I am trying to build a connector that needs to access an API which requires API_KEY and API_SECRET. Currently Data Studio doesn't support authentication with two keys. So I thought I'd use auyhentication type NONE and then in getConfig() function I would prompt the user to input two required keys. However it seemms an awkward thing to do so I am asking more experienced developers. Am I introducing any security issue here? From what I understand there is no deifference whether I check and store user credentials in getConfig() or setCredentials(). They all end up stored in PropertiesService so I don't see any major difference. However, I may be wrong...
Currently(Nov 2019) there isn't support for API_KEY+API_SECRET. You have a few alternatives:
Use USER_PASS and in the connector description, instruct the user to use API_KEY for USER and API_SECRET for PASS.
Use NONE and get the info in getConfig().
Until the Data Studio team implements a solution, I recommend using #1. This will make it easier for you to migrate code and existing users once an official solution becomes available.
Related
I'm currently working on a password managing application in Meteor React and can't seem to find a way to encrypt and decrypt data on the client, with MmongoDB storing the encrypted data.
To add a little background to the task and specify what I am trying to do:
This whole application is for one single company and users are the employees only. The passwords, along with username info and some other attributes are stored in folders and users get view and edit rights to data within the folder. Passwords (along with additional info) need to be encrypted, but multiple users need to be able to access them based on the rights given to them. So when the data is encrypted, say when a person creates a password, other users with the rights to do so need to be able to decrypt this data as well. However, the decryption needs to happen on client and the server can only ever access the encrypted data.
I have tried using planifica:encryption, because it has exactly what we need for our project, but I ran into some errors and I can't get past them nor find any article about them. I have heard of Mylar in some answers to similar questions, but both Mylar and Planifica don't seem to have been updated for a few years now. I know Node.js has a crypto module, but I am not sure whether it could be used to share encrypted data among users and most importantly, how to do so.
Is there any way to do what we need for this project? I should also point out that I am relatively new to meteor and I have not dealt with encryption whatsoever, so my understanding is rather limited.
Thank you for reading!
This very much depends on the encryption you are using, but since you are interested in decrypting things client-side, it sounds like what you are looking for is the SubtleCrypto web api.
That should be all you need on top of what Meteor already provides. You should be able to use a regular meteor collection and publication to share the encrypted data with your clients, and then let them decrypt it using the above linked decrypt function. One question I'd have is how you will be able to get the decryption key to your clients while hiding it from the server, but I assume you've got that part figured out somehow.
I would like to know if this scenario would be possible in any programming language combined with any database technology.
I would like to automatically save received pdf files that are attached in emails into a database. Is this possible? Is there any library or framework available to do so?
Yes, I would recommend using Google Apps Script for this. The approach you should follow is to use the GmailApp class (Documentation here) to get the messages you need, you can use methods like getInboxThreads() (Documentation), to retrieve the messages.
After you've found the message and retrieved the attachment (which you can do withgetAttachments() (Documentation)), you can use the JDBC Service to connect with external databases. The specifics here depend a lot on what database you want to connect with, but the documentation will lead you in the right direction.
I need to create some automated method for checking certain security settings within a given Salesforce org(s). The four big ones are:
IP Restrictions within each profile
Mobile User setting disabled
Mobile Lite disabled
Chatter Disabled
I think the first two can be accomplished through the API (SOQL to get all profiles and check loginIpRanges[] length >0 and SOQL to get all users and check isMobileUser property for each one), but I can't find anything in the API for the other two and wonder if I would have to screen scrape it.
Any suggestions on the best approach to accomplish this? A local Python or other script that connects remotely via the API and a screen scraper or Selenium script for the non-API items? An Apex or VisualForce page that is installed within each org?
I am new to Salesforce and Apex, so before I start down one road and doing it within Salesforce vs via the API I would really appreciate any guidance.
Thank you!
I think you'll have to take a mixed approach to solving this, perhaps wrapped up in some larger python script.
Use the metadata API to get all of the Profile objects and parse for loginIPRanges. You can use Apache ANT and the Force.com migration tool commands to do this. You can also get the SecuritySettings from the same API and method and get a lot of the things in the Security Health Check, if you need them. The results will be returned in XML, which you can easily parse in your python script.
Use the API and a SOQL query to check for the isMobileUser permission, use python to parse/output results. Beatbox is a good library for connecting to the standard API.
For the last two, I think you'll need to go with some screen scraping/browser automation and parsing. Hopefully someone has a better answer for this, as I'm not familiar enough to help with how to accomplish this aspect. The screens are in standard locations so it should be repeatable as long as future updates don't move things.
Ideally you'll be able to combine these into one large script that fires off beatbox, then fires off ant/migration tool, and some browser automation script.
I have a forum with >400 registered users. It's powered by vBulletin-4.0.4. I want to build up several websites with kohana-3.1, but keep existing forum users too. I will use seperate databases for each application (I want to keep apps as independent as possible).
So my solution is:
step 1. create special app users.mydomain.com where each user can register and update their details (birthdate/email/password). This app will catch all changes and write them to forum database and application databases.
step 2. modify default auth module to handle forum authentication. vBulletin uses algorithm: $hash=MD5(MD5($password)+$salt) for pass hashing.
Am I in the right direction? Is it OK?
Someone has already done this: Kohana vBulletin Bridge. You will need to contact the author of the module as the source code is no longer online. It wont be too difficult to upgrade it to 3 if you get it.
I haven't used vBulletin so I can't give you much advice on the subject, but you're right about the hashing algorithm. You'll also need to make sure your session is read and written as they are in vBulletin.
A quick search of vBulletin SSO to get you started.
I am using LLBL Gen Pro v2.6 and am attempting to create a means of auditing changes made to the database. Now, I know that LLBL Gen has auditing built into it using AuditorBase and dependency injection. The question I have is; I need to track not only the stuff that LLBL Gen exposes as auditable, but also the User who made the changes. From what I've seen there isn't a built in way of gathering this information. Has anyone used LLBL Gen's built in auditing and determined a way to do this?
Wayne E. Pfeffer
I have used LLBLGens Auditing classes. Determining the user is really something that you will have to handle. There are too many variables for LLBLGen to actually do this for you. How are your users handled? Is this a winforms or asp.net application?
The best solution would be to store the UserId in a session variable or static variable depending on which is more appropriate for your application. In your implementation of the Auditing class you can just pull the UserId from its storage place.
Another potential solution would be to override the Entity Class or the Data Adapter classes and pass the UserId in to your save methods. However, this would be a lot more work.
In my WinForms app, I accomplish this by creating a custom IPrincipal and stick that on System.Threading.Thread.CurrentPrincipal when a user logs into the application. Then, I can easily grab that from inside my LLBLGen auditing classes.
We're also about to implement auditing of changes to the db, and have the same issue of adding the user_id to the auditlog. I can see you can do the pull-approach, e.g. fetchingn the user_id from the web session (we're building a web application), but this would completely mess up the layering of the application, as I see it!?
I.e. if the DAL pulls data information from the presentation layer (web session), I won't be able to use the DAL in other contexts?
Best regards,
--thomas