Security with scripts
Right now, I am coding the username/password@something into the scripts that I am writing for oracle8i database. I understand that there are security issues with this. They want the password to be hidden. Someone suggested me to set the username and password into the path. I'm just wondering how am I able to do that? What steps do I need to take?
The system we use for this type of thing is to create an externally identified user in Oracle.
CREATE USER ops$oracle IDENTIFIED EXTERNALLYWhat this means is, that if you are logged into the server as the O/S user oracle, then you can connect to a database without a password like:
/home/oracle/dba>sqlplus / The ops$ is Oracle's default prefix for externally identified users. You can change this by setting the parameter os_authent_prefix to something else.
Any valid O/S user can be granted access to the database this way. However, you can only connect without a password if you are physically connected to the server where the database resides (either the console or a telnet session). You can give a password to an ops$ user as well so that the account can be used when not directly connected. It is the ops$ prefix (or whatever you set) that allows the connection.
We give user ops$oracle DBA privileges on the database (note you want to be very careful who has the password to the oracle O/S account). Then when we need to run automated scripts through cron we would do something like:
#!/usr/bin/ksh
export ORACLE_HOME=/u01/app/oracle/product/8.1.7
export ORACLE_SID=prod
export PATH=$ORACLE_HOME/bin:$PATH
sqlplus -s / <<EOF
ALTER SESSION SET current_schema=table_owner;
SELECT * FROM t;
exit;
EOFthe SET current_schema puts us in table_owner's namespace, so we can refer to his objects without qualifying them with owner.table_name. Changing schemas does not give access to any thing that you could not see by qualifying the table name with the owner name, but it is convenient.
HTH
John
Similar Messages
-
Web Service Security with SAML - Invalid XML signature
Hello together,
we want to build a scenario where we want to use Web Service Security with SAML.
The scenario will be
WS Client (Java Application) -> WS Adapter -> Integration Engine -> WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
SAP PI release is 7.11 (SP Level 4)
We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
But we get following error at calling the CRM system when we want to communicate with SAML:
<E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
Has somebody an idea of the possible reason for the error.
Thanks in advance
StefanError Messages in the Trace/Log Viewer:
CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48 with internal error id 1001 and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1 ).
Invalid XML signature -
How to create a new Oracle OSB project automaticaly with script without IDE
Hello,
I want to create automatically an "Oracle service bus project" and an "Oracle service bus configuration project" with scripts (ANT or Maven or ...) without using IDE, without using workshop or Eclipse. I want to create automatically (ANT or Maven) just a skeleton of an OSB project witch i can use after in workshop.
I want to create 1 "Oracle service bus configuration project" with many "Oracle service bus project" automatically (ANT or Maven or scripts) witch i can use after in workshop. How to create a new Oracle OSB project automaticaly with script without IDE ? How can i do this ?
I'm using Oracle service bus 10.3.1
Thank you for your help.Thank you for your response,
I do not want to just create the services (proxy services and business services) but I want to create a template for 40 OSB project with the same scripts ANT/Maven.
Template="Oracle service bus configuration project" + "Oracle service bus project" + services of 40 OSB projects
The goal is that I have more than 40 projects to create and just the name of the projects that changes (when I say the name of the project ie the name of the OSB project, the name of proxy services and the name of business services ).
So I want to give my script (ANT/Maven) the name of 40 OSB project and the script must generate the skeleton of the 40 projects at once time and after generation of skeleton of the 40 project, I will import them in the workshop to add manually mapping and routing and other things that differs from one project to another.
So i want to generate automatically a skeletons of 40 OSB projects using a script (ANT / Maven) and I give to the script juste the names of the 40 projects.
I want to create a "Oracle service bus configuration project" and "Oracle service bus project" automatically of 40 OSB projects (ANT or Maven or scripts) witch i can use after in workshop.
I want to create one 'template' of all 40 projects in the same time, with the same directory structure (Transforlation, Business services, proxy services, WSDL .....) and all 40 project have the same transport, just the names of projects and services witch changes and i can give to the script all names of projects and services and i can give also all WSDL.
Regards,
Tarik -
Is there a way to print a pdf, which is secured with password?
I want to know a way to print pdf which is secured with password to print without throwing a error ?
Instead it has to ask for a password and print..we need to have an associated application installed in the system for that particular fileYup.
does javax.print api works for pdf files and word documents?Nope.
There is something called (I think) iText which can handle PDF documents. No idea whether it includes a printing facility or not.
db -
Is there a way to view Flash videos on my iMac without downloading Adobe Flash Player? I'm concerned about performance and security with Adobe Flash Player.
If the video is only available in a format that requires Flash player : then no.
However, a great many can also be viewed in an HTML5 version, in which case http://hoyois.github.io/safariextensions/clicktoplugin/ or similar can be set up so that Flash never runs unless you specifically choose it to. -
Everytime I'm automatically updated past 3.6 my computer is inundated with Script Freezes..especially on the email page of gmail.
This has happened many many times. As far as I can determine these Script Freezes (Says: A script is attempting to write on this page.."Continue"..Stop Script etc) are coming from Internet Explorer (I'm not sure of this) and it's tricky to delete any elements of Internet Explorer. But at any rate my computer freezes up until the Script problem is settled..I check the don't ask me again block..but it does no good.
My real question is: Since things work fine in 3.6...how can I avoid any automatic updates?
Also, why isn't there a Timer Window (or a timer bar)for Firefox?...sometimes I have to wait 5 minutes for it to load! If there was a timer at least I'd know that something is happening and I'd be willing to wait. When it does take forever to load..it seems to help if I delete all Prefetch and temporary files.
Is there a safe way of turning off Internet Explorer temporarily?
Thanks for your help
Matthew
[email protected]I tried this today, and it is working now:
Click Firefox > Options > Options > Advanced ... then Uncheck the option "Use hardware acceleration when available" -
Paragraph Alignment question - is it possible with scripting?
Hello. I am working on a business card template that has a paragraph alignment problem. I have asked in other forums if it was possible, they pointed out that it might be, with scripting.
I need to know if it is, so I can dig further.
Here is the problem: I have a name and title on seperate line that need to be aligned to the right margin (the longest line touches the right margin) but centered above or below themselves. The text box is set to receive a large amount of characters. This is an automated system using InDesign Server so no manual adjustments are being made once the information has been submitted.
Is this possible?Again, I don't know anything about ID Server, but you can try this. Label the text frame 'card' (select the frame, go to Window > Automation > Script label and enter a 'card' -- without the quotes).
try
tf = app.activeDocument.textFrames.item ('card');
p0 = tf.paragraphs[0];
p1 = tf.paragraphs[1];
p0.justification = Justification.rightAlign;
p1.justification = Justification.rightAlign;
p0left = p0.insertionPoints[0].horizontalOffset;
p1left = p1.insertionPoints[0].horizontalOffset;
if (p1left > p0left)
p1.rightIndent = (p1left-p0left)/2
else
p0.rightIndent = (p0left-p1left)/2;
catch(_){}
This one doesn't rely on a selection.
Peter -
EVENTS WITH SCRIPTS not visible
Hi,
I am not able to see the events with scripts in the SHOW drop down.
How can I get the above to have the calculations done?
the version of the designer is 8.0
RegardsHi,
When it displays in the “default Calendar view” ,it shows "Event Permissions" option under EVENTS ribbon, this option can set permissions for a single
event. Click
” List Settings “
option under CANLENDAR ribbon, the "Permissions for this list” option can set permissions for the entire calendar.
When it displays in the "All Events" view, it shows "Shared With" option both
in the ITEMS and LIST ribbon. This option under the ITEMS can set permissions for a single event. This option under the LIST can set permissions for the entire calendar.
Best regards,
Wendy
Wendy Li
TechNet Community Support -
Axis bank net secure with webpin not working on ipad2
Hi,
Axis bank net secure with webpin not working on ipad2
Lt me know how to proceedTry using their App:
https://itunes.apple.com/in/app/axis-bank-mobile-application/id517266358?mt=8 -
Data level Security with Oracle Apps as Source
Hi all
I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
(for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
I have created Groups in rpd with same name as the responsibility in Apps.
I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
I have created Group in WEB with the same name as the Group name in rpd.
If I say show all Users and Groups in WEB, I m getting the APPS Users.
I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
But in the Report, I m getting all the Business Group Ids,
Plz advice if I m doing something wrong.
ThanQ
AnandYou need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box. -
WPA Security with the F5D7230-4
Hey,
I've successfully bridged my Airport Express from my Belkin F5D7230-4 with WEP Security enabled and it worked very well. Well, I should actually rephrase that; it worked well for all the Macs. The only PC on the wireless network couldn't establish a consistent connection, so I had to change the security to WPA and now everybody's computers work very well (WPA is actually desired). The only problem with WPA is that I can't get WDS to work with it, in other words, the Airport Express won't connect to the Belkin. After configuring the settings the same way as before (except changing the security) the Airport Express will first stay solid yellow, turn green for 2 or 3 seconds, and then flash yellow again. I have tried changing the wireless channel, and telling the Airport Express to just join (not WDS) while the Airport Express next to the Belkin, but still nothing worked.
Wireless bridging is infact enabled on the Belkin, and I've also tried allowing only certain access points to connect, but that didn't work either.
Is it possible that I'm not able to use WPA security with WDS on this Belkin router?
It's a F5D7230-4 Belkin Router with 4.05.03 firmware, and the latest firmware is on the Airport Express.
Thanks for any help in advance.Do you mean to get into the network? I do have a password WPA password set, and that's why the Airport Express can't access it.
I need WPA set because a: the PC on the network needs it in order to connect, and b: it's much more secure.
I pretty much need to have the security because the Belkin has it on, and to my understanding, the Airport Express also needs to have it enabled to work.
Is there any update or anything available that could help my problem, or am I pretty much out of luck? -
Cursor postion with scripting in Adobe LiveCycle ES
Hi,
I have a textfield that populates editable text when we click pdf preview. when I tab the cursor moves to the end of the pharagraph. we are using some screen readers that reads the text. Our requirement is to bring the cursor at the begining of the text when tabbed.
Is it possibe to bring the cursor at the begining of text with scripting.
please post the steps if possible.
Your help on this would be highly appriciated.
Thanks,
Ramesh Punugubati.Hello Jasmin
The "Results" variable need to declared out of the try and catch block, otherwise it won't be recognized when it comes to "close" at the end.
Here is a modified version of your script.
Greetings,
Yasser
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.Statement;
import java.sql.ResultSet;
import javax.sql.DataSource;
import javax.naming.InitialContext;
import java.sql.CallableStatement;
CallableStatement proc_stmt = null;
InitialContext context = new InitialContext();
Connection connection = ((DataSource)context.lookup("java:/IDP_DS")).getConnection();
proc_stmt = connection.prepareCall("{ call CalculateTotal() }");
ResultSet results;
try
results = proc_stmt.executeQuery();
if (results.next())
patExecContext.setProcessDataStringValue("/process_data/@Total",results.getString(1));
catch(Exception ex)
ex.printStackTrace();
results.close();
proc_stmt.close();
connection.close(); -
Reproducable Error with script SYS.I_PLSCOPE_SIG_IDENTIFIER$
Hi Oracle,
I get an error when running attached script:
The error message is:
ORA-00603: ORACLE server session terminated by fatal error
ORA-00600: internal error code, arguments: [kqlidchg1], [], [], [], [], [], [], [], [], [], [], []
ORA-00604: error occurred at recursive SQL level 1
ORA-00001: unique constraint (SYS.I_PLSCOPE_SIG_IDENTIFIER$) violated
00603. 00000 - "ORACLE server session terminated by fatal error"
*Cause: An ORACLE server session is in an unrecoverable state.
*Action: Login to ORACLE again so a new server session will be created
DROP SEQUENCE T_TEAM_ID;
DROP SEQUENCE T_COMPANY_ID;
DROP TABLE t_company CASCADE CONSTRAINTS
DROP TABLE t_team CASCADE CONSTRAINTS
CREATE TABLE t_company
id INTEGER NOT NULL ,
name VARCHAR2 (20) NOT NULL
ALTER TABLE t_company
ADD CONSTRAINT PK_company PRIMARY KEY ( id ) ;
CREATE TABLE t_team
id INTEGER NOT NULL ,
company_id INTEGER NOT NULL ,
name VARCHAR2 (20) NOT NULL
ALTER TABLE t_team
ADD CONSTRAINT PK_team PRIMARY KEY ( id ) ;
ALTER TABLE t_team
ADD CONSTRAINT FK_t_team_t_company FOREIGN KEY
company_id
REFERENCES t_company
id
CREATE SEQUENCE T_COMPANY_ID
NOCACHE
ORDER ;
CREATE SEQUENCE T_TEAM_ID
NOCACHE
ORDER ;
CREATE OR REPLACE TRIGGER t_team_BI
BEFORE INSERT ON t_team
FOR EACH ROW
WHEN (NEW.id IS NULL)
BEGIN
SELECT T_TEAM_ID.NEXTVAL INTO :NEW.id FROM DUAL;
END;
CREATE OR REPLACE TRIGGER t_company_BI
BEFORE INSERT ON t_company
FOR EACH ROW
WHEN (NEW.id IS NULL)
BEGIN
SELECT T_COMPANY_ID.NEXTVAL INTO :NEW.id FROM DUAL;
END;
The error is thrown for the CREATE OR REPLACE TRIGGER and also comes up when creating the rest 1st, logging of and logging in again.
As it seems to be a serious error (I'd never expect it to show) and I don't now how to solve it, I wrote you this bug report.
I'm on Win7 Pro and using SQL Developer 3.0.04. Oracle version installed is:
SELECT * FROM V$VERSION
where banner like 'Oracle%';
BANNER
Oracle Database 11g Express Edition Release 11.2.0.2.0 - Production
Any advise or idea how to solve the error?
Thank you,
BlamaError with script SYS.<...>Using sysdba connections for schemas is strongly discouraged.
Creating tables in the system tablespace that have no relation to the sys and system schemas brings its own set of admin headaches, sysdba should only be used to shutdown or startup an instance.
Or if there is a specific SYS object that needs to have permissions granted that cannot be done via a user with the DBA role privilege (i.e. SYSTEM), that should be the only time a sysdba connection is needed.
Also, beginning with 11g the pl/sql for setting a column with a sequence value can be done directly, no 'select ... into ... from dual;' needed.
begin
:new.<column> := <sequence>.nextval;
end [<trigger name>]; -
Java Web Services Security with 10.1.2.1
I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
Please help as how I can implement Java Web Service Security with 10.1.2.1?
Email: [email protected]
Thanks for the help in advance.You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
Thanks
Ram -
WPA2 security with EAP-TLS user cert auth
I am investigating the use of EAP-TLS for authenticating clients through a MS NPS radius server for WLC WLAN using WPA-WPA2 for security with 802.1x for auth-key managment. We're trying to decide whether to use PEAP and AD account authentication or require client certificates issued by AD certifcate services. PEAP is working fine if we choose that auth method in our NPS radius network policy, but if we switch this to "smart card or other certificate" for client cert auth it does not work. The wireless profile on the Windows client is set up for WPA2/AES with "Microsoft: smart card or other certificate" for network auth. The 802.1x settings specify "User Authentication" and a user cert for the logged in user from ADCS is installed on the machine. The failure to connect reports "The certificate required to connect to this network can't be found on your computer". When I switch to Computer Authentication the error changes to "Network authentication failed due to a problem with the user account," though a valid machine cert also exists on the computer.
When I attempt to use cert auth I see no auth requests logged on the RADIUS server. I ran MS netmon on both the client and NPS server and I also see no requests coming in from the WLC to NPS. When using PEAP I do see EAP requests and responses between NPS and the WLC and radius requests logged. On the client end I do see an EAP request to the WAP when attempting cert auth, but no messages between the WLC and NPS.
It's also interesting that when I change the WLAN to use 802.1x and WEP encryption for layer 2 auth the cert auth worked first time, though I haven't been able to get that working since. Windows now complains I am missing a cert for that. In any case, what I really want is WPA2/AES with 802.1x cert auth and would like to get this working.
Is anyone using EAP-TLS with MS NPS radius and a WLC successfully? Any ideas on how to troubleshoot this or why I'm not seeing any traffic between WLC and NPS radius when attempting cert auth?Well Well
WLC or any AAA client acts in pass through mode after initialy generating EAP-identity request so it has nothing to with EAP type. AAA client will behave the same no matter if you use PEAP , EAP-TLS or LEAP .....
The error message that you have reported is clearly sayign that your client doesn't have certificate to submit agains the back-end authentication server and accordingly the process fails . If you are not saying anything sent from WLC to NPS , it makes sense , because when the WLC initialy generate eap-identity request your client fails to answer and accordingly nothing is being sent to NPS server.
In order to verify that we need ' debug client < mac address of the client > ' from the WLC while trying to connect to make sure that is the case.
Also make sure that your client has certificate that is binded to a user account defined on your AD in away or another to have it working.
Please make sure to rate correct answers
Maybe you are looking for
-
How do I save.cur in Photoshop CC?
How do I save.cur in Photoshop CC?
-
Good References for developing in Landscape Mode?
Just wondering if there's a portion of the Programming guide, or if there are any good sample apps or sites out there with tips and best practices for developing apps with landscape views? Googling and searching based on "horizontal or landscape view
-
What is the standard courses for EAM?
Hi, guru: my future job will be related to EAM, I would like to take part in some standard courses about EAM, how and which courses should i start from? thanks
-
Hi all, I installed BIEE 10.1.3.3.0 on Centos 4.4 and choosed Oracle BI Publisher. After installation finished, I start oc4j -start then message appear : Starting OC4J from /data1/u01/app/oracle/product/OracleBI/oc4j_bi/j2ee/home ... 2008-07-22 09:07
-
Connection now killed where it use to work great.
For the past year, I have used Time Capsule as my wireless router and got a good signal in the opposite end of the house (obviously better when closer to the TC but good enough to surf the web). Now it doesn't connect at all in the 2 rooms it use to