Logon service failed login attempt

Post any questions you have about using the Verj.io Studio, including client and server-side programming with Javascript or FPL, and integration with databases, web services etc.

Moderators: Jon, Steve, Ian, Dave

Post Reply
Segi
Ebase User
Posts: 649
Joined: Mon Dec 09, 2013 6:37 pm

Logon service failed login attempt

#1

Postby Segi » Mon Mar 16, 2015 4:33 pm

I am utilizing the logon service to authenticate my users with this code:

Code: Select all

try {
     system.securityManager.logon([["",fields.username],["",hashedPassword]]);
} catch (e) {
     // Parse the error message 
     var errormsg=String(e);
     
     // Remove this string from the beginning of the error message
     errormsg=errormsg.substring("JavaException: com.ebasetech.xi.exceptions.LogonException: ".length);
     
     alert(errormsg);
     
     event.stopExecution();
}
In the System Services->Scripts I have LOGON_SERVICE_JS which does the authentication:

Code: Select all

try {
     if ( tables.USERS.rowCount > 0 ) {  
          // Logon was successfull
     } else {
          fields.ERRORCODE.value = "999991";
          fields.ERRORDESCRIPTION.value = "Your username or password is not correct"; 
          print("Login failed with the username " + fields.PARAM1_VALUE.value);     
     }
} catch (e) {
   fields.USERID.value = null;   
   fields.ERRORCODE.value = "999991";
   fields.ERRORDESCRIPTION.value = "Your username or password is not correct";
}
If the user enters an invalid login, the else clause in LOGON_SERVICE_JS is triggered which displays a message that the login information is not correct and a default error message is written to the error console that says: "Mon Mar 16 10:45:51: Error invoking logon system service: Error invoking logon system service: error code 999991, Your username or password is not correct".

Is there a way to prevent this error message from being printed to the console ?

I want to only display my custom error message (which is above) which tells me the username that was used to attempt to log in.
0 x
Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

#2

Postby Jon » Tue Mar 17, 2015 7:32 am

This error message will contain both the ERRORCODE and ERRORDESCRIPTION fields set by the Logon Service if these are non null. There isn't any way of suppressing the message without also turning off all the other error logging. What is your concern? Do you think this might be a security exposure?
0 x
Segi
Ebase User
Posts: 649
Joined: Mon Dec 09, 2013 6:37 pm

#3

Postby Segi » Tue Mar 17, 2015 1:54 pm

Jon,

I am not concerned about privacy so much since we only use eBase internally. I have been seeing many failed login attempts and have added a custom error message that is printed to the console after a failed login attempt to show me which username is failing to log in. I don't want the user to see this, it is only for my own purposes.

The only slight issue at the moment is that the Logon service prints out the standard error message and my custom error message so there are always 2 error messages printed. It is not a big deal but I was hoping I could suppress the Logon service error message
0 x
Post Reply

Return to “Application Development”

Who is online

Users browsing this forum: No registered users and 16 guests