Dr. Rodney G. McDuff wrote:
> Hi
> Some of the security dudes here are giving me grief because OpenCA
> exposure configuration data when garbage is injected into the web page
> arguments. Ie.
>
>
> Error 6291049
>
> *General Error* Loading command name: There is a
> problem with the XML cache (Client: The answer for the
> following message signals an error.
>
> /usr/local/OpenCA/uqlvl4ca/openca/etc/rbac/cmds/getStatic.xml
> command_config/command/name
> 0
>
> ). .
>
> How can I stop this.
>
You may change the error message functions found in:
modules/perl5/OpenCA/UI/HTML.pm
starting at line: 130 (in version 0.9.2.2) or look for
sub configError
and
sub generalError
you may change it, to not print the errval for example
this two functions will render all generated error-messages at the
running installation
since the error-messages itself are generated in the code and may
contain the file-data already, therefor another option could be to use a
regex witch removes the installation path from the file-names inside an
err_val
but the fast 'hot-fix' if you don't like filenames in error-messages
would be to remove the message from the html-error-screen i think, it
will be still logged lokaly if you just change the html-rendering code
in those two functions and leave the die command untouched, so you would
have a log with all necessary data but user at the webfrontend get just
shown - there was an error but no further details
greetings
dalini
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
