[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 1.3.16 released

Subject: Re: 1.3.16 released
From: Pete Houston <..hidden..>
Date: Mon, 14 May 2012 15:01:37 +0100

On Mon, May 14, 2012 at 06:40:38AM -0700, Chris Travers wrote:
> I have never seen this error.  Since we are now using http auth for
> everything it surprises me. I am nonetheless looking into how it might
> come up.

Here's the relevant part of the access log:

81.187.19.186 - - [14/May/2012:12:23:25 +0100] "GET /ledgersmb/user.pl?action=preference_screen HTTP/1.1" 200 6750
81.187.19.186 - - [14/May/2012:12:23:27 +0100] "GET /ledgersmb/UI/users/preferences.js HTTP/1.1" 200 1115
81.187.19.186 - - [14/May/2012:12:25:42 +0100] "GET /ledgersmb/user.pl?action=change_password&old_password=XXX&new_password=YYY&confirm_password=YYY HTTP/1.1" 200 6741
81.187.19.186 - - [14/May/2012:12:25:43 +0100] "POST /ledgersmb/user.pl HTTP/1.1" 401 55
81.187.19.186 - - [14/May/2012:12:26:00 +0100] "POST /ledgersmb/user.pl HTTP/1.1" 200 148

The 401 there shows where I was prompted for the password again with
basic auth and the final line shows the error message which I reported
originally. Note that the passwords replaced here by XXX and YYY are
shown in the clear in the access log!

Here is the equivalent part of the error log:

[Mon May 14 12:25:44 2012] [error] [client 81.187.19.186] DBI connect('dbname=lsmb1316a','bigred',...) failed: FATAL:  password authentication failed for user "bigred" at LedgerSMB.pm line 981, referer: https://test1/ledgersmb/user.pl?action=preference_screen
[Mon May 14 12:26:00 2012] [error] [client 81.187.19.186] DBI connect('dbname=lsmb1316a','bigred',...) failed: FATAL:  password authentication failed for user "bigred" at LedgerSMB/DBObject/User.pm line 70, referer: https://test1/ledgersmb/user.pl?action=preference_screen
[Mon May 14 12:26:00 2012] [error] [client 81.187.19.186] Issuing rollback() due to DESTROY without explicit disconnect() of DBD::Pg::db handle dbname=lsmb1316a at /var/www/ledgersmb/user.pl line 8., referer: https://test1/ledgersmb/user.pl?action=preference_screen

HTH,

Pete
-- 
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107

Attachment: pgpHXArTEb3Ml.pgp
Description: PGP signature

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Ledger-smb-users mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-users

References:
- 1.3.16 released
  - From: Chris Travers
- Re: 1.3.16 released
  - From: Pete Houston
- Re: 1.3.16 released
  - From: Robert James Clay
- Re: 1.3.16 released
  - From: Pete Houston
- Re: 1.3.16 released
  - From: Chris Travers

Prev by Date: Hotfix for LedgerSMB 1.3.16 critical issue
Next by Date: Re: 1.3.16 released
Previous by thread: Re: 1.3.16 released
Next by thread: Re: 1.3.16 released
Index(es):
- Date
- Thread