I am trying to provide a consolidated method of retrieving the results of the last scan for each project in HP Fortify Security Center.
I have gone the route of querying the fortifySSC database and am falling a little short. Has anyone ever attempted to do this by way of a SQL query?
I would be happy to provide the query that I have thus far, if needed.
Or if anyone has an idea on how to accomplish this via the command line, I'd be in interested in that, too.
Thanks in advance for your help!
i´ve never done this in the CLI via SQL commands. But there is a utility called fortifyclient that is able to download the latest FPRs from a project. if you want to automate things, fortifyclient can handle token-based authentication. works for us perfectly in our CI environment.
I did get the query I needed via the SQL Profiler, so that's how I resolved this.
Related
I started to work with an old project which is on SQL Server, there is a problem every few days with too msny opened connections and the project on production crashes.
I am supposed to find a way how to help it super fast, before looking more into code. So I found option in SQL Server options:
Disconnect after the query executes
which looks perfect at first glance.
But does it make app on IIS working worse? Will it work if I'm using IQueryable objects? I couldn't find much info about it.
Thank you in advance.
I am completely baffled by SQL Server and OPENROWSET permissions.
Our team has an AD Group. This group is included in the DEV server's Windows Administrators local group. This same AD group has SysAdmin privilege on the local installation of SQL Server 2017.
Attempting to run the command:
SELECT *
FROM OPENROWSET('Microsoft.ACE.OLEDB.12.0','Excel 12.0;Database=C:\Work\test.xls;HDR=YES',['sheet1$'])
works for me, but for none of my teammates.
If there is a definitive document on the security requirements for using the OPENROWSET command - I have not found it (and please - don't refer me to learn.microsoft.com - that documentation is not written in any way that I understand).
There are other issues I have found including if I change the name of the sheet in the Excel workbook - the command fails (and yes - I closed the book after making the change).
Finally - some feedback on the use of OPENROWSET - is it generally a good idea? a bad idea? pretty much neutral but be prepared for these kinds of problems?
I hope this question is specific enough to be answered - I have probably spent 20+ hours trying to figure out how to understand how this works so I can make it work and use it consistently.
Thanks!
So honestly troubleshooting security/permissions and errors with SQL Server is probably the most frustrating aspects of my job.
First few questions and thoughts about your dilemma.
Do you really want to be granting your team connected to your db
sysadmin rights? I wouldn't do that period, full-stop.
Will the data be refreshed? If yes, I suggest you ingest this data
into a sql table with a process, perhaps python, ssis, dts package,
powershell, whatever you fancy.
If the data will always be static in that one excel file, I'd suggest perhaps making it act like a linked server for (hopefully) fewer permission issues? Also, it's easier to query that way, from my memory.
In any event, this article (non msdn link) may help? I've done it this way once before and had slightly less of a difficult time, but then again it involves adding a driver (usually) to the sql server. BUT, then I did not have to allow multiple users sysadmin - and I think ANYTHING is better than that.
https://www.sqlshack.com/query-excel-data-using-sql-server-linked-servers/
Sometimes the issue is not with the user running the query, but SQL Server using the account it runs as - to get permissions on the file. This article goes over that aspect as well. I'm not sure that is your issue as you say it works for me but not for thee, but maybe read that portion of the article at least?
I need to find all the issues discovered in a snapshot/scan in Sonarqube. I can't use the web API since the volume can be excessive for new projects on first scan. I have a query that can find the latest snapshot with the project information. I can query issues by project. I can't figure out how to relate issues to a snapshot. There has to be a way since Sonarqube does it - New issues on the Project page.
Has anyone done this or have enough experience with the crazy schema to be able to figure it out? Can't wait for the schema rationalization...
Sonarqube 5.6.3 on Windows 2012 R2 with SQL Server 2012.
There is currently no association between snapshot and issue. Nor has there ever been one. The closest you can come is to use date parameters to narrow the set of issues created right around the time of your analysis. Note that this could be difficult if you run analyses close together.
The "new issues" metrics shown on the project homepage are just that - metrics. However, if you click through on one, you'll find yourself in a date-based Issues search.
You can do the same sort of thing using the web service, again, via date-based criteria. Or you could use the sinceLeakPeriod parameter.
I am trying to find a way to goto a database located on the web perform 1 query and close the connection. I have not had any luck with finding an answer, and I really don't know how to solve this.
Internet connection is not an issue, nor is any security issues. Also this cannot be solved with an internal database and this must go across the web.
If you have any hints or ideas please let me know!
Thanks
You'll need to use some kind of service to access the database. For example you can write something very basic in php and use HTTPClient from Android to interact with it.
Here's a brief example on how to accomplish this.
I've been looking all over the web for a ColdFusion-based SQL administration tool for Microsoft Access and I can't find one that's simple, free and allows running SQL statements. Any suggestions?
Thanks for the recommends, guys, I'll try SQLSurfer. (MSSSME won't work for me.)
"DISCLAIMER: Using MS Access in a (web based) production environment is not recommended."
I understand that, and part of my timeline for this website is to migrate the database to MySQL on our server.
My primary interest in this is to be able to fool around with SQL commands LOCALLY so I can modify some tables. I wouldn't use this in a production environment anyway, especially not one that already has MySQL admin (Don't worry, I have plenty of backups in case I screw something up).
DISCLAIMER: Using MS Access in a (web based) production environment is not recommended.
That said, I have to admit that there are projects, customers, etc. where you can't get around having to deal with MS Access Databases the one or other way.
There is an Open Source project on RIAForge, called SQLSurfer which is a web-based ad-hoc query tool powered by ColdFusion. It is a simple way to execute SQL statements on your database (not restricted to MS Access). http://sqlsurfer.riaforge.org/ Actually there is no download link, but you can still get the code from SVN repo. http://svn.riaforge.org/sqlsurfer/
I have been working with an earlier version for a long time and I find it useful for executing prepared SQL statements. It is a very dangerous tool, especially in production, so I'd strictly recommend to include it in a password protected administration environment and deny public access.
Can RDS satisfy your needs? works with CFEclipse / CFBuilder.
Take a look at SQL Server Management Studio Express - though I've not used it with MS Access, so can't guarantee it'll work.
Hopefully someone more experienced with the two can come along and give more details.
You can easily make one your self.
On Adobe's website you can find at least 5 of those tutorials Here's one http://www.adobe.com/devnet/flex/articles/f4cf_firstapp_part1.html which uses Apache Derby, similar to MS Access.
Of course you need to think some things through, like authentication, making some field for writting SQL statement which is going to be sent as cfquery, but it should be a nice experience to make you'r own "phpMyAdmin" ;)
For MySQL there is CFMyAdmin.com. It might connect or could be adapted to tonnect to MS Access as well. I agree with Henry though, I'd set up the DSN for your access database, the RDS conection in CFBuilder and then use the query tool.
Other alternatives might be Lita (Mac based), or a FireFox add on like Sqlite Manager. They may surprise you as to what they can open.
Also, Charlie Arehart has a long list of CF based SQL Query tools. Maybe one of them could help: http://www.carehart.org/cf411/#query
Good luck