Protecting my script from spanners ???

Protecting my script from spammers ????
I am a newbie. I am using DW CS5. I have a members register form and a database for the users set up. I use the DW service behavior of “recordset” and “insert record” to add the new users from the form to the database. All works well except for one (?) problem.
A book I was reading suggested that I should test to make sure that no illegal characters are inserted in the user submitted values by using the lines of code below to strip slashes from the input before updating the database. I would have thought the DW did this as part of their standard code. But when I test DW by adding some illegal characters in one of my values, the illegal characters still show up in my data when I view the table using phpMyAdmin.
I have tried to add this code (with and without some modifications) to the “standard” DW code (this code is located at the end of this posting) generated by DW without any success. DW gives me an error if I make ANY change to the “standard” DW code.
My questions:
1.   Does the “htmlentities” function and the “get_magic_quotes_gpc() “ in the DW code do the same or similarly job of stripping illegal characters from the fields? If so, why is the get_magic_quotes_gpc only applied for less than PHP- 6 ?
2.   If yes, why do I still see the slashes in my data when I view it with phpMyAdmin?
3.   What is the best way to protecting my script from spammers inserting illegal characters in my scrip using the tools that comes with DW CS5? Or should I use some other method?
…………. strip some slashes code to add to DW code …………..
// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_address = $_POST['email_address'];
$username = $_POST['username'];
$info = $_POST['info'];
/* Let's strip some slashes in case the user entered
any escaped characters. */
$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$username = stripslashes($username);
$info = stripslashes($info);
…………. DW standard insert code…………….
<?php require_once('../Connections/ndc_olcs.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "frJoin")) {
$insertSQL = sprintf("INSERT INTO users (first_name, last_name, email_address, username, info, user_level, signup_date) VALUES (%s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['first_name'], "text"),
                       GetSQLValueString($_POST['last_name'], "text"),
                       GetSQLValueString($_POST['email_address'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['info'], "text"),
                       GetSQLValueString($_POST['user_level'], "text"),
                       GetSQLValueString($_POST['signup_date'], "date"));
mysql_select_db($database_ndc_olcs, $ndc_olcs);
$Result1 = mysql_query($insertSQL, $ndc_olcs) or die(mysql_error());
$insertGoTo = "../user_list.php";
if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
header(sprintf("Location: %s", $insertGoTo));
mysql_select_db($database_ndc_olcs, $ndc_olcs);
$query_rsJoin = "SELECT * FROM users";
$rsJoin = mysql_query($query_rsJoin, $ndc_olcs) or die(mysql_error());
$row_rsJoin = mysql_fetch_assoc($rsJoin);
$totalRows_rsJoin = mysql_num_rows($rsJoin);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
The form’s HTML code continues from here……
Thank you.

Relying on an editor like DW to protect your DB or spam attacks is not a good idea. Spammers and those that wish to attack your database work at it as a full time occupation, so when some new protective script comes along, they work on overcoming it.
"" If so, why is the get_magic_quotes_gpc only applied for less than PHP- 6 ?""
Magic quotes are deprecated and will not be in PHP6.
I would suggest using this for your email variable:
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
I would look up "re-captcha" and "honey pot' for some additional security.
Here is something I put together some time back, it is not complete or comprehensive and more research should be done, but it might help you to understand a little better.
http://www.paulgdesigns.com/secure.php
HTH
Gary

Similar Messages

Does Forefront Endpoint Protection 2010 block powershell scripts from running?

Hi all,
I have a task that runs a Powershell script on a set schedule on a particular machine. It has failed to run and I thought 1 of the potential reasons would be that FEP 2010 blocks the Powershell script from being run. Does FEP 2010 do that? If so, where can I find the setting to allow Powershell scripts (or VB scripts or Java scripts) to be run by my task?
Thanks for your help in advance.
Howard Lee - Microsoft

If the script detect as malicious , FEP will block it, otherwise it won't block normal and safe PowerShell scripts. You may take a look at event viewer and see whether it being blocked or detect as malicious code by FEP or not.

How to call a shell script from a java code

Hello can any one suggest me how to call a shell script from a java program that takes three parameters.
i have a shell script (msp_restore_gui) when i run this script in the command line in a RHEL5 ,SUSE10 and Debian machine it works fine .I even tested to call it from a java program and it also worked fine but when i used the same in a J2ee application where the user when clicks the restore button in a webserver this inturn sends the request to a java file named BackupManager.java where i call the shell script.But here it fails.Waiting for your suggestions.If you want i can put the code also here

yes the script is in /usr/local/mss/tools/backup and the script (msp_restore_gui) is as follows
#!/bin/sh
TIMESTAMP=`date +%d_%b_%y-%H-%M`
touch /var/backups/mss/mss_restore_"$TIMESTAMP".log
LOGFILE="/var/backups/mss/mss_restore_"$TIMESTAMP".log"
### Explode tgz file
cd /
# Checks to be done:
# root login
# assume he passes the parameter as msp_backup_<timestamp>
# check for the existence of the .tz and fileList.txt
# Checking for the root login and if not logged on as root
# permission will be denied to execute this script
logmsg(){
echo "`date`: $*" >> $LOGFILE 2>&1
echo "$*"
#usage of this script
while [ $# -ne 0 ]
do
case $1 in
-n)
shift
ARCHIVE_NAME=`find / $ -name "$1.tz" -o -name "$1.tgz" $ 2>/dev/null`
FILE_NAME=`find / -name $1_filesList.txt 2>/dev/null`
if [ x$ARCHIVE_NAME = x -a y$FILE_NAME = y ]
then
logmsg "ERROR: Files not found, Restore cannot proceed"
usage
else
tar tvzf $ARCHIVE_NAME > /dev/null 2>&1
if [ $? -ne 0 ]
then
echo "ERROR: The tar file $ARCHIVE_NAME is not proper. Restore cannot proceed"
exit 1
else
          echo "Backedup files are present, proceeding with restore......" >> $LOGFILE 2>&1
fi
fi
usage
SKIP_CLEANUP=1
STATUS=1
exit
esac
shift
done
rm -rf ./newfile
curr_ver_file="/usr/local/mss/etc/version"
/usr/local/mss/tools/backup/check_version $curr_ver_file $FILE_NAME
ret_code=$?
echo "Exit value of check_version is $ret_code"
if [ "$ret_code" != 0 ]
then
logmsg "MSP Version not matching. Exiting from restore now...."
errormsg=`cat /usr/local/mss/temp/ver_err_mesg`
logmsg $errormsg
rm -f /usr/local/mss/temp/ver_err_mesg
exit 1
else
echo "Version check is successful"
fi
#### ShutDown MSS########
/etc/init.d/mss stop
sleep 2
### Shutdown semm
/etc/init.d/semm stop
sleep 2
rm -rf `grep -v "MSP Version:" $FILE_NAME`
logmsg "MSP restore in progress......"
tar mxvfz $ARCHIVE_NAME >> $LOGFILE
sleep 5
### Call mysql restore script
/usr/local/mss/bin/mysql_alldb_restore.sh >> $LOGFILE 2>&1
if [ $? -ne 0 ]; then
logmsg "Database restore Failed. Cannot proceed further"
exit 1 ;
else
logmsg "Database restore Succeeded."
fi
### Remove DB Dump Files
rm -f /var/lib/mysql-dumps/*
### Trigger cleanup of airprism database tables
#touch /usr/local/mss/airprism/server/config/reinitdb
### Trigger re-import of software packages
touch /usr/local/mss/swdepot/reimport
### Remove log files under the "apps" directory
find /usr/local/mss/apps -name '*.log*' | xargs rm -f
find /usr/local/mss/logs -follow -name '*[._]log*' | xargs rm -f
if [ $? -ne 0 ]; then
logmsg "MSP restore Failed. Cannot proceed further"
exit 1 ;
else
logmsg "MSP restore Succeeded."
fi
# reinstall_patch is touched so that patches are re-installed after restoring of MSP.
touch /usr/local/mss/patch/bin/reinstall_patch
##### Start MSS
logmsg "restarting MSP server "
/etc/init.d/mss start
sleep 5
### Start semm
/etc/init.d/semm start
sleep 5
logmsg "MSP server is now restarted"
my jsp page backup.jsp is as follows
<%@taglib uri="portlet.tld" prefix="uif" %>
<%@taglib uri="msp-console.tld" prefix="msp" %>
<uif:defineObjects/>
<%@page import="javax.portlet.*" %>
<%@ page import="java.util.Date" %>
<%@ page import="java.util.Vector" %>
<%@ page import="java.text.DateFormat" %>
<%@ page import="com.symbol.mss.console.admin.backup.BackupManager" %>
<%@ page import="com.symbol.mss.console.admin.system.SystemInfoPortlet" %>
<%
     String STYLE_NAME = request.getParameter("style");
     if (STYLE_NAME == null) STYLE_NAME = STYLE_DEFAULT;
     final String ua = request.getHeader("User-Agent");
     BackupManager helper = null;
     PortletSession portletSession = renderRequest.getPortletSession();
     helper = (BackupManager)portletSession.getAttribute("helper");
     if (helper == null) {
          //System.err.println("Created new BackupManager");
          helper = new BackupManager();
          portletSession.setAttribute("helper", helper);
     final BackupManager backupManager = helper;
     String action = "";
     final String backupName = renderRequest.getParameter("backupName");
     String completePath = backupManager.getBackupDir() + backupName + backupManager.getBackupFileExt();
     if (backupName != null) {
          action = "backup";
     if(backupManager.backup(backupName)) {
          SystemInfoPortlet.beginRestartMSP();
          } else {
               action = "backuperror";
     final String cmd = renderRequest.getParameter("submitButton");
final String selectedBackup = renderRequest.getParameter("selectedBackup");
int tarFileStatus =0;
String backupTarFile ="";
String backupFileList ="";
     if ("Restore".equals(cmd)) {
if (selectedBackup != null) {
     tarFileStatus = backupManager.verifyTarFile(selectedBackup);
     //backupTarFile = backupManager.getRestoreFile(Integer.parseInt(selectedBackup));
     //backupFileList = backupTarFile.substring(0, backupTarFile.lastIndexOf(backupManager.getBackupFileExt()))+"_filesList.txt";
               if (tarFileStatus == 0){
     action = "restore";
     backupManager.restore(selectedBackup);
                    SystemInfoPortlet.beginRestartMSP();
          } else {
               action = "error";
} else if ("Remove".equals(cmd)) {
backupManager.remove(Integer.parseInt(selectedBackup));
     DateFormat dateFormat = DateFormat.getDateInstance(DateFormat.SHORT);
     PortletURL restoreURL = renderResponse.createActionURL();
%>
<%@ include file="/jsp/core/constants.jspf" %>
<% if (action.length() > 0) {
     if ("backup".equals(action))
%>
     <p>The MSP Appliance has been shut down in order to create the <%=backupName %> backup file,
          and will automatically restart as soon as the file has been created.
          To continue your work, please log out of the MSP Console, wait for the appliance
          to restart, and then log back in. The amount of time you'll have to wait for the
          MSP Appliance to come back online depends on the amount of information you have
          stored in the MSP Database.</p>
     <p>The full pathname for the backup file is: <%=completePath %></p>
<%     }
     else if ("restore".equals(action))
%>
     <p>The MSP Appliance has been shut down in order to restore from the <%=backupTarFile%> backup file,
          and will automatically restart as soon as the restore is complete.
          To continue your work, please log out of the MSP Console, wait for the appliance
          to restart, and then log back in. The amount of time you'll have to wait for the
          MSP Appliance to come back online depends on the amount of information you have
          stored in the MSP Database.</p>
<%     } else if ("backuperror".equals(action)) { %>
          <p><img src="images/dialogue/error_16.gif" class="icon" alt="Notify" /> Errors occurred while taking back up of MSP. Please see the backup service log file for more details.
          </P>
<%     } else if ("error".equals(action)) {
          if (tarFileStatus == 4) { %>
               <p><img src="images/dialogue/error_16.gif" class="icon" alt="Notify" /> The backup file <%=backupTarFile%> contains errors. This backup can't be restored. Please restore a valid back up.
               </P>
          <%} else if (tarFileStatus == 3) { %>
               <p><img src="images/dialogue/error_16.gif" class="icon" alt="Notify" /> The backup file list <%=backupFileList %> is missing. This file is required to restoring backup. Please get the backup file list and proceed with restoring backup.</p>
          <%} else if (tarFileStatus == 2) { %>
               <p> <img src="images/dialogue/error_16.gif" class="icon" alt="Notify" /> The backup file <%=backupTarFile%> contains errors and the backup file list <%=backupFileList%> is missing. This backup can't be restored. </p>
          <%} %>
<%     }
} else { %>
<p><strong>Note</strong>: Both backup and restore will shut down MSP temporarily. MSP will be unable to collect data from devices, send notifications, or provide MSP Console access during this time. When the backup or restore operation is complete, MSP will come back online automatically.</p>
<h3>Backup</h3>
<form action="<%= restoreURL.toString() %>" method="post">
<p>Please provide a name for your backup. MSP will provide the date automatically in the list of backups.</p>
<p><label for="<uif:namespace />backupName">Name</label> <input type="text" name="<uif:namespace />backupName" id="<uif:namespace />backupName" size="20" maxlength="256" /> <input type="submit" name="<uif:namespace />submitButton" value="Back up now" onclick="return <uif:namespace/>validateName()"/></p>
</form>
<h3>Restore</h3>
<p>This will restore all databases (device assets, collected device data, software packages, policies, etc.) to their state as of the time the backup was made. Changes since then <em>except for backups</em> will be destroyed.</p>
<%
Vector restoreList = helper.getRestoreEntries();
Vector restoreDates = helper.getRestoreDates();
Vector restoreVersions = helper.getRestoreVersions();
Vector filesStatus = helper.getBackupFilesStatus();
%>
<% if (restoreList.size() == 0) { %>
<p>There are no backups currently available.</p>
<% } else { %>
<form action="<%= restoreURL.toString() %>" method="post">
<table class="input-radios" id="<uif:namespace />existingBackups">
<thead>
<tr>
<th></th>
<th>Name</th>
<th>Date</th>
<th>MSP Version</th>
<th>Remarks </th>
</tr>
</thead>
<tfoot>
<tr>
<td colspan="4" class="actionsOnSelected">
<input type="submit" name="<uif:namespace />submitButton" value="Restore" onclick="return confirm('This action requires MSP and all related services to be shut down. Console will be unavailable if the request is submitted. The server will restart automatically once restore has been completed.');" />
<input type="submit" name="<uif:namespace />submitButton" value="Remove" onclick="return confirm('This action will remove the backup archive. You will no longer be able to restore this backup. Continue?');" />
</td>
</tr>
</tfoot>
<tbody><%-- First one (most recent) is checked by default. Every other row has class="portlet-section-alternate". Note that each ID must be unique and must match the value of the "for" attribute on the corresponding "label" element. --%>
<%
for (int i = 0; i < restoreList.size(); i++) {
%>
<tr <%= (i % 2 == 1) ? " class=\"portlet-section-alternate\"" : "" %>>
<td><input type="radio" name="<uif:namespace />selectedBackup" value="<%= i %>" id="<uif:namespace />selectedBackup-<%= i %>" <%= (i == 0) ? "checked=\"checked\"" : "" %> /></td>
<td><label for="<uif:namespace />selectedBackup-<%= i %>"><%= restoreList.elementAt(i) %></label></td>
<td><%= dateFormat.format((Date)restoreDates.elementAt(i)) %></td>
<td><%= restoreVersions.elementAt(i) %></td>
<td><%= filesStatus.elementAt(i) %></td>
</tr>
<%
%>
</tbody>
</table>
</form>
<% } %>
<% } %>
<script type="text/javascript">
<![CDATA[//><!]]>
</script>
and my BackupManager.java is as follows where the code in bold and italic is called the restore()
//============================================================================
// Symbol Technologies P R O P R I E T A R Y S O U R C E C O D E
// C O N F I D E N T I A L
// Copyright (c) 2003 Symbol Technologies. All Rights Reserved.
// All information contained herein is the property of Symbol Technologies,
// or its Licensors, and are protected copyrights and trade secrets, and may
// be covered by U.S. patents. Any reproduction or dissemination of any
// portion of this document, of the software, or other works derived from it
// is strictly forbidden unless prior written permission is obtained from
// Symbol Technologies.
//============================================================================
package com.symbol.mss.sdf.services.backup;
import java.io.*;
import java.sql.Time;
import java.text.DateFormat;
import java.util.logging.FileHandler;
import java.util.logging.Formatter;
import java.util.logging.LogRecord;
import java.lang.Process;
import java.util.*;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.logger.LogEnabled;
import org.apache.avalon.framework.logger.Logger;
import com.symbol.mss.sdf.admin.AdministratorService;
import com.symbol.mss.sdf.backup.*;
import com.symbol.mss.sdf.data.*;
* @author nramaiah
* Service to perform scheduled backups of the system state.
public class BackupManager implements BackupService, DataHandler,
LogEnabled, Configurable {
// MSS Home Path
private static String mssHome = System.getProperty("phoenix.home", File.separator + "usr" +
File.separator + "local" +
File.separator + "mss" +
File.separator);
// Backup related definitions
private static final String BACKUP_LIST_FILE_NAME = "conf" + File.separator + "files_to_backup.txt";
private static final String BACKED_UP_LIST_FILE_NAME_SUFFIX = "_filesList.txt";
private static final String BACKUP_LOCATION = File.separator + "var" + File.separator + "lib" +
File.separator + "mss-backups" + File.separator;
private static final String BACKUP_PARTITION = File.separator + "var" + File.separator + "lib";
private static final String VERIFY_BACKUP = File.separator + "usr" + File.separator + "local" +
                                                       File.separator + "mss" + File.separator+"tools"+
                                                       File.separator+"backup"+File.separator+"verifyBackup.sh";
// DB backup/restore related definitions
private static final String DB_DUMP_LOCATION = File.separator + "var" + File.separator +
"lib" + File.separator +
"mysql-dumps" + File.separator;
private static final String DB_BACKUP_SCRIPT = "bin" + File.separator + "mysql_alldb_backup.sh";
private static final String DB_RESTORE_SCRIPT = "bin" + File.separator + "mysql_alldb_restore.sh";
// Private variables
private AdministratorService m_admin = null;
private Logger m_logger = null;
private String backupLocation = null;
private String backupListFileName = null;
private String backupPartition = null;
private int backupPartitionLimit = 90;
private String dbDumpLocation = null;
private String dbBackupScript = null;
private String dbRestoreScript = null;
private List servicesBackupList = null;
private String tarFileExtension =".tgz";
private String errFileExtension =".err";
private int exitValue=0;
* Default Constructor
public BackupManager() {
servicesBackupList = new ArrayList();
* Set the administrator service implementation. Link established by Broker service.
* @param admin reference to an implementation of AdministratorService
public void setAdministrator(AdministratorService admin) {
m_admin = admin;
* Set the job publisher service implementation. Link established by Broker service.
* @param jobPublisher reference to an implementation of JobPublisherService
public void setJobPublisher(DataChannel jobPublisher) {
jobPublisher.subscribe(this);
* Gets the backup manager object.
* @return backup manager object
public BackupService getBackupService() {
return this;
* Service lifecycle method.
* @param logger logger object to be used by the service
public void enableLogging(Logger logger) {
m_logger = logger;
* Service lifecycle method.
* @param configuration service configuration object
public void configure(Configuration configuration) throws ConfigurationException {
// Verify MSS Home path
if (!mssHome.endsWith(File.separator))
mssHome += File.separator;
// Get the location where the backup file needs to be placed
backupLocation = configuration.getChild("BackupLocation").getValue(BACKUP_LOCATION);
// Verify backup directory path
if (!backupLocation.startsWith(File.separator))
backupLocation = mssHome + backupLocation;
if (!backupLocation.endsWith(File.separator))
backupLocation += File.separator;
// Get the file listing the files/directories to be backed up
backupListFileName = configuration.getChild("FilesList").getValue(BACKUP_LIST_FILE_NAME);
// Verify backup list file name path
if (!backupListFileName.startsWith(File.separator))
backupListFileName = mssHome + backupListFileName;
// Get the partition where the backups are kept
backupPartition = configuration.getChild("BackupPartition").getValue(BACKUP_PARTITION);
// Verify backup partition path
if (!backupPartition.startsWith(File.separator))
backupPartition = File.separator + backupPartition;
if (backupPartition.endsWith(File.separator))
backupPartition = backupPartition.substring(0, (backupPartition.length()-1));
// Get the limit on the amount of free space on the backup partition
backupPartitionLimit = configuration.getChild("BackupPartitionLimit").getValueAsInteger(backupPartitionLimit);
// Get the location where the DB dump files will be placed
dbDumpLocation = configuration.getChild("DBDumpLocation").getValue(DB_DUMP_LOCATION);
// Verify DB dump directory path
if (!dbDumpLocation.startsWith(File.separator))
dbDumpLocation = mssHome + dbDumpLocation;
if (!dbDumpLocation.endsWith(File.separator))
dbDumpLocation += File.separator;
// Get the name of DB dump backup script
dbBackupScript = configuration.getChild("DBBackupScript").getValue(DB_BACKUP_SCRIPT);
// Verify backup script path
if (!dbBackupScript.startsWith(File.separator))
dbBackupScript = mssHome + dbBackupScript;
// Get the name of DB dump restore script
dbRestoreScript = configuration.getChild("DBRestoreScript").getValue(DB_RESTORE_SCRIPT);
// Verify restore script path
if (!dbRestoreScript.startsWith(File.separator))
dbRestoreScript = mssHome + dbRestoreScript;
* Individual services can supply a list of files/directories to be backed up.
* These are files apart from the files specified in conf/files_to_backup.txt and
* will be backed up as well.
* @param files list of files/directories
public void filesToBackup(List files) {
synchronized(this) {
if (files != null) {
if (files.size() > 0) {
// Add the list contents to the current backup list
for (int i=0; i<files.size(); i++) {
String tStr = (String)files.get(i);
// Check for absolute or relative path
if (tStr.startsWith(File.separator))
servicesBackupList.add(tStr);
else
servicesBackupList.add(mssHome + tStr);
else
m_logger.info("Empty list of filenames. Nothing added.");
else
m_logger.info("Null list of filenames. Nothing added.");
* Individual services can supply a list of files/directories to be backed up.
* Specified files will be added to the file defining the list of files to be backed up.
* @param files list of files/directories
private void persistFilesToBackup(List files) {
synchronized(this) {
if (files != null) {
if (files.size() > 0) {
// Add the list of files provided to the end of file
try {
File file = new File(backupListFileName);
if ((file == null) || (!file.exists()))
file.createNewFile();
// Seek to the end of the file
RandomAccessFile rFile = new RandomAccessFile(file, "rw");
if (rFile != null) {
rFile.seek(rFile.length());
// Write the list contents to the file
for (int i=0; i<files.size(); i++) {
String tStr = (String)files.get(i);
// Check for absolute or relative path
if (tStr.startsWith(File.separator))
rFile.writeBytes(tStr + "\n");
else
rFile.writeBytes(mssHome + tStr + "\n");
else
m_logger.error("Error opening file " + backupListFileName);
rFile.close();
catch (Exception ex) {
ex.printStackTrace();
m_logger.error("Error adding entries to file " + backupListFileName, ex);
else
m_logger.info("Empty list of filenames. Nothing added.");
else
m_logger.info("Null list of filenames. Nothing added.");
* Command to be run during the backup process. Individual services can
* provide shell commands that will be executed before backing up the files.
* @param command shell command to be executed
private void runCommand(String command) {
* Creates a shell script at the specified location that will backup the
* files listed in the List passed in.
* @param scriptFileName location where the script needs to be created
* @param backupFileName name for the tar file being created
* @param backupList list of files to be backed up
private void createBackupScript(String scriptFileName, String backupFileName, ArrayList backupList) throws Exception {
// Create a new StringBuffer to build the contents to be written to the script file
StringBuffer buffer = new StringBuffer();
// Add the initial comment in the start script
buffer.append("#!/bin/sh\n" + "set -x\n\n");
// Check if the partition has enough space
buffer.append("### Check if the partition has enough space\n" +
// "diskUsed=`df -k | grep \"" + backupPartition + "\" | awk '{print $5}' | cut -d\"%\" -f1`\n" +
               " diskUsed=`df -k \"" + backupPartition + "\" | awk '{print $5}' | cut -d\"%\" -f1 | grep -v Use`\n" +
"echo \"Partition " + backupPartition + " is $diskUsed% used.\"\n" +
"if [ \"$diskUsed\" -lt \"" + backupPartitionLimit + "\" ]\nthen\n" +
" echo \"Starting backup...\"\n\n");
// Shutdown semmd
buffer.append(" ### Shutdown semm\n" + " /etc/init.d/semm stop\n" +
" sleep 2\n\n");
// MSP Limited release and earlier builds stop mysql DB and backup the
// /var/lib/mysql directory as it is. Starting MSP 1.0 GA release, mysql
// dump script will be integrated which will create sql scripts to
// restore the database.
// Check if mysql dump creation script exists
File mysqlDumpScript = new File(dbBackupScript);
if (mysqlDumpScript.exists()) {
// MSP 1.0 GA and later releases
// Run the script that will generate sql scripts that would re-create the DB as it is
buffer.append(" ### Call mysql dump script\n" +
" " + dbBackupScript + "\n\n");
else {
// MSP Limited release
// Add command to shutdown mysql
buffer.append(" ### Shutdown mysql\n" + " /etc/init.d/mysql stop\n\n");
// Change to root directory and create the tgz file
buffer.append(" ### Create tgz file\n" + " cd /\n");
// Build up the tar file name from the current date and time
String fileName = null;
if ((backupFileName != null) && (backupFileName.length() > 0))
fileName = backupFileName;
else {
// File name not provided by user, build one using the timestamp
Calendar cal = Calendar.getInstance();
Date date = cal.getTime();
fileName = "MSS-"
+ DateFormat.getDateInstance().format(date).replaceAll(" ", "").replaceAll(",", "")+ "-"
+ (new Time(cal.getTimeInMillis())).toString().replaceAll(":", "").substring(0,4);
String tarFileName = fileName + ".tgz";
// Get the current MSP Version
String mspVersion = getMSPVersion();
// Gather all the files to be backed up. Add them to the tar command and
// also dump them into the file maintaining the list of files being backed up
String listStr = "";
for (int i=0; i<backupList.size(); i++)
listStr += (String)backupList.get(i) + "\n";
// Dump the current MSP version and the list of files being backed up into a manifest file
String listFileName = fileName + BACKED_UP_LIST_FILE_NAME_SUFFIX;
RandomAccessFile file = new RandomAccessFile(backupLocation + listFileName, "rw");
m_logger.info("List of files/directories being backed up:\n" + listStr);
file.writeBytes("### MSP Version: " + mspVersion + " ###\n");
file.writeBytes(listStr);
file.close();
// Add the tar command to the script
buffer.append(" echo \"Creating " + backupLocation + tarFileName + "...\"\n" +
" tar cvhfz " + backupLocation + tarFileName + " `grep -v \"MSP Version:\" " +
backupLocation + listFileName + "`\n\n");
// Check if free space on the backup partition has reduced below the limit
// If enough space left, backup is retained, "mss" is made the owner of the files,
// "backup" is made the group the files belong to,
// permissions changed to be "0660" and
// backup action declared a success
// Else, backup files are deleted and declared a failure
buffer.append(" ### Check if the partition has enough space left\n" +
//" diskLeft=`df -k | grep \"" + backupPartition + "\" | awk '{print $5}' | cut -d\"%\" -f1`\n" +
" diskLeft=`df -k \"" + backupPartition + "\" | awk '{print $5}' | cut -d\"%\" -f1 | grep -v Use`\n" +
" echo \"Partition " + backupPartition + " is $diskLeft% used.\"\n" +
" if [ \"$diskLeft\" -gt \"" + backupPartitionLimit + "\" ]\n" +
" then\n" +
" ### Failure\n" +
" echo \"Partition " + backupPartition + " does not have enough space.\"\n" +
" echo \"Backup " + backupLocation + tarFileName + " will be removed.\"\n" +
" rm -f " + backupLocation + fileName + "*\n" +
" echo \"Backup Failed.\"\n" +
" else\n" +
                    " tar tvzf " + backupLocation + tarFileName + " > /dev/null 2>&1\n" +
" if [ ! -s " + backupLocation + tarFileName + " -o $? -ne 0 ] \n" +
                    " then\n" +
                    " echo \"MSP Backup operation is not successful. The tar file " + backupLocation + tarFileName + " contains errors.\"\n" +
                    " echo \"Please take the backup again\"\n" +
                    "     touch "+backupLocation+fileName+".err\n" +
" else \n" +
" ### Success\n" +
" ### Change the owner, group and permissions for the backup files\n" +
" chown mss " + backupLocation + fileName + "*\n" +
" chgrp backup " + backupLocation + fileName + "*\n" +
" chmod 0660 " + backupLocation + fileName + "*\n" +
" echo \"Backup Completed.\"\n" +
" fi\n" +
" fi\n\n");
// MSP Limited release and earlier builds re-start mysql. Starting
// MSP 1.0 GA release, mysql is not stopped and so re-start is not
// needed. sql scripts created by the dump script get packed into
// the tar file and so are deleted.
// Check if mysql dump creation script exists
if (mysqlDumpScript.exists()) {
// MSP 1.0 GA and later releases
// Remove DB dump files
buffer.append(" ### Remove DB Dump Files\n" + " rm -f " + dbDumpLocation + "*\n\n");
else {
// MSP Limited release
// Start mysql
buffer.append(" ### Start mysql\n" + " /etc/init

Issues in running scripts from OTM

Hi ,
I have created an endtoend scenario where the script starts from creating requistion, approval, PO creation approval , receipt creation then Invoice and payment.
My script failing with different reason for different runs. Mailnly its failing whenever the steps are referrred to Standard Oracle Forms.(Eg: Invoice Batch, Receipt Form etc).
I am running this from machine where Openscript and OTM is installed.
I tried the command line arugment like " -delayPercentage -1 -delayMin 1 -delayMax 20 " while running the script from OTM. Still issue is same. If I am not using this commad the script steps deviates and failing. I mean in script the step is to choose some responsibility A it is choosing B. To override think times recorded I have used thread.sleep(2000) after every thinktime entry to run it from openscript.
and to run it from OTM I am using above command.
Now can anyone suggest me is anyother way that we can overcome these timeout errors. Am I using command line argument in correct way ? Please help

Hi,
First try your playback from OpenScript.
Before play back go to View -> OpenScript Preferences -> PlayBack -> Oracle EBS/Forms Functional
Increase timeouts in Event Timeout. Also Increase timeout in Web Functional (Object timeout)
Then Apply and OK
Now try play back from OpenScript
Regards,
Deepu M
[email protected]

URGENT- Need advice on executing scripts from Forms 6i

Hi all,
Quick background info:
I'm working on a conversion project from Forms 4.5 client/server applications to a three tier, web based Forms 6i environment.
We're running Oracle 8i DB on HP-UX machines, Oracle 9ias on HP-UX machines, and users access forms through Netscape
on Win2000 platform.
The problem:
I have a SQL execution interface form from which users have been able to run dynamic SQL scripts w/o having direct access to
a SQL Plus prompt (uses the 'HOST' command in 4.5). How can this functionality be implemented in the three tier environment?
Unless other options are available, my plan is to use a Java servlet to access the 8i database on the UNIX box and display
output on an html page. Is there a better/easier way?!
Any advice is appreciated...
FLM
Paychex, Inc.

Thanks for the response,
I may be able to invoke the script from Forms using the HOST command, but how is the script output
displayed back to the browser?
FLM
[email protected]
You can probably still use the host to sqlplus, but this time it will run on the Forms Server.
You just need to make sure that the dynamic SQL files are uniquly identified for each customer.

Passing Multiple Parameters to SQL Script from a Shell Script

Hi Friends,
I have SQL script which accepts 6 parameters.
I am calling this from a shell script as shown below:
sqlplus -s ${ORACLE_ID} @${SQLPATH}KORONT_041.sql ${USER_ID} ${PDC} ${item_number} ${KORDC} ${PDCSET} ${last_Updated_in_hours} Out of the six parameters, item_number is not a mandatory parameter.
When i pass all six parameters, there is no issue.
But when i leave item_number blank, i am getting the below error
Enter value for 6:
User requested Interrupt or EOF detected.Based on the error, it seems that the NULL values for item_number is ignored and SQL*PLUS is waiting for one more input from user.
How can i overcome this issue?
Regards,
Sreekanth

Hi,
I am calling the shell script from concurrent program and below is the log file of the concurrent program.
Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.
KORONT_041_SH module: KORONT - Daily Item Master Update
+---------------------------------------------------------------------------+
Current system time is 29-JUN-2011 10:09:35
+---------------------------------------------------------------------------+
REQUEST_ID: 68510795
USER_ID: 4219
PDC:    85
Item Number:
KORDC:    124
PDCSET:   1100000003
last_updated_in_hours: 24
EMAIL_ID: [email protected],[email protected]
SQLPATH: /e381/oracle/asodev01appl/custom/motont/1.0.0/sql/
RPTDIR: /e381/oracle/asodev01comn/admin/out/ASODEV01_asoprdb2
RPTFILE: o68510795.out
Table truncated.
*Enter value for 6: User requested Interrupt or EOF detected.*
Table truncated.
old 15:       AND ic.organization_id   = &&4
new 15:       AND ic.organization_id   = 1100000003
0 rows created.
Input truncated to 9 characters
old   8:                AND organization_id   = &&4
new   8:                AND organization_id   = 1100000003
0 rows created.
End of SQL
No record.
+---------------------------------------------------------------------------+
Executing request completion options...
+------------- 1) PRINT   -------------+
Printing output file.
               Request ID : 68510795
         Number of copies : 0
                  Printer : noprint
+--------------------------------------+
Finished executing request completion options.
+---------------------------------------------------------------------------+
Concurrent request completed successfully
Current system time is 29-JUN-2011 10:09:38
+---------------------------------------------------------------------------+Regards,
Sreekanth

Protecting a swf from decompilation ?

The problem is the following i have an application that needs
to login to a server but in order to do that it has the admin
username and password in its actionscript.There is no way of
removing the password from the AS so i need a way to protect my
file from decompilation. Most important of all i have seen it is
possible , if you do not believe me try to decompile that ...
http://www.gotoandlearn.com

It's impossible to protect swf from decompilation, you can
only try to
obfuscate them with program like swfEncrypt.
But you even need this to achieve what you want, I'm quite
sure that
you should have a asp or php script on the server that really
do the
login put username and password only into them, they are
executed on
the server and user do not download them.
bye

Easy way to protect source code from hackers?

I did a search and couldn't come up with an answer.
I added a password script for clients on my site, but I would like to be able to (inexpensively!) protect my code from hackers so they can't view passwords and usernames.
Any one know of a good place to check?
Thanks,
Jim

The other methods are like putting a No Trespassing
sign on your door, hardly secure.
I AGREE. That is why I said it was a "fast fix" and I also said, "However if someone disabled javascript, they could still view your source."
Metaphorically
speaking if you want a vault with a moat get MySQL if
you want to keep your kids inside the playroom by
means of a plastic barrier then go with
Javascript/.htpasswd methods mentioned by other
inexperienced users that are only looking for a
"real fast fix".
.htpasswd is hardly the equivalent of the javascript method.
I am not looking for any fix, thanks. And I was just making suggestions, same as you.
I am not an inexperienced iWeb user. I am inexperienced with MySQL and PHP. Lucky for me, this is the iWeb forum.
If you do not think your photos are highly classified
information (or something) then you might want to
re-evaluate your professional priorities.
They are probably copyrighted, they are personal, maybe they aren't for the public eye, but they are not exactly confidential. The OP said he wanted to protect the passwords in the source code. I offered two ways to do this.
I'm sure
you do care about the security of your photos online
that's why iWebFAQ is defending your position on the
security issue since it seems like it is not that big
of a deal for some novice users that are simply
looking for kudos.
There you go, talking in third person again...
I am not looking for kudos. In fact, I challenge you, Jasper, to find a thread where I am asking for thanks or points or stars or $5 donations or whatever. Go for it. You won't find one.
Remember if you are Publishing to .mac you can set up
your own Password Protection in iWeb as Old Toad
first mentioned. This method is much more secure
than the Javascript method later mentioned in an
attempt to join this discussion.
If you need any more help setting up MySQL feel free
to contact iWebFAQ.
And for just a $5 suggested donation, you can find out all about how hackers operate.

SAP Script from scratch.

Hi friends.
i want to develop sap script from scratch.
please any one have good document for this, then please send me on <b>[email protected]</b>
thanks in advance.

Hi,
Please have a look at the links,
Sap Script Programming.
SAP Scripts
Regards,
Hema.
Reward points if it is useful.

Calc another calc script from a calc script or business rule

is there a way to call a common calc script segment from other calc scripts or business rules. I do not want to replicate common code in multiple business rules. This common code updates the Essbase database, so it would need to take Essbase members as parameters and be able issue calculation commands. I do not find this possible with custom macros or custom functions. Thanks - Davis ([email protected])

I do not think you can call another calc script from within a calc script. An alternative would be to write a MaxL script that strings multiple calc scripts together.Good luck.

Calling a remote SSH script from a local script

When I paste this in Terminal I get the expected output:
ssh -2 root@$SERVER /Library/WebServer/Sectrum.com/Sectrum/RSS/Update.py
However when I invoke the same command scriptomatically I get error:
: No such file or directoryctrum.com/Sectrum/RSS/Update.py
It looks like the command line is truncated by a control character? What's going on?
Are there special rules when calling an SSH remote script from inside a script on the local machine?

Just tried a test with
#!/bin/sh
ssh [email protected] command
with a remote (non-Mac OS X) box, and it worked as expected. Can you post more of an example, or can you try (for instance) invoking a bash script on the remote box with, say, an echo command or two? Try to break down the problem space here.
And in no particular order...
The root user wouldn't be my choice for this sort of thing, given the sensitivity of that username.
Try (for testing) using localhost as the host name, or the full host name.
Confirm $SERVER (and I'd probably use the ${SERVER} notation for that) is working with an echo.
And as a completely different approach, it might work to add and use a CGI path into the web server for this operation, too; to use a path other than ssh for the operation. Or (depending on what you're really doing here) maybe a periodic script. (Or Xgrid, maybe ARD or such, or any of various available distributed command environments.)

Call a host script from concurrent program without exposing APPS password?

My understanding is as of now I need to link $FND_TOP/bin/fndcpesr in order to launch a unix script as concurrent program. This implies that there will be 4 standard input parameters when a certain unix script is called including oracle schema and password. As I see it now APPS password is provided to such scripts.
Is there a way to execute a unix script from under 11i without exposing APPS password?

Many thanks.
Protecting Your Oracle User Password
In some cases, there are security concerns with passing your Oracle username and
password directly to your HOST program. If you do not want the concurrent manager
to pass your username/password to your program, you can have the manager pass it as
an environment variable instead. Or you can pass an Oracle Applications
username/password for a user with the System Administrator responsibility.
Alternatively, you can not pass it at all.
First, define your concurrent program executable as a HOST program in the Concurrent
Program Executable form.
To have the username/password passed as an environment variable, enter the term
'ENCRYPT' in the Execution Options field of the Concurrent Programs window when
defining a concurrent program using this executable. 'ENCRYPT' signals the concurrent
manager to pass the username/password in the environment variable fcp_login. The
argument $1 is left blank.
If you do not want the username/password passed to the program at all, enter
+'SECURE' in the Execution Options field. The concurrent manager will not pass the+
username/password to the program.

Run ESSCMD Script from esscmd editor

Hi How to tun esscmd script from esscmd.exe screen?i knew from from cmd center, i just like ESSCMD < filename> . thanks

Unfortunately, you cannot run an ESSCMD script from within ESSCMD itself.... you have to launch it from the command prompt, as you indicated.Regards,Jade------------------------------------Jade ColeSenior Business Intelligence ConsultantClarity [email protected]

How do I add multiple scripts from search engines to my meta tag properties?

I currently have copied the goolge script for website varification and analytics, etc and pasted it into my meta tag properties dialog box. There is no problem as far as Google varifying the page. However, I would like to copy Bing's search engine script into my meta tag in addition to Googles script. How do I go about doing this? Do I hit the return on my keyboard under the ending of Googles script, then paste in the Bing script?
The the last part of the Google script ending in this:
</script>
(paste new script from Bing here?)
Will this cancel out each other and cause problems?
Can someone walk me through this process, because Bing's search engine will not varify my site through two of the three other methods.
Ben

Adding a script after the closure of previous script is the way to go i.e. right after the </script> tag.
So it should look something like below:
<script>
Google's script
</script>
<script>
Bing's script
</script>
Cannot comment on one interfering with the other since it really depends on what exact code is there in the scripts. Google and Bing help resources will be able to help more with this.
Thanks,
Vikas

How to call shell script from a pl/sql procedure

Hi all,
I am little bit new to plsql programming, i have a small problem as follows
I have to call a shell script from a pl/sql procedure ..
Please suggest me some methods in oracle 10g, which i could make use of to achieve my goal. also please tell me what are the constraints for those methods if any.
I already came across dbms_scheduler, but i have got a problem and its nor executing properly its exiting giving 255 error or saying that permission problem, but i have already given full access to my shell scripts.
Thanks in advance
Best Regards
Satya

Hi,
Read this thread, perhaps is there your response :
Host...
Nicolas.

Protecting my script from spanners ???

Similar Messages

Maybe you are looking for