如何获取隐藏数据库的数据库模式?
我的客户是一家牙科诊所,购买了一款诊所管理软件。该软件安装在他们的本地服务器上,包括患者数据库、时间表和各种医疗记录。现在他们希望我为他们编写一些他们的软件包中未提供的实用程序,为此我需要能够查询该数据库。
我尝试致电软件制造商的技术支持 (Patterson/EagleSoft),但很难找到了解该技术的人足以回答我的问题。据我所知,他们的软件没有 API,并且可以理解的是,他们不愿意告诉我如何以编程方式直接查询数据库。他们确实有一个交互式查询窗口,但显然这不适合编写自动查询。他们所透露的只是某个地方有一个 SQL Server DB,但连接到它的 ODBC 驱动程序是 SQL Anywhere 驱动程序(嗯?)。
于是我在服务器上搜索了一下,没有找到任何数据库文件。然后我发现安装创建了某种专有虚拟机,该虚拟机仅对 EagleSoft 软件可见。但是,虽然他们非常擅长在混淆层中隔离数据库,但他们仍然开放 ODBC 驱动程序,这实际上是 SQL Anywhere 连接。
现在,在引人入胜且冗长的序言之后,我的问题是:我可以通过此 ODBC 连接运行哪些查询来询问数据库的结构?如果它下面是 SQL Server DB,我可以使用 sysobjects 表,但我不完全掌握如何使用 SQL Anywhere ODBC 连接来连接到 MSSQL DB。如果他们误导了我,而它实际上是一个 SQL Anywhere 数据库,那么需要运行哪些查询来获取数据库结构?
如果还有其他人曾经成功地实际查询过 EagleSoft(或任何类似的专有软件包) - 请告诉我你是如何做到的!
My customer is a dental practice that has bought a piece of practice management software. This software was installed on their local server, including a patient database, a schedule and all manner of medical records. Now they want me to write some utilities for them that aren't provided with their package, and for this I need the ability to query this database.
I tried calling tech support of the software manufacturers (Patterson/EagleSoft), and it's difficult finding anyone who understands the technology enough to answer my questions. As far as I can tell, there's no API for their software, and understandably they're reluctant to tell me how to query the DB directly, programmatically. They do have an interactive query window, but obviously that's no good for writing automated queries. All that they would let on is that somewhere there's a SQL Server DB, but the ODBC drivers to connect to it are SQL Anywhere drivers (huh?).
So I searched around on the server and couldn't find any database files. Then I discovered that the installation creates some kind of proprietary virtual machine, which is only visible to the EagleSoft software. But while they've been very good at insulating their DB in layers of obfuscation, they have left open an ODBC driver, which is indeed an SQL Anywhere connection.
Now after that fascinating and lengthy preamble, here is my question: What queries can I run over this ODBC connection to interrogate the DB as to its structure? If it's a SQL Server DB underneath I could use the sysobjects table, but I don't fully grasp how you can use a SQL Anywhere ODBC connection to connect to a MSSQL DB. And If they were misinforming me and it really is a SQL Anywhere DB underneath, what are the queries to run to get at the DB structure?
And if there's anyone else out there who's ever succeeded in actually querying EagleSoft (or any similar proprietary package) - please tell me how you did it!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
事实证明,最简单的方法是使用
OdbcDbConnection编写一个小应用程序,并使用随软件安装的 DSN 进行连接。经过一次探测'select * from sysobjects'才发现它确实是一个 MS-SQL 数据库,我很高兴从那里开始!Turns out the simplest way to do it was to write a little app using
OdbcDbConnection, and connect using the DSN installed with the software. It took one probing'select * from sysobjects'to reveal that it is, indeed a MS-SQL database underneath all that, and I'm good to go from there!我会使用像 squirel 这样的工具,它非常适合浏览任何数据库,以检查是否有人成功使用“SQL Anywhere”这个谷歌结果:
http://blog.gmane.org/gmane.comp.db.squirrel-sql.users/month=20091001
显示其他人有设法让松鼠做到这一点。它非常容易使用...当然假设您设法使连接正常工作!
I'd use a tool like squirel which is great at browsing any database to check if anyone was successful with "SQL Anywhere" this google result:
http://blog.gmane.org/gmane.comp.db.squirrel-sql.users/month=20091001
Shows that others have managed to get squirrel to do this. It's quite easy to use... assuming of course you manage to get the connection working!
一些可能有帮助的工具是 SQLWorkbench 和 Django.我使用 SQLWorkbench 将数据从生产系统复制到 Postgres 数据库中,这样我就可以在不损坏生产环境的情况下对其进行攻击。然后我使用Django的inspectdb来生成数据库环境的模型。从那里可以轻松地在数据库和模板中创建“视图”以准确显示我想要的内容。
更新:从 Eaglesoft 19 开始,Patterson 似乎已经对数据库进行了密码保护,并且他们不遗余力地阻止用户在不付费的情况下获取数据。
更新:就像我之前提到的,Eaglesoft 19 有一个锁定版本的数据库。对于只读访问,您可以致电 Patterson 并要求他们提供安装在您服务器上的“技术参考”工具的“数据库管理”部分的密码。进入后,可以选择设置用于访问数据库的只读密码。用户名是“dba”,密码是您设置的。有时需要与他们进行一些来回协商才能获得访问权限,但我的解决方案是说“十多年来,我们一直将患者数据放入 Eaglesoft,并且我们始终可以访问数据库。现在你限制它并告诉我们必须付费才能访问,这听起来像是你试图通过劫持我们的数据来勒索金钱,我可能应该由我们的法律团队来处理。”
编辑:2022 年 11 月 18 日:通过致电 Patterson 并获取技术参考的“日密码”,您仍然可以在 2008 年 20 月 21 日(最新版本)中轻松获得对 Eaglesoft 数据库的只读访问权限。从那里您可以启用只读用户。根据 Patterson 对应用程序架构和数据库所做的一些更改,我怀疑他们将在未来一两年内停止使用与数据库的直接连接。当他们进行更改时,您将只能通过他们的 API 服务器访问数据库。在与他们的一位销售兄弟玩了几周的“电话标签”并做了一些简单的社会工程之后,我设法通过 API 服务器获得了他们的价目表。太残暴了。大多数办事处每月向 Patterson 支付约 500 美元,以获得免费技术支持和免费升级。他们希望开发人员为每个办公室支付几乎同样的费用来访问 API。他们意识到他们可以将实践锁定在自己的数据之外并从中获利。我们正在与一家公司合作,该公司正在积极开发 Eaglesoft 的替代品,以摆脱这种可怕的供应商锁定。
A few tools that might help are SQLWorkbench and Django. I use SQLWorkbench to copy the data from the production system into a Postgres database so I can hack on it without damaging the production environment. Then I use Django's inspectdb to generate models of the database environment. From there it's easy to create 'views' into the database and templates to display exactly what I want.
UPDATE: As of Eaglesoft 19, it looks like Patterson has password protected the database and they have gone out of their way to prevent users from getting at the data without paying them for access.
UPDATE: Like I mentioned before, Eaglesoft 19 has a locked-down version of the database. For read-only access you can call Patterson and ask them for the password to the "Database Admin" section of their "Technical Reference" tool that is installed on your server. Once you are in there, there's an option to set a read-only password for access to the database. The username is 'dba' and whatever password you set. Some times it takes a bit of back-and-forth with them to give you access, but my solution was to say "We've been putting patient data into Eaglesoft for over a decade and we've always had access to the database. Now you're restricting it and telling us we have to pay for access. It sounds like you are trying to extort money by holding our data hostage. I should probably run this by our legal team."
EDIT: Nov 18 2022: You can still easily get read-only access to an Eaglesoft database in 21.20.08 (the latest version) by calling Patterson and getting the "day password" for Technical Reference. From there you can enable a read-only user. Based on some of the changes Patterson is making to their application architecture and the database, I suspect they will stop using direct connections to the database in the next year or two. When they make that change, you will only be able to access the database through their API Server. After playing "phone tag" with one of their salesbros for several weeks and doing some light social engineering, I managed to get their price list for going through the API server. It's atrocious. Most offices pay ~$500/mo to Patterson for free tech support and free upgrades. They want developers to pay nearly as much per office for access to the API. They've realized they can lock practices out of their own data and monetize it. We are working with a company that is actively developing a replacement for Eaglesoft to get away from this horrible vendor lock-in.
我编写了自己的 PHP 驱动网站来访问和操作 eaglesoft 数据库中的数据。您只需创建与本地 DNS 条目的 odbc 连接即可完成。要查看数据库结构,您可以使用 eaglesoft 或高级查询工具中包含的技术参考。
I have written my own PHP driven website to access and manipulate data in my eaglesoft database. You simply create odbc connection to local DNS entry and done. To see database structure you can use the technical reference included in eaglesoft or advanced query tool.