URL Encryption

Similar Messages

• Video URL encryption

  Hi,
  I am doing the implementation of video protection in my project. I am using Flash Media Interactive Server 4.5.  I am wanted to understand if there is any way we can encrypt the Video (RTMP / HTTP) url in case of Steaming and HTML5 players?
  Basically, I referred to one Technical doc from Adobe: http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashmediaserver/pdfs /protecting_video_fms.pdf
  as per Pg 7, this can be done using server side scription. Is there any detailed description, reference APIs for the same?
  thanks,
  Komal

  Hi,
  I am doing the implementation of video protection in my project. I am using Flash Media Interactive Server 4.5.  I am wanted to understand if there is any way we can encrypt the Video (RTMP / HTTP) url in case of Steaming and HTML5 players?
  Basically, I referred to one Technical doc from Adobe: http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashmediaserver/pdfs /protecting_video_fms.pdf
  as per Pg 7, this can be done using server side scription. Is there any detailed description, reference APIs for the same?
  thanks,
  Komal

• SSL and URLs

  If i am using SSL to keep data secure in transmission is the URL encrypted because other wise wouldn't a hacker beable to get the session id from the URL and spoof as the client.
  Thanks for any help

  The session id isn't in the url. I don't think you have a problem.

• OBIEE 11g - Integrating via external corporate website to OBIEE

  Hi all -
  Unusual challenge, our we offer a hosted application (SaaS) where our users are authenticated on our application. Recently, we've invested in OBIEE 11g and have successfully deployed recommended Oracle Enterprise Deployment. We have a custom security solution (user permissions in Oracle tables, not LDAP), and have not implemented Oracle Identity Mgmt and don't plan to.
  We would like to use GoURL / Action Framework to access Report content, dashboard content, content as port lets embedded in an app dashboard to an iFrame.
  My Question: can we configure OBIEE to accept just "username" without password in a trusted login scenario? we are trying not to expose password in URL (encrypted or clear text).
  We done an exhaustive search to review GoUrl, web service / soap calls, reviewing impersonator passcode techniques (everyone having same pad in initialization block), etc.
  Thank you in advance for your most needed responses,

  There is a good post that lead me on the way to solving this problem here:
  http://obiee101.blogspot.com/2010/07/obiee-remove-whole-portalbanner.html
  The code he posts won't work for 11g, but it's close.
  Paste this code into a text box on each page of your dashboard, make sure you check the box that says "contains HTML"
  <script type="text/javascript">
  var tds = document.getElementsByTagName('table');
  for (var td = 0; td < tds.length; td++) {
  if (tds[td].className != 'HeaderTopBar' && tds[td].className != 'HeaderSecondBar' ) {
  continue;
  if (tds[td].className == 'HeaderTopBar') {
  //alert (tds[td].className);
  var x = tds[td].parentNode;
  //alert (x.className);
  x.removeChild(tds[td]);}
  if (tds[td].className == 'HeaderSecondBar') {
  //alert (tds[td].className);
  var x = tds[td].parentNode;
  //alert (x.className);
  x.removeChild(tds[td]);}
  </script>

• How to access servlet objects from OA page controller class

  Hi everybody!
  I need to put some value into servlet attribute in OA page controller class to read it from ordinary servlet later.
  How can i do it? Is it possible to get HttpServletRequest and HttpServletResponse objects from page controller?
  Thank you.

  I have a servlet which receives uploaded files with special attributes (something like tags for file) using POST request.
  This attributes created when user open page in standard OAF page via page controller.
  On client side I have an applet which uploads user selected file to my servlet and passes this file attributes.
  Now this attributes passes as plain text. I want to encrypt this attributes to hide attribute details from user. To do this I need to share some information between OAF page and my servlet.
  I know that OAF supports URL encryption, but to decrypt it I should use standard pageContext object.
  But in ordinary servlet I can't use it.

• BadPaddingException: Given final block not properly padded

  Hi,
  Can someone please tell me what's going on??
  When I call c.doFinal(byte[]) and the length of my byte array is 512, I get a BadPaddingException. However, when I make the same call and my byte array's length is 504, everything is fine. Both are multiples of 8, so I don't understand why this is happening. Thanks in advance!!!
  Colin

  here's my jsp code:
  <%!
  public class Crypto{
  Cipher ecipher;
  Cipher dcipher;
  public Crypto(SecretKey key) throws SecurityException {
  try {
  ecipher = Cipher.getInstance("DES");
  dcipher = Cipher.getInstance("DES");
  ecipher.init(Cipher.ENCRYPT_MODE, key);
  dcipher.init(Cipher.DECRYPT_MODE, key);
  } catch (javax.crypto.NoSuchPaddingException e) {
  } catch (java.security.NoSuchAlgorithmException e) {
  } catch (java.security.InvalidKeyException e) {
  public String encrypt(String str) {
  try {
  // Encode the string into bytes using utf-8
  byte[] utf8 = str.getBytes("UTF8");
  // Encrypt
  byte[] enc = ecipher.doFinal(utf8);
  // Encode bytes to base64 to get a string
  return new sun.misc.BASE64Encoder().encode(enc);
  } catch (javax.crypto.BadPaddingException e) {
  } catch (IllegalBlockSizeException e) {
  } catch (UnsupportedEncodingException e) {
  } catch (java.io.IOException e) {
  return null;
  public String decrypt(String str) {
  try {
  // Decode base64 to get bytes
  byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);
  // Decrypt
  byte[] utf8 = dcipher.doFinal(dec);
  // Decode using utf-8
  return new String(utf8, "UTF8");
  } catch (javax.crypto.BadPaddingException e) {
  System.out.println("error 1"+e);
  } catch (IllegalBlockSizeException e) {
  System.out.println("error 2");
  } catch (UnsupportedEncodingException e) {
  System.out.println("error 3");
  } catch (java.io.IOException e) {
  System.out.println("error 4");
  return null;
  }// end of class crypto
  %>
  <body>
  <%
  try{
  SecretKey key = KeyGenerator.getInstance("DES").generateKey();
  // Create encrypter/decrypter class
  Crypto crypto = new Crypto(key);
  // Decrypt
  System.out.println("@@@@@ pwd from dbase = "+pwd);
  String decrypted = crypto.decrypt(pwd);
  String encrypted = crypto.encrypt(password);
  System.out.println("@@@@@ pwd from url encrypted = "+encrypted);
  System.out.println("###### decrypted = "+decrypted);
  }catch(Exception e){}
  %>
  </body>

• Running Forms Https (forms 10g with A/S and webcache)

  I'm trying to implement Credit Card processing for applications in our agency. The environment is in the subject. There will be two types of applications that need to process credit cards:
  1. Users coming in through our external website running java applications.
  2. Internal users running Oracle Forms (against another App Svr deployment)
  I'll be using a payment gateway accessible via a web service to authorize the card. I can talk to this via a java w/s client proxy w/o a problem. Here's the problem though:
  I've been told that when forms are running https, ALL forms running on the application server, regardless of application will now be running https. I'd like the Credit Card entry Oracle Form to be running https, but don't see how this affects all the other forms in our environment (hundreds of them). Can't one screen (http) call a CC screen (this one only running https), and they can enter the card into that? From the reading I've done this should be possible.
  I'm not the Application Server admin. This is what I've been told, and I cannot configure the environment. I've been told that Forms will now have to call a JSP CC entry screen that I write and that screen would now invoke the web service. Of course, my concern is that the oracle form and the jsp screen are now asynchronous, and one won't be able to tell when the other is done (unless I poll on the form, or go the route of PJCs and javascript - I've seen an article for this already --- HOWEVER, this was shot down as well.)
  My question boils down to:
  1. Can I run all my other forms http, and then this CC screen https (via a web.show_document), and then it can hit the web service directly via a java imported client proxy rather than me writing extra methods, and another screen/conf page that's specific to forms users?
  [I need to run forms https since the default 40-bit encryption is not enough.]
  Here are my related questions/threads to this one:
  Forms Client Side Encryption and invoking external Secure Service via URL
  Forms Client Side Encryption and invoking external Secure Service via URL
  encrypting creditcard for "in-transit"
  encrypting creditcard for "in-transit"
  loadjava sunrsasign.jar
  loadjava sunrsasign.jar
  As always, help is very much appreciated, and a very big thannks for any answers/suggestions.
  Eric

  Eric,
  You may want to ask your question in the App Server forum.

• How to encrypt UserID and Password in HTTP url

  Hello experts,
       We want to encrypt UserID and Password which has used in http URL in SAP PI 7.1.
  As we have used SOAP adapter with Transport Protocol HTTP for sender server.
  Kindly help us on it.
  Regards,
  Poonam.

  Hi,
  please go through below blog,
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b04408cc-f10e-2c10-b5b7-af11026b2393?QuickLink=index&overridelayout=true
  please go through below threads,
  SOAP Envelope with user id password
  Soap ---to ----file scenario
  regards,
  ganesh.

• Encrypt the username and Password in URL

  Hi
  My requirement is to encrypt the Password in the URL.
  http://Server_name/analytics/saw.dll?NQUser=Administrator&NQPassword=*Administrator*.
  Here My URL should look like this.
  http://Server_name/analytics/saw.dll?NQUser=Administrator&NQPassword=*encrypted password*.

  Hi in what situation you need this?, actually this is not a good practice to expose the user name and password over the URL. Better to force the user to login and then continue.
  If the user already logged in and while clicking you need to do a navigation then no need of passing username or password.
  Edited by: Ugser on Sep 7, 2009 8:08 AM

• How to encrypt Password while calling Portal URL from Abap

  Hi all,
  My requirement is to call portal from R/3 4.6C.  As part of it I'm calling Portal URL along with user id & Password by using the FM CALL_BROWSER. The problem here is User ID & Password are visible everyone in the URL.
  Is there any way that I can encrypt sothat it doesn't become a security issue?
  I really appreaciate for your help.
  Thanks
  Seshu

  can you please mention the abap code  by which you are sending the username and password to a portal via url.....
  are you able to log on to the portal...please share your code ......
  Edited by: Ashutosh Shukla on Apr 18, 2008 9:17 AM

• URL address is not encrypted

  Hi,
  I am taking an online class. I need to asses this URL address and I dont know why I am not able to connect now, it is telling me there is an error. That the connection is not encrypted? Not sure what that means. However have been able to connect to this link since
  Monday 7/11 till now! The only thing I did this morning was clear my history and cookies. I am not sure if this had anything to do with this. Please help me correct this problem, for I need to be able to access this link for my class. Thanks

  Yes. It works for me as well. So it looks that they corrected the problem.
  I see a very large image of 3,564.59 KB (3,650,138 bytes) that is scaled down 2,048px × 3,072px (scaled to 65px × 75px).
  That is usually not a good idea as that requires to download that image.<br />
  Firefox is also not very good at scaling down images, but with such a large reduction that probably wouldn't matter.

• How to encrypt the document number in URL

  Hi All,
  I am working on a project where I need to send a URL to the user in his email, the URL contains the document number in it. when the user clicks on that URL a webdynpro application will open with data prepopulated based on the document number, now what I want his how can encrypt the document number in the URL when sending it to the user. so basically the user who gets the URL should not be able to see the document number in the URL.
  Please advise.
  Thanks,
  Rajat Garg

  Thanks again for the reply and now I am able to encrypt and decrypt my document number... one more question please : will it be possible to chnage the whole URL to some basic message type URL for eg:
  let's say our URL is "http://testdoc/post?mssg" and I want to change this to as "OPEN DOCUMENT" and when user clicks on ""OPEN DOCUMENT" it will still direct to the original destination that is our original URL.
  I have been told that we don;t want to maintain custom table until and unless it's our last choice.
  Thanks,
  Rajat

• HTTP Streaming + AES Encryption : Put key URL for segment local to device?

  I am creating an HTTP live stream, and I would like to encrypt the segments using
  AES 128 encryption. The apple docs describe one encryption method: storing the 16 byte key on disk, and providing the URL to this file in the index file.
  Can I make this URL local to the device, of the form file:///PATH/TO/KEY ?
  Rationale: I am using in app purchase to allow users to purchase access to my video content. I would like to provide the key when the user purchases the content. Then I would store the key to disk on the device. I can't store the key on the server because it does not support https.
  Thanks!

  I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.

• Encrypting authentication details - HTTP URL Connection

  Hi,
  We have a Java application which retreives HTML content from intranet page using HTTPURLConnection, displays the portion of the content. The site to which we are connecting using HTTPURLConnection requires baisc user authentication and we are passing the user name and passowrd using BASE 64 encoding in the request header. Now this intranet site is going to be hosted externally. Just wanted to know the different options on how to send the user name and password in ecnrypted format.Is the recommendation is just to enable HTTPS for that site and pass user name and password using HTTP URL Connection API? Or are there any other options? Appreciate any inputs.
  Thanks.

  http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html

• In Go URL how to hide or mask or encrypt password?

  Hi Experts,
  I need to see my OBIEE 11g dashboards and Reports from external application. For that I am passing the Variable through GO URL.
  The Syntax of the URL is like below :
  http://localhost:9704/analytics/saw.dll?Dashboard&NQUser=XXXXX&NQPassword=XXXXXX&PortalPath=XXXXX
  But my requirement is No one should see the Username and Password in the URL (i.e., I want to hide the login details). Not quite sure about how to acheive the same. Could you guys please help me out.
  Any help/suggestions is much appreciated.
  Regards,
  Siva Prasad

  Hi Srini,
  I tried the post method in the external application(Oracle Apex). There inside IFRAME i has to see OBIEE 11g reports.
  Initially it was like this and it is working fine.
  <iframe src="http://localhost:9704/analytics/saw.dll?Dashboard&NQUser=XXXXXX&NQPassword=XXXXX&PortalPath=/shared/XXXXX/XXXXX" width="1325" height="600" scrolling="yes"></iframe>
  Then I changed to
  <IFRAME width="1325" height="600" scrolling="yes">
  <form name="myForm" action="http://localhost:9704/analytics/saw.dll?Portal" method="post">
  <input type="hidden" name="NQuser" value="XXXXX" >
  <input type="hidden" name="NQpassword" value="XXXXX" >
  <input type="hidden" name="Path" value="/shared/XXXXX/XXXXX" >
  <input type="hidden" name="Action" value="Navigate" >
  <input type="submit" value="BI Report" />
  </form>
  </IFRAME>
  But i couldnt able to see anything. Could you please help?
  Thanks,
  Siva Prasad