Is your issue tracker behind the firewall? [closed] - issue-tracking

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm thinking of making a web service that can file bugs on issue trackers through (mainly) xml-rpc. But I'd like to get a sense whether issue trackers nowadays tend to be available behind the firewall or on the internet...
The target for this web service would be companies that build websites.
So is your issue tracker (jira, bugzilla, trac etc) behind the firewall? (as opposed to being accessible on the internet)
Thanks!

At our shop, our bug tracker is accessible, because certain clients are allowed to file bugs. It really makes things easier, because the developer working on the ticket can directly solicit feedback from the client, rather than trying to get the project manager to get in touch and ask the right questions.
We had thought about doing something similar to what it sounds like you're thinking of, but never got around to implementing it.

Yes, ours is. We have it there partly for security and partly because there was no need to have it public to the world.

An issue tracker behind the firewall?! So it means you won't allow users outside to submit issues, and this is actually the only difference.
They could mail issues / bugs to someone inside, then ask the recipient to create that issue / bug.
BTW, the issue tracker of our company is behind the firewall, we really need to control every detail, as the users may not know what the problem is. We use firewall to ensure higher security and easier management.

Related

how to detect website leaking data [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have recently built a website based on WordPress. I got a free theme from a source in Pakistan.
I have to use this theme because it perfectly serves my purpose. But I want to know that if this theme is quietly establishing a connection with another server and sending my data.
How can I detect that my website is internally sending some codes to the server of developer of theme? Also, I need to know what servers are being communicated with — like, if any image is getting loaded from their server, any code is imported from their server, or anything else is being fetched from their server to run.
Since you have the source code, then you can simply look what this theme does - basically theme should only be HTML and CSS (or mostly it). If there is too much suspicious PHP of Javascript I wouldn't use it.
If you want to see if it connects to some outside sources, run it in your controlled environment and use some network sniffing tool like Wireshark for example.
Generally speaking - if you don't trust the source where you got your theme and you are not good enough in programming to check for malicious code yourselves, don't use it!
I would recommend downloading some of themes provided directly by wordpress.org - those should be safe.

How to open IE with code? [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
In my test, I can automatically open IE with:
public void OpenIEtoAppURL()
{
System.Diagnostics.Process.Start("iexplore", "www.google.ca");
}
Will this work on other computers that may not have admin access? Will this method cause false alarms for a virus?
I'm not sure if this is the best way to open IE, any improvements are appreciated.
Note: the target users are people who aren't good with computers so I don't want to alarm them with authorization checks.
I'm trying to make some kind of executable so that they can just click on it and it will run a suite of automated tests for specific web applications on a weekly basis.
That will work, but it's the wrong way to do it.
Instead, you should open the URL itself:
Process.Start("https://google.com");
This will open the page in the user's default browser.
Note that the protocol is required.
What are you trying to accomplish? You mention people who are not good with computers but your tags are for testing. Do you have non-technical people running automated tests?
If you want IE ONLY, you could try ShDocVw.InternetExplorer.

Giving web designers autonomy to publish [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed last year.
Improve this question
I would like to give web designers autonomy to publish web pages but letting them to edit aspx files is a serious security risk as they don't have the required programming skills.
I was thinking about two approaches:
They are only able to edit html files and call services with ajax;
Let them to edit xslt files associated to services that return xml.
But both have a drawback: limited use of templates.
How would you deal with this situation?
If the developer is on his own domain then its safe to give him full access to JavaScript. However if he is sharing this domain then by giving him access to javascript you open the door to XSS. This allows the publisher to hijack other user accounts (usually by access document.cookie, but there are other same-origin policy abuses). One possilbity is to use Html Purifier, which prevents javascript all together.
There is a better alternative and that is a Google-Caja, which places restrictions on the javascript a developer can execute. This is important for apps written for social networking sites.
This is an issue that's already been addressed in most CMS systems. Have a look at joomla, drupal, SharePoint, etc etc.

Is possible to get notification by e-mail when a site or app pool is down (using IIS7) [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am trying to find out if I can get notified when a site is down, or when a service running under WAS is no longer running.
I don't want to code a monitoring tool, I am sure there must be something out there...
I'm using this
http://tools.pingdom.com/
Beside the cool online tools you have a subscription for monitoring your site.
I found a couple more, haven't used them. These seem totally free while pingdom tools is only free for one site.
http://www.uptimerobot.com
http://ezinedesigner.com
I also had this need, so I created an open source app called Pinger. You can do unlimited URLs with intervals of your choosing. The docs has instructions for getting running on Heroku quickly:
https://github.com/austinthecoder/pinger
I personally use Content Site Monitor. It has a really simple and cool web interface that allows you to view your site’s up-time statistics on a desktop or mobile screen. It’s easy to configure your monitoring parameters as well.
It doesn't just ping your server to make sure that it's alive. It allows you to specify certain content/keywords that you want to monitor. It will send you alert email if the content/keywords are missing from your site or if your site goes down.
Best of all, it’s free to monitor up to 3 sites!

Licensing Websites - How does it work? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I've been looking at several sites that offer a form of "linkware" license where you get the website for free but need to keep all links to the developers site in place. Purchasing a license key and adding it to the site (either in a database or some form of config file) removes these links.
I was wondering if anyone has had any experience of running a system like this, specifically how do you generate and check the license keys? I'm thinking of applying a similar model to something I'm working on so any examples in "Classic" ASP would be most appreciated.
Generally licences work using a public-key system. Your licence string is simply some info (perhaps with info on which domain name this licence is valid for, for example), signed by your private key. The web app contains the public key, which is used to check the validity of the signature.
I'm sure there are other ways, but this seems to be one of the more robust ones that I know of. :-)
I haven't coded anything in ASP, so I have no examples for you, sorry.

Resources