1 2 Previous Next 15 Replies Latest reply on Nov 27, 2006 8:50 AM by Funky

Hidden SQL error code in error page source-URGENT !

Funky Nov 22, 2006 7:42 AM

On error page there is:

<t r><t d><*a href="javascript:window.history.go(-1)">OK</ a></t d>

<t d><b r /></t d></t r></ table>

<!--Application:"100" Page:"8" User:"9999999999998" -->

<!--request: "AJDE_ERROR"-->



<!--command:insert into xe_lobs (id) values(7);-->

<!--lastQuery (1st 1000 chars):begin insert into xe_lobs (id) values(7);

 end;-->

                              </ TD>

This code is shown in ordinary user source code of the page (no admin or developer or debug session!).
I have set (in Application Definition "Logging" and "Debugging") all to "no"...but still this code is shown on error page.

I think this is not OK to show real SQL code to ordinary user.

How to prevent this, please this is really urgent for us and we do not see the solution!

1. Re: Hidden SQL error code in error page source-URGENT !

60437 Nov 22, 2006 8:17 AM (in response to Funky)

Damir,

Put HTML in the Error Page Template section of the page template. Use the help text on that region for examples of the substitution strings that can be used in there.

Scott
Like Show 0 Likes(0)

Actions
2. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 22, 2006 8:22 AM (in response to 60437)

Scott,

I'm not following you...sorry...
Like Show 0 Likes(0)

Actions
3. Re: Hidden SQL error code in error page source-URGENT !

60437 Nov 22, 2006 8:26 AM (in response to Funky)

Edit the page template.
Scroll down to the Error Page Template Control region.
Read the item help on that text area. Use some of the substitution strings like #BACK_LINK# and #MESSAGE# to format the HTML with links and text.
Put some HTML in that text area.
Apply changes.
Run your page in a way that generates an error page.
View the HTML source of that page in the browser.
Be happy that this problem is solved.

Scott
Like Show 0 Likes(0)

Actions
4. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 22, 2006 8:47 AM (in response to 60437)

OK I have and now it looks that there is no that irritating "SQL code"....BTW many people are using original error template-don't you think this is security problem ?
Like Show 0 Likes(0)

Actions
5. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 22, 2006 8:55 AM (in response to Funky)

Scott,

let me extend this thread a little.

How to have default behavior (SQL code is shown as comment in HTML source) and how to avoid it's showing depending some condition?

First behavior is nice to have in development and second in regular user usage....

THX!
Like Show 0 Likes(0)

Actions
6. Re: Hidden SQL error code in error page source-URGENT !

60437 Nov 22, 2006 9:22 AM (in response to Funky)

I don't think it's possible, we'll make a note of this general problem. The output should probably be toggled by the application debug Yes/No setting.

Scott
Like Show 0 Likes(0)

Actions
7. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 22, 2006 10:10 AM (in response to 60437)

Scott,

I still do not understand how to use #OK#, #MESSAGE#, #BACK_LINK#, #RETURN_TO_APPLICATION# ??

When I put them I get some text...

Where to define these values to show my context!?

THX!
Like Show 0 Likes(0)

Actions
8. Re: Hidden SQL error code in error page source-URGENT !

60437 Nov 22, 2006 10:39 AM (in response to Funky)
Maybe like this:
Hey there is an error -- #MESSAGE#. Click < a href="#BACK_LINK#">here < /a> to #RETURN_TO_APPLICATION#,
or click < a href="www.amazon.com">#OK# < /a> to go shopping.
BACK_LINK is a placeholder for "javascript:window.history.go(-1)" and OK and RETURN_TO_APPLICATION are the names of system messages you can define to translate that text.

Scott
Like Show 0 Likes(0)

Actions
9. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 22, 2006 11:28 AM (in response to 60437)

Scott,

Here are the results of your suggestion:

http://i10.tinypic.com/2a9o3h4.png

http://i10.tinypic.com/3zlh4c6.png

What is wrong?
Like Show 0 Likes(0)

Actions
10. Re: Hidden SQL error code in error page source-URGENT !

60437 Nov 22, 2006 11:36 AM (in response to Funky)

In this forum we routinely have to edit HTML that we post as examples so that the forum page does not interpret it as HTML. Please convert what I posted to the obvious "correct" HTML and it should work better.

Scott
Like Show 0 Likes(0)

Actions
11. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 22, 2006 11:41 AM (in response to 60437)

Sorry, my mistake!

THX!
Like Show 0 Likes(0)

Actions
12. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 23, 2006 2:13 PM (in response to Funky)
One thing before this thread is closed...
 
On error page there is allways error message.
 
In our case it is "ORA-00001: unique constraint (SOME_OWNER.TABLE1_PK) violated" but the kind of message is not important ... this should work for any error message.
 
My questions/knowledge are:
 
1) Is there any chance to remove that message (not to be shown) from the page, so user cannot see it?-NO!
 
2) What app variable is having that message value? We need that to record log that this error has ocurred.-????
 
3) if 1) is possible is 2) still possible? We do not want to show the message but do want to pass the value to some record log function...-according 1) it is irrelevant!
 
THX!
 
P.S.
 
There are many threads about "error page" and in manual onle few small references...more general then specif to the mentioned subject.
 
I have found "something" to hide irritating error message from screen. Put following css code in your "theme_V2.css" file:
.ErrorPageMessage {display:none}
Unfortunately this removes screen value but in HTML code error message is not hidden-it is open. But this will help a little ... if nothing else!
 
Still there is open question how to pass that message to a proc for recording that error-this will be really nice to hear!
Message was edited by:
Funky

Message was edited by:
Funky
Like Show 0 Likes(0)

Actions
13. Re: Hidden SQL error code in error page source-URGENT !

Funky Nov 23, 2006 9:53 PM (in response to Funky)

OK...if there is no other way...could you Scott tell me what is sent in #BOX_BODY#...so I can try to parse the value and record it somehow?

THX!
Like Show 0 Likes(0)

Actions
14. Re: Hidden SQL error code in error page source-URGENT !

60437 Nov 23, 2006 10:14 PM (in response to Funky)

I'm going to let others who have worked with the problem of handling exceptions on pages take it from here and offer any help they might be able to.

Scott
Like Show 0 Likes(0)

Actions

1 2 Previous Next

Go to original post