HPE Service Manager / Service Center Support and News Forum
Showing results for 
Search instead for 
Do you mean 

invalid query hash in URL - may be a cracking attempt

SOLVED
Go to Solution
Highlighted
Valued Contributor Valued Contributor

invalid query hash in URL - may be a cracking attempt

Hello

In SC help there is this example:
Example: Sending Web tier URLs through e-mail notifications
and I have treid make it.
In eventout has been created record with such url:
http://saturn:8080/sc620/index.do?ctx=docEngine&file=incidents&query=incident.id=%22CALL1002%22&queryHash=68e70a88&action=&title=Call%20CALL1002

but SC web client make error:
Error: invalid query hash in URL - may be a cracking attempt

What is problem?

Best regards

Darek
1 ACCEPTED SOLUTIONS
Honored Contributor

Re: invalid query hash in URL - may be a cracking attempt

I had the same question last week! Here's the answer:

In the web.xml on the web server you need to find the SC Host and SC Port paramters and insert the following under them



sc.querysecurity

false


10 REPLIES
Honored Contributor

Re: invalid query hash in URL - may be a cracking attempt

I had the same question last week! Here's the answer:

In the web.xml on the web server you need to find the SC Host and SC Port paramters and insert the following under them



sc.querysecurity

false


Valued Contributor Valued Contributor

Re: invalid query hash in URL - may be a cracking attempt

Its works!

Thank you.
Regular Advisor

Re: invalid query hash in URL - may be a cracking attempt

Hi,

Does anybody of you know an equivalent of SC's parameter sc.querysecurity in SM? I tried querysecurity, but it still gives me the error mentioned above.

Thanks a lot!
Michaela
Frequent Advisor

Re: invalid query hash in URL - may be a cracking attempt

Hello..
I was also trying to find the solution, and in SM it is easier since inside the web.xml file, usually under program files\Apache Software Foundation\Tomcat 5.0\webapps\sm7\WEB-INF editing it there is the following section:


querySecurity
true


...
If you set this parameter to false then the error will be bypassed and the web page will be displayed.

regards

Spyros
Valued Contributor Valued Contributor

Re: invalid query hash in URL - may be a cracking attempt

Hi,
we escalated this problem ( SCR 39684 ) this
april and were told that this problem will be
handled in SC6.2.7, release date unknown.

regards hge


Honored Contributor Honored Contributor

Re: invalid query hash in URL - may be a cracking attempt

hge... do you know how to assign points when people answer your questions?
Valued Contributor Valued Contributor

Re: invalid query hash in URL - may be a cracking attempt

Hi Jacob,
wrong again,

you should read precisely.

regards hge
Frequent Advisor

Re: invalid query hash in URL - may be a cracking attempt

Hi,

If I don't want to input username and password when access the url, do you have some suggestions.

Thanks a lot.

Andrew tu
Occasional Visitor

Re: invalid query hash in URL - may be a cracking attempt

Can you show me an example how it should look in the web.xml

Advisor

Re: invalid query hash in URL - may be a cracking attempt

[ Edited ]

Hello.

 

Make changes to web.xml. When trying to open interaction with id=SD4399 (http://serversm:8080/sm/index.do?ctx=docEngine&file=incidents&query=incident.id=%22SD4399%22), get on the search interactions form . What is wrong? Thank you.