Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CASE-OPENED] SQL intrusion

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CASE-OPENED] SQL intrusion
 Login/Join
 
Member
posted
Hi,

A security third party was testing SQL injection.

They add quote in the app path as follow
GET /ibi_apps/WFServlet?IBIF_ex=get_party&IBIAPP_app=lin_common='

by sending this url, WF returned

(FOC224) SYNTAX ERROR: PREPENDPATH lin_common='
(FOC324) THE PARAMETER TO BE SET IS NOT RECOGNIZED
ERROR AT OR LINE 13 IN PRECEDURE get_party

Q1.Is it possible to add this SET EMGSRV=OFF
at the start up in the customer profile.
Q2. If the path is wrong how can i reveived a error that come from the procedure. The procedure shouldn't be executed ?

WF v7.7.003

Thanks,
Pierre

This message has been edited. Last edited by: <Kathryn Henning>,


Production: WF 7.7.03 / OS: Solaris Sparc 64/ WebServer: Apache Tomcat/6.0/AppServer:WebLogic 10.3 /DB: Oracle 11.2/ Output formats: HTML, Excel, PDF, CSV, ZIP
 
Posts: 12 | Location: Montreal | Registered: August 22, 2006Report This Post
<Kathryn Henning>
posted
Hi Pedro,

I see that you've opened a case and have been working with Customer Support on this issue. Once the Symptom-Problem-Solution document has been published, I'll come back and update this topic with the link.

Thanks and regards,

Kathryn
 
Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CASE-OPENED] SQL intrusion

Copyright © 1996-2020 Information Builders