Server needs to trust *client* code without a certificate

Similar Messages

• Can a server trust *client* code without a certificate

  Here's a sticky security question
  I want my server to trust that a client has performed the operation it says it has on some data held by the client (the client performs the operation to reduce server load). The server can supply code to perform the operation to the client, via a serialized object or RMI.
  However, I don't want every client to have to register with the server (eg if each client had its own certificate this would be necessary)
  Presumably something must happen as the client performs the operation to show that the correct (server generated) code was used.
  If the object whic h knows how to perform the operation is sent using RMI with a public sign method and the server lends its own private key for the signing, in a private field of this object, can a malicious client discern the private key of the server simply by deserializing the object ? Encryption of the serialized object doesn't seem to help as a normal client needs to decrypt, so the malicious one can too.
  What about if a private/public key pair is generated at the server and given to the client for signing? again the malicious client could sign using the key then perform a completely different operation.
  What should actually be signed at the client end - the object sent which performs the operation ? the server needs to know that this signature proves that the code it sent was used.
  would be interested in any ideas (this is for a university project)
  thanks to all
  John

  thanks for this
  a policy would be fine for a server only to allow certain clients to connect - but what I want to ensure is that once connected, a client really does use the code generated by the server - in effect I want to have untrusted clients (eg anyone) to be able to connect, but I need to trust that they perform a certain operation.
  I think that with RMI I can ensure that a certain method is called if the client has a true (verified...how?) java virtual machine installed, and not a malicious one... but I am coming to the conclusion that to ensure that the right code is used, I will have to give each client its own public/private key and let the server hold a register of trusted clients (which reduces the elegance of the system)
  Jon

• JMS server needs restart after client app restarts

  Hello everyone,
            I have a client who has two domains - one for JMS and one for client (web service in this case). They are noticing that when the client domain is restarted (for various reasons), the client can make one, and only one, call to the JMS server. After that first call, the topic appears inactive from within the Weblogic console, however the console reports that there are no messages pending. So what happened? there is no error on the side of the client. Client just states that the message was submitted, but no response.
            They are using durable subsribers.
            So the question is, why, after a restart of the client domain, does a query to the JMS topic only work once?
            The workaround we have right now is to restart the domain hosting JMS and everything is fine.
            Thank you
            Chris

  Hello Tom,
            To answer your questions:
            1. SOAP over HTTP
            2. The Web Service has a web method that instantiates a listener that is also a Durable Subscriber - that is all I know for now, I can get more details on this.
            3. Client and Server are same version, WLS 10.0.0
            4. There are no exceptions generated whatsoever. I was monitoring the console. After the 2nd call (which there is no response it appears), the ClientID inside WL console is "Failed". And there are no pending messages in the topic. According to the console, all messages had been processed.
            I'm wondering why the ClientID shows up as failed (no error messages though). If we restart the JMS domain, the ClientIDs show up as Active.
            Thanks
            Chris

• Help Needed With Basic Client/Server App

  I was wondering if anyone can help with a simple blackjack client/server application i've been writting (basically its a moddified chat application). The problem i'm having seems to lie within the connection management i've written.
  What i'm trying to get is that only 4 players can connect at one time and that each player takes a turn (which i've implemented using threads) to play their hand (as you would if you were playing it for real). The problem is that it will allow the players to connect, but oddly enough, it will not allow a new transaction to be created (i.e. allow a player to take their turn) until 2 players have connected.
  Even when it does create the transaction, after taking input from the client once, the server seems to stop doing anything without any error message of any kind.
  Its really annoyed me now, so you guys are my last hope!
  The code can be found in full here:
  Client Application: http://stuweb3.cmp.uea.ac.uk/~y0241725/WinEchoClient.java
  Server Application: http://stuweb3.cmp.uea.ac.uk/~y0241725/ThreadServer.java
  Card Class: http://stuweb3.cmp.uea.ac.uk/~y0241725/Card.java
  Deck Class: http://stuweb3.cmp.uea.ac.uk/~y0241725/Deck.java
  Please feel free to play around with this code as much as you feel necessary!

  (one last bump back up the forum before i give up on this completely)

• Does Admin server need Oracle Client

  I have a setup where the admin server resides on a different server than the managed server. To setup a Data Source/connection pool does the admin server need to have the Oracle client setup for the data source to work which is targeted ONLY to the managed server.
  Thanks
  John

  John Essert wrote:
  I have a setup where the admin server resides on a different server than the managed server. To setup a Data Source/connection pool does the admin server need to have the Oracle client setup for the data source to work which is targeted ONLY to the managed server.
  Thanks
  JohnHi John, no, and we recoomend highly that you use the oracle driver
  in the thin mode, which needs no Oracle client installation at all.
  Joe

• JMS, Help needed in writing a client code with .bindings file

  Some one is keeping a message in MQSeries in their environment. We need to develop a client code, probably a JMSClient, which will consume the messages from the MQSeries. They have given us a ".bindings" file. The following lines of code is used and we are not able to connect to it. Can somebody help us in completing this task?
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.fscontext.RefFSContextFactory");          
  env.put(Context.PROVIDER_URL, "file:///c:/Temp");
  String QCF = "CPS.ECOMM.QCF";
  String TEST_QUEUE_S = "SYSTEM.JMS.D.CPSI.ECOMM";
  initialContext = new InitialContext(env);
  queueConnectionFactory = (QueueConnectionFactory)initialContext.lookup(QCF);
  queueConnection = queueConnectionFactory.createQueueConnection();
  queueConnection.start();
  queueSession = queueConnection.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
  queue = (Queue)initialContext.lookup(TEST_QUEUE_S);
  QueueReceiver receiver = queueSession.createReceiver(queue);
  Message msg = receiver.receive();
  TextMessage txtMsg = (TextMessage)msg;
  String result1 = txtMsg.getText();
  ....

  The .bindings file is part of the structure expected by the RefFSContextFactory in the directory that provider.utl points to.
  Create a directory containing only the .bindings file and point the PROVIDER_URL at the directory.

• Trying to activate serial number after entering redemption code and continues to say invalid serial number. Installing on Server 2012 R2 for client using RDS. HELP.....

  trying to activate serial number after entering redemption code and continues to say invalid serial number. Installing on Server 2012 R2 for client using RDS. HELP.....

  Thank you guys for the quick answer! Muche appreciated
  I've tried all suggested solutions, but no luck :-(
  - tried http://support.microsoft.com/kb/2765260 > no help and by the way the hotfix provided is not applicable for 2012 R2.
  also tried "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regii -enable -i" and got this :
  Microsoft (R) ASP.NET RegIIS version 4.0.30319.33440Administration utility to install and uninstall ASP.NET on the local machine.Copyright (C) Microsoft Corporation.  All rights reserved.Start installing ASP.NET (4.0.30319.33440).This option is not supported on this version of the operating system.  Administrators should instead install/uninstall ASP.NET 4.5 with IIS8 using the "Turn Windows Features On/Off" dialog,  the Server Manager management tool, or the dism.exe command line tool.  For more details please see http://go.microsoft.com/fwlink/?LinkID=216771.Finished installing ASP.NET (4.0.30319.33440).
  http://social.technet.microsoft.com/wiki/contents/articles/14582.sharepoint-2013-install-prerequisites-offline-or-manually-on-windows-server-2012-a-comprehensive-guide.aspx
  > is not for 2012 R2.
  For the automated install script (http://gallery.technet.microsoft.com/office/DownloadInstall-SharePoint-e6df9eb8) Craig mentions that the script are not yet compatible
  "SharePoint 2013 SP1 and Windows Server 2012 R2 support coming soon
   I will be updating this script with support for SharePoint 2013 Service Pack 1 installations along with support for Windows Server 2012 R2 in the near future. Thank you to everyone for the interest in my scripts - it is much appreciated! "

• Why sign up Apple ID need itunes gift card codes if i no codes how to do, can sign up without itunes gift card codes?

  Why sign up Apple ID need itunes gift card codes if i no codes how to do, can sign up without itunes gift card codes?

  The same thing is happening to me!

• Help needed with server essentials 2012 R2 client backup failing

  Help please.  I have installed WSE 2012 R2 on a new Lenovo TS140, everything seems to be working fine (I can map drives, browse folders, copy files back and forth to clients, run the server through dashboard from a client,
  run the server through remote desktop from a client, use remotewebaccess etc.  But I can't get ANY of my clients to backup to the server.  The connector finds the server, installs on the client and the launchpad runs and says 'connected to server',
  but when I try to run the backup, it fails after about 30 seconds and says "can't connect to server"...  This is all the same on clients that are Win 7 Home, Win 7 Pro, Win 8.1 pro and win 8.1 home, wired and wireless...  Have spent about
  a week researching, clean reinstalling, examining router config etc... no luck.  Any thoughts or direction for help appreciated.  I'm not using storage spaces, and have run drive scans which all show healthy drives (1 SDD - OS, and separate HDs for
  files and backups...

  Status is 'no backups available', and no indication of anywhere to check to start, configure or set a backup.  Though I do have the "client computer backup tasks" available over in the tasks panel on the right, but that just sets times for backups to
  occur.
  The system is backing itself up nightly, but no clients.
  I have a bunch of things listed on the BPA (probably as I did some tinkering based on other suggestions, and have tried to set up openDNS forwarding etc.  I'm not sure how to undo all that, so if a clean install would help I could do that rather
  easily..)  BPA partial results listed below...
  Warning
  Network Policy Server (NPS) should be configured to use more secure authentication methods.
  Configuration
  Warning
  All domains should have at least two domain controllers for redundancy
  Operation
  Error
  The PDC emulator master ..in this forest should be configured to correctly synchronize time from a valid time source
  Configuration
  Warning
  All OUs in this domain should be protected from accidental deletion
  Configuration
  Error
  DirectAccess: DirectAccess must be configured to accept client connections
  Configuration
  Warning
  RRAS: IPv4 routing should be enabled on the RRAS server for routing protocols like DHCP Relay, RIP and IGMP to run
  Configuration
  Warning
  RRAS: IPv6 routing should be enabled on the RRAS server for routing protocols like DHCP Relay to run
  Configuration
  Warning
  RRAS: The number of ports available for use by SSTP should be greater than 0
  Configuration
  Warning
  RRAS: The number of ports available for use by L2TP should be greater than 0
  Configuration
  Warning
  RRAS: Only one certificate for IKEv2 should have IP security IKE intermediate in its EKU property
  Configuration
  Warning
  RRAS: The subject name of the certificate to be used for IKEv2 or SSTP must match the name of the RRAS server or the IP address of the external interface of the RRAS server
  Configuration
  Warning
  RRAS: Use authentication protocols that are considered more secure than PAP, CHAP, or MS-CHAPv2
  Configuration
  Warning
  The RD Gateway server SSL certificate must be configured with a valid certificate subject name
  Configuration
  Error
  Use SSL when you use Basic authentication
  Security
  Warning
  Short file name creation should be disabled
  Configuration
  Warning
  Srv.sys should be set to start on demand
  Configuration
  Warning
  Client failback should be enabled for the Netlogon and SYSVOL folders on domain controllers
  Configuration
  Warning
  Namespace root referrals should use the Lowest Cost ordering method on the following DFS namespace:
  \\xxx\Shared Folders
  Configuration
  Error
  DNS: The DNS server 208.67.220.220 on Ethernet must resolve names in the primary DNS domain zone
  Configuration
  Error
  DNS: The DNS server 208.67.222.222 on Ethernet must resolve names in the primary DNS domain zone
  Configuration
  Error
  DNS: The DNS server 208.67.220.220 on Ethernet must resolve names in the forest root domain name zone
  Configuration
  Error
  DNS: The DNS server 208.67.222.222 on Ethernet must resolve names in the forest root domain name zone
  Configuration

• Connect SQL Server 2012 from Windows Server 2003 with native client 9.0

  Hi,
  I currently have a setup where ETL tool Ab Intio, running on a Linux server, connects to the SQL Server 2005 through a passthrough Wintel server with Windows Server 2003 OS using SQL server native client 9.0
  Now I have the requirement to upgrade the SQL server from 2005 to 2012.
  My question is, will it be possible to connect to SQL server 2012 through Windows Server 2003 with native client 9.0?
  As per the specs, I need native client 11.0+ to fully support SQL Server 2012, but then, as per specs, native client 11.0 doesnot run on Windows server 2003. OS upgradation is currently not on the cards.
  So will it be possible to the run the basic queries we use currently, if we can connect SQL server 2012 through Windows Server 2003 with native client 9.0/10.0, without updgrading the OS of the Wintel server?
  Thanking you in advance! 

  Hi Soumya,
  Yes, you can use the SQL Server Native Client shipped with SQL Server 2005 to connect to a SQL Server 2012 instance, and there is no need to upgrade the operating system.
  Regards,
  Mike Yin
  TechNet Community Support

• Running Oracle 9i client code against an Oracle 10g install on PC

  On Unix I am able to run Oracle 9i client code against an Oracle 10g install by setting ORACLE_HOME to the Oracle 10g install location and then creating a symbolic link (example: ln -fs libclntsh.so.10.1 libclntsh.so.9.0).
  On PC (in particular XP SP2) I want to do something similar without using "junctions" or "junction points". Is there a way to set an environment variable or ini file to have my 9i client code point to the right libraries? I keep getting an error saying that my client code will not run due to "orasql9.dll" not being found. The "orasql10.dll" is installed on my machine.
  Any assistance would be appreciated.

  You might want to check metalink doc,
  Client / Server / Interoperability Support Between Different Oracle Versions
  Doc ID: Note:207303.1
  Even your application built on 9i, doesn't mean it will not work with 10g database. From what I can see, running 9i executable under 10g installation to create mixed blood breed will do more harm than good. Not only it's not supported but also the outcome is unpredictable.

• Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

  Hi friends,
  Our scenario is as follows:
  We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
  We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
  1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
  2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
  3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
  4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
  When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
  Please let us know if we have missed out some step.
  What does error message indicate,
  Regards,
  Rehan

  Hi Rehan,
  I see that the PROCTIMEOUT was already at a very high value.
  Does this occur for messages of a particularly large size?  If yes, you could increase the parameter
     icm/HTTP/max_request_size_KB = 2097152
  This would need to be done in the sender/receiver system as well as XI.
  Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
  check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
  Kind regards,
  Sarah

• OBIEE 11g on Linux - do I need a DB Client Installed???

  I have installed an 11gR2 database on an OEL Virtual Machine, and on a separate VM installed OBIEE 11.1.1.5.
  The RCU created the metadata required for BI - and out of the box, OBIEE works absolutely fine.
  Now I'm trying to migrate a database and RPD etc from another (Windows) environment... and I'm getting errors:
  "Oracle Error code: 12154, message: ORA-12154: TNS:could not resolve the connect identifier specified at OCI call OCIServerAttach. [nQSError: 17014] Could not connect to Oracle database. (HY000)."
  This suggests that I need an Oracle Client installed on my OBIEE server, to enable it to connect to my DB server.
  This seems odd - as RCU has created the metadata fine, and OBIEE is obviously using it? Do I really need a client now? Please could someone explain?
  Thank you!

  Oracle client should be installed in the OBIEE machine, then add Oracle server information to tnsnames.ora file . Later copy the tnsnames.ora into OBIEE installed directory, for more information see the following link.
  http://123obi.com/2011/03/error-the-connection-has-failed-in-obiee-11g/
  Hope it helps you.
  Regards,
  Kalyan Chukkkapalli
  http://123obi.com

• How can I make a TCP server for muticonnec​tion clients??

  Dear group,
  I try to change a complicated TCP server with only one client posibility to
  a multiclient.
  I've seen the examples, even some solution on the ni web, but I don't
  understand very well how it's works. I need also logging for each client in
  a different file.
  Thanks for your help.

  The best example I have found is this one
  Understanding Client-Server Applications -- Example Code
  There are a couple of good links to tutorials off the page as well.
  If you have questions about the specific example let us know what they are.

• Access Oracle 9i from a Client Application without Oracle Client Install.

  Is it possible to access an Oracle Database from a Client Application without having an oracle Client Installation ?
  I want to write a program that connect to an Oracle Server. I use Borland C++. But my Programs only works with having the Client Oracle Software installed on the Client. Is there any way to realise this ?

  The way that 99% of the people that want to do this manage is to write Java code that connects to the database via JDBC, using Oracle's thin JDBC driver.
  If you absolutely have to use C++, you can purchase thin ODBC drivers from third parties (DataDirect for example) that will connect to the database without the Oracle client. I'm not aware of any thin, free ODBC drivers.
  Justin