Liferay Theme Development Services

Surekha Technologies is a globally trusted company providing liferay theme development services, portal development, and Liferay DXP with 7.3, 7.2, 7.1, and 7.

Top 5 lỗ hổng thực thi từ xa nguy hiểm nhất đầu năm 2020, có lỗ hổng còn tự động lây nhiễm sang máy tính khác mà người dùng không hề biết

Trong thế giới an ninh mạng, các lỗ hổng thực thi từ xa là loại nguy hiểm nhất khi tin tặc có thể tấn công nạn nhân mà không cần tiếp cận vật lý đến máy tính của người dùng.

Thực thi mã từ xa - Remote Code Execution (viết tắt là RCE) là loại lỗ hổng nguy hiểm nhất, cho phép hacker chiếm quyền điều khiển máy chủ ứng dụng, từ đó có thể lấy các dữ liệu quan trọng của tổ chức hoặc làm bàn đạp để tấn công sâu hơn vào hệ thống doanh nghiệp.

Dưới đây là top 5 lỗ hổng RCE nguy hiểm mới được phát hiện từ đầu năm 2020 do Chuyên gia của công ty cổ phần an ninh mạng Việt Nam VSEC đánh giá dựa trên độ phức tạp, sự phổ biến và quy mô tác động của những lỗ hổng này.

I.  CVE 2019-2725: Lỗ hổng thực thi mã từ xa trên ORACLE WebLogic

Cụ thể, lỗ hổng bảo mật này nằm trong thành phần WLS9-ASYNC trên máy chủ Weblogic của Oracle cho phép kẻ tấn công nhập dữ liệu XML độc hại thông qua đường dẫn được thiết kế đặc biệt mà không cần bất kỳ quyền nào, từ đó có thể xâm nhập và thực thi các mã lệnh tùy ý lên máy chủ Weblogic.

Lỗ hổng này rất dễ bị kẻ tấn công khai thác, vì bất kỳ ai có quyền truy cập HTTP vào máy chủ WebLogic đều có thể thực hiện một cuộc tấn công. Hơn nữa nó còn không cần tương tác từ phía người dùng, như mở tệp đính kèm hay click vào liên kết độc hại, để tải xuống mã độc. Do đó, lỗi này có điểm CVSS là 9,8 /10.

Xem thêm: Dịch vụ quản trị hệ thống HPT

II. CVE 2020-0796: Lỗ hổng thực thi mã từ xa trên giao thức SMB của Windows

CVE 2020-0796 (RCE) là lỗ hổng được đánh giá là nghiêm trọng nhất khi hacker có thể thực thi mã độc từ xa mà không cần xác thực trên Windows 10, không những thế còn có thể tự động lây nhiễm sang máy tính khác.

SMB (Server Message Block) chạy trên cổng 445, là một giao thức mạng hỗ trợ việc chia sẻ file, duyệt mạng, in và giao tiếp qua mạng. Lỗ hổng này còn gọi là SMBGhost, và bắt nguồn từ cách thức SMBv3 xử lý các truy vấn của tính năng nén dữ liệu phần header (compression header), cho phép kẻ tấn công từ xa có thể thực thi mã độc trên máy chủ hoặc máy khách với đặc quyền trên cả Hệ thống.

III.  CVE 2020-1938: Lỗ hổng Ghostcat đọc và chèn tập tin trên Apache Tomcat

CVE-2020-1938, hay còn gọi là Ghostcat, là một lỗ hổng trong giao thức AJP (JavaServer Pages) của Apache Tomcat -  một phần mềm web server mã nguồn mở miễn phí, được sử dụng để chạy các ứng dụng web lập trình bằng ngôn ngữ java. Lỗ hổng này có điểm số 9,8/10, mức gần như cao nhất.

Theo các chuyên gia Công ty cổ phần An ninh mạng VSEC, lỗ hổng Ghostcat hiện đã được phát hiện trên tất cả phiên bản (9.x/8.x/7.x/6.x) của Apache Tomcat phát hành trong suốt 13 năm qua, và điều đặc biệt nghiêm trọng là các mã khai thác đã xuất hiện và được chia sẻ tràn lan trên internet, từ đó các tin tặc có thể tìm kiếm và triển khai các phương thức xâm nhập vào máy chủ web một cách dễ dàng.

IV. CVE-2020-7961 Lỗ hổng chuyển đổi cấu trúc dữ liệu không đáng tin cậy trên Liferay

CVE-2020-7961 là lỗi  chuyển đổi cấu trúc dữ liệu trên nền tảng Liferay - một cổng thông tin mã nguồn mở được sử dụng rộng rãi. Lỗ hổng này cho phép kể tấn công lợi dụng các hàm chuyển đổi cấu trúc dữ liệu mà Liferay sử dụng để chèn mã độc, chiếm quyền điều khiển hoàn toàn ứng dung và thực thi mã lệnh từ xa đến server, thực hiện các hành vi như thay đổi giao diện trang web, đánh cắp dữ liệu,...

Lỗ hồng này tồn tại trên các phiên bản Liferay 7.2.1 CE GA2 trở về trước và hiện tại Liferay đã tung ra các bản vá kịp thời ở các phiên bản Liferay Portal 7.1 GA4, 7.0 GA7 và 6.2 GA6.

V.  CVE-2019-11469: Lỗ hổng SQL Injection trên ứng dụng ManageEngine Application Manager (MEAM)

Lỗ hổng SQL Injection tồn tại ở các ứng dụng quản trị hệ thống doanh nghiệp sử dụng ManageEngine Application Manager phiên bản 14072 trở về trước, cho phép kẻ tấn công có thể nhập dữ liệu vào cơ sở dữ liệu của trang web qua các thông số gửi lên server.

Tin tặc sẽ lợi dụng lỗ hổng này để chiếm quyền điều khiển server bằng cách thêm vào một tài khoản quản trị với quyền cao nhất. Vì ManageEngine yêu cầu quyền đăng nhập đến các máy chủ được giám sát, nên hacker dễ dàng có thể chiếm quyền toàn bộ hạ tầng các máy chủ, từ đó trích xuất dữ liệu quan trọng cũng như cài đặt mã độc lên toàn hệ thống.

Hiện các lỗ hổng trong những phần mềm và nền tảng trên đều đã có bản vá từ nhà phát triển, vì vậy, nếu đang sử dụng chúng, VSEC khuyến cáo các doanh nghiệp nên sớm cập nhật lên phiên bản mới nhất, cũng như vô hiệu hóa các module tính năng gây nên những lỗ hổng trên.

Create A Custom Post Login Action in Liferay DXP 7.1

While working in the Liferay DXP 7.1 environment, we often need to perform a certain action when a user logs in to the Liferay server. To achieve this, we need to programmatically perform some action when a user logs in. I have put together the steps which would help a Liferay practitioner perform that action and save the development time.

To give you a small example, suppose, we want to send an email notification to the admin when a user logs in to the Liferay server. By implementing the steps mentioned in this blog, the same can be achieved.

Click this and read more about Liferay development services

Prerequisites:

1) Java 1.8

It can be downloaded from https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

2) Liferay DXP 7.1 bundled with tomcat.

It can be downloaded from https://www.liferay.com/products/dxp/trial-download

3) Eclipse/Liferay Developer Studio (For reference here I am using eclipse toolbar)

Proceed with the following step-by-step procedure to create your Liferay DXP 7.1 CustomLoginAction action.

1) Once you are done with the above-mentioned prerequisites and have completed the basic Liferay Environment Setup, your screen should look like the below-mentioned image.

Original source here with the related screenshot: Create A Custom Post Login Action in Liferay DXP 7.1

Latest Liferay DXP 7.1 Software Comes with Pre-Designed and Re-Usable Elements

Liferay DXP 7.1 Software allows user to create the content as required by storing page sections as fragments and re-use them within their site and assemble web pages without touching code. DXP 7.1 consists of conditional rules that allow forms to adjust dynamically like showing or requiring certain fields based on the responses. Page Editor enables the users to visually lay out page designs save then as templates. This story is related to the following: Software Search for suppliers of: Content Management Software from Air Conditioning /fullstory/latest-liferay-dxp-7-1-software-comes-with-pre-designed-and-re-usable-elements-40013203 via http://www.rssmix.com/

Liferay Releases Liferay Digital Experience Platform

Liferay, Inc., which makes software that helps companies create digital experiences on web, mobile and connected devices, today announced the release of Liferay Digital Experience Platform 7.1 (DXP) and new digital commerce and analytics offerings to bolster and improve the entire customer journey

Liferay Releases Liferay Digital Experience Platform

Liferay, Inc., which makes software that helps companies create digital experiences on web, mobile and connected devices, today announced the release of Liferay Digital Experience Platform 7.1 (DXP) and new digital commerce and analytics offerings to bolster and improve the entire customer journey

Liferay Releases Liferay Digital Experience Platform

Los Angeles, CA: Liferay, Inc., which makes software that helps companies create digital experiences on web, mobile and connected devices, today announced the release of Liferay Digital Experience Platform 7.1 (DXP) and new digital commerce and analytics offerings to bolster and improve the entire customer journey. The latest version of Liferay DXP, together with the new Liferay Commerce and Liferay Analytics Cloud offerings, give enterprises new ways to easily create engaging customer experiences, including a B2C-like purchasing journey for B2B customers that’s fully integrated to the end-to-end customer experience, and continuously improve them through in-depth analytics across touchpoints.   

“Relationships with customers are not one-time events,” said Edwin Chung, VP of Product Management for Liferay. “That’s why the latest version of Liferay DXP and our new digital commerce and analytics offerings help businesses build long-term relationships with their customers by helping them understand customer needs and delivering timely content.”

In order to quickly meet the needs of today’s digitally savvy customers, Liferay DXP 7.1 provides content delivery teams more flexibility to create the content they want. Business users are able to assemble web pages using pre-designed, reusable elements without touching code. Web developers can more conveniently support the delivery of unique, valuable content by creating these elements within Liferay’s own code editor or by using their preferred tools to import finished content directly into Liferay DXP via APIs.

Organizations may now also supplement the functionality of Liferay DXP with Liferay Analytics Cloud, a new offering that works with Liferay DXP to aggregate data into a single customer view and help business users understand customer activity. By using Liferay Analytics Cloud businesses are able to gain insights into the performance of content along with data on customer behavior and interests so that businesses can present customers with the content they need when they need it. Liferay Analytics Cloud, which is in beta, will be offered as a SaaS-based subscription for Liferay DXP customers.

For businesses looking to deliver frictionless transactional experiences for their customers, Liferay Commerce offers organizations the tools to build integrated front-end experiences and streamline the entire purchasing journey. The new offering allows business to eliminate the complexity found in many B2B transactions by providing customers with a single interface with which to view products, receive customized pricing, make purchases and reorder them with one click, and assign permissions to others in their organization. Businesses can take advantage of Liferay Commerce’s machine learning capabilities to understand customers’ purchasing history and make more informed decisions regarding inventory and warehouse management. Liferay Commerce is currently in limited release for select Liferay DXP customers.

This article was first appeared on MarTech Advisor

Liferay Database migration from 6.2 to 7.1/DXP

If you want to Liferay Database migration from 6.2 to 7.1/DXP.

Here, ready to upgrade database #Liferay 6.2 to 7.1, Liferay 7.1/DXP gives upgrade tools to upgrade everything.

Please follow the steps to upgrade the database(Steps are given for both Ubuntu/Window).

Charts in Liferay

One of the many great developer-centric features introduced in Liferay 7.1. You can now directly use Charts in your portal with inbuilt functionalities by using react or soy portlet. Let’s see in detail how you can use charts in Liferay. Click Now!! http://bit.ly/2IlOqvY

Integrate Adaptive Media In Liferay Custom Portlet

Liferay provides a way to choose the best content for the right device with adaptive media. Liferay has introduced adaptive media as an external app on Liferay 7 after that Liferay includes Adaptive media in Liferay 7.1.

In this article, we will include How to integrate adaptive media in a custom portlet. We also gave an example to handle images through adaptive media in a portlet.

If you want to read complete guide click now !! 

https://www.surekhatech.com/blog/integrate-adaptive-media-in-liferay-custom-portlet

Gogo shell in Liferay 7 and 7.1

Gogo shell is command line interface. Using it we can interact or manage lifecycle of OSGi bundles like install bundle, start bundle, stop bundle and uninstall bundle. Gogo is based on the OSGi RFC-147. It describes a standard shell for OSGi based environments.

Create A Custom Post Login Action in Liferay DXP 7.1

While working in the Liferay DXP 7.1 environment, we often need to perform a certain action when a user logs in to the Liferay server. To achieve this, we need to programmatically perform some action when a user logs in. I have put together the steps which would help a Liferay practitioner perform that action and save the development time.

To give you a small example, suppose, we want to send an email notification to the admin when a user logs in to the Liferay server. By implementing the steps mentioned in this blog, the same can be achieved.

Click this and read more about Liferay development services

Prerequisites:

1) Java 1.8

It can be downloaded from https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

2) Liferay DXP 7.1 bundled with tomcat.

It can be downloaded from https://www.liferay.com/products/dxp/trial-download

3) Eclipse/Liferay Developer Studio (For reference here I am using eclipse toolbar)

Proceed with the following step by step procedure to create your Liferay DXP 7.1 CustomLoginAction action.

1) Once you are done with above-mentioned prerequisites and have completed basic Liferay Environment Setup, your screen should look like the below-mentioned image.

2) In Eclipse select Liferay as your current perspective.

3) Go to File->New->Liferay Work Space Project and enter details as shown in below image.

4) Click Finish after entering details and your newly created Liferay workspace project structure should look something as shown in below image.

Now once you’re done with basic Liferay project workspace setup you would need to create a module containing your custom login action that could be deployed in your Liferay DXP Server later.

5) Right click on CustomLoginAction project and got to New->Liferay Module Project and enter details as shown in below image.

6) Again, click Finish after entering details and your newly created Liferay module project structure should look at something as shown in below image.

Once you’re ready with the deployable module you would need to implement some service class inside the module that would actually be responsible for your custom login desired action.

7) Again, right click on DemoModule and go to New->Liferay Component Class and select Login Pre Action from Component Class Template dropdown and select finish as shown in below image.

8) After selecting Finish, your screen should appear as shown in the below image.

9) Now in order to implement some custom post login action in your class Component section where it is mentioned pre property = {“key=login.events.pre”}, simply change it to {“key=login.events.post”} and your class should look as shown in below image.

Now you can deploy this module. Log in to your Liferay environment and you would be able to see your CustomLoginAction Service Class S.O.P in your console as shown in below image.

If you find any challenge in implementing the same, feel free to contact us.

While working in the Liferay DXP 7.1 environment, we often need to perform a certain action when a user logs in to the Liferay development company server. I have put steps which would help a Liferay practitioner perform that action and save the development time.

Top Benefits of Liferay CMS for the Users, Businesses, and Developers

1) Liferay is User-Friendly

With all your everyday task and duties, you would prefer not to experience the torments of learning and adjusting to another new arrangement.

Liferay development company portal not just streamlines your work involvement – it obliges your inclinations and requirements. With a history of more than a decade of advancement, Liferay Portal offers an honor winning UI, numerous layers of personalization and work area traditions that make for incredible convenience and brisk appropriation.

Customize your own work understanding.

Each Liferay Portal client is given a lot of individual pages that are extremely easy to modify to explicit tastes, inclinations, and necessities.

You can change how your pages look, which tools and applications are incorporated, what goes into your own document library, and who can approach them. You can likewise pull in your own email and existing timetable occasions.

It accompanies all that you need.

Liferay Portal’s exhaustive accumulation of out-of-the-box apparatuses gives you all that you must assemble better business arrangements.

Look over a menu of content management, web distributing, collaboration, social networking, and work process includes that are consistently coordinated and effectively configurable to your needs.

It’s anything but difficult to utilize.

Liferay Portal’s great usability has been vital to the product’s prominence.

With only a couple of clicks, you can make changes to the look and feel, portlet designs, themes, and page formats. With a basic intuitive, you can include and reposition applications, devices and different components to the portal.

It offers a standout amongst the best UIs in the portal market and keeps on acquainting new advancements with making your life considerably easy.

Related blog: Create A Custom Post Login Action in Liferay DXP 7.1

2) Business Friendly

Liferay gives you the most elevated rate of return (ROI) at the least all out the expense of ownership (TCO).

We comprehend the effect that ease of use, interoperability, and open gauges can have on an association’s procedures and have planned Liferay Portal as needs are. The cost reserve funds we offer is just auxiliary in significance to the esteem that our innovation brings.

Attempt it risk-free.

Similarity with all major working frameworks, application servers, and databases implies that you can download, install and try Liferay Portal in your current IT condition, with your current IT staff.

Keep it for low TCO.

When you pick Liferay Portal your association profits by an outstandingly low total cost of ownership.

While different portals make you pay for extra highlights, Liferay Portal accompanies more than 60 tools, more than 20 themes, and various engineer devices. We give you however many assets that could be allowed to achieve whatever it is that you need to do (web distributing, collaboration, social networking, organization, and so on.) at no extra expense.

Additionally, as Liferay Portal is the main enterprise portal available with no hardware or software equipment, you are will undoubtedly utilizing a specific IT stack and put resources into just what your requirement for the life of your portal venture.

Increase most business adaptability.

Liferay Portal is offered under an open source permit (for the Community Edition) just as a business-accommodating commercial permit with a Liferay Portal Enterprise Subscription.

Stay secure.

Liferay Portal utilizes industry standard, government-grade encryption advancements, so you can generally be positive about the security of your information. Sign in once to get to every one of your records. Changing layers of security with redid access to touchy data likewise gives you a chance to control who sees what.

From venture banks to the Department of Defense and other government offices, Liferay Portal is a confided in the arrangement that guards private data safe.

Guarantee long term practicality.

Liferay Portal guarantees business security and long-haul practicality that outperforms that of the challenge.

While business products can break up and change at the impulse of financial specialists or abnormal state business choices, open source items flourish insofar as there is a network encompassing it.

Liferay Portal is having a history of more than a decade since its inception and has a worldwide community that keeps on creating and driving the item forward. The community additionally consoles you that Liferay Portal won’t remain dormant yet will keep on developing with thoughts and commitments that address the requirements of an assorted gathering of people of both business and specialized clients.

Besides, dissimilar to many open source projects, Liferay Portal is backed by a steady and beneficial worldwide organization with year-on-year income development and a program of gifted engineers that are completely devoted to the product’s progressing improvement and advancement.

3) Developer Friendly

With the perpetual library of advances that can live inside an enterprise, it’s difficult to legitimize adding one more item to the blend. That is the reason Liferay is focused on fitting flawlessly into any current IT condition with a guarantee to similarity and reusability.

Liferay keeps running in your current IT condition.

With help for every real framework arrangement in the present market, Liferay guarantees no extra spending plan is required for supporting programming, for example, application servers and databases.

Liferay conforms to and characterizes new industry norms.

Liferay Portal is consistent with all key industry norms (JSR-286, JSF-314, JSR-170, WSRP and JBI) and partook as an individual from the “Portlet 2.0” determination advisory group.

Liferay utilizes a granular arrangement of approvals.

Liferay Portal has a reusable, extensible approval architecture that is utilized all through the entrance and is appropriate to individual portlet components, for example, catches, messages, portlets and clients. Overseers can modify and control who can get to sensitive data and usefulness.

Enterprise application combination is made simple.

Liferay Portal’s open, adaptable SOA engineering enables diverse applications in different dialects to cooperate effectively. Liferay Service Builder consequently creates supporting classes for SOAP-based web administrations and JSON for Javascript-based access.

Run your different applications in Liferay as well.

tools are written in another mainstream programming language (PHP, Ruby, Python) can keep running in Liferay, directly close by Liferay’s own applications.

Liferay encourages you to get social.

Liferay gives JSP label libraries, for example, social bookmarks and a labeling interface that can be effectively added to your custom portlets. An action following API, fare to Facebook, and gadget/mashup bolster will bolster all your social figuring needs. Contact us for all kind of Liferay development company services.