openssl s_server without PSK/certificate, but with client certificate validation

Is it possible to use openSSL without encryption and without a certificate at the server, but with validation of the client certificate? I’m not sure which cipher allows this (or where to get this info). I tried the following:

server:

openssl s_server -cipher NULL-SHA256 -nocert -CAfile client_cert.pem -Verify 4 -verify_return_error  -accept 44330 -www   

client:

openssl s_client -cipher NULL-SHA256 -cert client_cert.pem -key client_key.pem  -connect 10.10.1.87:44330 

But I’m getting errors at the server and at the client:

server error:

4699434604:error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_srvr.c:1115: ACCEPT 

client error:

CONNECTED(00000003) 4447727212:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40 4447727212:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session:     Protocol  : TLSv1.2     Cipher    : 0000     Session-ID:     Session-ID-ctx:     Master-Key:     Start Time: 1582732375     Timeout   : 7200 (sec)     Verify return code: 0 (ok) --- 

QES AdESQC TL based Signature Validation Policy

Reading the ETSI EN 319 102-1 V1.1.1 (2016-05) Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation.

The signature validation procedures and requirements are clear in section 5. However there are many references to validation according “Signature Validation Policy”, which should be included also in the validation report.

I was searching what does it mean and came along to “QES AdESQC TL based” signature validation policy. Many example are there which has this policy in the validation report.

Where is the signature validation policies defined? Where I can find the relevant information about it? It seems that QES AdESQC TL based is something standard but I am not able to find the real definition of the policy.

I am not sure if the signature validation policy can be defined for example as XML file with the conditions how to validate signature or seal, which can be understood by application.

All sample validation reports refer to it, e.g.:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <SimpleReport xmlns="http://dss.esig.europa.eu/validation/simple-report">     <Policy>         <PolicyName>QES AdESQC TL based</PolicyName>         <PolicyDescription>Validate electronic signatures and indicates whether they are Advanced electronic Signatures (AdES), AdES supported by a Qualified Certificate (AdES/QC) or a         Qualified electronic Signature (QES). All certificates and their related chains supporting the signatures are validated against the EU Member State Trusted Lists (this includes         signer's certificate and certificates used to validate certificate validity status services - CRLs, OCSP, and time-stamps).     </PolicyDescription>     </Policy>     <ValidationTime>20/01/2016 08:06:05.002</ValidationTime>     <DocumentName>PAdES_B_PVDB-extended_LTA.pdf</DocumentName>     <ValidSignaturesCount>1</ValidSignaturesCount>     <SignaturesCount>1</SignaturesCount>     <Signature Id="id-30b3acd8c4fe0ced13b26ed2e6574d91e2e77b19e06a42b6c513a0b046b4561b" SignatureFormat="PAdES_BASELINE_LTA">         <SigningTime>30/07/2015 13:49:14.000</SigningTime>         <SignedBy>Pierrick Vandenbroucke (Signature)</SignedBy>         <Indication>TOTAL_PASSED</Indication>         <SignatureLevel>AdESqc</SignatureLevel>     </Signature> </SimpleReport> 

Move form validation error messages to top of page

When a user registers on our site (using Ultimate Member plugin, but I think it’s a generic issue) and the form doesn’t validate, it reloads the page with an error message right down the bottom, where users don’t see it, and they assume the form submitted correctly. This seems like a crazy choice! Is there a way to move the error message to the TOP of the page, so it’s more obvious when the form submit fails?? Or scroll the page to the bottom when it loads? Thanks so much! Julie

Validation not working in Woocommerce form-login file

I am editing woocommerce form-login.php file. Yes I know it is not recommended to edit core template but actually I am doing this for my personal project. Here is my code

<?php /**  * Login Form  *  * This template can be overridden by copying it to yourtheme/woocommerce/myaccount/form-login.php.  *  * HOWEVER, on occasion WooCommerce will need to update template files and you  * (the theme developer) will need to copy the new files to your theme to  * maintain compatibility. We try to do this as little as possible, but it does  * happen. When this occurs the version of the template file will be bumped and  * the readme will list any important changes.  *  * @see     https://docs.woocommerce.com/document/template-structure/  * @package WooCommerce/Templates  * @version 3.6.0  */  if ( ! defined( 'ABSPATH' ) ) {     exit; // Exit if accessed directly. }  if ( ! fl_woocommerce_version_check( '3.5.0' ) ) { wc_print_notices(); }  do_action( 'woocommerce_before_customer_login_form' ); ?>  <div class="account-container lightbox-inner">      <div class="col2-set row row-divided row-large" id="customer_login">          <div class="col-1 large-6 col pb-0">             <div class="account-login-inner">                 <h3 class="uppercase"><?php esc_html_e( 'Login', 'woocommerce' ); ?></h3>                 <form class="woocommerce-form woocommerce-form-login login" method="post">                     <?php do_action( 'woocommerce_login_form_start' ); ?>                     <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">                         <label for="username"><?php esc_html_e( 'Mobile Number', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>                         <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="username" id="username" autocomplete="username" value="<?php echo ( ! empty( $  _POST['username'] ) ) ? esc_attr( wp_unslash( $  _POST['username'] ) ) : ''; ?>" /><?php // @codingStandardsIgnoreLine ?>                     </p>                     <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">                         <label for="password"><?php esc_html_e( 'Password', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>                         <input class="woocommerce-Input woocommerce-Input--text input-text" type="password" name="password" id="password" autocomplete="current-password" />                     </p>                     <?php do_action( 'woocommerce_login_form' ); ?>                     <p class="form-row">                         <label class="woocommerce-form__label woocommerce-form__label-for-checkbox woocommerce-form-login__rememberme">                             <input class="woocommerce-form__input woocommerce-form__input-checkbox" name="rememberme" type="checkbox" id="rememberme" value="forever" /> <span><?php esc_html_e( 'Remember me', 'woocommerce' ); ?></span>                         </label>                         <?php wp_nonce_field( 'woocommerce-login', 'woocommerce-login-nonce' ); ?>                         <button type="submit" class="woocommerce-Button button woocommerce-form-login__submit" name="login" value="<?php esc_attr_e( 'Log in', 'woocommerce' ); ?>"><?php esc_html_e( 'Log in', 'woocommerce' ); ?></button>                     </p>                     <p class="woocommerce-LostPassword lost_password">                         <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php esc_html_e( 'Lost your password?', 'woocommerce' ); ?></a>                     </p>                     <?php do_action( 'woocommerce_login_form_end' ); ?>                 </form>             </div><!-- .login-inner -->         </div>          <div class="col-2 large-6 col pb-0">             <div class="account-register-inner">                 <h3 class="uppercase"><?php esc_html_e( 'Register', 'woocommerce' ); ?></h3>                  <form method="post" class="woocommerce-form woocommerce-form-register register" <?php do_action( 'woocommerce_register_form_tag' ); ?> >                      <?php do_action( 'woocommerce_register_form_start' ); ?>                      <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">                         <label for="reg_billing_first_name"><?php esc_html_e( 'Full Name', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>                         <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="billing_first_name" id="reg_billing_first_name" autocomplete="given-name" value="<?php echo ( ! empty( $  _POST['billing_first_name'] ) ) ? esc_attr( wp_unslash( $  _POST['billing_first_name'] ) ) : ''; ?>" /><?php // @codingStandardsIgnoreLine ?>                     </p>                      <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">                         <label for="reg_billing_phone"><?php esc_html_e( 'Mobile Number', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>                         <input type="tel" class="woocommerce-Input woocommerce-Input--text input-text" name="billing_phone" id="reg_billing_phone" autocomplete="tel-national" value="<?php echo ( ! empty( $  _POST['billing_phone'] ) ) ? esc_attr( wp_unslash( $  _POST['billing_phone'] ) ) : ''; ?>" /><?php // @codingStandardsIgnoreLine ?>                     </p>                                                              <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">                         <label for="reg_email"><?php esc_html_e( 'Email address', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>                         <input type="email" class="woocommerce-Input woocommerce-Input--text input-text" name="email" id="reg_email" autocomplete="email" value="<?php echo ( ! empty( $  _POST['email'] ) ) ? esc_attr( wp_unslash( $  _POST['email'] ) ) : ''; ?>" /><?php // @codingStandardsIgnoreLine ?>                     </p>                      <?php do_action( 'woocommerce_register_form' ); ?>                      <p class="woocommerce-FormRow form-row">                         <?php wp_nonce_field( 'woocommerce-register', 'woocommerce-register-nonce' ); ?>                         <button type="submit" class="woocommerce-Button button" name="register" value="<?php esc_attr_e( 'Register', 'woocommerce' ); ?>"><?php esc_html_e( 'Register', 'woocommerce' ); ?></button>                     </p>                      <?php do_action( 'woocommerce_register_form_end' ); ?>                  </form>              </div><!-- .register-inner -->          </div><!-- .large-6 -->      </div> <!-- .row -->  </div><!-- .account-login-container -->  <?php do_action( 'woocommerce_after_customer_login_form' ); ?> 

I am adding FULL NAME and MOBILE NUMBER fields in the form. But when user click register these fields values are not submitted to database. Also I want to validate billing_phone fields, as mobile number already in other user profile then it give error that THIS NUMBER IS ALREADY REGISTERED. Someone help please.

PS: I want to use any modifications in form-login.php code file only, not in theme function.php

How to provide validation feedback for multiple rows in a grid?

I’m designing a page that needs to let a user upload a spreadsheet with content to be imported into my database. I anticipate that some of these rows will contain data that’s fine in Excel, but invalid in the destination table, for instance, a string field that’s too long, or a user id that’s a duplicate of one already existing: standard validation stuff.

So I need some intermediate UI to take the proposed import and show the rows that are valid and invalid, and for the invalid rows, to indicate what the problem is. So far, I can imagine something like this:

enter image description here

The problem is that I’m not seeing how to indicate what the user needs to change in a granular way. I could highlight only the invalid cells, but I’m not sure where to put a more detailed message, like Reference name must be a maximum of 6 characters (which would be true for the whole column) or This user id is already in use (which would only be true of the one cell).

Normally, I’d put this next to the offending input control, but the message might not fit in the cell, and I can’t put it before or after the grid, because there might be dozens of them, and I can’t see how to stack the messages for a single row before or after that row, because there might still be a few of them per row.

What’s a good UI pattern for a situation like this?

User’s CLI input validation for filtering out injection attacks

I am writing a python script, Gestioner.py, which checks for some service CLI commands and validates them if they are suppported or not.

I am also trying to develop a test harness to verify and test such possible security attacks Like Injection attacks, Gest_Test.py, and see that if my earlier Gestioner.py should be able to stop/filter out injection attacks.

My question is :

How can I further add such security attacks filtering functionality in ‘Gestioner.py’, to stop any security injection related inputs given through CLI commands ?

Here are some of the example ‘valid’ commands:

--binfcmd filebinf  --filecmd fileftp  --binfcmd filebinf2 --zip testzipfile2 --stat --type None --mol None 

Here is the Gestioner.py file:

#Gestioner.py #For processing the PService cli commands  from pathlib import Path import os import errno import logging import sys from collections import namedtuple sys.path.insert(0, '..')   supported_cmds = ['binfcmd','zip','stat','type','mol','sync', 'filecmd'] ISSupported = namedtuple('ISSupported', 'result desc')  ### # Base Class for processing Pservice commands ### class CmdGestioner:     def __init__(self):         None      def set_full_command(self, in_cmd=None):         self.full_command = in_cmd      def get_full_command(self):         return self.full_command      def print(self):         print("Output: ", self.full_command)      def is_supported(self, in_command):         pservice_flags = [elem for elem in in_command.split() if str(elem).startswith('--')]          # Compare pservice flags with supported version.         command_not_supported = [x for x in pservice_flags if x.strip('--') not in supported_cmds]         # Compare pservice_flags with supported version.         if (len(command_not_supported) > 0):             commands = ' '.join(str(elem) for elem in command_not_supported)             command_not_supported_strs = 'The following commands are not supported: ' + commands             print (command_not_supported_strs)             return ISSupported(                 result=False,                 desc=command_not_supported_strs)          return ISSupported(                 result=True,                 desc='')   

Test file:

#Gest_test.py  from pathlib import Path import os import errno import logging import sys from Gestioner import CmdGestioner from collections import namedtuple   # Testing application. if __name__== "__main__":   print("Command line parser program.")   cmd = CmdGestioner()   cmd_mtg_str = ''.join(str(elem) for elem in sys.argv[1:])   cmd_args = [str(elem).strip('--') for elem in sys.argv[1:] if str(elem).startswith('--')]    print ("This is the name of the script: ", sys.argv[0])   print ("The arguments are: " , str(sys.argv))   print("The cmd.print() is: ", cmd)   print ("The program arguments are: " , cmd_mtg_str)   print ("Splitting commands into groups by -- from string: ", cmd_mtg_str.strip())   flags = cmd_mtg_str.split('--')   for x in flags:       print(x)   print ('Main commands i.e. those that start with -- ', str(cmd_args))    print('finished')  

Thanks for any suggestions/guidance to work my way in the scripts.

Returning Social Security Number After Validation Checks on Web Based Form

I have a web based application form that is used to gather personal information for web based users. One of the fields is an SSN. My question is simple, in terms of security compliance (in general, OWASP, PCI, SOC2, etc), is it okay to prefill the SSN when the user is returned to the form because of validation issues?

For instance, say I fill out the entire form, I forgot to enter Birth Date (another field on the form), the form reload the page, displays a validation message related to a required field birth date, the form is then populated with the form fields the user already entered, First Name, Last Name, SSN, etc. Is it acceptable in terms of security compliance to repopulate their SSN (this is coming from the server side validation, not client side), or should I force the user to re-enter their SSN?

Diagnostics Report vs Form Validation when results are already known?

Context:
I’m working on a software where the user can add specific external devices by using their IP and various other settings. These settings need to be entered correctly using a form and if something is entered incorrectly, the device will not work in our software.

For an example how this form looks like, see this mock-up:

Example Mock-up Config form

Now, the form never really had any feedback or validation and a very common question we get from users is: “The device doesn’t work and I don’t know why!“. This results us going through a checklist with the user to check:

  • Can the IP be pinged?
  • Did you enter the correct credentials?
  • Does the device support the selected protocol?
  • Did you set the correct Channel?
  • etc. etc.

To tackle this issue, I simply designed a “Device Diagnostics” button that will open a dialog and go through this checklist automatically.

Diagnostics Dialog:

Diag-dialog

Now here is where I get into conflict with one of the developers. He stated: “We already know all this information before the user clicks the button, so why don’t we just show it as field validation?.

Field validation with tooltip?

And I don’t really have an answer to this.

Personally, I lean more towards the dialog, even if we have to delay the results of the checklist a bit. I believe the dialog is a better user experience. It also teaches the user to think more for itself and learn to do the checklist himself before using the diagnostics button every time there’s something wrong.

The form validation, although useful for quicker results, makes me think it clutters the interface a lot more.

Help with date list validation and blank fields

New to Sharepoint trying to find my way:)

I have the following structure : StartDate1,EndDate1,StartDate2,EndDate2 StartDate1 and EndDate1 are mandatory fields. StartDate2 and EndDate2 are not. I’m trying to create a list validation where if Start date 2 contains data EndDate2 cannot left Blank (and vice verca) and at the same time for both Start End Date columns , End dates are not earlier than Start Dates

Any assistance will be highly appreciated Thanks all!