Skip navigation.

APPS Blogs

Disable IAMSuiteAgent

Online Apps DBA - Tue, 2014-04-15 17:25
This post will give an insight into IAMSuiteAgent and how to disable it? IAMSuiteAgent is a pre-built Java agent that comes with OAM 11g by default. Few important points of IAMSuiteAgent are: The IAMSuiteAgent is a domain-wide agent: Once Access Manager is deployed, the IAMSuiteAgent is installed on every server in the domain Unless disabled, [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

OBIEE Security: Usage Tracking, Logging and Auditing for SYSLOG or Splunk

Enabling OBIEE Usage Tracking and Logging is a key part of most any security strategy. More information on these topics can be found in the whitepaper references below. It is very easy to setup logging such that a centralized logging solution such as SYSLOG or Splunk can receive OBIEE activity.

Usage Tracking

Knowing who ran what report, when and with what parameters is helpful not only for performance tuning but also for security. OBIEE 11g provides a sample RPD with a Usage Tracking subject area. The subject area will report on configuration and changes to the RPD as well as configuration changes to Enterprise Manager.  To start using the functionality, one of the first steps is to copy the components from the sample RPD to the production RPD.

Usage tracking can also be redirected to log files. The STORAGE_DIRECTORY setting is in the NQSConfig.INI file. This can be set if OBIEE usage logs are being sent, for example, to a centralized SYSLOG database.

The User Tracking Sample RPD can be found here:

{OBIEE_11G_Instance}/bifoundation/OracleBIServerComponent/coreapplication_obis1/sample/usagetracking

Logging

OBIEE offers standard functionality for application level logging.  This logging should be considered as one component of the overall logging approach and strategy. The operating system and database(s) supporting OBIEE should be using a centralized logging solution (most likely syslog) and it is also possible to parse the OBIEE logs for syslog consolidation.

For further information on OBIEE logging refer to the Oracle Fusion Middleware System Administrator’s Guide for OBIEE 11g (part number E10541-02), chapter eight.

To configure OBIEE logging, the BI Admin client tool is used to set the overall default log level for the RPD as well as identify specific users to be logged. The log level can differ among users. No logging is possible for a role.

Logging Levels are set between zero and seven.

Level 0 - No logging

Level 1 - Logs the SQL statement issued from the client application.

Level 2 - All level 1 plus OBIEE infrastructure information and query statisics

Level 3 - All level 2 plus Cache information

Level 4 - All level 3 plus query plan execution

Level 5 - All level 4 plus intermediate row counts

Level 6 & 7 - not used

 

OBIEE log files

BI Component

Log File

Log File Directory

OPMN

debug.log

ORACLE_INSTANCE/diagnostics/logs/OPMN/opmn

OPMN

opmn.log

ORACLE_INSTANCE/diagnostics/logs/OPMN/opmn

BI Server

nqserver.log

ORACLE_INSTANCE/diagnostics/logs/
OracleBIServerComponent/coreapplication_obis1

BI Server Query

nquery<n>.log <n>=data and timestamp for example nqquery-20140109-2135.log

Oracle BI Server query Log

ORACLE_INSTANCE/diagnostics/logs/OracleBIServerComponent/coreapplication

BI Cluster Controller

nqcluster.log

ORACLE_INSTANCE/diagnostics/logs/
OracleBIClusterControllerComponent/coreapplication_obiccs1

Oracle BI Scheduler

nqscheduler.log

ORACLE_INSTANCE/diagnostics/logs/
OracleBISchedulerComponent/coreapplication_obisch1

Useage Tracking

NQAcct.yyymmdd.hhmmss.log

STORAGE_DIRECTORY parameter in the Usage Tracking section of the NQSConfig.INI file determines the location of usage tracking logs

Presentation Services

sawlog*.log (for example, sawlog0.log)

ORACLE_INSTANCE/diagnostics/logs/
OracleBIPresentationServicesComponent/
coreapplication_obips1

 

The configuration of this log (e.g. the writer setting to output to syslog or windows event log) is set in instanceconfig.xml

BI JavaHost

jh.log

ORACLE_INSTANCE/diagnostics/logs/
OracleBIJavaHostComponent/coreapplication_objh1

 

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References

 

Tags: Oracle Business Intelligence (OBIEE)AuditorIT Security
Categories: APPS Blogs, Security Blogs

OpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact

Integrigy has completed an in-depth security analysis of the "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) and the impact on Oracle E-Business Suite 11i (11.5) and R12 (12.0, 12.1, and 12.2) environments.  The key issue is where in the environment is the SSL termination point both for internal and external communication between the client browser and application servers. 

1.  If the SSL termination point is the Oracle E-Business Suite application servers, then the environment is not vulnerable as stated in Oracle's guidance (Oracle Support Note ID 1645479.1 “OpenSSL Security Bug-Heartbleed” [support login required]).

2.  If the SSL termination point is a load balancer or reverse proxy, then the Oracle E-Business Suite environment MAY BE VULNERABLE to the Heartbleed vulnerability.  Environments using load balancers, like F5 Big-IP, or reverse proxies, such as Apache mod_proxy or BlueCoat, may be vulnerable depending on software versions.

Integrigy's detailed analysis of use of OpenSSL in Oracle E-Business Environments is available here -

OpenSSL Heartbleed (CVE-2014-0160) and the Oracle E-Business Suite Impact Analysis

Please let us know if you have any questions or need additional information at info@integrigy.com.

Tags: VulnerabilityOracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Integrigy Collaborate 2014 Presentations

Integrigy had a great time at Collaborate 2014 last week in Las Vegas.  What did not stay in Las Vegas were many great sessions and a lot of good information on Oracle E-Business Suite 12.2, Oracle Security, and OBIEE.  Posted below are the links to the three papers that Integrigy presented.

If you have questions about our presentations, or any questions about OBIEE and E-Business Suite security, please contact us at info@integrigy.com

References Tags: Oracle DatabaseOracle E-Business SuiteOracle Business Intelligence (OBIEE)
Categories: APPS Blogs, Security Blogs

OBIEE Security: Repositories and Three Layers of Security

This blog series reviewing OBIEE security has to this point identified how users are defined and authenticated within WebLogic, the major security concerns with WebLogic and how application roles are defined and mapped to LDAP groups within Enterprise Manager. We will now review OBIEE authorization, how OBIEE determines what data users can see after they login. 

The OBIEE Repository is comprised of three layers. A very simplistic summary is below:

  • Physical layer: Defines all database or data source connections (user id and passwords are entered and stored here), the physical table and columns, primary and foreign key relationships.  
  • Business Model Mapping layer (BMM):  Referencing the physical layer, here is where logical structures are built and aggregation rules are defined.  The BMM is really the heart of an OBIEE application
  • Presentation layer:  Referencing the BMM, this layer presents the tables and columns to end users. For example, remove unwanted columns or rename awkwardly named columns.
Object and Data Level Security

Object (Physical layer) and Data (BMM) level security is defined within the identity manager in the Repository. Object security can be set to either allow or deny access to a physical table or column. Data security allows rules to be applied to logical tables or columns (BMM layer). These rules can use static values as well as session variables.

Navigation:  Open identity manager within the RPD -> select user or role -> click on permissions

Identity Manager

Data Filter

 

Object Filter

Presentation Layer Security Rule

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References Tags: ReferenceOracle Business Intelligence (OBIEE)Security Resource
Categories: APPS Blogs, Security Blogs

Creating Users in Oracle Internet Directory (OID)

Online Apps DBA - Sun, 2014-04-06 15:03
This post covers creating users in OID using ODSM, this OID user will be used as admin user for OAM-OID integration in our Oracle Access Manager (OAM) 11gR2 Admin Training (training starts on 3rd May and fee is 699 USD). For part I of OID/OVD installation click here and for part II click here . In this exercise, we use Oracle Directory [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

How to configure YUM for Oracle Enterprise Linux (OEL) to install missing RPMs

Online Apps DBA - Fri, 2014-04-04 16:21
I installed new Linux Server for our Oracle Access Manager (OAM) 11gR2 Admin Training (training starts on 3rd May and fee is 699 USD). This post covers steps to configure YUM so that you can install missing RPM (RPMs required for Oracle Database and Fusion Middleware). 1. Identify your Oracle Enterprise Linux version from enterprise-release file cat [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

OBIEE Security: Repositories and RPD File Security

The OBIEE repository database, known as a RPD file because of its file extension, defines the entire OBIEE application. It contains all the metadata, security rules, database connection information and SQL used by an OBIEE application. The RPD file is password protected and the whole file is encrypted. Only the Oracle BI Administration tool can create or open RPD files and BI Administration tool runs only on Windows.  To deploy an OBIEE application, the RPD file must be uploaded to Oracle Enterprise Manager. After uploading the RPD, the PRD password then must be entered into Enterprise Manager.

From a security assessment perspective, who has physical access to the RPD file and the RPD password is critical. If multiple OBIEE applications are being used, the RPD passwords should all be different. It is also recommended that the RDP password be rotated per whatever policy governs critical database accounts and that production RPD passwords be different than non-production RPD passwords. 

Once deployed through WebLogic, RPD file (version 11g) is located here: 

ORACLE_INSTANCE/bifoundation/OracleBIServerComponent/coreapplication_obisn/

 

Figure 1 Repository (RDP) File Define OBIEE Solutions

 

Figure 2 Windows based OBIEE BI Admin Tool

 

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References Tags: ReferenceOracle Business Intelligence (OBIEE)Security Resource
Categories: APPS Blogs, Security Blogs

Installation of Oracle Identity Management (OID/OVD/ODSM/OIF) 11gR1(11.1.1.7) – Part 2

Online Apps DBA - Tue, 2014-04-01 07:40
This post covers part ” of  OID/OVD 11gR1 (11.1.1.7) installation that will be used as user repository (Identity Store) for our Oracle Access Manager (OAM) 11gR2 Admin Training (training starts on 3rd May and fee is 699 USD). For first part of OID/OVD installation click here 1. Install IDM (OID/OVD/ODSM) 11.1.1.7 1.1 Start installer as cd /stage/oracle/idm/11.1.1.7.0/Disk1 (IdM 11.1.1.7 [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Come See Integrigy at Collaborate 2014

Come see Integrigy’s sessions at Collaborate 2014 in Las Vegas (http://collaborate14.com/). Integrigy is presenting the following papers:

IOUG - #526 Oracle Security Vulnerabilities Dissected, Wednesday, April 9, 11:00am

OAUG – #14365 New Security Features in Oracle E-Business Suite 12.2, Friday April 11, 9:45am

OAUG – #14366 OBIEE Security Examined, Friday, April 11, 12:15pm

If you are going to Collaborate 2014, we would also be more than happy to talk with you about your Oracle security projects or questions. If you would like to talk with us while at Collaborate please contact us at info@integrigy.com

Tags: ConferencePresentation
Categories: APPS Blogs, Security Blogs

Installation of Oracle Identity Management (OID/OVD/ODSM/OIF) 11gR1(11.1.1.7) – Part 1

Online Apps DBA - Sun, 2014-03-30 04:56
This post covers installation of OID/OVD 11gR1 (11.1.1.7) that will be used as user repository (Identity Store) for our Oracle Access Manager (OAM) 11gR2 Admin Training (training starts on 3rd May and fee is 699 USD). If you are new to Oracle Identity & Access Management then first check Identity Management Products from Oracle   1. [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

OBIEE Security: User Authentication, WebLogic, OPSS, Application Roles and LDAP

Where and how are OBIEE users authenticated? A few options exists. A later blog post will review how to use the Oracle E-Business Suite to authenticate user connections and pass the E-Business Suite session cookie to OBIEE. Many if not most OBIEE users will though authenticate through WebLogic. For these users, they are defined and authenticated within WebLogic using it’s built in LDAP database or an external LDAP implementation. Once authenticated, the user’s LDAP group memberships are mapped to Applications roles that are shared by all Fusion Applications, OBIEE included.

WebLogic and Oracle Platform Security Services (OPSS)

As a Fusion Middleware 11g product, OBIEE 11g uses Oracle WebLogic for centralized common services, including a common security model. WebLogic Security Realms define the security configurations required to protect the application(s) deployed within WebLogic and consist of definitions of users, groups, security roles and polices.

If at all possible, Integrigy Corporation recommends using the default realm as a baseline to configure a new Realm for OBIEE. Integrigy Corporation highly recommends that each security realm attribute be thoroughly understood.

To implement Security Realm configurations, all Fusion Middleware applications use a security abstraction layer within WebLogic called the Oracle Platform Security Services (OPSS). OPSS is not the same as WebLogic security. WebLogic consumes OPSS services and frameworks (for example authentication). OPSS provides three key services:

  • An Identity Store, to define and authenticate users
  • A Credential Store, to hold the usernames, passwords and other credentials that system services require.
  • A Policy Store, containing details of user groups and application roles, application policies and permissions. The policy store is used to authorize users (what can they do?) after they are authenticated.

Enterprise Manager and Application Roles

Application roles are new with OBIEE 11g and replace groups within OBIEE 10g. The migration of application roles out of OBIEE allows a common set of roles to be define across all Fusion Middleware products and applications.

Application roles and Application Policies are managed in Oracle Enterprise Manager - Fusion Middleware Control.  This is where LDAP groups are mapped to application roles and detailed permissions are assigned to the application roles. The key concept is that LDAP groups can be assigned to both Fusion users and Fusion Application roles, LDAP users are never individually or directly assigned permissions and grants within OBIEE.

The out-of-the-box installation of OBIEE delivers three main application roles. These roles may be granted to individual users or to LDAP groups.  During the implementation or at any time new roles can be created and existing roles changed.

Default OBIEE Application Roles

Application Role

LDAP Group*

Description

BIConsumer

 

BIConsumers

Base-level role that grants the user access to OBIEE analyses, dashboards and agents.  Allows user to run or schedule existing BI Publisher reports, but not create any new ones

BIAuthor

BIAuthors

 

All BIConsumer rights, grants and permissions but also allows users to create new analyses, dashboards and other BI objects

BIAdministrator

BIAdministrators

 

All BIAuthor rights, grants and permissions (and therefore BIConsumer) as well as allows the user to administer all parts of the system, including modifying catalog permissions and privileges

 *Note the naming convention difference of plural vs singular for Application Roles

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References Tags: Oracle Business Intelligence (OBIEE)
Categories: APPS Blogs, Security Blogs

Oracle Mobile Security Suite #OMSS formerly Bitzer Mobile : Interested in working with Us ?

Online Apps DBA - Sat, 2014-03-22 04:43
    Oracle acquired BitzerMobile in november 2013 and released it as Oracle Mobile Security Suite (OMSS). Oracle Mobile Security Suite (OMSS) is now part of Oracle Identity Management Suite and is currently available from eDelivery as version 3.0 (released on March 19, 2014). For new features introduced in OMSS 3.0 click here We have launched Mobile [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

OBIEE Security and WebLogic Scripting Tool (WLST)

Continuing our blog series on OBIEE security, when discussing WebLogic security, the WebLogic Scripting Tool (WLST) needs to understood. From a security risk perspective, consider WLST analogous to how DBAs use SQL to manage an Oracle database. Who is using WLST and how they are using it needs to be carefully reviewed as part of any WebLogic security assessment.

WebLogic Scripting Tool (WLST)

The WebLogic Scripting Tool (WLST) is a command-line scripting environment that is used to create, manage, and monitor WebLogic. It is based on the Java scripting interpreter, Jython, version 2.2.1. In addition to supporting standard Jython features such as local variables, conditional variables, and flow control statements, WLST provides a set of scripting functions (commands) that are specific to WebLogic Server.

From a security risk perspective, consider WLST analogous to how DBAs use SQL to manage an Oracle database. Who is using WLST and how they are using it needs to be carefully reviewed as part of any WebLogic security assessment.

WLST uses the WebLogic Security Framework to enforce the same security rules as when using the WebLogic user interface. WLST scripts, similar to SQL scripts, are created and edited using any text editor and the operating system user running a WLST script can easily be different than the user referenced in the script. WLST scripts can be run in either on or offline mode and, aside from modifying and copying configurations, (e.g. to create a test server), they can be used to add, remove, or modify users, groups, and roles.

Securing the WLST Connection

Both Integrigy Corporation and Oracle recommend that when using WLST only connect through the administration port. The administration port is a special, secure port that all WebLogic Server instances in a domain can use for administration traffic.

By default, this port is not enabled, but it is recommended that administration port be enabled in production. Separating administration traffic from application traffic ensures that critical administration operations (starting and stopping servers and changing configurations) do not compete with application traffic on the same network connection.

The administration port is required to be secured using SSL. As well, by default, the demonstration certificate is used for SSL. The demo SSL certificate should not be used for production.

Writing and Reading Encrypted Configuration Values

Some attributes of a WebLogic Server configuration are encrypted to prevent unauthorized access to sensitive data. For example, JDBC data source passwords are encrypted.  It is highly recommended to follow the WebLogic scripting tool documentation for specific instructions on working with encrypted configuration values however WLST is used - manually (ad-hoc), in scripts, offline and on line. A security assessment should include a discussion, if not a review, of WLST scripts that set or manipulate encrypted values.

Running WLST Scripts

WLST scripts permit unencrypted passwords at the command line. WebLogic security policies need to address how WLST scripts should provide passwords. Storing passwords incorrectly can easily and needlessly expose passwords in scripts, on monitor screens and in logs files. When entering WLST commands that require an unencrypted password, the following precautions should be taken:

  • Enter passwords only when prompted. If a password is omitted from the command line, it is subsequently prompted for when the command is executed
  • For scripts that start WebLogic Server instances, create a boot identity file. The boot identity file is a text file that contains user credentials. Because the credentials are encrypted, using a boot identity file is much more secure than storing unencrypted credentials in a startup or shutdown script.
  • For WLST administration scripts that require a user name and password, consider using a configuration file. This file, can be created using the WLST storeUserConfig command and contains:
    • User credentials in an encrypted form
    • A key file that WebLogic Server uses to unencrypt the credentials

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References Tags: Oracle Fusion MiddlewareOracle Business Intelligence (OBIEE)
Categories: APPS Blogs, Security Blogs

addPartnerForMultiDataCentre is not updating MDC partners in oam-config.xml in OAM 11g R2 PS2

Online Apps DBA - Thu, 2014-03-20 17:56
In OAM 11g R2 PS2, I was working on Multi Data Center setup by following the documentation. I had to run the WLST command addPartnerForMultiDataCentre by giving partnerInfo.properties file as input. What does this command do? In MDC, when the failover happens from DC1 to DC2, all the webgate requests will be routed to DC2 [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

oracle.oam.EnableMDCReplication property in OAM 11gR2 MDC

Online Apps DBA - Wed, 2014-03-19 17:56
If you are working on Multi Data Center in OAM 11g R2 PS2, you would encounter the issue of updating the oracle.oam.EnableMDCReplication flag to true as per the Oracle Documentation link. However the document does not specify where to change this property. Here is what you need to do: Goto WebLogic Domain directory. Take backup [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Oracle Apps (R12) installation troubleshooting : RW-20003 Error Unzip Failed

Online Apps DBA - Wed, 2014-03-19 16:33
I recently installed Oracle E-Business Suite (R12) for E-Business Suite Integration with OAM/OID for SSO training and installation failed with error RW-20003 Error Unzip Failed. This error is self explanatory that installation failed while unzipping a file but how do you know for which file unzip failed? R12 installer writes log to various log files at each [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Invasion of the Octopi!

iAdvise - Tue, 2014-03-18 21:42
As a bit of a sci-fi geek (a dedicated Browncoat, amongst other things) I was shocked to discover that Cthulhu's had completely passed me by. For those uninitiated into this global geek cult a Cthulhu is a squid like creature created in the fantasy works of H.P.Lovecraft in 1926. But in modern sci-fi has become a jokey euphemism for horror and evil on a great scale. A recent Neil Gaiman short story piqued my curiosity even more.Cthulhu created a mini trend in the world of crafts, with squid and octopus creations becoming extremely popular in amigurumi and jewellery. Which led me to discover these cephalopod inspired creations on Folksy.First up is a stunning print from I Like It I Think Its Nice. The detail in this print is quite outstanding, and wonderfully fantastical at the same time.Here's some of that famous Octopus jewellery I mentioned, this one's on a lovely gold plated chain from Laura's Jewellery.As a lover of all things laser cut (I've even dabbled a little myself) this piece really stood out for me. Mirrored purple acrylic, with a delicate engraving, and Czech glass ink drops, lovely work from Tea Stained Jewellery.Although these little Jellyfish are not cephalopods, their little tentacles were too cute to be left out. Snap one up from Orangefishy Plush.Wear your Octopus love on your sleeve! Well, your hem if you buy this snappy t-shirt from Conkerlove. Loving the button eyes.Create your own under sea imaginary adventure with these Octopus finger puppets from MuNGBEANS. Or you could just wear them whilst reading a Cthulhu novel.Its amigurumi time from Ali's Crafts, a cute little child safe critter handmade with loving care.And finally, the more deadly side of Octopi in this recycled card depicting the venomous Blue Ringed Octopus. Wonderful hand stitched detail from Ethel & Iris.A slightly odd inspiration for this article, but I hope you've enjoyed reading it, and are now aware of the Cult of Cthulhu!P.S. I hope you're having a Happy New Year too.
Categories: APPS Blogs

Have a Heart...

iAdvise - Tue, 2014-03-18 09:42
I think we were all blown away last week by the Royal Wedding - the pagenatry, the flags, THE dress, the splendour and the great outpouring of general "Britishness". But we mustn't forget that this was really just a young couple's marriage - their declaration of love for one another, and their commitment for their lives ahead.But this isn't the only "matter of the heart" that we should be paying tribute to... On this day in 1968 the first heart transplant in the UK was conducted at the National Heart Hospital in Marylebone, London. This amazing, life-saving surgery was undertaken by South African born surgeon Donald Ross, on an unnamed 45 year old man. At the time this was a wonderous new procedure, that (sadly, but necessarily) has become a very "ordinary" operation these days - but has saved, and will continue to save, many many lives each year.So this week's selection of beautiful Folksy items are all dedicated to "hearts" - symbols of love, and vital organs alike!Heart BangleHeart BoxHandcut Heart CardSmall Copper HeartHeart CushionSilver Heart EarringsHeart & Heart Felt BroochKey to my Heart KeyringCurly HeartWooden Heart
Categories: APPS Blogs

Happy New Year!

iAdvise - Mon, 2014-03-17 21:42
The team at FOF hope that you've all had a wonderfully relaxing and fun-filled Christmas and New Year - we certainly have! And to welcome us all into 2011 and a new decade, here's a stunning selection to celebrate the New Year and all that it stands for!It's traditional to go first-footing on New Year's Eve, so here's something to keep those tootsies in tip-top condition.Night Time Foot Butter by FreyalunaIn the UK, it's lucky if the first person to cross your threshold on New Year's Day is a man (although tradition doesn't say that it has to be a good-looking man...)Old Man Comedy Photograph, Croatia by Kate Seaton PhotographyIt's also considered good luck if that man brings with him either a lump of coal...(well, a bit of poetic licence was required here)coal tit birdseed card by kate broughton...or bread...Bread Slice Kawaii Coaster by Asking For Trouble...or money.Mini purse, hand printed pink silk by SabineCornicIn some parts of Britain, the gift of mistletoe is also considered auspicious.Everlasting Mistletoe Sprig by Phoenix GlassThen, at the stroke of midnight, that's the cue for the fireworks to go off..'Firework' Recycled Skateboard Belt Buckle by O'blue Thrashion... and for the bubbly to be opened...Champagne Supernova Original Painting by Mazzi's Art...and for the dancing to begin!We hope that 2011 brings you health, wealth and happiness - it's time to celebrate!
Categories: APPS Blogs