Tuesday, February 24, 2009

fix for sql injection

SET NOCOUNT ON

DECLARE @stringToFind VARCHAR(100)
DECLARE @stringToReplace VARCHAR(100)
DECLARE @schema sysname
DECLARE @table sysname
DECLARE @count INT
DECLARE @sqlCommand VARCHAR(8000)
DECLARE @where VARCHAR(8000)
DECLARE @columnName sysname
DECLARE @object_id INT

SET @stringToFind = '<>'


SET @stringToReplace = ''

DECLARE TAB_CURSOR CURSOR FOR
SELECT B.NAME AS SCHEMANAME,
A.NAME AS TABLENAME,
A.OBJECT_ID
FROM sys.objects A
INNER JOIN sys.schemas B
ON A.SCHEMA_ID = B.SCHEMA_ID
WHERE TYPE = 'U'
ORDER BY 1

OPEN TAB_CURSOR

FETCH NEXT FROM TAB_CURSOR
INTO @schema,
@table,
@object_id

WHILE @@FETCH_STATUS = 0
BEGIN
DECLARE COL_CURSOR CURSOR FOR
SELECT A.NAME
FROM sys.columns A
INNER JOIN sys.types B
ON A.SYSTEM_TYPE_ID = B.SYSTEM_TYPE_ID
WHERE OBJECT_ID = @object_id
AND IS_COMPUTED = 0
AND B.NAME IN ('char','nchar','nvarchar','varchar','text','ntext')

OPEN COL_CURSOR

FETCH NEXT FROM COL_CURSOR
INTO @columnName

WHILE @@FETCH_STATUS = 0
BEGIN
SET @sqlCommand = 'UPDATE ' + @schema + '.' + @table + ' SET [' + @columnName + '] = REPLACE(convert(nvarchar(max),[' + @columnName + ']),''' + @stringToFind + ''',''' + @stringToReplace + ''')'

SET @where = ' WHERE [' + @columnName + '] LIKE ''%' + @stringToFind + '%'''

EXEC( @sqlCommand + @where)

SET @count = @@ROWCOUNT

IF @count > 0
BEGIN
PRINT @sqlCommand + @where
PRINT 'Updated: ' + CONVERT(VARCHAR(10),@count)
PRINT '----------------------------------------------------'
END

FETCH NEXT FROM COL_CURSOR
INTO @columnName
END

CLOSE COL_CURSOR
DEALLOCATE COL_CURSOR

FETCH NEXT FROM TAB_CURSOR
INTO @schema,
@table,
@object_id
END

CLOSE TAB_CURSOR
DEALLOCATE TAB_CURSOR

Wednesday, February 04, 2009

Apache MyFaces Trinidad

NOTE: some how all the xml related syntax is removed while rendering the post in blogspot.


My team is exploring the use of JSF into one of our applications.

We had smooth sail until we decided to use trinidad components. We wanted to have out of box support for the features we wanted to build into application and tomahawk and trinidad seem to be the way to go.
Some of the dependencies we had in our project POM file(related with myfaces and trinidad) are

org.apache.myfaces.core
myfaces-api
1.2.2
compile




org.apache.myfaces.core
myfaces-impl
1.2.2
compile



org.apache.myfaces.tomahawk
tomahawk
1.1.8
runtime


javax.servlet
jstl


org.apache.myfaces.core
myfaces-api


org.apache.myfaces.core
myfaces-impl





jstl
jstl
1.2
runtime



com.sun.facelets
jsf-facelets
1.1.11




org.apache.myfaces.trinidad
trinidad-api
1.2.1




org.apache.myfaces.trinidad
trinidad-impl
1.2.1


org.apache.myfaces.trinidad
trinidad-build
1.2.1



Contents of web.xml






contextConfigLocation
classpath:applicationContext.xml


org.springframework.web.context.ContextLoaderListener


org.springframework.web.context.request.RequestContextListener


org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL
true


facelets.LIBRARIES
/WEB-INF/tomahawk.taglib.xml


javax.faces.DEFAULT_SUFFIX
.xhtml


facelets.DEVELOPMENT
true


javax.faces.CONFIG_FILES
/WEB-INF/backoffice-config.xml


javax.faces.STATE_SAVING_METHOD
client


org.apache.myfaces.NUMBER_OF_VIEWS_IN_SESSION
20


org.apache.myfaces.SERIALIZE_STATE_IN_SESSION
true


org.apache.myfaces.COMPRESS_STATE_IN_SESSION
true


org.apache.myfaces.ALLOW_JAVASCRIPT
true


org.apache.myfaces.DETECT_JAVASCRIPT
false


org.apache.myfaces.PRETTY_HTML
true


org.apache.myfaces.AUTO_SCROLL
true


org.apache.myfaces.SECRET
NzY1NDMyMTA=


org.apache.myfaces.VALIDATE
true


org.apache.myfaces.READONLY_AS_DISABLED_FOR_SELECTS
true


org.apache.myfaces.ADD_RESOURCE_CLASS
org.apache.myfaces.renderkit.html.util.DefaultAddResource


org.apache.myfaces.RESOURCE_VIRTUAL_PATH
/faces/myFacesExtensionResource


org.apache.myfaces.CHECK_EXTENSIONS_FILTER
true


javax.faces.PARTIAL_STATE_SAVING_METHOD
false



extensionsFilter
org.apache.myfaces.webapp.filter.ExtensionsFilter

uploadMaxFileSize
100m


uploadThresholdSize
100k



extensionsFilter
*.jsf


extensionsFilter
/faces/*


org.apache.myfaces.webapp.StartupServletContextListener


Faces Servlet
javax.faces.webapp.FacesServlet
1


Faces Servlet
*.jsf


index.jsp
index.html


trinidad

org.apache.myfaces.trinidad.webapp.TrinidadFilter



trinidad
Faces Servlet


resources

org.apache.myfaces.trinidad.webapp.ResourceServlet



resources
/adf/*



org.apache.myfaces.trinidad.ALTERNATE_VIEW_HANDLER
com.sun.facelets.FaceletViewHandler



facelets.VIEW_MAPPINGS
*.xhtml





faces-config.xml content is



org.springframework.web.jsf.DelegatingVariableResolver


org.apache.myfaces.trinidad.core




Eclipse design time didnt handle trinidad tags properly (no UI rendering for tr components),but it worked fine.

What I needed was to select rows in table using radio button option. It looks simple functionality but always it created problem. I remember doing some custom java script implementation to handle it, then we had difficult time even in .Net development. Now in java also we spent few days in fixing some very basic issue.
It is not technology which need to be blamed all the time. if we started with the formal instructions, it would have been very easy for us.

VMWare Server 2.0 on Ubuntu - Guest windows 2003 server

I had a need to refresh my M$ Knowledge and tried to do that.

As my laptop (inspiron 1525) runs with Ubuntu, I have downloaded vmware server 2.0 (available for free from vmware site). And then installed windows 2003 on it.

Few issues and how I resolved it.

1. default windows desktop size was very small.
fix: increase the resolution, and it made my windows desktop to use full laptop screen.
2. Login problem:
I was not able to send Ctrl+Alt+Del signal after installing it, but then some one on internet suggested to try
Ctrl+Alt+ PrintScrn combination, it worked.
3. Keyboard problem: Del button and arrow keys were not working. probably some other keys were too not working. down arrow was behaving as if it is the windows button, and backspace was working as del button. Yes I had no way of backspacing my text.

Fix: I followed this link and found the fix working.

I tried solution 3 mentioned in the blog post.
i.e login as root and execute 'echo "xkeymap.nokeycodeMap = true" >> ~/.vmware/config'
It worked for me. Yes it is not the typical sudo. sudo didnt work for me (also mentioned in the article). Opened new shell and logged in as root. then executed this command.

Surprising, it worked. now I am very much comfortable in the vmware win2k3 image.


Yes, as it is free ware, vmware might have left some known issues along with it. But then I am able to solve the issues in front of me.

Now, I can stick to Ubuntu and occassionally use windows by vmware server web console for specific needs.

I am happy.