invalid query hash in URL - may be a cracking attempt (1205 Views)
Reply
Valued Contributor
dejski2
Posts: 71
Registered: ‎10-24-2007
Message 1 of 11 (1,205 Views)
Accepted Solution

invalid query hash in URL - may be a cracking attempt

Hello

In SC help there is this example:
Example: Sending Web tier URLs through e-mail notifications
and I have treid make it.
In eventout has been created record with such url:
http://saturn:8080/sc620/index.do?ctx=docEngine&file=incidents&query=incident.id=%22CALL1002%22&queryHash=68e70a88&action=&title=Call%20CALL1002

but SC web client make error:
Error: invalid query hash in URL - may be a cracking attempt

What is problem?

Best regards

Darek
Please use plain text.
Honored Contributor
mdonatucci
Posts: 431
Registered: ‎07-18-2006
Message 2 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

I had the same question last week! Here's the answer:

In the web.xml on the web server you need to find the SC Host and SC Port paramters and insert the following under them



sc.querysecurity

false


Please use plain text.
Valued Contributor
dejski2
Posts: 71
Registered: ‎10-24-2007
Message 3 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

Its works!

Thank you.
Please use plain text.
Regular Advisor
Michaela P.
Posts: 190
Registered: ‎05-22-2007
Message 4 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

Hi,

Does anybody of you know an equivalent of SC's parameter sc.querysecurity in SM? I tried querysecurity, but it still gives me the error mentioned above.

Thanks a lot!
Michaela
Please use plain text.
Frequent Advisor
Spyros Antoniou
Posts: 85
Registered: ‎06-23-2006
Message 5 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

Hello..
I was also trying to find the solution, and in SM it is easier since inside the web.xml file, usually under program files\Apache Software Foundation\Tomcat 5.0\webapps\sm7\WEB-INF editing it there is the following section:


querySecurity
true


...
If you set this parameter to false then the error will be bypassed and the web page will be displayed.

regards

Spyros
Please use plain text.
Valued Contributor
Valued Contributor
hge
Posts: 103
Registered: ‎04-07-2008
Message 6 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

Hi,
we escalated this problem ( SCR 39684 ) this
april and were told that this problem will be
handled in SC6.2.7, release date unknown.

regards hge


Please use plain text.
Honored Contributor
Jacob Heubner
Posts: 4,177
Registered: ‎07-21-2008
Message 7 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

hge... do you know how to assign points when people answer your questions?
Please use plain text.
Valued Contributor
Valued Contributor
hge
Posts: 103
Registered: ‎04-07-2008
Message 8 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

Hi Jacob,
wrong again,

you should read precisely.

regards hge
Please use plain text.
Frequent Advisor
Tu Zeng-Ying
Posts: 86
Registered: ‎09-11-2008
Message 9 of 11 (1,205 Views)

Re: invalid query hash in URL - may be a cracking attempt

Hi,

If I don't want to input username and password when access the url, do you have some suggestions.

Thanks a lot.

Andrew tu
Please use plain text.
Occasional Visitor
MarkYates
Posts: 1
Registered: ‎04-08-2013
Message 10 of 11 (679 Views)

Re: invalid query hash in URL - may be a cracking attempt

Can you show me an example how it should look in the web.xml

Please use plain text.
Advisor
german-st
Posts: 15
Registered: ‎07-25-2011
Message 11 of 11 (668 Views)

Re: invalid query hash in URL - may be a cracking attempt

[ Edited ]

Hello.

 

Make changes to web.xml. When trying to open interaction with id=SD4399 (http://serversm:8080/sm/index.do?ctx=docEngine&file=incidents&query=incident.id=%22SD4399%22), get on the search interactions form . What is wrong? Thank you.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation