we currently use Active Standard (a website quality testing service that checks pages for spelling, grammar, broken links, poor HTML code, etc). I want to understand how they could use this going forward with our new CQ5 site so that content is checked before it goes live. Since Active Standards is a ‘service’ it currently only checks the live site as that is all it can access.
Do we know if there is a content quality testing tool that could integrate into the CQ5 authoring environment?
Challenges:
How would a service like Active Standards be able to access the
authoring environment which sits behind a firewall on client's
network?
Is there a product which integrates with CQ5 that can be run at the
point the author is creating content?
I don't know Active Standard but from your description I understand it's a service that accesses a public website via HTTP to check its content.
If that's correct and there's no way to provide it with credentials so that it could access a secured stating version of your website, the only way that I see is exposing the staging content that you want to check on a public URL like staging.mysite.com, maybe adding disclaimers, robots.txt and removing CSS etc. so that people don't mistake it for the actual site. That staging website can then get content from the CQ author in a restricted way, using CQ access control and read-only users for example. But that won't work if you want to keep your staged content secret.
At the CQ level, the observation/notification and workflow mechanisms can be used to process content as soon as it's created, but to use this you need to be able to submit the content to the checking service yourself using HTTP or other clients, instead of having it crawl your staging content by itself.
Related
I'm facing a security issue where my users can see all url from where i pull content from,
I use a third party dashboard app with 4 html pages showing system status for each company .'www.xyz.com/dashboard/x.html'
I would like to create new 'aspx' file and display the 'x.html' inside as plain text , while preventing the user to see where the x.html is downloaded from , because he should not have access to the other 'html' files under the same domain.
here, the user should not see the xhr and where they come from
In other meaning , I need to create an asynchronous server side request that brings the 'x.html' and displaying it's content inside my aspx as it was my page.
Updated answer:
If you have an ASP.NET Dashboard app with multiple pages and you want to restrict access, you need to implement ASP.NET Identity role-based authorization so that your clients who login only have access to the areas of the site you want them to access.
On the other hand if you are trying to take someone else's HTML page and display it as your own, that goes against our community guidelines and you should instead consider openly redirecting your users to the proper page and giving credit where it's due.
Original answer: You can't do this, for two reasons:
The browser must know the target URL.
Obscuring the target URL would be a violation of basic security principles.
The <iframe> element requires a src attribute. See MDN for comprehensive documentation.
I believe wordpress has download limits (it'd probably crash your site if someone spammed download). A website like: multiloginapp provides you with the download, where as a website like winautomation provides you the download link through an e-mail.
How do I go about implementing something like that for an application I have created? The only solution that I know of would be to use an external provider and link that with a password
Or to perhaps do what Winautomation do and when you sign up to download the application, it send you an email where you click the link and it pings it to you
Any ideas as I'm keen to get my application out there.
UPDATED
So broken down:
1) Provide the link to download. [WordPress Download Manager]
2) OPTIONAL Use Pretty Links Wordpress. This ensures that you can make the link specific to your site
3) Use a hosting provider like sabercat. Honestly this is the issue here. I want to have a host provider ping me it. I can't use my own host yet but I feel like this is the last issue to address. Two problems with this: Security is lacking unless you can encrypt or provide a password. The other is credibility. Would you buy from a legitimate business that users SABERCAT to give you their application? Maybe.. but you get my point.
For hosting a file in WordPress site first of all you might need unlimited bandthwidth or a dedicated server so instead it's wise to use a free file hosting services
Currently I am working in software Development Company where we have an eLearning System. Product has collection of sites and main page contain 3 iframes which loads different web sites. We are going to enable SSL on the site in order all sites. Currently we put this on hold since we experience Mixed Content Issues because of following reasons.
• Some of the elements in the user’s data which refers http content.
Ex: img, js etc
• Some of the third party web sites which loads in our iframes. (Different content provider)
We thought of developing our own web proxy, but we do have concern about performance as well as expensiveness of this solution. Can anybody tell what are the available solutions for the Mixed Content Issues and available third party web proxy where we can buy?
Apache has mod_proxy built in. It's free, and works nicely. Nginx (also free and very good) has proxy_pass.
Please don't write your own proxy. There is no need to.
Here is someone who has done exactly what you are trying to do.
The answer to this question is to use the Web Page portlet; however, the way that portlet works does not provide the solution I need. Please read on before suggesting that particular portlet.
The short version is we are transitioning our intranet to a Websphere Portal 7 solution. This means we have several applications on various servers that we'd like to surface in portal. The Web Page portlet does this, but not in a way that meets our needs due to the 2 limitations:
1) Application URLs for the Web Page portlet must be in the same domain. The applications will be local to our domain, but will likely be on various servers.
2) The authentication must be done via a HTTP GET method. This is really quite ludicrous as this would put credentials on the URL. Who on earth would ever want that?
The things this portlet does that do meet our needs are:
1) Allows setting of credentials via field name/value pairs
2) Loads an application in an IFrame
So, pretty much, I need a portlet that gets around these limitations, but loads the application in an IFRAME like this portlet does. It's hard for me to believe a portlet isn't already out there for this sort of need, so any tips or suggestions would be greatly appreciated.
I'm not sure if it fits your needs completely, but the Web Application Bridge uses a reverse HTTP proxy to do a get (or put, etc) request on a url and manipulates it via an iframe in Portal.
Here's the page in the solutions catalog: https://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument&documentId=9FAAD6D44DC64231852577EB006F4D9D
I would like to create a sandbox area on my hosting provider that only the client can see. For example the production website would be at www.domain.com. However, would it be possible to create a sandbox version of the website at www.domain.com/sandbox and only provide access to the client?
If so, what is the best method? Do I manually have to create a login page etc in the sandbox folder? Or, can I publish the test website in the sandbox area and restrict access through my hosting provider?
Generally a sandbox/staging/test version of your production site would be a complete duplicate of your production deployment, not just the login page.
You'd have a separate copy of the application and the database, and then serve it via another hostname/IP address or on an entirely different machine.
For instance, you could have www.domain.com and test.domain.com, each with the own isolated version of the software. This way your client can play as much as they want in the sandbox without fear of damaging the production environment.
To restrict access you could use access control lists in IIS to restrict the sandbox to a specific ip address (or range), or enable basic support on it with a username/password required security.