Security warning https setup IE 8.0 with Anychart 5 in APEX 4.0
Hi
We use Oracle Http server , the https setup is handled in the firewall setup, we use Apex 4.0
We try to use IE 8.0 with APEX 4.0 and using anychart in a report portal like application. We are using https protocol and this runs just fine in Firefox and Chrome, but when running IE 8.0 we run into the problem with displaying the content. We get the Security Warning message box asking if we want to display only the content that was delivered securly. We have traced the problem down to that the problem is because of using Anychart charts. When we remove the anychart regions the security problem is removed.
We have tried with setup of #HOST_PROTOCOL# to https which apex 4.0 have made available for anychart codebase, but this does not help, link to Anychart websiste
http://www.anychart.com/products/anychart/docs/users-guide/index.html?security-error.html is talking about setup of crossdomain.xml on the root catalog on the webserver.
Using Anychart 5.0 and APEX 4.0 with https in IE gives popup of Security Warning message box, any idea how we could solve this problem?
Edited by: user9252117 on Aug 25, 2010 3:13 AM
Hi Patric
Tis is realy interesting,
BTW: the select owa_util.get_cgi_env('REQUEST_PROTOCOL') from dual; returns http.
I changed the #HOST_PROTOCOL# in the region source, and then it worked well for the first time, if i took a refresh on the page the message box popped up again, going back to the region source the https was replaced with #HOST_PROTOCOL# again overwriting the changes i had made, it looks like the code is updated when the page is executed, sounds strange to me, so then i am back where i started.
The switch to https protocol was made by setting PlsqlCGIEnvironmentList REQUEST_PROTOCOL=https in dads.conf, BUT then we got back to the stage where the charts was not displaying at all and we have tride to setup crossdomain.xml and put at document root at apache but we have not been able to make this working.
We have a situation where it works and that is when https is put into region source code but this is overwritten.
The apache webserver is running on port 7777 and the https is handled in the firwall setup so i guess we have a reverse proxy setup or something like that.
Any idea why the #HOST_PROTOCOL# is overwritten?
kind regards
jon
Similar Messages
-
Security Warning - secure HTTPS
RH 8.0.2.208
Air Browser based Help
When I navigate to Air Browser based Help on our secure server via HTTPS, I get the following message:
Security Warning
Do you want to view only the webpage content that was delivered securely?
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of thr entire webpage.
It seems like the Air components are trying to access something because if I access my Help pages directly, I don't get the warning. So...
Where is Air retreiveing external content, and how do I turn it off?
Thanks!Hi Patric
Tis is realy interesting,
BTW: the select owa_util.get_cgi_env('REQUEST_PROTOCOL') from dual; returns http.
I changed the #HOST_PROTOCOL# in the region source, and then it worked well for the first time, if i took a refresh on the page the message box popped up again, going back to the region source the https was replaced with #HOST_PROTOCOL# again overwriting the changes i had made, it looks like the code is updated when the page is executed, sounds strange to me, so then i am back where i started.
The switch to https protocol was made by setting PlsqlCGIEnvironmentList REQUEST_PROTOCOL=https in dads.conf, BUT then we got back to the stage where the charts was not displaying at all and we have tride to setup crossdomain.xml and put at document root at apache but we have not been able to make this working.
We have a situation where it works and that is when https is put into region source code but this is overwritten.
The apache webserver is running on port 7777 and the https is handled in the firwall setup so i guess we have a reverse proxy setup or something like that.
Any idea why the #HOST_PROTOCOL# is overwritten?
kind regards
jon -
Importing fdf with js always get security warning
Hi, I have a form with some options (1 category as text with drop down and 5 radio button). The selection get the name of the fdf file to import. On import I get every time the security warning. I select the "Remember this action..." and I click "Allow". In the Settings/Security (Enhanced) the path and the file doesn't appear, so I set it manually, but I still get the security warning everytime. Files are stored locally in a different partion as the system. This happens on 2 machines (Mac 10.7, Mac10.8, Acrobat X, ACrobat XI, Reader XI).
this is the script
var A = "/Volumes/Data_Sharing/Projects/.../.../.../";
var B = getField("Category").valueAsString;
var C = "-okom-data.fdf";
var D = A + B + C;
var E = this.getField("Text1");
E.value = D;
this.importAnFDF(D);
The field Text1 is only a string visualisation for controlling
If I set an Import Data Event without js I don't have any security warning with fdf (but always with xfdf, xml and text files).
If you know what I miss, thanks for any suggestion
CurzioUnfortunately i dont think its possible.
You'd think a deployment could restrict warnings for a local intranet, or have an exception list.
There was another answer i did see but i would not recommend this at all. Even the person who put the post up does not recommend it.
http://forums.sun.com/thread.jspa?threadID=5253971
You have two options, do not have java 1.6 on the desktop as this is the version that brings up the security warning. Or you can try the new
application with java 1.6 (As long as all functionality is tested). This will satisfy your new app, but not the applications that run of the older
java runtime environments. (we are going to test the application under 1.6 even though its not a supported certification by the vendor.) -
How to stop HTTP Security warning message in transactional iview
When I am trying to access ECC through transactional iview then I am getting HTTP security warning message i.e. This page contains both secure and nonsecure items. Do you want to display the nonsecure items?
I think it is because portal is accessable using HTTPS protocol and when we access ECC then it uses HTTP Protocol.
Pl help to resolve.Hi AshuGrover_in,
First, welcome on SDN!
> I think it is because portal is accessable using HTTPS protocol and when we access ECC then it uses HTTP Protocol.
> Pl help to resolve.
This might very well be the root cause of the issue, and if it is, you know the resolution - make all systems accessible via https.
Anyhow, to examine the exact cause creating this message you could use tools like HttpWatch or something similar and record the client accesses to the server. If you originally have a GET to a https address, the first http request caused by the original request will throw this message.
Theoretically, on client side, you can switch off this message: Search for "switch off http https warning" on google and you will get all possible instructions for the different clients. Anyhow, a clean landscape design with complete https connections is the aim you should have.
Hope it helps
Detlev
PS: On SDN, if something helps, you might reward the answer, check it out. -
Security warning in Plugin 1.4.0 during HTTPS applet download
Hi,
I develop a simple applet, which is unsigned beause doens't do critical operation like read or write on client File Systen. But I download it from an HTTPS web server and the certificate installed in the server is created by GlobalSign.
In Plugin 1.3 and previous release, I could download and run my applet from a HTTP or HTTPS site without problem.
In the Plugin 1.4 BEFORE i download my applet, a security warning popup appears, and it inform me that i try to install a "untrusted" cerfificate for HTTPS comunication.
I known that in Java Plugin 1.3 HTTPS connection are managed by Browser and for example in IE the GlobalSign CA certificate is trust, but in Java Plugin 1.4 itself manage the HTTPS connection, and the GlobalSign CA certificate is not present in the default CA trusted certificates.
My costumer is not very "happy" that his costumer see this security warning when download my applet...
So, the question: is it possible to avoid this message in the default plugin 1.4 configuration?
If this is not possible I must use a CA certificate which is trust for Java Plugin, abandoning the GlobalSign certificate.
Best regards
MicheleHere is perhaps a related problem. In IE6 I go to an https mode along with a basic authentication to view a series of private webpages. When I reach the webpage with my applet, I have to autheticate the applet before proceeding. Is the way the Sun Plugin should work? I know the Sun Plugin uses the IE API for server transactions, but in the case of an applet, it must start a new (basic authentication) instance. After the first authentication of the applet, all other applets down the line do not require a username and password.
-
Issues with security warning popups in JRE1.5.0_06
Using
Java Plug-in 1.5.0_06
Using JRE version 1.5.0_06 Java HotSpot(TM) Client VM
Browser is Internet Explorer 6.0.2800.1106
Background:
Our web application has 3 different applets on one page, transmitted using https. Due to a variety of factors, the name of the host does not match the name on the certificate, and we can not change that.
Problem:
We get 3 dialog boxes warning us that the names do not match, as usual. However after installing 1.5.0_06 we get 2 different undesirable behaviors:
A ) 1 or 2 of the dialog boxes are empty and small, as if only the window of the dialog box was created, with no components on it. When you resize them, they remain blank (only default background color). They can not be closed.
B) All 3 of the dialog boxes look as they should, but only one of them can be interacted with. Even after we press "Run" on the working dialog box, we are not able to interact with the other two dialog boxes.
The applets causing these security popups are in 2 different frames, and load simultaneously. The popups all appear at the same time .
We consistently see different behaviors on different PCs:
PC I : After 30 tries, it fails once, error B
PC II: After 20 tries, it works once, mostly error A
PC III: 10 tries, Mostly error A. Never worked once. After a reboot (and full cache clears) we get mostly error B. Never works.
If we disable the warnings (in the control panel), the page loads ok, with no errors.
Have anyone experienced this ?I've experienced similar problem with Java Web Start twice.
Also using JRE version 1.5.0_06 Java HotSpot(TM) Client VM and Browser Internet Explorer 6.0.2800.1106 on Windows XP (Problem was the same with Java 1.4.2)
My application was signed and launched via JNLP. The security warning popup was shown in the windows taskbar, but it was hidden. Using maximize in the taskmanager, I was able to see the dialog but it was blank. The problem was persistent, although I did not try as many times as 20-30 :-)
On both occations the problem occured on multi (3) screen systems, which I suspected to be the problem (Java has historically had some issues regarding multi screen systems), but now I'm not so sure.
Did you find a solution / cause? -
Issue with IE Security Warning box about Flash Player
Recently upgraded to Flash Player 11.8 on a Win7 x64 system with IE9. Am now having a IE Security warning box pop up repeatedly saying Flasher Player wants to open Web Content. If I Allow, it is an endless loop with the warning box. If I Don't Allow, it eventually stops popping up after 3-4 times. Need to know if there is an issue with Flash Player or if there may be something else going on in my computer. Any suggestions would be appreciated. Also, I am not a whiz, but manage.
You can either lower the security settings of Internet Explorer, or - easier - download the executable installer from http://www.adobe.com/products/flashplayer/fp_distribution3.html
P.S. note that no browser windows must be open when running the installer. -
Setup secure server (https)
This topic may belong to some other form. I am new to
Dreamweaver CS3 so I will give it a shot!
System:
Dreamveaver CS3
LINUX CentOS 5.1
Apache Web Server 2.?
I like to setup a secure server "https:www.myweb.com" &
will be storing couple of images (thats all). I guess I can set up
a site in DW but then do not know how to set it up in apache. Can
somebody direct me how to do it or a URL to a tutorial?
If I have not provided enough info, please let me know.quote:
Originally posted by:
Newsgroup User
questions:
Do you want to set this up on your local testing server, or
on a real remote
host?
and to clarify- are you asking about https Secure Sockets
Layer, for
encrypted transfer..
or are you possibly asking about how to password protect a
directory so
that a username/password needs to be entered before people
can view the
pictures/pages in that directory?
Both but this is what I need right now:
I am dabdling with setting up buttons to use PayPal. PayPal
suggests that the buttons "Add to Cart" and "View Cart" be placed
in a secure web. I hope this clerifies your question. -
How to disable IE Security Warning on opening a "local" visio file with Visio Viewer ActiveX?
Hello all,
Everyone knows that Microsoft released ActiveX based Visio Viewer for free and allow the users to open Visio drawing and view/print via IE browser.
The problem that I am facing is that some users are complaining about IE browser's security warning on "active content to run in files on My Computer".
It means that opening .VSD files from the network, internet, intranet would be all OK but if the user wants to open .VSD files from the local hard drive (or open it as a mail attachment, which will extract it to a temp folder), it prompt the user to select "Allow Blocked Content" EVERYTIME they open them.
I know that I can GLOBALLY disable this warning by going through Tools - Internet Options - Security section and enable "Allow active content to run in files on My Computer" but I hope that there is a way (or workaround) to allow them by file type or location, etc.
Questions:
1. Is there any way to disable those warning for all .VSD only while we still UNCHECK the option on Internet Options?
2. Is there any 3rd party Win32 based viewer which wouldn't have those restriction?
3. Is it safe assumption that McAfee VirusScan and Host IPS protection is sufficient enough to remove the IE's security warning feature?
Thanks in advance?
Young-Are you able to host/launch the VSD file via an HTM page? In that case you can format the HTM page as shown below. This will trick IE into thinking it is loading the file off of a website. Commonly called 'mark of the web'.
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=(0014)about:internet -->
<html>
</html> -
Open File - Security Warning with Network-based Silent Install of CS4
I am attempting to run an enterprise deployment of CS4 Design Standard Edition onto a pool of WinXP Pro workstations. I placed all of the install files on a networked server running Windows 2003, and generated from there all of the requisite .xml files (install, uninstall, and override files). From this network share, I can successfully run a silent install.
HOWEVER. Multiple times (two or three) during the course of the silent install, I receive the same pop-up security warning from Windows XP (definitely an OS message, not anti-virus or other) that reads as follows:
Open File - Security Warning
Do you want to run this file?
Name: AIRApplicationRunner.exe
Publisher: Adobe Systems Incorporated
Type: Application
From: (server IP address)
I have tried excluding Adobe Air from the installation package, but I still receive the same security prompt. This is sufficiently a hassle to have to click through these prompts in a silent install. But more importantly I am unable to run the silent install as part of a logoff script because for all intents & purposes it is no longer a silent install (i.e. it requires user intervention). To top it off, I found when testing the logoff script the prompts are suppressed and the installation fails prior to the bulk of the installation (Photoshop, Illustrator, & InDesign).
I'm sure that I could run the install by copying all of the files to each local workstation, but again that would defeat the purpose of an easy, network-based install. In the past I was able to install CS3 in this fashion with no troubles, which of course did not include Adobe Air.
Can anybody offer a suggestion as to how to disable these security messages, or alternately, how to entirely exclude Adobe Air from the install package? I have found a VB script that is supposed to address the security warnings issue, but to run the script also requires the user to accept it at a security prompt.
Thanks in advance for any assistance!
-DanI'm now able to deploy design suite premium cs4 successfully.
The issue for me was that the AirapplicationRunner installs some useless software. I worked around the issue with the Airapplicationrunner prompt by removing any apps that are installed using that method. By "removing" I mean marking that app as "donotinstall" in the deployment file. The apps I removed are these adobe codes for adobe media player, adobe.com, adobeair itself. The below is from my deploy.xml file used for the silent workflow:
donotinstall
donotinstall
donotinstall
If you mark those three adobe codes as "donotinstall" the prompt never appears and the real apps get installed just fine. -
PDF form with buttons opens up URL with security warning window
I have a short-lived process that renders PDF form with data merged. The data is in XML format.
The form buttons are assigned URL values when the form is opened. When I click on them,I get a Security warning prompting me to allow/block that site. When I click on 'Allow', I get a window of download statistics of the website that in the URL.
This would be annoying to the end user. How I do I suppress the Security warning window as well as the download statistics window before the PDF is opened ? Can this be done either at the process design, form design stage or using Java APIs ?
Thanks,
JyothiI have a short-lived process that renders PDF form with data merged. The data is in XML format.
The form buttons are assigned URL values when the form is opened. When I click on them,I get a Security warning prompting me to allow/block that site. When I click on 'Allow', I get a window of download statistics of the website that in the URL.
This would be annoying to the end user. How I do I suppress the Security warning window as well as the download statistics window before the PDF is opened ? Can this be done either at the process design, form design stage or using Java APIs ?
Thanks,
Jyothi -
SOAP Adapter with Security Levels - HTTP & HTTPS
We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
What is the difference between Security Levels 'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
I appreciate your inputs on this.
thx in adv
praveen
PS: We are currently on SAP PI 7.0 SP17Hi Praveen,
There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
HTTPS With Client authentication:
The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
and check this link.
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
Regards,
Prasanna -
Flash & https: Security Warning
Hi,
We are implementing a small flash site.
This flash site is placed on a secure server environment (HTTPS)
when the site is launched it shows up a security warning message saying
"This webpage contains content that will not be delivered using secure HTTPS connection, which could compromise security of the entire webpage."
The site accessed elements like xmls/images/swf.
We have used all the assets using relative path as they are present in the main folder where the index.html resides.
Can you please guide me as how to resolve this issue and stop the popup coming.
thanks,
pravin gHi,
Thanks for your interest and extremly sorry for my late reply.
Unfortunately I cannot share the URL.
But we found that the problem was in the domain implemention side. Due to some confussion some files were kept on http server while some where on https.
now that we moved evrything on https server it is working fine.
Greetings,
pravin g -
how to alter these settings?
1.browser laces import Bookmarks HTML?
2.security disable button open Device Manager?
3.security warni vewing mixed?We didn't get a reply from you. I just wanted to try and follow up before I close this out.
I'd like to know if the issue went away, and/or if you could confirm whether it's Firefox specific or happening in all browsers. -
Downloaded JPG Files Have Security Warning When Downloaded with FF 14.0.1
Since updating to FF14.0.1, JPG files that are downloaded from the internet display "Open File - Security Warning" "Unknown Publisher" when double clicked to open. I can disable the warning for individual files, but would rather have it global for all since JPG file are a low security risk. They do open without the warning when downloaded within IE8. I couldn't find any FF security settings that may affect this issue.
I'm not aware of any changes in Firefox 14 relating to this feature, but there are dozens of changes in each release, so I certainly can't rule it out.
Is the E drive a partition on your hard drive, RAM disk, removable storage? Just wondering whether it might be treated differently than the C drive for some reason. But IE and Firefox should be consistent, since this is all about Windows' internal security controls...
Maybe you are looking for
-
Flash Media Live Encoder 3.2 crashes on OS X Lion on start up
I was trying to start of Adobe FMLE 3.2 after installing OS X Lion and it keeps crashing on me. If someone could give me some tips on what to do, that would be very helpful. thanks. Process: FlashMediaLiveEncoder [2802] Path: /Appl
-
Asset is getting capitalized at the time down payment to vendor for AssetPO
Dear All, I am working on one scenario in which asset is getting capitalized at the time of down payment to vendor. I have created on Asset PO and i am doing downpayment to vendor against this Asset PO using F-48. Now it works fine and also this down
-
Purchase Price History Report/ OM Price report
Oracle Gurus, Can I maintain a price history for any item-supplier combination, so that it defaults while I prepare a RFQ or enter a quotation in the system? If yes, where can I do this?If no, is there any workaround? In future based purchase price h
-
I need to add some sound fx, and some voice over to a tv commercial. I usually do this in protools, but I only have access to adobe audition at the moment. The file is an MPEG-4 H.264, AAC.. After watching some videos all i thought I had to do was
-
Hi everybody, I'm trying to get a list of running processes, and for each process I need its Process ID, Process Name, and the command line that run this process. I found a way to get everything but the command-line, by JNI wrappers (below are links