All
Accepted answers
Eduard Lebedyuk · Jan 2, 2023 go to post

How do I set up the application folder and it's sub-folders to be inaccessible to casual browsing, and only allow the application to access them?

Depending on your goal, there are different approaches available. Do you want user to see images only after logging into the application (so a general control on resources) or do you want individual access (only some users can see a specified image)?

If it's a first one, go to the web application configuration page and set Serve Files to Use InterSystems Security. In that case if the user has permissions to view a csp/cls page in this application then allow them to view a static file, if they do not have permissions to view a csp/cls page then return a 404 page not found page.

For a second case, use REST Broker to serve files and implement arbitrary checks in the broker.

Eduard Lebedyuk · Dec 22, 2022 go to post

Thanks for that detailed reply, @Michael.Cronin.

This is a lot of overhead.  Also, "do oSDA.StreamOref.Rewind()" and "oSDA.StreamPos = 1" fails to re-initialize the ..StreamBuffer.

That (StreamBuffer reinitialization by calling FillBuffer) is the first thing GetNextSDA does, so I thought it's okay? Is it not?

Eduard Lebedyuk · Dec 22, 2022 go to post

That depends on the precision you need.

1. If you need just close enough you can do this:

  • Check how much time, on avarage BS takes to run. Let's say X seconds
  • Set Call Interval on your BS to 86400-X
  • Start BS at 10:00 AM
  • Assuming average runtime stays constant it should work well enough

2. If you need to run your BS at exactly at 10:00 AM use this task to achieve that.

Eduard Lebedyuk · Dec 16, 2022 go to post

AutoCompile is enabled by default, try omitting it.

Also please try running with Verbose=3.

Eduard Lebedyuk · Dec 16, 2022 go to post

Password is stored in encrypted form and that's causing your errors.

I think it might be easier to transfer ^%SYS("sql","ODBCCONNECTION") global.

Eduard Lebedyuk · Dec 16, 2022 go to post

Something like this:

#dim results As EnsLib.LDAP.Message.Results
for i=1:1:results.Results.Count() {
	#dim result As EnsLib.LDAP.Message.Result
	set result = results.Results.GetAt(i)
	write "DN: ", result.DN, !
	write "Attributes: ", !
	for j=1:1:result.Attributes.Count() {
		#dim atribute As EnsLib.LDAP.Message.Attribute
		set atribute = result.Attributes.GetAt(j)
		write $$$FormatText("  - Name: %1, Result: %2, Value: %3", atribute.Name, atribute.Result, atribute.Value), !
	}
}
Eduard Lebedyuk · Dec 14, 2022 go to post

I'll start from the simplier one:

and also the use or  DISPLAYLIST &  VALUELIST does this brings any advantage vs defining a standard property (eg.fast access!), so instead of have to do Valuetist "H" and Dispay "Hot" why just a standard property as string containing "Hot"?

More effective storage. If you can replace Cold with 1, Medium with 2 and Hot with 3 you can save some space. Another reason is that VALUELIST turns a string into a enum, which changes the logic considerably.

Eduard Lebedyuk · Dec 13, 2022 go to post

Issue looks specific to dynamic objects:

USER>w $zv
IRIS for Windows (x86-64) 2022.1 (Build 209U) Tue May 31 2022 12:16:40 EDT
USER>set obj={"Id":"myId"} 
USER>write $property(obj,"Id")
myId
USER>write $method(obj,"IdGet")
 
WRITE $METHOD(obj,"IdGet")
^
<METHOD DOES NOT EXIST> *IdGet,%Library.DynamicObject

USER>set obj = ##class(User.A).%New()
USER>write $property(obj,"Id")
myId
USER>write $method(obj,"IdGet")
myId
Eduard Lebedyuk · Dec 8, 2022 go to post

Great find, Tani!

You can also use the same trick to remove roles temporarily (for example if you need to execute untrusted code):

Class User.Role
{

/// do ##class(User.Role).Test()
ClassMethod Test()
{
    do ..SecurityContext("Test before")
    do
    . new $roles
    . do ##class(%SYSTEM.Security).Login("UnknownUser") // has no roles
    . do ..Untrusted()

    do ..SecurityContext("Test after")
}

ClassMethod Untrusted()
{
    do ..SecurityContext("Untrusted")
}

ClassMethod SecurityContext(context)
{
    w "Context: ", context, !
    w "Roles: ", $roles, !
    w "User: ", $username, !, !
}

}

Produces this output:

Context: Test before
Roles: %All
User: _SYSTEM
 
Context: Untrusted
Roles:
User: UnknownUser
 
Context: Test after
Roles: %All
User: _SYSTEM
Eduard Lebedyuk · Dec 7, 2022 go to post

This is probably a question to raise in the WRC.

What's the MD5 hash of your InterSystems IRIS Community 2022.2.0.368.0 installation file (original exe, not the unpacked msi)?

Eduard Lebedyuk · Dec 6, 2022 go to post

This database stores audit information (actions users took during the instance lifetime).

Depending on your specific situation you might have to keep it for a while due to a contract or compliance reasons.

When DB grows unexpectedly these are the general steps:

1. Check that DB is actually full and not over-expanded. To do that go to SMP-> System Operation -> Databases -> HSAudit. Check % Free Space - that is a space allocated to IRIS.DTA but not used. You can reclaim it by truncating the database.

2. Run ^%GSIZE to get global report and see which globals are the largest. In your particular case, however, you can just go into Globals (from the Databases page) and check IRIS.AuditD which presumably consumes all the space (in details you can calculate space consumption).

3. Based on (2) results do something about the largest globals. In your case, if it's indeed IRIS.AuditD check which system events are logged most often and either fix that (if it's a PROTECT error for example), disable auditing for that particular event. Note that usually old audit entries are purged by a task, maybe something is wrong with that.

Eduard Lebedyuk · Nov 30, 2022 go to post

No, the entire menu is hardcoded as is.

You can use DeepSee/BI User Portal (advantage: public items are available for everyone, disadvantage: requires navigation to a specific ns), but real SMP menu modification requires editing code you shouldn't edit.

Why not favorites? You can autopopulate it on ZSTART.

Eduard Lebedyuk · Nov 24, 2022 go to post

InterSystems is aware of the issue, it will be fixed soon.

UPD: Should be working now.

Eduard Lebedyuk · Nov 23, 2022 go to post
Great!

How does:

As of 2022.2 releases, ARM and Intel platform containers are published under the same name.

So on an Intel machine "docker pull containers.intersystems.com/intersystems/iris:1111.2.3.456.0" will return the intel image, on an ARM machine that same pull will return the ARM image automatically, without needing to have a special .../iris-arm image.

relate to

  • docker pull containers.intersystems.com/intersystems/iris-community-arm64:2022.3.0.545.0
  • docker pull containers.intersystems.com/intersystems/irishealth-community-arm64:2022.3.0.545.0

?

Eduard Lebedyuk · Nov 18, 2022 go to post

2016.1 to anything

System Methods! Search your codebase for ".$from" and ".$to".

You'll have to change your application code if there are System Methods present present.

Other than that, you might want to update to 2017.1 to take an advantage of Frozen Plans.

Is it possible to test update procedures on dev/test deployment first?

Eduard Lebedyuk · Nov 18, 2022 go to post

This question has been discussed with an AWS SWE and their answer is that as long as we're using a main route table for a VPC, it should survive an AZ failure and so we could update it even in the case of an AZ failure.

Additionally, this scenario has been tested (as far as we're able to simulate a failure) and it does work as expected.

While there is an endless variety of how things can fail, I'm reasonably sure that the approach outlined in the article is resilient to an AZ failure.

Eduard Lebedyuk · Nov 14, 2022 go to post

Here's an example, but it looks like you have tried these settings.

Does your Gmail mailbox allow SMTP? It must be explicitly enabled I think.