Tools for Security Audit of Java Applets in a Website

Similar Messages

• Tools and sdk to make java applet for JCOP31 ?

  Dear friend,
  we have a contactless chip card with NXP contactless chip 36 Kb and 72 Kb...
  it has JCOP31 (java card open platform) inside the contactless chip..
  and we have to build the java applet to be inserted into the JCOP31 chip ...
  my questions :
  ========
  1. can we use eclipse to make java applet for this purpose ?
  2. what other tools and SDK do we need to make this Java applet and insert it into the
  JCOP31 chip ?
  3. How can we get the tools ? do you provide it ?
  4. do you know any company that can make this type of java applet for JCOP 31 ?
  5. do you know any company that provide training to make this java applet for jcop31 ?
  Thank you,
  Hendy
  IT Manager
  PT. Jaya Smart Technology
  Jalan Kapuk Kamal No. 45
  Jakarta
  Mobile : 62 815 840 528 63

  4. Anyone can write you an applet. The specification is open. You could e.g. contact IBM or NXP directly.
  5. NXP offers twice a year a training in Europe and once a yeat in Asia. Contact the customer support at NXP. Also there is a workshop about the 'Art of Java Card Programming' at the smart-university.net (17th Sept., Sophia Antipolis, France). But I think this is for advanced Java Card programmers.

• A tool for editing javadoc in .java files

  Hi
  i am looking for a tool that can be use for editing the javadoc in the .java files. it should edit constructors, methods and fields.
  if you know such tool please send me a link.
  Regards
  y.l.

  We list some standalone solutions on the Javadoc FAQ.
  (I have not tried any of these)
  http://java.sun.com/j2se/javadoc/faq/index.html#G
  - Utility for writing doc comments: Doc+.
  - Tool that simplifies the process of writing doc comments: DocWiz.
  - Tool for generating formated Javadoc comments: CommentMaster.
  - Tool for editing Javadoc comments using a word processor-like view: XMLmind XML Editor.
  -Doug Kramer
  Javadoc team

• Safari for Mac, webpage with Java applet, drag and drop area not working.

  At my company, we have a web page that our users access to submit media files, (QuickTime, Audio, images...), for transcoding for delivery.  The web page consists of a java applet, with an area that our users drag and drop media file into.
  After updating to Safari 5.1.2, the applet will not work anymore. Instead, the browser will "open" the quicktime and play it, instead of allowing the Java Applet to do it's job.
  CAN I TURN THIS FUNCTIONALITY OFF??
  I read that Safari 5.1.2, (when it was initially released), broke something with the THEN current version of Java, and everyone was awaiting the latest update (build 1.6.0_29) to fix it. Unfortunately, this update did not fix my issue with the functionality of dragging and dropping media files into the web page.
  It seems to me, as if, there is an over-arching functionality setting (or something) that needs to be either turned off, or in some other way DE-prioritized.
  Anyone have any ideas?
  Safari 5.1.2
  MacOS 10.6.8
  MacBook Pro

  Thanks for quick reply and help. I am able to drag multiple files but this is giving problem in case of filename with spaces like "abc def.png". Can you please put some thoughts on this.
  DataFlavor uriListFlavor = new DataFlavor("text/uri-list;class=java.lang.String");
                 Reader in = (Reader)t.getTransferData(DataFlavor.plainTextFlavor);
                 BufferedReader br = new BufferedReader(in);
                 String uriStr;
                 while ((uriStr = br.readLine()) != null)
                     URL url = new URL(uriStr);
                     String category = GalleryUtils.contentsPanel.getCurrentCategoryPath();
                     GalleryUtils.generateILPFromFile(new File(url.getFile()), category);
                 }Thanks
  Kanni

• Security manager & mention "Java Applet Window"

  A simple program that displays a frame with one button in it.
  The frame displays, no problem.
  When a security manager is added "System.setSecurityManager(new SecurityManager());"
  and the program is run again a "status bar" is added at the bottom of the frame
  mentioning "Java Applet Window".
  Why is that, and can it be suppressed ? (I am working in JDK 1.4)
  Any tip greatly appreciated

  I was dealing with this myself and just discovered that the adding the following line to my security policy removed the message:
  permission java.awt.AWTPermission "showWindowWithoutWarningBanner";

• Tools for extracting strings from java code for internationalization

  For legacy code with lots and lots of strings what method is typically used to extract strings for internationalization?
  Am I right in thinking you couldnt simply grep for strings, it could get pretty complitcated, especially with escape characters, escaped quotes etc.,
  -SK

  When dealing with legacy code, it is nice to have an application that queries you as it extracts the strings. You have a choice whether to accept the string as a localizable entity or not.
  There are several tools that do this...including some IDEs like JBuilder. Although it isn't a fully supported or robust tool, Sun has a utility for extracting strings in Java source files:
  http://java.sun.com/products/jilkit/.
  Regards,
  John O'Conner

• Oracle DBA Tools for NW Systems ( ABAP +JAVA)

  Hi,
  We have installed PI/XI ( ABAP + JAVA). i have the following questions.
  1)Like SE11, is any tool SAP supplies to maintain JAVA dictionary objects( belonging to SAPSR3DB)?.
  2)Like ST05->Analysis of SQL statement, is any tool SAP supplies to get the explain plan for SQL statements related to SAPSR3DB tables?.
  3)Apart from BR* tools and DBACOCKPIT, what are the SAP tools available for administrate Java(Oracle) dictionary objects?.
  Thanks in advance.
  Thanks.
  Raj.

  Hello Raj,
  1) No there isn't any tool like that as far as i know
  2) You can perform a SQL trace with the OpenSQL monitor or the Wily Interscope agent (which i would recommend). After you have identified the expensive SQL statements you can perform an EXPLAIN PLAN in SQL*Plus or Oracle SQL Developer (free tool). The Java stack is not so comfortable as the ABAP stack in this area.
  -> http://help.sap.com/saphelp_nw04/helpdata/en/24/d4ff0eccf33a49a5c26a280a119b14/content.htm
  3) I don't know any ... in a Java Stack you need to know what you are doing.
  Regards
  Stefan

• Tools for GUI development in Java

  hi,
  Can anybody tell me which r the tools available for GUI development using java?which could be the best

  Take care not to produce much source code! Use a suitable framework rather than a tool and save maintainability. E.g. http://www.must.de/cameleon.html

• Voiceover tool doesnt rcognize text on java applet

  Voiceover tool doesnt recognize the texts on the java applet.

  absolutely now way of doing this straight forwardly. But some workouts could be :
  1. whatever text u want to display, try displaying it inside a textarea (and not simply as label). This will automatically adjust the textarea as well as the text inside it on resizing.
  2. develop a custom class (say DynamicLabel) which will keep track of the resizing event of the applet or frame and adjust the text in multiple lines accordingly. But then u have to write custom code to adjust the text in multiple lines.
  regards

• Tool for Reversing (.class to .java classes)

  Can somebody tell me about an open soft tool for reverting code.
  Thanks.
  FS

  java decompiler. Try google. There are dozens of them.

• How to run a Java applet on a website.

  Hi,
  I am trying to run the code below [DrawLines.java|http://www.dgp.toronto.edu/~mjmcguff/learn/java/01-drawingLines/]
  import java.applet.*;
  import java.awt.*;
  public class DrawingLines extends Applet {
     int width, height;
     public void init() {
        width = getSize().width;
        height = getSize().height;
        setBackground( Color.black );
     public void paint( Graphics g ) {
        g.setColor( Color.green );
        for ( int i = 0; i < 10; ++i ) {
           g.drawLine( width, height, i * width / 10, 0 );
  on my website . I compiled it using JDK1.6.0_21 on Windows 7 and generated DrawingLines.class (My site is hosted on a linux server, is this an issue since it was compiled on Windows?)
  I created a html file:
  <applet width=300 height=300 code="/shanegibney/classes/DrawingLines.class"> </applet>Then I created a new folder called 'classes' in my public directory.
  I get the following error:
  java.lang.NoClassDefFoundError: /shanegibney/classes/DrawingLines (wrong name: DrawingLines)
       at java.lang.ClassLoader.defineClass1(Native Method)
       at java.lang.ClassLoader.defineClassCond(Unknown Source)
       at java.lang.ClassLoader.defineClass(Unknown Source)
       at java.security.SecureClassLoader.defineClass(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Exception: java.lang.NoClassDefFoundError: /shanegibney/classes/DrawingLines (wrong name: DrawingLines)I'm sure adding a java applet is very common. Does anyone have any ideas why this isn't working? It can be seen here .
  Any help would be greatly appreciated,
  Thanks,
  Shane
  Edited by: ofey on Jul 9, 2010 4:21 PM

  I believe it's interpreting some of the code attribute as a path. Try this:
  <applet width=300 height=300 codebase="/shanegibney/classes/" code="DrawingLines"> </applet>

• Java Applet Disappears From Website

  When I add a java applet to my web site on .Mac (inside the proper folder on my iDisk), it will run for awhile, but then will disappear. What is happening?

  I created an applet from within a mathematics program called GeoGebra. I stored it on my iDisk in a subfolder in the /Web/Sites folder. I know it is in the right place because it runs fine on my website for 1 or 2 times, but then it will not run and I get an error message that the file can not be found. When I go to my iDisk and look in the folder where it was stored, it is no longer there. I know very little about html programming and java, and I don't understand where it goes. Is it because .Mac doesn't recognize java?

• Iweb SEO TOOL for iweb09 any help please Cannot locate my websites???

  Hi I have just downloaded iweb SEO tool which sounded so good, but when you start you have to locate my website (which was created on iweb 09) and I cannot find it. It doesn't ask for your web address just comes up with OPEN FILE and you have to locate it manually but I can't find it anywhere? Any ideas as to what it would be stored under on my mac? Has anyone had any succes with this programme?

  In +iWeb SEO Tool+, click on the Help menu and choose +iWeb SEO Tool Help+ — it should open a PDF document in Preview. In page 6 of that Help document, it says:
  Just open the program and add your iWeb based websites by clicking the ‘Open Website’ button. This option will let you edit a local website folder. That is, a website that you have created in iWeb and selected ‘Publish to Folder’ from the File menu.
  If you've published your site to MobileMe's iDisk, then see further down that same p.6: +"Editing a Website on your iDisk"+

• Security audit log for the last 30 days?

  Hi,
  My current settings for the security audit log is 20 MB (by default).  I dont want to control it with file size limitation, but by the no. of days the audit is recorded (max 30 days).
  What are the parameters that I would need to maintain?
  Or any additinal config is required?
  Thanks,
  Abdul

  Hi,
  My current configuration is like this:
  Name                Description                                           Current value                                            System default value
  FN_AUDIT     Name of security audit file          audit_++++++++
  DIR_AUDIT     Directory for security audit files     /usr/sap/GSP/DVEBMGS00/log     /usr/sap/GSP/D00/log
  rsau/enable     Enable Security Audit          0
  rsau/max_diskspace/local     Maximum space for security audit file     300M     20M
  rsau/max_diskspace/per_day     Maximum size of all security audit files per day          0
  rsau/max_diskspace/per_file     Maximum size of one single security audit file          0
  rsau/selection_slots     Number of selection slots for security audit          2
  rsau/user_selection     Defines the user selection method used inside kernel functions          0
  I have just activated the audit, and in just 30 minutes, I can see that the file is about 45MB.  If this is the growth rate, the 300MB allocated for audit will completely used in just a day.
  My requirement is - I want to track users and their activities for the last 30 days (or 45 days).  No log should be overwritten unless it is atleast 30 days old.
  In SM20, when I give selection from 1.1.10 to 31.1.10, it should show me all the activities during this period, without any breaks.
  Other doubts: Do I have to start auditing manually every day?  Or will it keep writing logs until it reaches 300 MB which can spread upto multiple days.
  Regards
  Abdul
  Edited by: Abdul Rahim Shaik on Feb 4, 2010 11:17 AM

• Security audit log (SM20N)

  hi,
  has anyone turned on the audit log in your system ?
  please share with me how you make use of this log and what to be monitored.
  comment and advice will be highly appreciated.
  regards,
  kent

  I have used and setup the audit log for a several years already and used it on several different release levels.
  I can recommend using it and getting to know how to use it. To my knowledge it is the intended tool for security monitoring.
  What to monitor depends on the system and events which your processes would not expect:
  - Do you want users creating / changing authorizations in production?
  - Use of specific tcodes, rfcs or reports (whether successful or not) which you have not restricted yet or perhaps cannot restrict due to some reason.
  - Patterns which might form and otherwise go undetected.
  - In the event of a breach of security, it is useful for reconstructing events (or other users from the same terminal).
  Useful is also the dynamic profiles, which can be used to u201Ctrouble shootu201D or add more information for specific users (like auditors) or events as required without having to restart the system.
  I recommend that you have a procedure in place how to deal with analyzing these types of logs and how to react to them! For example if someone logs on at 3 a.m. in the morning and posts some vendor invoices, then they might just be in a different time zone or a job step is running under their user ID to post the records. You should not fire the user because of that...
  Protecting the logs and handling archiving and deleting of them is also a topic you should discuss with your u201Cbasisu201D team.
  Cheers,
  Julius