Security suggestion

Similar Messages

• Unable to call WSS (WS-Security) enabled Web Service using UTL_DBWS

  We are attempting to call a WSS (WS-Security) enabled Web Service from PL/SQL using the UTL_DBWS package (see [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/u_dbws.htm#CHDIDGJH] ). We are doing this in similar fashion to [http://www.oracle-base.com/articles/10g/utl_dbws10g.php] with calls to utl_dbws.create_service, utl_dbws.create_call and utl_dbws.invoke.
  Using this method we can successfully call an unsecured Web Service, but calls to WSS-enabled Web Services fail. We are currently using Oracle Database 10.2.0.3.
  The failure we are getting is:
  ORA-29532: Java call terminated by uncaught Java exception: javax.xml.rpc.soap.SOAPFaultException:
  com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
  policy ( AuthenticationTokenPolicy(S) ): No Security Header found;nested
  exception is com.sun.xml.wss.XWSSecurityException:
  com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
  policy ( AuthenticationTokenPlicy(S) ): No Security Header found
  Apparently UTL_DBWS does not support calling WSS enabled services, although this doesn't appear to be an officially recognised position. Does anyone know if Oracle are planning to support this soon (if ever)? Looking at Re: Calling WS from PL/SQL using WS-security suggests that support has been considered before, but not yet realised.
  Thanks,
  Tom

  Having raised a Service Request with Oracle support on this, I got the following response from Oracle Development (On unpublished bug [8542959|https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=BUG&p_id=8542959]):
  Development has confirmed that WS-Security is not supported through UTL_DBWS. They have also acknowledged that this is not documented and they will change the official Oracle documentation will reflect this fact. From what is being stated, it would appear that there is no plan to support the use of WS-Security through UTL_DBWS in any release in the near future.
  So, in short, without developing your own home-grown SOAP request, there is no way to call a WSS enabled web service from within PL/SQL.
  -Tom

• How can I make my Apple ID security? It has been hacked three times in a week!

  Just in a week, I found my apple id(this id) has been hacked for three times!
  When I was trying to login in to the ITunes Connect, it returned following error,
      Your Apple ID or password was entered incorrectly.
  I'm sure I entered the password correctly that I checked it many times and it's never happens before. So every time it happens, I use the forget password tool to reset the password. Just in a week, the incorrect password occurred 3 TIMES and I have reseted my password 3 TIMES to get control back.
  I'm a developer so first time it happens I did aware of there might be hacker. So I cleared all password cache in my machine, scan virus and reset the password of Apple ID and my mailbox in a more complex letters.
  However, ever I did so, my password still goes wrong and the error happens again and again.
  And one thing I can't understand in this story is,
       - Every time I reset my password I got an email notification, it always works, during my 3 resets.
       - When my password is hacked (I can just assume it's a hack), there's no email notification. I can almost sure the email is not deleted, because no matter how fast it's delete, my mobile should receive a popup anyway.
  Now I have tried everything I can but my account is still not safe. I want report this issue to Apple that they can figure out the problem, to avoid a bigger security disaster. But I could not find a contact from apple for this problem, I sent a mail [email protected] but no reply. It's so terrible...
  So i ask for help in this forum, I'd appreciate if anybody can help either security suggestion to me or help find the contact of apple.

  account disabled for security reasons: http://support.apple.com/en-us/TS2446

• Basic security question

  Hello,
  I would like to know how we could secure the post variables in java. I could check for only valid input characters in the data but any suggestions would be helpful. Any other general security suggestions would be great. We primarily use jsp, servlets, java beans and mysql database. Thanks,

  Thanks for your reply. For a start, I want to weed out any malicious characters that user enters through form input. In other words, We do upload files and store them on our linux system. We store general and payment information about the user in mysql database. First I would like to check for only acceptable characters and filter out the characters that would cause security hole in the system. Later I will focus on other aspects of security. I don't know which one to include in the set of acceptable characters. Any help will be appreciated.

• How to open and save file like the Notepad Demo do?

  I am a newer to Java Web Start. I found that in the Notepad Demo, when user try to open or save file, a message box appear and give the user some security suggestions.
  In my application, I used a JFileChooser and set the <security> element to <j2ee-application-client-permissions/> in the jnlp file. But the application will thow an exception:
  access denied (java.io.FilePermission C:\Documents and Settings\Administrator\desktop\Java Web Start.lnk read)
  Can someone tell me how to solve this problem. By the way, where can I find the source of the Notepad Demo. I want my application to open and save file just like the Notepad Demo do.

  The Notpad demo uses the JNLP api to read and write files. The api doc can be found at:
  http://java.sun.com/products/javawebstart/docs/javadoc/index.html
  Although the Notpad demo source is not available, there is other sample code available at:
  http://developer.java.sun.com/developer/releases/javawebstart/
  Included here is the webpad demo, which uses the FileOpenService and
  FileSaveService API's.

• Want to use Mac's for public access in public library -- NEED HELP please.

  We have a grant to replace all of the computers in our small town public library. I would like to be able to consider Macintosh computers (would Love to, actually) but have not been able to find any information about how to do that.
  Biggest issue is "access management". We have a system for PCs that logs on a patron by using their library card number and a PIN. That system then allots them an hour or two to use the computer, times them, warns them when time is running out and so on, and it also manages printer access and charges a few cents per page to print.
  We need that for Macs. The software maker gets all attitude about "we have 2000 libraries with PC's and Zero with Macs." ARGH!
  Help help help.
  Also... please point me to anyone at Apple that knows what a public library is and would like to help us overcome this attitude problem.
  We have a grant and can buy the computers. We just need some help to get it done.
  Thanks!

  This article:
  http://docs.info.apple.com/article.html?artnum=304035
  And the fact there is Smart Card access in:
  http://www.apple.com/macosx/features/300.html#security
  Suggest you may be able to do this with the operating system itself. Apple Support has specialists you can request to speak to about how to setup such systems when you call them:
  http://www.apple.com/contact/phone_contacts.html
  I've never setup such a system, but given that other features I've been able to ask about and get specialists to help me, suggest that's probably the most logical course to go.
  Message was edited by: a brody

• Safety of MS Sharing on LAN over TCP/IP via NetBIOS and/or Direct SMB

  Shalini Sampath Kumar at http://answers.microsoft.com/en-us/windows/forum/windows_7-security/ suggested I post this question over
  here:
  What is the safest recommended way to set up MS File and Printer Sharing on a LAN with both Windows 7 Pro and XP Pro machines?  Does "Direct hosting of SMB over TCP/IP," help?  What about setting a "Scope ID" (or did that go out
  with Windows NT)?
  Background:  I've been trained to be paranoid about NetBIOS over TCP/IP.  Right now I have only XP Pro machines on my peer-to-peer workgroup LAN (behind a NAT router and with Simple File Sharing turned off), on which File and Printer Sharing has been
  unbound from TCP/IP and bound to NetBEUI instead, so I feel fairly safe.  Port scanning by ShieldsUp doesn't see any ports through the router, open or closed -- in other words, it appears to be "stealthed," for what that's worth.  With
  NetBIOS disabled on all computers inside the LAN, however, can I perform a valid test of what will happen when File and Printer Sharing is re-bound to TCP/IP?
  My New Problem:  I'm planning to add Window 7 Pro machines, for which NetBEUI isn't an option, and then to transition entirely to Win7 before XP goes off extended support in April.  I will still use a peer-to-peer architecture with password-protected
  sharing turned on (no HomeGroup).  It appears that I can still get rid of NetBIOS (and WINS) in favor of "Direct hosting of SMB over TCP/IP," which sounds safer.  Apparently then only port 445 will be vulnerable instead of ports 137-139. 
  In any case I want to do everything I can to protect my file-sharing port(s) from the Internet (e.g., from anyone who might break into my LAN either by making a wireless connection or by hacking the router itself).  Can anybody give a clear set of steps
  to change sharing from NetBIOS (which I would like to disable entirely) to direct hosting of SMB and to verify that I'm protected as well as possible?
  I will have to completely revamp the network-file-sharing configuration of my XP machines as soon as the first Win7 machine goes on line (and possibly tweak the configuration of Win7 as well), perhaps as early as this week. I want to do this in the way that
  maximizes security to the extent possible.  Thanks in advance more details and guidance on this topic! -- JCW2
  P.S. -- These computers are all laptops and will be used away from my home LAN -- another reason for paranoia about File and Printer Sharing.  I realize that Windows 7 provides an easy way to disable F&PS by selecting any new network location as
  "public," but XP does not (as far as I know).  Fixing that will take more effort and be harder to remember... -- JCW2

  Removing the NetBIOS transport has several advantages compared to NetBIOS over TCP, you can find detailed infromation in the following KB
  Direct hosting of SMB over TCP/IP
  http://support.microsoft.com/kb/204279/en-us
  Yolanda
  TechNet Community Support
  Hi again -- I think I'm slowly catching up with you.  Following from my previous message...
  Somebody on another forum mentioned creating "Hosts" files on each computer to substitute for the DNS server that I don't have on my workgroup.  This is intriguing if I can figure out how to set it up.  (I've heard it said that taking control of
  your "Hosts" file is a good safety precaution anyhow, since it is a frequent target of hackers trying to divert legitimate Web requests to their own malicious sites.)  Does anybody have tips and/or references that would help me accomplish the name resolution
  there?
  Finally, what functionality do I really lose by going the Direct-Hosting-of-SMB-with-Hosts-file (or drive mapping) route as opposed to using NetBIOS over TCP/IP?  Granted, any new machine added to the network would also have to be added to all the "Hosts"
  files (or mapped to a new drive letter) on each machine; but given that I already have to add it to the MAC filter and assign it a DHCP reservation in my router, this isn't a heavy burden for something that doesn't happen often.  Would everything then
  work the same as if NetBIOS were providing the name resolution?
  One missing piece that I see so far -- it's not obvious how this same trick would apply to printer sharing (although I'm not using that feature right now anyhow).  Could this be handled seamlessly through the "Hosts" file as well?
  Thanks and Best Regards to All -- JCW2

• I typed my username and then my password for an account into the username field accidentally. now i start to type username and drop down box gives option of using this to fill username field. how do i get it to stop?

  When start to enter username ("un")for an account that I use firefox suggests previously typed ones in drop down box. Accidentally typed a password next to my un, now everytime i begin to type un this presents as option i can click on to fill un field. If someone else wanted to login to own account on my comp firefox would show this. not secure. suggestions?

  Remove saved Password(s): [http://kb.mozillazine.org/Menu_differences Firefox > Preferences] > Security: Passwords: "Saved Passwords" > "Show Passwords"
  * http://kb.mozillazine.org/Deleting_autocomplete_entries

• About the access of table

  hi, friends, there are three tables which need some modifications, however thess tables are so important to the system that no access to them is intolerable.
  how can i make them read only for others and at the same time which can be modified by and only by my session ?
  thanks in advance

  If it is indeed "so important" (to quote you) then use Oracle's very handy, very reliable syntax of security suggested to you already. THEN connect to the database as a user who starts any/every session with the privileges you desire.

• Can send packets, but not receive packets

  Running Windows XP, my Internet was working fine and then stopped working. It still shows that I am connected to the Wireless Network and shows that packets are being sent, but not received. Will work directly from the cable, but not wireless. Tested Wifi card on other computer, that works, Internet is working on other computer wirelessly.
  Any options?
  Using Wireless-G Notebook Adapter with SpeedBooster WPC54GS
  Broadband Router WRT54GSMessage Edited by tiggerx40 on 10-09-200603:49 PM

  What is the router model number and version? You may find the model number underneath the router itself on one of the stickers.
  Anyway, if you are plugged in to the router:
  1) open up internet explorer and go to 192.168.1.1
  2) username: just leave it blank password: admin
  3) go to the wireless tab:
  You may change the ff:
  SSID - this is the name of your network
  Channel - signal of the router (suggested value is 11)
  ----> save settings after you have done the necessary changes
  4) go the wireless security (found on the subtab)
  set-up security:
  - suggested mode is WPA Personal
  If your router is a WRT54G v5-v6, go to the status page:
  - check the firmware version, if the firmware version belong to any of the ff. below then download and upgrade the firmware.
  ► 1.00.1
  ► 1.00.4
  ► 1.00.6
  ► 1.00.7
  ► 1.00.9

• How do I verify that Trap autonomous transactions is enabled in Oracle 10G?

  The Center for Internet security suggests the following parameter be set in Oracle 10G databases:
  13.02 Auditing Trap autonomous transactions is enabled. This will ensure that audit captures actions performed by users even if they are later rolled back.
  How do I verify that this is set in our production database?

  Ask them ... and while you are at it ask for an explanation of it is about an anonymous transaction running that makes it a security threat.
  I haven't a clue what they're talking about and it is likely they don't either.

• My iphone4 isn't updated or synced to icloud because last time I tried it merged with a family members phone. Now I'm getting a new phone am scared I am going to lose all my contacts. Any suggestions on how I am to secure them?

  My iphone4 isn't updated or synced to icloud because last time I tried it merged with a family members phone. Now I'm getting a new phone am scared I am going to lose all my contacts. Any suggestions on how I am to secure them?

  Backup using itunes http://support.apple.com/kb/HT1766
  Are you sharing an apple id with someone?  that would be the only reason if would merged info.

• After I installed the recent Apple security patch, I can no longer save PDFs when using Safari. And Firefox no longer can open website PDFs. Any suggestions?

  After I installed the recent Apple security patch, I can no longer save PDFs when using Safari. And Firefox no longer can open website PDFs. Any suggestions?

  Dansyacht wrote:
  If the previous Safari suggestion doesn't work try the following:
  In Finder, go to Macintosh HD/Library/Internet Plug-ins and move AdobePDFViewerNPAPI.plugin to the Disabled Plug-ins Folder.  Restart Safari.  If this works you may just want to delete that FUBAR plug-in.
  Thanks.  This was the solution for me.
  Message was edited by: tvdowntown

• Need suggestion on security

  Hello,
  I need some suggestions on what might be the best way to handle security in my application.
  The application acts as a control panel with an initial login screen. When a user logs in it needs to be given access to certain menus and buttons based on the user group in which it belongs. The user groups need to be configurable (so policies will change over time).
  Is JAAS a viable solution? I am not concerned with the OS level of security. The application needs its own level of security. For example, user JohnDoe logs in to application. JohnDoe belongs to the GroupA user group. GroupA has AccessPrivsA, which currently allows him to view menus A B and C. Later on AccessPrivsA is changed by user Admin to only have access to menus A and B.
  Any ideas fellas?

  JAAS will allow you to authenticate the user and to obtain the users credentials via the OS or another source (depending on the LoginModule used) but it will not allow you to control access to various features in your application. For this you need to create an ACL (Access Control List) based framework within your application. An ACL is a list of groups/users that have a certain privileges. You would create an ACL for each of the features within your app that you want to control access to. The various classes within your app could check with the ACL management system to see if the current user has access to a specific feature. For example assume the following (not thread safe) code:
  public class AclMgr{
    private AclMgr _singleton;
    private HashMap _aclmap;
    private Subject _subject;
    private AclMgr(){
      _aclmap = new HashMap();
      // read in the ACLs and store in HashMap. This could be in a properties file.
      // e.g.
      // #My ACL property file
      // #format: feature=ACl
      // view.sensitve.data=ADMIN,SUPER
      // get a reference to the current Subject (which is essentially the user with credentials).
      // This assumes your using JAAS - you could also roll your own if you choose to.
      _subject = UserAuth.getInstance().getCurrentSubject();
    public static AclMgr getInstance(){
      if(_singleton == null){
        _singleton = new AclMgr();
      return _singleton;
    public boolean isAuthorized(String feature){
      boolean authorized = false;
      if(_aclmap.containsKey(feature)){
        // check the Subjects credentials (groups etc) against the ACL for this feature.
        // if the user is in a group that exists in this features ACL then set authorized=true .
      return authorized;
  public class MyJFrame extends JFrame{
    public MyJFrame (){
      super();
      // set up the UI
      // when we get ready to see if we add a feature then do something like this:
      if(AclMgr.getInstance().isAuthorized("view.sensitve.data")){
        // the user has access so add yer button!
  }Of course, this is overly simplified but gets the general idea across. We have implemented something similar in our Enterprise application and it works nicely. With a little more work you can probably provide an UI for authorized users (admins etc) to edit Access Control Lists for various features. Security will be increased if you store the ACL property file on a server somewhere so you can control access to its editing. Or even store it in a Database� lots of fun to be had here ;-)
  Hope this helps,
  Shane

• HT201210 While trying to update my iphone and itunes, I have messag 1611 and my phone is frozen on a pic of a usb cord w/ an arrow to itunes..  I have removed firewalls and security programs as suggested..still not restored!!

  I was on the phone with an apple tech for two hours, we managed to update itune program on computer, but by that time the phone was dead and would not show up as a divice.  She told me to let the phone charge, then plug it in and it might recognise my phone, which it did.  I followed the directions and now my iphone is a nice paperweight.  She also told me she would email a case number and some articles which would guide me through the process if it did not work.  I did not receive them!!  My iphone cannot be restored (error 1611).  I have removed all security ware as it suggested.  I even took down the windows firewall... I have tried everything  (except of course I cannot try what they suggest I adjust on my phone because it is frozed FOREVER!!!  Please help me!!

  Put the device in DFU mode (Google it) and restore.