Life on Planet Groove

Skip to content
Skip to menu

Jun 15 2009

BDC Picker.aspx QueryString Triggers Firewall Security

Category: SharePoint, Technology — Adam Toth @ 10:00 am

The implementation of the BDC entity picker dialog (opened with the Browse button) can cause some firewall and security software to think a worm or sql injection attack is happening and block the traffic.

The manner in which properties and entity IDs are encoded into long query string values makes the urls appear to be injection attacks. On a particular client’s BDC application, the picker dialog used a url similar to the following:

http://domainname.org/_layouts/Picker.aspx?MultiSelect=False&CustomProperty=uU2hhcmVQb2ludC5Qb3J0YWwsIFZlcnNpb249MTIuMC4wLAF%2F%2FAQAAAAAAAA9QcmltYXJ5Q29sdW1uSWQQU3lzdGVtSW5zdGFuY2VAAA
AAAMAgAAAF9NaWNyb3NvZnQjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibG
ljS2V5VG9rZW49NzFlOWJjZTExMWU5NDI5YwUBAAAAPk1pYAEAAAD%2F%2F%23Jvc29mdC5TaGFyZVBvaW50LlBvcnRhbC5XZWJDb250cm9scy5JdGVtUGlja2
VyRXh0ZW5kZWREYXRhB
JZAhFbnRpdHlJZBNTZWNvbmRhcnlDb2×1bW
5zSWRzAAAABw8PDw8CAAAANw4AAAcOAAAIDgAACQMAAAAPAwAAAAAAA
AAPCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
3D&EntitySeparator=%00&DialogTitle=Choose%20User&DialogImage=%2F_layouts%2Fimages%2Fbizpicker.gif&PickerDialogType=Microsoft.SharePoint.Portal.WebControls.ItemPickerDialog%2C%20Microsoft.SharePoint.Portal%2C%20Version%3D12.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D71e9bce111e9429c&DefaultSearch=

Using the HTTP GET for this kind of thing is a bad idea, and I hope that Microsoft fixes this in the future.

Tags: BDC, SharePoint

Comments (0)

Apr 09 2009

BDC Error – Type does not match DotNet type of TypeDescriptor

Category: SharePoint, Technology — Adam Toth @ 10:36 am

I ran into a BDC error, “Type does not match DotNet type of TypeDescriptor”, with a particular application definition I wrote. In this case, I had a specific finder method that took one input parameter (the identifier) that was of type System.Decimal. It turns out I didn’t specify a default value in the TypeDescriptor for this input parameter in my XML definition. It looks like when you don’t set a default value, it will automatically set one for you and assign it a type of System.String. I was able to see this when I exported the BDC definition fresh, and noticed that SharePoint automatically added this default value and type for me.

Rule of thumb, always specify a default value for each input parameter.

Tags: BDC, SharePoint

Comments (0)