I would like to have an AIR application available for web download, but have some data customized per-user-download. Think CD-key, or in this case an encryption key and user name, so that the downloaded version can connect to a website and know who it is that downloaded it. As a fail-back if this is not possible, I could require the user to log in once and set one up and then store it locally, though I'd like to make it one-click and seamless. However, if the latter is the only way to do so, what's the best cross-platform-safe way to store local persistent data available to AIR?
Best is subjective. You could use an SQL Lite Database or any sort of local file you prefer. I have distributed XML files with AIR applications before and used them for configuration purposes. I'm not sure if I'd consider an unencrypted XML file secure, but there is no reason you can't encrypt it on disk and decrypt it in memory.
It sounds like you're trying to create a form of licensing scheme. IF so, you can check out third party licensing schemes for AIR applications such as NitroLM, Sharify, Zarquon, or Adobe Shibuya.
Related
The Situation: I'm going to implement a digital repository using alfresco community version 5.1 to manage our university digital content which is stored at a moment in differents ftp servers (software installers, books, thesis). I intent to use alfresco as a backend and Orchard CMS as our intranet frontend which is a non functional requierement and communicate both with CMIS. The general idea is that we use a social networking approch in which every user can modify metadata, add tags in order to improve the search, which by the way is the general objective of my work (allows searches and download to the digital content of our intranet , because right know it takes a lot of time to find anything because it is storage in a ftp server without a good cataloging).
I already successfully created a custom data model but when a decided to migrate the content from these ftps, i didn't find any documentation about it. I read about bulk import tool but it happent that i need the data locally in the same computer that runs alfresco, and as i said, the data source are different ftp server.
So How can i migrate data from differents ftps servers as datasource to Alfresco?. Is it necessary to physically import files to Alfresco or can i work with index pointing to the ftp files (keep the files in the ftps and have in Alfresco a reference of that object (I only have search and download functional requierements))?.
Please I need your help as a guidence because here in cuba we dont have experience working with Alfresco and it is very difficult to have access to internet. So if you can point out the way of fixing this, or any recommendation i will be forever greatfull. Thank You and Again so sorry to disturb You
If this were a one-time thing, you could use an FTP client of some sort to simply drag and drop the files from your FTP server into Alfresco's FTP server. This would copy the files only and would not set any custom metadata.
Alternatively, you could write some Java to do this. Java can read from FTP servers and can write to Alfresco via CMIS. This would give you the opportunity to set some properties on the objects written into Alfresco beyond just the file name, creation date, and modification date.
However, if you are going to do this regularly, you might want to look at an integration tool. For example, you could use Apache Camel to watch the FTP servers, and when there is a change, it could fetch the file and write it to Alfresco via CMIS.
This will likely take some coding to make it work exactly right, but hopefully this gives you some options to consider.
I want to encrypt the files that are uploaded by users of a web application.
The files need to be encrypted and decrypted individually.
Are there advantages to encrypting the file using an external tool than inside the application?
For example calling gpg, crypt or 7zip (or any other tool) immediately after a file was uploaded.
Upon request for a retrieval, call them again to decrypt, then serve the file.
I thought this may have performance advantages as well as the fact that encryption can be outsourced to a potentially more robust and well trusted application than the library available in the programming language.
Launching an tool creates a new process every time, which can impact scalability. There are libraries as respectable as tools, some of them from the same codebase.
First of all, you shouldn't implement your own crypto. That said, the alternatives don't look that different to me. Surely you can use GPG either in-process (called via an API) or out-of-process (with parameters passed on the command line). Then the considerations come down to the usual engineering ones of performance, robustness, etc and really have nothing in particular to do with cryptography.
I have created an Adobe AIR application that interfaces with Salesforce.com. The only drawback I have is that the data that is synced to the desktop is not encrypted. I can encrypt a database that I create locally, however, I am trying to encrypt the database that is created and maintained by the flexforforce toolkit. Thanks for any suggestions.
J_A_X is correct, without access to the underlying code communicating to the database, it would be damn near impossible, however it appears the situation has changed.
AFAICT SalesBuilder is using a locally encrypted air database: http://coenraets.org/blog/2008/11/salesbuilder-15-with-new-air-15-database-encryption/. It appears the source code is available for this application, and thus a possibily that you might be able to pull the libraries this is using? Or perhaps the libraries you are using are in fact already encrypting the database?
I maintain a web application (ASP.NET/IIS7/SQL2K8/Win2K8) that needs to access documents, actually hundreds of thousands of documents, and growing. Currently, they are all on a Windows 2K8 Server fileshare, being accessed by UNC path (SMB). The files are in a single flat directory and I'm trying to plan how to best improve this solution. I don't want to use the SQL Filestream attribute as it would be significant effort to migrate it all into that, and would really lock in to SQL Server. I also need to find a way to replicate the data for disaster recovery, so perhaps a solution can help with that too.
Options could be:
Segment files into multiple directories?
Application would add metadata for which directory it's on (or segment by other means)
Segment files into separate servers? (virtualize)
Backup becomes more complicated.
Application would add metadata for which server it's on
NAS Storage
SAN Storage
Put a service (WCF) in front of the files and have the app talk to the service
bonus of being reusable across many applications
Assuming I'm going to store on filesystem and not in database (I've read those disccusions here), which would be a more scalable solution?
You've got a couple issues:
- managing a large volume of (static?) files
- preparing for backups and disaster recovery of said files
I'll throw this out there, even though I'm not a fan of the answer, but you might poke around with the free SharePoint 2010 Foundation that's included with server 2k8. If you're having issues with finding the documents you need (either by search, taxonomy via tagging or other metadata) as well as document expiration and you don't want to buy a full blown document management system, this might be a solution. Of course it introduces new problems...
If your only desire is to have these files available to spit out on the web, then the file store like you're using now really is the simplest solution. For DR/redundancy purposes, I'd look at a) running them on a raid/SAN of some sort and b) auto-syncing them with the cloud (either azure or amazon). For b) you can get apps that make the cloud appear as a mapped drive and then use an rsync type software to keep the cloud up to date.
If you want to build something new and cool, you might think about moving the entire file archive into the cloud and just write a table in a db to manage the file name, old location, new cloud location and a redirector code that can provide the access tokens to requestors.
3 different approaches... your choice.
I'm building a web application that most allow the user to digitally sign PDF documents with certificates installed in the client machine.
The document, once signed, should be posted back to the server, where it will store the signed version.
The server is running Classic ASP/ASP.NET
Where should I go?
Try Adobe LiveCycle Designer
This comes with the Adobe Master Suit and has all the capabilities for ES. It works with PKI infrastructure and will Publish "certified" PDF documents that prove authenticity for recipients. It's better to start with something that already exists.
Our SecureBlackbox library has a distributed cryptography add-on which does what you need. Client-side modules that do signing can be extended by the user (we provide complete source code). You will find detailed description of the add-on on our site or in this SO answer.
I actually built a system just like this into our web application. Here are some links I found tremendously helpful in doing so:
http://www.codeproject.com/KB/vb/Digital_Signatures.aspx
http://www.devx.com/security/Article/17249/0/page/2
http://www.example-code.com/vbdotnet/digSig1.asp
http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html
http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/sdkHelp/wwhelp/wwhimpl/common/html/wwhelp.htm?context=sdkHelp&file=signaturesSigning.90.4.html
http://www.c-sharpcorner.com/UploadFile/Gowri%20S%20Paramasivam/Cryptography211242005003308AM/Cryptography2.aspx
I would use iTextSharp to sign the PDF. iTextSharp is free and open source. Take a look at the sample code signing PDF http://itextpdf.sourceforge.net/howtosign.html I have used iTextSharp before reliably.
Look for java libraries to sign PDF documents. You can deploy them in an applet which should fit in your web application. If users need to preview the PDF documents before signing them then look at the java bean jPDFNotes from Qoppa Software (Disclosure: I'm affiliated with this company). If the documents can be signed without preview, look at their other libraries jPDFFields or jPDFProcess. There is also iText an open source library but iText doesn't support viewing documents so it will only work in the second scenario.
Go to http://www.certisign.com.br/ they have the answer for you. CertSign has API's and training to enable digital certification.
This place did exactly what you need when I renewed my digital CPF http://loja.certificadodigital.com.br/Serasa/Serasa-Certificados-Digitais/D1
I use to write the FDF to PDF programming from Adobe FDF toolkit. I could take the full version of Acrobat Pro and use a W-2 , I-9 Federal Forms place fields and a signature box and with Topaz Systems signature pads, based on pressure points, angles etc... the activex algorithm would save the signature and everything into the sql server database, and i could go the other way and populate a PDF from SQL Server.
We do this using Silverlight with BouncyCastle in the client and iTextSharp in the server.