• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Blogs for tag 'sql'

Permalink | Twitter Post to Twitter | Comments (1) | Views (2313) |

27 Jun 2009 01:34 PM EDT
XenApp, Provisioning Server, and more...
[ Tags:  workflow studio ,   sdk ,   xenapp ,   provisioning server ,   sql ,   workflow-studio ,   nonspecific ]
posted by Peter Schulz

Just in case you haven't seen the posts by Ed York and Michael Bogobowicz on Workflow Studio recently I wanted to call them out. In addition to providing some excellent activities and workflows for you, there are posts that explain the process of creating activities and workflows around XenApp, Provisioning Server, and SQL.

Michael wrote a workflow that automates the update of vDisks in Provisioning Server using the CLI tools:
http://community.citrix.com/display/wf/PVS+Automatic+vDisk+Update+Script

Ed has written up two excellent blog series on Workflow Studio:

  • Workflow Studio SDK - This first series of posts detail Ed's experiences using the Workflow Studio SDK to build and debug custom activities and are an excellent place to start if you want to build your own activities:
    http://community.citrix.com/x/YIUJB
    Ed followed this series up with a post on building an activity to get a list of applications from XenApp using the MFCOM SDK and this activity and source code are available for download:
    http://community.citrix.com/x/KgE-B
    Ed also wrote a couple of activities that work with SQL Server:
    http://community.citrix.com/x/2IJiB
  • Automating Workflow Studio - The second series of posts is on automating workflows. Ed has posts that explain how to use the PowerShell interface to start a workflow and pass parameters to it. He then goes on to explain how to build your own front-end for starting these workflows:
    http://community.citrix.com/x/ToNiB

As a reminder, all community posts on activity libraries and workflows will show up right in the Workflow Studio product under the Community tab so you don't even have to go out to the site to look. RSS feeds are also available on the Community site if you want to get notified in your favorite RSS reader.

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (2312) |

19 Jun 2009 12:46 AM EDT
SQL Server Activity Library for Citrix Workflow Studio
[ Tags:  workflow studio ,   activity library ,   activity ,   visual studio ,   sdk ,   sql server ,   sql ,   cdn ,   team-consulting ,   workflow-studio ,   nonspecific ]
posted by Ed York

I just recently posted a SQL Server activity library to the Citrix Developer Network (CDN).  The SQL Server activity library allows you to execute SQL statements (SELECT, INSERT, UPDATE, DELETE, etc.) on a Microsoft SQL Server database as part of a workflow within Citrix Workflow Studio.  The activity library, setup instructions, and full source code can be downloaded here.

I actually needed this type of library for a Workflow Studio project I'm currently on.  I coded the activity library to be general enough for anyone to use within their own environments.  The environment I've been using with this activity consists of Workflow Studio 1.1 and SQL Server 2005.  I haven't tested with other versions of SQL Server, but I am providing the full source code to this library in case you need to tweak anything.

There are two activities within the SQL Server activity library:

  • SQLSelect activity - used to run SELECT queries on a database.  The output of this activity is a collection containing the query results.  Since the output is a "collection" type object, you can loop through this collection within Workflow Studio using the For Each Object activity and dump the collection contents to an XML file via the ExportToXML activity.
  • SQLExecute activity - used to run INSERT, UPDATE, and DELETE queries on a database.  The output of this activity is a string containing the number of records affected by the SQL statement.

There are five properties that need to be set on the SQLSelect/SQLExecute activities:

  • Database Server - SQL Server machine hosting the database
  • Database Name - Name of the database to connect to 
  • SQL Command - SQL statement to execute on the database 
  • SQL Username - SQL Server username for connecting to the database 
  • SQL Password - SQL Server password for connecting to the database 

The SQL Command property will be set differently based on which SQL activity you are using.  The SQLSelect activity will expect a SELECT statement here.  The SQLExecute activity will expect an INSERT, UPDATE, or DELETE statement here (essentially any non-SELECT query).



The SQL Server activity library was developed using the Workflow Studio SDK:
If you need to review the code and make changes, I highly recommend reviewing my previous blog series on using the Workflow Studio SDK.  This blog series will help you get your Visual Studio development environment up and running so you can make changes to the code. 

For the programmers out there, the activities themselves leverage the standard ADO.NET objects for connecting to a SQL Server database and executing a command.  If you are familiar with ADO.NET, then the code should be fairly straightforward to walk through.

Finally:

When you check out the CDN you'll see the full setup and usage instructions so I didn't restate them here.  The SQL queries you execute can be static (using hard-coded values) or dynamic (based on the bindable properties of other activities within the workflow).  This makes this activity pretty flexible to use in any kind of situation or query you may encounter.  Have fun and I hope this helps you out as well!

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (3183) |

01 May 2009 05:52 PM EDT
Workflow Studio Pre-Requisites
[ Tags:  workflow studio ,   prerequisites ,   powershell ,   sql ,   gpmc ,   workflow-studio ,   nonspecific ]
posted by Peter Schulz

I just posted an article on the components that are pre-requisites for Workflow Studio and how you can extend the ISO image we provided to include all components if you wish:

http://community.citrix.com/display/wf/Workflow+Studio+Pre-Requisites

I find it useful to have a CD image with everything on it that auto-runs, and thought that others might as well.

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (2899) |

04 Apr 2009 01:24 AM EDT
WFDB or not WFDB
[ Tags:  workflow studio ,   wfdb ,   sql ,   database ,   workflow-studio ,   nonspecific ]
posted by Peter Schulz

We had a question on the support forums about modifying the database used for Workflow Studio, which defaults to 'WFDB'. All the SQL scripts are provided for you in the Workflow Studio install, and we anticipated our customers wanting to have multiple databases on a single server or just changing the name from the default 'WFDB' name. In fact, if the SQL Admin wants more control they can customize as much as needed.

I wrote up an article to cover the process:
http://community.citrix.com/display/wf/Customizing+Your+Workflow+Studio+Database

If anyone tries this and runs into problems let me know

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (9471) |

29 May 2008 01:21 PM EDT
Citrix Web App Firewall Blocks the Nihaorr1 Script
[ Tags:  appexpert ,   apptips ,   citrix ,   firewall ,   injection ,   netscaler ,   nihaorr1 ,   sql ,   tips ,   waf ,   xss ,   js ,   wasc ,   wafec ,   owasp ,   haoliuliang ,   lb ,   llb ,   slb ,   clustering ,   app firewall ,   web firewall ,   sql injection ,   web security ,   web site firewall ,   website firewall ,   web filter ,   content filter ,   application blocking ,   citrix load balancer ,   citrix load balancing ,   link load balancer ,   link load balancing ,   load balancer ,   load balancing ,   server load balancer ,   server load balancing ,   security load balancer ,   security load balancing ,   hardware load balancer ,   hardware load balancing ,   next gen load balancing ,   website load balancer ,   website load balancing ,   application load balancer ,   application load balancing ,   application switch ,   web application controller ,   application controller ,   application delivery ]
posted by Craig Ellrod

Hundreds of Thousands of Web Servers have been getting hacked, including several at the United Nations. The appearance is that the hack exploits a vulnerability in Microsoft IIS because of a Microsoft SQL Specific injection payload, however the attack is capable of infecting any type of web server open to SQL Injection and Cross Site Scriting (XSS) attacks.

Microsoft released some security bulletins (951306, MS08-006) stating vulnerabilities in their IIS web server,  alluding to the vulnerabilities recently brought to light. A script homed at nihaorr1.com based in China was found to be infecting many servers, and spreading quickly. Further research into the problem indicates that non-Microsoft types of servers may also be affected by the attack.

As of May 12, 2008, Google's Index had 1,700,000 infected pages.  The domains currently being injected that contain the malicious Javascript are:

  • nihaorr1.com
  • 2117966.net
  • aspder.com
  • haoliuliang.net
  • nmidahena.com
  • free.hostpinoy.info
  • xprmn4u.info
  • winzipices.cn
  • wowgm1.cn
  • killwow1.cn
  • wowyeye.cn
  • wowgm1.cn
  • winzipices.cn

This vulnerability and others like it can easily be stopped with a Citrix Web Application Firewall using default policies to block SQL injection and Cross Site Scripting. We setup a demo in our lab, to show how easy it is to configure and block this type of threat.

See the mailicious script in action:


Watch how Citrix Web App Firewall blocks the malicious script:


See how easy it is to configure the Citrix Web App Firewall:


Read about the Citrix Application Firewall here.

Buy the Citrix Application Firewall here.

Tap into the power of AppExpert

Expand Blog Post