Forum Discussion
mwitt_65218
May 19, 2009Nimbostratus
Thanks to you both for your replies, Hoolio and Ben.
I had used Global for Parameter Level for this username parameter that has a Parameter Value Type of User-Input Value.
In Parameters - Attack Signatures, I had used the << button to bring to the Overridden Security Policy Settings the SQL-INJ ROOT@ from the Global Security Policy Settings. It was Enabled when I brought it over with the << button, so I changed to disabled and clicked UPDATE. I was told by an employee that this other employee jroot@morrison.com still could not login. So then I had disabled in Attack Signatures - Policy Attack Signatures the SQL-INJ ROOT@.
I just now went to Attack Signatures - Policy Attack Signatures to click the Enabled check box for SQL-INJ ROOT@ to re-enable. I disabled this yesterday in an attempt to allow this user to login successfully, but I had a feeling that this would turn off the SQL-INJ ROOT@ for the whole policy as you have confirmed.
I just now went again to Parameters and clicked on the username parameter. I clicked on Attack Signatures. I used the >> button to remove SQL-INJ ROOT@. I then used the << button to bring again the SQL-INJ ROOT@ from the Global Security Policy Settings to the Overridden Security Policy Settings and I made sure that the State dropdown is Disabled. I applied the policy. The staging is set for 7 days though, so I do not know if these changes just now will go into effect immediately or after the staging period.
Anyway, I will give it another try. Maybe the timing was off when an employee told me that the other employee jroot@morrison.com still could not login after I had done what you suggested.
Just now I decided though to change the Parameter Level of the username parameter from Global to Object as suggested just to see if this helps. I used HTTPS for the Object Path since this is what is in the URL in the Browser. When I read here the mention of Object versus Global, I thought that Object might be better for this parameter that is for textbox on the web page.
Thanks again VERY much for your replies!