During querying on Exact Online, I sometimes get an intermittent error in the Invantive Query Tool:
Not authorized to access Exact Online.
Please check that you have access to the administration and have licensed a module for the data object 'Settings'.
For some errors, we automatically retry the operation, for instance when the OAuth token expires.
At this moment we can not reliably detect this error since the text varies per language and has no message code. However, when you try a few more times without changing anything, the access on the Exact Online XML topic 'Settings' proceeds successfully. Retrying without carefully knowing what is wrong is not a reliable approach since an update can be applied then multiple times.
How do I reliably detect this type of error so I can appropriate automatic corrective measures?
Related
I am getting this error message while running REST API Scans on WebInspect tool: "Please verify a connection, we cannot capture any sessions". Any solution?
There could be several reasons for this error. Two of the most common would be our inability to parse the API definition file or access issues connecting to the site. The access issue could either be authentication or network related.
My recommendation would be opening a ticket with Fortify support (https://www.microfocus.com/en-us/support/contact-support) as there are some follow-up questions:
What API type are you scanning?
Is this a Postman based scan? If so, can it be run my Newman?
How is the scan configured?
Do you have any problems executing WiSwag from cli?
What are you seeing in the scan logs?
I have created a family tree on my website using MySQL 5. Everything is working except the User Administration table. When I attempt to access it I get an error that says (DataTables warning: table id=DataTables_Table_0 - Invalid JSON response. For more information about this error, please see datatables.net/tn/1). When I use the chrome debugger to find out what is happening it is telling me (The requested URL was rejected. If you think this is an error, please contact the webmaster).
I have contacted the family tree developer to find out what is wrong and they are telling me the issue is in the underlying table on the server end and not their software as it won't produce that type of error. When I contact my hosting site, they tell me they need to be able to reproduce the error and I have no idea where it is in the MySQL software. My hosting site will not work with 3rd party software. So I have to diagnose this on my own. I have no clue what to do. I have looked at your other threads and turned of all firewalls on my computer and I still get the error. I have also tried clearing cookies and cache and still get the error. Are there any other things I can try? Or something I can tell my hosting company to look for?
I am creating a mobile application using swift for my organization. The application reads in data in JSON format to populate the information that gets displayed on the application. I already have a method to generate the JSON files, but I need somewhere to host the actual files. I have an AWS account and an instance running, this is where I initially was hosting my JSON files but I got an email from AWS saying that having the app constantly grab the JSON files that I stored on the site resembled scanning behaviour, which is not allowed apparently. So I was wondering where I could host JSON files so that my mobile app can read in the information it needs. The biggest thing that I need is that I can host it with a static URL that I can keep calling with my app.
I was thinking of potentially putting the files on an AWS bucket with read permissions and having those get accessed, but since AWS already complained about me doing something like that I'm iffy. I was also thinking of putting the JSON files on Github, but again I'd hate to get an email from github telling me that they don't like that an application keeps grabbing the data.
For background, the app essentially has a hardcoded URL that grabs the JSON data and parses it. I didn't do an api because an API takes some time to grab all the information that doesn't really change that often, it's much easier to generate the JSON files locally and just post them online somewhere. The information on it can be read by anyone too it's not private or anything.
Message from AWS:
Hello,
We've received a report(s) that your AWS resource(s)
information
has been implicated in activity which resembles scanning remote hosts on the internet for security vulnerabilities. Activity of this nature is forbidden in the AWS Acceptable Use Policy (https://aws.amazon.com/aup/). We've included the original report below for your review.
Please take action to stop the reported activity and reply directly to this email with details of the corrective actions you have taken. If you do not consider the activity described in these reports to be abusive, please reply to this email with details of your use case.
If you're unaware of this activity, it's possible that your environment has been compromised by an external attacker, or a vulnerability is allowing your machine to be used in a way that it was not intended.
We are unable to assist you with troubleshooting or technical inquiries. However, for guidance on securing your instance, we recommend reviewing the following resources:
I'm new so it won't let me post links but they attached a couple help links
If you require further assistance with this matter, you can take advantage of our developer forums:
more links I can't have
Or, if you are subscribed to a Premium Support package, you may reach out for one-on-one assistance here:
link
Please remember that you are responsible for ensuring that your instances and all applications are properly secured. If you require any further information to assist you in identifying or rectifying this issue, please let us know in a direct reply to this message.
Regards,
AWS Abuse
Abuse Case Number:
Using an AWS EC2 instance to host static files (which is what it sounds like you were doing?) is pretty standard and I suspect that this is not what Amazon is complaining about. More likely, your instance has been infected by some sort of software which is causing it to request many files from other random servers on the web ("scanning for remote vulnerabilities"). You should check that you have not accidentally publicly posted your AWS credentials (in any form), and consider wiping the instance and resetting it. And of course reply to the email explaining this to AWS.
I have an Access 2013 database split across a network that is mainly used via Citrix. I keep getting the error message that the database is in an inconsistent state and I don't know why. I created a query to capture the user name and machine id as a auto-exec macro so I can go back and ask users what happened etc. But what I'd like to know is if it would be possible to know which user first encountered this error? Can I trap the error somehow and know which user "caused" it? I have a feeling that this error happens prior to the auto_exec macro firing but I live in hope.
What I am hoping to be able to do is get with the Citrix team and see if they have a corresponding error or something in their logs.
.. sadly they are all sharing the same front end. It's only being used
for read-only lookup purposes. I wanted each user to have their own
copy but IT disagreed with me.
The only way it could work reliably, is if the accdb file itself is marked as Read-Only, and that would probably leave your application useless.
I've been through this with a client running a huge Citrix setup (40000+ employees) for an application with a priority. IT had for a reason a strict view on security, but though quite cooperative, they were of little help.
However, I got it solved by a VB script. It worked in the first attempt and so well, that I wrote up a description here:
Deploy and update a Microsoft Access application in a Citrix environment
The great thing is, that you probably won't need IT to do anything for you.
I'm thinking about some optimal methods for gracefully handling errors on a website. I'm thinking that two modes will dictate how errors are handled:
Development Mode
Shows all notices, warning, and fatal errors on the view they are generated from
Errors are displayed in raw format
Production Mode
Hide all notices and warnings, no matter what
Redirect fatal errors to a page (something like the fail whale)
Tell the user that the error has been logged
Store information about the error in the database or some other type of log (developer's choice)
E-mail the error to an array of e-mail addresses (developer's choice)
What are your thoughts on this approach? Can you think of a better way to handle errors?
Production mode - instead of emailing developers and storing the error to databases yourself. Integrate with defect/bug tracking system like Bugzilla, let it handle all the emailing, assignments, etc... No need to reinvent the wheel. Integration is simple, just use Bugzilla web services.
For production I highly recommend using a error logging service like Sentry or Rollbar. They have free plans that should cover most of personal or small business websites.
Why use these services? They offer a simple script or one line of code you add to your website or app and the service will handle error logging, storage and notifications. For example, if a users uses a broken function, the logging service will record the error, send it to their servers, analyze it, store it and send you a notification like PROJECT1 - TypeError: document.getElementsByClassName.ToString is not a function to you.
Also, they provide their implementations for several languages so you could log your PHP backend and your JS frontend at the same time.
Using a specialized service will save you a lot of time. No need to write your own API, storage for errors and configure some push or notification service. I use Sentry for several months now and I'm very happy with it. It's basically a "setup once and forget"-thing.