In our project's client is having LDAP with no Groups configuration.
They're only have single flat Users directory/configuration.
Hence I want to disable Group synchronization, but have no clean and precise answer for this situation.
I have similar problem with this:
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/alfresco-32-ldap-user-sync
Does Alfresco support disable group synchronization? If so, how to achieve this.
Thanks,
[bayu]
Related
Here is the situation.
We have an Oracle 11g database where one schema user has a private database link to a remote database. When the user initiates a certain process, it pulls a large amount of data across and slows down the other applications. We would like to limit when this user can access this remote database by disabling the database link during certain times of the day and then enable it when performance is not an issue.
I have not been able to find a way short of locking the user or dropping the database link to do this. Changing the open_links system parameter, I believe, requires a restart and that affects the other database links as well.
Does anyone have a clever way to implement this kind of restriction?
Thank you in advance.
Yes, Solution is to enable Resource Manger. Limit the CPU or RAM as per your requirement.
You can enable 2 profiles , one with more cpu/RAM/IO and other with less resources and enable them as per your requirement.
Refer:
https://blogs.oracle.com/db/oracle-resource-manager-and-dbmsresourcemanager
Is there a way to protect the database from deletion? I mean it's very easy to click on the "x" next to the root node. This would destroy the whole app and cause an enourmous mess to deal with.
How to deal with this fragility?
EDIT:
Let's assume I have two firebase accounts: one for testing and one for the launched app. I regularly log in and out to use the other one. On the test account I delete whole nodes on a regular basis. An activated password protection would avoid a very expensive confusion of the two accounts.
If you give a user edit access to the Firebase Console of your project, the user is assumed to be an administrator of the database. This means they can perform any write operation to the database they want and are not tied to your security rules.
As a developer you probably often use this fact to make changes to your data structure while developing the app. For application administrators, you should probably create a custom administrative dashboard, where they can only perform the actions that your code allows.
There is no way to remove specific permissions, such as limiting the amount of data they can remove. It could be a useful feature request, so I suggest posting it here. But at the moment: if you don't trust users to be careful enough with your data, you should not give them access to the console.
As Travis said: setting up backups may be a good way to counter some of this anxiety.
I'm looking for a Voice Authentication API, and I find Microsoft's one.
When looking at prices, it asks you for a region. The problem is that
it only shows a region
I've been reading about Azure's regions, and it say that is where data is stored, so my question is if it would be possible to use it in a different region than allowed.
Thanks (and sorry for my spelling mistakes).
Quick Answer:
Normally yes, but currently the Speaker Recognition API is only offered out of the WestUS datacenter.
If it's mandatory that you have low-latency when using the service, I suggest you look into setting up and/or temporarily subscribing to a CDN service. Or, if you have a lot of time on your hands, and know waaaaay more than I do about this subject, you may be able to design a local cache to mitigate latency if you're distant from WestUS.
Less-Quick Answer:
First off, you should use the dashboard interface at https://portal.azure.com to sign up. You will first need to create a Pay-As-You-Go subscription as your payment-medium, but it will give you much more control over & visibility into your service.
Here's what the signup pane looks like inside of https://portal.azure.com:
It appears that, in it's current "PREVIEW" deployment, you are right the services is only offered from the the WestUS data center. Normally you will have the option to one of ten's of global datacenters, but it is common that PREVIEW services aren't deployed globally until they're out of PREVIEW status.
If the problem you are looking to remediate is latency-based, look into the CDN suggestion in my "Quick Answer."
If your issue is about getting different pricing based on your location, the location of the datacenter you choose will not affect this. If geographic-discounting applies to you, it is based on the country that is assigned to your Microsoft Username/Password combination at the time it was created. This value cannot be changed once a username/password combo has been created, and consequently, any payment info used along with this uname/pass will need to have a billing address in the same country.
The Conduit API in Phabricator does not support setting of authorPHID parameter while calling maniphest.createtask. I can imagine this is because of security or some logical reason.
But I am developping my own frontend for Maniphest where the users (logged through Phabricator, so they are phab users and have phid) will add and edit tasks. What I need is that if a user creates task, he is also the author of the task.
But the problem is, that I can't connect to Conduit as any other user than "apibot" because I don't have others certificates in my front-end to do it. But if I log in as "apibot", then "apibot" is set as an author of the task.
Three possible solutions came to my mind:
1. retrieve certificate directly from phab's database
2. keep a list of certificates in some file in my front-end and update it manually everytime somebody will register
I guess none of them are really smart...
The third solution would be nice, but I didn't find a way, how to do it:
3. log in as "apibot", get certificate of userXY and then log in as the userXY
What would you suggest?
I have what I consider to be a pretty basic security issue for an application designed to be run as SaaS. The following image indicates the relation between entities:
Basically users of the company creates items which every other user of the company should have access to. The question is how to best solve this in Symfony2. Using ACL seems like overkill.
Also, most of the examples I've seen seem to handle the security measures in the controller action which seems strange to me. I would prefer the controller interact with a repository which handles the security and permissions internally.
What is the best practice for this?
Your schema shows the solution in my opinion.
The simplest coding scenario I could think of is:
My user is logged in
Get the user's company
Paginate all items attached to this company
You won't have an ACE system but that would do the work according to your question.
If you want an extra layer of flexibility I'd add UserGroup entity in the middle of Company, User and Item. Item would relate to Company through UserGroup and same thing for User.
This UserGroup entity could have an extra column that holds ACE data in a JSON-encoded string so that whenever you get the group you have directly access to the group's ACEs.
One thing I learned about ACL/ACE in general is that you will have to take the right amount of time to plan your integration otherwise it will become really hard to maintain.
To answer your last question, there isn't any best practices for ACLs. Symfony2 has a very generic ACL system that might not scale well however it will fit most requirements (if not all of them). I find Symfony2 ACL/ACE system great but the performance are far from great.
If you have the chance, you can wrap Symfony ACL/ACE system with a caching layer which would be ideal. However if your host doesn't allow you to install a solution such as Memcached or Redis then you can't use this solution.