In case you missed it IBM has released a new certification. One for application Developers.
In case you missed it IBM has released a new certification. One for application Developers.
So the next question we have , now we know why we encrypt, is what to encrypt.
Ultimately we have only two areas to encrypt. The first area is encrypting our network connection, and the data that goes against them. The second is encrypting the actual data when it is "at rest", which is an industry term indicating encrypting the data where it had permanent or near permanent storage.
Different Compliance standards requests different things. Some only care about the storage, others only the "in flight", and some require both. You have to know what your requirements are if you only want to do some encryption, versus going wholesale.
Important to remember is that any encryption requires a performance cost. Some less than others, but a cost nonetheless.
My next post on this comment will be the network options for encryption.
Keshava Murthy's Blog
Keshav was one of the driving forces behind IWA, and he has an excellent entry this morning on what the Informix Warehouse Accelerator is all about.
Version 2.1 of the free DataStudio Developer was announced earlier this month, and some useful Informix specific feature enhancements are included the new release.
New Informix related features include, among other things:
For further reading on the new Data Studio release take a look at the Data Studio Team blog, where new articles by Sonali Surange and Curt Cotner cover it in more detail, and the recent developerWorks article by Sonali: What’s new and exciting in IBM Data Studio Developer 2.1 - Get better application insight and increase your productivity.[Read More]
Today I was caught using the non-existent word "shutdowning", which reminded me that mental exercise is important for keeping ones brain young looking and stopping it from, er, shutdowning.
What better way to exercise the gray matter than by writing your own web quiz game?
20 Questions is a simple quiz game written in ZK and small enough to be embedded in a web frame. It is based on question-answer pairs such as world capitals, US state capitals, English county towns and chemical elements. The main point of the quiz is to improve working memory.
The question-answer pairs are loaded into a database, and randomly shuffled by the application before challenging the user, who can choose 5, 10, 15 or 20 question quizzes, depending on how much work they are avoiding. One user complained that the questions are not multiple choice... kids these days, the idea is to test memory rather than guessing ability.
For the database the questionable design decision of having a separate table for each quiz was made. It would have been neater and better normalized to have a single quiz table with an extra quiz id column which references a lookup table for quiz name. That would allow the application to be data independent and dynamically build a list of quizzes based on the rows in the lookup table.
The main reason a separate table for each quiz was chosen for this example is that for a small number of quizzes it makes for a smaller and simpler web application. Should I ever add a new quiz I will stop prevaricating and normalize the design moving forward.
With excuses out of the way, here is the schema for the quiz database with its four quiz tables. This article assumes Informix Dynamic Server as the data server of choice, naturally, though there is nothing data server specific about the schema.
create database quiz;create table elements ( idx serial not null , question varchar(30), answer varchar(30), primary key (idx) );
database quiz;load from 'count_towns.unl' insert into county_towns;load from 'elements.unl' insert into elements;load from 'state_capitals.unl' insert into state_capitals;load from 'world_capitals.unl' insert into world_capitals;update statistics;Presentation layer
To get started with ZK refer to the Quick Start guide on the documentation page. The visual part of the quiz, written to $TOMCAT_HOME/webapps/quiz/index.zul is as follows:
<window title="20 Questions" width="400px" border="normal" onOK="processAnswer(answer.value);"> <zscript src="quiz.jul"/> <vbox> <label id="selectLabel" value="Please select a game.."/> <hbox> <listbox id="gameList" rows="1" mold="select"> <listitem value="elements" label="Elements"/> <listitem value="county_towns" label="English County Towns"/> <listitem value="state_capitals" label="State Capitals" selected="true"/> <listitem value="world_capitals" label="World Capitals"/> </listbox> <listbox id="numq" rows="1" mold="select"> <listitem value="5" label="5"/> <listitem value="10" label="10"/> <listitem value="15" label="15"/> <listitem value="20" label="20" selected="true"/> </listbox> <button id="newGame" label="New Game" width="90px" height="24px" onClick= "newGame(gameList.selectedItem.value,numq.selectedItem.value);"/> </hbox> <hbox> <label id="question" value="" visible="false"/> <textbox id="answer" value="" visible="false"/> <button id="subButton" label="Submit" width="90px" height="24px" visible="false" onClick="processAnswer(answer.value);"/> </hbox> </vbox></window>Note that the main window has an onOK handler so the enter key can be pressed instead of selecting the Submit button with the mouse.
The presentation layer calls two functions, newGame() and processAnswer(). The Java code to implement those functions - what I'll call the service layer - is in a file called quiz.jul and is listed below.
Note that the JDBC database connection was implemented by adding a connection pool called jdbc/quiz to the Tomcat server.xml file. (For an example of setting up a connection pool in Tomcat see sections 4 and 7 of this post.)
// quiz.jul - service layer for quiz application
To obviate the need to use the mouse while playing, in addition to the onOK handler in the presentation layer, the focus shifts back to the answer text box after each question, and to the New Game button at the end of a game by calls to the focus() method.
Despite my reservations about the unedifying qualities of multiple choice it wouldn't be too much work to extend this program (and db schema) by adding support for radio button multiple choice answers. Suggestions for new quizzes (or mistakes in the existing ones) are always welcome.[Read More]
Just as an FYI OAT 2.28 is now available check out the details at:
As a quick aside, OAT 2.28 is still not fully function on the Mac at this time. Hoping to see the Mac fix for the next release.
This week I'm hanging around San Francisco, working at the Macworld Expo. IBM has pedestals for Informix, Rational Buildforge and Lotus Notes / Symphony (there is an announcement this week for Mac versions of the Lotus products integrated with Google and other calendars).
Here is a view from the Expo floor..
Venu, PJ and Terri trying not to scare people away from the Informix booth
Recently IBM has added a 32-bit Mac version of the Informix Client SDK (useful for Ruby developers) and made improvements to the IDS installer look and feel on Mac OS. We have a few demo's running this week.. a FileMaker application using an Informix backend, a high availability demo showing Mac based Mach11 and ER systems handling failover scenarios, an IDS virtual appliance guest OS running under VMWare Fusion acting as a client and using OpenAdmin Tool to administer IDS running on a Mac, and a Cocoa application written in Objective C integrated with ODBC which uses the Basic Text Search Blade to do freeform text searches on an Informix database.
The high availability theme will be continued on Friday at 1pm when Carlton Doe presents a session entitled Building Enterprise-class and Virtually Fail-safe Database Services on the Mac.
Certain people have accused me of being a PC and not a Mac. Maybe, but after spending some time tinkering with Xcode and seeing how fast IDS runs on it, the platform is starting to grow on me.[Read More]
So I've been working with some embed ability features, and was reminded of a feature that I think is very cool, but so far not used very much. It's called solara, and Guy talked about it some when he had this blog. Since it's been a few years, I thought it might be a worthwhile to dust off one of his old articles, and remind everyone about the ability to embed a webserver inside of Informix.
Hope everyone has had a couple of good weeks, I've been on vacation for most of it. Family reunions can be a lot of work let me tell you.
So one of the customers I support made an interesting feature request lately and I was interested in your feedback. As an application developer this particular customer feels he doesn't have enough tools at his disposal to know what the session was doing with the memory it is consuming. So his feature request was asking for a Session Memory profiler. Basically so he could know how much of memory is being used for temporary tables, how much is save by cursors, etc.
So my question to you all, is how valuable would you find a tool like this?
Is it just a little valuable? Very valuable?
Hoping for some good feedback from you all.
Well a crazy workday kept me from blogging yesterday. I was , however, reminded of an important piece to trouble shooting applications, even database instances. What was that piece? Never get hung up on a single test box, or a single test instance. The reason why may be obvious, but the problem is that if you get hung up on a single instance or box , you can miss the actual problem.
Take yesterday, for example, I was helping a customer with a box that recently migrated to 11.50.FC5 , their app was crashing every time the engine came on-line, and in the process was crashing the Informix engine as well. Now as a support engineer you tend to focus on the assertion failure file and shared memory dump , just like an application developer would focus on debug logs and a core file. Well to make a long story short, after trying to identify the problem, I finally asked them to test on a separate box that had 11.50.FC5, if they had one. They did have another test box, and tested their application which did not crash and worked as expected. It turned out there was no problem with Informix, or the application, but the original test box had significant issues all its own, due to an unforseen accident that both the developers and myself were not originally aware of.
It's so easy these days, in this "whose to blame" society that we forget sometimes, that conditions exist where no one is to blame. Accidents happen, and it's what we do to idenify and correct the issue, accidental or not, that helps make our application, and ourselves , successful.
Few companies have a meaningful way to measure the value of IT and IT projects before making an investment. Technology providers frequently talk about features and functions but sometimes forget to help potential clients understand benefits.
Recently, IBM commissioned Forrester Consulting to examine the total economic impact and potential return on investment (ROI) that organizations may realize by deploying IBM Informix database software. The study uses a comprehensive methodology to bring third-party, objective ROI analysis to organizations considering the use of Informix.
The conclusion? IBM Informix delivers high performance and cost efficiency, including administration efficiency, reduced downtime, improved server utilization, and reduced support costs. But don’t take our word for it. Read the report for yourself.
You can download the report here: http://ht.ly/2LmTC
So as I'm messing around with the Informix Ultimate-C edition for Mac, I also am looking at CSDK 3.50 too. And while there is nothing wrong with the product, it does make me wonder what else a Developer might like to see with the product. In out (C)lient (S)oftware (D)evelopment (K)it we have the following:
If you happen to be on a platform other than Mac, you also get JDBC.
What else would you like to see in a CSDK bundle? Maybe I'm getting spoiled but looking at Microsoft and Apple, if you get an SDK you actually get a a real toolkit, something that also helps you build rapid prototypes, or even full fledged applications. I honestly think that IBM has a solution there already too. The free version is called Data Studio, and with just a little tweaking IMHO, could be the exact gui programming tool I see missing from the CSDK bundle. Even then though, I think all we would see on Unix platforms would be JCC, JDBC, ESQL/C and ODBC, and the question then is "is that enough, or do you want more?"
Would PHP, Ruby, and perl be enough? What else could/should a developer want for a CSDK bundle? I want to hear you thoughts on the matter.
There is a trend within IBM to move to using DVD as the standard software install media.
There has been talk about doing this within Informix before, partly because we're close to the maximum CD size on some platforms (where more than one copy of Java Runtime needs to be on the CD for example).
One advantage moving to DVD would provide is the ability to bundle additional components, for example Data Server Driver, which provides the Comment Client API's to connect to IDS via the DRDA protocol. Currently if you want components like this you would have to download them separately.
Once concern that has been raised is could this lead to bloating of IDS? E.g. if we're not so concerned about space might the install footprint go up? We would certainly have to be very careful about what is installed by default if we were to add components to the bundle.
Would anyone be inconvenienced if the IDS install media was no longer available on CD? If you see a problem with that please leave a comment or contact me. I am also curious as to what percentage of people download all their products electronically.[Read More]
Suppose you have some server code which needs to check whether a user has read or write access to a file...
A UNIX programmer might say: "Use stat() to get the file permissions and check them against the user and group id. I'm going to lunch. Don't wait up".
A Windows programmer on the other hand had better skip lunch and start coding.
Here are four possible ways to check whether a user has the requested access to a file on Windows. The first three use GetFileSecurity() to get a file security descriptor and varying methods toobtain the user's security credentials.
1. Use LogonUser to get a Token handle, and validate with AccessCheck()
If you have a Token representing a logged on user you can call the AccessCheck() functionto validate the user access rights against a file security descriptor. If your server code has the user's password and other credentials (not defined in the example code), you could get the Tokenusing LogonUser() (error checking removed for brevity). Assuming the desired access is encoded in the flags variable:
// desired access flags can be set to whatever you defineint flags = O_WRONLY;DWORD sdLen, dwAccessDesired = 0, dwPrivSetSize, dwAccessGranted;PSECURITY_DESCRIPTOR fileSD;GENERIC_MAPPING GenericMapping;PRIVILEGE_SET PrivilegeSet;BOOL fAccessGranted = FALSE;HANDLE hToken;I have found this to be the most reliable method of checking a user's file access rights, with thedisadvantage that your server needs to have the user logon details.
2. Use OpenProcessToken() to get a Token handle and validate with AccessCheck()
If you have the process ID, pid, of the user's front-end process you can avoid logging on by getting a handle to the token using OpenProcessToken() as follows (the rest of the code would be the same):
HANDLE hProcess, hMyToken;LUID luid;
One problem I've experienced with this method is that OpenProcessToken() can fail with Access Denied on some machines and not others. I have yet to identify the root cause.
3. Use GetEffectiveRightsFromAcl() with a user SID
One way to verify a user's access rights without a token is to get hold of the user SID using LookupAccountName() and call GetEffectiveRightsFromAcl(). Once the file security descriptor has beenobtained as above the rest of the code would do this:
BOOL daclThere = FALSE, daclDefault = FALSE;PACL fileDacl;DWORD sidSize, domainSize = 128;BYTE pSid[sizeof(SID)+(SID_MAX_SUB_AUTHORITIES * sizeof(DWORD))];SID_NAME_USE sidType;char domain;TRUSTEE trustee;ACCESS_MASK mask;
A potential problem with this is that LookupAccountName() can take a long time to execute if you have a remote user from a trusted domain in a network infrastructure with many domains.
Another problem I've seen with this is GetEffectiveRightsFromAcl() failing with return code 5. I have an open support call with Microsoft concerning this problem.
Update 2/13/07: Thanks to some help from a Microsoft Escalation Engineer the specific problem has been identified as when any local user (i.e. not a domain user) calls GetEffectiveRightsFromAcl() and passes it the ACL of an unprivileged local user, the file ACLs include those for groups which contain domain groups, and at a domain level the Network access: Allow anonymous SID/Name translation setting is disabled (default setting) the function will return "Access Denied". Because of this reason using GetEffectiveRightsFromAcl() is not the recommended method to determine whether a user has access rights to a file.
4. Launch a process as the user and test access
If you don't want to mess with all the access functions, you could could simply create a process as the user using LogonUser() and CreateProcessAsUser()and try opening a file with the required permissions. This isn't a very efficient method, and executing a command leaves your code open to malicious command injection, but it works.
The file access rights implementation on Windows, and its programming interface, is in my opinion a pile of pants. It probably seemed like a good idea at the time to create an access model with so much flexibility, but a flexible security system is often a misconfigured security system. Suggestionswith simpler alternatives to the above are welcome.
Check User’s Permissions On A File or Folder- ASP article By Softomatix.
How To Program a Secure Server on Microsoft Windows NT - Microsoft KB article
Update 6/12/07: The article has been updated and is back online!
Want a summary of IDS 11.10 features in a developerWorks article, with handy links to the documentation for each feature? IBM Software Engineers Inge Halilovic, Mohan Saraswatipura, Radhika Gadde and Priyambada Behera have published such an article: What's new in IDS Cheetah (IDS 11)? It makes for a good digest of the major Cheetah features - useful to scan through if you think you know all the major enhancements, or have missed the hype and want to know what Cheetah is all about.[Read More]