process level token
    ·         Log on as a batch job
    To configure the policy settings for the Network Service account on the domain controller, follow these steps:
    1.    Click Start, point to Administrative Tools, and then click Local Security Policy.
    2.    Expand Local Policies, and then click User Rights Assignment.
    The policy settings are displayed in the right pane.
    3.    Double-click the policy setting that you want to add the Network Service account to.
    4.    If the Network Service account and the Local service account is not in the list of users and groups that are assigned to that policy setting, click Add User or Group.
    5.    In the Select User or Groups dialog box, type Network Service in the Enter the object names to select box, and then click OK.
    6.    Verify that NETWORK SERVICE is displayed in the list of users and groups that are assigned to that policy setting, and then click OK.
    7.    Add Local service the same way.
    8.    Reboot the server.
    Does it work?
    If the problem continues, Please collect the MPSReport from Windows Server 2008.
    1. Download proper MPS Report tool from the website below.
    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en
    2. Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", “Business Networks”, click Next.
    3. After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file.
    Use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give me the download address.
    Hope this helps.

  • SAP CPS Security Permissions

    Dear All,
    I checked our Netweaver log and find following messages:
    User XXXX does not have AccessSchedulerBusiness permission: java.security.AccessControlException: No authorization
    Category: /Applications/Scheduler
    Place: com.redwood.scheduler.security.impl.sap.ume.UMEUser
    Application: redwood.com/scheduler-ear
    Username | ACCESS.ERROR | null | | Permission=[(com.redwood.scheduler.security.permissions.SchedulerAccessPermission business)]
    Category: /System/Security/Audit
    Place: com.sap.security.core.util.SecurityAudit 
    Application: redwood.com/scheduler-ear
    (Username =my Username)
    These are my userroles in SAP Netweaver UME:
      scheduler-user Einfacher Zugriff, sieht keine Objekte, Ist Basis für andere Rollen. UME-Datenbank
      scheduler-isolation-administrator Create/Edit/Delete Isolation Groups and add users to these UME-Datenbank
      scheduler-administrator Kann alle Aktionen im SAP CPS ausführen UME-Datenbank
    and here my userroles in SAP CPS
    Redwood System     Administrator     
    Redwood System     BAG:9:F:Scheduler_Manager
    Redwood System     scheduler administrator     
    Redwood System     scheduler user     
    Redwood System     BAG:1:F:Scheduler_Manager_Isolation     
    Redwood System     scheduler isolation administrator     
    Redwood System     scheduler_administrator
    Redwood System     scheduler it user     
    We use SAP CPS Build: M33.42-54458
    Anyone an idea?
    Kind regards
    Marc

    "User XXXX does not have AccessSchedulerBusiness permission: java.security.AccessControlException: No authorization"
    "Username | ACCESS.ERROR | null | | Permission=[(com.redwood.scheduler.security.permissions.SchedulerAccessPermission business)]"
    Errors such as the above normal and should not be any reason for concern. CPS has support for many more SAP standard roles now and in this situation CPS asks the UME if the user has these roles, the NW Java UME then logs a message if the user does not have the requested roles. This error is specifically logged when the user has no business user permissions.
    You can ignore these default trace entries. These standard roles are part of CPS, but they do NOT show in the CPS UI until you have assigned them in the UME to a user and that user has logged into CPS.
    Rgds,
    David

  • Security permissions on a PDF preventing imposition?

    I recently sent a PDF to our printers for printing.
    It was produced from Frame 7.2 using Distiller 8/Acrobat Professional 8.
    In the latter, I set a security password to stop the PDF being edited, but set it to allowed "High Quality Printing".
    However the printshop complained that the PDF was password protected and they couldn't print it.
    When I queried their workflow, they said the password protection was blocking the page imposition process they wanted to use.
    I wanted to ask the forum if this was a common situation, or in general, should PDF security permissions not block page imposition?
    (Unfortunately, I didn't get the name of the imposition software they were using... and they then decided they could print without a password after all...)

    This is common.
    Consider that imposition is often done by combining the individual
    pages into big sheets - of a PDF. This is clearly PDF editing, so you
    need to give your printer permission to do anything with the PDF. Many
    kinds of editing (e.g. in a plug-in) require an unprotected file.
    There are many imposition solutions, many of which Adobe would know
    nothing about. Maybe the print provider tried a different one, or even
    sent it out to a subcontractor with a different one.
    I find it baffling that people would protect files from their
    printers. What is it that printers are likely to do? If there are
    concerns, they should be addressed contractually.
    Equally, what the printer should do is make this requirement very
    clear in the submission requirements.
    Aandi Inston

  • Photoshop saved a PSD file with security permissions, and now I can't access it.  Please help!

    Using Photoshop CC, I saved a PSD file after several hours of editing.  I also exported a TIF file from the PSD.  After closing Photoshop, I cannot access either file in any way.  I cannot even copy them.
    going to properties --> security, I get a message that reads, "You must have Read permissions to view the properties of this object."  Click Advanced to continue.
    When I click Advanced, it says "Unable to display current owner", and in none of the three tabs available (Permissions, Auditing, or Effective Access) can I click "Continue" and get any further than the message, "You do not have permission to view or edit this object's permission settings".
    Please help me.  This is highly frustrating, and a bug that is costing me over an hour of my time troubleshooting.
    Thank you.
    UPDATE: 
    I rebooted, and the files are... gone. Photoshop CC has no record of the file under "Open Recent".
    What just happened? I lost a good 2 hours of work and a unique photograph
    UPDATE2
    I restarted the project, saved a PSD with Maximize Compatibility selected.  Verified this file has appropriate permissions. 
    When I then go to File --> Save (not "Save as", but "Save"), after progressing to 90% or so, an error message comes up, "Could not save 'O:\[path]\file.PSD' because the file name was not valid."
    I click "OK", and then go to the original file and check its permissions.  They are now changed to "You must have read permissions".

    I have this exact problem too. Windows 8.1 CC 2014 and all of a sudden I get the problems AIJ23 has. Say I have 8 files open, I save the first 3 or four, just with Control-S (saving in PSD format) no problem, then all of a sudden on the next save I get a message saying I don't have permission to save over the file followed by the same problems as above. I use Save As so I don't loose my work but I cannot delete/rename/change permissions of the original file. This only started happening about 2-3 days ago and only happens in Photoshop. I haven't managed to find much about this issue anywhere.

  • Security Permissions for simple file transfer

    Hey All
    I'm transferring a file using RMI as part of an enhancement. I want to restrict where the file can be transferred to and thus will use a security manager (On the destination object). However the object its being transferred to shares the same JVM with another quite complex application that currently doesn't need a security manager.
    Will I need to set a whole host of permissions for this application even though I only want to restrict file writing?
    I suspect this is the case just want confirmation.

    Hi,
    In the code which receives the file being transferred, you might try calling System.setSecurityManager(new SecurityManager()). Use the configured Java policy to limit where the file can be written. After calling setSecurityManager(), save the file. Before returning to the rest of the application, call System.setSecurityManager(null). Ensure that your code has setSecurityManager permission or this call will fail. If this idea doesn't work, you could simply use a security manager for the whole application, and just grant AllPermission to everything except the file receiving code. Everyone says AllPermission is dangerous, but it's no more dangerous than running with no security manager at all :)

  • SECURITY: permissions not allowed with ExecuteWithParams action

    Hello,
    I followed Frank Nimphius guide to get a secured web application based on adf bc
    and it seems to work ! (thank you Frank)
    i'm using a custom login module with a database containing users and roles. i can authenticate and be authorized for all actions that are necessary except for one (executewithparams) which is used on many pages, in spite of permissions "update" put on all the pagedef components.
    not using this action would make the application complety unusable.
    I've read that it is a bug but how can i fix it without recoding the function, have i to wait Jdev11 (we are going to deploy soon) and if i must recode this function how can i do?
    thanks for your help
    Mathieu

    Hi Guys,
    I think I am facing the same problem, and I am using the latest JDeveloper 10.1.3.3.0.
    My page is using an iterator based on the ExecuteWithParams method of a ViewObject.
    The page works correctly until I apply security. Than I get "no rows yet" in my ADF tables. I believe I set all the permissions possible, I am setting them using the Edit Authorization wizard, also manually editing the system-jazn-data.xml, using wildcards. Of course other tables based on View objects are working.
    This is kind of urgent, a show stopper for a demo application.
    Thanks,
    Istvan

  • QM03 - Security / Permissions Warning

    Hello all,
    When going into QM03 and then going into task plan tab, I recieve an SAP Gui Security warning stating that "The server is attempting to download the file" then shows a file path to my pc via a .tmp file. Then asks if i would like to permit this.
    This pops up 2 times for a SAP{letters n #'s}.tmp file and once for a SAPscriptword2007.dotm file. Is there a way to get rid of these security messages?
    Thank you ahead of time!

    We are Not GOD............. Give more details.. what kind of application, where the security policy is defined, how users are getting in to applications.. bla bla

  • Windows 10 standard user security permissions

    Sorry.... that was a bit clumsy! The standard user account is now acting as desired, I'm putting it down to the changes not being picked up at first for whatever reason....
    Thank you!

    Standard user will not have permissions to install most nowadays software - admin credentials will be needed for that, mostly due to the fact, that the app will want to install to theprogram files folder, to which by default users don't have write permissions. Some apps also need to write some registry keys to HKLM to which users won't be able to write either.Now, there are some apps like dropbox or chrome, that will install itself directly to the user profile if you don't have admin priviliges(I find that a very shitty thing to do by companies that create apps who do that btw), to block them, you'd need to find out specific apps that do that and blacklist them by the file namean example of a few I have blocked for that reason :Text*chrome*.exe Security Level Disallowed Description Date last modified 18/06/2015 16:44:55 *firefox*.exe...

  • Security permissions question about Applets

    Hello all.
    I'm wanting to make an address book on my server, so I need to have it write to a file. I've read a bunch about it, and still can't figure it out.
    I'm not exactly sure what the java home is supposed to be. I created a java.policy file in /usr/lib/j2sdk1.5-sun (I'm on Linux), but I think it might belong in /usr/lib/j2sdk1.5-sun/jre or /usr/lib/j2sdk1.5-sun/jre/lib/security
    I'm also not exactly what the java.policy file is supposed to contain. Currently, it is:
    grant codeBase "file:/home/scott/public_html/address_book/old/*" {
            permission java.io.FilePermission "/home/scott/public_html/address_book/old/Test.txt", "write";
    };Anyone want to help?
    Scott Howard

    I'm wanting to make an address book on my server, so I need to have it write to a file.Well, applets run on the client - the browser which downloaded the class files - and therefore cannot access files on the server without some type of networking.
    Caveat - the client and server are the same physical machine.
    Solution - have your applet communicate back to the server it originates from. No policy twiddling is needed, as this is an automatic permission.

Maybe you are looking for