jump to navigation

Personalizing ls on debian January 28, 2007

Posted by maxmil in : Debian , add a comment

I’ve found it very useful to uncomment the line alias ll='ls -l' in my .bashrc. This alias saves me from typing ls -l which is nearly always what i’m interested in when issuing an ls command

Managing init.d scripts

Posted by maxmil in : Debian , add a comment

As a reminder to myself.

- To add a script in /etc/init.d to a run level so that it starts when the machine boots up use update-rc.d scriptname defaultsThis adds the script to run levels 2,3,4 and 5 (ie all run levels other than halt and reboot.

- To remove a script from all run levels use update-rc.d -f scriptname removeThe -f is important because without it update-rc.d deletes the script in init.d aswell (this is normally used by package managers when you uninstall stuff)

A really good introduction to run levels can be found here

Using samba client

Posted by maxmil in : Debian , add a comment

To connect with smbclientsmbclient "\\\\machine name\\share name" -U myusername
To mount a samba share mount -t smbfs -o username=myusername "//machine name/share name" /mnt/previously-created-mount-folder/Note that you need to have previously installed the smbfs package for this to work, otherwise you’ll get a “wrong fs type” error

Automatically update timestamps on Oracle January 26, 2007

Posted by maxmil in : Oracle , add a comment

I often use the Mysql feature that automátically updates a timestamp column every time that the row is modified or inserted. This is very useful for keeping track of the last edit of an object. In Mysql i use this syntax when defining a column:
`fieldName` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP
I have been looking for something similar on Oracle 9i. I’ve found that the triggers that Oracle offers are very potent and can easily achieve this. Heres how you do it.

CREATE OR REPLACE TRIGGER <SCHEMA>.<TRIGGERNAME>
BEFORE INSERT OR UPDATE
ON <SCHEMA>.<TABLENAME>
REFERENCING NEW AS New OLD AS Old
FOR EACH ROW
DECLARE
BEGIN
:NEW.<DATE FIELD> := SYSDATE;
EXCEPTION
WHEN OTHERS THEN
RAISE;
END ;
/

Exception handling explained

Posted by maxmil in : Java , add a comment

I’ve finally got a clear view of how to work with exceptions thanks to this article:

http://dev2dev.bea.com/pub/a/2006/11/effective-exceptions.html

In resumen these are the main points:

Definitions:
1) Fault: Unrecoverable exception, like database faliure or most io exceptions.
2) Contingency: Recoverable aplication exception, like a validation of data error.
3) Unchecked Exception: Extends java.lang.RuntimeException
4) Checked Exception: Extends java.lang.Exception

Concepts:
1) Faults should throw unchecked exceptions
2) Contingencies should throw checked exceptions
3) For Faults you should implement a fault barrier somewhere up the top of the call stack where all faults will be caught. (In struts an example would be a global error handler)
4) For Faults you should use exception chaining so as not to lose information about the initial error.

View open cursors in Java January 23, 2007

Posted by maxmil in : Java, Oracle , add a comment

Been having problems with an application that doesn’t close its ResultSets and Statements, the infamous ORA-01000: maximum open cursors exceeded. Searching for the code responsable would have been a long tedious process. The code that i was interested in was contained in a big for loop.

Luckily i found that oracle (version 9i) as a view in the sys schema called v$open_cursor that contains information about the open cursors at any given moment.

Putting a query at the end of each iteration of my for loop i was able to quickly find the culprit.

The necessary query was: select sql_text from v$open_cursor where user_name = 'SOPORTETECNICO'where SOPORTETECNICO is the user that my application uses to connect to the database.

The code snippet that i used was:ResultSet rsoc = dblink.query("select sql_text from v$open_cursor where user_name = 'SOPORTETECNICO'");
while (rsoc.next()){
System.out.println(rsoc.getString("sql_text"));
}
rsoc.getStatement().close();

Setting up a samba share without authentication January 13, 2007

Posted by maxmil in : Debian , add a comment

I wanted to have a share on my box that anyone in the local network can read, similar to Windows “Shared Documents” folder. At first the only way that i found to do this was by setting the samba global parameter security = share which is strongly discouraged by the samba developers.

I have now found a better solution that allows me to leave the recommended configuration security = user

First in the global parameters we activate the guest account. guest account = nobody Then we use the following command to map all unauthorized users to the guest account map to guest = Bad UserFinally in the share we force all users connect as guest guest ok = yes
guest only = yes

And that should do it!

Subverting Ajax

Posted by maxmil in : Ajax, Security, javascript , add a comment

Security risks related to Ajax and ways to execute javascript using XSS.

http://www.wisec.it/vulns.php?page=9

http://www.wisec.it/rdr.php?fn=Projects/1158-Subverting_Ajax.pdf