Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last month.
Improve this question
I have a simple app that is using a dynammoDB table with node/express as the back end. I let users add and then edit things. I am trying to determine the best way to verify that a user owns the item that they are editing/deleting.
Here is what i've looked at. Is there a better method?
1. User cognito ID is part of the item when created
2. User token is sent as part of edit
3. Item is pulled from table when edit starts
4. Token is decoded and the id is compared to the one pulled from the table
The obvious problem here is that every edit requires a read. This seems wrong.
Another method
1. User cognito ID is part of the item when created
2. User token is sent as part of edit
3. Original id is sent from the item as well
4. Token is decoded and the decoded id is compared to the one sent
This doesn't require a read, but would let a clever person edit things that they shouldn't.
Is there another way that I am missing? I don't want to create some separate IAM policy for each user.
You should use DynamoDBs fine grained access control that can dynamically allow Cognito users only read/edit their own data:
https://aws.amazon.com/blogs/aws/fine-grained-access-control-for-amazon-dynamodb/
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 1 year ago.
Improve this question
I'd like to contact a user by his id instead of his username
https://t.me/ID_USER like https://t.me/732189738218
is it possible?
yes, you can.
you can call SendMessage method and specify chat_id parameter.
also you can add contact by chat_id. [please see Raw API Docs]
but you can't search/get full user info. public fields only!
No sir unfortunately you can't do that. Telegram Bot API doesn't return phone number. You should either use Telegram API methods instead or ask it explicitly from the user. You cannot get "friends" of a user as well.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I have a game that is super simple, no animations or that kind of stuff, it is some sort of trivia game. I can, already, save user's max. score locally via sharedpreferences, what I want to do now, is to save max. scores in some kind of server all users' and display them, maybe, in one screen.
I am not asking here for code, I realize that would be hard without seeing my game's source code.
I need any advice here to which method to use for saving user's 'simlpe' data?
Should I use firebase to save all users' max. scores or using Google Play Games would be a better choice?
By the way, I don't want to interrupt user for email, google sign in or any other that kind of methods. User will only update their username and profile photo (if they choose to).
You can use firebase realtime database or firestore to save user data. You don't have to use authentication if you don't want Google sign in.
Check the following :
https://pub.dev/packages/cloud_firestore
https://pub.dev/packages/firebase_database
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I want to migrate the data which already exists in my firebase database: Add a new field to all children; manipulate an existing field (ie a -> a + 3).
Since there is no real frontend available to do that, I wonder how it could be done?
If there is no real front end then:
If the database is small and you are using the RTD then download the JSON and edit it
If the database is large since you have no front end you should do it with Functions
How to do it with Functions
You have to create a Functions project that will have an HTTP request trigger, once you access that url, then the trigger will query the data and for each result will create new data.
For doing this the simplest way to start is following this video. You have to do the same but instead of returning something to the browser with send, just end the Function with a code 200 (if it worked).
I would recommend creating an extra node for verification something like migration_march: false and then set it to true once the migration is completed. That way you can avoid unintentional re-migrations. There should be a validation for this once the trigger is started.
Doing a query on Functions is fairly the same as doing it in any other SDK this is the Functions docs.
You will probably need to know how to work with promises since your algorithm is gonna be: a query where for each value found set a new value in another place and then move forward to the new value, here is an illustrative video (couldn't find the original video)
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I am building a website. In this website, when a user logged in successfully, how i start session for him and when he hit on log out button ,how i close the session.
Please help me. I am a beginner in Asp.net. So please help me with your answers in Details.
Thank You.
VB.NET
To Create
Session.Add("UserSession", MySession)
To Asign
Dim vUserSession As String = Session.Item("UserSession")
To Close
Session.Item("UserSession") = Nothing
C#
Check this link there is a good explain
http://forums.asp.net/t/1261964.aspx
Depending on how you're setting this up, there are .NET controls that provide this functionality mostly for free (you don't have to write a lot of code to get it to work). Look into the Login control.
You need to decide whether you're authenticating against a domain or a database. Most likely it's a database. Just mask sure you hash the password in the database, and hash the password in the app, and compare the hashes.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Let say that I have a website with some information that could be access externally. Those information need to be only change by the respected client. Example: Google Analytic or WordPress API key. How can I create a system that work like that (no matter the programming language)?
A number of smart people are working on a standard, and it's called OAuth. It already has a number of sample implementations, so it's pretty easy to get started.
Simple:
Generate a key for each user
Deny access for each request without this key
Currently, I use a concatenation of multiple MD5s with a salt. The MD5s are generated off of various concatenations of user data.
A good way of generating a key would be to store a GUID (Globally Unique Identifier) on each user record n the database. GUID is going to be unique and almost impossible to guess.
There are also infrastructure services that manage all this for you like http://www.3scale.net (disclosure I work there), http://www.mashery.com and http://www.apigee.com/.