Friday, December 14, 2007

Using the Seapine TestTrack SOAP API

Our organization has been using the Seapine Test Track defect management system for about a year and recently I had to migrate defects from the existing custom defect tracking system to Seapine. The migration process involved the use of the SOAP API made available by Test Track.

However, upon using the SOAP API, I kept getting the error

date' is an invalid value for the SoapElementAttribute.DataType property. The property may only be specified for primitive types


After spending some time with google and msdn, I found a couple of links which attributed the problem to incompatibilities in the proxies generated by .NET 1.1 and .NET 2.0.

Till this point of time, I was always using a live reference from my C# application to the web-service. Upon generating a proxy class using wsdl and replacing all
System.Nullable strings with DateTime in the generated class file, I was able to use the SOAP API without any further problems.

Copy Paste between remote desktop and local computer

In order to allow copy-paste functionality across remote desktop, ensure that the following services are running on the local computer and the remote system
1. Network DDE DSDM
2. Network DDE
3. ClipBook

Network Dynamic Data Exchange (DDE) is a technology that enables applications on different Windows computers to dynamically share data. This sharing is effected via communications channels called trusted shares, which are managed by a service called the Network DDE Agent. By design, processes on the local machine can levy requests upon the Network DDE Agent, including ones that indicate what application should be run in conjunction with a particular trusted share. The DSDM(Distributed Share Database Manager), manages the shared DDE(Dynamic Data Exchange) network conversations (from shares like: \\computername\ndde$).

However, a vulnerability exists because the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine.