When using selenium grid with remote nodes, how can I execute commends on the node without passing information in the clear between the grid and the node? I access the site I am testing uses https, so communication between the node and the site is secure, but what about between the hub and the node? Is there any way to secure that? Has anyone tried port forwarding on both the hub and the node?
Thank you. With the help of that link and a little tinkering, I got it to work. In case it helps someone, here is basically what I did. This is the case where I am running the grid on my local machine (at home) and I have nodes running on remote laptops.
Generate an rsa key on the remote machine, and take id_rsa.pub and place it in ~/.ssh/authorized_keys on the local machine running the grid, making sure you have file/directory permissions set correctly
Make sure you have a fixed IP at your local machine, I used the AirPort Utility, under network options, DHCP Reservations. (Info about how to do this is generally easily web-searchable)
Open up port 22 on your local router. I did this using the Airport Utility, network options, Port Settings. At this point you should be able to ssh from the remote machine to the local machine successfully, without using a password.
Start port forwarding on the remote machine, with something like this. ssh -N -L 4444:${HUB_IP}:4444 ${USER_NAME}#${HUB_IP}. Now all data that is sent to port 4444 on the remote machine, will be sent securely to end up on port 4444 on the local machine (this presumes that your grid is set up on 4444)
Start the grid on the local machine, using port 4444
Start the node on the remote machine with the hub setting of -hub http://localhost:4444/grid/register -port {whatever_you_want_for_driver_but_not_4444}
I put this all into a script that runs from the local machine, it calls scripts on the remote machine, so you need to also be able to ssh from the local machine to the remote machine. It is a bit of a hassle to set this up, but once it is done, you can start one script to start the hub and as many nodes as you like.
I think now I can pass information securely between the hub and the nodes.
I have not done this personally, but this link may help you.
For logging into websites, I have usually tried to log in via an API and then insert the cookie into the driver session so logging in was not needed via Selenium.
Related
In one company there is windows server 2008 hosting firebird 2 database.
Clients are using some software to connect from local machines to this database.
Network is running on few mikrotik routers.
When i change main gateway mikrotik router dns to cleanbrowsing ip addresses (185.228.168.10 and 185.228.169.11), software can not connect fo this firebird database.
When i use 8.8.8.8 dns or 1.1.1.1 - no such problems.
Software does not relate to dns, i know this because it is written by me in c#.
How possible is that and why it happens?
Changing the main gateway router's DNS server to another upstream server means you are potentially getting different responses to DNS queries. Assuming that nothing else has changed on your network, I imagine one of the following:
Your new DNS provider does not have special config for the dns entries you are querying
Your new DNS provider is located somewhere else physically, and you are running into a situation where geolocation matters (different dns responses to differently located users)
There is another gadget on the network intercepting DNS and is unaware of the change you are making. For example a NAT rule on a router that redirects 8.8.8.8 to an internal DNS server.
I agree with your assessment that the software is probably not causing this, because you changed infrastructure, I think that this is an infrastructure problem.
With 15+ years of experience running FirebirdSQL in small networks, I always set following things to prevent such problems:
The first DNS at the router's DHCP should point to the router's IP (gateway) itself, so it resolves local pc names easier
Setting a (random?) DHCP domain name at router's setup is recommended too
Edit/replace the firebird.conf file with one of fixed default port (3050) + event port (3051).
Opening those ports on each PC's firewall is a MUST. Both incoming and outgoing. You may narrow it to local IP range to prevent outside attacks. (Create a script once, run it on each PC as Admin once.)
Usually I also add "fbserver.exe" to firewall exception too
Restart FirebirdSQL service (or the whole PC) after changing gateway or DNS or firebird.conf
I set up a NTP server on my windows machine using the Meinberg Ntp server setup.
I think I have it working, but where do I find the name of the server so I can add it to the config file of the device I want to sync to the server?
You access all network services a computer hosts by its hostname or IP, independent of the protocol. Some services can also be registered in the DNS to make them "discoverable" but normally only networks of a certain size justify the effort involved in setting this up.
Simply determine the hostname of your computer and specify this as the ntp host on your device you want to sync. Perhaps the easiest way to get to the hostname is pressing lWindows + [Pause/Break][1], which shows you the system properties. Should work on most current Windows OSs.
I am currently developing a website with a virtual server based on Vagrant. Before that I always used my NAS-webserver to develop my sites.
I want to keep using my database on the NAS cause it's easy to handle through phpMyAdmin that is installed as an app on the NAS.
When ssh'ed into my virtualbox I can ping to the internal ip from my NAS, being 192.168.0.10. Making a database connection to it, does not work.
Usually I take static ip for my VirtualBox that does not belong to the range of my internal network, e.g. 192.168.33.23. I tried to change this to an ip that is in the range but then I get an error saying:
The specified host network collides with a non-hostonly network!
The specified host network collides with a non-hostonly network!
This will cause your specified IP to be inaccessible. Please change
the IP or name of your host only network so that it no longer matches that of a bridged or non-hostonly network.
What is the best method to solve this issue? I read the Vagrant Docs and other posts but I didn't get it up and running.
** UPDATE **
I added this line to my Vagrantfile:
config.vm.network 'public_network'
This invokes a bridged mode. After choosing 'en0: Wi-Fi (Airport)' as adapter when starting the VM, the ip of my VM is now 192.168.0.100 but I still can't connect to my database #192.168.0.10.
I already did a credential check by placing all files on the NAS-webserver and all worked well.
Solution:
set the network to bridged mode
grant the VM ip address access in the mysql users table
So I just added the same user in phpMyAdmin but now with the VM ip address as hostname.
I have a pgsql server running on windows 7. I can remotely connect to it within the network using the computer name, so i know that there are no issues with config etc. I have disabled firewall. I have a static ip and have tried to connect to the database from another network but i get the error: server does not listen. What am i doing wrong? I know small amounts about ip addresses so any help will be appreciated. thanks in advance!
EDIT:
A little more information, i have set up a home network, i have two computers networked together that can both access the pgsql server that resides on one of the computers. I am based in the uk and get my internet from plusnet, config is all done on the thompson gateway. The third computer is a remote computer not on the same network, i was just testing to see whether or not i could "host" a pgsql database for several, not networked computers. Its more of a hobbiest thing really, although would be could if i could do it for work reasons too. Thanks for you help. (sorry if i sound dumb but this really isnt my subject-yet!)
Configure the pg_hba.conf file to add the line
host all all 192.168.0.1/24 trust
that IP 192.168.0.1 is just for the sake of example, you'll put there your IP
then edit the postgresql.conf to reflect these settings
tcpip_socket = true
i think this ^^ is only required for older versions, but add it there anyway
listen_addresses='*'
by default it's localhost, put * to listen to all addresses, or just your IP to tighten up the security
Is there any way to detect if I am connected to a VPN using standard windows APIs in C?
Basically I have a client that has to sync with a server but only if the VPN is connected. This could be a standard windows VPN client or a Citrix.
Is RAS helpful here?
thank you, code is appreciated.
EDIT:
to make it clearer.
This is a client that will run on our customer's computer and they set the VPN and server however they want. So I wanted to know if windows keeps a setting somewhere that I can read via an API or registry or WMI or whatever that can tell me VPN: no or yes and if yes the info.
With the VPN I suspect you able to access resources that don't exists otherwise. So you could PING test a server on the VPN network. ICMP is the protocol for ping.
Here is some examples: http://www.alhem.net/project/ex10/index.html
Your IP space should be different if you're on VPN or not - if the VPN is set up right, the server shouldn't even be accessible unless you're on the VPN. You could try to ping the server, and only try to perform the sync if you get a response?
I'm fairly certain that one of the selling points of VPN is that userland applications should be, on the whole, entirely unaware of its existence. Your best course of action is likely to query, using COM or some other form of IPC, known VPN provider services, or just see if they are alive and/or active, and infer the situation based on this evidence.
I have looked for vendor specific registry settings to determine if the tunnel is active. This works well with Nortel and Cisco VPN clients.
Can your app lookup the IP of a domain name that's only available through the VPN? If the name lookup fails, you're not on the VPN. If the general Internet can't query the DNS server on the VPN, this may be a workable solution (but maybe not generalized enough for your needs?). You can then try connecting to that IP -- something that will only succeed if you're on the VPN.
You could even have a public DNS server provide the IP address. Just use a special hostname that never resolves to a public IP. If the VPN isn't up, you won't be able to reach that address.