oracle security - Page 327

java web start security warning

- by ria

I have a web application that downloads a jar file from the web server using java web start. The jar is signed using J2SE security tool. However, I get the security warning "The application digital signature cannot be verified. Do you want to run the application?" Am I missing something that is causing this??

Read the article

sudoers security

- by jetboy

I've setup a script to do Subversion updates across two servers - the localhost and a remote server - called by a post-commit hook run by the www-data user. /srv/svn/mysite/hooks/post-commit contains: sudo -u cli /usr/local/bin/svn_deploy /usr/local/bin/svn_deploy is owned by the cli user, and contains: #!/bin/sh svn update /srv/www/mysite ssh cli@remotehost 'svn update /srv/www/mysite' To get this to work I've had to add the following to the sudoers file: www-data ALL = (cli) NOPASSWD: /usr/local/bin/svn_deploy cli ALL = NOEXEC:NOPASSWD: /usr/local/bin/svn_deploy Entries for both www-data and cli were necessary to avoid the error: post commit hook failed: no tty present and no askpass program specified I'm wary of giving any kind of elevated rights to www-data. Is there anything else I should be doing to reduce or eliminate any security risk?

Read the article

PeopleSoft New Design Solves Navigation Problem

- by Applications User Experience

Anna Budovsky, User Experience Principal Designer, Applications User Experience In PeopleSoft we strive to improve User Experience on all levels. Simplifying navigation and streamlining access to the most important pages is always an important goal. No one likes to waste time waiting for pages to load and watching a spinning glass going on and on. Those performance-affecting server trips, page-load waits and just-too-many clicks were complained about for a long time. Something had to be done. A few new designs came in PeopleSoft 9.2 helping users to access their everyday work areas easier and faster. For example, Dashboard and Work Center aggregate most accessed information sections on a single page; Related Information allows users to complete transaction-related-research without interrupting a transaction and Secure Search gets users to a specific page directly. Today we’ll talk about the Actions menu. Most PeopleSoft pages are shared between individual products and product lines. It means changing the content on a single page involves Oracle development and quality assurance time for making and testing the changes. In order to streamline the navigation and cut down on accessing PeopleSoft pages one-page-at-a-time, we introduced a new menu design. The new menu allows accessing shared pages without the Oracle development team making any local changes, and it works as an additional one-click-path to specific high-traffic actionable pages. Let’s look at how many steps it took to Change Salary for an employee in HCM 9.1 before: Figure 1. BEFORE: The 6 steps a user would take to Change Salary in PeopleSoft HCM 9.1 In PeopleSoft 9.1 it took 5 steps + page loading time + additional verification time for making sure a correct employee is selected from the table. In PeopleSoft 9.2 it only takes 2 steps. To complete Ad Hoc Change Salary action, the user can start from the HCM Manager's Dashboard, click the Action menu within a table, choose a menu option, and access a correct employee’s details page to take an action. Figure 2. AFTER: The 2 steps a user would take to Change Salary in PeopleSoft HCM 9.2 The new menu is placed on a row level which ensures the user accesses the correct employee’s details page. The Actions menu separates menu options into hierarchical sections which help to scan and access the correct option quickly. The new menu’s small size and its structure enabled users to access high-traffic pages from any page and from any part of the page. No more spinning hourglass, no more multiple pages upload. The flexible design fits anywhere on a page and provides a fast and reliable path to the correct destination within the product. Now users can: Access any target page no matter how far it is buried from the starting point; Reduce navigation and page-load time; Improve productivity and reduce errors. The new menu design is available and widely used in all PeopleSoft 9.2 product lines.

Read the article

Announcing Fusion Applications Training through 2012

- by Theresa Hickman

The schedule for Fusion Applications courses is now available! You can get training on the various Fusion Applications, such as CRM, Procurement, HCM, and Financials, just to name a few. Courses will run until the end of 2012 in multiple locales, such as Bangalore, India, Chicago, IL, and Belmont, CA! Please visit http://education.oracle.com/fusionapps for full schedule and course details.

Read the article

Webcast XBRL y Reporting a Organismos Oficiales

- by Eva Mier

XBRL ha sido elegido como el estándar de presentación de información por muchos organismos oficiales. Conozca en la siguiente presentación como la solución de Oracle Hyperion optimiza el reporting en formato electrónico XBRL, al tiempo que pone a disposición de las distintas compañías, soluciones predefinidas tanto para el Reporting de Sostenibilidad como para el nuevo marco legislativo, SOLVENCIA II, en entidades aseguradoras. Video resumen:

Read the article

A High Level Comparison Between Oracle and SQL Server

Organisations often employ a number of database platforms in their information system architecture. It is not uncommon to see medium to large sized companies using three to four different RDBMS packages. Consequently the DBAs these companies look for often ... [Read Full Article]

Read the article

ATG Live Webcast Dec. 6th: Minimizing EBS Maintenance Downtimes

- by Bill Sawyer

This webcast provides an overview of the plans and decisions you can make, and the actions you can take, that will help you minimize maintenance downtimes for your E-Business Suite instances. It is targeted to system administrators, DBAs, developers, and implementers. This session, led by Elke Phelps, Senior Principal Product Manager, and Santiago Bastidas, Principal Product Manager, will cover best practices, tools, utilities, and tasks to minimize your maintenance downtimes during the four key maintenance phases. Topics will include: Pre-Patching: Reviewing the list of patches and analyzing their impact Patching Trials: Testing the patch prior to actual production deployment Patch Deployment: Applying patching to your system Post Patching Analysis: Validating the patch application Date: Thursday, December 6, 2012Time: 8:00 AM - 9:00 AM Pacific Standard TimePresenters: Elke Phelps, Senior Principal Product Manager Santiago Bastidas, Principal Product Manager Webcast Registration Link (Preregistration is optional but encouraged) To hear the audio feed: Domestic Participant Dial-In Number: 877-697-8128 International Participant Dial-In Number: 706-634-9568 Additional International Dial-In Numbers Link: Dial-In Passcode: 103200To see the presentation: The Direct Access Web Conference details are: Website URL: https://ouweb.webex.com Meeting Number: 595757500 If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University. You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here. If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

Read the article

Is this iptables NAT exploitable from the external side?

- by Karma Fusebox

Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple). On this network there is one internet-connected machine (running Debian Squeeze/2.6.32-5 with iptables 1.4.8) acting as NAT/Gateway for the handful of clients in 192.168/24. The machine has two NICs: eth0: internet-faced eth1: LAN-faced, 192.168.0.1, the default GW for 192.168/24 Routing table is two-NICs-default without manual changes: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (externalNet) 0.0.0.0 255.255.252.0 U 0 0 0 eth0 0.0.0.0 (externalGW) 0.0.0.0 UG 0 0 0 eth0 The NAT is then enabled only and merely by these actions, there are no more iptables rules: echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # (all iptables policies are ACCEPT) This does the job, but I miss several things here which I believe could be a security issue: there is no restriction about allowed source interfaces or source networks at all there is no firewalling part such as: (set policies to DROP) /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT And thus, the questions of my sleepless nights are: Is this NAT-service available to anyone in the world who sets this machine as his default gateway? I'd say yes it is, because there is nothing indicating that an incoming external connection (via eth0) should be handled any different than an incoming internal connection (via eth1) as long as the output-interface is eth0 - and routing-wise that holds true for both external und internal clients that want to access the internet. So if I am right, anyone could use this machine as open proxy by having his packets NATted here. So please tell me if that's right or why it is not. As a "hotfix" I have added a "-s 192.168.0.0/24" option to the NAT-starting command. I would like to know if not using this option was indeed a security issue or just irrelevant thanks to some mechanism I am not aware of. As the policies are all ACCEPT, there is currently no restriction on forwarding eth1 to eth0 (internal to external). But what are the effective implications of currently NOT having the restriction that only RELATED and ESTABLISHED states are forwarded from eth0 to eth1 (external to internal)? In other words, should I rather change the policies to DROP and apply the two "firewalling" rules I mentioned above or is the lack of them not affecting security? Thanks for clarification!

Read the article

jersey security and session management

- by Adhir

Hi, Is there a way for session management or security available programatically in Jersey specification. e.g. like a web-application session management. Or is transaction, session, security all handeled by the containor on which the jersey application is deployed. Adhir

Read the article

how to get rid of certificate error: navigation blocked in ie8

- by Radek

when I access our intranet via https I get this "certificate error: navigation blocked" error in IE8 on Windows XP SP3. I can click Continue to this website (not recommended). but I use IE for automation testing so I have to avoid these extra clicks. Any idea? I tried setting “Turn off the Security Settings Check feature” to enabled. setting "Display Mixed Content" to enabled lowering security levels to minimum adding the web server address to trusted zone

Read the article

Win 2008 Server & IIS7: ASP installed but displays 'FILE DOWNLOAD - SECURITY WARNING"

- by AzC

Hi Dudes, Installed Win 2008 server and IIS7. Enabled ASP Classic and ASP.NET on it. Can't get any ASP scripts to run e.g. desperate.asp containing following line: <% Response.Write "Hello Love, Fancy a Date?" % It just comes up with a "FILE DOWNLOAD - SECURITY WARNING" panel asking em to download. When I select anything it keeps looping. Found lots fo stuff on internet but nothing working. Also same for other ASP scripts HTML works no problem e.g. a file called reply.html containing: Get lost little boy. We only serve French Fries in Macdonalds Any ideas?

Read the article

example required for subsonic 3.x with oracle