What is SAP's security level in CC?

Similar Messages

• What does setting the internet zone security level to high actually do?

  I was asked to set the Internet zone security level to high via a GPO, this has been done for a test group of users. The setting has been confirmed, but as far as I can see it has not actually done anything.
  Can anyone tell me what changes I should see to the behavior and/or access of websites now the security level is set to high?

  Hi,
  Setting the internet zone security level to high might prevent harmful content with maximum safeguards and less secure features are disabled.
  When you visit some sites with script pop up, the script will be disabled if you set the security level to the high level. For more information about
  the internet zone security level, please refer to this:
  http://blogs.technet.com/b/steriley/archive/2008/09/16/internet-explorer-security-levels-compared.aspx
  Regards.

• Difference between SAP CRM Security and SAP ECC 6.0 security

  Hi
  I have extensively worked on SAP ECC security but haven't have chance to work on CRM Security.
  Can anyone please let me know the difference between CRM security compared to  ECC security.
  Thanks...

  I am sorry to say, but instead of giving the guy a decent answer you are starting a fight or discussion about stupid forum points...
  really sad.....
  The big  difference between SAP ECC and SAP CRM Security (up to release 5.0) was the following:
  1) For sure there are very different transaction codes in SAP CRM as compared to SAP ECC in the first place
  2)  If you are familiar with R/3 or ECC authorizations; then you know that already on transaction code level, the 'allowed activity' is controlled on tcode level , whereas in SAP CRM , in most cases the 'allowed activity is not controlled by the Transaction code, but on authorization object level....
  E.g. transaction code BP allows you to create/change/display  any type of Business Partner (e.g; sold-to/ship-to/contact person/employee/customer) which is based on the business partner ROLE concept.... anyway...you can control the allowed activity based on different authorization objects.....
  another example is business transaction processing...which can be launched by:
  a very generic transaction code: CRMD_ORDER
  transaction category related transaction codes :e.g.
        > CRMD_BUS2000126 for activity management
        > CRMD_BUS200115 for Sales processes
  Again...allowed activity is not controlled by the tcode, but on authorization object level...
  3) As of the new WEBCLIENT UI (which is valid as of release CRM2006s/CRM2007/CRM7.0) SAP also invented an extra authorization layer, which is UI COMPONENT LEVEL and logical links....  controlled by object UIU_COMP.
  However, they also introduced the BUSINESS ROLE Concept (e.g; SALESPRO/MARKETINGPRO/...) which defines actually the functionalities, navigation bar, screen configuration, logical links you can use/see within the new WEBclient UI.
  Another thing is that instead of using TRANSACTION CODES, as of these new releases, you are actually using 'external services'....so you do not authorize on tcodes basically....but the logic between tcodes and external services in relation to the authorization objects that are checked is more or less the same....
  STANDARD authorization setup in the new WEBUI client is therefore controlled by both backend authorizations (not UIU component related) and the UIU_COMP (restricting access to workcenters/logical links/...)
  4) Additionally SAP also provides a concept called ACE (which stand for ACCES CONTROL ENGINE)....
  This requires a bit of customizing...and the rest is more or less pure customer development, as you will create your own methods where you'll define a logic which dynamically will verify what kind of access you have for an object....
  You should now that ACE is actually implemented on top of your 'normal' sap crm security setup....
  cheers
  Davy Pelssers

• SOAP Adapter with Security Levels - HTTP & HTTPS

  We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
  Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
  If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
  can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
  can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
  If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
  What is the difference between Security Levels  'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
  I appreciate your inputs on this.
  thx in adv
  praveen
  PS: We are currently on SAP PI 7.0 SP17

  Hi Praveen,
  There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
  HTTPS With Client authentication:
  The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
  and check this link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Regards,
  Prasanna

• Security Level Medium is not working for PO initial version

  Hi ,
      We have maintained security level as Medium in Purchaser user personalization. In order to restart the PO SAVED event workflow only there is a value changed while the PO is awaiting for approval..  Here is the scenario and how the start condition maintained for PO - WS 14000145 - SAVED event.
  Start condition maintained for event SAVED for WF template WS14000145 as below
  &_EVT_OBJECT.POTotalValue& GE 0.00
  Security level(BBP_WFL_SECURITY) maintained as Medium in personalization of SU01.
  my requirement is when the PO create first time ( Initial Version ) and route for approval. Three level approval is determined for the PO and first approval approved. while the PO is awainiting for second level of approval the purchaser changed the quantity. based on above start condition my expectation is , the PO has to restart and route from beginning. but that is not happening. when i see the approval preview the approval path shows the workitem is waiting in second level of approval.
  I tried the below start conditions also
  &_EVT_OBJECT.SimpleListOfChanges&CE TOTAL_VAL, but no result..
  What is the Medium functionality?
  here is the help i found from help.sap.com, but i am not clear about this..
  MEDIUM It is possible to change the document The system evaluates the workflow start conditions and starts the approval workflow again if the change necessitates a new approval If this is not the case, the approval workflow continues.
  Regards,
  John

  Hi John,
  The security level works differently for PO's.                                                                               
  In the function 'BBP_PDH_WFL_CHECK_RESTART is a desription how the    
  system should work:                                                                               
  The workflow will be RESTARTED in the following cases: 
  a) One has a standard workflow with the usual type of approval (not a 
     'back&forth' one). It will always be restarted independent on the  
     authorization levels of the user and whether the user is a PO      
     creator or not;               
  b) One has the 'back&forth' type of approval but the user reordering  
     the PO is not the PO creator (this could be another purchaser from 
     the same purchasing group);    
  c) It is the 'back&forth' type of approval and the user reordering the
     PO is the PO creator but he has the authorization levels that are  
     less then 2, i.e '0'(not defined') or '1' (no changes allowed);    
  That means the security level must be below '2' to force a restart.   
  I hope that this clarifies how the system is working.
  Kind regards,
  Siobhan

• Doubt About Security Levels

  Hi Experts,
  I want to know more About Security Levels.
  1..What r the Security Levels
  2..Why Do we need
  3..Where we can give the Security Levels
  Please Clarify me
  Regards
  Khanna

  Hi Rajesh,
  You can define a security level for incoming messages handled by certain HTTP-based sender adapters.
  Possible HTTP security levels are (in ascending order):
  -- HTTP without SSL
  -- HTTP with SSL (= HTTPS), but without client authentication
  -- HTTP with SSL (= HTTPS) and with client authentication
  This will clear most of ur doubts
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  Regards,
  Prateek

• What is SAP ESB (Enterprise Service Bus)?

  Hi fellow sdners gurus…  I have been reading threads about SAP SOA and ESB. 
  I do not want to start a debate on wether XI is an ESB, but more of a statement to what is SAP ESB (if XI it is, then be it).
  1) What is SAP ESB (Enterprise Service Bus) today (I could not find a clear answer to is)? 
  2) Who uses this SAP ESB in production currently and what kind of environment (i.e. strictly SAP backend systems, or combination of various vendors’ backend systems)?
  Can someone share some light on this topic?
  As a reminder, an ESB is expected to exhibit the following characteristics (source Wikipedia):
  •     It is usually operating-system and programming-language agnostic; for example, it should enable interoperability between Java and .NET applications.
  •     It uses XML (eXtensible Markup Language) as the standard communication language.
  •     It supports web-services standards.
  •     It supports various MEPs (Message Exchange Patterns) (e.g., synchronous request/response, asynchronous request/response, send-and-forget, publish/subscribe).
  •     It includes adapters for supporting integration with legacy systems, possibly based on standards such as JCA
  •     It includes a standardized security model to authorize, authenticate and audit use of the ESB.
  •     To facilitate the transformation of data formats and values, it includes transformation services (often via XSLT or XQuery) between the format of the sending application and the receiving application.
  •     It includes validation against schemas for sending and receiving messages.
  •     It can uniformly apply business rules, enriching messages from other sources, the splitting and combining of multiple messages and the handling of exceptions.
  •     It can provide a unified abstraction across multiple layers
  •     It can route or transform messages conditionally, based on a non-centralized policy (i.e. no central rules-engine needs to be present).
  •     It is monitored for various SLA (Service Level Agreement) threshold message latencies and other SLA characteristics.
  •     It (often) facilitates "service classes," responding appropriately to higher and lower priority users.
  •     It supports queuing, holding messages if applications are temporarily unavailable.
  Your help is greatly appreciated.
  Kind Regards,
  Jean-Michel

  PI or XI is the ESB from SAP side. PI is not a full pledged ESB on a reference model of ESB idea but it is the the framework SAP provide as a ESB product.
  A Standard Based ESB Reference Model should fullfil the following features in a framework.
  ESB Features    Service Enablement Phase (1, 2, 3)
  1)     Message brokering between heterogeneous environments                     
  2)     Supports asynchronous, synchronous, publish and subscribe messaging                    
  3)     Supports synchronous and asynchronous bridging                    
  4)     Supports message formats of SOAP                    
  5)     Support for message format of SOAP with attachments                    
  6)     Support for xml message                     
  7)     Support for structured non-XML data                    
  8)     Support for raw data message                    
  9)     Support for text data message                    
  10)     Sport for e-mail with attachment message                    
  11)     Heterogeneous transports between service end points                    
  12)     Supports for FILE protocols                    
  13)     Supports for FTP protocols                     
  14)     Supports for HTTP protocols                    
  15)     Supports for HTTPS protocols                    
  16)     Supports for Multiple JMS providers                    
  17)     Supports for RMI protocols                    
  18)     Supports for web service protocols                    
  19)     Supports for CORBA protocols                    
  20)     Supports for DCOM protocols                    
  21)     Supports for E-mail (POP, SMTP, IMAP) protocols                    
  22)     Support for advanced transformation engine                    
  23)     Support for configuration-driven routing                    
  24)     Message routing based policies                    
  25)     Support for call-outs to external services to support complex routing                    
  26)     Support for point-to-point routing                    
  27)     Support for one-to-many routing scenarios                     
  28)     Support for request response model                    
  29)     Support for publish-subscribe models                    
  30)     Service monitoring                    
  31)     Service logging                    
  32)     Service auditing with search capabilities.                    
  33)     Support for capture of key statistics for message and transport attributes including message invocations, errors, and performance, volume, and SLA violations.                     
  34)     Supports clusters and gathers statistics across the cluster to review SLA violations                    
  35)     Support for service provisioning                     
  36)     Support deployment of new versions of services dynamically through configuration                    
  37)     Migrates configured services and resources between design, staging and production                    
  38)     Supports multiple versions of message resources that are incrementally deployed with selective service access through flexible routing                    
  39)     Configurable policy-driven security                    
  40)     Supports the latest security standards for authentication, encryption-decryption, and digital signatures                    
  41)     Supports SSL for HTTP and JMS transports                    
  42)     Supports multiple authentication models                    
  43)     Policy-driven SLA enforcement                    
  44)     Establishes SLAs on a variety of attributes including                     
  a.     Throughput times                    
  b.     Processing volumes                    
  c.     Success/failure ratios of message processes                    
  d.     Number of errors                    
  e.     Security violations                    
  f.     Schema validation issues                     
  45)     Initiates automated alerts or enables operator-initiated responses to rule violations using flexible mechanisms including                     
  a.     E-mail notifications                    
  b.     Triggered JMS messages                    
  c.     Triggered integration processes with a JMS message                    
  d.     Web services invocations with a JMS message                    
  e.     Administration console alerts.                     
  46)     Support for having multiple LOBs manage their own service bus based on their policies, and a service bus at an enterprise level that could act as a broker for sharing services across the various business units.                    
  47)     Support for agent plug-in to support following features                    
  48)     External provider’s service access for security                    
  49)     External provider’s service management                     
  50)     External provider’s transaction container                    
  a.     External provider’s business orchestration (BPEL Engine) and business work flow service container                    
  51)     Transaction support on message level                    
  52)     IDE Integration                    
  53)     Open standards

• ASA 5505 Interface Security Level Question

  I am wondering if someone can shed some light on this for me. I have a new ASA 5505 with a somewhat simple config. I want to set up a guest VLAN on it for a guest wireless connection.
  I set up the ASA with the VLAN, made a trunk port, set up DHCP (on the ASA) on the guest VLAN, configured NAT, etc. Everything seem to be working with that. Guests are getting address on the correct subnet, etc.
  The only issue I have is that the Guest VLAN (192.168.22.0) can get to the secure (VLAN1 - 172.16.0.0). I set up the guest VLAN (VLAN 5) with a security level of 10, the secure with a level of 100. I figured that would be enough. To stop the guest from accessing the secure, I had to throw on an ACL (access-list Guest-VLAN_access_in line 1 extended deny ip any 172.16.0.0 255.255.255.0)
  Can someone  show me what I did wrong?
  Thank you for any help!
  To create the VLAN, I did the following:
  int vlan5
  nameif Guest-VLAN
  security-level 10
  ip address 192.168.22.1 255.255.255.0
  no shutdown
  int Ethernet0/1
  switchport trunk allowed vlan 1 5
  switchport trunk native vlan 1
  switchport mode trunk
  no shutdown
  below is the whole config.
  Result of the command: "sho run"
  : Saved
  ASA Version 9.1(3)
  hostname ciscoasa
  enable password zGs7.eQ/0VxLuSIs encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  switchport trunk allowed vlan 1,5
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.16.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address <External IP/Mask>
  interface Vlan5
  nameif Guest-VLAN
  security-level 10
  ip address 192.168.22.1 255.255.255.0
  boot system disk0:/asa913-k8.bin
  ftp mode passive
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network Inside_Server1_80
  host <Inside_server1_IP>
  object network Inside_Server1_25
  host <Inside_server1_IP>
  object network Inside_Server1_443
  host <Inside_server1_IP>
  object network Inside_Server1_RDP
  host <Inside_server1_IP>
  object service RDP
  service tcp destination eq 3389
  object network Outside_Network1
  host <Outside_Network_IP>
  object network Outside_Network2
  host <Outside_Network_IP>
  object network Outside_Network2
  host <Outside_Network_IP>
  object network TERMINALSRV_RDP
  host <Inside_server2_IP>
  object network Inside_Server2_RDP
  host <Inside_Server2_IP>
  object-group network Outside_Network
  network-object object Outside_Network1
  network-object object Outside_Network2
  object-group network RDP_Allowed
  description Group used for hosts allowed to RDP to Inside_Server1
  network-object object <Outside_Network_3>
  group-object Outside_Network
  object-group network SBS_Services
  network-object object Inside_Server1_25
  network-object object Inside_Server1_443
  network-object object Inside_Server1_80
  object-group service SBS_Service_Ports
  service-object tcp destination eq www
  service-object tcp destination eq https
  service-object tcp destination eq smtp
  access-list inside_access_in extended permit ip any any
  access-list outside_access_in extended permit object-group SBS_Service_Ports any object-group SBS_Services
  access-list outside_access_in extended permit object RDP any object TERMINALSRV_RDP
  access-list outside_access_in extended permit object RDP object-group RDP_Allowed object Inside_Server1_RDP
  access-list outside_access_in extended permit object RDP object-group RDP_Allowed object Inside_Server2_RDP
  access-list Guest-VLAN_access_in extended deny ip any 172.16.0.0 255.255.255.0
  access-list Guest-VLAN_access_in extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu Guest-VLAN 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-714.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network obj_any
  nat (inside,outside) dynamic interface
  object network Inside_Server1_80
  nat (inside,outside) static interface service tcp www www
  object network Inside_Server1_25
  nat (inside,outside) static interface service tcp smtp smtp
  object network Inside_Server1_443
  nat (inside,outside) static interface service tcp https https
  object network Inside_Server1_RDP
  nat (inside,outside) static interface service tcp 3389 3389
  object network TERMINALSRV_RDP
  nat (inside,outside) static <TerminalSRV_outside)IP> service tcp 3389 3389
  object network Inside_Server2_RDP
  nat (inside,outside) static interface service tcp 3389 3390
  nat (Guest-VLAN,outside) after-auto source dynamic obj_any interface
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  access-group Guest-VLAN_access_in in interface Guest-VLAN
  route outside 0.0.0.0 0.0.0.0 <Public_GW> 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 172.16.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.22.50-192.168.22.100 Guest-VLAN
  dhcpd dns 8.8.8.8 4.2.2.2 interface Guest-VLAN
  dhcpd lease 43200 interface Guest-VLAN
  dhcpd enable Guest-VLAN
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 129.6.15.30 prefer
  username <Username> VAn7VeaGHX/c7zWW encrypted privilege 15
  class-map global-class
  match default-inspection-traffic
  policy-map global-policy
  class global-class
    inspect icmp
    inspect icmp error
    inspect pptp
  service-policy global-policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:7f5d70668ebeb94f49f312612f76c943
  : end

  Hi,
  To my understanding they should not be able to connect to the more secure network IF you DONT have an interface ACL configured.
  One very important thing to notice and which I think is the most likely reason this happened is the fact that as soon as you attach an interface ACL to an interface then the "security-level" looses its meaning. The "security-level" has meaning as long as the interface is without an ACL. This makes the "security-level" only usable in very simple setups.
  What I think happend is that you have "permit ip any any" ACL on the interface that allowed all the traffic.
  Your option is to either remove the interface ACL completely or have the ACL configured like you have now. I mean first block traffic to your secure LAN and then allow all other traffic which would allow the traffic to Internet
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed.
  - Jouni

• ORA-20100: AppDomain could not be created for the specified security level

  We recently updated our development environment to Visual Studio 2010. We have previously deployed (with success) .Net stored procedures from Visual Studio 2005 to our Oracle 10gR2 database. I am currently trying to configure a local instance (called local) of Oracle 10gR2 database to test deployment of .Net stored procedures to Oracle 10gR2 via Visual studio 2010 and ODT version 11.2.0.1.2. I have built the demo from the ode developer guide and gotten as far as deploying it but executing the stored procedures from VS 2010 or SQL*Plus produces the following error...
  ORA-20100: AppDomain could not be created for the specified security level
  ORA-06512: at "SYS.DBMS_CLR", line 152
  ORA-06512: at "SCOTT.GETDEPTNO", line 7
  Here is what I have done.
  (Server)
  1. Installed oracle 10gR2 with ODE.Net
  2. Installed Oracle 10gR2 patch set 22
  3. Installed ODE upgrade from Oracle Developer Tools for Visual Studio .NET with Oracle 10g Release 2 ODAC 10.2.0.2.21
  (Client)
  4. Installed Oracle Developer Tools for Visual Studio .NET with Oracle 10g Release 2 ODAC 10.2.0.2.21 (In new client home).
  5. Installed patch set 22 on 10g client home.
  6. Installed Oracle 11g Release 2 ODAC 11.2.0.1.2 with Oracle Developer Tools for Visual Studio(in new 11g client home, only for VS 2010)
  I have made some minor changes (GAC) etc. per the following threads...
  ODE.NET 11.1.0.7.20 on 10g Database?!
  Re: Error: System.TypeInitializationException
  The database appears to be fully functional via TOAD - SQL plus etc. I can't find much on this error but it appears Oracle needs some permissions to launch an ASP.Net application that it does not have. Any help would be GREATLY appreciated, don't hesitate to ask for additional details.

  The KB article is almost what we have apart from theitalic underlined
  part
  Consider the following scenario:
  You use a domain administrator account to log on to a computer that is running Windows 7 or Windows Server 2008 R2.
  You use the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in to connect to a domain controller.
  You open the Properties dialog box of a user account.
  The user account has sole access to a shared folder path that cannot be accessed by the administrator account.
  You set the Remote Desktop Services Home Folderattribute to the shared folder path.
  NoteThis attribute is located on the
  Remote Desktop Services Profiletab.
  You click Apply or OK.
  In this scenario, you receive the following error message:
  The home folder could not be created because: The network name cannot be found.
  Note If you click Apply or OK again, no error message is returned. However, the setting is not saved.
  I think the important bit is
  The user account has sole access to a shared folder path that cannot be accessed by the administrator account.
  We manually create the shares on our NAS and then just want to enter the path in the profile tab, I suppose the question is how to we stop it trying to create the shares ?

• Help with asp ... security levels

  I made a change to the security level for the end user. i add
  a security feature by adding 12345 to their security level.
  <%@LANGUAGE="VBSCRIPT"%>
  <%Option Explicit%>
  <%
  'check to see if the page is submitted
  Dim validLogin
  Dim strErrorMessage
  Dim intLevel
  Dim sLevel
  If (Request.Form("uname")<>"") Then
  'user has submitted the form
  'get the entered values and hit the database
  Dim strUserName
  Dim strPassword
  'going to use an implicit connection, no connection object
  needed
  Dim objRS
  strUserName = UCase(Request.Form("uname"))
  strPassword = UCase(Request.Form("pwd"))
  response.write("strUserName")
  'prepare the RS
  Set objRS = Server.CreateObject("ADODB.Recordset")
  'set the sql statement
  objRS.Source = "SELECT * FROM tblEmployee WHERE
  strEmpUserName = '" & strUserName & "' AND strEmpPassword =
  '" & strPassword & "'"
  ' heres the implicit connection
  objRS.ActiveConnection =
  "Provider=Microsoft.Jet.OLEDB.4.0;Data
  Source=c:\Inetpub\db\IMPCustomers.mdb"
  objRS.CursorType = 0
  objRS.CursorLocation = 3
  objRS.Open
  'check for EOF
  If(objRS.EOF) Then
  'no records matched, invalid login
  Response.Redirect("invalidLogin.asp")
  'strErrorMessage = "Invalid Login. Try Again."
  validLogin = false
  Else
  'added intLevel to add more security on 3/29/07
  intLevel = Cint(objRS("intEmpSecurityLevel"))
  intLevel = intLevel + 12345
  sLevel = intLevel
  'valid login, set session variables
  Session("username") = UCase(strUserName)
  Session("userpass") = UCase(strPassword)
  Session("sLevel") = sLevel
  'Session("sLevel") = objRS("intEmpSecurityLevel") - changed
  to add more security on 3/29/07
  Session("fn") = objRS("strEmpFN")
  'release the RS
  Set objRS.ActiveConnection = Nothing
  Set objRS = nothing
  'redirect off this page
  Response.Redirect("custSearch.asp")
  End If
  End If
  %>
  I'm now having trouble removing the 12345 from their security
  level in the custSearch.asp.
  <%@LANGUAGE="VBSCRIPT"%>
  <%Option Explicit%>
  <%
  Dim strUserName
  Dim strPassword
  Dim intSLevel
  Dim isum
  Dim intS
  Dim intNewSLevel
  Dim sLevel
  Dim strFN
  Dim strErrorMessage
  Dim strError
  'get pass parameters
  strUserName = Session("username")
  strPassword = Session("userpass")
  intSLevel = Session("sLevel")
  'add on 3/29/07 for security
  'get the security level
  isum = sLevel
  'take isum which contains sLevel and subtract 12345 from it
  isum = isum - 12345
  'now intS equals security level in the db
  intS = isum
  'put into a session
  Session("intS") = intS
  strFN = Session("fn")
  strErrorMessage = ("strError")
  'If strErrorMessage = "" Then
  'strError = "There is no customer with that last name."
  'End If
  %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
  Transitional//EN" "
  http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="
  http://www.w3.org/1999/xhtml">
  <head>
  <title>Employee Intranet - Customer Database, Search
  for a particular customer.</title>
  <meta http-equiv="content-type" content="text/html;
  charset=utf-8" />
  <link rel="stylesheet" type="text/css"
  href="../css/pop_style.css" />
  <link rel="stylesheet" type="text/css"
  href="../css/forms.css" />
  <style type="text/css">
  /* HMTL selectors start here */
  h2 {
  margin-bottom:15px;
  p {
  margin-bottom:20px;
  hr {
  border:thin;
  border-color:#CCCCCC;
  border-style:dotted;
  width:100%;
  text-align:center;
  table {
  width:300;
  align:center;
  cellpadding:2px;
  cellspacing:2px;
  margin-left:30%;
  td {
  font-size:14px;
  font-style:normal;
  font-weight:normal;
  border:0;
  padding:0;
  /* HMTL selectors start here */
  /* ID selectors start */
  #mainText {
  height:400px;
  font-family:Arial, Helvetica, sans-serif;
  font-size:14px;
  text-align:left;
  margin-left:1%;
  margin-right:1%;
  padding: 10px 5px;
  word-spacing:1px;
  letter-spacing:1px;
  /* id ends here */
  </style>
  <script language="JavaScript" type="text/JavaScript">
  <!-- function MM_reloadPage(init) { //reloads the window
  if Nav4 resized if (init==true) with (navigator) {if
  ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
  document.MM_pgW=innerWidth; document.MM_pgH=innerHeight;
  onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW ||
  innerHeight!=document.MM_pgH) location.reload(); }
  MM_reloadPage(true); //-->
  </script>
  </head>
  <body>
  <!-- CASCADING POPUP MENUS v5.2 by Angus Turnbill
  http://www.twinhelix.com -->
  <script language="javascript" type="text/javascript"
  src="../js/pop_core.js"></script>
  <script language="javascript" type="text/javascript"
  src="../js/pop_data.js"></script>
  <!-- border begins here -->
  <div id="border">
  <!-- second nav start here -->
  <div id="secNavBar"><a
  href="../index.htm">Home</a>  |  <a
  href="../htm/quality.htm">Quality</a> 
  |  <a href="../htm/contactUs.htm">Contact
  Us</a>  | <a
  href="../htm/siteMap.htm"> Site
  Map</a></div>
  <!-- logo starts here -->
  <div id="logo">
  <img src="../art/NewLogo.jpg" alt="Logo of IMPulse NC,
  INC." usemap="#Map" />
  <map name="Map" id="Map">
  <area shape="rect" coords="5,3,280,74"
  href="../index.htm" alt="Return to home page" />
  </map>
  </div>
  <!-- primary navigation div tags starts here -->
  <div id="priNav">
  <a id="home" name="home"
  style="visibility:hidden;">Home</a>
  <!-- primary navigation div tags ends here -->
  </div>
  <!-- main text starts here -->
  <div id="mainText">
  <h2>Customer Database </h2>
  <p
  style="font-size:14px;font-style:normal;font-weight:normal;">Welcome
  <%=strFN%></p>
  <p
  style="font-size:14px;font-style:normal;font-weight:normal;">Please
  search for a customer by using the fields below. You can use one
  field or multiple fields for your search.</p>
  <!-- signIn form starts here -->
  <div id="signIn">
  <div id="CSearch">
  <table>
  <form action="results.asp" method="post" name="search"
  id="search">
  <tr>
  <td width="98" height="29">Last Name:</td>
  <td width="150" tabindex="1"><input type="text"
  name="clname" size="25" maxlength="25" /></td>
  </tr>
  <tr>
  <td height="30">First Name:</td>
  <td tabindex="2"><input type="text" size="25"
  maxlength="25" name="cfname" /></td>
  </tr>
  <tr>
  <td height="30">Company:</td>
  <td tabindex="3"><input type="text" size="25"
  maxlength="25" name="ccomp" /></td>
  </tr>
  <tr>
  <td height="48" colspan="2" tabindex="4">
  <input type="submit" name="login" value="Submit" />
  <input type="reset" name="Reset" value="Reset" />
  <a href="logOut.asp">
  <input type="button" name="logOut" value="Log Out" />
  </a> </td>
  </tr>
  </form>
  </table>
  <!-- customer search form ends here -->
  </div>
  <blockquote> </blockquote>
  <!-- signIn form ends here -->
  </div>
  <!-- main text ends here -->
  </div>
  <div id="btm_Bar">
  100 IMPulse Way • Mount Olive, North Carolina 28365
  • Main (919) 658-2200 • Fax (919) 658-2268<br />
  &copy;2006 IMPulse NC, Inc. All Rights Reserved. </div>
  </div>
  <script language="javascript" type="text/javascript"
  src="../js/pop_events.js"></script>
  <!-- Places text blinker in the uname text box thru
  javascript -->
  <script language="javascript" type="text/javascript">
  document.search.clname.focus();
  </script>
  <!-- javascript ends here -->
  <%
  Response.Write(Session("username")) & "<br />"
  Response.Write(Session("userpass")) & "<br />"
  Response.Write(Session("sLevel")) & "<br />"
  Response.Write(Session("intS")) & "<br />"
  %>
  </body>
  </html>
  What am I doing wrong?

  "pqer" <[email protected]> wrote in message
  news:eugsik$kt5$[email protected]..
  > What am I doing wrong?
  1. You're allowing unfiltered user input into your SQL query.
  I could do
  some horrible damage to your system.
  2. You have SELECT * in your query.
  3. You're doing something that doesn't make any sense. Why
  add a constant
  to the security level just to subtract it again when you
  actually want to
  use it? You're just making more work for yourself. There is
  no benefit
  there.

• Changing Default Security Levels

  I have several Windows 7 Enterprise machines that have already been deployed via image and need to lower the security settings for use on internal web based applications.
  Is there an easy way to manipulate the configuration (a file) so that I may simply make the changes by overwriting the current configuration settings instead of, having to go to each device, opening the Java console, and changing the security settings that way?
  I have attempted to login as the machine administration, make the changes on the Java console with the hopes this configuration would have migrated to all user profiles that log into the PC. Is there a "public profile" configuration file I can change and if so, what should I do.
  Thank you in advance for the assistance

  Create a "deployment.properties" file with the line "deployment.security.level=HIGH" (or what ever level you need that is supported by your version of Java) and save it in "C:/Windows/Sun/Java/Deployment/" (assuming windows client device). 
  More in depth info found below:
  Deployment Configuration File and Properties

• Port forwarding & security level

  [was orig sent to fios internetforum in error- I'm on a dsl line]
  I've set up port forwarding for various services (mIRC, ftp, etc) on my Versalink gateway (Westell 327W router/modem). Ports are OK, Still, I can't access these when my firewall is set to "Typical Security" - I have to go down to Minimum for anything to get through. Is this the way it's supposed to work? I thought that port forwarding opened my selected ports in the firewall without compromising security otherwise. If I have to choose min. security, what's the point of port forwarding? Thanks for any feedback - ed

  At this time I can't tell you about the Security Level setting, but I can answer this question
  eda wrote:
  What's the point of port forwarding?
  I point to the info at
  grc.com's pure CSS menu (Research -> Recent -> NAT Router Security)
  Direct URL: http://www.grc.com/nat/nat.htm
  But, it gets kind of weird.
  For example, I point to the info at
  DSLR (dslreports.com) ->  FAQs -> Verizon Online FiOS FAQ -> Troubleshooting -> What is the NAT Table problem in the Actiontec?
  Direct URL: http://www.dslreports.com/faq/16233
  ^^^
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Ms word95 to pdf - "security level too high"?

  I'm a brand new user of Acrobat 9.0 (on XP system) - all kinds of problems (including major file crash and loss during 9.0  installation - more on that later). for now, I need to get started immediately on converting some MS Word doc files to pdfs - What I get from 9.0 is the message that "The Security Level is Too High".   If it's referring to the MS word docs, they are unprotected (I've checked and tried several - Word shows they are not protected, and as far as I know, never have been).  They were originally created on a mac with macWord - but were not protected and converted to windows with MacDrive7.  They show in MS Word in good condition and unprotected.  What do I need to do to get them into acrobat and into pdf format? I've also check the knowledge base here and elswhere without any clues except one chap who seemed to be having similar problems (along with serious crashes) using 8.1. Other than that, I'm mistified.
  I've also tried using the context menu 'covert to pdf' method and also creating a new pdf (blank) and inserting them.  In both cases the security message aborted the process.  Need to do this right away. I'm not technically skilled, so if someone can give me some clear instructions I'd be grateful.  - red

  Thank you all for responding so quickly. First, I'll mention the serious message and a warning. DO NOT INSTALL ACROBAT 9.0 IN AN ENVIRONMENT WITH WORD 7.0 (or any old(er) MS Word version before 2k).  The consequences are ghastly, including the deletion of half or more of your program files (including your email clients, av software and other primary programs), the corruption of your browser, registry (including restore points) and other not so nice events - worse than most bad viruses.  That's a problem Adobe and I will probably be taking a look at next week. Mean time, they indicate that they are going to add the matter to their KB and elswhere so that users have a heads-up on the issue.
  As for the conversion problem from Word 7.0 .doc to .pdf - Bill, you just about nailed it. It was, indeed, a problem that could be circumvented by going to the printer dialog and setting the printer to  'Adobe pdf file' (something a novice wouldn't think of, nor line tech-support for that matter.).  As far as Word/pdf 'printer' is concerned you're just printing the file. However, as I understand things, that's how Adobe attaches the Word documents - It does it through the printer interface. Once that setting is changed to 'Adobe pdf printer' the file is simply picked from the print queue (or before) and loaded into A9. Save it from A9, and the job is done.  So, Bill, If Adobe hadn't found the answer, I do believe you would have been telling me exactly how to do it after a few more posts. The credit, though, goes to Neo Johnson, tech-support supervisor in New Delhi.  The last two days (almost 9 hours of phone time) were spent with various tech-support agents at Adobe; but,  he was the one who finely thought about the interaction between A9 and Word and figured it out.
  Ok -that's the brief.  The rest is a little history/background for whomever is interested (skip, otherwise - not important).  The problem begins with failure to install - first, setup can't find the msi file - it was there, and I browsed it, so that was solved. Then 'invalid licensing - process stopped' messages appear. That was a little tougher and http://kb2.adobe.com/cps/405/kb405970.html  and some other articles had me doing repair, reinstall, and other complex (for me) procedures. One of the problems was that flexnet had failed to install, which was a stumper for me (I couldn't find it to download separately - barely knew what it was/did - and finally understood that Adobe was supposed to install it. After that,  I did several uninstalls, to no effect. Finally I did a few moderate and then deep uninstalls (with Revo) and several reinstalls. Things got progressively worse.  On one reboot, my desktop came up and all the program icons were broken links.  I examined targets and such and then went to my 'program files' directory. To my horror, nearly all my primary program (including thunderbird email client, AVG etc.)  files had disappeared. The folders were simply empty.  Firefox still loaded, but the tabs were non functional.  Several checks and some light disc analysis indicated the files vanished. No trace. However, my document folders and data were intact (also backed-up). I went to restore and found that all the old restore points (including the one's Revo sets before uninstalling) were gone.  If it had been a virus, it couldn't have done a better job at making a mess of things.  At that point, I knew the registry had been toasted and I was facing a complete OS reinstall.  Instead, I opted for reinstalling some of the critical programs (and because the document files appeared to be intact).  After the first few - thunderbird, firefox etc.  - I was relieve to find that they were picking up on the old settings and restoring themselves to their previous states. I still have a number of these to do - and a few must be re-configured. But that's going ok. 
  Then the saga of Adobe, several phone calls; several times the phone connection was cut off and I had to call again and start over from the beginning with a new person. The matter always had to be esculated to the next tier - more time, more cues, no solutions.  They went over the firefox settings, the adobe settings. They were puzzled about the broken links.  Attempts to open doc files (after a fresh install of winword) were resulting in 'invalid win32 application'. All kinds of problems made progress difficult.  We cleared up the 'invalid....' messages by reparing the file associations (in XP folder options) and then opening the docs in Word and resaving them as something else.  It was a labor.  Finally, there was simply no answer except, like the post here, Word 7 is simply too old and uses different scripting. The only solution was to either buy (ugh, ouch!) Word 2007 (and hope that it would load them and save them in A9 useable form) or, try installing Word2k (which I have) and processing them through that; and, then using Acrobat 8.x to load those and save the pdfs for A9 to use.  However, when Adobe said they could not provide me with a free (even trial) version of 8.x to do the job - licensing problems etc. -- It seemed like a really ugly solution.  Finally, I'm begging Adobe to give me a free copy of 8.x and in steps Neo.  He can't provide the free copy, but he asks a few questions himself.  We go to Adobe and reset some of the security settings (something other agents didn't know or think of). No dice - still can't load the docs.  But then he says, Open up Word. Ok.  load the file and then hit 'print' - ok, the print dialog comes up. 'Now,' he says, 'open the properties and see what printers are listed.'  Ok I do that, and I'll be... 'Adobe pdf printer' is among them.  "Just what I thought," he said, Adobe was hooking up with word, but didn't have its printer to attach." So we set 'Adobe pdf' as the printer and lo and behold, the docs loaded into Adobe as pdfs.  End of that story. (so bill, you had it too - wish you had answered the phone in the first place!)
  Clean up.  So, there's a few simple solutions, I think (though i'm no techie and you folks will certainly have better ideas). First, I don't buy the story that early versions of Word are either 1) unsupported by MS or, 2) nobody uses them, as valid reasons why not to fix the problem of the "unloadable" docs.  I figure there are at least a couple of aproaches and easy patches that will correct the matter. One is from the Word  side - to is to set the current printer setting to use 'Adobe printer', get the file and then reset the printer back to what it was - default.   The other is to patch A9 to detect legacy source applications and bypass things that would normally make the file unloadable, unless, of course, they were actually protected or, read only files. In that case, Adobe could simply inform the user to 'unprotect' them, the same as it now does with its   'Security Setting too High' message for later versions.  I'm sure there are even better ways. But, that would fix things as far as file loading and conversion.
  As to the installation and crash problems - those need to be addressed. Even if its only a few dozen people that might have the same problem, it needs 1) to be given as a noticable warning and keyword in Adobe documents (which now simply indicate that it can process .doc files);  2) it needs to be examined to  insure systems that have Word 7.x or older can install without problem, and certainly without harming their system.  Adobe has a good reputation and does a good job. That's worth protecting with all customers, even if Marketing can't quite see why and the bean counters can't find much profit in the task.  It's what I expect from professionals and to do less certainly subtracts from Adobe's standing. That should be worth a great deal, I would imagine.
  Anyway, thanks folks - got to get some sleept, and then get those pdfs done and sent to people who are waiting for them. - best to you all, red.

• NOKIA 2730c - Security Level

  I've just bought this phone. I've never used a Nokia, and so I am not familiar with the interface. I've had a play around though and have figured out most of it. Regarding security, I have done the following:
  - Reset PIN and phone now asks for it at start-up;
  - Reset security code;
  - Turned on automatic keyguard, but left it so it does not ask for security code.
  I'm unsure though about the Security Level setting (Menu>Settings>Security>Security_Level).
  It gives 2 options, Memory or Phone. If someone could explain what this setting is for, it would be much appreciated.
  Is it also possible to lock the phone to only use my sim?
  Regarding the PIN at start-up, is it attached to the sim or the phone? In other words, if I change the sim, will the phone still ask for and require the same PIN?
  Thank you in advance for any response. : )

  here is answer from nokia web site (i underline answer)
  (http://www.nokia.co.uk/support/product-support/2720-fold/faq#08 )
  How do I set the security level on my Nokia device?
  Select Menu > Settings > Security (or Security settings) > Security level. Enter your security code and select OK.
  Select Phone, and the phone will request the security code whenever a new Subscriber Identity Module (SIM) card is inserted into the phone.
  Select Memory, and the phone will request the security code when the SIM card memory is selected and you want to change the memory in use.
  hope this helps
  cheers!

• Kernel security level changes on its OWN?

  Hi...
  using OS 10.3.9 on a G4 dual 533mhz with a gig of ram. It is wired into an Airport Extreme that firewalls for a wireless laptop as well, yes it is set encrypted and unauthorized NIC card addresses are excluded in the Airport Administration software...
  I dont have Little Snitch set to run automatically, but it appears as having launched before the last kernel panic. (so says Crashreporter_
  The kernel panic happened between the time this computer was put in user log in window Sleep Mode yesterday and when I woke it up today to log into one of the user accounts (I am the only one to have maintenance/Full Admin. access)
  The typical user log in screen with the names was up, but a kernel panic had overlaid the visual... parts that made me perk up was the last line said it was waiting for debugging to occur... the NIC address of the network card was shown, and the IP number that is set in the Network panel...
  I checked through Onyx into the System log Crashreporter and found the stream of log info during the 'wake up' mode:
  Jan 22 22:28:16 localhost init: kernel security level changed from 0 to 1
  Jan 22 22:28:16 localhost loginwindow[205]: Sent launch request message to DirectoryService mach_init port
  I have never seen a kernel security change in any of the logs in the past... No new user accounts were made, and no new levels of access have been assigned to existing users...
  What does this mean, a level 1 setting of a kernel? Should I Admin Panic along with the kernel?

  Basically, the change means that the kernel is going from insecure to secure mode, which prevents the sappnd and schg flags from being turned off. More information is available on this page.
  (19398)