go to post Dmitry Maslennikov · Nov 24, 2020 Your local instance has its own local version of documatic. So, it's available offline.
go to post Dmitry Maslennikov · Nov 24, 2020 The applications you mentioned, it's not exactly applications, it's just kind of entrypoint to the application. Security in Caché and in IRIS now, was not so good in my opinion, for many reasons. An application developer, if he would like to use role-based security is too limited to use the Security model from InterSystems. And no matter how many different applications customers would like to use on their own Instance of IRIS, security will be global. Issues with mirroring, with ECP, any instance of IRIS use own tables, and have to be synchronized in some ways. Such big clusters should have the ability to use the same security settings on any instance, out of the box. Application, real, not virtual, should have the ability to re-use Security and store it close to Application's data.
go to post Dmitry Maslennikov · Nov 23, 2020 You have to use HTTPS, for such tasks, encryption passwords on the client-side not secure in any way. The only way to make it secure is by using SSL. Base64 is far from Security, anybody with such a string can get a real password. With SSL, it will be impossible to decrypt any traffic between client and server. So, even way, to catch anything about a password.
go to post Dmitry Maslennikov · Nov 22, 2020 set $property(SourceTable, "Field"_i) = $PIECE(line, "|", i) https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls...
go to post Dmitry Maslennikov · Nov 20, 2020 You should understand that there are no reasons, to implement something, which can be done better with external solutions. On Linux InterSystems does not have even telnet, for the same reasons. I'm against implementing it directly in Caché/IRIS. Back to your the next issue. You have to understand that ssh connection should use authentication, and for sure it should be done on InterSystems side, it's should be done on SSH level. And I see only one way, how to implement it, is using Kerberos. I would suggest that, if you have Windows in your park machine, you may have Active Directory, so, Singe Sign On with Active Directory, looks the best way (it's even possible with Linux). Your users in Caché, should be tied with Active Directory accounts. Target Windows server and Caché should be configured for Kerberos authentication, as well as SSH server. In this case, any user already signed on on their machine with Active Directory account, may get fast connection to the system on Caché through SSH, without any prompt for login/password. Using the right SSH client, which will support Kerberos. It does not matter if you even used Linux, and had to solve the same task, the solution would be exactly the same.
go to post Dmitry Maslennikov · Nov 19, 2020 Well, I have not used Admin SDK in google, yet. And it was the first time, for me. But I've managed to get JWT and AccessToken, and was able to make requests. Unfortunately, configuration on the IRIS side is very tricky. OAuth2 Client server should be filled manually Issuer endpoint: https://oauth2.googleapis.com/token This issuer is important SSL configuration: created manually, only fill the name And two required endpoints https://accounts.google.com/o/oauth2/v2/auth https://oauth2.googleapis.com/token I did not use JSON file with private key here. But I've used it for X509 I did not manage to get it worked without configured X509. URL from `client_x509_cert_url` field in JSON provided by Google, opened it in browser, It contains three certificates in JSON. Took the latest one. Saved in file, replaced \n with end lines. and `private_key` from file, saved as google.key. When press save, it compares certificate and private key if the match, it will be saved. Back to OAuth2, create client configurations. First of all, go to JWT settings, fill just created X509. And Request Algorithms. On the Client Credentials, tab fill Client ID with value of `client_email` from JSON. Back to General, tab, fill Application name, SSL configuration. Client Type as Resource server, ( by unknown reasons will hide Request algorithms group of fields on JWT tab). And that's it. Code to create JWT Set p("scope") = "https://www.googleapis.com/auth/admin.directory.user" Set p("exp") = ##class(%OAuth2.Utils).TimeInSeconds($ZTimestamp, 3600) Set p("iat") = ##class(%OAuth2.Utils).TimeInSeconds($ZTimestamp) Set jwt = ##class(%SYS.OAuth2.Request).MakeRequestJWT("google", .p, .tSC) If $$$ISERR(tSC) { Do $System.OBJ.DisplayError(tSC) Quit } Write !,"JWT:",!,jwt It Should be quite long, and have three groups, separated by dots, if it ends with a dot, means it did not find how to sign it. Check the settings. And request access token Set hs = ##class(%Net.HttpRequest).%New() Do hs.InsertFormData("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer") Do hs.InsertFormData("assertion", jwt) Set hs.Https = 1 Set hs.SSLConfiguration = "google" Set tSC = hs.Post("https://oauth2.googleapis.com/token") If $$$ISERR(tSC) { Do $System.OBJ.DisplayError(tSC) Quit } Set response = {}.%FromJSON(hs.HttpResponse.Data) Set accessToken = response."access_token" Write !!,"AccessToken:",!,accessToken And finally you can use that access token in the header Authorization, with prefix Bearer Set hs = ##class(%Net.HttpRequest).%New() Do hs.SetHeader("Authorization", "Bearer " _ accessToken) Set hs.Https = 1 Set hs.SSLConfiguration = "google" Set tSC = hs.Post("https://www.googleapis.com/admin/directory/v1/users") If $$$ISERR(tSC) { Do $System.OBJ.DisplayError(tSC) Quit } Set response = {}.%FromJSON(hs.HttpResponse.Data)
go to post Dmitry Maslennikov · Nov 19, 2020 VSCode, while configured to work with docker, have a short action to open terminal, through menu on connection status
go to post Dmitry Maslennikov · Nov 19, 2020 Configuring SSH to connect to Caché, on Windows will be almost the same as doing it on Linux. You have to install any SSH server, for instance, OpenSSH. And then configure there default shell, to be something like this c:\intersystems\cache\bin\cache.exe -s c:\intersystems\cache\mgr or for iris, use irisdb.exe, instead c:\intersystems\iris\bin\irisdb.exe -s c:\intersystems\iris\mgr but it looks, that to change default shell in openSSH, you have to edit the registry.
go to post Dmitry Maslennikov · Nov 18, 2020 JWT, is mostly on the server-side in such relations. And in your case, I suppose google should send it. Could you please share the exact Google API you are going to use? It would be easier to understand what are you going to achieve and how to help. There is a way, on how to generate JWT in IRIS or in Caché latest versions, but I'm just not sure, that you are going the right way.
go to post Dmitry Maslennikov · Nov 13, 2020 To load such XML files, you have to use $system.OBJ.Load("/path/to/some.xml", "ck", .errors) - Just one file $system.OBJ.LoadStream(stream, "ck", .errors) - Load from stream $system.OBJ.LoadDir("/path/to/sources", "ck", .errors, 1) - Load any source code files, recursively $system.OBJ.ImportDir("/path/to/sources", "*.xml", "ck", .errors, 1) - Load any source code files by specified filter, recursively
go to post Dmitry Maslennikov · Nov 13, 2020 This may happen if you have not opened just created workspace. You have to open any folder or workspace file.
go to post Dmitry Maslennikov · Nov 9, 2020 I've never faced with accents, so, not sure about this case. But I see many useful use cases for using slugify in SQL. But this feature looks more complex in realization. There are many realizations in many languages, but no standard at all. For the info, slug, slugify, translates string in any language to ASCII, URL compatible string. For instance, it would help to get a cost-effective, language-independent index, but with a quite correct order.
go to post Dmitry Maslennikov · Nov 9, 2020 Sorry, it's just for discussion, to see how people would do some simple task.
go to post Dmitry Maslennikov · Nov 9, 2020 For sure, you have good points, but some points just out of scope at all. Yes, it's limited anyway. My main point is to not have a limited number of parameters like below ClassMethod setValue(key1, key2, key3, key4, value) As %Status And I was just curious if the community knows how to deal with MultiDimensional property, in such a case.
go to post Dmitry Maslennikov · Nov 9, 2020 Yes, this is better, I would even use this s name=$name(%session.Data)
go to post Dmitry Maslennikov · Nov 9, 2020 Nope, still not what I mean, I have a better solution, just would like to see if the community will find it.
go to post Dmitry Maslennikov · Nov 9, 2020 Quite simple, but could be even better, with no useless quotations
go to post Dmitry Maslennikov · Nov 6, 2020 IRIS is a kind of replacement for Caché, which now no active development. So, while you are evaluating it, you should not look for Caché, and switch to IRIS.
