bourne - Page 2 - Developer IT

Prevent SQL injection from form-generated SQL.

- by Markos Fragkakis

Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

Read the article

How do I prevent a ManyToManyField('self') from linked an object to itself?

- by dyve

Consider this model (simplified for this question): class SecretAgentName(models.Model): name = models.CharField(max_length=100) aliases = ManyToManyField('self') I have three names, "James Bond", "007" and "Jason Bourne". "James Bond" and "007" are aliases of each other. This works exactly like I want it to, except for the fact that every instance can also be an alias of itself. This I want to prevent. So, there can be many SecretAgentNames, all can be aliases of each other as long as "James Bond" does not show up as an alias for "James Bond". Can I prevent this in the model definition? If not, can I prevent it anywhere else, preferably so that the Django Admin understands it?

Read the article

input of while loop to come from output of `command`

- by Felipe Alvarez

#I used to have this, but I don't want to write to the disk # pcap="somefile.pcap" tcpdump -n -r $pcap > all.txt while read line; do ARRAY[$c]="$line" c=$((c+1)) done < all.txt The following fails to work. # I would prefer something like... # pcap="somefile.pcap" while read line; do ARRAY[$c]="$line" c=$((c+1)) done < $( tcpdump -n -r "$pcap" ) Too few results on Google (doesn't understand what I want to find :( ). I'd like to keep it Bourne-compatible (/bin/sh), but it doesn't have to be.

Read the article

Sed substitution not doing what I want and think it should do

- by nategoose

I have am trying to use sed to get some info that is encoded within the path of a file which is passed as a parameter to my script (Bourne sh, if it matters). From this example path, I'd like the result to be 8 PATH=/foo/bar/baz/1-1.8/sing/song I first got the regex close by using sed as grep: echo $PATH | sed -n -e "/^.*\/1-1\.$[0-9][0-9]*$.*/p" This properly recognized the string, so I edited it to make a substitution out of it: echo $PATH | sed -n -e "s/^.*\/1-1\.$[0-9][0-9]*$.*/\1/" But this doesn't produce any output. I know I'm just not seeing something simple, but would really appreciate any ideas about what I'm doing wrong or about other ways to debug sed regular expressions.

Read the article

Warning flagged by the 'rkhunter'

- by gkt.pro

when I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning: Is there something that I have to worry about. [23:06:19] /usr/sbin/adduser [ Warning ] [23:06:19] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable [23:06:20] /usr/sbin/rsyslogd [ Warning ] [23:06:20] Warning: The file properties have changed: [23:06:22] /usr/bin/dpkg [ Warning ] [23:06:22] Warning: The file properties have changed: [23:06:22] /usr/bin/dpkg-query [ Warning ] [23:06:22] Warning: The file properties have changed: [23:06:24] /usr/bin/ldd [ Warning ] [23:06:24] Warning: The file properties have changed: [23:06:24] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable [23:06:24] /usr/bin/logger [ Warning ] [23:06:24] Warning: The file properties have changed: [23:06:25] /usr/bin/mail [ Warning ] [23:06:25] Warning: The file '/usr/bin/mail' exists on the system, but it is not present in the rkhunter.dat file. [23:06:27] /usr/bin/sudo [ Warning ] [23:06:27] Warning: The file properties have changed: [23:06:29] /usr/bin/whereis [ Warning ] [23:06:29] Warning: The file properties have changed: [23:06:29] /usr/bin/lwp-request [ Warning ] [23:06:29] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable [23:06:29] /usr/bin/bsd-mailx [ Warning ] [23:06:29] Warning: The file '/usr/bin/bsd-mailx' exists on the system, but it is not present in the rkhunter.dat file. [23:06:30] /sbin/fsck [ Warning ] [23:06:30] Warning: The file properties have changed: [23:06:30] /sbin/ifdown [ Warning ] [23:06:30] Warning: The file properties have changed: [23:06:31] /sbin/ifup [ Warning ] [23:06:31] Warning: The file properties have changed: [23:06:34] /bin/dmesg [ Warning ] [23:06:34] Warning: The file properties have changed: [23:06:35] /bin/more [ Warning ] [23:06:35] Warning: The file properties have changed: [23:06:36] /bin/mount [ Warning ] [23:06:36] Warning: The file properties have changed: [23:06:37] /bin/which [ Warning ] [23:06:37] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable [23:08:58] Checking /dev for suspicious file types [ Warning ] [23:08:58] Warning: Suspicious file types found in /dev: [23:08:58] Checking for hidden files and directories [ Warning ] [23:08:58] Warning: Hidden directory found: /etc/.java [23:08:58] Warning: Hidden directory found: /dev/.udev [23:08:58] Warning: Hidden directory found: /dev/.initramfs [23:09:01] Checking version of Exim MTA [ Warning ] [23:09:01] Warning: Application 'exim', version '4.71', is out of date, and possibly a security risk. [23:09:01] Checking version of GnuPG [ Warning ] [23:09:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk. [23:09:01] Checking version of OpenSSL [ Warning ] [23:09:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.

Read the article

Best Practical RT, sorting email into queues automatically using procmail

- by user52095

I'm trying to get incoming e-mail to automatically go directly into whichever queue/ticket they are related to or create a new one if none exist and the right queue e-mail setup in the web interface is used. I will have too many queues to have two line items within mailgate per queue. A similar issue was discussed here (http://serverfault.com/questions/104779/procmail-pipe-to-program-otherwise-return-error-to-sender), but I thought it best to open a new case instead of tagging on what appeared to be an answer to that person's query. I'm able to send and receive e-mail (via PostFix) to the default rt user and this user successfully accepts all e-mail for the relative domain. I have no idea where the e-mail goes - it's successfully delivered, but it does not update existing tickets (with a Subject line match) and it does not create any new. Here's and example of my ./procmail.log: procmail: [23048] Mon Aug 23 14:26:01 2010 procmail: Assigning "MAILDOMAIN=rt.mydomain.com " procmail: Assigning "RT_MAILGATE=/opt/rt3/bin/rt-mailgate " procmail: Assigning "RT_URL=http://rt.mydomain.com/ " procmail: Assigning "LOGABSTRACT=all " procmail: Skipped " " procmail: Skipped " " procmail: Assigning "LASTFOLDER={ " procmail: Opening "{ " procmail: Acquiring kernel-lock procmail: Notified comsat: "rt@18337:./{ " From [email protected] Mon Aug 23 14:26:01 2010 Subject: RE: [RT.mydomain.com #1] Test Ticket Folder: { 1616 Does the notified comsat portion mean that it notified RT? The contents of my ./procmailrc: #Preliminaries SHELL=/bin/sh #Use the Bourne shell (check your path!) #MAILDIR=${HOME} #First check what your mail directory is! MAILDIR="/var/mail/rt/" LOGFILE="home/rt//procmail.log" LOG="--- Logging ${LOGFILE} for ${LOGNAME}, " VERBOSE=yes MAILDOMAIN="rt.mydomain.com" RT_MAILGATE="/opt/rt3/bin/rt-mailgate" #RT_MAILGATE="/usr/local/bin/rt-mailgate" RT_URL="http://rt.mydomain.com/" LOGABSTRACT=all :0 { # the following line extracts the recipient from Received-headers. # Simply using the To: does not work, as tickets are often created # by sending a CC/BCC to RT TO=`formail -c -xReceived: |grep $MAILDOMAIN |sed -e 's/.*for *<*$.*$>* *;.*$/\1/'` QUEUE=`echo $TO| $HOME/get_queue.pl` ACTION=`echo $TO| $HOME/get_action.pl` :0 h b w |/usr/bin/perl $RT_MAILGATE --queue $QUEUE --action $ACTION --url $RT_URL } I know that my get_queue.pl and get_action.pl scripts work, as those have been previously tested. Any help and/or guidance you can give would be greatly appreciated. Nicôle

Read the article

News you can use, PeopleTools gems at OpenWorld 2012

- by PeopleTools Strategy

Here are some of the sessions which may not have caught your eyes during your scheduling of events you would like to attend at this year's Open World! CON9183 PeopleSoft Technology Roadmap Jeff Robbins Mon, Oct 1 4:45 PM Moscone West, Room 3002/4 Jeff's session is always very well attended. Come to hear, and see, what's going to be delivered in the new release and get some thoughts on where PeopleTools and the industry is heading. CON9186 Delivering a Ground-Breaking User Interface with PeopleTools Matt Haavisto Steve Elcock Wed, Oct 3 3:30 PM Moscone West, Room 3009 This session will be wonderfully engaging for participants. As part of our demonstration, audience members will be able to interact live and real-time with our demo using their smart phones and tablets as if you are users of the system. CON9188 A Great User Experience via PeopleSoft Applications Portal Matt Haavisto Jim Marion Pramod Agrawal Mon, Oct 1 12:15 PM Moscone West, Room 3009 This session covers not only the PeopleSoft Portal, but new features like Workcenters and Dashboards, and how they all work together to form the PeopleSoft ecosystem. CON9192 Implementing a PeopleSoft Maintenance Strategy with My Update Manager Mike Thompson Mike Krajicek Tue, Oct 2 1:15 PM Moscone West, Room 3009 The LCM development team will show Oracle's My Update Manager for PeopleSoft and how it drastically simplifies deciding what updates are required for your specific environment. CON9193 Understanding PeopleSoft Maintenance Tools & How They Fit Together Mike Krajicek Wed, Oct 3 10:15 AM Moscone West, Room 3002/4 Learn about the portfolio of maintenance tools including some of the latest enhancements such as Oracle's My Update Manager for PeopleSoft, Application Data Sets, and the PeopleSoft Test Framework, and see what they can do for you. CON9200 PeopleTools Product Team Panel Discussion Jeff Robbins Willie Suh Virad Gupta Ravi Shankar Mike Krajicek Wed, Oct 3 5:00 PM Moscone West, Room 3009 Attend this session to engage in an open discussion with key members of Oracle's PeopleTools senior management team. You will be able to ask questions, hear their thoughts, and gain their insight into the PeopleTools product direction. CON9205 Securing Your PeopleSoft Integration Infrastructure Greg Kelly Keith Collins Tue, Oct 2 10:15 AM Moscone West, Room 3011 This session, with the senior integration developer, will outline Oracle's best practices for securing your integration infrastructure so that you know your web services and REST services are as secure as the rest of your PeopleSoft environment. CON9210 Performance Tuning for the PeopleSoft Administrator Tim Bower David Kurtz Mon, Oct 1 10:45 AM Moscone West, Room 3009 Meet long time technical consultants with deep knowledge of system tuning, Tim Bower of the Center of Excellence and David Kurtz, author of "PeopleSoft for the Oracle DBA". System administrators new to tuning a PeopleSoft environment as well as seasoned experts will come away with new techniques that will help them improve the performance of their PeopleSoft system. CON9055 Advanced Management of Oracle PeopleSoft with Oracle Enterprise Manager Greg Kelly Milten Garia Greg Bouras Thurs Oct 4 12:45 PM Moscone West, Room 3009 This promises to be a really interesting session as Milten Garia from CSU discusses lessons learned during the implementation of Oracle's Enterprise Manager with the PeopleSoft plug-in across a multi campus environment. There are some surprising things about Solaris 10 and the Bourne shell. Some creative work by the Unix administrators so the well tried scripts and system replication processes were largely unaffected. CON8932 New Functional PeopleTools Capabilities for the Line of Business User Jeff Robbins Tues, Oct 2 5:00 PM Moscone West, Room 3007 Using PeopleTools 8.5x capabilities like: related content, embedded help, pivot grids, hover-over, and more, Jeff will discuss how these can deliver business value and innovation which will positively impact your business without the high costs associated with upgrading your PeopleSoft applications. Check out a more detailed list here. We look forward to meeting you all there!

Read the article

What is the worst programming language you ever worked with? [closed]

- by Ludwig Weinzierl

If you have an interesting story to share, please post an answer, but do not abuse this question for bashing a language. We are programmers, and our primary tool is the programming language we use. While there is a lot of discussion about the best one, I'd like to hear your stories about the worst programming languages you ever worked with and I'd like to know exactly what annoyed you. I'd like to collect this stories partly to avoid common pitfalls while designing a language (especially a DSL) and partly to avoid quirky languages in the future in general. This question is not subjective. If a language supports only single character identifiers (see my own answer) this is bad in a non-debatable way. EDIT Some people have raised concerns that this question attracts trolls. Wading through all your answers made one thing clear. The large majority of answers is appropriate, useful and well written. UPDATE 2009-07-01 19:15 GMT The language overview is now complete, covering 103 different languages from 102 answers. I decided to be lax about what counts as a programming language and included anything reasonable. Thank you David for your comments on this. Here are all programming languages covered so far (alphabetical order, linked with answer, new entries in bold): ABAP, all 20th century languages, all drag and drop languages, all proprietary languages, APF, APL (1), AS400, Authorware, Autohotkey, BancaStar, BASIC, Bourne Shell, Brainfuck, C++, Centura Team Developer, Cobol (1), Cold Fusion, Coldfusion, CRM114, Crystal Syntax, CSS, Dataflex 2.3, DB/c DX, dbase II, DCL, Delphi IDE, Doors DXL, DOS batch (1), Excel Macro language, FileMaker, FOCUS, Forth, FORTRAN, FORTRAN 77, HTML, Illustra web blade, Informix 4th Generation Language, Informix Universal Server web blade, INTERCAL, Java, JavaScript (1), JCL (1), karol, LabTalk, Labview, Lingo, LISP, Logo, LOLCODE, LotusScript, m4, Magic II, Makefiles, MapBasic, MaxScript, Meditech Magic, MEL, mIRC Script, MS Access, MUMPS, Oberon, object extensions to C, Objective-C, OPS5, Oz, Perl (1), PHP, PL/SQL, PowerDynamo, PROGRESS 4GL, prova, PS-FOCUS, Python, Regular Expressions, RPG, RPG II, Scheme, ScriptMaker, sendmail.conf, Smalltalk, Smalltalk , SNOBOL, SpeedScript, Sybase PowerBuilder, Symbian C++, System RPL, TCL, TECO, The Visual Software Environment, Tiny praat, TransCAD, troff, uBasic, VB6 (1), VBScript (1), VDF4, Vimscript, Visual Basic (1), Visual C++, Visual Foxpro, VSE, Webspeed, XSLT The answers covering 80386 assembler, VB6 and VBScript have been removed.

Read the article

Advice for Windows XP Scripting, WSH versus PowerShell

- by Greg Graham

After much experience scripting in the Unix/Linux open-source world, using languages such as Bourne Shell, Perl, Python, and Ruby, I now find myself needing to do some Windows XP admin scripting. It appears that the legacy environment is Windows Script Host (WSH), which can use various scripting languages, but the primary language is VBScript, and is based on COM objects. However, the future appears to be Windows PowerShell, which is based on .NET. I haven't done Basic since Applesoft in the 70s, so I'm not keen on learning VBScript, although I did learn enough to write a small script to mount network drives. If I'm going to spend time to really learn this, I'm leaning towards investing my time in the .NET PowerShell environment, if it truly is the future. I did some C# Windows Forms programming a couple of years ago, so I have some exposure to .NET, which also makes PowerShell attractive. Understanding that no one has a crystal ball to predict the future of Microsoft, I would like hear from anyone who is a PowerShell user and thinks it's worthwhile, or if there is anyone that knows of serious drawbacks to PowerShell, and recommends that I stay away from it. Update: I ended up using WSH/VBScript for a particular script that I am installing as a startup script on user's Windows XP workstations. All I have to do is copy it to their Startup folder, and I'm done. However, I only learned enough WSH to accomplish this one job. I am glad to see that PowerShell is the future, and when I have more complicated scripting tasks, I'll to turn PowerShell.

Read the article

Processing command-line arguments in prefix notation in Python

- by ejm

I'm trying to parse a command-line in Python which looks like the following: $ ./command -o option1 arg1 -o option2 arg2 arg3 In other words, the command takes an unlimited number of arguments, and each argument may optionally be preceded with an -o option, which relates specifically to that argument. I think this is called a "prefix notation". In the Bourne shell I would do something like the following: while test -n "$1" do if test "$1" = '-o' then option="$2" shift 2 fi # Work with $1 (the argument) and $option (the option) # ... shift done Looking around at the Bash tutorials, etc. this seems to be the accepted idiom, so I'm guessing Bash is optimized to work with command-line arguments this way. Trying to implement this pattern in Python, my first guess was to use pop(), as this is basically a stack operation. But I'm guessing this won't work as well on Python because the list of arguments in sys.argv is in the wrong order and would have to be processed like a queue (i.e. pop from the left). I've read that lists are not optimized for use as queues in Python. So, my ideas are: convert argv to a collections.deque and use popleft(), reverse argv using reverse() and use pop(), or maybe just work with the int list indices themselves. Does anyone know of a better way to do this, otherwise which of my ideas would be best-practise in Python?

Read the article

Open an Emacs buffer when a command tries to open an editor in shell-mode

- by Chris Conway

I like to use Emacs' shell mode, but it has a few deficiencies. One of those is that it's not smart enough to open a new buffer when a shell command tries to invoke an editor. For example with the environment variable VISUAL set to vim I get the following from svn propedit: $ svn propedit svn:externals . "svn-prop.tmp" 2L, 149C[1;1H ~ [4;1H~ [5;1H~ [6;1H~ [7;1H~ ... (It may be hard to tell from the representation, but it's a horrible, ugly mess.) With VISUAL set to "emacs -nw", I get $ svn propedit svn:externals . emacs: Terminal type "dumb" is not powerful enough to run Emacs. It lacks the ability to position the cursor. If that is not the actual type of terminal you have, use the Bourne shell command `TERM=... export TERM' (C-shell: `setenv TERM ...') to specify the correct type. It may be necessary to do `unset TERMINFO' (C-shell: `unsetenv TERMINFO') as well.svn: system('emacs -nw svn-prop.tmp') returned 256 (It works with VISUAL set to just emacs, but only from inside an Emacs X window, not inside a terminal session.) Is there a way to get shell mode to do the right thing here and open up a new buffer on behalf of the command line process?

Developer IT