How to detect mobile browser wothout using user agent?
Tried to find in net but all found links are abour user agent
It depends on whether you're doing it server-side or client-side. Server-side you're pretty much limited to UserAgent unless you do really custom stuff.
Client-side you could look at libraries like modernizer.js or yepnope.js. They may be using user agent data behind the scenes, not sure.
Of course if the browser has JavaScript disabled you're out of luck with that too.
Simple answer: you can't, at least on the server side.
But, more importantly, why would you want not to use the user agent string?
If you only want to detect whether the browser is mobile or not, I would do this using JavaScript, by simply guessing it given the screen size / resolution of the device.
Related
I need to create some automated method for checking certain security settings within a given Salesforce org(s). The four big ones are:
IP Restrictions within each profile
Mobile User setting disabled
Mobile Lite disabled
Chatter Disabled
I think the first two can be accomplished through the API (SOQL to get all profiles and check loginIpRanges[] length >0 and SOQL to get all users and check isMobileUser property for each one), but I can't find anything in the API for the other two and wonder if I would have to screen scrape it.
Any suggestions on the best approach to accomplish this? A local Python or other script that connects remotely via the API and a screen scraper or Selenium script for the non-API items? An Apex or VisualForce page that is installed within each org?
I am new to Salesforce and Apex, so before I start down one road and doing it within Salesforce vs via the API I would really appreciate any guidance.
Thank you!
I think you'll have to take a mixed approach to solving this, perhaps wrapped up in some larger python script.
Use the metadata API to get all of the Profile objects and parse for loginIPRanges. You can use Apache ANT and the Force.com migration tool commands to do this. You can also get the SecuritySettings from the same API and method and get a lot of the things in the Security Health Check, if you need them. The results will be returned in XML, which you can easily parse in your python script.
Use the API and a SOQL query to check for the isMobileUser permission, use python to parse/output results. Beatbox is a good library for connecting to the standard API.
For the last two, I think you'll need to go with some screen scraping/browser automation and parsing. Hopefully someone has a better answer for this, as I'm not familiar enough to help with how to accomplish this aspect. The screens are in standard locations so it should be repeatable as long as future updates don't move things.
Ideally you'll be able to combine these into one large script that fires off beatbox, then fires off ant/migration tool, and some browser automation script.
I have a GWT app, which is deployed on the app engine. The application is basically an exam simulator. All the exam questions and answers are stored in an XML file on the server. I use JAXB parser to parse the XML file and send a list of objects to the client through GWT RPC.
I noticed that during the transit (server -> client), the entire data is visible in plain text in Firebug. Since the data (exam questions and answers) are my intellectual property (IP) and something that I give lot of value to, I'm concerned that it's very easy to steal that data. Therefore, I'm trying to find ways to do some basic encryption and obfuscate the content when it's being sent over from the server to the client.
After Googling, I came across gwt-crypto project, and within a few minutes, I was able to achieve the exact result that I wanted. The server would encrypt the data, and the client would decrypt it. In Firebug, it would show the data in encrypted format, and not as plain text.
However, I ran into an issue. After implementing encryption/decryption, I noticed that my application would not load inside my company's network, which is obviously protected by a firewall. The application works perfectly from home or even on a 3G network on my phone. Another version of the application, which does not use encryption/decryption works perfectly from within my company's network. I confirmed this by creating 2 exact same versions of the app, with the only difference between a boolean flag, that determines whether encryption/decryption is enabled or disabled.
I have the following questions here:
What is the best way to achieve the result that I want to achieve? Is gwt-crypto a good solution for that? I'm fine with any simple approach to obfuscate the data during transit. It doesn't have to be a sophisticated algorithm.
What could be the possible reason for a GWT app, with encryption/decryption enabled, not working inside a firewall? I'm really clueless on this.
I'll appreciate any help on this issue.
Using SSL is the right way to go.
In your case, given AppEngine SSL limitations, you should load your HTML normally from non-SSL domain and use cross-site RPC to load your data via SSL domain.
Update:
What is the best way to achieve the result that I want to achieve?
If you want to secure the data in transit then the only secure option is SSL/HTTP. Usually it's also the simplest one as it does not require you to change the application code, just server configuration. In your particular case (appengine with private domain), it takes more work as described above.
Is gwt-crypto a good solution for that?
No. gwt-crypto uses a key to encrpt/decrypt the data. You also need a secure way to discribute this key.
I'm fine with any simple approach to obfuscate the data during transit.
Security through obscurity in not security. It's a false sense of security, which is even more dangerous than no security. It's enough that only one of the technically capable students cracks this and soon everybody would do it.
Possible attack would go like this:
Snoop the network, get username/password of user.
Login as that user, have browser load exam data, which is now unencrypted in memory.
Dump the DOM and inspect it for exam questions.
-
What could be the possible reason for a GWT app, with encryption/decryption
enabled, not working inside a firewall?
Use firebug to make sure network connections are identical, except for the encrypted content. Firewalls should not work that deep. Talk to sysadmin about it.
background
I need to be able to display charts that can capture what the user has clicked on. So for a pie chart, if a user clicks on a pie piece, I should be able to capture which piece he selected. Scatter plot should capture what plot, etc. Access-UI can't capture these things, only that a user clicked on the graph. So I need a different solution.
problem
We do not have access to a web server. The front end needs to connect directly with the access database. So what front end solutions can I use that will give me the UI flexibility I need to solve my problem?
possible solutions?
Use silverlight in access (http://desktopweb.blogspot.com/2010/12/using-silverlight-with-access-part-ii.html)
Winforms that connects to Access database via ADO
Is there anything that allows me to use HTML/JS or flash? HTML/JS would be the best solution, followed by flash just due to its wide support. I was researching Web Browser Control but I am not completely clear on whether it is opening local HTML files or browsing through http. I also wasn't clear if it supports JS or can load Flash.
When you first said about the click though capability my first thought was the reporting that is possible using SSRS. The easiest way is to have a reporting server and have the reports available through a browser. However you say you can’t have a web server so I’m guessing that a reporting server is also out.
You could however still use BIDS or report builder to make your reports and then the report viewer control in a flavour of .net to display the reports. Note that you have to convert them to RDLC files and feed the data to them.
That’s my 2p worth, I won’t comment on flash or silverlight as I don’t know enough about them to make an informed recommendation
The web browser control that's usable in Access can use any resource that can be reached via a URL, or you can assign a string of HTML (valid, of course) to it. I forget the exact property you use for the latter, but it's doable (I didn't know this the last time I implemented a web browser control to display HTML from an Access app, so created a temp file, and never went back to replace that with just assigning the HTML directly once I learned how -- so I forgot how, of course!).
I am designing a Point-Of-Sale system for a small shop. The shop just have one Point-Of-Sale but often they are one to three users (sellers) in the shop. Each user have their own user account in the system so they login and logout very often. How should I design the login/logout system in a good way?
For the moment the users don't use passwords, because it takes so long time to type the password each time they login.
The Platform is Windows Vista but I would like to support Windows 7 too. We use Active Directory on the Network. The system is developed in Java/Swing for the moment, but I'm thinking about to change to C#.NET/WPF.
I am thinking about an SmartCard solution, but I don't know if that fits my situation. It would be more secure (which I like) but I don't know if it will be easy to implement and smooth to use, i.e. can I have the POS-system running in the background or started very quickly when the users switch? Are SmartCard solutions very expensive? (My customers are small shops) Is it preferred to use .NET or Java in a SmartCard solution?
What other solutions do I have other than passwords/no passwords/smartcards?
How should I design the login/logout system in a good way?
Is there any good solution using SmartCards for this purpose?
I would like suggested solutions both for C#.NET/WPF and Java/Swing platforms.
I would like suggested solutions both for Active Directory solutions and solutions that only use one user profile in Windows.
How is this problem solved in similar products? I have only seen password-solutions, but they are clumsy.
An interesting solution is to use "Fast User Switching", i.e. the capability to have multiple user sessions open on the same PC. The POS software could be launched through the Startup folder of each seller account and would stay active in each seller session.
I thought that being in a domain (i.e. using Active Directory) disables Fast User Switching, but according to The old new thing, this was true on XP only. I just checked with my Win7 machine at work: it is in a domain but still has the "switch user" menu item.
The main advantage is that if your software is already multi-user aware, you don't need to change it.
I should have made the Fast User Switching check before writing what is below, because this seems to be the simplest solution. Here are other ideas, anyway.
Another solution is what you mention of having a single Windows user but several "virtual users" that your application manages. A smart card is a good way to implement a pseudo-login. In C++, the API allows detecting the removal or insertion of a card, so the application could detect this and read the card after insertion to know who's currently in front of the computer. .NET can easily call this API through P/Invoke; I don't know much of Java, except that JNI could be a solution to call the native API if there is no managed library that publishes this capability.
What should be done is researching the different types of card and how to talk to them, as your app should use a card that does not require a PIN to be accessed (or you are back to the slow login system, except if tying a 4-digit number is not considered too slow).
I've seen restaurants where waiters insert a key into the cash register in order to be identified. I googled "cash registers" but could only find a complete solution package, rather than the components like a key reader.
An almost idiotic question is: how much security do you need ? Does it make sense to have big buttons on the first screen of the app, where people click in order to tell the system who they are ? When they are done, they click on a "Finish" button and the app goes back to the "identify" screen. I've put this at the end because it is so simplistic that it has a low probability of being useful.
I'm not familiar with a broad range of smart card provider solutions, but I know Gemalto has a .Net friendly setup. Most others are geared to Java, but support is widening.
With regards to switching user sessions and your application, it depends on how "heavy" your application is. If your app requires quite a bit of start-up time / resources then you might consider creating the basic application as a service on the machine which can run in the background continuously and then you can load a light-weight UI to interact with the service with each user session (maybe launch via Startup menu).
There is a C# project on CodeProject which provides a framework for interacting with smart card services in windows - might be interesting reading.
I had a chance to work with the Open Source Computer Vision library (OpenCV)
in one of my past projects and its "Face-Recognition" is what you're after. It is written using native code, but can be easily used with Java, .NET, Android, iOS. All you need is a webcam and a button "Switch User" with the onClickListener that will take a picture and compare it with the images of your employees. Advantage? Once the picture's taken, it gets processed in less than 10ms. And as Timores mentioned earlier, once the face is recognised, you simply switch the session. Simple yet effective solution. Good luck!
maybe you want to think about using barcode scanner... probably you already have this device on POS ... my software for bars and restaurants use barcode scanner to recognize users. You have 2 options for using: first, user must log in with own barcode card, then he can use the application ... the second is better, everyone can use application, but to print the receipt user must use barcode card. After then he is responsible for that amount on this receipt.
I have a large link database, that I would want to protect against others who would want to copy them. Is there anything I can do other than force people to enter a CAPTCHA before each link?
you can output the links using ROT13, and then use javascript to put them back to normal.
this way, the scrapers must support javascript in order to steal your links, which should cut down on the number of eligible scrapers
bonus points: replace ROT13 with something harder, and obfuscate your 'decode' javascript.
The javascript suggestion could work, but you would render your page inaccessible to those using assistive technologies like screen readers as well as anyone without javascript.
Another possible option would be to generate a cryptographic nonce. This technique is currently used to protect against CSRF attacks, but could also be used to ensure that the scraper would have to request a page from your site before accessing a link. This approach may not be appropriate if you support hotlinking, but if you just want to make sure that someone went to your site first, it could work.
Another somewhat ghetto option would be use referrers. These can be easily faked, but it might prevent some of the dumber scrapers. This also requires that you know where your users came from before they hit your site.
Can you let us know if you are hotlinking or if the user comes to your site before going to the protected link? We might be able to provide better advice that way.