1 2 Previous Next 15 Replies Latest reply on Nov 27, 2006 8:50 AM by Funky

    Hidden SQL error code in error page source-URGENT !

    Funky
      On error page there is:
      <t r><t d><*a href="javascript:window.history.go(-1)">OK</ a></t d>
      <t d><b r /></t d></t r></ table>
      <!--Application:"100" Page:"8" User:"9999999999998" -->
      <!--request: "AJDE_ERROR"-->

      <!--command:insert into xe_lobs (id) values(7);-->
      <!--lastQuery (1st 1000 chars):begin insert into xe_lobs (id) values(7);
      end;-->
                                    </ TD>
      This code is shown in ordinary user source code of the page (no admin or developer or debug session!).
      I have set (in Application Definition "Logging" and "Debugging") all to "no"...but still this code is shown on error page.

      I think this is not OK to show real SQL code to ordinary user.

      How to prevent this, please this is really urgent for us and we do not see the solution!
        1 2 Previous Next