midrange.com - In My Humble Opinion

Those of us who are developing plug-ins for WDSC / RDi are in for a bit of a shock now that RDi 7.5 has been released.  IBM has moved the RSE from a proprietary, closed source, framework to open source.  Most of the RSE framework is now part of the Eclipse Target Management project.  Obviously the IBM i specific parts aren't included, but the key components are.

As you might imagine, there was a lot of re-factoring of the code ... as just about everything that was part of the com.ibm.etools API have been moved to org.eclipse.rse.

Because of some of the work I did re-factoring my own code, I've made discoveries that other plug-in developers might find useful.

First and foremost, a VERY useful web page to keep handy is the Eclipse RSE Tutorial.

Also, I've started putting together an object name cross reference between the old (WDSC 7.0 / RDi 7.1) API and the new (RDi 7.5) API (see below).  It is by no means comprehensive, complete, or 100% accurate.

If you are developing a WDSC / RDi plug-in, I highly recommend you subscribe to the WDSC Plug-in Developers mailing list that midrange.com hosts.

Read more »

Ha!  I'll bet you thought this blog was dead.  Well, in the words of Miracle Max, only mostly dead.

I'm in the process of reading a new programming book (well, not new to some ... new to me).  I'll probably post a review in a week or so (yeah, right).

Anyways, it got me to thinking about some of the questions I've been asked in the past ... and I've noticed a trend.

Often the questions are completely lacking in context.

The question itself is fairly straight forward and simple ... "How do I do so and so?"  And the answer is quite often just as simple ... "Oh, that's easy, just do this, that, and the other thing."

The thing that is unsaid, however, is the CONTEXT of the question.  After I answer such a question, I get to thinking ... WHY did I just get asked that question?

Read more »

For our new billing system (AR), we wanted to store account numbers for so that our customers could auto-pay their bills. After some searching and seeing how complicated the APIs are to use, I found these SQL functions: ENCRYPT_RC2(data, password) and DECRYPT_CHAR(data, password) . These looked promising and being that this is an internal-only system, we thought that this should be okay.

Now the challenge, we don't want to have to use SQL INSERT and UPDATE statements every time we create or update a new record. RPG (Report Program Generator) has built-in commands to do that: WRITE and UPDATE. I found this article that talks about some work-around options. One of which is a trigger. This makes the most sense for our scenario.

By creating the trigger as a "before insert" or "before update" it will take the text passed and encrypt it before actually writing it to the table. Here is a sample:

CREATE TRIGGER MWLIBR.TEST_INSERT

    BEFORE INSERT ON MWLIBR.TESTP

    REFERENCING NEW AS N

    FOR EACH ROW

    MODE DB2ROW

    BEGIN

    DECLARE PASSWD VARCHAR (127) ;

    SET PASSWD = MWLIBR.GETPASS () ;

    SET N.ACCOUNT = ENCRYPT_RC2 (N.ACCOUNT , PASSWD) ;

END;

Notice the GETPASS()? That is the secret to the magic. That is a user created function. I'll get into that in a minute. What this function does is take the ACCOUNT field and encrypt that. You will need to also create one for UPDATE as well. This will take care of your writes. Now you won't have to change anything in your RPG program to update or write to this file.

The function is relatively simple. We simply need to return a "password". I would recommend using a site like goodpassword.com to generate a random password. I used a 80 long string with special characters. Good luck dictionary attacking that hackers! Here is the function:

CREATE FUNCTION MWLIBR.GETPASS ()

           RETURNS CHAR(127)

           LANGUAGE SQL

           SPECIFIC MWLIBR.GETPASS

           NOT DETERMINISTIC

           READS SQL DATA

           CALLED ON NULL INPUT

           DISALLOW PARALLEL

           BEGIN

                      RETURN 'mypassword';

           END;

Now the problem comes in, to keep our model simple, we would like this to be as easy to use as READ to get this data, but we can't just allow anyone to see that information. So we have to add a layer of difficulty in using it. There are a few options, and I'll leave it to you to figure out which will work for you.

1. Use SQL to access that data. Just a simple

   SELECT DECRYPT_CHAR(myfield, GETPASS()) FROM myfile WHERE mykey = key;

   will get you the account number.

2. Use an SQL view.

   CREATE VIEW lib/view from SELECT KEY1, KEY2, DECRYPT_CHAR(myfield, GETPASS()) FROM myfile

   The problem with this method is you might as well just not secure it at all unless you lock down this view tight.

3. The final option would be a subprocedure. There can be two approaches to this.
   1. Write a seperate subprocedure for each field you have encrypted.
   2. Write one subprocedure that could work for everything. For instance:

      getEncryptedField('MYLIB' : 'MYFILE' : 'MYFIELD' : 'WHERE STATEMENT FOR THE KEYS')

      This would look like:

      getEncryptedField('MWLIBR' : 'TESTP' : 'ACCOUNT' : 'TESTKEY = 123 AND KEY2 = 567')

So there you have it. It isn't only complicated and should work for most people. Any problems or comments? Just leave a comment on the thread and if I have any errors, I will immediately correct them.

Similar to the old saying "Physician, heal thyself" ... I certianly should live by those words.

Today I was chasing down a problem on one of our systems at work ... a program that works fine on V5R2 wasn't working on V5R3.

I was 99% sure the problem was in an i5/os server program ... and even found a APAR that described the problem almost to the tee.  Unfortunately, the PTF identified in the APAR didn't help.

So I called IBM and opened a PMR ... I got transfered to Colleen in the languages group, who looked at the job log and source fragment I sent, and sent me a reply indicating that the following link might be useful: http://archive.midrange.com/midrange-l/200505/msg00900.html.

DOH!  Maybe I should have done a bit more research myself before opening up the PMR.

I made the adjustments identified in the MIDRANGE-L posting and, lo and behold, the program worked perfect.

Hah, I'll bet you thought this blog was dead ... didn't you?

It's not ... at least mostly not dead.

Here's a hint that might save your bacon sometime in the future.

It may seem obvious to some people ... but Service Programs are probably the BEST enhancement to System i that IBM ever implemented.

I'm in the process of completely revamping some code where I am completely replacing the guts of a bunch of routines. These routines are invoked from ALL OVER the application.

Because the routines are embedded in a service program, I don't have to TOUCH the core application logic. I don't even have to recompile it. As long as the prototype of the service program doesn't change, the application will pick up the service program changes without a hitch.

Obviously you have to take care not to change the SIGNATURE of the service program ... but if you're just changing the logic and not the parameters or procedure names, you should be good.

The effort to build the service program might not seem worth it now ... but next year, when you have to rework the logic, you will be thankful you put in the extra work.

[tags]System i, iSeries, RPG, Service Programs[/tags]

Our title’s Latin translation is "scraped tablet" or "blank slate". I find it fitting since I intend to talk about the ‘best’ way to fully erase your system using native iSeries support. This question arises frequently when Disaster Recovery testing is performed at an offsite location or company has upgraded their iSeries and is relocating the old box. Most businesses require system is totally scrubbed before hand-off.

Over the years I have seen many methods used to clear user data off of iSeries. One of the most simple methods I’ve seen is:

• DLTLIB on all user libraries
• RCLSTG

But then you have to worry about folders, user profiles, spooled files, output queues, job queues, network attributes, authorization lists.... some folks pursue this list in perpetuity, but I don't feel this is the right approach.
Read more »

Reporting on iSeries has come a long way. Traditionally, iSeries developers have to create reports using RLU, and then the RPG report program creates a spool file which the user then prints for his analysis. It's a normal sight to see users printing bulk print-outs from the spool file. Then the need came for sending the reports via email, and there are lot of tools now to convert spool files to PDFs to send the reports to others. Though these converted reports to PDF will suffice, they do not have a professional look; they may lack a company logo and there is no way to show different colors, charts, internationalization, bar codes, different fonts, etc.

Though you can buy a vendor product to do all those things, why not try Jasper Reports for free? With Jasper, you can achieve all these things and create a professional looking report with any formats you wish (PDF, Excel, rich text format, XML, and CSV). However, to use Jasper, you will have to use java, and integrate Jasper in your java programs. And moreover, you will have to write SQLs to generate the data for your report. Thus, it might not be the best idea to write a complex SQL to generate a report (for example, a purchase order report), in order to replace or imitate a legacy reporting RPG program. In that case, the conversion tools (converting spool to pdf) will be a better option.

So, consider using Jasper for any new reports or for any small-to-complicated reports where not more than 2 or 3 files are needed, or for any files with less data.

Enough talk, soon I will show you how to get started with Jasper and create reports. But before that, a small overview.
Read more »

Have you ever had a problem that has you absolutely stumped ... and you ask a co-worker for assistance or post a message to an online forum (like a midrange.com mailing list) for assistance.

Then, quite soon after you ask for assistance, you finally discover the answer yourself?

This is called the 'Cardboard Analyst' phenomenon ... where the person (or people) you are asking for assistance don't necessarily provide direct assistance, but force you to look at the problem from a different perspective.
Read more »

I finally figured out the major points for working with teams in WDSc. It uses a combination of CVS (Concurrent Versioning System) and WDSc. I will go over the major points in getting this setup and working. I am learning as I go and may update this article as I gain more knowledge in how this works. Feel free to leave comments and suggestions to make this article better.

Read more »

Found this on Search400 ...

... how to change your FTP server to use a port other than the default port of 21. Ports in the range of 0-1023 are reserved and well-known ports, with port 21 being the established standard for FTP. The reason most people want to do this is to make it harder for someone to gain unauthorized access to your FTP server.

Although this may make it more difficult for someone to discover that you are running an FTP server, this by itself will not prevent someone from being able to discover and potentially hack into your FTP server. If you decide to use this technique, keep in mind that this is no substitute for other types of security and should be viewed as only a very small piece of your security infrastructure. If you have existing FTP programs or scripts, you will need to change them to access your new FTP port.

For anyone who has tried to do this, you may have noticed that the port can't be changed using the CHGFTPA command. Here is how to make the changes.

1. Enter the command WRKSRVTBLE and scroll down to the services that are labeled ftp-control.
2. Display and print these entries.
3. Use the command ADDSRVTBLE to duplicate these entries exactly as they appear, with the exception that you will specify a new port number. To get lowercase values to stay lowercase, make sure they are enclosed in single quotes. When you specify your new FTP port, you should avoid using the reserved ports of 0-1023. You should also try to avoid using other ports that are already defined.
4. Compare your new entries to the existing entries that are on port 21 to ensure that everything is an exact match.
5. Delete your existing entries for service ftp-control that is on port 21.
6. End and restart TCP/IP.
7. If you wish, entries labeled ftp-data can also be changed in a similar manner.

When you access FTP from the AS/400, you will now have to specify the port. From the AS/400 the FTP command would look like this:

FTP RMTSYS ('10.10.10.10') PORT (21021)
From the DOS prompt, it would look like this:

C:WINDOWS>ftp
ftp> open 10.10.10.10 21021