Multiple environments with Tomcat/DA

Similar to the previous post about configuring dqMan/DQLTester (Multiple environments with dqMan/DQLTester), a Tomcat with DA can be configured the same way:

Folder structure:

  • da.bat
  • bin
  • conf
  • jre
  • lib
  • logs
  • webapps
  • properties
    • env1
      • dev
        • dfc.properties
        • dmcl.ini
      • prod
        • dfc.properties
        • dmcl.ini
    • env2
      • dev
        • dfc.properties
        • dmcl.ini
      • prod
        • dfc.properties
        • dmcl.ini
  • etc.

DA.bat:

@Echo off
SETLOCAL ENABLEEXTENSIONS
SET folderbase=dfcproperties

echo ****************
echo 1. env1 dev
echo 2. env2 prod
...
echo ****************

SET /p var= ^> Choose option: 

if "%var%"=="1" goto op1
if "%var%"=="2" goto op2
...

:op1
SET foldervar=%folderbase%\env1\dev
goto finish

:op2
SET foldervar=%folderbase%\env1\prod
goto finish
...

:finish
set JAVA_HOME=%cd%\jre
set JAVA_OPTS=-Ddfc.properties.file=%cd%\%foldervar%\dfc.properties -Dfile.encoding=UTF-8 -Xms128m -Xmx512m -XX:+UseG1GC -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -Djava.net.preferIPv6Addresses=false -Djava.net.preferIPv6Stack=false

start "" /D %cd%\bin /B %cd%\bin\catalina.bat start
cls&exit

Multiple environments with dqMan/DQLTester

Problem:

Environment with multiple Documentum installations, different versions, repositories with same names in different versions, etc. Cannot install software in your local machine.

Some solutions:

  1. One big dfc.properties / dmcl.ini with every docbroker: dmcl.ini has a limit of docbrokers (and in my experience, dfc.properties does weird things with a big number of them)
  2. Generate dynamically dfc.properties/dmcl.ini: “Much” coding for “nothing”
  3. Multiple dfc.properties/dmcl.ini with different names, renaming accordingly before launching dqMan/DQLTester: Not a big fan of dfc.properties, dfc{dev}.properties, etc and then moving the files around.

Another solution:

With a folder structure such as:

Launcher:

  • launcher.bat
  • properties
    • env1
      • dev
        • dfc.properties
        • dmcl.ini
      • prod
        • dfc.properties
        • dmcl.ini
    • env2
      • dev
        • dfc.properties
        • dmcl.ini
      • prod
        • dfc.properties
        • dmcl.ini
  • etc.

Launcher.bat:

@Echo off
SETLOCAL ENABLEEXTENSIONS

SET dqmanfolder=<path to dqman folder>
SET dqltesterfolder=<path to dqltester folder>
SET folderbase=dfcproperties

echo ****************
echo 1. env1 dev
echo 2. env2 prod
...
echo ****************

SET /p var= ^> Choose option: 

if "%var%"=="1" goto op1
if "%var%"=="2" goto op2
...

:op1
SET foldervar=%folderbase%\env1\dev
goto finish

:op2
SET foldervar=%folderbase%\env1\prod
goto finish
...

:finish
set ClassPath=%cd%\%foldervar%;%ClassPath%
set DMCL_CONFIG=%cd%\%foldervar%\dmcl.ini

start "" /D %dqltesterfolder% /B %dqltesterfolder%\dqltester.exe
start "" /D %dqmanfolder% /B %dqmanfolder%\dqman.exe
cls&exit

Mozilla To Drop Support For All NPAPI Plugins In Firefox 52 Except Flash

https://tech.slashdot.org/story/17/02/04/2323204/mozilla-to-drop-support-for-all-npapi-plugins-in-firefox-52-except-flash

What does this mean to Documentum? Well, if your Webtop/D2 is using applets (UCF), starting March, you’ll only be able to use it with IE11 and older versions, as no other major browser (actually, Firefox is the only “major” browser that still allows NPAPI plugins, but this is due to their slow pace of development) will allow NPAPI plugins (Java).

D2 (and Webtop and xCP) CTF

CTF (Content Transfer Framework) is how EMC Dell calls their “new UCF”. It works as a browser extension, and is the same extension you’ve used for the latest version of Webtop (new functionality getting first to Webtop? LOL). And this mode is not the default (why?) so you’ll need to change it in the settings.properties file of D2.

Also, this extension will generate some “index” files on the folder where you download files:

  • .checkout.xml
  • .d2_edit_storage.json
  • .d2_view_storage.json
  • .view.xml

That contain object names, ids, operation performed, and folder paths of the files transferred.

Tested on latest Firefox Nightly x64 and Chrome.

FYI, I’m pasting the “wonderful” ASCII compatibility matrix provided by Dell in the configuration file:

#     +——————-+——+——+——+——+
#     | Browser:OS \ Mode | Thin | Java | ctf  | Note |
#     +——————-+——+——+——+——+
#     | IE 11             | yes  | yes  | yes  |      |
#     +——————-+——+——+——+——+
#     | Edge              | yes  | NO   | NO   | (1)  |
#     +——————-+——+——+——+——+
#     | Firefox           | yes  | yes  | yes  |      |
#     +——————-+——+——+——+——+
#     | Chrome            | yes  | NO   | yes  | (1)  |
#     +——————-+——+——+——+——+
#     | Safari:Mac_OSX    | yes  | yes  | yes  |      |
#     +——————-+——+——+——+——+
#     | Safari:Mac_IOS    | yes  | NO   | NO   | (2)  |
#     +——————-+——+——+——+——+
# Notes:
#
# (1) Chrome and Edge do not support java applets, and Edge does not support the CTF plugin.
#     D2 will fallback to thin client mode appropriately when java or ctf has been
#     specified in the value of the browser.plugin.mode setting as described above.
#
# (2) If browser.plugin.mode contains java or ctf, then D2 will silently continue to run in
#     thin client mode. Safari running on Mac_IOS does not support the java or ctf plugin.

  • Prompt for installing the extension:

ctf-prompt

  • View content prompt:

ctf-save

  • Edit:

ctf-downloading

  • Check in:

ctf-uploading

Say goodbuy LockBox. Part II

I thought about this yesterday while I was configuring d2 4.7 with docker 😀

Documentum in a (nuts)HELL

Wow, interesting news came from where I didn’t expect: ECN guys states that EMC have stopped torturing customers and gave up the idea of using RSA Lockbox.

Here’s a little history of the Lockbox story that you might want to read:

November 2013

Reported to EMC using support portal, proof of concept how authenticated user was able to gain superuser privileges:

January 2014

EMC released Document D2 v 4.2 and some patches for previous versions, no CVE announced. The EMC “solution” was to encrypt data passed through c6_method_return objects

February 2014

Discovered a reflection attack on D2GetAdminTicketMethod method:

March 2014

EMC released P01 patch for EMC Documentum D2 v4.2, no CVE announced. The vendor “solution” was not to store exception messages into “error” attribute of c6_method_return object if exception message contains “DM_TICKET” character sequence.

April 2014

Discovered another reflection attack based on verbose logging of D2GetAdminTicketMethod:

View original post 87 more words