Thanks for your help and to Thijs Brentjens.
Geoserver builds sucessfully and these changes have solved cross site scripting
problem
According to our security audit we have a similar problem with error message.
The following is deemed a risk :
/geoserver230/wms URL encoded GET input HEIGHT was set to Error
message found: java.lang.NumberFormatException:
For input string:
GET
/geoserver230/wms?FORMAT=image/png&HEIGHT=&LAYER=mylayer&REQUEST=GetLegendGraphic&Transparent=true&VERSION=1.0.0&WIDTH=20
I've checked the global settings that we are not outputing verbose messages.
Is there any way to change the error response or to redirect before this is
output, or does the Java need changing again?
Our security scan software seems very strict, I don't see that many users with
similar issues.
thanks
Justin Clowes | Jacobs | Principal GIS Developer, Information Management & GIS
| +44.(0)141.243.8138 | +44.(0)7879 425506 (mobile) |
[email protected]<mailto:[email protected]> |
www.jacobs.com<http://www.jacobs.com/>
________________________________
From: [email protected] [mailto:[email protected]] On Behalf Of Andrea
Aime
Sent: 29 August 2013 09:32
To: Clowes, Justin
Cc: Geoserver-devel
Subject: Re: [Geoserver-devel] cross site scripting vulnerability
On Wed, Aug 28, 2013 at 6:05 PM, Clowes, Justin
<[email protected]<mailto:[email protected]>> wrote:
Ok I've made these changes and I'm attempting to compile geoserver in Maven.
I'm afraid I'm new to Maven and this build process.
I'm getting the build error :
[ERROR]
\geoserver233b\geoserver-2.3.3\platform\src\main\java\org\geoserver\plat
form\ServiceException.java:[193,9] cannot find symbol
[ERROR] symbol : variable Encode
"Encode" is a separate component in a jar file.
Can anyone tell me where this jar file should be placed and how it is should
be referenced in the pom.xml
I already have the following in ows\pom.xml
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>1.1</version>
<scope>system</scope>
<systemPath>${basedir}/encoder-1.1.jar</systemPath>
</dependency>
I'm trying to add a path to the jar file but I'm not sure if this is the
correct approach.
With Maven you never have jars to be installed locally or to be put among the
sources, you just declare a dependency and Maven will download it on
the disk in the proper place for you.
I believe this is the dependency you're looking for?
http://mvnrepository.com/artifact/org.owasp.encoder/encoder/1.1
Cheers
Andrea
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
________________________________
NOTICE - This communication may contain confidential and privileged information
that is for the sole use of the intended recipient. Any viewing, copying or
distribution of, or reliance on this message by unintended recipients is
strictly prohibited. If you have received this message in error, please notify
us immediately by replying to the message and deleting it from your computer.
________________________________
Jacobs U.K. Limited
1180 Eskdale Road, Winnersh, Wokingham RG41 5TU
Registered in England and Wales under number 2594504
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
