Web interface security

Similar Messages

• Security when using EM web interface to administer the database

  When I'm connecting to the database
  via EM Database Control web interface,
  it uses http protocol (http://machine:5500/em),
  can it be used for safety https protocol,
  or are there when using standard http protocol
  at least passwords encrypted before
  sending it over http?

  I have called
  'emctl secure dbconsole' command,
  it run successfully,
  but when I tried to start it
  'emctl start dbconsole', it failed,
  now I'm not able to stop it,
  when I do so, the output is like this
  '--- Failed to shutdown DBConsole Gracefully ---',
  the state is 'not running', but when I try to
  start it now it complains that EM Database Control
  is already running.
  What to do to make it work now at least without SSL?

• WVC54GCA Missing WPA/WPA2 security options in web interface

  I just got a WVC54GCA and found out that there are some missing configuration options in the wireless settings:
  On the cameras web interface:
  web interface > Basic : Wireless Settings > [ Edit Security Settings ] > Security Mode:
  the dropdown gives me only two options: Disable and WEP, but no WPA, WPA2!
  I upgraded to the latest firmware (1.1.00 build 02), but the problem remains.
  Tried different browsers (Firefox 3.5, IE8) with the same result.
  Is this a firmware bug?  A faulty device? Anyone else having the same issue?
  Solved!
  Go to Solution.

  Try to clear the Browser settings of your IE and then try to login to the setup page of your Camera, and check if you are able to find that options.... If still unable to find WPA/WPA2 Option on your camera, Press and hold the reset button for 60 seconds...Release the reset button...Unplug the power cable from your camera, wait for 60 seconds and re-connect the power cable....
  Now check if you are able to find that options... If still not then i think it might be the problem with the Camera...  I think you need to replace your Camera.

• Cisco SPA514g Secure web interface only.

  I have a Cisco SPA514g, I want to secure the web interface with a password. When I change the password and it reboots the phone comes up fine. On certain functions in now asks for the user password for example on redial. Is there a way to disable the security on these functions other than removing the password on the profile "user"?

  Use the following document http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12213ja/i12213sc/s13web.htm to get access to the Web interface

• ASA 5505 configured for WebVPN connecting to Citrix Web Interface

  ASA 5505 configured for WebVPN connecting to Citrix Web Interface.
  i have a ASA 5505 that I am attempting to configure for WebVPN with passthrough into Web Interface .  The user authenticates into WebVPN OK and gets the option to click on the Citrix Link (which is i add bookmark  citrix server http:// 172.30.40.5.) i enter the citrix and then for example  i want to open to outlook it can not open. (when i want to open some application no application is open)).there is no alarm at asa. how i solve this issue?
  thanks.

  Teymur,
  Can you confim that after disabling the ssl/tls on the Citrix server (secure connectivity) that you are getting exactly the same error.  It is possible that it is generating a different error.
  The bug where we have see the existing error was CSCtf06303 but that has been fixed in 8.4.1.  Can you confirm the exact version of code you are running on the ASA.
  If you have confirmed the above two notes it may be adventageous to open a TAC case as we may need to do some live additional troubleshooting.
  Thanks
  -Jay

• Last Character In Crystal Report cut off when ran via BO web interface

  I created a report in Crystal and uploaded it to the Business Objects Web Interface.
  On my detail row, the last character is getting cut off regardless of the length of the text.  Even short words like "Yes" are losing the last character, and appearing as "Ye", and there is plenty of room available between the right margin.
  The column header extends out further with no issues.
  Does anyone have a solution for this?

  Hi Dean,
  Try with this:
  Go to the following registry sub key:
  HKEY_USERS\[your security profile]\Software\Crystal Decisions\10.2\Crystal Reports\Export\Pdf
  Right-click the sub key and click New > DWORD Value. Name the DWORD value "ForceLargerFonts" and set it to the value of 1.
  Regards,
  Shweta

• Firefox 27.0 will not allow me to have access to my web interface on my xerox 8560 mpf printer.

  I believe the loss of connectivity occurred during the firefox upgrade since I was able to address the printer's web interface earlier. The complete error message is
  Secure Connection Failed
  An error occurred during a connection to 192.168.10.102. Peer was unable to decrypt an SSL record it received. (Error code: ssl_error_decryption_failed_alert)
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

  There have been issues reported caused by using some SSL cipher suites that aren't working properly with some servers.
  A possibility to test this is to disable all SSL cipher suites on the about:config page (i.e. toggle security.ssl3.* prefs that are true to false) and enable one at the time to see if you can find the culprit and keep this suite disabled and reset the other cipher suites or possibly continue testing to see which ciphers work with this server.
  Do a hard refresh of the tab with this not working page via "Ctrl+F5" or "Ctrl+Shift+R" after each change.

• Laserjet 4345 mfp won't scan to folder; web interface not showing all admin tabs

  Hi,
  I have a laserjet 4345 mfp which, until a few days ago, was able to scan documents to a network folder. When I try now it gives me the error "the path cannot be found". Here's what I've tried so far:
  - Looked for a way to change the network folder settings or define a new folder. I couldn't find any so I printed the "how to scan to folder" page from the control panel. It tells me to define a new location by clicking the "Other" button on the control panel, but I can't find an Other button, on any screen.
  - Accessed the web interface, which only shows up  with the "Home" and "Networking" tabs - no "Digital Sending", "Settings", or  "Information" tabs, which should be there according to the manual.
  - Thinking it might be a permissions issue, I checked and found that the administrator password was not set. I set the admin password via the web interface, and now when I try to access it prompts for the password I defined, but still gives this incomplete interface. I am also able to access and change all the networking settings, so I don't think insufficient permissions are the issue.
  - Called HP support, they said the problem is permissions and I should cold reset the machine, which I am quite reluctant to do since not only all settings, but the entire address book as well, would need to be re-entered. This aside from the fact that I really don't think permissions are the issue, as decribed above.
  - Verified that I am able to send scans to different email addresses. SMTP gateway test goes through OK. LDAP does not, but this has not prevented scan to folder from working in the past.
  I don't know how the scan-to folder was initially set up because I wasn't supporting this client at the time.
  Any ideas?
  Many thanks in advance.

  I have a problem with my scan to folder as well and I have to access the folder from a computer before it will work.  I'm not sure why that works, actually.  You might want to give that a try to see if it fixes the problem.  If it does, I imagine it is some sort of security problem with the folder you are trying to scan to.
  Thanks,
  Tiffany
  I am an HP employee!

• TACACS Authorization of Web Interface on Aironet 1200 AP

  I have the Aironet 1200 AP setup to authenticate and perform authorization for the CLI via TACACS. That is working fine.
  However, the web interface is failing "ip http authentication". (Slight caveat - it works for a local user in the local AP DB - it does not work when it goes to CiscoSecure ACS to authenticate/authorize).
  I can get to some pages (prompt and pass authentication), but certain pages (e.g. Services>>SNMP) where configuration steps are taken cause a second prompt is presented, username and password is provided, and it fails.
  This is only evident from the output of a "debug ip http authentication"
  What do I need to configure in ACS to make this work?
  Relevant portion of config:
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local
  no ip http server
  ip http authentication aaa
  ip http secure-server
  Sep 7 13:40:59.885: HTTP AAA picking up console Login-Authentication List name: default
  Sep 7 13:40:59.885: HTTP AAA picking up console Exec-Authorization List name: default
  Sep 7 13:40:59.909: HTTP: Authentication failed for level 15
  Sep 7 13:41:06.757: HTTP AAA picking up console Login-Authentication List name: default
  Sep 7 13:41:06.757: HTTP AAA picking up console Exec-Authorization List name: default
  Sep 7 13:41:06.780: HTTP: Authentication failed for level 15
  This document appears to describe a scenario similar to mine, but is for http - not HTTPS:
  Local Authentication for HTTP Server Users
  http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a0080178a51.shtml#tac-win
  Any ideas what I may be missing here?
  Thanks,
  Jeff

  I found the answer was to use a more specific "ip http authentication" statement. Specifically,it required the following:
  CiscoSecure ACS:
  Group Settings
  Shell (exec)
  Priv Level = 15
  On the AP:
  had to enable:
  ip http authentication aaa login-authentication AP_Web (Named Method List)

• Web service security in PI

  Mine is PROXY to SOAP asynchronous.
  PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
  so that at receiver statem they can validate the user using these.
  When i am calling webservice from soapui with the header parameters
  Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>xxxxx</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
  <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
  <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  What configuration needs to be done in PI.

  I got this in Runtime work bench
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
    <sap:MessageClass>ApplicationMessage</sap:MessageClass>
    <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
  - <sap:Sender>
    <sap:Party agency="" scheme="" />
    <sap:Service>test2310</sap:Service>
    </sap:Sender>
  - <sap:Receiver>
    <sap:Party agency="" scheme="" />
    <sap:Service>test_serivce</sap:Service>
    </sap:Receiver>
    <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
    </sap:Main>
  - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
    </sap:ReliableMessaging>
  - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:TraceLevel>Fatal</sap:TraceLevel>
    <sap:Logging>On</sap:Logging>
    </sap:Diagnostic>
  - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
  - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
    <sap:Engine type="BS">test_serivce</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
    <sap:Engine type="IS">is.68.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
    <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    </sap:Hop>
    </sap:HopList>
    </SOAP:Header>
  Edited by: Vamsi on Jul 15, 2009 7:06 PM

• Web Service Security using OpenSSO

  Hi,
  I have a question regarding the usage of the OpenSSO in order to secure web services.
  I have read the documentation and it states the OpenSSO enables web service security.
  However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
  In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
  To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
  Thanks!

  Hi
  Thanks for your reply
  I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
  I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
  I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
  When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
  What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
  paul

• Web Interface for Apple TV2

  Is there any way of being able to control my Apple TV through a web interface, in a similar way to using the 'remote' app?
  I can't belive that a product as sophistcated as my Apple TV doesn't have the ability to web into it.
  If my printer can be controlled through the web interface why not this?
  Any hints people?
  I've heard tales of being jail breaking them to do a similar thing but i don't want to go down that route.

  Apple does not currently provide any kind of API for controlling the Apple TV using TCP or UDP, it is a closed protocol which theoretically could be "hacked" but it probably uses encrypted data so that they can monopolize the Remote Application.
  Apple DOES have an API for controlling the Apple TV Generation 1 - so they specifically depreciated the API so that they could monopolize the Remote App.  A lot of innovative solutions were and are available for Generation 1.
  The reason this is an important feature that apple neglects is for 3rd party control systems which do much more than just control Apple TV.  They may control lighting, security systems, cameras, TV's, and more... single button presses do multiple different things - and it'd be very nice to have an API to control the Apple TV over TCP. 
  This would also open up the ability for developers to make creative ways of controlling the Apple TV on many devices whether it's Android, Blackberry, iOS, Web, Computers, etc.  It makes perfect sense and there is ABSOLUTELY NO REASON they should not have an IP Control Protocol - it's unbelievable.
  To answer your question on the HTTP Server.  They could theoretically install a simple HTTP Server to allow some basic control and it would probably take an engineer a day to get that working (I'm sure they have it for themselves already). 
  Also they should be able to make a VERY SIMPLE Remote App for Mac in a matter of a day that would control the Apple TV.  Granted it takes time to market it, etc - but if I had the Control Protocol, I could have a "Remote App" for Mac, Windows, and Linux within about 6 hours programmed that would operate for what you guys need.  Apple already has the code used in their REMOTE APP so they could do it even faster.

• Problem getting subsonic web interface to work

  I posted this in the subsonic forums and have not received any reply.
  I had Subsonic running nicely on Debian, but I have now switched my server OS to Arch. I installed the package in the AUR (https://aur.archlinux.org/packages.php?ID=35954), which is based on the standalone version of subsonic, but I have not been able to connect to the web interface once the server is started.
  The variables in subsonic.sh look like this:
  SUBSONIC_HOME=/var/subsonic
  SUBSONIC_HOST=127.0.0.1
  SUBSONIC_PORT=4040
  SUBSONIC_HTTPS_PORT=4041
  SUBSONIC_CONTEXT_PATH=/
  SUBSONIC_MAX_MEMORY=100
  SUBSONIC_PIDFILE=/var/subsonic/subsonic.pid
  SUBSONIC_DEFAULT_MUSIC_FOLDER=/var/subsonic/music
  SUBSONIC_DEFAULT_PODCAST_FOLDER=/var/subsonic/podcasts
  SUBSONIC_DEFAULT_PLAYLIST_FOLDER=/var/subsonic/playlists
  I have what I believe are suitable permissions on all of the needed folders:
  drwxr-xr-x 2 root root 4096 Jul 16 11:49 db
  -rw-r--r-- 1 root root 3003 Jul 15 19:49 Getting Started.html
  drwxr-xr-x 3 root root 4096 Jul 15 20:43 jetty
  -rw-r--r-- 1 root root 35819 Jul 15 19:49 LICENSE.TXT
  drwxr-xr-x 2 root root 4096 Jul 15 21:19 music
  drwxr-xr-x 2 root root 4096 Jul 16 11:38 playlists
  drwxr-xr-x 2 root root 4096 Jul 16 11:38 podcasts
  -rw-r--r-- 1 root root 540 Jul 15 19:49 README.TXT
  -rw-r--r-- 1 root root 846961 Jul 15 20:45 subsonic13.index
  -rw-r--r-- 1 root root 10805794 Jul 15 19:49 subsonic-booter-jar-with-dependencies.jar
  -rw-r--r-- 1 root root 688 Jul 16 11:54 subsonic.log
  -rw-r--r-- 1 root root 5 Jul 16 11:48 subsonic.pid
  -rw-r--r-- 1 root root 98 Jul 16 11:49 subsonic.properties
  -rwxr-xr-x 1 root root 5067 Jul 16 11:40 subsonic.sh
  -rw-r--r-- 1 root root 9403 Jul 16 11:49 subsonic_sh.log
  -rw-r--r-- 1 root root 18871786 Jul 15 19:49 subsonic.war
  drwxr-xr-x 2 root root 4096 Jul 15 20:44 transcode
  When I run the subsonic.sh script, I get this:
  Started Subsonic [PID 3231, /var/subsonic/subsonic_sh.log]
  'ps aux' confirms it is running:
  root 3231 22.4 2.6 237256 54236 pts/4 Sl 11:48 0:15 java -Xmx100m -Dsubsonic.home=/var/subsonic -Dsubsonic.host=127.0.0.1 -Dsubsonic.port=4040 -Dsubsonic.httpsPort=4041 -Dsubsonic.contextPath=/ -Dsubsonic.defaultMusicFolder=/var/subsonic/music -Dsubsonic.defaultPodcastFolder=/var/subsonic/podcasts -Dsubsonic.defaultPlaylistFolder=/var/subsonic/playlists -Djava.awt.headless=true -jar subsonic-booter-jar-with-dependencies.jar
  But 'lsof -i' shows no ports are actually open for subsonic and when I try to go to the server on port 4040 in a browser, it won't load the page. I can't access the web interface either on the server itself or on my laptop. I have also tried the secure port with no joy.
  I have added 'java: ALL' and 'subsonic: ALL' lines to hosts.allow. Not sure whether or not this is necessary.
  /var/subsonic_sh.log: http://pastie.org/2237984
  /var/subsonic.log:
  [2011-07-17 17:12:17,504] INFO DaoHelper - Checking database schema.
  [2011-07-17 17:12:19,213] INFO DaoHelper - Done checking database schema.
  [2011-07-17 17:12:20,222] INFO SearchService - Automatic index creation scheduled to run every 1 day(s), starting at Mon Jul 18 03:00:00 PDT 2011
  [2011-07-17 17:12:20,712] INFO PodcastService - Automatic Podcast update scheduled to run every 24 hour(s), starting at Sun Jul 17 17:17:20 PDT 2011
  [2011-07-17 17:12:24,164] INFO NetworkService - Deleted port mapping for port 80
  [2011-07-17 17:17:20,706] INFO PodcastService - Starting scheduled Podcast refresh.
  [2011-07-17 17:17:20,709] INFO PodcastService - Completed scheduled Podcast refresh.
  I don't see anything that looks like an error message in this.

  What would help people to be able to suggestion useful solutions? Am I missing information?

• When is Linksys going to fix the WPS54g web interface that's crashing?

  Since the last update 6049 in September 2005 which fixed problems but also introduced a new problem. If you used Firefox or Internet Explorer 7 both will completely crash the print server. Now with Internet Explorer 6 it works fine. The problem is you can't get Internet Explorer 6 with Vista, and also Microsoft is updating all Windows XP boxes to Internet Explorer 7 though the auto update. I love the web interface and the Admin tool is not as powerful as the web interface. There has not been an update since September 2005.Personally I use Ubuntu Linux and Firefox started crashing the server immediately with the update , but I needed. It was ok because I had a Windows VM with IE 6, and I figured Linksys wasn't going to give me the time of day. Any workarounds maybe?
  (Edited for guideline compliance. Thanks!)Message Edited by JOHNDOE_06 on 02-21-200709:59 PM
  Message Edited by jerone on 02-22-200701:08 PM
  I ask Johndoe_06 that you not edit this into a question that is not relavent. The problem is a problem that Linksys needs to fix.Message Edited by jerone on 02-22-200701:09 PM
  Message Edited by jerone on 02-22-200701:10 PM

  This is not a security setting problem. Firefox first exposed this problem and now IE 7 is exposing it. The print server should not crash if a web browser is viewing it. No matter if you are under Windows or Linux . I first saw this problem using Firefox under Linux. But IE 6 worked fine under Windows. But now IE 6 is now gone to the way side and both Firefox & IE 7 send commands to access web pages is exposing a serious problem in the WPS54g firmware.Message Edited by jerone on 02-22-200701:10 PM

• Unable to Access CSACS 5.3 Web Interface...

  Hi Everyone,
  I wanted to note an issue I ran into today with our MS Windows 7 workstations and 2008 servers being unable to access the web management interface on our instance of ACS 5.3 and its solution, which is outlined below:
  ###      The Problem      ###
  When I tried accessing the web management interface on our ACS 5.3 appliance, the browser was unable to connect.  NMS applications showed that the device was up and I was able access it via SSH.  I then tried connecting to 443 via telnet on my workstation and was successful in establishing a connection.  I proceeded to issue the "show application status acs" command showed all associated processes running.  I had a co-worker attempt to access it and he ran into the same issue.  I then proceeded to restart the ACS application by stopping and starting the associated processes.  After the processes were back up, attempts to connect to the web management interface still failed.  I then proceeded to reboot the appliance.  Again, after the applicance and processes were back up, attempts to connect continued to fail.  As a last ditch effort I used a portable version of Firefox to connect and was then successfully able to connect.
  ###       The Source        ###
  After additional troubleshooting, it was discovered that the MS Internet Explorer patch associated with MS Security Advisory 2661254 just so happened to be the culprit.  This restricts the use of certificates with RSA keys less than 1024 bits in length.  The default management certificate just so happens to be 512 bits in length.
  ###          The Fix           ###
  Using FireFox, I navigated to System Administration > Configuration > Local Server Certificates > Local Certificates.  I then proceeded to add a certificate in the following steps:
  Select Generate Self Signed Certificate & click next
  Populate the Certifcate Subject field with the appropriate DN information of the ACS server.
  Change the key length to 1024 or above.
  Check "Management Interface:  Used to authenticate the web server (GUI).
  Check "Replace Certificate".
  Click Finish.
  The ACS server should then generate the new certifcate, replace the existing management certificate, and restart the ACS processes.  After everything is back up, you shouldn't have any issues in accessing the web interface.
  Cheers,
  Dan

  Hello Dan,
  Thank you for trying to share the information you have.
  Note please if you want to share information you can post a document, not a discussion.
  You can convert this discussion into a document from the right pane menu.
  Greetings,
  Amjad
  Rating useful replies is more useful than saying "Thank you"