config.xml file and LIKE query in ajax interface

Hi,


I tried the ajax interface, it looks very promising. I have 2 problems

• as indicated, I put the username, password, driver and url in the config.xml file, but this file can be seen if one types the url http://localhost:8180/ajax/config.xml directly! Is there a way to hide it or prevent it from being seen?

• I had modified the jsp interface query with a LIKE condition by adding
  
  
  
  
  
  

  Code:

  <option value=" LIKE ">Begins with</option>

  
  
  
  
  
  
  in query.jsp, so I could search by reference value (or rather the beginning - we use the initials of the chemist + a number). When I tried this on the ajax query, it gave me no results. Did I understand correctly the like condition?

Cheers,





Nicolas

Hi saettel,





To your first question, unfortunately now it is not possible to hide the config.xml, otherwise your browser won't be able to read it. I suggest you to create a database user, who has only those permissions which are needed for the Ajax interface, and set this user in the config.xml. For example you should create a user who has read only access for jchem tables you want to query with the application. We are considering to change this part of the configuration, maybe storing database parameters in a browser cookie would be a better choice.





LIKE now is inherited from SQL, now it needs quotes and % in the condition. If you want to search for rows which start with CHEM, you have to type 'CHEM%'. If you want to search for rows which end with CHEM, you have to type '%CHEM'. If you want to search for rows which contain CHEM, you have to type '%CHEM%'. Anyway LIKE function will be substituted to StartsWith, EndsWith and Contains operators in 5.2.1 to make the usage easier.





Cheers,


Roland

Hi Roland,





Indeed I forgot I changed also the searching.jsp:

Code:

if(relation.equals(" LIKE ")){ value = "'" + value + "%'"; } else { value = "'" + value + "'";}

About the config.xml, I will indeed create a limited access user, thanks for the tip. It may not be satisfactory for everyone, but works for me now.





Cheers,





Nicolas

Just a comment: I created a user with "GRANT SELECT" on the tables, but I got an error message that the "DELETE command was denied for user 'user'@'localhost' for table [TABLE]_UL".





At first, it seems that you have only to do a "GRANT DELETE" one ONE of the _UL table, because the error message does not appear all the time with other tables, but they actually do not show. You have to do the GRANT DELETE on all _UL tables.

Could I ask when do you get the "DELETE command was denied for user 'user'@'localhost' for table [TABLE]_UL" message? The Ajax client only reads from db tables and doesn't attempt to insert, update or delete, yet.

I get the DELETE (...) command rignt when the ajax page is launched, and everytime I choose a table (which _UL one I didn't give delete permissions) in the upper right hand corner.





I don't need to give delete permissions to the actual table, only the _UL corresponding one

It seems JChem caching mechanism deletes some rows from the _UL tables in these cases. We are looking after this issue.





Cheers,


Roland

Hi,





When the cache is updated JChem removes some old update logs from the _UL table by default.





The number of update logs kept can be changed from the GUI:


http://www.chemaxon.com/jchem/doc/admin/#options





If the value is set to "-1" JChem will not attempt to delete at all, and can be used with a read-only database.





This value cannot be entered in the GUI at the moment, one can set manually or by code the value of the "update.logs.to.keep" property to "-1" in the property table (e.g. "JChemProperties").





We plan to create a more user friendly solution for this in the future.





Best regards,





Szilard

Hi Nicolas,

as indicated, I put the username, password,
driver and url in the config.xml file, but this file can be seen if one
types the url http://localhost:8180/ajax/config.xml directly! Is there a way to hide it or prevent it from being seen?

The HTTPS support is implemented in JChem Web Services 5.2.3

See the administration guide: http://www.chemaxon.com/webservices/security.html

Cheers, Edvard

Looks good, I will look into it if I need it...

Cheers,

Nicolas