To analyze or not to analyze (sys and system)! That is the question.

Similar Messages

• To CMP or not to CMP....that is the question!

  Hey guys.
  I have a problem which I am hoping you can help me solve.
  Let's say that we are designing a simple J2EE address book web application.
  The application design must follow these requirements:
  1. The application stores all data in a relational database.
  2. The user interface to the application is browser based only.
  3. The application must be independent of the database type (Oracle, MS Sql, Informix).
  4. The application must be independent of the application server type.
  5. The application must be portable between databases and application servers.
  The application allows the user to do the following:
  A. Search for entries in the address book
  B. Display (read only) entry details
  C. Add/edit/delete entry
  Now, what I'm wondering is: Should we use CMPs to encapsulate the address book entries,
  or should we use Java classes with JDBC access to the database (managed through session beans).
  I know that if we use CMPs, we don't have to code the database access calls.
  Not only does this approach save us time, but it makes the bean portable across various database
  servers.
  But if we use CMPs, it seems to me that we face the following problem
  (please correct me if I am wrong):
  The application server creates tables in the database for storing the CMP data. The names of these
  tables are not specified by the J2EE specification (because the persistent storage does not need to
  be a relational database). Therefore if we deploy the application on application server A, and
  then later decide to change to application server B, then B might have other naming rules for tables
  than A (and would therefore be unable to read the data from the database).
  Therefore, by using CMPs, our application is no longer portable between application servers, and
  this violates design requirement number 5.
  Now, I know that many application servers allow you to specify a mapping for CMP to an existing table,
  but the configuration files for specifying these mappings are different between
  application servers. And since we do not want our application to have to know anything about the
  server it is to be deployed on, that solution is unacceptable.
  Another way would be to implement the address book without CMPs, using Java classes with JDBC access
  to the database (caching frequently accessed data, perhaps with the A.C.E. Smart Cache pattern).
  My question is: What exactly is the tradeoff between these two implementations (in this limited web
  access only context)?
  Will the non-CMP implementation come in second in performance (and if so, why?)?
  When the application server tier is clustered, does the application server synchronize the cached
  CMP data in the cluster? This will have to be done manually in the non-CMP implementation.
  Any thoughts on the above issues are greatly appreciated.
  Thanks.
  OGG.

  I entirely agree! I think this is a general problem with java going forward that they didn't think about. Look for my post on problems with JAAS with JavaBeans and EJBs. They have not thought enough about how to truly ensure integration and portability of 3rd party tools. Yes, in this regard M$ is a little better, as their ActiveX integration has produced a pretty rich 3rd party industry, but that's helped by the fact that they don't really worry about security. (Although their COM+ security integration for 3rd party tools is better than JAAS with Java. In COM+, I can take your component and actually set security levels/roles for any method within your component! You can't do that in JAAS - see the JAAS Problems and Misconceptions discussion somewhere in the Java Forums).

• To upgrade or not to upgrade....that is the question.

  So my original iPhone is just starting to end its lifespan. I have had it since the phone first came out (so for about 2.5 years). I am having problems with battery life, freezing, and the sleep button keeps getting stuck. I brought it to the genius bar today and they told me that they can replace the phone with a new one (still the original iPhone) for what amounts to about $90 after taxes and stuff.
  So here is the question. Do I spend the $90 for the same phone with no upgrades and the capability of keeping my current service plan (only $60/month) or do I upgrade to the newest iPhone for only an extra $100 but then have to pay an additional $15 or more per month for the same service? Is the newest phone really worth that extra money?

  That's a decision only you can make. Personally, it would be worth it to me to go from a 2G to a 3GS (assuming I was in a good 3G coverage area) but if you can limp along for another few months, Apple may come out with a new iPhone this summer, considering they have for the last 3 summers.

• To protect or not to protect....that is the question

  I've got a question for all my fellow Mac users out there.  I recently purchased a 2011 MacBook Pro in December of 2011.  I absolutely love the computer.  What I was going to get some input on was the issue with anti-virus protection.  I have seen a number of posts where people are saying that it's really useless because Mac is so secure and that, if you do download one, many times it causes more problems with the system and will give false readings.  Well, with the recent Flashback Trojan, I'm wondering what y'all think about downloading an anti-virus program.......do you think it's a good idea, or not?  Thanks so much and God bless!!
  Wesley

  Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
  The most effective defense against malware is your own intelligence. All known malware that affects an up-to-date Mac OS system takes the form of trojans that can only operate if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
  “Cracked” versions of commercial software downloaded from a bittorrent are likely to be infected.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  Disable Java (not JavaScript) in your web browser(s). Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in Mac OS X 10.5.8 or earlier, because Java in those versions has bugs that make it unsafe to use on the Internet. Those bugs will probably never be fixed.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use ClamXav — nothing else.

• To DNG or Not to DNG... That is the question

  I was wondering what light room users think of letting LR 2.2 convert files into DNG on import.
  I had heard that this was a good idea as any adjustments made to the DNGs in LR2 ( PS CS4 also?) are added to the DNG file and this way there is no side car data file to possibly become misplaced.
  I also was told that the DNG file would be on the average 20% smaller than a comparable RAW image file and thus would help conserve storage space.
  Any opinions?

  That's a familiar subject line. ;-)
  There is lots of software, other than Adobe's own, that can read and
  write to the DNG format, but not ALL software. Manufacturer's own
  software, particularly, isn't usually compatible with DNG. Only you
  know whether you need to use that software.
  Whilst other software can't read the Develop changes you've made, the
  same could be said of a standard raw file, so that argument doesn't
  really work, sorry. On the other hand, the other software CAN see the
  updated preview complete with your Develop changes, which can't be said
  of proprietary raw files.
  I was fairly anti-DNG for a long time, but having researched carefully,
  I have switched my workflow for DNG for the space savings, updated
  previews and embedded xmp.
  That said, I also keep my first backup as a proprietary raw file, with
  the same name as my working DNG (by importing first and then converting
  later), in a mirrored file structure, and it works a treat. I've never
  had to go back to the proprietary raw files yet, but I am always overly
  cautious. Since I wrote the article with the above subject line, a
  number of people have asked for my workflow, so it's on my blog:
  http://www.lightroomqueen.com/blog/2009/02/15/a-dng-workflow/
  I leave 'autowrite to xmp' turned off, because there's no point
  constantly writing back to the files, but when I finish processing a
  batch of files, I do use Metadata menu > Update DNG Previews & Metadata
  to update the DNG files.
  The DNG format now includes a verification hash. Not many programs can
  make use of it yet, but once they do, it'll give early warning if a file
  becomes corrupted, so you can retrieve a backup before it's overwritten.
  That is a major bonus for DNG.
  As with anything, there are pros and cons, so it's down to you to decide
  which are more important to you.
  Victoria

• To TAG or not To TAG ....that is the question....

  I've read all the 4400 series docs about five times over and some suggest to use untagged VLANs for the Management interface and others say to use tagged interfaces. Can anyone set me straight on the preferred method ???? Thanks!!!!

  There is no preferred method. It all comes back to the same point: "management interface" is not "management" in the sense of you managing the controller, but "management" in the sense of the controller managing the network.
  Basically this means that your management interface should not be isolated in a "management VLAN" out of reach apart from Network admin machines, but should be reacheable from the network. Your APs will need it to discover the controller.
  So some people say "therefore, leave it untagged", while some others say "no problem if you tag, as anyway you would tag most of your subnets, as long as all devices can be routed to it".
  hth
  Jerome

• Verify the database fails in the SYS and SYSTEM schemas

  Hi all,
  When we execute a verify: brconnect -u / -c -f stats -v cascade -t all -p 8
  we obtain some errors from some tables (NOT PARTITIONED) of SYS and SYSTEM schemas:
  BR0996W Table/index SYS.UTL_RECOMP_SORTED does not exist anymore
  and
  BR0301E SQL error -14508 at location stats_tab_validate-2
  ORA-14508: specified VALIDATE INTO table not found
  BR0893E Validating structure failed for table/cluster SYSTEM.LOGMNR_TABPART$
  but the tables exists.
  any ideas??
  Thanks in advance

  HI,
  try this:
  sqlplus system/password
  @$ORACLE_HOME/rdbms/admin/utlvalid.sql       
  grant all on invalid_rows to public;
  exit
  sqlplus "/ as sysdba"
  create synonym ops$ora<sid>.index_stats for sys.sap_index_stats; 
  exit
  sqlplus system/password
  create synonym ops$<sid>adm.invalid_rows for system.invalid_rows;
  Thanks

• When creating application: SYS and SYSTEM users may not create applications

  Dear all,
  When i am performing the below mentioned operations
  1) Importing Application
  2) Create Application
  3) Create from Spreadsheet
  4) Demonstration Application
  am getting this error message
  "SYS and SYSTEM users may not create applications"
  Please do the needfull

  Create application using SYS or SYSTEM user is not good idea. Your objects will be created in SYSTEM tablespace, it's fatal option. Create new Workspace and create there your app.

• Starting up a database when I forgot the sys and system password

  Hi,
  I want to startup up a database from Oracle Entreprise Manager. I forgot the sys and system password.
  If I give the command:
  orapwd file=orapwSDB01 password=test entries=100
  can I give the password "test" to sys and then to connect with sys with password test as sysdba, and then to startup the database? Are any problems with this command?
  Thank you,
  Mihaela

  Hi,
  I have not done this myself, but YES, according to the documentation, thats correct.
  ORAPWD FILE=mypwdfile PASSWORD=syspass ENTRIES=10
  will set the password of SYS to syspass. And you can use the same further.
  But here, you should be in oracle user or the user which owns the Oracle installation.
  Also, OS authentication is always supperior than any other authentication.
  Regards

• Lost of sys and system password

  Hello,
  What are the options when the sys and system passwords to 9206 on Windows 2000 are not known. I was given the database but no one knows the passwords to sys and system. The Windows o/s account does belong to the DBA group but I am not able to log on as '/ as sysdba'. Error saids insufficient privilege even though the o/s acct belongs to group DBA. What can be done to gain access so sys and system passwords can be reset. Thank you in advance.

  Hi, please review the Note:77665.1 into metalink site.
  Regards.

• Lock sys and system user

  Dear all,
  We have 10.2.0.4 on solaris 10.
  Currently we had I.T audit on our environment and auditor commented to lock sys and system user and use one user with any name (not oracle generic name) and grant him sys and system privilege and to use this user for admin purposes. is this right ?.. is this recommended ?
  Please advise

  Hello,
  I think it's not a right way to lock SYS.
  More over, if you connect as OS Administrator (root for Unix/linux) on the server and use
  OS Authentification then, you can connect on SYS AS SYSDBA anyway.
  So, in fact, it's not possible to lock out SYS even if you execute the following:
  ALTER USER SYS ACCOUNT LOCK;If you want to prevent access on SYS you should set a complex and long password and
  apply the same rule for the Administrator / root OS user.
  These passwords must be known by very few and well - identified people and written nowhere
  (in any files or scripts).
  More over, you should limit DBA roles to SYS and SYSTEM and remove this powerful Role
  from other Oracle Users.
  Then, you may enable session AUDIT so as to control the connexion on the database and,
  create a LOGON TRIGGER so as to check the login, workstation, program of the end users
  who connect to the database.
  On 10g, EM DBConsole shows an alert everytime a User is connected with SYS.
  Please, find enclosed, an interesting document written by Pete Finigan on this topic:
  http://www.insight.co.uk/files/presentations/Hacking%20and%20securing%20Oracle.pdf
  Hope this help.
  Best regards,
  Jean-Valentin

• Profiles apply to SYS and SYSTEM users

  dear all.
  is possible configure the security policies (profiles), i mean password length, history, failed login attempts for SYS and SYSTEM users in oracle 10g.
  What will happen if both users blocked ?? the service would be affected ???
  what would you recommend me ?
  thanks for your answers and apologize my english, is not very well.

  Check here:
  SYS account cannot be locked out by setting the failed_login_attempts limit in the profile.
  is it possible to lock out SYS using FAILED_LOGIN_ATTEMPTS in a profile
  http://www.petefinnigan.com/ramblings/failed_login_attempts.htm
  -Anantha

• Restrication on using sys and system tables.

  I have created the user in oracle 10g, granted resource , connect , select, insert, and update any table
  I would like to restrict the user from modifying sys and system tables.
  I know , it is possible using triggers. but it will create perofrmance issues
  Any other solution , please let me know

  user8680248 wrote:
  user wants this priv ( user is super user ) but user is not DBAYou say the user is not a "super user" and is not a DBA.
  Then he doesn't get what he "wants", he gets the minimum privs required to do his job. And it's the job of the DBA (presumably you) to enforce that policy. The technical issues are simple. The political ones are often difficult, but as a DBA that, too, is part of your job. It's YOUR job that will be on the line if you put the company's data at risk by granting someone excessive privileges on the database..
  Edited by: EdStevens on Feb 8, 2010 6:33 AM

• Encrypt sys and system tables

  How to encrypt/restrict sys and system tables so that no user can view them.
  On one of the database few user are having dba access.
  Is it possible to restrict their access on the dictionary tables.

  I have not heard of anyone encrypting the sys and system schemas, and suspect it is not possible due to the number of tools that need access to these tables and views (OEM, RMAN etc)
  Maybe the application needs to run "create user" or "select * from v$session", but this does not mean that it needs DBA role. Turn on tracing or auditing to find out what priveleges the application actually needs, then grant minimum priveleges and revoke DBA.
  In the worst case if the application won't start unless it has been granted a role called "DBA" then you may be able to revoke all priveleges from the DBA role and then grant them via a custom role called "MY_DBA", but there is potential for this to go very wrong, so test in a DEV environment first, and I doubt Oracle Support would approve.
  Or you could use Database Vault ....

• Difference between SYS and SYSTEM user

  Hi,
  Well, one of my colleagues have asked me the difference between SYS and SYSTEM user .. Normally these are the users which will be under the monitoring of the DBA .. So, how could I know the difference between these two users ..
  Please assist me
  Regards

  SYS is the owner of the database and the owner of the data dictionary.
  The objects belonging to SYS cannot be exported. But SYS has the SYSDBA privilege which SYSTEM doesn't.
  SYSTEM is a privileged administration user, and typically owns Oracle provided tables other than the dictionary.
  SYSDBA is not a role, it is a privilege. You'll find it in system_privilege_map, not in dba_roles.