Is this perhaps some firebase demo project or is my account being hacked? Could it be that someone have given me access to their project? If so, shouldn’t I have gotten an email at least? I have never given anybody access to my account.
Went to my Firebase today and there is a project name Alfatawa with 14 users. What is worse, I can not delete it. I goggle searched that name and nothing came up. I asked Firebase support for help just now but I was wondering if any of you have experienced anything like it.
This is the response I received from Firebase Support:
"You are seeing the project Alfatawa because the Google Group 'firebase-talk#googlegroups.com' was previously listed as a project member. Project Owners are allowed to add Google Groups to their projects, and anyone who is in the group will be able to access the project. You should no longer be able to access it because the project owner was able to remove the group as project member.
In case this happens in the future, the fastest way to be certain the project is removed from your console is to leave that group.
Do know that while this project shows up on your console, you are not responsible for it, and it will not charge you. There is no impact from having this project on your console. You could simply ignore it, and not looking at any data it may contain."
This means that somebody added you to the project, typically by adding a group that you're a member of.
The only ways to remove the project are:
to be removed from the group.
to get a project owner to remove the group from the project.
This project is no security risk for you, as nobody in the new project can see any of your existing projects.
Related
I'm really keen to use the 2sxc environment on my website for a number of applications.
I'm currently looking at the Mobius forms.
What I'm wanting to do is create a ticket in ConnectWise rather than send an email, using the ConnectWise REST API.
Some of these questions might have obvious answers to someone who has been taught in these technologies, but I'm self-taught. When I went to school I learnt COBOL!
There is c# code in the application, but I can't see how you build and incorporate into the application. I forked the code and it seems to just code with no build.
There are live and staging folders with the same cshtml files. However, it seems a bit random when the live or staging is actually used. For example, I did a quick fix to the _Contact Form.cshtml so to fix the type that meant it always displayed the ReCaptcha warning, and I changed the live version, which didn't do anything, so I had to change the staging version.
I need to update the settings so that configure the ConnectWise API settings, I haven't been able to find where I can do this? I am still looking though.
I also need to store a private key in the settings. Is there a secure way I can do this?
PS. When I get my head around all this I'm happy to be a contributor
welcome to StackOverflow.
I'll try to give you some guidance to help you figure it out
Live and staging are folders meant to let you make changes while the users see the unmodified output. So a host-user sees the files from staging, others see what's in live. When you're done and all is tested, you copy from staging to live. This we call Polymorphism.
Polymorphism applies to both the cshtml as well as the api. So as a host-user, you'll be using staging/api/FormController to save/send.
There is no build process, everything is hot-compiled. That's one of the things that makes 2sxc so amazing. No Visual Studio, DLL or restarting the application ;) You'll love it.
Secure keys: there is no special secure key storage. We usually put it in the App-Settings, just like the MailChimp key you'll see there. We split it into two fields for very technical reasons, because we publish our code on github and that causes trouble when our code has API keys. But you can just use one field, assuming you don't plan on publishing the code on github.
Is there a way to find the account owner for an existing GCP project?
I manage a number of google accounts. I'm trying to create a new Google Cloud project and the id I want is "already taken".
The goal here is to add Firebase analytics to an older android app, to replace the deprecated Google Analytics for Android SDK. So it's entirely possible I created a GCP project for it years ago and I'm trying to figure if it's already registered under one of the accounts I manage, without having to log in in the console with each account one by one.
I'm 99.9% certain that functionality doesn't exist... at least not exposed to us end-users.
Maybe one of the official Google employees on here will chime in and prove me wrong... but I think your only alternative would be to reach out to GCP support directly. If you can prove you manage X, Y, & Z accounts, they could probably confirm/deny which account has ownership... but I suspect it'll be easier for you to log in yourself, as you've already suggested.
I am using the spark plan for firebase, meaning that I have a limited number of apps allowed. I decided to delete the majority of them, but accidentally clicked "delete project" before I clicked "delete app". Now I have a bunch of apps counting toward my limit but no place to delete them from.
I have already tried going into different projects, general settings, and whatnot, as well as googling the problem and checking stack overflow. There doesn't seem to be an easy way to deal with the issue.
You could restore your Firebase project, delete the app from it, then delete the project again. If you have problems with this, you can also reach out to Firebase support directly for assistance.
I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells me I need to fix it by August 13.
I personally don't collect or demand any user data or info. However, I used Google Admob ads with Facebook mediation and Unity ads in my game which may be the cause of this problem. So, my question is how to overcome this problem? They also said in the email to make changes in the manifest file. If any one has a similar problem and knows the solution for it, your help would be appreciated.
Here is the email:
"One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk. On August 13, 2019, any apps that contain unfixed security vulnerabilities beyond the dates listed on your Play Console alerts will be removed from Google Play.
Action required
Sign in to your Play Console.
Select Alerts to see which apps contain a security vulnerability, and review the guidance on how to resolve the vulnerability.
Update your affected apps to fix the vulnerabilities.
Submit the updated versions of your affected apps.
Upon resubmission, your app will be reviewed again. This process can take several hours. If the app passes review and is published successfully then no further action is required. If the app fails review then the new app version will not be published and you will receive notification via email."
I was having the same issue "intent redirection your app(s) are vulnerable to intent redirection" and I added exported="false" in every activity, but still got rejected, then I realized the problem was in one of the payment libraries I was using, all I had to do is update the library and the new app update got live.
my issue was in RazorPay payment gateway, I updated it from 1.6.3 to 1.6.6 (latest)
implementation 'com.razorpay:checkout:1.6.6'
they already mentioned this issue here, check it out https://github.com/razorpay/razorpay-android-sample-app/issues/202
I have a same issue, actually Latest Unity Add Xiaomi SDK by default which cause this issue.
Simple remove Xiaomi from your Unity it will fix the issue.
We had received a similar email, In the Play Console/Alert tab, we found this
for us, the reason is "com.androidnative.features.social.common.SocialProxyActivity.StartActivity"
which come from Android Native asset[Ultimate Mobile] - Unity3D.
We used that asset for Advertisements, In-app purchase and play game services instead of using the original SDK. So the possible solution is to remove that asset from our game and use the original SDK.
Here is the Screenshot of my alert.
There are several points to keep in mind to resolve that issue:
The most confusing: you must rollout affected application fixed APK/AAB to 100% on all tracks where it had place to be. Important note is that among others you must rollout production track release to 100% in order to Google to reconstruct your issue.
In the new version of Play Console there is no way to find out any specific information about the issue so you should email Google Support to ask for details. As a respone you may possibly get obfuscated method or class signature, so you need to deobfuscate it.
Read carefully through official document to address issues and resolve them. Our application got rejected because SMS BroadcastReceiver did not apply any permission restraints.
Ihsan Ali
The problem is in the UnityChannel.aar file, you need to open it with the help of the archiver and open the AndroidManifest.XML. I in the line android:exported="true" wrote a false as indicated in the article in Google. Now publish the version and if the error will no longer be reported.
I had the same issue. Just remove xiaomi app game centre from your unity>>game build option. Disabling it will surely clear out the issue.
I'm currently using a free trial version of Azure to be able to create a QnA service as a PoC at work. I have created one and am now looking to collaborate with colleagues so we can provide a full assessment of the tool. I have followed the How To Guide 'Collaborate on your knowledge base', but found that when the person I have added as an Owner (or Contributor, as I tried both) logs in to their free Azure account, they are unable to see the knowledge base.
If they go to 'Create a knowledge base', whilst they are able to select both their own Default Directory and mine, if they select mine, when they go to select an Azure QnA service, they are unable to see mine, only services they have created.
Within Azure Active Directory, I can see the individual with a User Type of Guest and when I click into the detail of their account, I can see that the value for Invitation accepted is set to Yes. I added them within Access control (IAM) and can see that their Role is 'Owner' and the Scope is 'This resource'.
If anyone can provide any explanation as to why this still isn't working or how my colleague can best test whether it is working as expected, then it would be much appreciated.
Many thanks
Gareth
Try asking your colleagues to sign out and back again, that did work for my colleagues.
In our case, we have an Azure Active Directory group that allows to have access to some of the QnAMaker Cognitive Services and therefore, to the Knowledge Bases.
Colleagues that didn't see any of the KBs, even though they were members of that group, didn't accept the invitation. So, I had to send it again to each one of them. But, even after accepting the invitation they couldn't see any of the KBs.
Right after one of these colleagues sign out and back again, he got the list of KBs in the QnAMaker.