Re: RKM 7.5 Installation

[ARSmarts Support]

Hello,

I succeed in installing RKM with tomcat 6. There was a trick: you had to copy 
the file \lib\catalina.jar found in tomcat installation path into 
\server\lib\catalina.jar (I had to create the folders), this to make sure that 
the mid-tier installation program can validate the tomcat installation.

Best regards,
ARmarts Support


ARSmarts, your most useful AR System companion.
www.ARSmarts.com


On 28 Sep 2010, at 00:23, strauss wrote:

> I don't think so; the last two times I built RKM 7.5 test servers one used 
> the built-in tomcat 5.5.20, and the other successfully used the tomcat 5.5.28 
> installed with a 7.5.00.004 mid-tier.  I never had much luck getting either 
> mid-tier or RKM to work with a pre-installed tomcat 6.x.  Both of those 
> systems are now 7.6.03 so it becomes a moot point since RKM no longer uses 
> tomcat, except as a component of the mid-tier, which now installs a bundled 
> tomcat 6.0.18.
> 
> Christopher Strauss, Ph.D.
> Call Tracking Administration Manager
> University of North Texas Computing & IT Center
> http://itsm.unt.edu/
> 
> -Original Message-
> From: Action Request System discussion list(ARSList) 
> [mailto:arsl...@arslist.org] On Behalf Of Moe Abdelaziz
> Sent: Monday, September 27, 2010 8:08 PM
> To: arslist@ARSLIST.ORG
> Subject: RKM 7.5 Installation
> 
> Is RKM 7.5 compatible with tomocat 6.x or 7.x? I have been trying to 
> install RKM 7.5 on tomocat 6 or 7 and so far no luck.
> 
> Current environment:
> - Appserver Win 2003, Hammingbird with SearchServer 6.1 with embedded 
> tomocat 5.5, AR 7.5.006 and ITSM 7.6.001
> - DBserver SQL 2005
> - Webserver Win 2003 hosting the mid-tier running one instance of tomcat 
> 6.x for the mid-tier on port 8080 and another instance of tomcat 7.x for 
> SLM collection  points on port 7089.
> 
> I am trying to find the most efficient type of installation for my 
> environemnt. The RKM Installation Guide says that I can install RKM web 
> app on the mid tier, searchserver on a remote location and AR Integrations 
> for RKM on a nother remote location. I attempted to do that, but RKM 
> doesn't recognize either tomcat 6 or 7.
> 
> Any thoughts?
> 
> Thanks,
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"







___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: RKM 7.5 Installation

[strauss]

I don't think so; the last two times I built RKM 7.5 test servers one used the 
built-in tomcat 5.5.20, and the other successfully used the tomcat 5.5.28 
installed with a 7.5.00.004 mid-tier.  I never had much luck getting either 
mid-tier or RKM to work with a pre-installed tomcat 6.x.  Both of those systems 
are now 7.6.03 so it becomes a moot point since RKM no longer uses tomcat, 
except as a component of the mid-tier, which now installs a bundled tomcat 
6.0.18.

Christopher Strauss, Ph.D.
Call Tracking Administration Manager
University of North Texas Computing & IT Center
http://itsm.unt.edu/

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Moe Abdelaziz
Sent: Monday, September 27, 2010 8:08 PM
To: arslist@ARSLIST.ORG
Subject: RKM 7.5 Installation

Is RKM 7.5 compatible with tomocat 6.x or 7.x? I have been trying to 
install RKM 7.5 on tomocat 6 or 7 and so far no luck.

Current environment:
- Appserver Win 2003, Hammingbird with SearchServer 6.1 with embedded 
tomocat 5.5, AR 7.5.006 and ITSM 7.6.001
- DBserver SQL 2005
- Webserver Win 2003 hosting the mid-tier running one instance of tomcat 
6.x for the mid-tier on port 8080 and another instance of tomcat 7.x for 
SLM collection  points on port 7089.

I am trying to find the most efficient type of installation for my 
environemnt. The RKM Installation Guide says that I can install RKM web 
app on the mid tier, searchserver on a remote location and AR Integrations 
for RKM on a nother remote location. I attempted to do that, but RKM 
doesn't recognize either tomcat 6 or 7.

Any thoughts?

Thanks,

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: RKM 7.5 Installation

[Joe D'Souza]

Never tried with either of those versions but it definitely does work with
Tomcat 5.5.25..

With that being said, you haven't stated what other applications that are
ARS based are using Tomcat. If you have apps like SLM, SRM etc installed
that are using the same Tomcat server, there are libraries across these that
RKM shares and if these libraries are not moved to an appropriate shared
location for Tomcat, Tomcat tries to reload these libraries twice and fails.
You do have a mention of SLM and I'm guessing that is your problem..

We will need to know what other applications that are Remedy applications
that use the Tomcat server..

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org]on Behalf Of Moe Abdelaziz
Sent: Monday, September 27, 2010 9:08 PM
To: arslist@ARSLIST.ORG
Subject: RKM 7.5 Installation


Is RKM 7.5 compatible with tomocat 6.x or 7.x? I have been trying to install
RKM 7.5 on tomocat 6 or 7 and so far no luck.

Current environment:
- Appserver Win 2003, Hammingbird with SearchServer 6.1 with embedded
tomocat 5.5, AR 7.5.006 and ITSM 7.6.001
- DBserver SQL 2005
- Webserver Win 2003 hosting the mid-tier running one instance of tomcat 6.x
for the mid-tier on port 8080 and another instance of tomcat 7.x for SLM
collection  points on port 7089.

I am trying to find the most efficient type of installation for my
environemnt. The RKM Installation Guide says that I can install RKM web app
on the mid tier, searchserver on a remote location and AR Integrations for
RKM on a nother remote location. I attempted to do that, but RKM doesn't
recognize either tomcat 6 or 7.

Any thoughts?

Thanks,

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

RKM 7.5 Installation

[Moe Abdelaziz]

Is RKM 7.5 compatible with tomocat 6.x or 7.x? I have been trying to 
install RKM 7.5 on tomocat 6 or 7 and so far no luck.

Current environment:
- Appserver Win 2003, Hammingbird with SearchServer 6.1 with embedded 
tomocat 5.5, AR 7.5.006 and ITSM 7.6.001
- DBserver SQL 2005
- Webserver Win 2003 hosting the mid-tier running one instance of tomcat 
6.x for the mid-tier on port 8080 and another instance of tomcat 7.x for 
SLM collection  points on port 7089.

I am trying to find the most efficient type of installation for my 
environemnt. The RKM Installation Guide says that I can install RKM web 
app on the mid tier, searchserver on a remote location and AR Integrations 
for RKM on a nother remote location. I attempted to do that, but RKM 
doesn't recognize either tomcat 6 or 7.

Any thoughts?

Thanks,

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow

[Easter, David]

Can't comment too much  on this but yes, this and other related (and broader) 
ideas are under consideration now that the OnDemand service offering has spun 
up.

-David J. Easter
Sr. Product Manager, Enterprise Service Management
BMC Software, Inc.

The opinions, statements, and/or suggested courses of action expressed in this 
E-mail do not necessarily reflect those of BMC Software, Inc.  My voluntary 
participation in this forum is not intended to convey a role as a spokesperson, 
liaison or public relations representative for BMC Software, Inc.

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Sanford, Claire
Sent: Monday, September 27, 2010 11:12 AM
To: arslist@ARSLIST.ORG
Subject: Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow

**
I think this is an awesome Idea!  I would love to have an OOTB instance of 
7.6.x to just look at to compare to my 6.0 just to see what the upgrade will 
entail in terms of customizations.   Heck the competition does this and you 
don't even have to be a customer.



Claire Sanford
Information Systems Division
Memorial Hermann Healthcare System
Phone: 713 448 6035
claire.sanf...@memorialhermann.org


From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of patrick zandi
Sent: Monday, September 27, 2010 12:22 PM
To: arslist@ARSLIST.ORG
Subject: Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow
** Ya know, this brings up a thought... Dave?  do you think it is feasible to 
have a couple of servers with 2 or 3 instances of the latest version for people 
to Demo over the web. Seems to be this is a Sales promotion.. Demo Lab Free for 
a day, then it is wiped .. After all with the BMC Bladelogic, you should be 
able to schedule a provisioned install on a small ESX server no problem, (every 
3 days or something) and customers who have access to the WEB Support can login 
and check it out, play, and pook around.
On Mon, Sep 27, 2010 at 1:07 PM, Rabi Tripathi 
mailto:ars_l...@yahoo.com>> wrote:
--- On
Thanks a lot! It came handy...to supplement my talking points.

--- On Thu, 9/23/10, strauss mailto:stra...@unt.edu>> wrote:

> From: strauss mailto:stra...@unt.edu>>
> Subject: Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow
> To: arslist@ARSLIST.ORG
> Date: Thursday, September 23, 2010, 5:56 PM
> I do have a sample data 7.6.03 system
> on a VM you could use... nothing you could hurt there.
> All of my 7.6.00 systems have been upgraded to 7.6.03 or are
> off-limits pre-production.
>
> Christopher Strauss, Ph.D.
> Call Tracking Administration Manager
> University of North Texas Computing & IT Center
> http://itsm.unt.edu/
>
> -Original Message-
> From: Action Request System discussion _attend WWRUG10 www.wwrug.com ARSlist: 
> "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: Set Fields from SQL

[Mueller, Doug]

Matthew,

OR, you just have the SQL command defined like

$WHERE_CLAUSE$

and then when you finish building your WHERE clause like you are today, you
simply set the WHERE_CLAUSE field to

"SELECT C1 FROM T1 WHERE " + $WHERE_CLAUSE$

and then you own and control the entire syntax of the SQL yourself, you have
built the command you want.  And you execute it.

The issue is a matter of having the system protect you and do all the handling
of protecting quotes in values  (like if the name being substituted was
o'malley) or one where you want to take all responsibility for formatting and
making sure the command is right.

We support either option.

You don't have to go the direction of putting the clause in a table and using
a stored procedure.  You can just build the entire command yourself instead of
building just 1/2 of it.

Just another option that is a bit simpler and more efficient.

Doug Mueller 

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Matthew Perrault
Sent: Monday, September 27, 2010 11:42 AM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

The only issue I have with this,
Is I have a filter that has a Direct SQL action.
In it I specify the SQL command like:
SELECT C1 FROM T1 Where '$WHERE_CLAUSE$'

I dynamically build the where clause and set it into that field.
So I have something like Name = 'shmoe' and eye_color = 'Blue'
Unfortunately the ARS engine comments out the 'shmoe' and 'Blue'
To look like ''shmoe'' and ''Blue''
This then causes the SQL to fail.

What I was forced to do was drop the Where Clause into a SQL table,
Build the SELECT statement through a Stored Procedure using an EXEC statement.

It works but it was a cludgy way of doing things.
I would love for on the DIRECT SQL action, a check box to say turn off 
Commentation,
So that it won't add those extra quotes.

I did submit a request, but of course BMC just rejected it.
Thanks guys

Matt P.
-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Opela, Gary L CTR USAF ABW 72 
ABW/SCOOA
Sent: Monday, September 27, 2010 12:32 PM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Roy, if you have more information on this, you can look up 'SQL
Injection'.



Thanks,

Gary Opela, Jr.
Sr. Remedy Engineer
Avaya Phone Admin
RSP Cert, Sec+
COMM: 405 582 4272


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Mueller, Doug
Sent: Monday, September 27, 2010 12:27 PM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Roy,

What you are seeing is what is designed.

We protect you against illegal SQL or someone trying to play with
breaking
your SQL by sticking SQL inside other SQL by properly protecting against
any
bad SQL by always quoting any text substituted into the command.  This
prevents
anyone from mis-appropriating your SQL command with bad text.

Now, you also found that we gave you an out.  If you as Administrator
make
the ENTIRE SQL command a substitution, then we give up and say you are
substituting the entire command so you must know what you are doing and
we
assume you are doing whatever protecting from bad SQL the customer may
do.



For those who wonder "what does he mean bad sql"?

What if you had a command like the following:

SELECT a FROM b WHERE ColName = '$subs parameter$'

If the user would enter

aa'; DROP TABLE xx; Select a from b where ColName = 'xyz

as the data value for subs paramter  They can "complete the
command", issue
another SQL command, and then do something so that the command is valid
again
to avoid an error.  This would allow bad SQL to be submitted by the
customer.

By always quoting and escaping any user quotes, we prevent that.

If you create the entire command yourself, you have to protect against
the
end user entering text that is like the above that could affect your SQL
command syntax


I hope this explaination helps with why the system works the way it
does.

Doug Mueller 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA
2 SYOS/SYOE
Sent: Wednesday, September 22, 2010 7:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Never mind. A coworker suggested trying to build the enter SQL query in
a
separate character field and then substitute that into the SQL set
fields
rather than building it piecemeal there. That worked, it did not escape
the
single quotes using this action.

Thanks,
Roy



//SIGNED//
ROY ASHCRAFT, Contractor, 2 SOS/SYOE
Remedy ARS Support, SAIC
(402) 294-8225, DSN 271-8225
roy.ashcraft@offutt.af.mil


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA
2
SYOS/SYOE
Sent: Wednesday, September 22, 2010 8:59 AM
To: arslist@A

Re: Set Fields from SQL

[Matthew Perrault]

The only issue I have with this,
Is I have a filter that has a Direct SQL action.
In it I specify the SQL command like:
SELECT C1 FROM T1 Where '$WHERE_CLAUSE$'

I dynamically build the where clause and set it into that field.
So I have something like Name = 'shmoe' and eye_color = 'Blue'
Unfortunately the ARS engine comments out the 'shmoe' and 'Blue'
To look like ''shmoe'' and ''Blue''
This then causes the SQL to fail.

What I was forced to do was drop the Where Clause into a SQL table,
Build the SELECT statement through a Stored Procedure using an EXEC statement.

It works but it was a cludgy way of doing things.
I would love for on the DIRECT SQL action, a check box to say turn off 
Commentation,
So that it won't add those extra quotes.

I did submit a request, but of course BMC just rejected it.
Thanks guys

Matt P.
-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Opela, Gary L CTR USAF ABW 72 
ABW/SCOOA
Sent: Monday, September 27, 2010 12:32 PM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Roy, if you have more information on this, you can look up 'SQL
Injection'.



Thanks,

Gary Opela, Jr.
Sr. Remedy Engineer
Avaya Phone Admin
RSP Cert, Sec+
COMM: 405 582 4272


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Mueller, Doug
Sent: Monday, September 27, 2010 12:27 PM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Roy,

What you are seeing is what is designed.

We protect you against illegal SQL or someone trying to play with
breaking
your SQL by sticking SQL inside other SQL by properly protecting against
any
bad SQL by always quoting any text substituted into the command.  This
prevents
anyone from mis-appropriating your SQL command with bad text.

Now, you also found that we gave you an out.  If you as Administrator
make
the ENTIRE SQL command a substitution, then we give up and say you are
substituting the entire command so you must know what you are doing and
we
assume you are doing whatever protecting from bad SQL the customer may
do.



For those who wonder "what does he mean bad sql"?

What if you had a command like the following:

SELECT a FROM b WHERE ColName = '$subs parameter$'

If the user would enter

aa'; DROP TABLE xx; Select a from b where ColName = 'xyz

as the data value for subs paramter  They can "complete the
command", issue
another SQL command, and then do something so that the command is valid
again
to avoid an error.  This would allow bad SQL to be submitted by the
customer.

By always quoting and escaping any user quotes, we prevent that.

If you create the entire command yourself, you have to protect against
the
end user entering text that is like the above that could affect your SQL
command syntax


I hope this explaination helps with why the system works the way it
does.

Doug Mueller 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA
2 SYOS/SYOE
Sent: Wednesday, September 22, 2010 7:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Never mind. A coworker suggested trying to build the enter SQL query in
a
separate character field and then substitute that into the SQL set
fields
rather than building it piecemeal there. That worked, it did not escape
the
single quotes using this action.

Thanks,
Roy



//SIGNED//
ROY ASHCRAFT, Contractor, 2 SOS/SYOE
Remedy ARS Support, SAIC
(402) 294-8225, DSN 271-8225
roy.ashcraft@offutt.af.mil


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA
2
SYOS/SYOE
Sent: Wednesday, September 22, 2010 8:59 AM
To: arslist@ARSLIST.ORG
Subject: Set Fields from SQL

-- Information from the mail header
---
Sender:   "Action Request System discussion list(ARSList)"


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow

[Sanford, Claire]

I think this is an awesome Idea!  I would love to have an OOTB instance
of 7.6.x to just look at to compare to my 6.0 just to see what the
upgrade will entail in terms of customizations.   Heck the competition
does this and you don't even have to be a customer.
 



Claire Sanford 
Information Systems Division 
Memorial Hermann Healthcare System 
Phone: 713 448 6035 
claire.sanf...@memorialhermann.org 




From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of patrick zandi
Sent: Monday, September 27, 2010 12:22 PM
To: arslist@ARSLIST.ORG
Subject: Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow


** Ya know, this brings up a thought... Dave?  do you think it is
feasible to have a couple of servers with 2 or 3 instances of the latest
version for people to Demo over the web. Seems to be this is a Sales
promotion.. Demo Lab Free for a day, then it is wiped .. After all with
the BMC Bladelogic, you should be able to schedule a provisioned install
on a small ESX server no problem, (every 3 days or something) and
customers who have access to the WEB Support can login and check it out,
play, and pook around.


On Mon, Sep 27, 2010 at 1:07 PM, Rabi Tripathi 
wrote:


--- On
Thanks a lot! It came handy...to supplement my talking points.

--- On Thu, 9/23/10, strauss  wrote:

> From: strauss 
> Subject: Re: ITSM 7.5 or 7.6, need an instance for a
demo...tomorrow
> To: arslist@ARSLIST.ORG
> Date: Thursday, September 23, 2010, 5:56 PM

> I do have a sample data 7.6.03 system
> on a VM you could use... nothing you could hurt there. 
> All of my 7.6.00 systems have been upgraded to 7.6.03 or are
> off-limits pre-production.
>
> Christopher Strauss, Ph.D.
> Call Tracking Administration Manager
> University of North Texas Computing & IT Center
> http://itsm.unt.edu/
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:arsl...@arslist.org]
> On Behalf Of Rabi Tripathi
> Sent: Thursday, September 23, 2010 3:58 PM
> To: arslist@ARSLIST.ORG
> Subject: ITSM 7.5 or 7.6, need an instance for a
> demo...tomorrow
>
> Hi all, this is a long shot, but I am trying any way.
> Anybody with ITSM 7.5 or 7.6 instance willing to let me use
> it tomorrow for a demo?
>
> I am doing an internal demo. 4 VM disks with ITSM that
> somebody was nice to send me turned out to be unusable.
>
> All I need to do is setup a few people and CIs ahead of
> time and then create a few IM/PM/CM records during the demo.
> It would be nice if I could access it some time today to
> setup my storyline.
>
> TIA.
>
>
>  
>
>

___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers
> Are"
>
>

___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers
> Are"
>






___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"





-- 
Patrick Zandi
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: Set Fields from SQL

[Opela, Gary L CTR USAF ABW 72 ABW/SCOOA]

Roy, if you have more information on this, you can look up 'SQL
Injection'.



Thanks,

Gary Opela, Jr.
Sr. Remedy Engineer
Avaya Phone Admin
RSP Cert, Sec+
COMM: 405 582 4272


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Mueller, Doug
Sent: Monday, September 27, 2010 12:27 PM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Roy,

What you are seeing is what is designed.

We protect you against illegal SQL or someone trying to play with
breaking
your SQL by sticking SQL inside other SQL by properly protecting against
any
bad SQL by always quoting any text substituted into the command.  This
prevents
anyone from mis-appropriating your SQL command with bad text.

Now, you also found that we gave you an out.  If you as Administrator
make
the ENTIRE SQL command a substitution, then we give up and say you are
substituting the entire command so you must know what you are doing and
we
assume you are doing whatever protecting from bad SQL the customer may
do.



For those who wonder "what does he mean bad sql"?

What if you had a command like the following:

SELECT a FROM b WHERE ColName = '$subs parameter$'

If the user would enter

aa'; DROP TABLE xx; Select a from b where ColName = 'xyz

as the data value for subs paramter  They can "complete the
command", issue
another SQL command, and then do something so that the command is valid
again
to avoid an error.  This would allow bad SQL to be submitted by the
customer.

By always quoting and escaping any user quotes, we prevent that.

If you create the entire command yourself, you have to protect against
the
end user entering text that is like the above that could affect your SQL
command syntax


I hope this explaination helps with why the system works the way it
does.

Doug Mueller 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA
2 SYOS/SYOE
Sent: Wednesday, September 22, 2010 7:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Never mind. A coworker suggested trying to build the enter SQL query in
a
separate character field and then substitute that into the SQL set
fields
rather than building it piecemeal there. That worked, it did not escape
the
single quotes using this action.

Thanks,
Roy



//SIGNED//
ROY ASHCRAFT, Contractor, 2 SOS/SYOE
Remedy ARS Support, SAIC
(402) 294-8225, DSN 271-8225
roy.ashcraft@offutt.af.mil


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA
2
SYOS/SYOE
Sent: Wednesday, September 22, 2010 8:59 AM
To: arslist@ARSLIST.ORG
Subject: Set Fields from SQL

-- Information from the mail header
---
Sender:   "Action Request System discussion list(ARSList)"


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: Set Fields from SQL

[Mueller, Doug]

Roy,

What you are seeing is what is designed.

We protect you against illegal SQL or someone trying to play with breaking
your SQL by sticking SQL inside other SQL by properly protecting against any
bad SQL by always quoting any text substituted into the command.  This prevents
anyone from mis-appropriating your SQL command with bad text.

Now, you also found that we gave you an out.  If you as Administrator make
the ENTIRE SQL command a substitution, then we give up and say you are
substituting the entire command so you must know what you are doing and we
assume you are doing whatever protecting from bad SQL the customer may do.



For those who wonder "what does he mean bad sql"?

What if you had a command like the following:

SELECT a FROM b WHERE ColName = '$subs parameter$'

If the user would enter

aa'; DROP TABLE xx; Select a from b where ColName = 'xyz

as the data value for subs paramter  They can "complete the command", issue
another SQL command, and then do something so that the command is valid again
to avoid an error.  This would allow bad SQL to be submitted by the customer.

By always quoting and escaping any user quotes, we prevent that.

If you create the entire command yourself, you have to protect against the
end user entering text that is like the above that could affect your SQL
command syntax


I hope this explaination helps with why the system works the way it does.

Doug Mueller 

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA 2 
SYOS/SYOE
Sent: Wednesday, September 22, 2010 7:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Set Fields from SQL

Never mind. A coworker suggested trying to build the enter SQL query in a
separate character field and then substitute that into the SQL set fields
rather than building it piecemeal there. That worked, it did not escape the
single quotes using this action.

Thanks,
Roy



//SIGNED//
ROY ASHCRAFT, Contractor, 2 SOS/SYOE
Remedy ARS Support, SAIC
(402) 294-8225, DSN 271-8225
roy.ashcraft@offutt.af.mil


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA 2
SYOS/SYOE
Sent: Wednesday, September 22, 2010 8:59 AM
To: arslist@ARSLIST.ORG
Subject: Set Fields from SQL

-- Information from the mail header
---
Sender:   "Action Request System discussion list(ARSList)"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow

[patrick zandi]

Ya know, this brings up a thought... Dave?  do you think it is feasible to
have a couple of servers with 2 or 3 instances of the latest version for
people to Demo over the web. Seems to be this is a Sales promotion.. Demo
Lab Free for a day, then it is wiped .. After all with the BMC Bladelogic,
you should be able to schedule a provisioned install on a small ESX server
no problem, (every 3 days or something) and customers who have access to the
WEB Support can login and check it out, play, and pook around.

On Mon, Sep 27, 2010 at 1:07 PM, Rabi Tripathi  wrote:

> --- On
> Thanks a lot! It came handy...to supplement my talking points.
>
> --- On Thu, 9/23/10, strauss  wrote:
>
> > From: strauss 
> > Subject: Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow
> > To: arslist@ARSLIST.ORG
> > Date: Thursday, September 23, 2010, 5:56 PM
> > I do have a sample data 7.6.03 system
> > on a VM you could use... nothing you could hurt there.
> > All of my 7.6.00 systems have been upgraded to 7.6.03 or are
> > off-limits pre-production.
> >
> > Christopher Strauss, Ph.D.
> > Call Tracking Administration Manager
> > University of North Texas Computing & IT Center
> > http://itsm.unt.edu/
> >
> > -Original Message-
> > From: Action Request System discussion list(ARSList)
> > [mailto:arsl...@arslist.org]
> > On Behalf Of Rabi Tripathi
> > Sent: Thursday, September 23, 2010 3:58 PM
> > To: arslist@ARSLIST.ORG
> > Subject: ITSM 7.5 or 7.6, need an instance for a
> > demo...tomorrow
> >
> > Hi all, this is a long shot, but I am trying any way.
> > Anybody with ITSM 7.5 or 7.6 instance willing to let me use
> > it tomorrow for a demo?
> >
> > I am doing an internal demo. 4 VM disks with ITSM that
> > somebody was nice to send me turned out to be unusable.
> >
> > All I need to do is setup a few people and CIs ahead of
> > time and then create a few IM/PM/CM records during the demo.
> > It would be nice if I could access it some time today to
> > setup my storyline.
> >
> > TIA.
> >
> >
> >
> >
> >
> ___
> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> > attend wwrug10 www.wwrug.com ARSlist: "Where the Answers
> > Are"
> >
> >
> ___
> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> > attend wwrug10 www.wwrug.com ARSlist: "Where the Answers
> > Are"
> >
>
>
>
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
>



-- 
Patrick Zandi

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow

[Rabi Tripathi]

--- On 
Thanks a lot! It came handy...to supplement my talking points.

--- On Thu, 9/23/10, strauss  wrote:

> From: strauss 
> Subject: Re: ITSM 7.5 or 7.6, need an instance for a demo...tomorrow
> To: arslist@ARSLIST.ORG
> Date: Thursday, September 23, 2010, 5:56 PM
> I do have a sample data 7.6.03 system
> on a VM you could use... nothing you could hurt there. 
> All of my 7.6.00 systems have been upgraded to 7.6.03 or are
> off-limits pre-production.
> 
> Christopher Strauss, Ph.D.
> Call Tracking Administration Manager
> University of North Texas Computing & IT Center
> http://itsm.unt.edu/
> 
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:arsl...@arslist.org]
> On Behalf Of Rabi Tripathi
> Sent: Thursday, September 23, 2010 3:58 PM
> To: arslist@ARSLIST.ORG
> Subject: ITSM 7.5 or 7.6, need an instance for a
> demo...tomorrow
> 
> Hi all, this is a long shot, but I am trying any way.
> Anybody with ITSM 7.5 or 7.6 instance willing to let me use
> it tomorrow for a demo?
> 
> I am doing an internal demo. 4 VM disks with ITSM that
> somebody was nice to send me turned out to be unusable.
> 
> All I need to do is setup a few people and CIs ahead of
> time and then create a few IM/PM/CM records during the demo.
> It would be nice if I could access it some time today to
> setup my storyline.
> 
> TIA.
> 
> 
>       
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers
> Are"
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers
> Are"
> 




___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Subscribe

[Howard Richter]

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Company/multitenancy

[Philip, Saji L]

Hello, Listers

Need some advice here.  Our management team would like to utilize 
Operational Categorization based on the Support Group.  I know Company allows 
me to segregate by global or by company.

Has anyone implemented where this was a requirement.  One Main 
Company, with divisions whereby, unique categorization is used based on the 
support group you are assigned to.




___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: Help with atrium web services

[Guillermo Alfredo Torres Barron]

Hi Peter
RAC is a cluster, we have three oracle instances and them group in a Oracle 
service name
No, we area installing BMC atrium web services in a same ar server box
Thanks in advance
Greetings

-Mensaje original-
De: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] 
En nombre de Peter Romain
Enviado el: Domingo, 26 de Septiembre de 2010 04:19 p.m.
Para: arslist@ARSLIST.ORG
Asunto: Re: Help with atrium web services

I've installed Atrium Web Services 7.6 Patch 1 on an Oracle 11 database; I
don't think it's a RAC though.

Are you installing this on a separate server/zone as per BMC recommendation?

If so, Have you got the Oracle client installed on the Solaris box?

Have you set the Oracle variables in the profile of the user you are
installing under, e.g.

export ORACLE_HOME=/opt/oracle/product/client10g
export PATH=$PATH:$ORACLE_HOME/bin

With these set the installer should be able to find the tnsnames.ora file.

I guess the tnsnames.ora file contains the connection that you entered the
SID for?

Cheers

Peter


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Guillermo Alfredo Torres Barron
Sent: 26 September 2010 21:24
To: arslist@ARSLIST.ORG
Subject: Help with atrium web services

Hi dear listers
During the execution of the BMC Atrium Web Services´s installer after the
specification of the data base server and after entering the username and
password "system" displays the following message:
 
"Listener refused the connection with the following error:ORA-12505,
TNS:listener does not currently know of SID given in connect descriptor of
SID given in connect descriptor.
 
Our database is on Oracle RAC, but I try install on a standalone database
and appear the next error:
 
"Invalid database instance"
 
Any idea?, what is your experience with installation of BMC Atrium Web
Services on Oracle RAC?
 
System
AR Server 7.5 patch 04
BMC Atrium 7.5 patch 02  installer
Database: Oracle 11g
Oracle RAC
S.O.: Solaris 10
 
Greetings from Mexico City.



...
Este correo electronico es confidencial y/o puede contener informacion
privilegiada.
Si usted no es su destinatario o no es alguna persona autorizada por este
para recibir sus correos electronicos, NO debera usted utilizar, copiar,
revelar, o tomar ninguna accion basada en este correo electronico o
cualquier otra informacion incluida en el, favor de notificar al remitente
de inmediato mediante el reenvio de este correo electronico y borrar a
continuacion totalmente este correo electronico y sus anexos.
Nota: Los acentos y caracteres especiales fueron omitidos para su correcta
lectura en cualquier medio electronico.

This e-mail is confidential and/or may contain privileged information.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any
other information herein, please advise the sender immediately by reply this
e-mail and delete this e-mail and  its attachments. 

...


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"


...
Este correo electronico es confidencial y/o puede contener informacion 
privilegiada.
Si usted no es su destinatario o no es alguna persona autorizada por este para 
recibir sus correos electronicos, NO debera usted utilizar, copiar, revelar, o 
tomar ninguna accion basada en este correo electronico o cualquier otra 
informacion incluida en el, favor de notificar al remitente de inmediato 
mediante el reenvio de este correo electronico y borrar a continuacion 
totalmente este correo electronico y sus anexos.
Nota: Los acentos y caracteres especiales fueron omitidos para su correcta 
lectura en cualquier medio electronico.

This e-mail is confidential and/or may contain privileged information.
If you are not the addressee or authorized to receive this for the addressee, 
you must not use, copy, disclose, or take any action based on this message or 
any
other information herein, please advise the sender immediately by reply this 
e-mail and delete this e-mail and  its attachments. 
...

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www

ADM: MVP Voting reminder

[daniel on squirrel]

Last week to vote for our two nominees this year for Most Valuable Poster:

 

Joe DeSouza

 

and

 

Frederick W. Grooms

 

Please send all votes to:

daniel.bl...@danielbloom.ca

 

 

And now is the time to register for  WWRUG10 www.wwrug10.com,

You can see the content loaded schedule on the web site.

 

It is the most cost effective way to get up to date on the latest from BMC

and the 3rd party products.  At the same time you have the opportunity to

talk to the people that created them.

 

Of course, you also get to put faces to names from the ARSlist and share
knowledge 

in person in a dynamic environment that can lead to solutions you hadn't
thought of yet.

 

Granted we keep you busy most of the time, but don't forget you can get the
conference rate

the weekend before the conference and the Friday/Saturday afterwards.

 

 Dan

p.s. and see the ARSlist Awards live :-)

 

 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: Remedy 6.3 - DSO Process always stopping

[Doug Blair]

Hi Kaye!

There are lots of factors that can slow DSO down but your biggest issue is the 
20 records. In addition to looking at indexing on the pending table take a 
long look at all the different cases that are triggering a DSO record. In 
particular, make sure that any filter that fires on merge includes 

AND $USER$ != "Distributed Server"

So you don't go back and forth between servers. 


Doug

--
Doug Blair
Sent from my iPhone4, typographic errors likely
+1-224-558-5462

On Sep 26, 2010, at 8:23 PM, Kaye Bernales  
wrote:

> **
> Hi List,
>  
> We are running on AR System 6.3 (Solaris - Sybase).  We've recently been 
> having problems with DSO process.  The DSO queue grew up to more than 200k 
> records and process seems to always die.  AR Monitor doesn't seem to be 
> restarting it.  The process slowed down and we got to a point where it only 
> processes 1000 records per hour.  We tried restarting the Remedy service and 
> it made processing faster - however, after a few hours, it started slowing 
> down again. 
>  
> There are no problems with Database nor Unix servers.
>  
> Any ideas why DSO process keeps on dying and how we could get more 
> information?
>  
> Thanks!
> Kaye
> NOTICE
> 
> The information contained in this email is confidential. If you are not the 
> intended recipient, you must not disclose or use the information in this 
> email in any way. If you received it in error, please tell us immediately by 
> return email and delete the document. We do not guarantee the integrity of 
> any e-mails or attached files and are not responsible for any changes made to 
> them by any other person.
> 
>  
> 
> _attend WWRUG10 www.wwrug.com  ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

7.6.03 Installation Woes

[Ben Chernys]

Hi Folks,

 

I attempted to install 7.6.03 on my laptop in a new VM (64 bit, Windows 2008
Enterprise server running 8Gb, 2 dual core CPUs) in several ways:

1)  The pre-packaged ITSM install  (w/ MS SQL Server 2008 64bit
installed)

2)  The single AR install w/ MS SQL Server

3)  The single AR install w/ Oracle 11g

 

In all cases the installer seems to think an upgrade is desired and picks up
the first byte of the v4 IP address as a server name "192" and reports
connectivity problems to that.

 

These are all new installs to a new machine with the OS and the DB
installed.  I did not have the loop-back adapter but that only causes
problems with the Oracle management app.  (I will reinstall that later).
There are no environment vars set that I would think would interfere w/ ARS.

 

If anyone has any clue what the problem and work-around may be, I would
certainly appreciate it.

 

Thanks

Ben Chernys

Senior Software Architect
Software Tool House Inc.

Canada / Deutschland / Germany
Mobile:  +49 171 380 2329GMT + 1 + [ DST ]
Email:
Ben.Chernys_AT_softwaretoolhouse.com
Web:   www.softwaretoolhouse.com

Check out Software Tool House's free Diary Editor.

Meta-Update, our premium ARS Data tool, lets you automate 
your imports, migrations, in no time at all, without programming, 
without staging forms, without merge workflow. 
  http://www.softwaretoolhouse.com/  

 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"