I'm having an issue with one of my whitelisted domains, it's still under the old TT program and not under the new EAP.
I have no answer from the usual people whom handled this durning TT, who should I contact?
JD
To transition from TT to EAP, you'll need to go through the same application process that was announced on 11/30.
Basically you need to be running G Suite Business, and the applicant needs to be the domain admin for that domain.
Here's the App Maker Landing Page that we published:
https://gsuite.google.com/appmaker
If you sign up here, you'll get an email with the link to the actual EAP application form.
Also, we are currently backlogged with EAP applications, so it could take more than a week, but we're hoping to speed up the process as we get up and running full steam.
Thanks for your patience!
-Chris (App Maker)
Your best bet at this point would probably be to contact Google Cloud directly via a support ticket, as referenced here https://connect.googleforwork.com/docs/DOC-18620, and outline what you're seeing.
Related
I don't know if my app will work in China and I don't know how to test it. I had read somewhere that there's a firebase Chinese domain .cn in operation. Is there a possibility to transfer the current project to the Chinese domain and make it work, if it doesn't already?
If I create a new project and select the Chinese servers for my firebase services then will it have any other adverse consequences for the rest of the world? This solution would literally force all the developers to have the firebase servers located in China, just so they don't miss out out on their Chinese user base, which I assume could be an issue to some.
I might not have the best ideas but any suggestion and a workaround would be appreciated.
There isn't a simple way to do that. Indeed, trying to set the servers there might a be way, but it's not a guarantee, since China Firewalls are constantly changing. You can try some onlines tools as this one here to verify if your domain is blocked, by adding the URL of your application.
Besides that, the best option is the one clarified in this other post here. You would create an API in Heroku and make the data and calls from Firebase go over this API, so it would make the connection. Another option you may try is using a proxy server - as very well explained in the article Firebase: Accessing Firestore and Firebase through a proxy server - so it gets complied and it's possible to be used in China.
The usage of VPN is not a very good option, as not of them work in China and the ones that work can easily vary, also, this could impact the usability, since it might affect performance and usage for the users there.
To summarize, there isn't a specific and fully correct answer to using Firestore in China, due to the fact that updates and changes on their rules are regular, but these are some alternatives that you can give it a try. It's more about trying the one that would be less damaging for your use case.
Let me know if the information helped you!
Might be helpful for someone...
There is a Firebase alternative for China - Huawei Mobile Services. It contains services like Auth Service, Cloud Functions, Cloud DB, Crash, Push Kit, Ad Kit, and many more...
I'm totally new to SAML. I want implement SSO for my ASP.NET Website. I got the SAML assertion from my client. I would like to know what are all other requirements I need to get it from my client and what setup I need to implement at my end.
Can anybody help me out in this.
Thanks in advance.
The first thing that I would do is avoid writing the SAML code yourself. There's plenty out there. #Woloski (above) has some. My company has some (I work for the company that makes PingFederate). There's some open source stuff, too. I've seen good connections from KentorIT authServices. If this is your first foray into SAML, then my bet is that ADFS is way overboard. I'll be honest, the groups we see most commonly at Ping is when they decide to go "all in" with SSO. The first one or two connections are easy. Tehn it becomes a management nightmare rapidly thereafter. The reason I say to avoid writing your own, is because there are a LOT of nuances to SAML, with massive pitfalls, and headaches you just don't need.
As the service provider (SP), you need to tell your client (Identity Provider, or IdP) what "attributes" you need from them to properly connect their users to their account in your application (maybe a username?). In addition, you can ask for additional attributes to ensure their profile is up to date - phone number, email, etc. It's up to the two of you to determine what you need (and what they'll give you). Obviously, they shouldn't send social security number, if you have no need for it.
You also need to decide if you will do SP initiated SSO (will the users get links to documents deep inside your app?), or if just IdP initiated (Or will always just come to the front door?) will suffice. What about Single Logout? Do you (or they) want to do that? [Personally, I suggest NO, but that's a different topic]
What about signing the assertion? Your cert or theirs? If you're doing SP-init, do you need to use their cert or yours for signing the AuthnRequest? Do you need encryption of the assertion, or maybe just a few of the attributes?
Generally, you do all of this with a "metadata exchange". You give them your metadata that says "this is what we need". They import that metadata to build a new connection, fulfilling the attributes your app needs with calls to their LDAP or other user repository, as well as doing authentication (if required). They finish building their connection, and export THEIR metadata, which you import to build your connection (thereby making sure you all agree on certificates). You hook it to your app, and away you go.
I make this sound easy. It is, and it isn't. Rolling your own can mean issues. Lots of them. With some being so minute that it takes pros hours (and days) to see it. When it works, it works, and well.
HTH -- Andy
you can use something like ADFS to accepto SAML Assertions. ADFS gets installed on Windows 2008 or 2012.
You would need to ask your customer
the signing certificate public key and
the sign in URL.
Then you would create a "Claims Provider Trust" in ADFS and enter those details. Then a "Relying Party Trust" that represents your application. Finally you would have to configure your application with ADFS using WIF. This blog post have more details:
http://thedotnethub.blogspot.com.ar/2012/12/adfs-20-by-example-part1-adfs-as-ip-sts.html
Also you can use Auth0 to accomplish the same without setting up any software on your side (disclaimer: I work there).
Since the developer site update the other day, I have lost access to the sandbox.
I was literally using it an hour before the update.
I tried to retrieve my password, but my account is no longer found.
I tried to set up a new account, and it's telling me that I need to have a US registered business in order to sign up.
So, my question is, what does the rest of the world do when they need to test their site?
Am I missing something?
Thanks
Simon
Ok, Got it. PayPay support have said to create a dummy account. In other words, lie about having an American business. Once you've done that, go to applications, then sandbox accounts, and import the data using your old sandbox credentials!
I have the same problem. It appears to be even worse than stated. They appear to have 'integrated' the Sandbox login with PayPal account logins. So you have to have a live PayPal account. In other words developers must also be CFOs in their organizations, or else must be using PayPal as a means of exchange themselves, otherwise they don't exist.
Truly incredible.
Not to mention having cut off arbitrary numbers of existing developers in mid-stream.
We have a security problem here and we really need your help and inputs. We have a website with a backend system where admins can login and update the frontend. Our good friends tried to hack into the backend using SQL injection onto our login page and they succeeded and could create a users with admin access. The website is written in ASP.NET in C#.
We are thinking to remove the login page from public IP or add 2 layers protection ( IIS ip restriction and IP access list by program).
How can we do this in IIS and in the program? Please help since I am new to all these security things.
We distribute this website on a web garden consists of 3 servers so they share local/private ips of xx.xxx.x.x
How do I implement this in my code to grand access to just a list of IPs or a group of IPs?
Thanks so much in advance,
Simplecode
Just to go a little further down this rabbit hole.
First, sanitize your inputs and use parameterized queries. Just fix your code. This is the most important thing you should be working on right now.
Second, moving the login page doesn't fix the problem. If there are other pages within your site that are accessible, then I'm sure you have other sql injection issues. See #1 above.
Third, I bet you are exposed to all manner of other things like XSS. Take a little bit and learn what they are. Then spend some time retraining yourself to code in a defensive way. A hint: validate EVERYTHING. If you expect a number, only accept a number. If you expect a short string, don't allow javascript to be embedded in it.
One mantra to keep in mind is to only trust the browser, the users, and even the system admins as far as you absolutely have to. Which is to say build your site in such a way that you don't have to trust them at all.
Most companies have no idea what threats they are faced with. A hint: external threats or only part of it. Internal threats are usually far worse. I say this simply because you are asking a question which attempts to paste over exactly one part of the problem and ignores everything else.
I recently spoke with a company that claimed they had security down pat. Prior to the meeting I went to their website and noticed that they had a document id in all of their URLs. The id was a simple int. In a few minutes of spare time I wrote an app that started at doc id 1 and iterated until the server stopped giving data. There was a fair number of documents I should never have been able to see. Being a good samaritan, I told them about this.
The point of that tale is that sql injection, xss, etc isn't everything. Security through obscurity is another fail entirely.
We have a Microsoft web stack web site, we have a members database.
We want to start doing mass-emails to our (opted in) membership.
I don't particularly want to re-invent the wheel with a system for having a web form submit and then mass send emails looping through thousands of records without timing out and overloading the server...
I guess I'm looking for something like Mailman, that can run on a windows (ASP/ASP.NET + SQL Server) backend and do the work for me, with suitable APIs to manage the subscriber list and send emails to that list.
Suggestions please?
I agree with acrosman, third parties that host email lists are a good way to go. A very reliable site I've found for mass emailing is http://mailing-list-services.com/. They do a good job to make sure their servers are never black listed or marked as spam. I've used them a few times, their website design blows, but their service is awsome. The Lyris Listmanager software they use has a pretty extensive API.
Advanced Intellect has some great tools, like aspNetEmail and ListNanny.
MaxBulkMailer might be a solution for you? The organisation I work for uses it to connect to www.authsmtp.com which gives us credits for a certain number of e-mails that we can send per month. You can import a spreadsheet of your mailing list or tap straight into a SQL server and pull the names and addresses. Available for Mac and Windows.
(not a sales pitch)
my company offers mail manager, but it's a hosted service. It has a full API though.
You can also check out how DotNetNuke does this
Unless your running a business that specializes in email, I'd suggest you find a hosted solution. There are 100's of little issues that come up when you run your own service over time. A hosted solution can save you lots of time and effort (and therefore money).