All
Accepted answers
John Murray · Mar 2, 2017 go to post

My post got misclassified as a Question rather than an Article. I've added this dummy answer to remove it from the "unanswered" list.

John Murray · Mar 2, 2017 go to post

Joyce answered this in a comment. I'm adding this as an answer so that the post no longer lists as "unanswered".

John Murray · Feb 28, 2017 go to post

Re the better notification, I just got this one in my hourly digest:

But it looks like it was triggered by a new comment added to the answer, not by a new answer. There is currently only one answer on the question, and that was added just over a day ago. But a new comment was added to that answer about an hour ago.

John Murray · Feb 27, 2017 go to post

Glad to have helped. Please click the checkmark alongside one of the answers so that the question no longer lists as "unanswered".

John Murray · Feb 27, 2017 go to post

After Michael's post originally appeared on the intersystems-public-cache Google Group (as a result of the automatic crossposting being done by a username intersystems.dc) my colleague George James responded in the Google Group (GG). However, whatever mechanism the user intersystems.dc has set up for crossposting only handles the initial DC post, and nor does it feed GG responses back to DC. So I'm re-posting George's response here where I think it will get a wider audience.

George wrote:

It seems to me that your ixdLastName index might be usable as some kind of rainbow table to attack the data contained in the AES encrypted field.
 

If I were able to perform a chosen-plaintext attack then querying with like 'J%', then 'Ja%', then 'Jam%' would trivially discover where my name was in the database. 

 
Have you carried out a cryptographic analysis of the strength of this approach?  Logically it must be weaker than just AES on its own.  My question is how much weaker?
John Murray · Feb 27, 2017 go to post

Amplifying what Dmitry wrote, here's the web app I defined to make your example class work:

I also had to change your classmethods so they Quit $$$OK instead of simply quitting.

And to test from the browser I used http://localhost:57772/csp/user/testing/print because that's the route you have defined as accepting the GET method from the browser.

There's a REST sample (REST.DocServer) in the SAMPLES namespace. To use it you need to enable the /csp/samples/docserver web application by setting this checkbox:

Then this URL will return the source of the Cinema.Review class from the SAMPLES namespace:

http://localhost:57772/csp/samples/docserver/class/samples/Cinema.Review

Given that this REST sample will return the source of any class from any namespace, it's understandable that the /csp/samples/docserver application is disabled by default on a new installation.

John Murray · Feb 27, 2017 go to post

In case it's not obvious to people, the Security package is only available in the %SYS namespace.

John Murray · Feb 24, 2017 go to post

I am also on Windows 10 and just updated Atelier from 1.0.262 to 1.0.263. I'm not seeing what you're seeing. My icons don't seem to have changed.

John Murray · Feb 24, 2017 go to post

So far I've not had any success in engaging with whoever controls that group. My message using the "Contact owner" link from the group's About page has produced no response. The last few times I've started a new post to the group I've been told it'll have to go through moderation. Then silence.

John Murray · Feb 21, 2017 go to post

Can I use the analytics to identify questions with at least one answer but with no accepted answer?

John Murray · Feb 21, 2017 go to post

Thanks for the update and the detailed info.

Re #4, I just went through the 46 pages that the "unanswered" filter returned, looking for questions I asked in order to pick an accepted answer. Could I have done that more easily than scanning each of the 46 pages one at a time?

John Murray · Feb 17, 2017 go to post

I guess this means that if you code things to allow the requester to specify the filename you may wish to take precautions against a directory escape exploit.

John Murray · Feb 14, 2017 go to post

The docs for GetConnectionList state "The list is obtained from the client machine's registry" so it's equivalent to the list of connections you can see in the "Preferred Server" submenu from your local system tray cube.

What is the $ZV string of the Cache instance on port 1972 on server 10.56.135.160 ?

John Murray · Feb 10, 2017 go to post

Are you able to try CTerm.exe from an older Caché? Maybe the newer ones are coded to do fancier things such as work over a SSL/TLS connection. In which case, an older one might not have such demanding requirements of its host platform's APIs.

John Murray · Feb 10, 2017 go to post

Thanks for posting this info Jamie, but please make the diagram PushPull.png available to us. One way is to use this button in the DC editor:

John Murray · Feb 7, 2017 go to post

Based on my reading of 2014.1 code the Exists method in Ens.Util.FunctionSet doesn't check locks when testing for the existence of the entry.

I think the Save button from Portal leads to the SaveLookupTable method of EnsPortal.LookupSettings. That method obtains an exclusive lock on the subtree of ^Ens.LookupTable where the LUT gets stored. It then kills the entire LUT and re-files each entry one by one. Once finished it releases the lock.

All of that is protected by a TSTART / TCOMMIT but this is not sufficient to prevent another process momentarily detecting the absence of an entry that would normally exist.

John Murray · Feb 2, 2017 go to post

I assume you want the subscripts of the global always to collate as strings. If so, here's how you can specify the collation type of a global when you create it. Note that the global must not exist to start with:

USER>w $D(^a)
0
USER>s sc=##class(%Library.GlobalEdit).Create(,"a",133)
 
USER>w sc
1
USER>s ^a("1.0012")=""
 
USER>s ^a("1.0011")=""
 
USER>s ^a("1.0010")=""
 
USER>zw ^a
^a("1.0010")=""
^a(1.0011)=""
^a(1.0012)=""
 
USER>

To get a list of collation codes (which is where I found 133):

%SYS>d ^COLLATE
 
Status       Number   Abbrev   Name
----------   ------   ------   ----------------------
Built-in        0     OANS     ISM Pre-6.2
Built-in        1     ANSI     ISM 6.2->6.4
Built-in        2     COBR     Ipsum/Cobra
Built-in        3     DTMC     DTM-compatible
Built-in        4     CBR2     Ipsum/Cobra-2
Built-in        5     UNIC     Cache standard
Not loaded     10     GER1     German1
Not loaded     11     POR1     Portuguese1
Not loaded     12     POL1     Polish1
Not loaded     13     GER2     German2
Not loaded     14     SPA1     Spanish1
Not loaded     15     DAN1     Danish1
Not loaded     16     CYR1     Cyrillic1
Not loaded     17     GRE1     Greek1
Not loaded     18     CZE1     Czech1
Not loaded     19     CZE2     Czech2
Not loaded     20     POR2     Portuguese2
Not loaded     21     FIN1     Finnish1
Not loaded     22     JAP1     Japanese1
Not loaded     24     POL2     Polish2
Not loaded     27     FRE1     French1
Not loaded     28     FIN2     Finnish2
Not loaded     29     HUN1     Hungarian1
Not loaded     30     GER3     German3
Not loaded     31     POL3     Polish3
Not loaded     32     SPA2     Spanish2
Not loaded     33     DAN2     Danish2
Not loaded     34     GRE2     Greek2
Not loaded     35     FIN3     Finnish3
Not loaded     36     LIT1     Lithuanian1
Not loaded     37     CYR3     Cyrillic3
Not loaded     38     SLO1     Slovenian1
Not loaded     39     SLO2     Slovenian2
Not loaded     40     TUR1     Turkish1
Not loaded     41     DAN3     Danish3
Not loaded     42     UKR1     Ukrainian1
Not loaded     43     CYR4     Cyrillic4
Not loaded     44     CZE3     Czech3
Not loaded     46     MAL1     Maltese1
Not loaded     48     MAL2     Maltese2
Not loaded     49     SPA4     Spanish4
Not loaded     50     SLO1     Slovak1
Not loaded     51     SPA5     Spanish5
Not loaded     52     FIN4     Finnish4
Built-in      128     OSTR     ISM Pre-6.2 string
Built-in      129     NSTR     ISM 6.2->6.4 string
Built-in      133     USTR     Cache standard string
 
%SYS>

If you don't want to have to bother with setting the global to use String collation rather than the default (which will be what's sometimes called Numeric collation), then prefix all your subscripts with a character that will force them to be interpreted as a string. Cache SQL uses this trick internally, adding a leading space (" ") to the subscripts it creates.

John Murray · Feb 1, 2017 go to post

It's now been confirmed that the relevant parsers will not be ported to OpenVMS. So it'll never be possible to roundtrip all classes in UDL from that platform.

Also worth noting that GetTextAsFile appears to pre-delete the class it's about to import before it encounters the parse error and aborts the import. So you're left without a copy of the class in your namespace. Oops!

John Murray · Feb 1, 2017 go to post

Good point Jon. It does appear that the site I saw this happen on could be using a custom CZF.EXE, in which case perhaps GETFILE was omitted from its source CZF.C

John Murray · Feb 1, 2017 go to post

I think you could simplify your first approach a little by reverting to calling OpenStream on your reader object rather than using OpenFile:

  // 1st approach - it succeeds, so the file errorOpenFile.xml is NOT generated
  //    
  d msg.Value.Rewind()
  set fs=##class(%Stream.FileCharacter).%New()
  set fs.Filename="D:\DATABASES\OVPATH\temp\test.xml"
  set fs.TranslateTable = "UTF8"
  set tSC=fs.CopyFrom(msg.Value)
  set tSC=fs.%Save()
    
  s reader=##class(%XML.Reader).%New()

  d fs.Rewind() // might not be necessary, but won't hurt
  Set sc = reader.OpenStream(fs)

 

Anyhow, the fact that you don't get an error confirms my hypothesis that the original stream (msg.Value) contains Unicode data but the reader treats it as though it is UTF8-encoded.

In your code above I think you can also omit the line where you set fs.Filename and instead allow the stream to generate its own temporary file. Explicitly naming the file may be handy when debugging, but it will cause problems if more than one process runs this code concurrently.
 

John Murray · Jan 31, 2017 go to post

Thanks for looking John. Since raising the question here I have opened a WRC ticket. The WRC agent's initial test on an Alpha platform didn't recreate the problem, so they're now going to try on an Integrity instance using the exact build I'm seeing it on.

John Murray · Jan 31, 2017 go to post

Based on our comment thread I think the most likely cause is that the pInput %Library.GlobalCharacterStream (originating from the Value property of the object that was returned when you Invoke your webmethod) starts with an XML header claiming that its encoding="UTF-8" but I suspect that the characters within that global stream are actually Unicode rather than UTF8-encoded.

To test this theory I suggest you create a new %Library.FileCharacterStream, set its TranslateTable property to "UTF8", then use its CopyFromAndSave method to fill it with the contents of pInput. Now pass your FileCharacterStream to your %XML.Reader's OpenStream method and see if you still get the SAX error.

John Murray · Jan 31, 2017 go to post

There's no BOM, and the XML header claims that the content is UTF-8 encoded. But on your other post you reported that your content contains a left-single-quote character and that the SAX parser choked on a character, which I suspect was this character in Unicode form rather than UTF-8 encoded.

So, what originally wrote the pInput stream's content? Did it actually UTF-8 encode the data it wrote to the stream?

John Murray · Jan 31, 2017 go to post

What does the start of the pInput stream contain? One quick but ugly way of checking this would be to write it to a scratch global before the call to OpenStream which errors, e.g.

Set ^tMurillo=pInput.Read(255) Do pInput.Rewind()

Then afterwards run the following in Terminal:

w ^tMurillo

w $a(^tMurillo,1),!,$a(^tMurillo,2),!,$a(^tMurillo,3)

This should show us whether the creator of the stream started it with a BOM character or sequence, and also whether there is an XML header specifying an encoding.

That information is apparently important to the %XML.SAX.StreamAdapter used by %XML.SAX.Parser, which in turn is what the OpenStream method of %XML.Reader uses.

John Murray · Jan 30, 2017 go to post

I'll repeat what I wrote on the previous DC thread you opened about this issue:

I think you need to focus on the input stream. What type of stream is pInput ? You can get its classname using pInput.%ClassName(1)

If it is a file stream, what wrote it? Does its file contain a BOM at the start?

John Murray · Jan 30, 2017 go to post

Please clarify what you mean by "browse the file contents".

Are you opening c:\TEMP\SoapTree.xml in a text editor?

Maybe that editor is assuming that the file is UTF8-encoded.

Can you view it in a tool that shows you the byte values it contains?

Did you have a particular reason for choosing to write the file using an instance of %Stream.FileBinary instead of %Stream.FileCharacter?

Also, be aware that the WebMethod classmethod of %SOAP.WebBase is tagged as "Internal" and commented thus:

/// This method is used internally by Caché. You should not make direct
/// use of it within your applications. There is no guarantee made about either
/// the behavior or future operation of this property.
 

John Murray · Jan 26, 2017 go to post

I think you need to focus on the input stream. What type of stream is pInput ? You can get its classname using pInput.%ClassName(1)

If it is a file stream, what wrote it? Does its file contain a BOM at the start?

You might need to open a support case with WRC. I don't work for InterSystems.