IDS and Open SOurce

8/2/2019 IDS and Open SOurce

1/49

Open Source and InformixDynamic Server

Jonathan LefflerIBM Information Management

L13

Thursday 11th

May 2006 10:00 11:10

A brief discussion of how to use IDS with a wide variety of Open Source languages

- Perl, Tcl/Tk, Python, PHP, etc.


2/49

2

Agenda

Open Source Connecting to IDS

Perl, DBI, and DBD::Informix

Tcl/Tk and isqltcl

PHP

Aubit 4GL

SQLCMD

SQSL

Python

Ruby

Projects marked with a star have separate presentations


3/49

3

Open Source

What is Open Source? Which rock have you been hiding under? Software released under an Open Source license

Conformant with the Open Source Definition Found at http://www.opensource.org/

Free Redistribution Source Code Derived Works Permitted No Discrimination Against People or Groups No Discrimination Against Fields of Endeavour Distribution of License


4/49

4

Open Source Licenses

There are many Open Source licenses GPL GNU Public License

LGPL Lesser GNU Public License

BSD Berkeley Systems Distribution

MIT Massachussetts Institute of Technology

MPL Mozilla Public License

Academic Free License

Open Software License

Nearly 60 licenses at the Open Source Initiative!


5/49

5

Informix Database Connectivity

ESQL/C The original connectivity. Standardized in SQL by ISO/IEC 9075:1992

ODBC Originally defined by Microsoft. Standardized (as CLI) by ISO/IEC 9075-3:1996.

JDBC Java analogue of ODBC. Standardized by Sun.

All of these are proprietary. But can be used with Open Source software.


6/49

6

ESQL/C

Preprocessor that converts extended C into pure C. Links with specific libraries.

Separates static and dynamic SQL. Even though Informix does not really do so.int main(void) {

EXEC SQL WHENEVER ERROR STOP;EXEC SQL DATABASE Stores;EXEC SQL BEGIN WORK;EXEC SQL DROP TABLE Customer;EXEC SQL ROLLBACK WORK;return(0);

}


7/49

7

ODBC

Database agnostic. Separates driver manager from drivers.

Different drivers can be loaded at run time.

You can avoid database-specific features.

But sometimes you want to use them.

All statements are dynamic.

De-emphasized by Microsoft

In favour of newer technologies

ADO, .NET


8/49

8

JDBC

Database agnostic.

Drivers have different levels of Java-ness.

Type 4: pure Java usually the best type to use.

The other way to connect in Java is ESQL/J.

Not widely accepted.

JDBC is the lingua franca of the Java database world.


9/49

9

Perl Practical Extraction and ReportLanguage

Originally written by Larry Wall Version 1.0 in 1987

Version 5.0 in 1994

Version 6 under development (2+ years so far)

Current stable version:

5.8.7 June 2005

Obtain via CPAN

Comprehensive Perl Archive Network

http://www.cpan.org/


10/49


11/49


12/49


13/49

Danger Danger Danger! SQL Injection Danger

Danger Danger!

If the code did not use $dbh->quote and embedded $name instead of $xname is asecurity breach (SQL injection exploit) ready to happen.

Consider what happens if user supplies a name value: X% OR fname != X OR

fname =

The query is now:

DELETE FROM Customer WHERE Lname LIKE %X% OR fname != X OR fname

= % AND ZipCode IS NULL

This is going to delete most rows from the table most likely, all

rows.

Use $dbh->quote($name)


14/49

14

Danger SQL Injection

What happens if the code is written as: $sth = $dbh->prepare(qq{ DELETE FROM Customer WHERE

Lname LIKE %$name% AND ZipCode IS NULL });

This is a security breach ready to happen

SQL injection exploit.

What happens if the user enters this name:

X% OR fname != X OR fname =


15/49

15

Danger SQL Injection

The query is now: DELETE FROM Customer WHERE Lname LIKE %X% OR

fname != X OR fname = % AND ZipCode IS NULL

This deletes all (most) rows from the table!

Use $dbh->quote($name) if you must.

Better to use placeholders (?) in the SQL $sth = $dbh->prepare(qq{ DELETE FROM Customer WHERE

Lname LIKE ? AND ZipCode IS NULL });

SQL Injection is a serious problem in many systems it is not peculiar to Perl or

IDS.


16/49


17/49


18/49


19/49

19

Tcl/Tk and isqltcl

Tcl Tool Control Language Invented by John Ousterhout

Tk Tool Kit (GUI)

Tcl/Tk at http://www.tcl.tk/

Current version 8.4.12 December 2005.

isqltcl Informix SQL access via Tcl.

Available at http://isqltcl.sourceforge.net/

Version 5.0 released February 2002.

Builds into dynamically loadable shared library


20/49

20

Tcl/Tk Extensions

Tcl/Tk is designed to be easily extended Many extensions available for all jobs

For example Expect

Designed to handle scripting of processes

Used for automating testing

ftp://expect.nist.gov/

And many more...


21/49

21

Loading ISQLTCL

Load the ISQLTCL extension load isql.so

Adds the command sql to Tcl/Tk

tclsh

wish


22/49

22

ISQLTCL Connections

Connect to a database sql connect dbase as conn1 user \ $username

password $password

Connect to given database

sql disconnect \ [current|default|all|conn1]

Close database connection

sql setconnection [default|conn1]

Sets the specified connection


23/49

23

ISQLTCL Statements

Executable statements Statements that return no data

sql run {delete from sometable

where pkcol = ?} $pkval

Prepares and executes the statement

Optionally takes a number of arguments for placeholders

Returns zero on success; non-zero on failure


24/49

24

ISQLTCL Cursors

SELECT, EXECUTE PROCEDURE set stmt [sql open {select * from

sometable}]

Does PREPARE, DECLARE, and OPEN

Returns a statement number (id) or a negative error

Optionally takes arguments for placeholders

set row [sql fetch $stmt 1]

Collects one row of data

As a Tcl list in the variable row

The 1 is optional and means strip trailing blanks

The list is empty if there is no more data


25/49

25

ISQLTCL Cursors

sql reopen $stmt ?arg1? ?arg2?

Reopens the statement, with new parameters

sql close $stmt

Indicates you have no further use for the statement

It frees both the cursor and statement!


26/49

26

What is PHP?

Hypertext Processor Was once Personal Home Page

Version 4.4.1 released October 2005 Version 5.0.5 released September 2005 Version 5.1.1 released November 2005 An HTML scripting language

Server-side Cross-platform Embedded in HTML documents Extensible


27/49

27

What is PHP?

Built into the Apache Web Server Using DSO (dynamic shared objects)

mod_php

Or as a CGI binary

With any web server

PHP has a reputation for being insecure. Largely a question of how it is used. See PHP Security Consortium

http://phpsec.org/


28/49

28

What is PHP?

Built-in access to: Email XML HTTP (cookies, sessions)

And databases: ODBC

DB2, Adabas-D, Empress, Solid, Velocis

mSQL, MySQL, PostgreSQL Sybase, Oracle Informix


29/49

29

What is PHP?

IBM also provides modern PDO drivers

PDO PHP Data Objects

PHP analogue of Perl DBI

Article on DeveloperWorks

http://tinyurl.com/eycg2

For DB2

Via PDO_ODBC

For IDS (beta version 0.2.1)

http://pecl.php.net/package/PDO_INFORMIX


30/49

30

Informative PHP Script

PHP Information


31/49

31

Old Informix Driver

Code provided as standard part of PHP. But not maintained for several years.

Must be explicitly compiled into PHP.

30 core functions.

8 functions to manipulate SBLOBs.


32/49

32

Old Informix Driver

Connection management ifx_connect ifx_pconnect ifx_close

Basic Operations ifx_prepare ifx_query ifx_fetch_row ifx_do ifx_free_result


33/49

33

Old Informix Driver

Status and Error Handling ifx_getsqlca

ifx_error

ifx_errormsg

ifx_affected_rows

Attribute Queries

Blob handling

Utility functions

ifx_htmltbl_result


34/49

34

New Informix Driver

Accessed via PDO functions See: http://www.php.net/pdo


35/49

35

Python and InformixDB

http://www.python.org/

Version 2.4 November 2004.

InformixDB under active development

Maintainer: Carsten Haese

Python DB-API 2.0 compliant

Requires Python 2.2 or better

Needs Informix ClientSDK


36/49

36

Python and InformixDB

import informixdb

conn = informixdb.connect(test, informix, pw)

cur = conn.cursor()

cur.execute(create table test1(a int, b int))

for i in range(1,25):

cur.execute("insert into test1 values(?,?)", (i, i**2))

cur.execute("select * from test1")

for row in cur:

print "The square of %d is %d." % (row[0], row[1])


37/49

37

Aubit 4GL Open Source 4GL

99% Informix 4GL Compatible BODR=Business Oriented, Database Related

Task-focussed language

Embedded SQL for database access High productivity, easy to learn

Licensed under GPL/LGPL Includes 4GL-based Open Source software For commercial and non-commercial applications


38/49

38

Aubit 4GL New to 4GL?

MAINMENU "Title for my test menu"COMMAND "Impress Me" "Do something to impress me

HELP 126CALL OpenMyWindow()

COMMAND "Exit" "Exit this menu" HELP 127EXIT MENU

END MENUEND MAIN

FUNCTION OpenMyWindow()OPEN WINDOW MyTestWindow AT 2,3 WITH FORM"FormForMyTestWindow" ATTRIBUTE(BORDER, WHITE)

END FUNCTION

Think about amount of code to achieve same functionality in 3GL!


39/49

39

Aubit 4GL Features

Database independent ODBC, native, ESQL/C

Fully modular (plug-in) architecture User interface independent

GUI and Curses modes

Platform independent (POSIX, UNIX, Windows)

Easy to embed 3GL in 4GL Embedded C code


40/49

40

Aubit 4GL Enhancements

Logical Reports

ASQL dbaccess/isql replacement

Flexible key mapping

Print Screen functions

Fully integrated testing hooks (including key recordingand replay for batch jobs)

Dynamic function calls (like perl ::)


41/49

41

Aubit 4GL Web Sites

Web site http://aubit4gl.sourceforge.net Bug Tracker http://www.aubit.com/mantis

Bulletin board http://www.aubit.com/phpBB

Commercial support http://www.aubit.com

Current version: 0.50-2 dated 2005-06-22


42/49

42

SQLCMD

Originally called RDSQL in 1987. Renamed SQLCMD in 1992.

Intended as an alternative to isql.

Before DB-Access was created.

Designed for use in shell scripts.

Exits with non-zero status on error.

Careful use of standard input, output, error.

Output layout independent of selected data.

Designed for interactive use.

Available from the IIUG Software Archive.


43/49

43

SQSL Structured Query ScriptingLanguage SQSL is a scripting language

Created by Marco Greco

Superset of SQL

Features aimed at scripting, reporting, and simple ETL

Lets a DBA perform daily activities as easily as possible


44/49

44

SQSL Structured Query ScriptingLanguage It has a low learning curve:

Language features should be familiar To anyone with experience of SQL, SPL, Informix 4GL or Bourne

shell

It includes flow-control operations

It has a curses-based full-screen mode Like DB-Access

http://www.4glworks.com/sqsl.htm


45/49

45

Ruby

http://www.ruby-lang.org/

Version 1.8.3 September 2005.

No known Informix support

Lots of different database support packages.

No unifying concept like DBI or PDO.

See also Ruby on Rails

http://www.rubyonrails.com/


46/49

46

IIUG Software Archive

http://www.iiug.org/software

Many useful utilities

Art Kagels utils2_ak package

Generate UPDATE STATISTICS statements

DB-Copy

Stored Procedure Libraries

Example DataBlades

4GL Code Generators


47/49

47

http://www.ibm.com/software/data/informix



48/49

48

http://www.ibm.com/software/data/informix



49/49

49

Jonathan LefflerIBM Information Management

[email protected]

Session L13Open Source and Informix Dynamic Server

Documents

IDS and Open SOurce