[BlueOnyx:19545] Re: 5209R Initial Setup Issue

Michael Stauber mstauber at blueonyx.it
Sun May 1 11:08:12 -05 2016 

Hi Lee,

> "Sorry, the data entered in the field newpass is invalid. 
> Please check your input and try again."
> "Sorry, the data entered in the field sql_rootpassword 
> is invalid. Please check your input and try again."
> 
> I've checked through the thread and Michael's comments from 
> http://mail.blueonyx.it/pipermail/blueonyx/2015-December/036584.html,
> I've ensured I haven't performed the yum update before the BlueOnyx
> setup, however I'm encountering this every single time.

The recommendation changed a little in between: Nowadays it's
recommended you do a YUM update after the ISO install and before using
the GUI. We did add a YUM plugin that does a conditional CCEd rehash or
CCEd restart for all those Updates that require one of these.

But back to the problem:

I just looked at the error messages and the code in SVN. When you get
are on the wizard GUI page, several password related errors can happen:

- Before Submit of form data takes place: Passwords too long, too short
or not complex enough. In that case you get a red "Please fix this
field" below the respective form field.

- After Submit:

All the form data gets processed. CodeIgniter runs some internal
sanitizing on the submitted form data to capture dirty tricks such as
SQL injection, directory traversal attempts, XSS attacks and therelike.

After that is done, our own code runs a couple of checks as well. For
example:

Password = username: Bad, raise error
Password check against cracklib indicates password is weak: Raise error.
Password too short/too long: Raise error.

The error messages that our own code for this raises are different and
much more descriptive than what you got instead.

So I presume the error messages you saw were raised by CodeIgniter's
internal XSS checks. Which happened before our own password checks were
triggered.

Could you please try the following?

Just to be sure:

yum clean all
yum update

That'll make sure you have all updates. It'll also restart CCEd if such
a restart is needed.

Then try the GUI again and try a more simple password with a minimum of
8 characters consisting of alphanumerics and basic punctuation such as
period, colon and comma. I think the XSS check *might* possibly choke on
$, %, & or § as well as on ' or ". I'll need to look deeper into that in
the next couple of days, but in the interim it would be helpful if you
could test a password along these recommendations just to see if that
fixes the setup issue for you.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list