Ajax <>database security-
I'm planning to build a website generator based on jquery. What I have in mind, is a highly scalable system and a Government area based on ajax.
The administrator can adjust the colors, forms, menus, build ad pages and configure the widgets on the page etc etc the backbone of the application will be a database.
To make it really expandable, I add the possibility that the administrator can make the database tables and add shapes of these tables. All forms in the site will be driven ajax.
Now there's a thing about safety, with standard forms, this won't be a problem, the thing is the dynamic forms created, there are several ways to implement a system like this.
One way I can think is that a dynamic form created sends the name of the table during an ajax call. But here's where I have my doubts. Although the allways database must be protected with a password etc etc my security policy is give as far as possible information on the server, should not be rocket science to read an ajax request to the server. So if I apply in this way users can easily see exactly what tables are being updated.if they control the traffic to and from the server. What do you think is it something I should avoid?
It is not clear to me why you need to create a new table for all forms. One table could contain questions of form, but the questions share an identification number would all belong to the same shape. Responses to forms everything would be in another table.
Only the administrator has higher permissions can create tables.
I still wouldn't let that happen.
Think just what will look like your database after a couple of years. It can be full of tables with cryptic names that no longer serve any purpose. A big mess.
Tags: Coding Corner
Similar Questions
-
APEX on a database by using a different database security
I'm new to APEX so please forgive me if my question is elementary or if it crosses also ignoring. My organization uses APEX for the first time and you are looking to fill a specific role. I don't know if we want APEX can be done.
Here's what we want to do:
We want to create an app of the APEX on A database.
My APEX application will be used to modify database tables b.
Users have usernames, passwords and access set up on the basis of data B.
When users access the application of APEX, we want the application to use the database security B. In other words, it connects using the IDs and passwords for database B.
So:
I go to the application of the APEX
He invites me to the user ID, I enter one I use when I log on database B.
He asks me a password, I get the one I use with database ID B.
I click OK.
Forms are loaded with the data accessible by my ID on the B database.
Changes on the forms and my user ID is marked as one making changes to database b lines.
In other words, I just want to use the database A to build and enhance the application. Anyone can run the application, but they must connect using their database B ID and password to make changes.
(1) is it possible?
(2) how to configure in the application of the APEX?
Thanks for your help on this.
8dc1e333-95ad-4714-9820-16d3e4296c4d wrote:
In other words, I just want to use the database A to build and enhance the application.
APEX does not work like that.
APEX is nothing more than a bunch of PL/SQL code that runs on the database, it is installed on and run the code as "pattern analysis".
Comment on "works on the basis of data"
If you want APEX to read data from a different database, you use a DATABASE LINK
for example to SELECT a report
Select * from scott.emp@db2
I doubt that one of the assistants APEX you'll love.
comment "works like «pattern analysis"»
If your application has an analysis of 'BOB' scheme... all SQL and PL/SQL code will run as BOB.
The "DB"account "security" is more a misnomer. APEX only checks that the entered name and password match that of the database that it is installed on.
Once verified, APEX performs a 'switch user' for the 'scheme of analysis. " (Authentication of proxy in Oracle)
That's how web applications work... they use a shared schema.
WORK AROUND
Connect to the APEX by ADR, no EPG. Will prevent it people to access the database directly.
The next thing that you need is a SCHEME of ANALYSIS dedicated to the execution of SQL and PL/SQL.
As any other database USER, it shouldn't be the same schema as the schema that contains all of your data. (Analysis schema! = data schema)
Personally, I like to my 'space work [schema]' separated also.
You will most likely need to use a database of private virtual control data access.
Required Code changes
If none of your code using the username 'USER' column, you need to change to COALESCE (V ('APP_USER'), USER)
(I prefer to COALESCE on NVL because I anticipate different infrastructure that works similar to APEX)
MK
-
Please suggest some in depth Oracle Database Security book
Please suggest some Oracle database security book in depth.
I'm looking for some very good and in the books of depth in Oracle database security book advance.
Thanks in advance...If you go to Amazon.com, then search for 'Security Oracle', there are dozens of good books.
I would probably start
and
Justin
-
database security...
Hi Experts,
I am a DBA and have never worked on the security of the database.
I wonder to work on this area by management.
I would like to know is this area is a DBA?
If so could you please direct me to the docs/url metalink?
Thank you
BK.Yes its your job as a DBA to secure your database.
Oracle Database Security its not that small to study it, you should know
-MEV
-Data masking
-Line level security
-Column-level security
-Data Vault
-Database Audit Vault
-Firewall oracleeach of these subject's course.
-
Announcement for the external database - Secure ACS 5.2 or LDAP
I'm working on the project with Secure ACS 5.2. I'm trying to determine the external database appropriate to use. LDAP or directly to the AD?
In addition, the field in which I connect to a several subdomains. All users are currently in the subdomains, but will move to the root domain later. How do I set up the connection, I have to connect to each subdomain or can I connect just to the root?
Thank you
Hello
If you are using PEAP (mschapv2) [password based authentication] your best bet is to tie ACS to AD, because PEAP-mschapv2 is a hash mechanism that is only supported when you bind to AD, it will not work if you use the ldap integration.
Your best option is to connect ACS for the root domain, so he can use the transitive trust relationships to find the information in its subdomains.
Thank you
Tarik Admani
* Please note the useful messages *. -
Accidentally changed the properties in the programs 'Windows. security, .database .secedit"at adobe. need to restore the original.
"I have not a reliable ' restore date.Hello
Before I continue with the troubleshooting steps I may need a few more details to better understand the issue.
1. what exactly is the problem you are experiencing on the computer?
2. do you receive any error messages?
3. what exactly do you mean by 'changed the properties in the programs' Windows. security, .database .secedit"at adobe. need to restore the original. » ?Suggestions for a question on the help forums:
http://support.Microsoft.com/kb/555375Answer with the information required to help solve the problem.
-
failed to create database security store
Hi all
I'm trying to run the command to create the store database for my domain. But get following exception.
CLASSPATH=/data/eidm/opam/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/data/eidm/opam/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/data/eidm/jdk1.7.0_67/lib/tools.jar:/data/eidm/opam/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/data/eidm/opam/Middleware/wlserver_10.3/server/lib/weblogic.jar:/data/eidm/opam/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/data/eidm/opam/Middleware/wlserver_10.3/server/lib/webservices.jar:/data/eidm/opam/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/data/ eidm/opam/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/data/eidm/opam/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/lib/adfscripting.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/lib/mdswlst.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/igfwlsthelp.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/data/ eidm/opam/Middleware/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/ossoiap.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/ sslconfigwlst.jar:/data/eidm/opam/Middleware/oracle_common/common/wlst/resources/wsm-wlst.jar:/data/eidm/opam/Middleware/utils/config/10.3/config-launch.jar::/data/eidm/opam/Middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/data/eidm/opam/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/data/eidm/opam/Middleware/wlserver_10.3/common/derby/lib/derbytools.jar::
WebLogic Scripting Tool (WLST) initializing...
Welcome to WebLogic Server Administration scripts Shell
Help() type help on the available commands
Info: Data Source is: opss-DBDS
Problem call WLST - Traceback (innermost last):
File "/ data/eidm/opam/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py", line 653, in?
File "/ data/eidm/opam/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py", line 76, getXmlDocument
File "/ data/eidm/opam/Middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar/Lib/xml/dom/minidom.py", line 1923, in analysis
File "/ data/eidm/opam/Middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar/Lib/xml/dom/minidom.py", 1907, in _do_pulldom_parse the line
File "/ data/eidm/opam/Middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar/Lib/xml/dom/pulldom.py", line 333, in analysis
IOError: No file or directory: data/eidm/opam/Middleware/user_projects/domains/opam_domain/config/config.xml
Please help us.
Thank you.
error message:
IOError: No file or directory: data/eidm/opam/Middleware/user_projects/domains/opam_domain/config/config.xml
Check if the path of the given field is correct or not?
What is the exact command that you run?
-
Error occurred when creating 'Database of store security' in OIM11gR2 PS2
Hi experts,
I get the following error when I am trying to configure the store database security.
The name of user and password is correct. 1 forward, I used the "Patch Set Assistent" to upgrade the schema OPSS.
OS: Linux Red Hat 6.5
IOM version: 11 GR 2 PS2
My environment variables:
Export JAVA_HOME = / APPL/home/IOM/java/jdk6
Export APP_SERVER = weblogic
Export MW_HOME = / APPL/home/IOM/mw
export WL_HOME=/APPL/home/oim/mw/wlserver_10.3
Export OIM_ORACLE_HOME = / APPL/home/IOM/mw/Oracle_IDM1 /.
Export DOMAIN_HOME = / APPL/home/IOM/mw/user_projects/domains/oim_domain /.
# export PATH
export PATH = $PATH: / APPL/home/IOM/java/jdk6/bin
export PATH = $PATH: / APPL/home/IOM/mw/Oracle_SOA1/OPatch
Java-Version:
Java version "1.6.0_37".
Java (TM) SE Runtime Environment (build 1.6.0_37 - b06)
Oracle JRockit (R) (build R28.2.5-50-153520-1.6.0_37-20121220-0843-linux-x86_64, update mode)
[oim@gf0vsxas833p ~] $
My password of the OPSS schema includes two special characters: $ and _
My error:
[oim@gf0vsxas833p ~] $ /APPL/home/oim/mw/oracle_common/common/bin/wlst.sh /APPL/home/oim/mw/Oracle_IDM1/common/tools/configureSecurityStore.py/APPL/home/IOM/mw/user_projects/domains/oim_domain d /-c IAM Pei < opss_schema_password > m create
CLASSPATH=/APPL/home/oim/mw/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/APPL/home/oim/mw/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/APPL/home/oim/java/jdk6/lib/tools.jar:/APPL/home/oim/mw/wlserver_10.3/server/lib/weblogic_sp.jar:/APPL/home/oim/mw/wlserver_10.3/server/lib/weblogic.jar:/APPL/home/oim/mw/modules/features/weblogic.server.modules_10.3.6.0.jar:/APPL/home/oim/mw/wlserver_10.3/server/lib/webservices.jar:/APPL/home/oim/mw/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/ APPL/home/oim/mw/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/APPL/home/oim/mw/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/APPL/home/oim/mw/oracle_common/common/wlst/lib/adfscripting.jar:/APPL/home/oim/mw/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/APPL/home/oim/mw/oracle_common/common/wlst/lib/mdswlst.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/auditwlst.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/igfwlsthelp.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/jps-wlst.jar:/ APPL/home/oim/mw/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/jrf-wlst.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/oamap_help.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/ossoiap_help.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/ossoiap.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/APPL/home/oim/mw/oracle_common/common/wlst/ resources/sslconfigwlst.jar:/APPL/home/oim/mw/oracle_common/common/wlst/resources/wsm-wlst.jar:/APPL/home/oim/mw/utils/config/10.3/config-launch.jar::/APPL/home/oim/mw/wlserver_10.3/common/derby/lib/derbynet.jar:/APPL/home/oim/mw/wlserver_10.3/common/derby/lib/derbyclient.jar:/APPL/home/oim/mw/wlserver_10.3/common/derby/lib/derbytools.jar::
WebLogic Scripting Tool (WLST) initializing...
Welcome to WebLogic Server Administration scripts Shell
Help() type help on the available commands
I havenfo: data source is: opss-DBDS
Info: Driver JDBC DB: oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@gf0zsxdb048p:1522/IDMSECP
Error: impossible to do the data binding for OES field. Caused by: ORA-01017: name of user and password invalid. connection refused
Problem call WLST - Traceback (innermost last):
File "/ APPL/home/oim/mw/Oracle_IDM1/common/tools/configureSecurityStore.py", line 899, in?
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:600)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:445)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:380)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:760)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:401)
to oracle.jdbc.driver.PhysicalConnection. < init > (PhysicalConnection.java:546)
to oracle.jdbc.driver.T4CConnection. < init > (T4CConnection.java:236)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:185)
at oracle.security.oes.util.DBSchemaUpgrade.getConnection(DBSchemaUpgrade.java:62)
at oracle.security.oes.util.DBSchemaUpgrade.isAnyPolicyStoreInSchema(DBSchemaUpgrade.java:69)
at oracle.security.oes.util.DBSchemaUpgrade.isAnyPolicyStoreInSchema(DBSchemaUpgrade.java:56)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
java.sql.SQLException: java.sql.SQLException: ORA-01017: name of user and password invalid. connection refused
Any ideas? I've done the excact same facility two months ago. At that time, everything worked fine...
Thank you!
BR,
Max
Finally, I was able to solve my problem. When the password of schema using a $ connect, the script fails!
BR
-
Suggestion: Subcategory "Security" of the category "Database".
Hi all
I managed to find that on OTN Discussion Forums, there are:
Java-> category: security
Technology-> Forum: security
and technology: security questions apply to the Oracle database software.
I always wondered why there is no 'Security' subcategory in the category "Database" (http://forums.oracle.com/forums/main.jspa?categoryID=84)
I have read security of database on discussions in the 'Database - general' sub-category of category "Database" and always had this strange feeling of a subcategory of 'Security' missing.
In my view, security of database threads would be better organize you if there a subcategory "Security" of the category "Database".
Thank you
Adrian AngelovI think there is a forum of database security - general , although it is rather well hidden at the bottom of the list of database instances.
Justin
-
How to remove a nsf local security
Hi all
Please suggest me a convenient way to remove local security from NSF
You will need to remove NSF security? Get the solution in advance, giving you great assistance during the withdrawal of database security. Try it and be free from this error. Read more:- http://www.removensfsecurity.org/how-to-remove-local-security
-
Dear Guys,
I'm looking for Oracle database security software and got some information that Oracle database vault is aimed. Please let me know what are the versions of database supported (8i, 9i, 10g, 11g) which can be integrated with the latest version of Oracle database vault.
Hello
Audit Vault and database firewall is a product of Oracle which allow to collect many targets audit logs and blocking and monitoring sql against your target traffic.
DB Vault: is this different Oracle product that can protect your data against unauthorized access as access dba by creating the Kingdom, so if the sysdba try selecting tables protected by the Kingdom, he will receive insufficient privildges
-
Hello
SSP database security.
User and group are both part of the native repertoire, but also exists in the active directory configuration.
I create a group.
I set up the Group Application Manager for Application X
I make A user a member of the Group
User A runs a MAXL script; -
Drop database X.Y;
The drop falls down-
For this operation, the insufficient privilege ERROR - 1051041 -.
Essbase 11.1.2.2.
Is this a bug?
Is there a solution?
Thank you
Robert.
Robert, read Cameron link I see this:
"An Application Manager can remove only the applications and databases that he created."
Leaving aside the question of whether this applies also to female users, this is probably your problem, is it not?
-
Connect to the database through PHP Oracle
Hello
I'm trying to run a PHP script on a button from an external site that connects to the Oracle database. Someone at - it an idea how to connect to a database SQL as I want to use the Web site as a customer to the product which inserts records?
Thank you very much!
I read your other thread Connect to database via PHP APEX found on the forum of the APEX.
The person who told you to post here you gave some bad advice.
"cj" has some good information for you in your original post.
As you use the APEX and PHP to interact with the database at the same time, you will need to do some design work before you continue.
Step 1: Learn Oracle.
Read Oracle Concepts Guide
If you have questions about how Oracle works, feel free to ask in the general forum.
Step 2: Design your security
identify the tables of the PHP users will be allowed access. (I only allow to SELECT)
identify processes that PHP users will be allowed to do. (my LMD is placed here)
Think "ROLES".
There is a forum "database security - general." But, I think that general would also work.
Step 3: Move the "business logic" in the database
You want to reuse the APEX of the process in PHP, PERL/CGI, .NET, etc etc.
To do this, the only way is to move the process of the APEX in the database code. (IE packages)
In other words: put your "business logic" within your database.
Not all the processes of the APEX should be moved (for example 'extract of automatic data"is specific APEX)
You can create Packages that can be used instead of "Automatic DML" within the SQL APEX workshop.
(post in the forum of the APEX for more information)
Other processes, you will need to read the code to determine.
Also, you'll want to move your APEX 'Permission' and 'Validation' code in packages also.
In this way: PHP, .NET, Java, etc., etc. can use the same code 'validation '.
Step 3: use a code repository
You will create a large number of packages.
You'll want to use a Code (e.g. SVN) repository to keep a history of your code.
Oracle SQL Developer (free) must be able to help here
Step 4: consider asking for help
You should consider hiring a consultant to help you if you don't have in-house expertise that can solve the above steps.
MK
PS - for later use, remember to mark your question as 'responded' If you realize that it is in the wrong forum.
-
ORA-28132: the MERGE syntax IN does not support security policy
Hello
With the help of Oracle 11 g R2.
I have the following problem:
If the user attempts to perform a MERGE INTO statement on a table (T1), it receives the error ORA-28132: The MERGE IN syntax does not support security policy.
Is there a way I can solve this problem by giving the user more rights on this specific table, T1? Or I need to rewrite the SQL code using UPDATE and INSERT instead MERGER?
I can't grant POLICE ACCESS TAX-FREE, it would be too powerful privilege...
Please advise,
M.R.
You may need to recreate the political VPD:
Note:
In previous versions of Oracle database, when you created a strategy Oracle virtual private database on an application that included the
MERGE
INTO
statement, theMERGE
INTO
declaration could be avoided with aORA-28132: Merge into syntax does not support security policies
error, due to the presence of the virtual private database policy. From Oracle Database 11 g Release 2 (11.2.0.2), you can create policies on applications that includeMERGE
INTO
operations. To do this, in theDBMS_RLS
.ADD_POLICY
statement_types
parameter, include theINSERT
,UPDATE
, andDELETE
statements, or simply omitstatement_types
setting altogether. Refer to the Oracle Database Security Guide for more information on the application of the strategies on specific types of SQL statement. -
Hello
I am facing a problem with the security filter for a single user. We are on the edition of Fusion Hyperion Version 11.1.2.1.
We had a user created in the SSP with ID: TESTUSER and added in the group. Initially for this user was working fine. Subsequently, we have removed this user of shared services like us is needed more than that.
According to the new requirements that we are supposed to create a user with the same username, so we created new new user "TESTUSER" and added in the same group of users, then we refreshed the Planning Application security by "Administration-> Application-> Refresh Database-> security filters '." " Refreshing security created filters to filter for above the user and we checked this consol EAS.
However, when connect us to the Application via Smart View we get the error below.
*****************
Could not open the cube View.Essbase error (1054060): Essbase failed to select
Application APP1, because the TESTUSER@Native directory is not\
completely updated in service planning.
*****************
Could you please advice how we can solve this problem.
Try to remove user security file EAS using MAXL and try again to create security filters.
Maybe you are looking for
-
What happens when the photo of system library is on an external drive and then the system creates a library of Photos? How do merge you them?
-
GS108Ev2 wrong password after restoring configuration
I have 3 switches from Netgear GS108Ev2. All 3 units have firmware 1.00.12 and I amusing the Prosafe v2.3.20 Recently, I've reconfigured the VLAN in my local network and after you changed thesettings on the switches, I decided to go back at least tem
-
Sync iphone 6 with windows vista
Hey I have an "old" computer to Windows vista and the latest version of itunes available is 12.1.2 It looks like my iphone6 may not synchronize with itunes 12.1.2? I have an error message asking to download an itunes update, but there is no update it
-
Search for a list of resources 'USB to RS232.
Hello I wonder how do I get the "USB to RS232" device name, description, and serial number, as NiMAX is capable of (see the attached image NiMAX-USB - 232.jpg). By using the function viFindRsrc (as in the example of FindRsrc_CVI.cws), I get the name
-
ThinkPad X120e unusual fan noise
I've had my X120e for awhile now and I'm happy with it. The normal fan noise didn't me don't bother, but lately I've heard some strange fan noises when I take the laptop at an angle. If I start to slowly turn on the right side, I hear a fan noise tha