I'm trying to find open source applications using PostgreSQL that are written in C/C++ so I can study them. A few open source projects using PostgreSQL are Evergreen ILS, SpamAssassin, and pgpool. However, Evergreen and SpamAssassin are written in Perl, and pgpool (written in C) is a replication tool, not a typical application. Moreover, I looked at the SQL code in Evergreen, and it is quite voluminous and complicated.
Hence, I'm looking for one or more applications using PostgreSQL, preferably those that are somewhat trivial (but not too trivial).
seen libpqxx? try asking on its mailing list (but scour their wiki first)
http://pqxx.org/development/libpqxx
pgAdmin is written using c++ using wxwidgets.
how about pgAdmin 3 ?
Also, you may find Qt4 a very easy way interact with databases programming in C++.
http://doc.trolltech.com/4.6-snapshot/sql-programming.html
Have you searched through the projects at http://pgfoundry.org ?
Two examples that are open-source:
Kexi (see kexi-project.org)
FOST4 (
http://support.felspar.com/Fost%204 )
It's pretty big, but the KDE Project's Amarok is written in C++ and can use a PgSQL backend (among several others). While it's pretty large, you may be able to find some interesting things in the database code. Since it uses a pre-defined schema (as opposed to the extremely general types of access that something like pgAdmin uses) it may have some good things to teach you. It will definitely be easier to pick apart than Evergreen, which actually has an entire middleware layer that actually does the data access through exposed services (The OpenSRF Project).
Related
I already did some searching on stackoverflow and as far as I can see there are many ways to use databases in C++. Unfortunately at work my tools are pretty limited. I only get to use visual studio C++ 6 and don't even have boost (although I have learned to cope with that) - I assume that I can only use what is the standard distribution being delivered togather with VS C++ 6.
Now my code generates a lot of data and I would like to store some of it in a simple databse (like an MS Access db). What tools might I be able to use?
My alternative approauch would be to create a database-like object via a struct and vectors/arrays.
I also have office 2010 installed - perhaps I could somehow use Access?
Computation-speed also plays a role - the faster the better.
Another important thing: my PC at work isn't an open client. Thus I can not install any new software. Downloading and moving files works. Basically I must be able to install the tool by just moving the files into a desired folder.
Please let me know if the question is confusing or insufficiently detailed I will do what i can to remedy the situation then.
Thnaks in advance for your help :)
Even though you said 'only standard tools', I'd still say, get SQLite. It ss a public domain software, i.e. no license whatsoever . You can download an 'amalgamation' - one .h file and one .c file and include it into your project. It should compile in VC6 no problem. Very easy to use, you will be up and running in 10 minutes.
It does exactly what you need - a DB in a single file, no servers, zero-setup, etc.
Well, Visual C++ 6 did include MFC which had a suite of classes for the creation and manipulation of databases, I'm fairly certain it would be possible to use these to create a database that is accessible from Access. Unfortunately Microsoft's online help doesn't seem to go back that far, but all the reference material you need should come with the VS 6. (In my opinion VS Help system was better back then anyways.)
On a side note, you could download an old version of boost that would work with VS6. I'm not sure what the last version of boost that supports VS6 is, my guess it's somewhere around 1.3x.
VC6 should work.
Can you use MFC's db objects? (DAO I think back then?).
If your app really generates a lot of data, you might want to look at MySql. I've run into size limitations in older Access tables. Unless it's an extraordinarily simple db, you probably don't want to brew your own (though it might be fun if you have a lot of time).
The key will be finding a driver/db combo that will work. I would install the GA (free) MySql, create a tiny db with 1 table and find the driver ("connector" in MySql terms) that will work. Maybe older ODBC driver?
Also, check out ConnectionStrings.com for info on getting connected to a particular database / driver.
I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications.
I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development).
Is anyone aware of a similar tool? Preferably it should be:
cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok)
open source (I really like being able to audit my security tools)
able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)
Edit: I'd like to clarify my goal: I'd like a tool that directly writes the result of a successful XSS/SQL injection attack into the database. The idea is that I want to check that every place in my app does correct output encoding. Detecting and avoiding the data getting there in the first place is an entirely different thing (and might not be possible when I display data that's written to the DB by a third-party application).
Edit 2: Corneliu Tusnea, the author of the tool I linked to above, has since released the tool as free software on codeplex: http://xssattack.codeplex.com/
I think metasploit has most of the attributes you are looking for. It may even be the only one that has all of what you specify, since all the others I can think of are closed source. There are a few existing modules that deal with XSS and one in particular that you should take a peek at: HTTP Microsoft SQL Injection Table XSS Infection. From the sounds of that module it is capable of doing exactly what you are wanting to do.
The framework is written in Ruby I believe, and is supposed to be easy to extend with your own modules which you may need/want to do.
I hope that helps.
http://www.metasploit.com/
Not sure if this is what you're after, its a parameter fuzzer for HTTP/HTTPS.
I haven't used it in a while, but IIRC it acts a proxy between you and the web application in question - and will insert XSS/SQL Injection attack strings into any input fields before deeming whether the response was "interesting" or not, thus whether the application is vulnerable or not.
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
From your question I'm guessing it is a type of fuzzer you're looking for, and one specifically for XSS and web applications; if I'm right - then that might help you!
Its part of the Open Web Application Security Project (OWASP) that "jah" has linked you to above.
There are some Firefox plugins to do some XSS testing here:
http://labs.securitycompass.com/index.php/exploit-me/
A friend of mine keeps saying, that php-ids is pretty good. I haven't tried it myself, but it sounds as if it could approximately match your description:
Open Source (LGPL),
Cross Platform - PHP is not in your list, but maybe it's ok?
Detects "all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks" (this is from the FAQ)
Logs to databases.
I don't think there is such a tool, other than the one you pointed us to. I think there's a good reason for that: It's probably not the best way to test that each and every output is properly encoded for the applicable context.
From reading about that tool it seems the premise is to insert random xss vectors into the database and then you browse your application to see if any of those vectors succeed. This is rather a hit and miss methodology, to say the least.
A much better idea, I think, would be to perform code reviews.
You may find it helpful to have a look at some of the resources available at http://owasp.org - namely the Application Security Verification Standard (ASVS), the Testing Guide and the Code Review Guide.
What solutions are there? I know only solutions for replacing Bookmarks in Word (.doc) files with Apache POI?
Are there also possibilities to change images, layouts, text-styles in .doc and .ppt documents?
I think about replacement of areas in Word and PowerPoint documents for bulk processing.
Platform: MS-Office 2003
What are your platform limitations?
Obviously Apache POI will get you at least part of the way there.
Microsoft's own COM API's are fairly powerful and are documented here. I would recommend using them if a) you are not running in a server (many users, multithreaded) environment; b) you can have a proper version of powerpoint installed on the production machine; and c) you can code against a COM object model.
It's a bit pricey, but Aspose.Slides is a very powerful library for manipulating PowerPoint files
If you include using other Office suits as an option, here's a list of possible solutions:
Apache POI-HSLF
PowerPoint 2007 APIs
OpenOffice.org UNO
Using POI you can't edit .pptx file format, but you don't depend on the apps installed on the system. Other two options, on the contrary, make use of other apps, but they are definitely better for dealing with presentations. OpenOffice has better compability with older formats, by the way. Also if you use UNO, you'll have a great choice of languages, UNO exists for Java, C++, Python and other languages.
My experience is not directly with Power Point, but I've actually rolled my own WordML (XML) generator. It a) removed all dependencies on Word, b) was very fast c) and let me build up documents from scratch.
But it was a lot of work to create. And I was only creating a write only implementation.
I'm not as familiar with Power Point, so this is conjecture, but you may be able to roll your own by reading XML (Power Point 2003??) and/or cracking the Office Open XML file (zipped XML), then using XPath to manipulate the data, and then saving everything back to disk.
This won't work on older OLE Compound Document based Power Point files though.
I've done something like that before: programmatically accessed and manipulated PowerPoint presentations. Back when I did it, it was all in C++ using COM, but similar principles apply to C#/VB .NET apps, since they do COM interop very easily.
What you're looking for is called the Office Document Model. Basically, Office applications expose their documents programmatically, as trees of objects that define their contents. These objects are accessible via an API, and you can manipulate them, add new ones, and do whatever other processing you want. It's exceedingly powerful; you can use it to manipulate pretty much all aspects of a document. But you'll need an installation of Office and Visual Studio to be able to use it.
Some links:
Intro: http://msdn.microsoft.com/en-us/library/d58327k6.aspx
Hope this helps!
Apparently new users can only include one link per posting. How lame! :)
Here's the other link I meant to include:
Example of manipulating PowerPoint documents programmatically: http://msdn.microsoft.com/en-us/library/cc668192.aspx
Is there a simple way, without .NET?
I've found some libraries but none for SqlCe 3.5. There is http://sqlcehelper.codeplex.com/ but it's far from done, since a major feature like using a password is not yet implemented. I've looked at the source and it uses OLEdb to handle the database.
The official Microsoft Northwind example (that is shipped with SQL Compact 3.1, but not with 3.5) also doesn't work, I've tried setting it up with no success.
Actually I don't have a sample working code. Was anyone able to set it up paired with a passworded .sdf?
What are the alternatives?
Thanks.
Several months ago, I compared certain database implementations for our desktop application. Using SqlCE with native C++ code is awful. If I remember right, some of native examples contains "goto" type jumps, hard to bind data and so on. If you have a choice then use SQLite.
What is the best full text search alternative to Microsoft SQL? (which works with MS SQL)
I'm looking for something similar to Lucene and Lucene.NET but without the .NET and Java requirements. I would also like to find a solution that is usable in commercial applications.
Take a look at CLucene - It's a well maintained C++ port of java Lucene. It's currently licenced under LGPL and we use it in our commercial application.
Performance is incredible, however you do have to get your head around some of the strange API conventions.
Sphinx is one of the best solutions. It's written in C++ and has amazing performance.
DT Search is hands down the best search tool I have used. They have a number of solutions available. Their Engine will run on Native Win32, Linux or .NET. It will index pretty much every kind of document you might have (Excel, PDF, Word, etc.) I did some benchmarks comparisons a while ago and it was the easiest to use and had the best performance.
Solr is based on Lucene, but accessible via HTTP, so it can be used from any platform.
I second Sphinx, but Lucene is also not so bad despite the Java. :) If you are not dealing with too much data spread out etc., then also look into MySQL's FULLTEXT. We are using it to search across a 20 GB database.