In the wiki of the gun repo on github, there is a section about "Security, Authentication, Authorization" (Wiki Page).
It describes the problem of how to avoid someone making invalid changes to the data like spamming the database or erasing the enitre database, but it doesn't describe how the problem is solved in gun. So the question simply is:
how is it solved?
Thanks a lot!
My issue is that at my current job, we have to go to 7 different sites, depending on the carrier, to find out a part number through a model number. Each site allows you to search a database with a model number and if it is found it you can see the part number for it. This really helps us out, but I'm looking for a way to make it more convienient for us. Each site requires a login. How can I search all the sites, sites databases at once or how can I make something, webpage or program, that has a tab for each site and when clicked it takes me right to the search feature of the site. Any suggestions are appreciated. I really need to be pointed in the right direction. I almost forgot, if you know a site or program that does this for hvac part or appliances please let me know!
You won't be able to integrate directly with each site most likely, so you're stuck having to login to each and do your work.
But there is some hope!
Check out Selenium (http://docs.seleniumhq.org/) for automating web tasks. For example, you should be able to "record" yourself logging in and clicking to a page - and then in the future you just run a script and Selenium will do it for you. Should save a few steps.
You'd still need a tab open per site, but it should help.
Has anyone made any headway with coming up with a single sign on solution
with Domain access to date for Drupal 7? I've been looking closely at two old
modules, one no longer maintained (SSO for D6) and one still maintained (CAS). I've also read that SAML might be a key to unlocking this, but am uncertain.
Facebook's FBConnect might be another option too or another way could be integrating OpenID from what I've read, and experienced on StackOverflow's sub sites.
I know that OpenID can do this since we are logged into all of *Overflows sub sites at the same time using one login. The question is how does it cross DNS servers? Does it handshake with one half of a matching hash? I cannot find any documentation on this, so am at a loss.
So, are there any solutions that are known to date, or information on what to start
looking into? I think I've made a good point at the possibilities. I read this thread, Domain Access SSO but am uncertain to what version it pertains to (Drupal. DA, SSO or otherwise). It looks like the "Solution" is to create a master table set with users and permissions, then share those across the domains? How might this work if there are already multiple sites created under Domain Access? Would you clone and rebuild the entire installation, or would you need to start from scratch? It really raises more questions than answers. I contacted the author with no response, so the questions still stand.
Any opinions out there on the who what or why would be greatly appreciated, I just need a start point to get the ball rolling. Thanks everyone.
I'm the author of the Domain Access SSO article mentioned in the original question. I don't recall being contacted about it, but then again I recently learned that my "contact" page on bleen.net hasn't been working in a while... but anyway, here is a bit of info:
That post referred to Drupal 6, SSO Module 6.x-1.0-rc1, and Domain Access module 6.x-2.0 (I think). That solution basically revolves around creating two separate drupal installs, one the master and one the client (there can be multiple clients). Basically, what happens is the necessary user tables for all teh clients are pointed instead to the master. In doing so, the master becomes (essentially) a shell site that does nothing but hold and verify user data.
Hope that makes sense and/or helps... to be honest i havent looked at that code in a long while now.
SAML is a good option. Check this module to integrate it with drupal:
http://drupal.org/project/simplesamlphp_auth
If you need a demo with this plugin working check this.
I am developing a basic yet highly customized CRM for a small training centre which has the ability to store student records and also send emails to them. I'm using SwiftMailer following this excellent tutorial in CakePHP to accomplish the sending part.
Of course, students are sometimes going to reply to emails and I'd like to retrieve them within my CRM and store them along with the student record.
However, I cannot find a single reference to doing this. I've tried the following Google searches: "receiving email cakephp" , "retrieving email cakephp" and even "email client cakephp" but all of these queries give results relating to sending mail rather than receiving it -- very frustrating!
Finally, I broadened my search to non-cake solutions and found someone recommending a library called ezComponents. It doesn't seem to have had any active development for about a year, but it includes an email receiving class which is exactly what I want. Unfortunately, I have no idea how to add this to CakePHP and the only post I've been able to find on the entire web on the matter doesn't exactly go into much detail. It's certainly not a step-by-step tutorial on using ezComponents on CakePHP like the SwiftMailer tutorial I mentioned above.
I also found a class on Google Code called php-imap which looks like it would do the job but, again, I haven't the slightest clue how to get it working happily in Cake like SwiftMailer is.
I realize that I may have to learn how to package classes for use in Cake by myself but I'm asking this question first on the off-chance that there is already a Cake-friendly solution to this problem that I just haven't realized :-)
Joseph
Thanks to everyone for your answers, but I've been doing some more searching and it looks like the solution is actually incredibly simple.
Basically, with the help of a plugin, I can set up the mail server in databases.php as a datasource and then write a Model and Controller to interact with it.
Here's the example I found: https://github.com/kvz/cakephp-emails-plugin
Edit: the repo has been deprecated and is now available at https://github.com/kvz/deprecated/tree/cakephp-emails-plugin
You will want to pipe your email to PHP and use stdin:// to read the contents of the email and add the e-mail to your database.
I've done this with cake and the simplest way is to make a Cake console application to handle the parsing. Also using cpanel's account level filtering to generate the pipe is really simple.
http://forums.cpanel.net/f5/piping-mail-php-scripts-howto-checklist-50985.html
http://www.evolt.org/incoming_mail_and_php
Sounds like you want to include SwiftMailer as a Cake plugin, amirite?
http://book.cakephp.org/view/1111/Plugins
-- if you want to package it yourself. Otherwise, a cursory search of the Bakery yielded this result:
http://bakery.cakephp.org/articles/sky_l3ppard/2009/11/07/updated-swiftmailer-4-xx-component-with-attachments-and-plugins
Hopefully it will at least get you pointed in the right direction. HTH. :)
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
Locked. This question and its answers are locked because the question is off-topic but has historical significance. It is not currently accepting new answers or interactions.
Users sometimes come up with the most amusing, weird and wonderful requirements for programmers to design and implement.
Today I read a memo from my boss that we need the "ability to import any excel or access data, irrespective of size, easily and quickly."
From the same memo, we have a requirement to "know if anyone unauthorized accessed the system" - as if a hacker is going to leave his calling card wedged between an index and a foreign key somewhere.
I think my boss has been watching too much "Star Trek"... :)
What's the funniest user request you've ever had?
"The calendars are really difficult to use, since there is a different number of days in each month. Could you please change them to have the same number of days?"
My client demanded that on his website the current white is too normal. And I quote "I want the glossy white of Facebook and Google"
I wonder if this would work:
main.css
body {
background-color: #ffffff !glossy;
}
Client: "I really like my website and Google but I need them both when my laptop doesn't have an internet connection. Can you burn them to a cd so I can use them offline?"
Me: "I can make an offline version of your site but it would have limited functionality. I can't however make Google available offline. It is possible with hardware and a monthly contract to get internet anywhere for a monthly fee with a data card. You'd have to pay around $60/month for it through ATT or Sprint or something like that."
Client: "I'm starting to become disappointed with your capabilities."
"We know the server goes down sometimes, but we want it to never go down"
"can you make sure our sales increase by at least 131%? that would put us ahead of last year."
"We need the button to be clickable after the checkbox to enable the button clicks is checked."
The following happened multiple times with the same person ...
Data Entry Operator (at remote site): Can you fix my terminal? It won't turn on.
ME: Last time you called with this problem it was unplugged, can you please check that?
Data Entry Operator: It's plugged in!
So I drive to the remote site and what do I find? An unplugged terminal, of course! I plugged it in, and it worked just fine.
Project Manager: "We need you to make a list of all unknown risks on this project."
alt text http://img360.imageshack.us/img360/1020/dilbert2030557071204cr8.gif
One of our programs lets normal people manipulate a fairly complex video distribution system. It visually indicates what's going on on the back end using representative pictures of the video sources -- VCRs, DVD players, etc. These graphics are very detailed; the VCR has a little amber display on it, saying "12:00" in a 7-segment LED font. One user asked us to make it blink. Another asked us to make it show the current time.
bangs head on desk
My programming team wrote an intranet which interfaced with a legacy accounting system. Basically, we were writing a pretty ASP.NET front end to protect users from having to interface with the terminal system.
In any case, one of our testers noticed that our login code accepted any password, so long as the first 8 characters were correct. A tester created a user with the password "Password", but the application would validate "Password1", "PasswordMonkey", "PasswordFakeFakeFakehahahah". So, our tester logged this as a defect. Some investigation revealed that the legacy system stored passwords in fixed-width, 8 char field, and it just quietly truncates queries to 8 characters. A quick test indicated that this bug existed in the accounting system as well and simply went unnoticed for 20 years.
We were unable to modify the legacy application as it was maintained by a third-party vendor, so I wrote a quick if (password.Length > 8) { return false; } on our end -- after all, a password more than 8 chars can't possibly be correct. Bug fixed, QA signs off.
So, when our application goes into production, we get an "URGENT!! USER'S CAN'T LOG IN TO THEIR ACCOUNTS!!!"-type message from the president of one of our customers. It turns out that state law or company policy required all passwords to be at least 12 characters long, and none of the users were able to use our product after the fix.
We explained that the accounting system simply doesn't store anything beyond 8 characters, and that everything will be peachy if users just type the first 8 characters. "UNACCEPTABLE!" Ok, then we can put a maxlength on the textbox, limiting the input to just the valid range of characters. "IMBECILES! IT WORKED JUST FINE BEFORE, NOW FIX IT!" Our customer got into a shouting match with the president of my company, threatening the change vendors if we didn't fix application.
So, I "fixed" the application commenting out the sanity check and reintroduced the bug. Its not an unreasonable request to have authentication code in the ASP.NET front-end authenticate the same as the terminal backend, but its really disconcerting to purposefully re-bug an application.
Take a look at this blog called Clients From Hell
There are some really "good" ones on there.
"I just deleted a client data record. Can you restore it from the Recycle Bin?"
Some people don't understand that when a record is deleted, it's deleted. That's kinda what "deleted" means, especially when they didn't ask for us to build an "un-delete" feature.
"I want that no one can take a screenshot of this webpage."
Seriously, this was the demand from the customer.
The most perverted thing about this was, however, that I REALLY found a solution (one, that made me hate "Javascript" even more...).
Oh, the solution was monkey - proof.
Client: "Are you sure you pushed the last copy edit live?"
Programmer: "Yes it is live and I tested it."
Client: "I just looked and it still shows the old copy text."
Programmer: "Did you try clearing your browser cache?"
Client: "What's that? How do I do that? Can't you just have the site do that for me?"
one of our clients put his credit card in the FDD(floppy disk drive) to use it;