Hi,
thank's for your answers.
The web service isn't exposed from Remedy.
I tried with a client for web services (with WebService Studio) but I was not
able to consume too.
I try with SoapUi and i upgrade you.
Best Regard,
David.
Remedy webservices uses anonymous authentication method instead of Windows OR
NTLM method.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Team Remedy
Sent: Monday, October 08, 2012 1:09 PM
To: arslist@ARSLIST.ORG
Hi John
For the session timeout, i found the setting under web, in user preferences.
looks like some people had no timeout setting at all, some had 5 hours. I have
logged an internal RFC to globally reset everyone’s to one hour, and also to
set mid-tier webserver timeout to the same to cover
Dan
The Java servlet apidocs does allow a max inactive value to be set on a
session so I guess that's how it's being done, but the preference is an
interesting design choice.
The form auto-complete functionality is easy to achieve:
Hi all,
It appears that in version 8 the data management tool has been replaced by the
Atrium Integrator.
I am trying to find any documentation on how to use it for foundation data load
or updates, but so far with not much luck. Hop it is just me.
Can anybody point me in the right direction,
hi John
so if i open up login.jsp on each of my mid-tiers, and i modiofy the code on
lines 4 and 8, to include autocomplete=off you think i will get what i
need? i am not a coder, so the fact this is JSP, does that matter?
1 td class=login nowrap=nowrap width=20 nbsp;/td
2 td
Hi
I believe there is no major change on most of the background forms and
architecture in version 8 from version 7.6.04. In this case you can use DMT
7.6.04 to upload foundation data.
Thanks,
Anand
-Original Message-
From: Action Request System discussion list(ARSList)
sorry to hijack, but does anyone know is the integrator module is now supported
in server group envirnment? i am pretty sure it was ont he proposed list for v8
great that DMT from 7604 will still work though
___
Dan,
This is considered as an enhancement of AI in version 8.0. See here
for more details :
https://docs.bmc.com/docs/display/public/ac80/Atrium+Integrator+enhancements
**
Atrium Integrator in server group environment and
Hello
Yes, you can add autocomplete=off to input elements, ie:
input name=%=Params.USERNAME%
maxlength=%=Params.USERNAME_LENGTH% id=username-id
value=%=com.remedy.arsys.share.HTMLWriter.escape(name)%
class=loginfield size=30 type=text
autocomplete=off
John
Dan,
1 - Privilege Escalation - I can't speak to the service catalog (I think that's
by design)...but if you need the preference record to be only viewable by
themselves, you could change the permission on field 1 to only allow the
'Submitter' group access. This isn't a case of privilege
We have a simple request in SRM that we would like to create a Work Order that
is active from the beginning. Is this possible without customization? I can
assign it automatically of course, but is there something I can configure to
have the WO start with a status of In Progress so the Tasks are
Good Day, All:
I'm having trouble with an AIE job and am hoping someone else may have run into
this issue. I'm trying to use the process| feature to set a field with the
return value of an external process. Really I'm not interested in the return
value, I just want the process to run. The
Phil,
I assume you have executed the batch file with the same command line without
issue?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Murnane, Phil
Sent: Monday, October 08, 2012 7:24 AM
To: arslist@ARSLIST.ORG
Dan,
For the session timeout, i found the setting under web, in user preferences:
As Mr. Baker pointed out, there is also a global timeout setting in the
Mid-Tier Configuration that's not changeable by the end user.
Tim
-Original Message-
From: Action Request System discussion
LJ,
2. Improper error handling
The concern would be that the SQL message may reveal information that
allows a third party to establish the type of database, IP address, etc.
They would then be in a position to mount an attack with information
known about that database, ie current security
John,
I would personally be more concerned about someone having a 'clone' of my
system and gaining more information than them being able to glean much from
error messages. Yes, I understand that an error message from the underlying
vendor db (SQL Server) for example tells them what DB you are
LJ
Yes, the SQL error documented contains little value, but other messages
could contain value. However, this all has to be balanced with, as you
suggest, the type of data held in AR System. Service desk information is
probably less sensitive than HR data, although infrastructure-related
tickets
Could the FORCED BROWSING be a case of the tester having an open browser on a
form and then opening another browser? Because they are logged in under one
browser session a second will see the login and not ask for credentials.
Fred
-Original Message-
From: Action Request System
Good morning, afternoon and evening all,
Before we upgraded to 7.6.4 (ITSM and Arserver) we were on 7.5.6 and ITSM
7.6.1, and was able to query the MSSQL 2005 database directly, to pull some
reporting data back.
Since upgrading to 7.6.4 (ITSM and ARserver) and going to MSSQL 2008, when our
Is there an easy way to share a search, which I've created, with others now
that we're on the browser client? (One department wants to search on Work
Orders, and since all of the detail fields are unlabeled, they have no
realistic way to make the search themselves.)
Kelly Logan, Sr. Systems
The CWE database does a good job of enumerating and outlining various
weaknesses in applications. For this specific case, see CWE-209.
http://cwe.mitre.org/data/definitions/209.html
The pen-testing tools that are out there wrap around these commonly agreed
upon weaknesses to generate a report
Did you look at ar central preferences form. I believe there is a form to store
searches which you can use for your purpose.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com
Listers,
Sounds to me like you guys need to set a Birds of a Feather session about
hardening the MidTier for use on the public Internet at WWRUG12 next week, huh?
WWRUG12 has more than a hundred sessions this year, and some of them will touch
on security issues, but what better way to bring
If you know how to create a web report from the report console, there is an
option to specify the type of report, public or private. If you select
public, anyone should be able to access and run the report
-Karthik
On 8 October 2012 20:28, patchsk vamsi...@gmail.com wrote:
Did you look at ar
Hi,
I'm no SQL Server expert ;) But you do have a snapshot functionnality
that may be the source of your problems. Disabling or at least having
it tuned could also benefit the whole application. You can use WITH
NOLOCK with your select statement to force it at run time.
You have the equivalent
Howard,
When we performed the same upgrade, ironically from same app/db versions to
same app/db versions, Part of the upgrade recommended running some commands to
prevent deadlocksdid you by chance run those commands? You should be able
to check the db guide for 7.6.04, or even the what's
Howard
Which SP you are on 7604
Overview console 7604 default installation is single threaded causing
perfomance issues. BMC has a hot fix for this.
Also check SNAPSHOT ISOLATION and READ COMMIT SNAPSHOT value on DB Side
Regards
Ravi Rai
Date: Mon, 8 Oct 2012 10:51:59 -0400
From:
Thanks LJ Karthik:
The batch file runs fine on its own directly from the command prompt.
I've run various tests and some can produce .log files, so I know AIE has
permissions to execute cmd.exe. I can summarize the tests if it'd be helpful,
but I didn't want to bias opinions right off the
Hi
try
dir c:\temp | find filename.ext c:\temp\filename.log
is append, sometimes if the file does not exist The append fails, I have no
idea why. also for some weird reason the space matters. The command will run
fine from a DOS prompt but will fail if run from within Remedy. Also
Hello,
I wonder if anyone can share any experience or recommendations on how do
you organize your Remedy administration team, specially in large companies,
since I believe there has too be at least two teams, one team focused on
the technical side of Remedy and its related infrastructure, mosty
Ravi,
We are on SP3 of the ARserver and SP2 of ITSM.
I have asked my DB to look at the two snapshot values you talked about.
By the way what should they be to prevent this type of issue.
Thanks again and take care,
Howard
Sent from one of Howard's iPads
On Oct 8, 2012, at 11:29 AM, ravi rai
Howard,
ALLOW_SNAPSHOT_ISOLATION and READ_COMMITTED_SNAPSHOT Turning on
these help
Read operations retrieve a consistent snapshot of the database.
SELECT statements do not lock data during a read operation (readers do not block
writers, and vice versa).
SELECT statements can access the last
Ravi,
Thanks I will.
Howard
Sent from one of Howard's iPads
On Oct 8, 2012, at 12:55 PM, ravi rai
ravira...@hotmail.commailto:ravira...@hotmail.com wrote:
**
Howard,
ALLOW_SNAPSHOT_ISOLATION and READ_COMMITTED_SNAPSHOT Turning on
these help
Read operations retrieve a consistent snapshot
Mauricio:
I'm not sure how you're defining large, but in our enterprise we have around
10,000 employees across two main sites and several smaller satellite locations.
In terms of our Remedy support, we have a single team with people who do
everything you mention, including custom Remedy apps.
The closest I've found so far is going into 'AR System Searches Preference' and
making a copy of the search I saved for each of the users involved. Functional,
but annoying to maintain.
Vamsi - I'm not sure what form you mean for ar central preferences.
Karthik - Web report would be a good
The knowledge article below references that this is not support
out-of-the-box but that there has been success manually adding these
values to the Data Import Tool load forms for Support Functional
Roles.
Has anyone has success with this?
Data Load Tool is not recognizing these new values on
Kelly,
I think the Defined Search in the form properties will allow you to create a
search that anyone with filed/form permissions can use.
The properties are view based so I would also assume that you can have a
different defined search . There are multiple slots for defined searches.
Thank
Hi all,
I'm getting an error in our Remedy 7.6.4 midtier. It appears randomly and then
goes away after restarting the midtier server. It happens in the ClientCore.js
file.
Uncaught TypeError: Cannot call method 'WorkflowComplete' of undefined
There is also an error that appears along with
That's a good idea too, John, though that requires modifying the Work Order
form (view) itself. I would prefer a solution on the configuration level, as
parameters in the search could change over time.
Kelly Logan, Sr. Systems Administrator (Remedy, Planview), GMS
ProQuest | 789 E. Eisenhower
Sorry I was referring the Search Preferences form only. I was not able
to remind the actual form name.
It that is too much work then how about creating this search and making it
available to all users through Defined Searches in the Form View properties?
Hello All,
I have been approached and asked about how we can re-use Login Id' and I've
never been asked to do this anywhere else. Of course my initial reply was
We shouldn't Do That, but I need more of a justification as the company
reuses login ids via AD as a standard.
Ive told them Login Id is
Jason,
There was a rather lengthy discussion of that topic a few months ago that may
be able to answer some of your questions.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jase Brandon
Sent: Monday, October 08, 2012
Jase,
What do you mean by re-use login id? Re-use login-Id for what purpose you
mean?
-Karthik
On Oct 9, 2012 12:57 AM, Longwing, LJ CTR MDA/IC lj.longwing@mda.mil
wrote:
Jason,
There was a rather lengthy discussion of that topic a few months ago that
may be able to answer some of your
It is an incredibly bad security practice because it destroys any
accountability for identity management. It is akin to reusing the social
security numbers of deceased persons for newborns (try that analogy on them).
We do battle with our PeopleSoft drones over this regularly, but it's really
Thanks, Shafqat - I'll try with adding the space after the sign.
I do need to use though; to keep a running log of files that were processed
(filename.ext is replaced frequently, and the log file keeps track of the
date/time size of each file). If necessary I'll 'touch filename.log' to
To echo Chris, I hope you don't work for a public company because that has
to be against some sort of Sarbanes-Oxley regulation.
Sent from my iPhone
On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edu wrote:
**
It is an incredibly bad security practice because it destroys any
accountability
I said the same thing guys. Let me elaborate a tad. They use a unique id
for their company (custom attribute on the People form) that allows
internal identification based on their unique identifier attribute, so they
clam this will be acceptable when it comes to audits, I also brought up the
Maybe using their unique corporate id in the login name field, and using their
Login in the special 'authentication alias' (I think that's what it's called)
field on the user form (see docs) will be the best approach.
Then all your last modified by, used by relationships, assignee login id's
Jase:
There's something I'm not following here...if this unique ID/custom attribute
is for the company, why isn't it still possible that our hypothetical Joe and
Judy Jones might both work for that company? Can you say a little more about
what make this identifier unique?
Thanks,
Natalie
50 matches
Mail list logo
