If I am sending confidential info (like function name) to the ETW session. Can it be retrieved just by opening the .etl log in notepad++ or any other text editor ?
Related
I am getting security issue reported for the below lines in File A and File B. In this file, we read the username and password. This is not getting logged in the log file.
Also, is it possible to catch such issues during the development phase, rather than getting these in the security testing phase which happens later? Any guidelines on how to configure this in visual studio 2022 and sonarqube to catch such issues early?
string serviceUserName = Environment.GetEnvironmentVariable("Service_UserName");
string servicePassword = Environment.GetEnvironmentVariable("Service_Password");
log.LogInformation($"Status of Blob trigger function with blob\n Name:{fileName} is: {response.StatusCode}");
Categories
OWASP Mobile Top 10 2016: M2-Insecure Data Storage
I am generating logs for my client application where there is very limited internet connectivity. I am storing the offline logs and generating it to application insights once the user is back online. The problem I am facing is out of all the logs only request logs are coming rest are getting discarded. This is happening because of sampling even though I have already disabled the sampling from Startup.cs. Here is my code:
var aiOptions = new Microsoft.ApplicationInsights.AspNetCore.Extensions.ApplicationInsightsServiceOptions();
aiOptions.EnableAdaptiveSampling = false;
services.AddApplicationInsightsTelemetry(aiOptions);
Any Suggestions how to completely remove the sampling so that I can have all the logs in application insight.
Check this document to see different log levels. if you have latest version of sdk than ILogger Can capture without required action.
It will capture log level.
Here is the configuration of logging level.
.ConfigureLogging(
builder =>
{
builder.AddApplicationInsights("ikey");
builder.AddFilter<Microsoft.Extensions.Logging.ApplicationInsights.ApplicationInsightsLoggerProvider>("", LogLevel.Information); // this will capture Info level traces and above.
}
For complete information check this SO thread.
I have a client in NodeJS using the MQTT module (mqtt.js) to communicate with a topic of WebSphere MQ, redirected to a queue : I need the result to be on a queue so I use a topic between the source and the destination (since MQTT protocol communicate only with topics).
So we have :
NodeJS (source) -> Topic of Websphere MQ (intermediate) -> Queue of Websphere MQ (destination)
The problem is that the received messages on the queue of WebsphereMQ are MQHRF2 format but I need MQSTR.
I did not find any property in mqtt.js side to specify the format.
I supposed we can force it with IBM Websphere MQ, but how ? Can I create a channel or anything for this use, that's to say convert the receiving format ?
Thanks in advance for your help !
Configuration :
MQTT.js v3
WebSphere MQ v7.5
Constrains :
WebSphere MQ must be v7.5 (so I can't upgrade to v8 to use mqlight)
Better stay with the module MQTT.js
It works correctly when I publish directly on a topic via the WebSphere MQ explorer. However, it fails when I publish from the NodeJS application.
I tried both methods listing in the comments but I found a weird thing : The result is different according to if I use MQExplorer (what I always used) or the MQ console :
On the MQ Explorer :
On the MQ Console, with the command : amqsbcg QUEUE_MQTT_VERIF MQTTVerification :
As you can see, in the console, the format field is empty, whereas on the MQExplorer it is MQHRF2. The messages are also different.
So the result on the MQConsole is right whereas the MQExplorer still shows a wrong result after the changes.
Note that the result is right only if changes has been done on both :
Subscription : ALTER SUB(APPLE.PRICES) PSPROP(NONE)
Queue : ALTER QLOCAL(PRICES) PROPCTL(NONE)
Maybe the source of the problem is just the display on MQExplorer software ?
EDIT:
The difference between MQExplorer and MQConsole was due to the parameter in MQ Explorer : Window -> Preferences -> WebSphereMQ Explorer -> Message properties -> Uncheck "Display message properties".
When redirecting publications made on a topic to a queue you probably have some definitions like this:-
DEFINE QLOCAL(PRICES)
DEFINE TOPIC(APPLES) TOPICSTR('Price/Fruit/Apples')
DEFINE SUB(APPLE.PRICES) TOPICOBJ(APPLES) DESTCLAS(PROVIDED) DEST(PRICES)
which redirects publications made on the topic string 'Price/Fruit/Apples' to the queue PRICES.
What you will find with such a set up however, is that the topic string is added to the message by the queue manager and thus adds an MQRFH2 header onto the front of your published message.
Message Descriptor (MQMD)
Report :00000000
Message Type :8 (Datagram)
Format :'MQHRF2 '
Priority :0
Persistence :0 (Not Persistent)
Message Id :414D51204D51473120202020202020202D77835720003702
'AMQ MQG1 -w.W .7.'
ReplyToQ :' '
ReplyToQMgr :'MQG1 '
[ 102 bytes] Message Content
<mqps>
<Top>
Price/Fruit/Apples
</Top>
</mqps>
Apples are $2/kilo
To remove this without changing the application reading from the queue, make this alteration to the subscription.
ALTER SUB(APPLE.PRICES) PSPROP(NONE)
This stops the queue manager even putting the topic string into the message in the first place.
From your MQ Explorer screenshot, it can be seen that the MQRFH2 is still present after the SUB is changed to PSPROP(NONE) because there is another property present - mqtt.clientid. Since there are other items in the MQRFH2 as well as the topic string, then the SUB change will not remove those - only the topic string added by the queue manager. In that case, you should try the following.
If alternatively you want to have the topic string there sometimes and only remove it for applications that don't want to see it, you can make a similar change to the queue, which can be over-ridden in application code to force the properties to be delivered to the application, but otherwise they won't be. This would also allow you to read any existing messages that had already been published (the change to the SUB isn't retrospectively applied to messages that are already on the queue).
ALTER QLOCAL(PRICES) PROPCTL(NONE)
This will mean that applications that don't specifically request MQGMO_FORCE_RFH2 will see the message without the MQRFH2. The amqsbcg sample is one such application.
If an application codes MQGMO_FORCE_RFH2 it will still be able to see the properties in an MQRFH2 header because it has explicitly asked for that. You cannot stop that by changing the queue.
Your problem is only now with the way MQ Explorer chooses to display the message. There is a parameter in MQ Explorer : Window -> Preferences -> WebSphereMQ Explorer -> Message properties -> Uncheck "Display message properties" which will stop it forcing them to be an MQRFH2, and then you'll be all good.
I want to log the instances during the application run in the generated log files. For testing I have added the following code in beforeSave() of MOrder.
log.log(Level.SEVERE, " //SEVERE Log details)");
log.log(Level.WARNING, "//WARNING Log details)");
I have run the server and made a .jnlp client installation. While creating Sales Order the log details are displayed on the server but not traced in the generated log file.
In Preference : Trace Level is WARNING and Trace file is true
In ADempiere server Management(Web view), The Trace Level is warning and I could trace the log details in file while I created the Sales Order using web window.
Is there anything I missed to trace the log details in application level?
ADempiere software structure are divided in 2 pieces.:
Client :
Desktop with jnlp
Swing_product.zip
Web interface (zkwebui)
Server:
Document processor
Accounting processor
Scheduler and workflow processor
DB Transactions and jboss app.
Everything happens on system still logged on server logs, %Adempiere_Home%/logs
I am new to Mule and im trying to create a Mule configuration that pulls sent emails from a GMail account via imap and pushes them to a php script that processes and stores them in a custom CRM that i've built.
For starters, i'm just trying to get the inbox emails dumped into a text files and i plan to work from there.
As new messages are received by the mailbox, Mule should pick up the new messages and process them automatically.
The Mule config looks like this so far:
<imaps:connector name="IMAP" mailboxFolder="INBOX" validateConnections="false" doc:name="IMAP" />
<flow name="flows1Flow1" doc:name="flows1Flow1">
<imaps:inbound-endpoint host="imap.gmail.com" port="993" user="[[username]]%40gmail.com" password="[[password]]" connector-ref="IMAP" doc:name="IMAP"/>
<file:outbound-endpoint path="D:\mailflow" outputPattern="msg_#[function:date].txt" doc:name="File"/>
</flow>
The program runs and gets to this point:
INFO 2012-01-12 13:51:06,606 [main] org.mule.DefaultMuleContext:
**********************************************************************
* Application: mailflow *
* OS encoding: Cp1252, Mule encoding: UTF-8 *
* *
* Agents Running: *
* JMX Agent *
**********************************************************************
INFO 2012-01-12 13:51:06,606 [main] org.mule.module.launcher.DeploymentService:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Started app 'mailflow' +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
And then just sits there indefinitely, doing nothing?!
There is documentation suggesting that because i'm using IMAPS i need to add a TLS client and TLS key store to the imaps connector. I'm not sure what these are or how to use them though and the documentation is highly specialized and hard to understand.
I'm also not sure that that's what the problem is in the first place as the app doesn't crash at any point.
Has anyone had success creating an imap flow with GMail?
Please Help?!
Just create the connector like this:
<imaps:connector name="IMAP">
<imaps:tls-client/>
<imaps:tls-trust-store/>
</imaps:connector>
And that should do the trick.
Also, I'd remove the "#gmail" from the user's definition, since it's not necessary.
Bye!
German
just put in a * and you wont see the error and will still work fine.
<imaps:tls-client path="*" storePassword="*"/>
<imaps:tls-trust-store path="*" storePassword="*"/>
You have to change imap:connector and imap:inbound-endpoint to imaps:connector and imaps:inbound-endpoint.
It is working fine for me. I have the same issued and now it is fixed with this little change.
Only non-deleted and unread messages are dispatched as messages (RetrieveMessageReceiver.java:148 and 149)
if (!messages[i].getFlags().contains(Flags.Flag.DELETED)
&& !messages[i].getFlags().contains(Flags.Flag.SEEN))
If the folder is big, it will take some time (potentially even hours) to get to the point to process unread messages.
Settings for the IMAP
Use the app password
https://security.google.com/settings/security/apppasswords
and finally use the correct path for the mail to be saved.