Article David Crawford · Jul 31, 2019 2m read Anti CSRF Methods IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.See the following link from OWASP for the definition of a CSRF attack:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) #CSP #JavaScript #REST API #Security #Frontend #Caché #InterSystems IRIS Open Exchange app 4 5 1 700
Article David Crawford · Jul 26, 2019 3m read Dynamic SQL to Dynamic Object Hello community! I have to work with queries using all kinds of methods like embedded sql and class queries. But my favorite is dynamic sql, simply because of how easy it is to manipulate them at runtime. The downside to writing a lot of these is the maintenance of the code and interacting with the output in a meaningful way. #Code Snippet #ObjectScript #SQL #Caché #InterSystems IRIS #Open Exchange Open Exchange app 7 7 2 1.1K
Question David Crawford · Jul 15, 2019 Non CSP Files CSP pages extend %CSP.Page. What about html/css/js/etc that are hosted on the same web application? Is there any way to override how they're processed like with how you can override a CSP page and CSP REST logic?Thank you!David #CSP #HTML #Frontend #Caché 0 4 1 324
Question David Crawford · May 7, 2019 Linked Tables and Dialects Hi! I've been fiddling with linked tables to get data from other servers, and I encountered a problem that I'm curious about. Maybe I'm not using these tools as intended or there's more going on, so I'm asking here.I'm running a query on linked table A, something simple like this:select name from A where id = 5983658923646And I get this error:[SQLCODE: <-400>:<Fatal error occurred>] [%msg: <>] #Databases #ObjectScript #SQL #Caché 0 6 0 562
Question David Crawford · Jun 18, 2018 CSP Error Log I thought I should be able to go to the application error log or look at d ^%ER when I get the following error in the browser when troubleshooting a CSP page:An error occurred with the CSP application and has been logged to system error log (^ERRORS)However nothing is being generated in these logs. Where are these logs being made?Thank you #CSP #Caché 2 9 1 2.4K
Question David Crawford · Jun 14, 2018 Stop Storing Atelier Credentials As part of our security standards, we can't have our applications saving our credentials. For Atelier, this means our server connections. Is there a way to stop this by saving the connection parameters, but prompting for credentials on each run? Or is there another way?Thank you #Eclipse 2 6 0 644
Question David Crawford · Jun 5, 2018 Ternary Operators Hello community, simple question. I've been able to use a ternary operator equivalent by using $select for inline if statements using this pattern:set x = 1set result = $select(x = 1: "true", x = 0: "false")These can be nested and can have a lot of options. But I'm curious if there is a native way of using ternary operators in ObjectScript?Thank you #Caché 0 1 0 1.5K
Question David Crawford · Feb 20, 2018 REST Data Limit I'm experimenting with sending large amounts of data in a POST payload to be stored as a stream. However I've noticed that no matter how many characters are in the message, Cache only gets about 32k of them, cutting off the rest. Conversely as expected it can only send about 32k worth of characters in a payload. Before I get creative, is there a REST message size limit that can be changed? Or is there something else going on here? Thank you! #API #REST API #Caché 1 9 0 1.3K
Question David Crawford · Feb 15, 2018 Retrieving REST Data I'm sending data via ajax to my REST service, and while retrieving any information sent in the url parameter is easy when they're defined in the route, I can't get anything if I store information in the data parameter. For example: $.ajax({ url: "ServerURL", data: { "some": "json" } //How do I get this information? ... I've looked at many common solutions such as here: #REST API #Caché 0 8 0 1.3K
Question David Crawford · Jan 19, 2018 Unauthenticated Functions Hello, Is there a way for Class Methods to be called from a CSP page before a user is authenticated, and without any session information? Thanks! #CSP #Caché 0 1 0 314
Question David Crawford · Jan 11, 2018 Best way to store session data? Hello everyone, What has been the best way for you to store and retrieve session information about a user for CSP projects? I can use these methods easily: CSP Session Management however I'd like to know if there's a better way to keep more permanent information, or should it all be kept in a class? #CSP #Caché 0 3 0 972
Question David Crawford · Dec 20, 2017 Atelier Evaluation Sandbox? Hello everyone, I work for a company that currently uses Studio on version 2016.1.2, and will be looking at options to upgrade to 2016.2 and beyond. This would also include the potential to switch from Studio to Atelier, however there are a lot of workflow changes and new features to test.Does Atelier have a simple way to evaluate what it has to offer without needing to setup an entire separate environment? How did your organization demo its features before committing? #Beginner #Development Environment #Testing 0 2 0 401
All posts
All posts
All posts