We have been using Fortify tool to check for security vulnerabilities. access control database issue giving hard time to fix.
`public BigDecimal getLctnId(String roId) {
Query queryCaseId = em.createNamedQuery("RegionalOffice.getLctnId");
queryCaseId.setParameter("roId", roId);
BigDecimal lctnId = null;
try {
lctnId = (BigDecimal) queryCaseId.getSingleResult();
} catch (Exception e) {
}
return lctnId;
}
`
Is there a way we can indicate fortify that the data is indeed coming from a trusted source?
Thanks.
I run into this a lot with clients, where Fortify flags a data source that is trusted.
First, make sure the data source actually is trusted. Usually, this means it's tightly access controlled (only sysadmins, not other employees, and no user data), encrypted, and change logged (in case a sysadmin is malicious). Document that it's trusted, and what could change that.
To tell Fortify it's trusted, there are 2 options:
Do this when all inputs of a certain type are trusted. (So all file system inputs, or all database inputs, etc.) In Audit Workbench, open the Audit Guide from the banner at the top, select Advanced Mode, and check the boxes to tell Fortify to trust those inputs. Unfortunately, if you use 2 databases, one trusted and one untrusted, there's no way to tell Fortify to trust just one of those DBs.
In that issue's Issue Summary (bottom center panel), write a comment saying, "Trusted data source, see [document]." Mark the Analysis as "Not an Issue," and optionally suppress it with the red X button. (Many companies prefer developers to not suppress issues, check with whoever owns Fortify for your company.) This is a manual process, but you can multi-select issues and apply this audit to all of them at once.
Related
I am currently using 8191 for the 'AccessRights' variable required for the MDM payload (com.apple.mdm).
Now when using this the users gets the following message:
The administrator may collect personal data, add/remove accounts and
restrictions, list, install and manage apps, and remotely erase data
on your iPhone
Telling him/her the MDM-server are allowed to wipe the device remotely. Now I don't want the MDM-server to be able to do this at all.
When I change the AccessRights to 4161 for instance, the message changes into:
The administrator may collect personal data, and list, install and
manage apps on your iPhone
Now I can't find ANY reference to this AccessRights variable and its values. Can anyone enlighten me on what the value actually represents?
Here is the table that describes all flags for access rights:
You can mix these values to configure necessary list of access rights.
In your particular cases:
8191 - is a combination of all above values.
4161 - is a combination of 4096, 64 and 1.
Update:
Visput's printscreen of "Mobile Device Management Protocol Reference" provides the desired numerical values for AccessRights . However this answer will remain for context, the lessons learned along the way and the mention that said material may be subject to NonDisclosure Agreements due to the nature of the Apple confidential material.
For clear understanding of the answer's scope as well as for the sake of explaining to novices i will provide a little context.
Context
First off Mobile Device Management (MDM) provides you with features which are organized into a collection of settings called configuration profiles - features like real management capabilities, including convenient configuration, self-service tools, and enhanced protection etc.
These profiles are just XML file that allow you to distribute configuration information.
Configuration profiles are in property list format.
From the document that describes the keys in a configuration profile and provides examples of the resulting XML payloads, PayloadContent is one of the keys. It is also the one you meant that contains the AccessRights property.
PayloadContent[optional] is an Array of payload dictionaries (payload objects). Not
present if IsEncrypted is true.
The docs specify that these are the Payload Dictionary Keys Common to All Payloads: PayloadType,PayloadVersion,PayloadIdentifier,PayloadUUID,PayloadDisplayName,PayloadDescription,PayloadOrganization.
In addition to the standard payload keys above, each payload type contains keys that are specific to that payload type.
You are working with PayloadType "com.apple.mdm" and are looking for payload-specific keys for the MDM payload.
Conclusion
I have looked long and hard for all references of mdm payload keys. All i could find where a couple of AccessRights values, there is none in the official documentation available to the public.
The closest i could find was Inside the mdm protocol (pdf). A project with the goal of not creating a simple, turn-key, stand-alone MDM server, nor probing the protocol for weaknesses or hidden features, but simply to document as much of the protocol as possible.
From this document:
Unfortunately, documentation of the underlying protocol has never been
freely available. Obviously, third parties selling MDM servers were
provided access to the documentation by Apple, but it’s not been
available for researchers or smaller development shops. This
hampers risk analysis for enterprises making use of MDM. In order to aid such risk
assessments, and to enable and encourage future research, this project was born.
Now i consider the document to be very useful for understanding MDM. On access rights it provides an image page 8 representing a print screen of a GUI tool which presents access rights as check boxes. As for generated values, your best chance is to google anything like:
<key>AccessRights</key>
<integer>8191</integer>
I've also found the value 2047 somewhere.
I've also found mentions of access rights in this Security Configuration Recommendations from the NSA for Apple iOS devices. On page 16 you have Access Rights for Remote Administrators:
The following settings control what an MDM server is permitted to
query from an iOS device. For an enterprise-owned,
enterprise-controlled device, permitting the enterprise administrator
to query as much information as possible is appropriate. Some MDM
products may simply include these access rights by default and offer
options to retrieve less information from the device.
And it goes on to actually list the check boxes which where also illustrated in the previous guide. No correspondence to xml generated data/ids.
The closest i got to the actual id's was in this mdm-settings.xml which enumerates the access rules along with some other data used on the device for iOS6.
Your best change is to contact apple support and ask for details.
The info you are looking for may be subject to NonDisclosure Agreements due to the nature of the Apple confidential material. The document above was based on data available in Developer Preview
We use TFS2013 on premise. A request came up that when using Web Access, some members with Stakeholder access should only have limited rights when opening work items.
They should be able to edit Description, Acceptance Criteria, etc fields, but others should be read-only, such as Iteration, State, etc.
The only option I saw was about tags Create tag definition option under
Security >> Permissions, but that's not enough for me.
One idea was Customizing a process template, but this seems to be thin ice as our team doesn't have any experience with it and the things to avoid list is quite long.
The best workaround approach so far is to reference the TFS ClientLibrary from Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\ReferenceAssemblies\v2.0\ and create a custom website which implements only the required features (for example when opening a work item, State would be a Label instead of a DropDownList).
The drawback of this solution is that it would keep the whole WebAccess portal hidden, including its nice features.
So my question in short: is there a way to make certain fields read-only on the work item form for stakeholder members?
UPDATE
Eventually I went towards Template Customization using TFS Power Tools 2013. Now I have to following problem:
Applying rules for certain fields work just fine, but in case the field type is TreePath, saving the template gives the following error
TF26062: Rule '< READONLY for="[Global]\Stakeholders" />' is not
supported for the field 'System.AreaPath'.
There were validation errors. Continuing to save may cause the file to
become unloadable, do you want to continue?
According to this answer from 2009: "there are some particular fields which can't be applied rules for"
Any suggestions how to go on?
You can choose the work item types to make some fields read only.
You will never need to be careful to not mark field read only that are needed for adding items. That would include area and iteration. Use witadmin.exe to export the desired work item and add read only clauses only for those in the stakeholder group.
You would be better with a permissive model. Allow everything and tell them what bout to change. Then have an alert for changes to those fields by stakeholders.
I'd like to build a Backbone/Rails Journal App that supports many Users.
How would you persist a journal Entry for a given User, while respecting that User's privacy (the User can store sensitive info in that Entry)? I was thinking of using something like BCrypt, but that wouldn't work since you can't invert the process. Any thoughts?
In this case, I'm trying to keep the app as lightweight as possible, so answers that don't rely on external libraries would be preferred (not sure if that's an unreasonable requirement though).
If you trust the server to send you encryption code, you trust it with the way it handles your data. That's mostly the issue with client-side encryption.
If the user doesn't know how to use their own encryption tools, then they're trusting you with the tools you send them.
That said, if you're still pretty gung-ho about it, maybe consider a web-based version of PGP: https://webpg.org/
We're new to TFS and have some tasks set up in Team Explorer. It seems the History pane is the right/best place to add notes/discussions (although it's very different from other tools I'm used to like bugzilla, jira, redmine)?
But how can we set it up so interested parties get notified of new comments on a task, preferably by email? We're all making it up as we go along with no prior TFS experience but I'd hope my experience with other tools (the project hasn't used a proper issue tracker before) would help me figure things out but it all seems rather confusing.
If you install the TFS 2010 Power Tools (this is removed for 2012 as it's setup in the web interface according to this link although I've not played with this in 2012), under Team > Alerts Explorer you can add alerts for email notifications.
It's pretty simple, you can get alerts for when work items are modified, created under a certain path, assigned to you etc, they are basically configured in a similar way to the work item queries so it's quite easy to setup what you want.
They can be setup by any users, so you might want to let your users setup their own custom rules as they like, then you logon as a generic user (such as your admin user) to setup team specific queries, or else you might end up with users complaining about getting emails no longer relevent to them or need changing, when the user that set them up leaves/moves etc... Else you'll be hunting round to find who setup the original rules.
Does anyone know if it is possible to prevent a work item from being assigned to a specific user account in TFS?
After migrating a TFS from one domain to another, some of my team members have two user accounts, the original one from the old domain, and a new one from the new domain. I'd like to stop work items from being assigned to the old account.
Most process templates restrict username fields with the rule. (If yours doesn't, you should do so.) Then all you need to do is remove the invalid accounts from TFS Valid Users group.
Unfortunately, you can't do this directly -- TFS manages this group automatically based on ACLs found throughout the rest of the system. You have to hunt them down. See these threads for more details:
http://social.msdn.microsoft.com/Forums/en-US/tfsadmin/thread/6e5af2ab-1cbc-4d12-9078-454147926316
http://social.msdn.microsoft.com/forums/en-US/tfsadmin/thread/1ce8b5b0-9924-45ed-919b-49a6a61bb7c7
Once you find all instances where the old domain is being referenced, the general strategy for cleaning up orphans is to add a new ACL, wait for TFS to sync (or iisreset), then remove everything.
However, this may not be possible if you've taken the old domain offline, or there's no trust relationship between the two domains, etc etc. At some point it becomes easier to edit TfsIntegration manually. I usually don't recommend mucking in the TFS databases since it's unsupported and subject to change with every patch. For optimum safety, I'd still strongly suggest using stored procedures rather than trying to interpret the schema relationships (and make sure you hold the necessary locks, etc). prc_security_delete_identity is your best entry point: all you need to know is the old account's SID.