The problem with flex applications is that a user can download it and run it on his local machine or possibly host it on another site. Is it possible to lock a flex application to a domain name to prevent such acts?
Sure, you'll do something like this in your application initialization area :
var domainList : String = 'mysite.com,anothersite.com';
var domainCheck : String = this.url.split('/')[2];
var foundValidDomain : Boolean = false;
for each ( var domainChecking : String in domainList.split(',')){
if( domainCheck.toUpperCase().indexOf(domainChecking.toUpperCase()) >= 0 ){
mx.controls.Alert.show( 'check success: "' + domainCheck + '" against: "' + domainChecking );
foundValidDomain = true;
break;
}else{
mx.controls.Alert.show( 'check failed: "' + domainCheck + '" against: "' + domainChecking );
}
}
if( !foundValidDomain ){
// oh noes! mad hax!
this.visible = false; // or however you want to lock it down
return;
}
Make sense? :)
Now, if you want to lock it down more, you can have your app post to a server with a key string and have the server send some encrypted time-sensitive instructions back (send date/time to server and back, etc). This would add another layer of hassle having to implement the server side as well. This is probably overkill for most applications.
You'll have to write the code yourself, but you could access the URL variable of the application tag and disable the app if the domain is not your domain.
I wouldn't call this an unbeatable measure, but I don't think anything is.
I'm not sure why this 'problem' is unique to Flex applications.
Take a look at this link http://www.richardlord.net/blog/protecting-a-swf
Basically, you can solve the problem by locking down the domain as you say, and also you can potentially encrypt your code using commercial solutions - which are discussed in the link. I think the main point is if you publish Flex code externally you want people to run it.
Related
I have been working on a WCF web service, which is used by a mobile app that would send some data to it and save to DB.
One of the test case is that we try to append 2 (or more) records in the app, and the service is called to do a batch insert / update action.
Everything goes fine when I test using localhost, but when we test it using production server, only
the first record is saved, while the other record triggers the error message
Unable to determine a valid ordering for dependent operations...store-generated values.
I have no idea what is the cause and how to solve it. I have done some research and I am quite sure that the related model/DB table has NO circular dependency or self dependency.
Below is a snippet of the web service:
public void submit(List<SubmissionParameter> param){
using (var context = ObjectContextManager.AuditEnabledInstance){
foreach (var item in param){
ReadingSubmission readingSubmission = context.ReadingSubmissions.Where(p => p.ReadingSubmissionUniqueIdentifier == item.Readingsubmissionuniqueidentifier).SingleOrDefault();
if (readingSubmission == null){
readingSubmission = new ReadingSubmission();
context.ReadingSubmissions.AddObject(readingSubmission);
}
readingSubmission.ReadingSubmissionUniqueIdentifier = item.Readingsubmissionuniqueidentifier;
readingSubmission.SystemID = item.Systemid;
readingSubmission.UserID = item.Userid;
foreach (var record in item.Readings){
SystemReading systemReading = context.SystemReadings.Where(p => p.SystemReadingUniqueIdentifier == record.Systemreadinguniqueidentifier).SingleOrDefault();
if (systemReading == null){
systemReading = new SystemReading();
readingSubmission.SystemReadings.Add(systemReading);
}
systemReading.SystemReadingUniqueIdentifier = record.Systemreadinguniqueidentifier;
systemReading.MeasurementID = record.Measurementid;
}
context.SaveChanges();
}
}
}
ReadingSubmission and SystemReading is a 1 to many relation
SubmissionParameter is just a transmission object as the mobile client will send the JSON object to this web service.
I use Telerik Fiddler to post the JSON into this web service for testing, so I am quite sure the problem is not at the mobile client side.
Any help is appreciated! Thanks!
Finally I solve the problem though I am not quite sure why it works.
I move the context.SaveChanges() out of the foreach loop then it all works again for
both localhost and production
Hope it can help someone to save some time
I seem to be having a lot of issues reading a cookie from an old classic asp web application. we are slowly upgrading this web app to .net. The cookie holds some user information which also is used to tell the app that the person has authenticated successfully.
I try and read it like so:
Response.Cookies["mycookie"].Path = "/";
string strCookieText = Request.Cookies["mycookie"].Value;
Sometimes it seems to bring data back other times not but it is not consistent. I have also tried applying the same path when the cookie is created on the classic asp side but that seemed to really throw a wrench in the old app as then the classic asp side had a lot of challenges reading and finding the cookie.
So i figured i would create a function that would read in a classic asp page whos sole intent is to read the cookie. I don't like this method at all but I am out of ideas at this point. The issue here seems to be that it always comes back empty. I know there is data there however via fiddler and if i go to the actual site and hit the page. I am guessing this must be some pathing issue again perhaps or something like that that when i try and read it via .net it finds nothing.
here is my funciton that trys to read the page:
public CCookie validateCookie()
{
CCookie ckCCookie = new CCookie();
string strReadCookiePage = "";
strReadCookiePage = GetHtmlPage("HTTP://MYPAGE/readcookie.asp");
string[] strCarriageReturn = { "\n" }; //we are splitting on this character
string[] strPageSplit;
strPageSplit = strReadCookiePage.Split(strCarriageReturn, StringSplitOptions.RemoveEmptyEntries);
string strCookieLength = "-2";
foreach (string strValue in strPageSplit)
{
if (strCookieLength == "-1")
{
break;
}
if (strValue.Contains("<div id='arrayLength'>"))
{
strCookieLength = findStringValue(strValue, "<div id='arrayLength'>", "</div>");
}
if (strValue.Contains("<div id='VendorID'>"))
{
ckCCookie.UserVendorID = findStringValue(strValue, "<div id='VendorID'>", "</div>");
}
if (strValue.Contains("<div id='UserID'>"))
{
ckCCookie.UserID = Convert.ToInt64(findStringValue(strValue, "<div id='UserID'>", "</div>"));
}
if (strValue.Contains("<div id='LogonType'>"))
{
ckCCookie.LogonType = findStringValue(strValue, "<div id='LogonType'>", "</div>");
}
if (strValue.Contains("<div id='UserType'>"))
{
ckCCookie.UserType = findStringValue(strValue, "<div id='UserType'>", "</div>");
}
}
//not able to validate the cookie
if (strCookieLength == "-1")
{
//Response.Redirect("REDIRECT TO HAVE THEM LOG IN");
}
return ckCCookie;
}
why isn't this working do you guys think. I need this to consistently work. I know i could save state to dbase but I don't want to do this this way as I think i should be able to read this thing.
any ideas or thoughts on how to make this work?
Because of the way that cookies are stored they generally can't be shared between apps, like Classic ASP to ASP.NET.
I did find this article on MSDN that discusses solutions to the problem.
Personally, I would use a hidden field method to pass the cookie over, picking it up from the relevant control on the other side (ASP.NET).
-- EDIT --
Just so long as the hidden control resides in you form tags, you can try something like this (which is pretty much what ASP.NET does for it's __VIEWSTATE)...
<form id="myForm" method="post" action="myAspNetPage.aspx">
<all_the_controls_i_need_on_my_form>
...
...
</all_the_controls_i_need_on_my_form>
<input id="cookieData" name="cookieData" type="hidden" value="<%= cookieData %>" />
</form>
The VBScript...
Dim cookieData
cookieData = Request.Cookie("MyCookie")
Obviously if you have several cookies that you want to pass in this way then you may need to concatenate them for splitting later...
Const C_SEPERATOR = "|"
Dim cookieData
cookieData = _
"MyCookie1=" & Request.Cookie("MyCookie1") & C_SEPERATOR & _
"MyCookie2=" & Request.Cookie("MyCookie2") & C_SEPERATOR & _
"MyCookie3=" & Request.Cookie("MyCookie3") & C_SEPERATOR & _
"MyCookie4=" & Request.Cookie("MyCookie4")
The above example could obviously be automated by introducing a For..Next loop, but this is simply an example. Note, also, that I have simply taken for granted that none of your cookies use the vertical bar character (C_SEPERATOR); if they do, then you'll have to find an alternative character.
On the other side, in your ASP.NET app you can the read the value from the post data and split it up...
Private Const C_SEPARATOR = "|"
...
...
Dim tCook As String = Request.Form("cookieData")
Dim cookeiData() As String
If tCook<>"" Then cookieData = String.Split(tCook, C_SEPERATOR)
It's not the best solution - I'm sure that Lankymart will have something far better up his sleeve, but this will work.
PS: Apologies - I've just realised that I've done all this in VBScript. It should be pretty straightforward to convert to JScript, though.
I'm developing a web app which allow the user to upload and view PDF files.
My question is where should I store the file uploaded by the user? They said that it takes a great toll storing it in the database. So if not in the database where should I store the files uploaded by the user? Can you give me a specific or sample path where I should store the files?
By the way I'm using Spring MVC if it would help to clarify my question.
And also this is what I've done with my controller so far:
#RequestMapping( value = "*/uploadPDF", method = RequestMethod.POST )
public String uploadPDF( #RequestParam( defaultValue = "" )
String message, #RequestParam( defaultValue = "" )
String messageType, HttpServletRequest request, ModelMap model, FileBean fileBean, BindingResult result )
{
model.addAttribute( "message", message );
model.addAttribute( "messageType", messageType );
HttpSession session = request.getSession();
String returnVal = Credentials.checkSession( session );
if( returnVal != null )
{
return returnVal;
}
if( result.hasErrors() )
{
for( ObjectError error : result.getAllErrors() )
{
System.err.println( "Error: " + error.getCode() + " - " + error.getDefaultMessage() );
}
return "redirect:*/module?error";
}
return "admin/module";
}
I haven't decided yet of how would I handle the file yet. Please guide me.
When it comes to storing a files, you have many options... It really depends on your use case.
You can store the file in the database as a lob. Generally, it would be slower with more overhead, but you can access it from any application that has a database connection.
You can store your file on your application server FileSystem. this is probably the best solution if you want it to be very effective.
You can put your files in a content repository (Ex Apache Jackrabbit). It can be a good option if you want to share your file across multiple applications.
...
What are your requirements? Confidentiality, performance, files availability...
I have a very unusual problem.
I'm trying to create a simple database (6 tables, 4 of which only have 2 columns).
I'm using an in-house database library which I've used in a previous project, and it does work.
However with my current project there are occasional bugs. Basically the database isn't created correctly. It is added to the sdcard but when I access it I get a DatabaseException.
When I access the device from the desktop manager and try to open the database (with SQLite Database Browser v2.0b1) I get "File is not a SQLite 3 database".
UPDATE
I found that this happens when I delete the database manually off the sdcard.
Since there's no way to stop a user doing that, is there anything I can do to handle it?
CODE
public static boolean initialize()
{
boolean memory_card_available = ApplicationInterface.isSDCardIn();
String application_name = ApplicationInterface.getApplicationName();
if (memory_card_available == true)
{
file_path = "file:///SDCard/" + application_name + ".db";
}
else
{
file_path = "file:///store/" + application_name + ".db";
}
try
{
uri = URI.create(file_path);
FileClass.hideFile(file_path);
} catch (MalformedURIException mue)
{
}
return create(uri);
}
private static boolean create(URI db_file)
{
boolean response = false;
try
{
db = DatabaseFactory.create(db_file);
db.close();
response = true;
} catch (Exception e)
{
}
return response;
}
My only suggestion is keep a default database in your assets - if there is a problem with the one on the SD Card, attempt to recreate it by copying the default one.
Not a very good answer I expect.
Since it looks like your problem is that the user is deleting your database, just make sure to catch exceptions when you open it (or access it ... wherever you're getting the exception):
try {
URI uri = URI.create("file:///SDCard/Databases/database1.db");
sqliteDB = DatabaseFactory.open(myURI);
Statement st = sqliteDB.createStatement( "CREATE TABLE 'Employee' ( " +
"'Name' TEXT, " +
"'Age' INTEGER )" );
st.prepare();
st.execute();
} catch ( DatabaseException e ) {
System.out.println( e.getMessage() );
// TODO: decide if you want to create a new database here, or
// alert the user if the SDCard is not available
}
Note that even though it's probably unusual for a user to delete a private file that your app creates, it's perfectly normal for the SDCard to be unavailable because the device is connected to a PC via USB. So, you really should always be testing for this condition (file open error).
See this answer regarding checking for SDCard availability.
Also, read this about SQLite db storage locations, and make sure to review this answer by Michael Donohue about eMMC storage.
Update: SQLite Corruption
See this link describing the many ways SQLite databases can be corrupted. It definitely sounded to me like maybe the .db file was deleted, but not the journal / wal file. If that was it, you could try deleting database1* programmatically before you create database1.db. But, your comments seem to suggest that it was something else. Perhaps you could look into the file locking failure modes, too.
If you are desperate, you might try changing your code to use a different name (e.g. database2, database3) each time you create a new db, to make sure you're not getting artifacts from the previous db.
... and not by reading it from the config file! Nor inferring it from anyplace other than be reading exactly what the Membership Provider is itself using. Call me paranoid.
The first data access in my application is an access to the membership provider. The vast majority of connectivity issues have been where the application is deployed to staging or production with a connection string from development, so I'd like to change this:
MembershipUser me = Membership.GetUser();
to this:
MembershipUser me;
try
{
me = Membership.GetUser();
}
catch ( SqlException E )
{
Response.Write( "SQL Error " + E.Message + ".<br />" );
Response.Write( "Connection String: " + Membership.Provider.WHAT? + "<br />" );
}
Seems so obvious, but every reference I find instructs me to use the ConfigurationManager, which is what I specifically don't want to do. Although I concede that such may be my only option, and a satisfactory one at that.
I'm perfectly willing to accept the possibility that my question is on par with this:
int i;
try
{
i = 42;
}
catch ( Exception e )
{
Response.Write( "Error assigning literal to integer." );
}
If this is the case, please comment accordingly.
I don't believe there is a direct property that you can use that will give you the connection information. One thing you could do though is subclass your chosen membership provider and implement your own properties to give you the info.
It's generally considered a bad idea to surface connection strings in the UI (i.e. poor security) which is why you won't find readily available properties to pass on the value from classes that have read it from the config file.
You may want to consider addressing the root cause of the problem which is related to deployment. This problem is easily solved by using different configuration files for development, staging and production. Visual Studio has built-in support for automatically managing the deployment of the appropriate config file. Full details here:
http://blogs.msdn.com/b/webdevtools/archive/2009/05/04/web-deployment-web-config-transformation.aspx
Hi Here is a way to get connection string from or by the specified Provider Name (ex MySQL provider).
using MySql.Data.MySqlClient;
using MySql.Data;
using MySql.Web.Security;
using System.Collections.Specialized;
using System.Reflection;
void SomeFunction()
{
Type t = Membership.Provider.GetType();
FieldInfo fi = null;
while (fi == null && t != null)
{
fi = t.GetField("connectionString", BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance);
t = t.BaseType;
}
MySql.Web.Security.MySQLMembershipProvider a =(MySql.Web.Security.MySQLMembershipProvider)Membership.Provider;
string Connection_String_Value= fi.GetValue(a).ToString();
}
By replace 'connectionString' with other Non-Public field name You
can Access its Value too.
By replacing Provider(default) with
Membership.Providers["Name_Of_Your_Provider"] you can get its
connection string too.