Forum: Too Lazy BBS

[Info-ingres] Snooping on another user session

From Martin Bowes@martin.bowes@ndph.ox.ac.uk to 'Ingres lists' on Tue Oct 6 09:57:02 2020

From Newsgroup: comp.databases.ingres

--_000_71deb55f42ec456ca7c6c2148351f1b8ndphoxacuk_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-WatchGuard-AntiVirus: part scanned. clean action=allow

Hi All,

I have a user whose connection details I wish to trap. Specifically their s= etting of date_type_alias.

They are running a fairly complicated application and although we *could in=
theory* get it recut to include a select dbmsinfo('date_type_alias'), in p= ractice that may be a lot harder than it sounds.

The error experienced by one (and only one) user would indicate they have c= onnected with date alias of ansidate. Yet a scan of their client config say=
s that should be ingresdate. I've trapped their connected activity with sc9=
30 on the two installations on which the application is working but have no=
t found any resetting of the date alias with a set date_alias 'ansidate' ei= ther.

Having looked at the session trace, I can provoke the error using a termina=
l monitor connection, but only if I set date_alias 'ansidate'.

Ideas?

Martin Bowes

--_000_71deb55f42ec456ca7c6c2148351f1b8ndphoxacuk_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-WatchGuard-AntiVirus: part scanned. clean action=allow

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=

<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"> <style>
</head>
<body lang=3D"EN-GB" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
Hi All,<o:p></o:p>
<o:p> </o:p>
I have a user whose connection details I wish to tra=
p. Specifically their setting of date_type_alias.<o:p></o:p>
<o:p> </o:p>
They are running a fairly complicated application an=
d although we *could in theory* get it recut to include a select dbm= sinfo(‘date_type_alias’), in practice that may be a lot harder = than it sounds.<o:p></o:p>
<o:p> </o:p>
The error experienced by one (and only one) user wou=
ld indicate they have connected with date alias of ansidate. Yet a scan of = their client config says that should be ingresdate. I’ve trapped thei=
r connected activity with sc930 on the two
installations on which the application is working but have not found any r= esetting of the date alias with a set date_alias ‘ansidate’ eit= her.
<o:p></o:p>
<o:p> </o:p>
Having looked at the session trace, I can provoke th=
e error using a terminal monitor connection, but only if I set date_alias &= #8216;ansidate’.<o:p></o:p>
<o:p> </o:p>
Ideas?<o:p></o:p>
<o:p> </o:p>
Martin Bowes   <o:p></o:p>
</div>
</body>
</html>

--_000_71deb55f42ec456ca7c6c2148351f1b8ndphoxacuk_--
--- Synchronet 3.21d-Linux NewsLink 1.2

From Chris...@actian.com@Chris.Clark@actian.com to comp.databases.ingres on Wed Oct 7 14:08:37 2020

From Newsgroup: comp.databases.ingres

On Tuesday, October 6, 2020 at 2:58:04 AM UTC-7, Martin Bowes wrote:
...

The error experienced by one (and only one) user would indicate they have connected with date alias of ansidate. Yet a scan of their client config says that should be ingresdate. IrCOve trapped their connected activity with sc930 on the two installations on which the application is working but have not found any resetting of the date alias with a set date_alias rCyansidaterCO either.
Having looked at the session trace, I can provoke the error using a terminal monitor connection, but only if I set date_alias rCyansidaterCO.

It seems likely the setting is being set on the client side somehow and you want to prove one way or the other which it is.
If this is a specific user and a libq based client I would recommend setting II_EMBED_SET client side to printgca and asking them to run the application and send the iiprtgca.log - super easy to read compared with other tracing options. Tracing also means the SQL actually used can be seen (as well as possible errors).
If either of those assumptions are incorrect, I'd likely still go the GCA trace route but do it a different kind/place. You can decide if that's client or server depending on what you you know about the client. Docs have some notes on this, https://communities.actian.com/s/article/GCA-Trace-Logs-without-Tears-Ingres-II-and-OpenIngres-only is a pretty good server side one (you can always spin up a new GCC server for this specific user so as to avoid tracing everyone).
Unless you can ensure the encryption is not in play, I would avoid raw tracing the socket or wireshark. If encryption is not enabled then you can use your favorite network sniffing technique :-)
Its probably worth opening an enhancement request for server side checking of session sessions (in IMA).
--- Synchronet 3.21d-Linux NewsLink 1.2

Who's Online
Recent Visitors
- Geek2
  Sun May 17 07:06:15 2026
  from Euclid, Oh via Telnet
- Geek2
  Sat May 16 21:25:04 2026
  from Euclid, Oh via Telnet
- Jas Hud
  Sat May 16 00:50:28 2026
  from Bbs.Eob-Bbs.Com,wi via Telnet
- Geek2
  Fri May 15 19:53:20 2026
  from Euclid, Oh via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	65
Nodes:	6 (0 / 6)
Uptime:	11:49:05
Calls:	862
Files:	1,311
D/L today:	5 files (10,064K bytes)
Messages:	265,285

[Info-ingres] Snooping on another user session

Who's Online

Recent Visitors

System Info