Hello,
I just discovered that using radgrid with paging turned on and active, my agency's firewall (Check Point Firewall-1 Smart Defense) considers it a sql injection for the request "minValue."
RadGrid pagesize=20. If the items return is 20 or less everything runs fine. If I change the pagesize to 5 and the records return is 20, paging shows and all request is now rejected.
Any insight will be helpful. Thanks.
Khanh
I just discovered that using radgrid with paging turned on and active, my agency's firewall (Check Point Firewall-1 Smart Defense) considers it a sql injection for the request "minValue."
RadGrid pagesize=20. If the items return is 20 or less everything runs fine. If I change the pagesize to 5 and the records return is 20, paging shows and all request is now rejected.
Any insight will be helpful. Thanks.
Khanh
| --------------begin |
| Number: 2153036 |
| Date: 09June2010 |
| Time: 13:51:22 |
| Product: SmartDefense |
| Interface: eth0 |
| Origin: nrodo3 |
| Type: Log |
| Action: Reject |
| Protocol: tcp |
| Service: http (80) |
| Source: 207.67.36.210 |
| Destination: nriis3 (198.234.44.227) |
| Source Port: 57783 |
| Attack Name: SQL Injection |
| SmartDefense Profile: Default_Protection |
| Information: reason: WSE0040002 SQL injection detected in request: 'minValue' |
| ------------end |
3 Answers, 1 is accepted
0
Hello Khanh,
I am afraid that you need to address this issue to your system administrators. Just keep in mind that regardless of the page size, RadGrid retrieves all the data to which it is bound and behind the scene selects the corresponding portion to display.
Regards,
Tsvetoslav
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
I am afraid that you need to address this issue to your system administrators. Just keep in mind that regardless of the page size, RadGrid retrieves all the data to which it is bound and behind the scene selects the corresponding portion to display.
Regards,
Tsvetoslav
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Udi
Top achievements
Rank 1
Rank 1
answered on 28 Nov 2011, 03:06 PM
using latest siteifnity 4.3 + telerik controls
got the same issue with rad control tool box. how did you managed to overcome the issue ?
got the same issue with rad control tool box. how did you managed to overcome the issue ?
0
square.png)
Khanh
Top achievements
Rank 1
Rank 1
answered on 28 Nov 2011, 04:23 PM
We disabled "minValue" detection on the firewall.
Hope this helps.
Khanh
Hope this helps.
Khanh