Application Security Testing: An Integral Part of DevOps
In the upcoming series of examples, we examine the use of RAPI to find and access remote databases. This capability is one of the most strategic aspects of the CE architecture. The convergence of wireless communication and computing technology is practically everywhere you look. Equipped with environmental sensors, image capture, and GPS capability, we'll see CE gadgets taking on jobs that are too tedious, dangerous, or time consuming for humans, and too small or remote to be practical for PC hardware.
CE is the perfect operating system for both next generation mobile computing platforms and embedded devices. It is adaptable, extensible, highly portable across processor platforms, and is largely compatible with the world's biggest population of deployed applications.
The RemoteDBScan Example
In this example, you'll see how to find all of the databases of a remote device and retrieve database attributes. You'll also see how to read the records from a specific remote database, dynamically detecting property types and appropriately interpreting property data. Once again, we use MFC as the basis of the example.
Here are a few basics about the features of RemoteDBScan and the way in which they are implemented:
For the view, we use a specialized version of the standard MFC CListView class, CListViewEx. The sources for this class have been distributed with the last several generations of Visual C++, and although they are not formally part of the MFC libraries, for all intents and purposes they have become a standard. When the user selects an item shown in a CListViewEx view, the entire row that contains the item is selected. You'll see how to derive the CRemoteDBScanView class from CListViewEx.
When the application launches, the view contains a list showing the attributes of all of the databases on the remote system. To see the records in a specific database, select it by clicking on its row in the list view, and then choose the Remote Database Access.Get Database Records from the main frame window's menu. This menu item launches a dialog that displays all of the records for the selected database.
Because you can use the RemoteDBScan application to access any database of the CE device, we don't include facility to add, delete, or modify records. However, you will see how to capture the CE object identifiers (CEOID) for records as they are found. Once you have the CEOID, writing and deleting individual records is a straightforward process. You can learn more about this by looking at previous examples in this series.
Before we start, a word about the accompanying source files. In general it is both good practice and convenient to generate source templates using the wizarding tools included with Visual C++. However, a great deal of the automatically created source has nothing to do with implementation of the example at hand. For this reason, the source files you'll see in the sample code only include those to which we've made changes. Below is a table that details all project files, their uses and whether or not they are included in the accompanying sources. Assume that a file not included in the sample material is directly useful, as generated by the wizarding tools.
Table 1: RemoteDBScan Project Source Files and Their Uses
|Source File Name||Header File Name||Implements||File Shown in Source|
|MainFrm.cpp||MainFrm.h||Default frame window and menu behaviors||Yes|
|RemoteDBScan View.cpp||RemoteDBScanView.h||Displays list of remote databases||Yes|
|RecordListDialog.cpp||RecordListDialog.h||Displays records from selected database||Yes|
|ListViewEx.cpp||ListViewEx.h||Extensions to the MFC CListView||No|
Figure 1 is a screenshot of RemoteDBScan running on a Windows desktop machine, inventorying the databases on my Compaq handheld.
Figure 1: RemoteDBScan's Main Window
Figure 2 shows a record dump from the CE side database \RecycleInfo.:
Figure 2: Records From the Selected Database
We'll just get a start on the example now by learning how to create a desktop side view that will serve as a display for the CE side information we retrieve.
Creating a View by Deriving From CListViewEx
RemoteDBScan began life as a typical MFC AppWizard project. In Step 6 of the project creation dialog, AppWizard gives you a chance to choose the base class for the application's view. At this point, we chose CListView as the base class for the view. After the AppWizard generated files exist, we make a few changes in order to derive the view from CListViewEx.
First, add this include file to the header file for our view class, RemoteDBScanView.h:
Next, we change the line where we derive our view class to use CListViewEx as a base class.
class CRemoteDBScanView : public CListViewEx
We add the CListViewEx class to the project, and after the files are generated we copy the implementing source to our newly generate project files, ListViewEx.h and ListViewEx.cpp, being careful not to overwrite the #defines at the top of our application's generated files. (The source files that contain the implementation of CListViewEx are part of the MFC sample application ROWLIST.)
After we change the derivation of the class, we update source files in which pointers to the view class appear in generated code. Pointers to the view must now be of type CListViewEx*.
In our next lesson, we'll see how to set up up communication between the desktop and the remote CE device. We'll populate our RemoteDBScan view window with a list of the databases we find there.