WEB CLIP SECURITY THREAT???

My Dashboard was not active, wherein I have 3 web clips stored. Suddenly my system started to hang, and I force restarted the Dock. When I did I regained control of the system. And I checked the console and found the following disturbing message. Is this a security threat with web clips and how could it activate without my opening the Dashboard?
Jul 25 12:43:47 G5 [0x0-0xcc0cc].com.apple.dock[0]: Unsafe JavaScript attempt to access frame with URL http://www.kbb.com/KBB/UsedCars/PricingReport.aspx?YearId=2004&Mileage=13200&Veh icleClass=UsedCar&ManufacturerId=15&ModelId=111&PriceType=Trade-In&VehicleId=254 7&SelectionHistory=2547%7c25436%7c16001%7c0%7c0%7c100169%7ctrue%7c100187%7ctrue% 7c100215%7ctrue%7c100243%7ctrue%7c100292%7ctrue%7c100425%7ctrue%7c100418%7ctrue& Condition=Excellent&QuizConditions= from frame with URL http://usedcars.kbb.com/inc/cookiesync.jsp?ATCID=undefined&DK=kbb.com. Domains, protocols and ports must match.
Also, how in the heck do you delete web clips from the dashboard. Nothing seems to work except turning OFF webclips entirely.
Thanks
Jeff

I say NO!
I say that is Kelly Blue Book's website you are attempting to clip, that site has problems on a good day and rarely works
at all with Safari. Try it with Firefox 3.1 and I bet it works just fine.
Could be your version of Safari/Javascript, but it usually bombs when it pops up with your zip code. Delete the clip
in Manage widgets and it should be fine.
The latest downloadable version of Safari from Apple's download is 3.1.2, when you download that update it it says
Safari311UpdLeo.dmg when it SHOULD be Safari312UpdLeo.dmg, but it doesn't matter I cannot get it to update my
Safari Version 3.0.4 (5523.15) (just did it 5 minutes ago).
I'm finding I use FireFox 3.1 more and more since every time I pick up Safari it doesn't display a site or is completely
broken. If you only have one browser installed, well, you are missing a whole lot of what you visit.

Similar Messages

  • XML Web Services Security Threats

    found some interesting articles and presentations on the topic
    for all interested
    http://www.datapower.com/m/lw1.html
    hope this will be found useful,
    Joe

    http://edocs.bea.com/wls/docs81/webserv/security.html#1072263
    joe wrote:
    >
    found some interesting articles and presentations on the topic
    for all interested
    http://www.datapower.com/m/lw1.html
    hope this will be found useful,
    Joe

  • Web Clipping portlet and https

    We have an external ASP application that requires HTTPS authentication. We want to pull the application into portal via a Web Clipping portlet.
    However when we try start up web clipping studio with the https url we get the following error:
    'WCS-517 -- SSL handshake failed for HTTPS connection to URL https://icwwwd.cc.ic.ac.uk/spectrum/ict/services/software/shop/downloads/SoftwareShop.asp by method get'
    My questions are:
    1. Is it possible to use the web clipping portlet to access a secure page?
    2. If so does anyone know why we are getting this error?
    3. Assuming we can, how do we get portal to automatically log on to the application via https so users do not have to login twice i.e. once into portal and once into the asp application?
    Thanks
    Andrew

    Here is a more complete answer, cut and paste from the Oracle9iAS Portal Web Clipping Portlet User’s and Administrator’s Guide at
    http://portalcenter.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/DOCTEAM/WEBCLIPPING/WEBCLIPV9025.PDF
    5.3 Configuring Security
    When a user navigates to a secure site, the Web site typically returns a
    certificate identifying itself to the user when giving secure information. If
    the user accepts the certificate, the certificate is placed into the list of trusted
    certificates of the browser so that a secure channel can be opened between
    the browser and that server. Like aWeb browser, theWeb Clipping Provider
    behaves as an HTTP client to external Web sites. In order for the Web
    Clipping Provider to keep track of trusted sites, it makes use of a file that
    stores the certificates of those sites, namely the ca-bundle.crt file.
    The shipped ca-bundle.txt is an exported version of the trusted server
    certificate file from OracleWallet Manager (OWM). The default trusted
    server certificate in OWM does not cover all possible server certificates that
    exist on theWeb. For this reason, when a user navigates to a secure server
    using HTTPS, the user may get an "SSL Hand-shake failed" exception in the
    Web Clipping Studio. To solve this problem, the ca-bundle.crt file
    needs to be augmented with new trusted sites that are visited. As a Portal
    Administrator, you must do the following to extend the shipped
    ca-bundle.crt file:
    1. Use a browser (preferably Internet Explorer) to download the root
    server certificate from each external HTTPSWeb site in BASE64 format
    that is visited, and is missing from the trusted certificate file.
    2. Use Oracle Wallet Manager (OWM) to import each certificate.
    3. Export the trusted server certificates into a file and replace the
    ca-bundle.crt file with that file.
    For more information about Oracle Wallet Manager, see Chapter 17 "Using
    Oracle Wallet Manager" in Oracle Advanced Security Administrator’s Guide in
    the Oracle9i Release 2 (9.2) documentation section on the Oracle
    Technology Network (OTN) (http://otn.oracle.com).
    =============
    So, if you have another certificate authority that you need to add, i.e., DOD certs, etc., you must follow the instructions above.

  • Firefox will not let me get on any websites (safe AND not safe), claiming that it "may pose a security threat to your system"; when I try to choose the "proceed unprotected" option, it won't let me.

    My computer's anti-virus software recently expired. A few days later, I went to download a new anti-virus software . . . when I opened up Firefox, I received a warning that claimed Firefox was infected with "Trojan-BNK.Win32.Keylogger.gen", and gave me two options: "Activate XP Security 2011 (recommended)" (this was a $60 charge and required credit card info) or "Continue unprotected (Dangerous)"
    Since I needed to install new anti-virus, I figured I would continue unprotected, download my new software quickly, and remove the virus. But when Firefox opened, it gave me a message saying: "Firefox alert. Visiting this site may pose a security threat to your system!". Gave me three options:
    1. "Get a copy of 'XP Security 2011' to safeguard your PC while surfing the web (RECOMMENDED)"
    2. "Run a spyware, virus and malware scan" (I already did this)
    3. "Continue surfing without any security measures (DANGEROUS)"
    I tried clicking on different links, but the same warning kept showing up, even on verified and safe sites. I tried to choose the third option so that I could download my anti-virus software quickly, but nothing happened when I clicked on it - the page reloads and the warning shows up again.
    My computer is still without anti-virus software because Firefox will not let me surf the internet. Please help!

    It sounds as though your PC is infected with fake antivirus software. The detailed cleanup instructions vary depending on which fake AV you have. However, as a first step, try this:
    Download the following on a different PC, copy them to a USB flash drive or CD, and then run them on the infected PC:
    Malwarebytes Anti-malware : http://www.malwarebytes.org/mbam.php
    SUPERAntiSpyware : http://www.superantispyware.com/
    Hopefully these will get you back online safely. If not, search for clean-up instructions for the specific malware.

  • Java.lang.NullPointerException + Web Clipping Portlet

    Hi,
    I have created one external application connection and one Oracle-PDK producer connection referring to that external application.Then I dragged that web clipping portlet into a Webcenter application.
    After running jspx file,it raises an error 'Portlet Consume Error'.
    In Jdeveloper the error log is as follows::
    <ServletLogger> <severe> ERROR: Unhandled exception in SOAP call
    java.lang.NullPointerException
         at oracle.portal.wcs.session.http.HttpClientTransportSessionContext.login(HttpClientTransportSessionContext.java:308)
         at oracle.portal.wcs.common.WcExternalPrincipal.login(WcExternalPrincipal.java:322)
         at oracle.portal.wcs.provider.ProviderUserTransportSessionContextManager.handleExternalPrincipal(ProviderUserTransportSessionContextManager.java:91)
         at oracle.portal.wcs.provider.WcProviderInstance.initSession(WcProviderInstance.java:183)
         at oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter.initSession(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.doMethodCall(Unknown Source)
         at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.handleRequest(Unknown Source)
         at oracle.webdb.provider.v2.adapter.SOAPServlet.doSOAPCall(Unknown Source)
         at oracle.webdb.provider.v2.adapter.SOAPServlet.service(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    Please help.It is very urgent!!!!!!!!!!!

    Hi
    Are you useing NWDS(CE 7.1) then you have use this sort of code to  bind it
    Model1 model1Model = new Model1();
        Bapi_Flight_Getlist_Input bapi_Flight_Getlist_Input = new Bapi_Flight_Getlist_Input(model1Model);
        Bapi_Flight_Getlist_Output output = new Bapi_Flight_Getlist_Output(model1Model);
        java.util.List<Bapisfldat> flight_List = new ArrayList<Bapisfldat>();
        output.setFlight_List(flight_List);
        wdContext.nodeBapi_Flight_Getlist_Input().bind(bapi_Flight_Getlist_Input);
    and if you are using NWD 7.0 then the binding will be differ use below sample code to bind it.
    Bapi_Flight_Getlist_Input input = new Bapi_Flight_Getlist_Input();
         input.setDestination_From(new Bapisfldst());
         input.setDestination_To( new Bapisfldst());
         wdContext.nodeBapi_Flight_Getlist_Input().bind(input);
    PS: Also check the cardinality  should be 1..n not 0:n.
    Thanks

  • Web Clipping - no install link displayed

    I try to install/configure WebClipping portlet on a stand-alone OC4J instance. Duing the provider configuration stage I run into the problem that my database schema does not contain the proper objects ("The Provider is not configured correctly. It has been detected that the schema provided contains tables that conflict with the required tables. Please change the schema information by configuring it appropriately in the Provider Configuration section below.")
    The target schema is PORTAL, in the 9.0.2 release.
    The Install link that is promised in the configuration document ("Otherwise, an Install link displays next to the status of the Web Clipping Repository on the Test Page. You can click it to dynamically install the required schema tables into the user that you provided earlier. ") does not appear. I do not seem to have the option to install the database objects required for the WebClipping repository. What can I do - other than upgrading to 9.0.4?
    Thanks,
    Lucas Jellema (AMIS)

    Tim,
    Was wondering if you had any experience with the following:
    we installed the web clipping portlet on unix and
    can see the portlet after registering the provider.
    when add the portlet to the page we get the following error:
    any help would be greatly appreciated:
    : (WWC-00000)
    An unexpected error has occurred in portlet instances: wwpob_api_portlet_inst.create_inst (WWC-44846)
    The following error occurred during the call to Web provider: java.lang.NoClassDefFoundError
    at oracle.portal.wcs.provider.WcPortletInstance.register(WcPortletInstance.java:82)
    at oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter.registerPortlet(Unknown Source)
    at oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter.registerPortlet(Unknown Source)
    at java.lang.reflect.Method.invoke(Native Method)
    at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.doMethodCall(Unknown Source)
    at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.processInternal(Unknown Source)
    at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.process(Unknown Source)
    at oracle.webdb.provider.v2.adapter.SOAPServlet.doSOAPCall(Unknown Source)
    at oracle.webdb.provider.v2.adapter.SOAPServlet.service(Unknown Source)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
    at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:59)
    at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:283)
    at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:523)
    at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:269)
    at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:735)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:151)
    at com.evermind.util.ThreadPoolThread.run(ThreadPoolThread.java:64)
    (WWC-43147)
    Thanks,
    Suzanne

  • Unable to edit Web Clipping repository.

    Hi,
    I'm connecting at ...portalTools/webClipping/providers/webClipping with user portal_admin and I'm unable to edit the Web Clipping Repository.
    I got this error message, I thought that portal_admin had those privileges... Any idea what I can do?
    Error : Insufficient Privilege. Please contact the administrator for privilege in Default Provider Builder Instance.

    I opened a TAR and they said that it was impossible with this version to navigate to an external web site through proxie needing a password, BUG. Supposed to be ok in the next version or patchset.
    That surprised me because many companies with web access have proxie user/password for evident security reasons. I don't understand why Portal developers haven't thought about that...

  • Safari Dashboard Web Clip https

    I'm hoping someone knows how to make an secure web site with a port (https://x.x.x.x:4444) for instance a web clip for the dashboard. I can easily create it but it of course doesn't work. It says it can't connect to the site. Obviously it requires a user name and password. I had already logged in and was viewing what I need when I created the clip. Is there a way to adjust the address that the clip uses and how does a web clip handle usernames and passwords? Is that something you have to pass in the URL?
    Thanks,

    I would like to do this as well.
    I monitor an internal web site that displays network traffic and it would be very convenient to do this as a web clip on the desktop.
    Can someone tell us where the details for the Dashboard web clip are kept? Perhaps there are some additional properties that can be added to it from the back end that would get it to work. (A port number, 'https', credentials, etc.) It would almost be silly if it couldn't be done!
    -Travis
    Message was edited by: Travis B

  • How will the Time Capsule support IPv6 and coop with the new emerging security threats that will emerge due to the new technical possibilities that IPv6 provide?

    How will the Time Capsule support IPv6 and coop with the new emerging security threats that will emerge due to the new technical possibilities that IPv6 provide?

    Cross your fingers and hope.
    Obviously if there is any big or known threat Apple will send out a firmware fix.
    But the TC is designed to be end user simple device. It has no firewall that is visible at any rate. I don't know that it truly doesn't have a firewall but it is not part of the end user controls.
    IMO if you have major security concerns that go beyond end device firewall, which is where Apple do put most of the security, since firewall in the router is plainly not a stop to anybody deliberately downloading an infected file or website, and most end users.. do not want a firewall that prevents them using the web like a business does, where only certain ports are allowed. Everything else tough luck.. you are not allowed to use it. Then TC is unsuitable for you anyway.. buy a proper firewall appliance.

  • Partner application and web clipping.

    Hi All,
    I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
    WC-517 : SSL handshake failed with the url ...
    I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
    Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
    Thanks in advance
    -Venkat

    I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
    Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
    app-name:hostname:port
    hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
    John H.

  • How to make my Portal Web Service SECURED?

    Hi Experts,
    I created one portal Service and exposed it as Portal Web Service.
    Everything is working fine, as i deployed my Portal Web Service on to the SAP J2EE Engine ie SAP Server.
    I m able to access functions of Web Service from my StandAlone Java Application.
    but the problem is my Web Service is not SECURED.
    How can i make my Portal Web Service SECURED?
    Please help me out.
    Help will be appreciated and rewarded!!!!!

    user13046122 wrote:
    I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
    I now need to make SOAP Web Service calls - from an 8.1.7.4 database
    But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
    Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
    It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

  • Https and web clipping portlet

    Hi,
    I have little problem with portal, I can't add web clipping portlet from my web app, which using https.
    Has anyone any experience with adding web clipping portlet over ssl? Is it possible? (version 10g, 10.1.2.0.0)
    Thanks
    Jan Kralik

    Hi Jan,
    Have you configured the whole iAS stack in SSL? -- refer to Section 6.3.2.1.4, "SSL Throughout OracleAS Portal" from the Portal Configuration Guide (http://www.oracle.com/technology/documentation/appserver1012.html).
    I hope it helps...
    Cheers,
    Pedro.

  • Web application through web clipping portlet configured through SSO

    I have followed the steps in the below URL in integrating the external application with SSO configuration.
    http://MKD-164540.wipro.com:7778/portalTools/webClipping/providers/webClipping
    After adding the web clipping portlet to the portal page it is giving the below message.
    User authentication failed. Please use the following link to update the information.
    Update login information.
    Navigating to "Update login information. " link showing to enter the log in and password details.I am confused which log in details I have to submit here. I have tried my AD credentials and application login details. Its not working anything.
    If anybody have any idea on this, Please help me.
    Regards,
    -Venu

    Either the login information is not correct (it explains it should not be domain\username but just username) or the authentication format from your Microsoft proxy server (Kerberos?) is not compatible with the Web Clipping portlet. You might get a better reply in the Portal forum about supported proxy authentication methods for the WebClipping portlet.

  • Web Clipping portlet and pdf files

    Hi,
    I have created a web clipping portlet which just includes a set of links to HTML and pdf files. When I try to open a link to a pdf file the web clipping portlet fails, but links to the html content work fine
    Is it possible using web clipping to open the links to the pdf files and display them in the web clipping portlet ?
    Thanks,

    Hi,
    I have created a web clipping portlet which just includes a set of links to HTML and pdf files. When I try to open a link to a pdf file the web clipping portlet fails, but links to the html content work fine
    Is it possible using web clipping to open the links to the pdf files and display them in the web clipping portlet ?
    Thanks,

  • Error in registering a provider for External Application for Web Clipping

    Getting Error: The provider URL specified may be wrong or the provider is not running. (WWC-43176)
    when trying to register a provider for an external application for Web Clipping

    Hi Vineet,
    The admins applied a patch to my version of the OracleAS 10g Version 9.0.4. and now I able to register a provider with the same URL but different Provider Name. I added My Yahoo Web Clipping from the Portlet Staging Area. That works fine but when I click on the check mail link in the Web Clipping Studio it gives me the following error. I have tried several times and I get the same error....
    An exception has occured : WCS-514 -- Get status code 403 to URL http://us.rd.yahoo.com/my/prop/mail/*http://mail.yahoo.com/ by method get
    Please click "Cancel" or "Back" in the above panel (if present) to retry. Otherwise, please try to click "Back" (from the browser) to go back to the Oracle Portal page to restart.

Maybe you are looking for

  • How to create a Flex3 project with remote ColdFusion server?

    I have a question related to Flex 3 and ColdFusion that it might be simple to answer but I have been struggling with it for a while. How to create a Flex application using Flex Builder 3 that uses ColdFusion, but the ColdFusion server is not installe

  • Record are reparting in TOAD

    Below query record are reparting as in one union i have to use ra_customer table and in another i have to not use ra_customer table, second condition is that i have to use ard.source_type='CASH', Please advice select         jc.je_category_name      

  • Unicode characters not displayed in text property

    I am developing a web application with Flex Builder. I write the text for each label using a font called Dhivehi which is written from left to right, and then copy the text and paste it in the label property called text. However in the source code vi

  • Smartform - Internal table

    Hi experts, If I want to pass my internal table from an abap program to the smartform, should I always declare it in se11 if that kind of table is not existing in sap?

  • Ending photos outside of iPhoto and Entourage

    I'm having a helluva time email photos. I don't have a .mac account and don't want to pay for a premium hotmail account to use entourage. i hate to say this but when I had a pc, Picassa was much simpler. Even if I use my usual email account, Mac make