After launching our first public alpha release of http://wwww.trademango.com which is built with Play framework. I have been experience Web Parameter Tampering attempts being made by someone or something (i.e bots). These attempts has been going on for a while now. We are looking into boosting our security. I was wondering if someone has experience integrating tools like owsap with Playframework. I will like to get some community feedback on what other people are doing against such attacks.
Below are few Web Parameter Tampering attempt in action:
#69mkklokf
Internal Server Error (500) for request GET /supplier/:q/:page?q=:supplierUUID
Execution exception (In {module:common-model}/app/models/services/ID.java around line 46)
NumberFormatException occured : For input string: ""
play.exceptions.JavaExecutionException: For input string: ""
at play.mvc.ActionInvoker.invoke(ActionInvoker.java:231)
at Invocation.HTTP Request(Play!)
Caused by: java.lang.NumberFormatException: For input string: ""
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Long.parseLong(Long.java:450)
at java.lang.Long.valueOf(Long.java:508)
at models.services.ID.base36ToUUID(ID.java:46)
at controllers.Application.supplier(Application.java:177)
at play.mvc.ActionInvoker.invokeWithContinuation(ActionInvoker.java:548)
at play.mvc.ActionInvoker.invoke(ActionInvoker.java:502)
at play.mvc.ActionInvoker.invokeControllerMethod(ActionInvoker.java:478)
at play.mvc.ActionInvoker.invokeControllerMethod(ActionInvoker.java:473)
at play.mvc.ActionInvoker.invoke(ActionInvoker.java:161)
... 1 more
22 Mar 2012 07:20:57,270 ERROR play:570 -
#69mkklokg
phpmyadmin.translators.html action not found
Action not found
Action phpmyadmin.translators.html could not be found. Error raised is Controller controllers.phpmyadmin.translators not found
play.exceptions.ActionNotFoundException: Action phpmyadmin.translators.html not found
at play.mvc.ActionInvoker.getActionMethod(ActionInvoker.java:590)
at play.mvc.ActionInvoker.resolve(ActionInvoker.java:85)
at Invocation.HTTP Request(Play!)
Caused by: java.lang.Exception: Controller controllers.phpmyadmin.translators not found
... 3 more
22 Mar 2012 10:13:16,611 ERROR play:570 -
#69mkklokh
nice ports,.Trinity.txt.bak action not found
Action not found
Action nice ports,.Trinity.txt.bak could not be found. Error raised is Controller controllers.nice ports,.Trinity.txt not found
play.exceptions.ActionNotFoundException: Action nice ports,.Trinity.txt.bak not found
at play.mvc.ActionInvoker.getActionMethod(ActionInvoker.java:590)
at play.mvc.ActionInvoker.resolve(ActionInvoker.java:85)
at Invocation.HTTP Request(Play!)
Caused by: java.lang.Exception: Controller controllers.nice ports,.Trinity.txt not found
... 3 more
I would suggest removing the 'catch all' route
# Catch all
* /{controller}/{action} {controller}.{action}
Remove this, and have explicit mappings to all your controllers and actions.
Related
One of my applications is integrated with the mainframe system. Through CICS / CTG. I am facing an error while executing a request.also, i have used ASN1 encoding for request
The error I am getting while executing the request
com.ibm.connector2.cics.CICSUserInputException: CTG9627E IOException occurred when writing to the Output Record
org.springframework.dao.NonTransientDataAccessResourceException: Unable to create a connection to the remote application; nested exception is com.ibm.connector2.cics.CICSUserInputException:
CTG9627E IOException occurred when writing to the Output Record
com.ibm.connector2.cics.CICSUserInputException: CTG9627E IOException occurred when writing to the Output Record
at com.ibm.connector2.cics.ECIManagedConnection.call(Unknown Source)
at com.ibm.connector2.cics.ECIConnection.call(Unknown Source)
at com.ibm.connector2.cics.ECIInteraction.execute(Unknown Source)
java.io.IOException: messagelength in header greater than existing data length - common area too short?
at com.ibm.connector2.cics.ECIManagedConnection.call(Unknown Source)
at com.ibm.connector2.cics.ECIConnection.call(Unknown Source)
at com.ibm.connector2.cics.ECIInteraction.execute(Unknown Source)
i am using
cics version : c900-20160704-0205
Does anyone have any insights about this?
Error description is available at https://www.ibm.com/docs/en/cics-tg-multi/9.0?topic=SSZHFX_9.0.0/cclaj/CTG9627E.htm
It seems like the data you are passing is not a isntanceof javax.resource.cci.Streamable. Could you verify that.
Solved the issue with the below resolution
messagelength in header greater than existing data length - common area too short? as per this error message length is short so I have tried to increase length in a common area as per this documentation https://www.ibm.com/docs/en/cics-ts/5.6?topic=applications-transferring-data-between-programs-using-channels
added code in CTG Service executor >> CTG Record
setCommonAreaLength(32500)
After applying this resolution issue is resolved
Hope some one helps this ans
I am trying to define a setting page that includes a PasswordBox element. When I Rebuild the app, the defined Text resources do not show properly. However, if I remove the:
x:Uid="/resources/db_pwd"
definition (see below) then it Rebuilds the view OK. If I try to initialize the view with the resource link defined then I get the error below. It appears as if a Text property for the PasswordBox ... but it does not have this property. Very confused!
Resources
|Name | Value |
|-----------------------|---------------------------|
|db_pwd.Header |Password (default password)|
|db_pwd.PlaceholderText |Enter your password |
|db_pwd.Text |Password (default pwd) |
Password Box
<PasswordBox x:Name="dbpwd" Width="300" x:Uid="/resources/db_pwd"
Header="Database Password"
PlaceholderText="Enter password"
PasswordChanged="PasswordBox_PasswordChanged"
HorizontalAlignment="Left" Margin="40,5,0,0" />
Error Initializing View
Windows.UI.Xaml.Markup.XamlParseException
HResult=0x802B000A
Message=The text associated with this error code could not be found.
Unable to resolve property 'Text' while processing properties for Uid '/sql/db_pwd'. [Line: 38 Position: 68]
Source=Windows
StackTrace:
at Windows.UI.Xaml.Application.LoadComponent(Object component, Uri resourceLocator, ComponentResourceLocation componentResourceLocation)
at WeeWX.Views.SettingsPage.InitializeComponent() in D:\Dave\Documents\Visual Studio\WeeWX\obj\x86\Debug\Views\SettingsPage.g.i.cs:line 49
at WeeWX.Views.SettingsPage..ctor() in D:\Dave\Documents\Visual Studio\WeeWX\Views\SettingsPage.xaml.cs:line 49
at WeeWX.Views.MainPage.SetSettings(Object sender, TappedRoutedEventArgs e) in D:\Dave\Documents\Visual Studio\WeeWX\Views\MainPage.xaml.cs:line 350
This exception was originally thrown at this call stack:
[External Code]
WeeWX.Views.SettingsPage.SettingsPage() in SettingsPage.xaml.cs
WeeWX.Views.MainPage.SetSettings(object, Windows.UI.Xaml.Input.TappedRoutedEventArgs) in MainPage.xaml.cs
Questions
Why is it looking for a Text property, Password Box does not have this property!?
It fails even if I add a Text entry in the resources file as shown. Why?
What is the root cause of this error, and the fix?
To answer your questions:
1.Why is it looking for a Text property, Password Box does not have this property!?
2.It fails even if I add a Text entry in the resources file as shown. Why?
The PasswordBox control doesn't have a Text property. It has a Password property.
3.What is the root cause of this error, and the fix?
To fix this error you need to change your resource:
db_pwd.Text -> db_pwd.Password
Finally fixed this issue, but the scenario is important:
The original definition was a TextBox, which I then changed to PasswordBox
This is when Visual Studio (VS) was still looking to resolve a Text property (of the TextBox I assume vs the PasswordBox.Content property), therefore I thought there must be some caching going on.
I tried to do the Build/Clean Solution thing, with no success
I then did #3 again, restarted VS, still no success
I then did #3 again, changed the name of the db_pwd resources and reference to db_pswd, deleted db_pwd.Text, rebuilt the solution and ... success!
Not sure exactly what steps are required to fix this sort of issue, but the bottom line is that VS has some really dumb (overly optimistic) caching going on! Comments or advice?
PS: Now have a similar issue after changing a TextBox to HyperlinkButton. Fixed through a similar process (step #5)!
I am working on an installer project where we are replacing an old WISE based installer with innosetup.
One of the install scripts that is being ported to the new installer kicks of SQLEXPR.exe which is SQL Server Express.
During testing some computers get %ERRORLEVEL% = -2068578304
A bit of googling and I have been unable to work out the exact meaning. This is not in the range of error codes produced by MSI based installers. Does anyone have any idea what the cause of error here is and how to correctly parse it? I am seeing other large negative error codes that can be split into multiple pieces. e.g. exit code and facility code? any ideas?
After finding the log file, I've found a bit more info. And when converting that number to hex I can now see the problem. The batch file that is used to kick off the SQL Server Express installation is treating the result as a 32bit number but it's really a 16bit one. So if I mask -2068578304 to 0xffffffff
I will get the result 0x84b40000. The script looks currently looks at the bottom 4 bits to determine error or success (this is zero) so the question now becomes what does the Facility Code mean? as it appears it largely installed but the default instance is missing.
I guess I'm really wanting to know what values Facility Code can be returned. Our installation script is just looking at ErrorCode but that is not enough in other words. Is there a list of descriptions somewhere for FacilityCode?
Update:
It turns out that this is a problem with SQL2012 and earlier that the actual ErrorCode is not propagated to the SQLEXPR return code. It should really return the inner result 0x851a0013. SQL2014 and newer does the right thing.
Exception summary:
The following is an exception stack listing the exceptions in outermost to inner
most order
Inner exceptions are being indented
Exception type: Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidatio
nException
Message:
The specified sa password does not meet strong password requirements. Fo
r more information about strong password requirements, see "Database Engine Conf
iguration - Account Provisioning" in Setup Help or in SQL Server 2012 Books Onli
ne.
HResult : 0x84b40000
FacilityCode : 1204 (4b4)
ErrorCode : 0 (0000)
Data:
SQL.Setup.FailureCategory = InputSettingValidationFailure
DisableWatson = true
Stack:
at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAll
ValidationErrorsAndThrowFirstOne(ValidationState vs)
at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSetti
ngsAction.ExecuteAction(String actionId)
at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String acti
onId, TextWriter errorStream)
at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteAc
tionHelper(TextWriter statusStream, ISequencedAction actionToRun, ServiceContain
er context)
Inner exception type: Microsoft.SqlServer.Configuration.SqlEngine.Validation
Exception
Message:
The specified sa password does not meet strong password requirem
ents. For more information about strong password requirements, see "Database Eng
ine Configuration - Account Provisioning" in Setup Help or in SQL Server 2012 Bo
oks Online.
HResult : 0x851a0013
FacilityCode : 1306 (51a)
ErrorCode : 19 (0013)
I'm using Web api with Entity Framework 4.2 and the Sybase Ase connector.
This was working without issues returning JSon, until I tried to add a new table.
return db.car
.Include("tires")
.Include("tires.hub_caps")
.Include("tires.hub_caps.colors")
.Include("tires.hub_caps.sizes")
.Include("tires.hub_caps.sizes.units")
.Where(c => c.tires == 13);
The above works without issues if the following line is removed:
.Include("tires.hub_caps.colors")
However, when that line is included, I am given the error:
""An error occurred while preparing the command definition. See the inner exception for details."
The inner exception reads:
"InnerException = {"Specified method is not supported."}"
"source = Sybase.AdoNet4.AseClient"
The following also results in an error:
List<car> cars = db.car.AsNoTracking()
.Include("tires")
.Include("tires.hub_caps")
.Include("tires.hub_caps.colors")
.Include("tires.hub_caps.sizes")
.Include("tires.hub_caps.sizes.units")
.Where(c => c.tires == 13).ToList();
The error is as follows:
An exception of type 'System.Data.EntityCommandCompilationException' occurred in System.Data.Entity.dll but was not handled in user code
Additional information: An error occurred while preparing the command definition. See the inner exception for details.
Inner exception: "Specified method is not supported."
This points to a fault with with the Sybase Ase Data Connector.
I am using data annotations on all tables to control which fields are returned. On the colors table, I have tried the following annotations to limit the properties returned just the key:
[JsonIgnore]
[IgnoreDataMember]
Any ideas what might be causing this issue?
Alternatively, if I keep colors in and remove,
.Include("tires.hub_caps.sizes")
.Include("tires.hub_caps.sizes.units")
then this works also. It seems that the Sybase Ase connector does not support cases when an include statement forks from one object in two directions. Is there a way round this? The same issue occurs with Sybase Ase and the progress data connector.
The issue does not occur in a standard ASP.net MVC controller class - the problem is with serializing two one to many relationships on a single table to JSON.
This issue still occurs if lazy loading is turned on.
It seems to me that this is a bug with Sybase ASE, that none of the connectors are able to solve.
While working in XPages many a times I have encountered error messages beginning with CLFAD####E and sometimes CLFAD####W. In my development the error messages that I have encountered look something like this:
SEVERE: CLFAD####E: Exception processing XPage request.
WARNING: CLFAD####W: <SOME ERROR MESSAGE>
I have seen specific error messages on web like in this question with a number replacing #, to be precise CLFAD0111W. Another example I was able to find was this article with CFLAD0246 and CFLAD0134E.
But I haven't been able to find what they indicate? Is there a list of CLFADs which can be looked up to see what exactly the error indicates?
The first part is an internal identifier CLFAD, followed by 4 numbers to identify the error. The last character identifies the type of the message:
I for "Information"
E for "Error"
W for "Warning"
When looking in the XPages source code you will find some property files which let you identifiy a Java property containing the error code. If you search for the property, you can find the element which throws the error message.
F.e.
CLFAD0111W can be found in the path
com/ibm/xsp/core/core.properties
and is contained by the property
warn.PropertyMap.ThePropertyMapwasinaninvalidstate
Searching for this property will lead you to com.ibm.xsp.binding.PropertyMap and the method saveRoot.
Hope this helps you a little bit.