It's all about the answers!

Ask a question

How to avoid exposing the passwd when using curl to run an RTC query on the command line ?

long TRUONG (3654121147) | asked Oct 02 '14, 9:45 p.m.
 RTC 4.0.6 on Windows:

Inherited a script, Windows batch file, to run, with curl, an RTC WI query measuring performance:

@echo on
curl -k -c ..\query\run\cookie.txt https://<RTCserver:port>/jts/authenticated/identity -o quiet.txt
curl -k -L -b ..\query\run\cookie.txt -c ..\query\run\cookie.txt -d j_username=<id> -d j_password=<pwd> https://<RTCserver:port>/jts/authenticated/j_security_check -o quiet.txt
curl -k -b ..\query\run\cookie.txt https://<RTCserver:port>/ccm/resource/itemOid/ -o dump_10000.csv

getting a dump_10000.csv file for all the WIs retrieved.
And an output:

C:\Users\gr4truo\Documents\junk\curl>curl -k -c ..\query\run\cookie.txt https://<RTCserver:port>/jts/authenticated/identity -o quiet.txt

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100  1983  100  1983    0     0    237      0  0:00:08  0:00:08 --:--:--   492


C:\Users\gr4truo\Documents\junk\curl>curl -k -L -b ..\query\run\cookie.txt -c ..\query\run\cookie.txt -d j_username=<id> -d j_password=<pwd> https://<RTCserver:port>/jts/authenticated/j_security_check -o quiet.txt

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100    38    0     0  100    38      0     25  0:00:01  0:00:01 --:--:--    25

100    58  100    58    0     0     31      0  0:00:01  0:00:01 --:--:--     0

 C:\Users\gr4truo\Documents\junk\curl>curl -k -b ..\query\run\cookie.txt https://<RTCserver:port>/ccm/resource/itemOid/ -o dump_10000.csv

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                                       Dload  Upload   Total   Spent    Left  Speed

100  604k    0  604k    0     0   5424      0 --:--:--                  0:01:54 --:--:-- 14441

  • The ID & passwd are hardwired into the batch file, we just wonder if we can somehow avoid the exposure of the passwd either through encryption or via LDAP ?
  • Also this script is great for automating collection of the query results.
  • But to fulfill its original intention, picking up the Time Spent  as a measure of the RTC performance, it is not a true measure of the performance: As the majority of time spent is on exporting/creating the CSV file not to run the query. Have tried a query which run for 10 secs took 5 min to export to a CSV file on webUI, took 12 min by this script.
  • Not familiar with curl, and had tried to modify the batch file in vain to dump the retrieved infos: Is there a way to just time the query, separate and isolate from outputting the results into a csv file ?

2 answers

permanent link
Donald Nong (14.5k614) | answered Oct 03 '14, 2:51 a.m.
All you need to do may simply just to change "@echo on" to "@echo off" for the first line of the script. If you want to do it in a even stealth way, run the script with the extra parameter " 2>&1 >output.txt" where you will later examine the output.txt file for the script output. For example, if the script is called go.bat, you will run
go.bat 2>&1 >output.txt
If you do adapt this method, remove the "pause" at the end of the script, otherwise you tend to forget to press a key and wonder why the script runs so long.

long TRUONG commented Oct 03 '14, 11:05 a.m.

Thx Don,

 This will be easier for us to try without looking for help with Java.

permanent link
sam detweiler (12.5k6195201) | answered Oct 02 '14, 11:11 p.m.
there is an api to encrypt/decrypt  the password for the plainjava api.. but I don't know how to/if can use it for rest requests.

I updated my plainjava query sample to demonstrate it
accepted answer here

long TRUONG commented Oct 02 '14, 11:23 p.m.

Thx Sam. 

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.