I did a mistake and seems like I can't fix it alone, if it can be fixed. I have the Liferay URL looking like this: http://192.168.10.10:8080/web/guest; I wanted to remove the '/web/guest' part from the address so from Manage -> Settings wrote 192.168.10.10:8080 to the Public Virtual Host field. After saving it, I can't log in anymore. Everytime I write http://192.168.10.10:8080/login (as I did before), it goes to the index page and not the login page.
Then if I write the login after 'web/guest', I can go to the login page, but when I fill in the Username and Password field and hit Submit button, it goes nowhere, that is no action taken, which most probably is because of the permissions that I have set earlier. Only owner has full rights.
I thought somewhere in the database (MySql) I could clear what I have written to the Public Virtual Host field, but from the table names couldn't tell which table is for that. Now I am trying to change the user privileges from the DB, no result yet. I even restored the DB from a 2-weeks-old dump, but seems like the Public Virtual Host changes are saved somewhere else and not the DB.
I appreciate any help or insight on this.
Thanks in advance!
Finally solved the problem. I just needed to fix the virtual host from the database.
Here is my script in case someone did what I did:)
update LayoutSet SET
-> virtualHost = '192.168.10.10'
-> WHERE virtualHost = '192.168.10.10:8080';
Related
I have a User domain and several other domains having userId .
How can I clear them all while deleting user? Without manually finding it one by one in other domains and removing it.
You need to make sure you have defined the right cascade and ownerships for your domain classes and then grails will do this for you.
I think the entry in official documentation about cascade describes your issue exactly, check it: http://docs.grails.org/3.2.1/ref/Database%20Mapping/cascade.html
You can do that without full reference(so it should be instead of Long userId be User user that delete it)
But if you are looking for a hack, so you can get all domains and filter they by field userId, then find all by current userId and remove they.
Take a look on grailsDomainClassMappingContext, PersistentEntity, PersistentProperty
So I've been getting a bothersome someone who keeps using my nickname. What I want to be able to do is perform the following command every time someone with exactly my nickname (let's say UserName) joins the channel I currently reside in:
/msg NickServ ghost UserName n0ideaHwatPassIs?
n0ideaHwatPassIs? is a sample password for our sample registered user of UserName
This sort of script would have to be able to check (in more or less real-time) if a separate user changed his/her nick to said UserName as well. If someone would be so kind as to help me with my dilemma by either pointing me to the proper documentation or working out such a script (no idea if this is as cut-and-dry as I imagined it would be at first) for me?
you can use a on notify event
but first, you have to put that nickname on notify list
type
/notify nickname
then use this script, press alt+r click on file, then new and put this script in there
on *:notify:{
if ($nick != $me) && ($nick == Nickyouwanthere) {
msg NickServ ghost UserName n0ideaHwatPassIs
}
every time someone with exactly my nickname (let's say UserName) joins the channel I currently reside in
This can't happen on IRC. (Except in exceptional circumstances like netsplits, but is immediately resolved then (by dropping one or both parties))
We ran the Fortify scan and had some Access Control: Database issues. The code is getting the textbox value and setting it to a string variable. In this case, it's passing the value from the TextBox to the stored procedure in a database. Any ideas on how I can get around this Access Control: Database issue?
Without proper access control, the method ExecuteNonQuery() in DataBase.cs
can execute a SQL statement on line 320 that contains an attacker-controlled primary
key, thereby allowing the attacker to access unauthorized records.
Source: Tool.ascx.cs:591 System.Web.UI.WebControls.TextBox.get_Text()
rptItem.FindControl("lblClmInvalidEntry").Visible = false;
ToolDataAccess.UpdateToolData(strSDN, strSSNum, strRANC, strAdvRecDate, strAdvSubDate, strClmRecDate, strClmAuth, strClmSubDate, strAdvAuth, txtNoteEntry.Text);
Sink: DataBase.cs:278
System.Data.SqlClient.SqlParameterCollection.Add()
// Add parameters
foreach (SqlParameter parameter in parameters)
cmd.Parameters.Add(parameter);
The point of "Access Control: Database" is where it isn't being specific enough in the query and so could potentially allow a user to see information that they're not supposed to.
An easy example of this vulnerability would be a payroll database where there is a textbox that says the ID of the employee and gives their salary, this could potentially allow the user to change the ID and see the salary of other employees.
Another example where this is often intended functionality is in a website URL where the product ID is used in a parameter, meaning a user could go through every product you have on your site. But as this only allows users to see information they're supposed to be able to, it's not particularly a security issue.
For instance:
"SELECT account_balance FROM accounts WHERE account_number = " + $input_from_attacker + ";"
// even if we safely build the query above, preventing change to the query structure,
// the attacker can still send someone else's account number, and read Grandma's balance!
As this is pretty context based, it's difficult to determine statically so there are lots of examples where Fortify may catch this but it's actually intended functionality. That's not to say the tool is broken, it's just one of the limitations of static analysis and depending on what your program is supposed to be doing it may or may not be intended.
If this is intended to work like this, then I would suggest auditing it as not an issue or suppressing the issue.
If you can see that this is definitely an issue and users can see information that they shouldn't be able to, then the stored procedure needs to be more specific so that users can only see information they should be able to. However SCA will likely still pick this up in a latter scan so you would still then need to audit it as fixed and no longer an issue.
I seek some guidedence here ... ( I'm not sure if this is the best title )
At the moment I prepend a "server name" to the url like this:
server10.example.com
This works fine, except that I need to handle all the subdomains on the IIS and I'm not sure google are happy about jumping around from sub to sub to sub, when it seems the links to the other servers.
I'm kind a hoping for a nice way to archive this wioth asp.net mvc.
Most pages are related to a "server" ... there are however a few info pages, contact, home that dont really need a valid "server" name ... but could just be "na" for not available, but the name need to be maintained, if there is already a selected server, when a user are keeps browsing the site. This needs to be as transparent as possible when I need to create the links to the diffenrent pages.
I could extend the Html Action() extensien to automatically add the selected "server" from the previusly request to the page.
In the format:
/{serverParameter}/{controller}/{action}/{parameterInfo}
And if no server is selected, just add "na" as the {server} placeholder.
I'm not sure if more information is needed, but please let me know if ...
I tired of extracting the selected server from the domain part and the other way also seems better, I just can't think of a good way to structure this ...
Updated
90% of all the pages are about a server that the user select at some point. Could be server10, server9, server20 ... just a name. I want to maintain that information across all pages, after the users has selected it or else I just want it to be f.ex: "empty".
I mostly looking for an easy way of doing this or an alternative ... atm I'm prepending the serverParamter to the url so it ends up being: "serverParameter.example.com".
I want to end up with something like
http://example.com/{server}/{controller}/{action}
instread of
http://{server}.example.com/{controller}/{action}
If I understand your question correctly, you just wish to group different collections of content together above the controller/action level. If that's the case, have you considered using ASP.NET MVC areas?
Just right-click on your project, and choose Add -> Area.... Give it a name (what you're calling "server"), and then you can add content, your own controllers, actions, etc. Under this area. You will automatically be able to access it via /AreaName/Controller/Action/etc.
I went with the already impemented routing in ASP.NET MVC.
{server}/{controller}/{action}
When creating the links it takes the set value for {server} and places the value when generating URL's, so I only need to supply controller and action in the #Html.Action helper method ... this could not have been more easy.
I'm not sure why I did not think about this. One just gotta love routing.
I've got a very old php application (1999) that has been worked on during the last ten years. At this point the app starts to show it's age so i'm in te progress of migrating to a "new" framework, symfony 1.4. But since the app is very large, i cannot do this at once. So i'm planning to wrap the old app into the new symfony app, and convert functionality by functionality.
First step in this transition was making the old app appear in the new symfony app. So, i've created the "frontend" application, added a "legacy" module, made it the default homepage, and i've put everyhting i had in my index.php (all pages went through this index.php) in the indexSuccess.php file for the indexAction. I've added the code in the "view" because there are also functions in it and changing that setup would take me more time than i want to spend on the old app.
Unfortunately i've now got an issue with global variables. Let me give you an example (i would have never made this register function like this, but it is, so please look past that.
$session = new ps_session;
$demo = "this is a demo variable";
$session->register('demo');
In ps_session i have this method
public function register($var) {
global $$var;
$_SESSION [$var] = $$var;
}
So it should put the content of $demo in a session var named "demo". Clever right :) Anyway, var_dumping shows me the that $$var is "null" and $demo is filled if i var_dump before and after calling the function. Exact same code without symfony and it returns the correct content.
What am i missing? The global call is spread out in all area's of this massive app so i really don't want to switch to something else, so i'm hoping for a quick fix :)
Maybe relevant, the all code except the index.php content are in frontend/lib/legacy/ folder, the index is in frontend/modules/legacy/ (if there is some scope issue i'm missing)
I think that since your indexSuccess.php file is included inside a function (more precisely, here : lib/vendor/symfony/lib/view/sfPHPView.class.php:185 ), this can't work, because $demo is no longer in the global scope. I don't see any easy workaround for this...
I think you should create a legacy folder in /web , and use routing to redirect to it if the url corresponds to something not migrated yet.
I went with putting the entire old site under web/legacy and redirecting from the default index action to the legacy folder. Most of the url's were made by mod_rewrite so easily fixed. The other url's went through a function so fixing was ok, and only a few were hardcoded. To make it totally transparant, i only need to redo the homepage to start from, so i don't have a visible /legacy/ in my url. Thanks for the help!
I agree with greg0ire that this is an issue with the way sfPHPView includes indexSuccess.
Could you simply require index.php in the default/index action?