I have a plugin that is being loaded to the IE and tries to read the registry in
HKCU\Software...
path, and being denied. What are the paths in registry (if any) that are permitted to the add-on that should be compatible with the EPM, for read/write?
Thanks!
This is not well documented by Microsoft/MSDN but this preso by Mark Yason has some good info.
It describes that access is based upon the “ALL APPLICATION PACKAGES” ACE, which gives read access to the following:
HKCU\Software...\Explorer\RunMRU
HKCU\Software...\Explorer\RecentDocs
HKCU\Software...\Internet Explorer\TypedURLs
HKLM\Software...\Low Rights\ElevationPolicy
HKLM\Software...\Windows NT\CurrentVersion (Registered Owner/Org.)
And it lets you write to:
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\
Note that these are registry areas controlled by MSFT and their access can change in the future.
However, being controlled by an ACE means that access can be obtained via out-of-band means, such as an installer.
Related
I have a java web app configured with apache v9.0 and eclipse IDE. What I need is to keep my database in C:\db so It cannot be access directly from outside and should be away from my webapp project directory. What I don't is how to let my web app know that if a user request for a file it should go and check it in my C:\db and reply back with the file.
Based in my research, some was saying to specify my directory in my webapp web.xml file and others was saying I need to specify it in my tomcat/conf/server.xml file.
I'd really appreciate if somebody tell me what to do?
Try adding your database path C:\db as JVM argument and accessing it in application. you may try this as two ways either set as system property and access when it required or set as JVM argument and access it.
SetSystemProperties
System.setProperty("database", "C:\\db");
.
.
access it as and when required
String databasepath= System.getProperty("database");
Setting as JVM Arguments.
Double Click on your tomcat server on which your web application is present.
Click on "Open launch configuration" link and go to Arguments Tab.
in vmArguments apend the entry like below.
-Ddatabase="C:\db"
A -D is placed in front of each system property that we are passing in as a VM argument, and following this is an equal sign followed by the value of that system property.
And access it in your project where its required like below.
String databasepath= System.getProperty("database");
I'm currently hosting Artifactory on Tomcat8/JDK1.8.
If I check the system info screen, I can see that files are being written in /u01/usr/share/tomcat8/.artifactory/
However, in the servlet configuration in bin/setenv.sh, I specified the Artifactory home to be somewhere else:
-DARTIFACTORY_HOME=/u01/opt/artifactory
Then, I discovered in the docs, it's supposed to be lower case:
-Dartifactory_home=/u01/opt/artifactory
I rebooted Tomcat after the changes and the path targetted is still /u01/usr/share/tomcat8/.artifactory. The folder is owned by the user running Tomcat as well.
Why isn't it using the specified home dir?
This seems a bit old but for others that struggle with it, you need to set an Environment variable ARTIFACTORY_HOME in your Tomcat startup script not a System variable via -D parameter.
Linux
set ARTIFACTORY_HOME=/pathto/your/artifactory
Windows
"set ARTIFACTORY_HOME=C:\path to your/artifactory"
Notice the quotes for Windows
System properties are set on the Java command line using the -Dpropertyname=value syntax. They can also be added at runtime using System.setProperty(String key, String value) or via the various System.getProperties().load() methods.
To get a specific system property you can use System.getProperty(String key) or System.getProperty(String key, String def).
Environment variables are set in the OS, e.g. in Linux export HOME=/Users/myusername or on Windows SET WINDIR=C:\Windows etc, and, unlike properties, may not be set at runtime.
To get a specific environment variable you can use System.getenv(String name).
I'm trying to call Apache ActiveMQ NMS Version 1.6.0 from my code ('IntPub') that must run in a sandbox in a .NET 4.0 environment for security reasons. The program that creates the sandbox makes my code 'partially trusted' and therefore 'security-transparent' which seems to mean that it can't create a ConnectionFactory (see error log below) because NMS seems to be 'security-critical'. Here's the code that's causing this error:
connecturi = new Uri("tcp://my.server.com:61616");
var connectionFactory = new ConnectionFactory(connecturi);
I also tried this instead with similar results:
connecturi = new Uri("activemq:tcp://my.server.com:61616");
var connectionFactory = NMSConnectionFactory.CreateConnectionFactory(connecturi);
Since I can't change the security level of my assembly (the sandbox prevents it) is there a way to make NMS run as 'safe-critical' so it can be called by 'security-transparent' code? Would I have to recompile it to do so, or does NMS do some operation that would never be considered 'safe-critical?
I appreciate any help or suggestions...
Assembly 'IntPub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=6fa620743b8dc60a' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.Detail:
<OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
<ErrorCode>-2147220956</ErrorCode>
<ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
<Message>Unexpected exception from plug-in (Execute): Test.Client: System.MethodAccessException: Attempt by security transparent method 'Test.Client.Execute(System.IServiceProvider)' to access security critical method 'Apache.NMS.ActiveMQ.ConnectionFactory..ctor(System.Uri)' failed.
From the error message attributes, it looks like you're running a Dynamics CRM 2011 plugin in sandbox mode, which has some very specific rules about what you can and can't do. In particular, you're only allowed to make network connections via HTTP and HTTPS, so attempting raw TCP sockets will definitely fail.
Take a look at this MSDN page on Plug-in Isolation, Trusts, and Statistics. It looks like there may be a way to relax the network restrictions by modifying a system registry entry to include tcp, etc, in the regex value. Below is an excerpt from the page. Note: I have not done this myself, so can't say for sure it'll work.
Sandboxed plug-ins and custom workflow activities can access the
network through the HTTP and HTTPS protocols. This capability provides
support for accessing popular web resources like social sites, news
feeds, web services, and more. The following web access restrictions
apply to this sandbox capability.
Only the HTTP and HTTPS protocols are allowed.
Access to localhost (loopback) is not permitted.
IP addresses cannot be used. You must use a named web address that requires DNS name resolution.
Anonymous authentication is supported and recommended. There is no provision for prompting the logged on user for credentials or saving those credentials.
These default web access restrictions are defined in a registry key on
the server that is running the Microsoft.Crm.Sandbox.HostService.exe
process. The value of the registry key can be changed by the System
Administrator according to business and security needs. The registry
key path on the server is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM\SandboxWorkerOutboundUriPattern
The key value is a regular expression string that defines the web access restrictions.
The default key value is:
"^http[s]?://(?!((localhost[:/])|([.])|([0-9]+[:/])|(0x[0-9a-f]+[:/])|(((([0-9]+)|(0x[0-9A-F]+)).){3}(([0-9]+)|(0x[0-9A-F]+))[:/]))).+";*
By changing this registry key value, you can change the web access for sandboxed plug-ins.
I have an application that was migrated from Glassfish to Weblogic, and it uses java.util.logging as logging framework.
The only way I have found to make the logs work is by editing the logging.properties file of the JVM and restart the server. This solution is awkward and gives problems because the log is written to a different file than the standard ones for weblogic, so we have to look at too many files for a log in a clustered environment. Besides, for some reason this does not work on some Windows systems.
Is there a way to keep using standard java logging to write messages to weblogic's standard log files? I tried the instructions on this page but it doesn't work either.
WebLogic Server ships with a JDK logging handler which will pick up log messages emitted from JDK logging framework and direct them into the WebLogic Server logging system.
Set the default logging level for new ServerLoggingHandler instances in logging.properties as well as adding the ServerLoggingHandler to the handlers.
handlers = weblogic.logging.ServerLoggingHandler
weblogic.logging.ServerLoggingHandler.level = ALL
http://docs.oracle.com/cd/E14571_01/web.1111/e13739/logging_services.htm#CHDBBEIJ
To direct the JDK logging framework to use the logging.properties file, the standard System property java.util.logging.config.file is used. With WebLogic Server, this can be easily accomplished by setting the JAVA_OPTIONS System property with the corresponding value.
$ export JAVA_OPTIONS="-Djava.util.logging.config.file=/Users/xxx/Projects/Domains/wls1035/logging.properties"
Some more hints here: http://buttso.blogspot.de/2011/06/using-slf4j-with-weblogic-server.html
I'm writing a Winsock LSP (Layered Service Provider) DLL that needs to communicate with a windows service.
The communication is done using memory mapped files and events for synchronization. Everything works fine if the application is not running as a service but if it does it cannot find any events or file mappings (I get ERROR_FILE_NOT_FOUND error on OpenEvent).
I suspect this happens because when running as a service, the application runs as SYSTEM user and LSP is loaded by applications that run as local user.
I think that this could be solved by using a proper SECURITY_DESCRIPTOR but I don't know what should it be set to.
Any ideas on how to make this work?
Thanks,
Depending on the OS, it might be a problem of sessions. If you take another look at documentation for CreateEvent, CreateMemoryMapping etc., you will notice GLOBAL\ prefix to object name. This prefix (among with SESSION\x\ prefix) define visibility scope of the object. GLOBAL prefixes are seen across the whole system, while objects without prefix in the name are local to specific (current if the \SESSION prefix is omitted) session. Sessions appeared in Terminal Services for Windows XP, then got themselves into the OS in Windows 2003 Server and later.