An error has occurred. Please contact your system administrator. (6632) error in Jasper server 6.2

Question

I am using Jasper report :- TIBCO Jaspersoft Studio-6.2.0.final Jasper server :- JasperReports Server Community Edition (v6.2.0)

I published Report b

Answer 1

for security reasons(!) I personally would recommend (using it is quite insecure as described below!) to

1. set this to

   Validator.ValidSQL=.*
   

   or even better

   #/jasperserver/WEB-INF/classes/esapi/security-config.properties 
   security.validation.sql.on=false
   

   so there is no validity check actually done. Why? Because the previous (standard regexp) is a quite weak (and immature - as e.g. preventing with ... select ... clauses) check and may suggest that SQL injection would be prevented in a higher degree.

A) if I am NOT concerned about security/SQL injection in my environment or the cost-value-factor is inefficient (take non-IT budget-responsible people into the boat to decide here!), I would leave it like this for now

B) if I am concerned about security/SQL injection in my environment, I would recommend to

• read articles about SQL injection and how to prevent it robustly and continually on many necessary levels (e.g. also db user rights) updated for my target databases/ORM frameworks, e.g.
  • Oracle: Defending Against SQL Injection Attacks
  • Oracle: 12c DBMS_ASSERT Package
  • PostgreSQL: quote_*(...) functions
  • ...
• search for better regexp clauses (if existent)? => seems an improper/week method to me only suitable for "little PHP shop style apps"

Answer 2

You might be using some special keywords in your SQL query (such as "with" clause). You may need to edit the jasperserver-pro/WEB-INF/classes/esapi/validation.properties file. And edit the line, Validator.ValidSQL=(?is)^\s*(select|ADD_NEW_CLAUSE_HERE)\s+^;+$.

And restart the server.

Proving the queries you use will be helpful for a more comprehensive answer.