- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Is it he ?' quoth one,Is this the man ? By him who died on cross, With his cruel bow he laid full low The harmless Albatross.Admin
Yeah, I've seen "Last Tango In Paris"...
Captcha: gravis (joystick eh?)
Admin
how is the code all that different from...
#IF DEBUG do some stuff #ELSE do some other stuff #ENDIF
...which I have seen used in old school C++ everywhere?
I know this is why C# and Java don't do conditional compilation but this sort of thing is a lot more common than some might wish or think.
We should all be so lucky to work on a project where this problems is the biggest WTF!
Admin
Actually:
IF (lower(p_program_name) not in ('[executable_name].exe', '[executable_name].vshost.exe', 'etc.exe') then RAISE invalid_calling_pgm; END IF;
Still a pretty crappy way to code, though
Admin
My high school had the same "security". Programs were blocked by filename. firefox.exe wouldn't run*, but rename it to iexplore.exe and hey, there you go.
(*WTF #2: Blocking Firefox. WTF #3: Blocking Firefox, but not the Firefox installer.)
Admin
Uhh... OK, just what DO you show off while prancing around?
Admin
lucky you checked your grammar
Admin
But hey, at least T0pcod3r is still banned!
Admin
That seems easy enough to fix... just have your SQL*Plus copy its own executable to a new file named "Access.exe", spawn a sub-process by executing that file, have the sub-process do the database calls, and pass the results back up to the parent process. (Deleting the Access.exe file you created is optional)
You'll receive my bill for consulting fees in due course. :^)
Jeremy
Admin
So- In the interest of not making this mistake myself, what IS the correct way to go about solving this problem?
Admin
Isn't that the point of this website?
Admin
"What is the proper way to do this?"
Well there are lots of ways with merits and demerits but here are a couple...
Probably depends on the original intent. I'd guess it was security.
The app name is an easily circumvented security measure since it can be changed easily in most cases. A better solution is to solve the problem directly: Use database security features to make the stored procedure callable by only those users with the proper credentials. Since all programs run under some OS user, system or Database account with associated permissions, only allow users logged in user with the proper permissions to call the stored procedure.
Admin
We'd be luckier if we worked with developers who understood the language and the compiler environment...
C# DOES have conditional compilation, and it's useful if done correctly.
For example, I use it to debug windows services:
#if (DEBUG) Service service = new Service(); service.OnStart(new string[] {}); Thread.Sleep(Timeout.Infinite); #else ServiceBase[] ServicesToRun = new ServiceBase[] { new Service() }; Run(ServicesToRun); #endif
This way, you can debug a service directly from the VS IDE, without having to install it first, run it, and THEN attach a debugger.
The point to this is that this doesn't rely on any externals, it just relies on the DEBUG constant being set.
Admin
Very funny, Wish I could do something like that, LOL. WTF I SAY, WTF my good man/woman. Shall we party amigo, because I just JIZZED IN MY PANTS
Admin
I've seen good developers do things like that, mainly because some stupid manager from some stupid department get desperate: "OMG What am I going to do? Your business depends on this software, and this bug makes it useless! I need this fixed for yesterday!?" And then, when you work your ass off and deliver exactly what the idiot expected, the guys responsible for the tests take WEEKS to do the tests. After all, the bug was 4 years old and everybody always worked around it anyway, so, it was not a priority.
Admin
I'm a happy sad little loser, which makes me a big winner! :)
Admin
Actually, you can have conditional compilation in C#. But don't take my word for it. Try it.
Admin
ftfy
Admin
OK, two suggestions for preventing threads descending into grammar Nazidom in future...
Problem solved!
Admin
Oops, I left out the closing parenthesis... I didn't proof-read my message before posting.
Admin
Admin
Several comments have compared this to argv[0] being checked by busybox, g[un]zip, etc.
But that's not what this code is doing at all - it's not checking how the stored proc was invoked, it's checking how its parent process was invoked.
If you think of the stored proc as an executable in its own right, it's more like gzip saying "ah, I see you're running bash, I'll adopt this behaviour", which would be voodoo enough.
But since this is (or should be) a library function, not a standalone call, it's actually like zlib exporting a function called compress_or_uncompress_depending_what_you_call_your_executable - which would just be a true WTF!
Admin
Admin
Admin
Can't you rename the SQL*Plus executable to 'access.exe' ?
Admin
LAST