[jira] Created: (OFBIZ-2332) I found this one in error.log on demo server

Tue, 21 Apr 2009 06:01:15 -0700 

I found this one in error.log on demo server
--------------------------------------------

                 Key: OFBIZ-2332
                 URL: https://issues.apache.org/jira/browse/OFBIZ-2332
             Project: OFBiz
          Issue Type: Sub-task
            Reporter: Jacques Le Roux


I found this one in error.log on demo server

2009-04-19 16:10:30,520 (TP-Processor17) [ServiceEventHandler.java:399:ERROR] 
=============== Found URL parameter [partyId] passed to secure (https) 
request-map with uri [searchorders] with an event that calls service 
[findOrders]; this is not allowed for security reasons! The data should be 
encrypted by making it part of the request body (a form field) instead of the 
request URL.; In session [DF1819F1BFDCDFE831FD1ED3B5B2FE88.jvm1]; Note that 
this can be changed using the service.http.parameters.require.encrypted 
property in the url.properties file

2 cases
<a 
href="<@ofbizUrl>/searchorders?lookupFlag=Y&hideFields=Y&partyId=${partyId}&viewIndex=1&viewSize=20</@ofbizUrl>"
 class="buttontext">${uiLabelMap.OrderOtherOrders}</a>

<a 
href="/ordermgr/control/searchorders?lookupFlag=Y&hideFields=Y&partyId=${partyRow.partyId
 + externalKeyParam}&viewIndex=1&viewSize=20">${uiLabelMap.OrderOrders}</a>

I will see later, I continue to look at error.log, to see how much we can get 
from here...
[ Afficher ยป ]
Jacques Le Roux added a comment - 20/avr./09 12:09 PM I found this one in 
error.log on demo server 2009-04-19 16:10:30,520 (TP-Processor17) 
[ServiceEventHandler.java:399:ERROR] =============== Found URL parameter 
[partyId] passed to secure (https) request-map with uri [searchorders] with an 
event that calls service [findOrders]; this is not allowed for security 
reasons! The data should be encrypted by making it part of the request body (a 
form field) instead of the request URL.; In session 
[DF1819F1BFDCDFE831FD1ED3B5B2FE88.jvm1]; Note that this can be changed using 
the service.http.parameters.require.encrypted property in the url.properties 
file 2 cases <a 
href="<@ofbizUrl>/searchorders?lookupFlag=Y&hideFields=Y&partyId=${partyId}&viewIndex=1&viewSize=20</@ofbizUrl>"
 class="buttontext">${uiLabelMap.OrderOtherOrders}</a> <a 
href="/ordermgr/control/searchorders?lookupFlag=Y&hideFields=Y&partyId=${partyRow.partyId
 + externalKeyParam}&viewIndex=1&viewSize=20">${uiLabelMap.OrderOrders}</a> I 
will see later, I continue to look at error.log, to see how much we can get 
from here...


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to