Dear All, Is it possible to display generice error messages by doing any settings in Geoserver. If it is not possible , is there any way not displaying/showing any kind of error messages to users.
Please let me know. Thanks&Regards, Naresh On Tue, Sep 11, 2018 at 6:34 PM Ian Turton <[email protected]> wrote: > We're always happy to receive improvements. > > Ian > > On Tue, 11 Sep 2018 at 13:52, Calliess Daniel Ing. < > [email protected]> wrote: > >> Hello Jukka, >> >> >> >> the 'java.lang.NumberFormatException' is only one example for error >> messages that expose system details. There might be a lot of other >> information that will be shown to potential attackers when detailed error >> messages are shown to the user, f.e. database related errors showing the >> database vendor (and indirectly also the database version). >> >> >> >> So I also think that error messages should be more generic! >> >> >> >> Regards >> >> Daniel >> >> >> >> >> >> *From:* Naresh N [mailto:[email protected]] >> *Sent:* Friday, August 31, 2018 11:20 AM >> *To:* [email protected] >> *Cc:* [email protected] >> *Subject:* Re: [Geoserver-users] Disabling error response of WMS/WFS to >> the Clients/users >> >> >> >> Dear Jukka Rahkonent,, >> >> >> >> Thanks a lot for response and explaining detail. >> >> >> >> Best Regards, >> >> Naresh.N >> >> >> >> On Thu, Aug 30, 2018 at 5:56 PM Rahkonen Jukka (MML) < >> [email protected]> wrote: >> >> Hi, >> >> >> >> If you use just non-supported outputformat >> >> >> http://localhost:8080/geoserver/topp/wms?service=WMS&version=1.1.0&request=GetMap&layers=topp%3Astates&bbox=-124.73142200000001%2C24.955967%2C-66.969849%2C49.371735&width=768&height=330&srs=EPSG%3A4326&format=image/png88 >> >> >> >> then the error is >> >> <ServiceException code="InvalidFormat"> >> >> There is no support for creating maps in image/png88 format >> >> >> >> Your error comes from non-numeric height parameter >> >> >> http://localhost:8080/geoserver/topp/wms?service=WMS&version=1.1.0&request=GetMap&layers=topp%3Astates&bbox=-124.73142200000001%2C24.955967%2C-66.969849%2C49.371735&width=768&height=acu330&srs=EPSG%3A4326&format=image/png8 >> >> gives similar error >> <ServiceException> >> >> java.lang.NumberFormatException: For input string: >> "acu330" >> >> >> >> By reading the WMS 1.3.0 standard such invalid WIDTH and HEIGHT >> parameters are not really deald in it. What is closest is in this: >> “If the WMS server has declared that a Layer has fixed width and height, >> as described in 7.2.4.7.5, then the client shall specify exactly those >> WIDTH and HEIGHT values in the GetMap request and the server may issue a >> service exception otherwise.” >> >> >> >> The message reveals that server is Java based which is something that the >> end user does not need to know. It is also telling that number format used >> in the request is not correct and that’s useful information for the user. >> Disabling the whole exception in not possible because it is mandatory. So >> what is left is filtering the “java.lang” away. I believe it could be done >> (I am not a developer) but I believe that it would not be any huge >> improvement for the security. If somebody proves that I am wrong I can >> change my mind. >> >> >> >> -Jukka Rahkonen- >> >> >> >> >> >> >> >> *Lähettäjä:* Naresh N [mailto:[email protected]] >> *Lähetetty:* 30. elokuuta 2018 9:52 >> *Vastaanottaja:* Rahkonen Jukka (MML) <jukka.r >> [email protected]> >> *Aihe:* Re: [Geoserver-users] Disabling error response of WMS/WFS to the >> Clients/users >> >> >> >> Dear Dear Jukka Rahkonent, >> >> >> >> Please find the below request >> >> >> http://bhuvan-suvidha.nrsc.gov.in/geoserver/wms/reflect?layers=geonode:kds_name&width=200&height=150&format=image/png8&fo >> >> >> rmat=image/png8&height=acu7746%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7746&layers=geonode >> >> :kds_name&width=200 >> >> >> >> The above request is generated by Web Application Security tool, and is >> is listed as security alert as it is showing the error message as >> java.lang.Number Format Exception. Recommendation is to disable the error >> message. Kindly help me to resolve this. >> >> >> >> Thanks&Regards, >> >> Naresh >> >> >> >> On Thu, Aug 30, 2018 at 11:17 AM Rahkonen Jukka (MML) < >> [email protected]> wrote: >> >> Hi, >> >> Please show the whole request with the wrong &FORMAT= parameter. >> >> -Jukka Rahkonen- >> ------------------------------ >> >> *Lähettäjä: *Naresh N <[email protected]> >> *Lähetetty: *30.8.2018 7:22 >> *Vastaanottaja: *Rahkonen Jukka (MML) >> <[email protected]> >> *Aihe: *Re: [Geoserver-users] Disabling error response of WMS/WFS to the >> Clients/users >> >> Dear Jukka Rahkonent, >> >> >> >> Thanks for the response. The error message ' java.lang.Number >> FormatException' belongs to InvaildFormat. Instead of showing service >> exception i.,e java.lang.Number Format Exception, how to display >> InvalidFormat message to user. Although this erros is not displaying any >> sensitive information, as per our security alerts measure, we want disable >> the error messages. Kindly let me know how to do. >> >> >> >> Thanks&Regards, >> >> Naresh >> >> >> >> On Wed, Aug 29, 2018 at 8:08 PM Rahkonen Jukka (MML) < >> [email protected]> wrote: >> >> Hi, >> >> I suppose that you mean the contents " java.lang.NumberFormatException: >> For input string:". Exceptions are compulsory by the WMS standard. The >> following codes are reserved for special meanings. >> >> InvalidFormat >> InvalidCRS >> LayerNotDefined >> StyleNotDefined >> LayerNotQueryable >> InvalidPoint >> CurrentUpdateSequence >> InvalidUpdateSequence >> MissingDimensionValue >> InvalidDimensionValue >> OperationNotSupported >> >> The error that triggers your error does not quite suit with these >> predefined meanings and therefore the error code must be something else. >> The code that you get now is "java.lang.NumberFormatException". At least it >> is somewhat informative but would you rather see some other text as an >> error message? >> >> Client can also ask exceptions in another format with &EXCEPTIONS=INIMAGE >> of &EXCEPTIONS=BLANK, but the default XML format is still mandatory and it >> can't be turned off. >> >> -Jukka Rahkonen- >> >> -----Alkuperäinen viesti----- >> Lähettäjä: naresh [mailto:[email protected]] >> Lähetetty: 29. elokuuta 2018 16:33 >> Vastaanottaja: [email protected] >> Aihe: [Geoserver-users] Disabling error response of WMS/WFS to the >> Clients/users >> >> Hello ALL, >> >> Please see the following error message received on wrong values of params >> of WMS reqeust >> >> <ServiceExceptionReport xmlns="http://www.opengis.net/ogc"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; version="1.3.0" >> xsi:schemaLocation="http://www.opengis.net/ogc >> >> http://bhuvan-suvidha.nrsc.gov.in/geoserver/schemas/wms/1.3.0/exceptions_1_3_0.xsd >> "> >> <ServiceException> >> java.lang.NumberFormatException: For input string: "" For input string: "" >> </ServiceException> >> </ServiceExceptionReport> >> >> I want to disable the error message, it should not be displayed to user >> >> *How to disable errors displaying messages in Geoserver. * >> >> Please help solving my issue >> >> Thanks&Regards, >> Naresh >> >> >> >> >> -- >> Sent from: >> http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most engaging >> tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Geoserver-users mailing list >> >> Please make sure you read the following two resources before posting to >> this list: >> - Earning your support instead of buying it, but Ian Turton: >> http://www.ianturton.com/talks/foss4g.html#/ >> - The GeoServer user list posting guidelines: >> http://geoserver.org/comm/userlist-guidelines.html >> >> If you want to request a feature or an improvement, also see this: >> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >> >> >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> >> _______________________________________________ >> Geoserver-users mailing list >> >> Please make sure you read the following two resources before posting to >> this list: >> - Earning your support instead of buying it, but Ian Turton: >> http://www.ianturton.com/talks/foss4g.html#/ >> - The GeoServer user list posting guidelines: >> http://geoserver.org/comm/userlist-guidelines.html >> >> If you want to request a feature or an improvement, also see this: >> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >> >> >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> > > > -- > Ian Turton > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
