I am trying to update a form where user information is diplayed which has password field.
Password is SHA256 format,When I Submit the form
Struts2 throws the below error
InterceptorMapping: [conversionError] => [org.apache.struts2.interceptor.StrutsConversionErrorInterceptor]
In case the password is not SHA256 it works all well.
Any inputs why struts2 interceptor can not understand sha256 ?
Problem Resolved there was one interceptor which whitelisted some special chars and since sha256 includes { character which was not included in the list and hence the exception
Related
I was working on Swagger generated OpenAPI specification and I noticed that if we pass some extra fields in PUT/POST API endpoint, then the server doesn't throw any error, even though it process all valid/necessary field.
So my doubt is that
Should the server throw error in this case?
Is it the OpenAPI standard to allow unknown fields and then ignore them?
In Swagger specification 2.0 there is no option to reject the extra fields passed in the request body. Server will only accept those fields that are allowed in the request definition and other fields will be ignored.
If you want to disallow extra fields then you can handle these in the backend manually.
I am facing issue while creating/updating password in grails 3.x.x Application. Whenever i try to enter any special case lets say "#" it encodes only this special character in password field.
Password value is coming from request body.
Example:
Real password : abc#555
Auto Encoded password : abc%40555
Grails by default uses a plugin that uses bcrypt algorithm to hash passwords for security.There are some configurable password hashing attributes. You can customize the password plugin with the grails.plugin.springsecurity.password.algorithm attribute.
I am implementing email verification by sending email to user on registration. On successful registration a mail with link to "http://mydomain.com/Account/Activate/EncryptedKeyID." Sometime i got '/' or special character that cant be passed to the url. So, I use HttpUtility.UrlEncode to encode. But this does not help. When I click on the email it gives IIS error because of extra slash in "http://mydomain.com/Account/Activate/JLU/YmtRdRAFmBdqhR7tnA==". I have used Rijndael/AES for encrypt and decrypt.
My Questions are:
Should i go for another encryption method?
Is there any alternative?
thanks in advance for your time and help
After digging around, I find that HttpUtility.UrlEncode wont work for my case and i have to use HttpServerUtility.UrlTokenEncode as it is safer for url. It does not contain any potentially dangerous character '+' and '/' chars with '-' and '_' instead. For my case i use var ativationLink=HttpServerUtility.UrlTokenEncode(Convert.FromBase64String(Rij.Encrypt(param))); for link to add in email.
And to retrieve original param i used
var param= Rij.Decrypt(Convert.ToBase64String(HttpServerUtility.UrlTokenDecode(ActivationKey)));
I'm using OAuth for rails and when I'm trying to POST a contact to xero, this happens:
Xeroizer::OAuth::UnknownError in XeroController#sample
signature_invalid:Failed to validate signature
This could be relevant: http://answers.xero.com/developer/question/25801/. The OAuth library used by Xero isn't correctly validating oauth signatures when querystring parameters start with uppercase letters.
I'm working on a piece of a web application in ASP.Net MVC where the user registers for membership using an sql membership provider. When they register they are put in the system but not approved. The code then sends an approval email to the user with the email given.
BfEncrypt refid = new BfEncrypt();
refid.Encrypt(user.ReferenceID);
string code = HttpContext.Current.Server.UrlEncode(refid.CipherText);
...
Body += "Approval Link\n\r\n\r";
But when a user clicks on the link they get the following error:
Description: HTTP 404. The resource you are looking for (or one of its dependencies)
could have been removed, had its name changed, or is temporarily unavailable.
Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Approve/k/9IHrY43os=
The question is, if I'm url encoding the link before I send it, why is it decoding before it tries to call the action? The url in my browser is actually 'http://localhost:1091/Approve/k%2f9IHrY43os%3d' when I get the error. My routing is setup correctly but it doesn't account for the extra '/' in the encrypted string in the url (since it shouldn't be there anyways.)
You could encode it as base64 instead of using URLEncode.