1/06/2012
SQL injection attacks
As our company really always stress about security of our client data (and that is good), again by reading some random Oracle news I came across this short video (commercial for their product).
http://www.youtube.com/watch?v=Zk3_Vc0tA-Y
To cut long story short:
A job seeker thinks he wins the job lottery, but falls into a money-laundering scam by becoming a "money mule." Over 70% of organizations say their applications may be subject to SQL injection attacks.
So what you think about that, and how your project try's to secure client data!?
Nils out.
12/09/2011
Stress Test
Yesterday while reading various Oracle news, I stumbled upon a very
interesting video on Youtube by Oracle:
A final test of an email alert system using production data at a medical insurance company goes awry; thousands of customer names and medical procedures are exposed. Almost 50% of companies use production data for development and testing.
This video caught my attention for two reasons:
1) We in our project too use production data in test environments and sometimes after refersh of test environment all integration things links to production not test servers;
2) We had a similar issue only with SMS not e-mail, but happily for us it wasn't so big as customers got SMS that they usually get, only from test environment;
So what do you think about this, what data do you use in your projects, and does it is good or bad idea, as Oracle still says that almost 50% of companies use production data for development and testing.
Nils out.
A final test of an email alert system using production data at a medical insurance company goes awry; thousands of customer names and medical procedures are exposed. Almost 50% of companies use production data for development and testing.
1) We in our project too use production data in test environments and sometimes after refersh of test environment all integration things links to production not test servers;
2) We had a similar issue only with SMS not e-mail, but happily for us it wasn't so big as customers got SMS that they usually get, only from test environment;
So what do you think about this, what data do you use in your projects, and does it is good or bad idea, as Oracle still says that almost 50% of companies use production data for development and testing.
Nils out.
1/22/2011
Binocular Search
Long time no posts, but well now I am back. Had a lot of work past half year. So this time I will talk about binocular search. I stud upon this after my project decided to upgrade Siebel from 7.8 to 8.1.
As you my know or not know, binocular search is option to search entity based on various fields.
As you start application in Home screen (and any other screen) in top besides "Site Map" button you will see button with binocular. Clicking this button will open side screen with some options. You can select entity, enter values in fields and click "Go" and then in middle of screen you will see your search results. So how we can configure this search object?
If you want to hear really my opinion on this tool, then I don't have one. I only stud upon on this when upgrading Siebel 7.8 to 8.1. Problem was that my college was going in guerrilla testing (just taping and clicking where ever possible), then he stud upon that in binocular search we have all in duplicates, like two account find objects, two contact find objects, two asset etc. We didn't actually know if users are using this functionality, but as good developer we wanted to fix this. So I started to learn about this search option.
What was my solution, I will tell another time, because that is one whole story.
Best regards,
Zh
As you my know or not know, binocular search is option to search entity based on various fields.
As you start application in Home screen (and any other screen) in top besides "Site Map" button you will see button with binocular. Clicking this button will open side screen with some options. You can select entity, enter values in fields and click "Go" and then in middle of screen you will see your search results. So how we can configure this search object?
- In Siebel Tools click "Find" object. There you can create new find object. For new object you need to define following properties:
- Name;
- Project;
- Applet - on which search will be based;
- Display Name - as user can read it in pick list after clicking binocular button;
- Drilldown View - view to drilldown after search is done and user click one of results;
- After that go to newly created "Find" object "Find Fields". There you can define on which fields you want to base your search, like account or contact name, or phone number or address;
- Then specify "Find Views". Those are views on which are applet that you defined in parent "Find" object. For example if you want to search accounts you can consider to search it only in "my account" or "all account" views or on both. Also add them a sequence;
- When everything is OK go to "Application" object and choose application you use. For chosen application go to "Application Find" and add your newly created "Find" object;
- Of course compile newly created "Find" object and modified "Application" object.
If you want to hear really my opinion on this tool, then I don't have one. I only stud upon on this when upgrading Siebel 7.8 to 8.1. Problem was that my college was going in guerrilla testing (just taping and clicking where ever possible), then he stud upon that in binocular search we have all in duplicates, like two account find objects, two contact find objects, two asset etc. We didn't actually know if users are using this functionality, but as good developer we wanted to fix this. So I started to learn about this search option.
What was my solution, I will tell another time, because that is one whole story.
Best regards,
Zh
9/25/2010
EIM and ADM
HI.
Every one who ever worked with Siebel knows what EIM is.
EIM is Enterprise Integration Managers.
It is needed to insert, delete, update data in Siebel database. The main purpose why we use EIM is that it's not recommended to use straight SQL statements to update database (this is another story, because there is people, that thinks it is nothing special, others say that it will broke the Siebel database architecture, to what believe is up to you, I for now believe that it is not recommended, but I have it used (sql) and nothing had happened).
So how we use EIM? Simple we upload data to EIM table (this time with sql by using some data spreadsheet, like Excel if you use Microsoft SLQ Management Studio or just .txt file if you use other data base management program, or just by sql). Then by using the jobs in Siebel we update data in base table with data from EIM table. Siebel do this by him self and manages all the thing that can go wrong by using simple sql. As I already said, there is lot of info about that so there is link to ITToolbox about EIM - http://it.toolbox.com/wiki/index.php/Siebel_EIM
EIM is pretty simple when you understand the mappings and .ifb file structure. Mappings means that there must be one column in base table mapped to one column in EIM table. There already in vanilla is many mappings for vanilla tables like S_CONTACTS and EIM_CONTACTS or EIM_ACCOUNTS and S_ORG_EXT. But some times you have to create your own mappings.
The .ifb file is used by the EIM job as parameter. This file contains the information about what table we need to update, does we need to delete, update or insert data. In one .ifb file you can store many EIM operation and when you need to use some one you just comment or uncomment the section, or use them all together by one job - EIM will do section by section if you have lots of data and tables to update.
As every job in Siebel EIM job can be set to repeat status, so it will run scheduled on time for example once a week. But for that always needs to be sure that data in EIM table is up to date.
Just to know EIM is used for user data (client information), for Siebel data, like active views, LOV's, responsibility or other, import, export we use ADM.
ADM - Application Deployment Manager. It is used to move Siebel entities between the environments. Link - http://siebelunleashed.com/application-deployment-manager-adm-introduction/
Best example is LOV's Views and Responsibilities. As you develop or configure Siebel application in DEV environment and create for your requirement new LOV's or Responsibilities they will not be available in TEST or PRODUCTION environment after you migrate. Because of this there is ADM. In TEST environment we export LOV's in .xml file, and then use it in PRODUCTION environment for import.
The main reason is that the LOV's aren't created in Siebel Tools (again question to argue), but straight in application in Administration - Data. And they are not migrating with .srf file.
There are only few vanilla made projects for ADM, so if you want to migrate something your made, you need to create your own project. For example you want to export Product Catalog with all of it's structure. You can do this with EIM, because for structure there isn't only one table but many. So you create your own ADM project for things like this. But this is very complicated thing so may be some other time.
Every one who ever worked with Siebel knows what EIM is.
EIM is Enterprise Integration Managers.
It is needed to insert, delete, update data in Siebel database. The main purpose why we use EIM is that it's not recommended to use straight SQL statements to update database (this is another story, because there is people, that thinks it is nothing special, others say that it will broke the Siebel database architecture, to what believe is up to you, I for now believe that it is not recommended, but I have it used (sql) and nothing had happened).
So how we use EIM? Simple we upload data to EIM table (this time with sql by using some data spreadsheet, like Excel if you use Microsoft SLQ Management Studio or just .txt file if you use other data base management program, or just by sql). Then by using the jobs in Siebel we update data in base table with data from EIM table. Siebel do this by him self and manages all the thing that can go wrong by using simple sql. As I already said, there is lot of info about that so there is link to ITToolbox about EIM - http://it.toolbox.com/wiki/index.php/Siebel_EIM
EIM is pretty simple when you understand the mappings and .ifb file structure. Mappings means that there must be one column in base table mapped to one column in EIM table. There already in vanilla is many mappings for vanilla tables like S_CONTACTS and EIM_CONTACTS or EIM_ACCOUNTS and S_ORG_EXT. But some times you have to create your own mappings.
The .ifb file is used by the EIM job as parameter. This file contains the information about what table we need to update, does we need to delete, update or insert data. In one .ifb file you can store many EIM operation and when you need to use some one you just comment or uncomment the section, or use them all together by one job - EIM will do section by section if you have lots of data and tables to update.
As every job in Siebel EIM job can be set to repeat status, so it will run scheduled on time for example once a week. But for that always needs to be sure that data in EIM table is up to date.
Just to know EIM is used for user data (client information), for Siebel data, like active views, LOV's, responsibility or other, import, export we use ADM.
ADM - Application Deployment Manager. It is used to move Siebel entities between the environments. Link - http://siebelunleashed.com/application-deployment-manager-adm-introduction/
Best example is LOV's Views and Responsibilities. As you develop or configure Siebel application in DEV environment and create for your requirement new LOV's or Responsibilities they will not be available in TEST or PRODUCTION environment after you migrate. Because of this there is ADM. In TEST environment we export LOV's in .xml file, and then use it in PRODUCTION environment for import.
The main reason is that the LOV's aren't created in Siebel Tools (again question to argue), but straight in application in Administration - Data. And they are not migrating with .srf file.
There are only few vanilla made projects for ADM, so if you want to migrate something your made, you need to create your own project. For example you want to export Product Catalog with all of it's structure. You can do this with EIM, because for structure there isn't only one table but many. So you create your own ADM project for things like this. But this is very complicated thing so may be some other time.
8/27/2010
Creating External Business Components or EBC in Siebel
Hello!
Toady lets talk about External Tables and Business Components. They are used to get data from external database (some other application non-Siebel). So let’s say you have to get data from three different tables in this external database, so then you use External Tables and Business Components. In first it’s seems like a complicated thing, but after all it is a very easy. And it can be done by using Siebel Wizard. So I’m not gone to invent bicycle because there already is full internet with help how to do this. So I take example from “Toolbox for IT” “Let's Talk Siebel” blog written by Sharfi. So here it is.
Creating External Business Components or EBC in Siebel
What is EBC?
So lets say you have some data in an external database which you want to show in Siebel. this data could reside in a table or may be in multiple tables and you have a view that queries these various tables to show u the data you want.
Siebel v7.7 and higher provides you an extremely easy way to get this data into siebel by means of what is known as "External Business Component", or EBC in short.
Configuration Steps
Here are the steps to configure your EBC.
** I am using the Oracle DB example. You could connect to any database thru EBC - DB2, SQL Server,
A. The very first thing you will do is create an External table.
1. get the DDL file for your external table.
here is how a sample ddl file will look like:
CREATE TABLE C00591.EBC_TEST
(
test1 VARCHAR2(20),
test2 VARCHAR2(20),
test3 NUMBER(10,3)
)
Save this file in your local machine.
2. Use siebel object creation wizard to create this table.
Go to siebel tools --> click on File --> New Object --> External Table Schema Import
3. The wizard will ask for following inputs:
i. Select Project this table will be part of from the list -
ii. Select the database where external table resides - Enter the database, for this example it is Oracle Server Enterprise Edition
iii. Specify full path of the file where table definition resides -
iv. Specify a 3 digit batch code for this import -
v. Click on Next and then click on Finish
Note: In order to import a view you still have to cheat siebel. Basically you will create a dummy DDL file to mimic the exact columns and datatypes that your view has and then import this table definition. Change the Type to External View.
4. This will create your External table. with a name like EX_001_0000001. The names of External tables begin with "EX_" the next 3 characters are batch codes and the rest is just a serial number.
* The Type field will be "External" for this table.
* You will also have to map one of the table columns to the Siebel's Id field. to do this: go to the desired table column and in the "System Field Mapping" column select "Id"
5. But hold on, you are not done yet. We still have to specify the data source name, in order to tell siebel where to look for your external table or view. Her'es how its done to enable your local client for accessing EBC.
6. Do the foll in your local cfg file
6.a. create an entry for a new datasource under [DataSources] section
c00591 = c00591
6.b. add a new section [c00591] to describe the datasource params:
[c00591]
Docked = TRUE
ConnectString = KCR2D
TableOwner = C00591
DLL = sscdo90.dll
SqlStyle = OracleCBO
DSUserName = C00591
DSPassword = C00591
Explanation of params:
Docked -
ConnectString - this is the entry for the DB in your tnsnames file
Tableowner - name of schema where your table/view resides
DLL - for oracle its sscdo90.dll
SqlStyle - OracleCBO
DSUserName - username to access the DB table
DSPassword - password to access the DB table
6.c. Now that you have defined the Datasource in cfg file, go back to siebel tools and add the datasource to your external table. Go to your external table, and go to the Data Source and add a new record:
Name = c00591
6.d. your External table is now ready for use in a EBC.
6.e. Use siebel object wizard to create a BC based on this table.
6.f. once the BC is created, change the Data Source property of the BC to "c00591"
You are now ready to use this BC in a applet/view/ 1:M links !!
________
7.Heres how to enable your thin/web client for accessing EBC. this is slightly different than the thin client configuration.
7.a. Create a new named subsystem of type "InfraDatasources"
7.b. Go to Administration - Server Configuration --> Enterprises --> Profile Configuration
7.c. create a new record with foll details:
Name = SharfiTest
Alias = SharfiTest
Subsystem type = InfraDatasources
Modify the following profile parmeters:
DSConnectString = KCR2D
DSPassword = C00591
DSTableOwner = C00591
DSUsername = C00591
DSDLLName = sscdo90.dll
You will also have to change the value of a hidden parameter "DSSQLStyle" thru server manager command line. Run the foll command to do this:
Change parameter DSSQLStyle="OracleCBO" for named subsystem SharfiTest
7.d. Add the new Datasource to your OM parameter, "OM - Named Data Source":
7.e. Go to Administration - Server Configuration --> Servers --> Components
7.f. Query for your application object Manager
7.g. Query for parameter = "OM - Data Source"
7.h. In the Value on Restart field you will see - ServerDataSrc,GatewayDataSrc
7.i. Change this to following:
ServerDataSrc,GatewayDataSrc,SharfiTest
7.j. Restart Siebel Server services.
7.k. Now that you have defined the Datasource in your Application Object Manager and restarted the services, go back to siebel tools and change the datasource on your external table. Go to your external table, and go to the Data Source and modify the Name field to:
Name = SharfiTest
7.l. Also modify the Data Source attribute of your BC to "SharfiTest"
7.m. compile, and replace the server srf to reflect this change and enable your EBC to work on thin/web client.
8/26/2010
Enable custom button on Applet
Hello!
Before I was gone to vacation, I had a requirement for which I needed to enable custom button on Applet with out using a script. As you may or my not know usual way to enable button on Applet is by using Applets Server Script like this (before scripting we create mini button Control with property “Method Invoked” set to name of you custom method in script, the we put this Control on Applet using “Edit Web Layout” option):
function WebApplet_PreCanInvokeMethod (MethodName, &CanInvoke)
{
try
{
var iReturn = ContinueOperation;
if (MethodName == "SomeMethodBehindButton")
{
CanInvoke = "TRUE";
iReturn=CancelOperation;
}
}
catch (e)
{
iReturn=CancelOperation;
TheApplication().RaiseErrorText(e.errText);
}
return (iReturn);
}
And:
function WebApplet_PreInvokeMethod (MethodName)
{
try
{
var iReturn = ContinueOperation;
if (MethodName == "SomeMethodBehindButton")
{
iReturn = RulesExplode();
}
}
catch (e)
{
iReturn=CancelOperation;
TheApplication().RaiseErrorText(e.errText);
}
return (iReturn);
}
And:
function SomeMethodBehindButton()
{
try
{
var iRet = CancelOperation;
//your cutom script
}
catch (e)
{
iRet = CancelOperation;
TheApplication().RaiseErrorText(e.errText);
}
finally
{
//your custom finalization
}
return (iRet);
}
So, why did I have this problem? Easy, by clicking this custom button I had to run Browser Script, but as you my know or not know (I will tell this some other time) the flow for running scripts is like this: Applets Browser Script – Applets Server Script – Business Components Browser Script – Business Components Server Script. This means that I can’t run Applets Server Script before Applets Browser Script and that I can’t enable button by using Applets Server Script if I want to use Applets Browser Script. So I searched the World Wide Web and in Siebel Unleashed blog found a way to do this.
It is pretty simple – all that need to be done is just add two words in Controls “Method Invoke” property before your custom method name like this – “EventMethodSomeMethodBehindButton”. That’s all. Now we can use it like normal method using just “function WebApplet_PreInvokeMethod (MethodName)” and “function SomeMethodBehindButton()” or as in my case I use it in Browser Script.
There is another way by using user properties, but I never used yet so need to check it before I can tell you more.
8/25/2010
Siebel Wizard
Hello!
Today I will talk about Siebel wizard.
So, wizard is a way how developer can easily create objects in Siebel Tools. But as always, wizard is really easy to use tool it has some disadvantages. First of all is that using it you don’t learn how objects are related to each other. So before starting using wizard you should learn how to create objects in normal way (by creating them with “New Record”).
So to use wizard first of all you need to lock at least one project, then you go to File – New Object and choose witch object did you want to create. There are list of possible objects:
1) General:
a) Applet Method Menu – Defines the applet-specific menu that is available when the applet is activated;
b) BusComp – Business Component;
c) Command – Selects witch command will be activated when user click specific applet object;
d) External Table Schema Import – Creates import for external table. Table that will use data from external system;
e) MVG – Multi Value Group;
f) Pick List;
g) Report;
h) Table;
i) View.
2) Applets:
a) Chart Applet;
b) Form Applet;
c) List Applet;
d) MVG Applet – Multi Value Group Applet;
e) Pick Applet;
f) Tree Applet.
3) EAI – Used for Siebel integration with external systems:
a) Integration Object;
b) OLEDB Rowset;
c) Web Service;
d) Data Access Service.
Those are the objects in Siebel 7.8 wizard so it my change if your version of Siebel is different.
So after creating object with wizard you just need to compile the locked project and your changes should be in system. But always remember witch objects you create and witch you change, because wizard will create more than just one new object and it will also change some existing for your new change. For example Pick Applet – for it you need to create Pick List, Data Maps and so on also. Remember if the new object will need to change an existing object, you should Check out the existing object. If you will not do so you will not be able to Check In the changed object and then if you Check It out you will overwrite changes made by wizard.
Subscribe to:
Posts (Atom)