So.. I set up IE to use WebScarab as a proxy, and then logged into Quality Center. Lo and behold, the program uses HTTP to do all its communication with the server, and the all commands and responses are human-readable text. It ain't XML, it ain't JSON, but its human-readable and I'm pretty sure I could write it if I had to.
So.. is this protocol documented anywhere? Are you "supposed" to be able to use this? Anybody have any experience using it anyway?
And yes I am aware that they have a COM api, but I have a feeling that the crashy behavior I normally experience from QC is probably in the COM objects, so any software I might write that uses them would exhibit the same behavior.
The officially supported method for communicating with QC is via the published Open Test Architecture (OTA) API which is very well documented. I think you would have your work cut-out trying to re-write the API at a lower HTTP level. Lots of people are using the OTA API successfully to customise QC and write third-party extensions. Also many of the COM idiosyncrasies are now documented on the .NET. Maybe you can elaborate on the sorts of problems you are having with the COM API?
The below page can help :
Visit
http://technologicaguru.blogspot.com/2009/06/connect-to-quality-center-ota-client.html
Related
I am new to screen scraping. When i use proxy server and when i track the HTTP transactions, i am getting my post datas revealed to me. So my doubt/problem here is,
1)Will it get stored in the server side or it will be revealed only to the client side?
2)Do we have an option of encrypting the post data in screen scraping?
3)Is it advisable to use screen scraping for banking applications?
I am using screen scraper tool which i have downloaded it from
http://www.screen-scraper.com/download/choose_version.php. (Enterprise version)
Thanks in advance.
My experience with scraping is that if you aren't doing anything super complex (like logging into a secure website like an online banking website, etc.) then Python has some great libraries that will help you out a lot.
To answer your questions:
1) You may need to be more clear, but this really depends on your server/client architecture.
2) As a matter of fact you do. Urllib and Urllib2 (built-in Python libraries) both have functions that enable you to encrypt data before you make a POST. As far as how secure this encryption is, for most applications, this will suffice.
3) I actually have done scraping on online banking sites! I'm not exactly familiar with that tool, but I would recommend using something a little different than a scraper. Selenium, which is a "web-driver", allows you to simulate the use of a browser, meaning anything that the broswer does in the background in order to validate the session is automatically taken care of. The main problem I ran into while trying to scrape the banking site was the loss of important session data.
Selenium - https://pypi.python.org/pypi/selenium
Other libraries you may find useful are: urllib, urllib2, and Mechanize
I hope I was somewhat helpful!
I've used screen-scraper to scrape banking sites before. It will impact the site just like your browser--if the site uses encryption the connection from screen-scraper to the site will be too.
If you have a client page sending data to screen-scraper, you probably should encrypt that. I generally just make the connection via SSH.
1) What do you mean by server side? Your proxy server or screen-scraper software? Any of them can read/store your information.
2) If you are connecting through HTTPS then your software should warn you about malicious proxy server: https://security.stackexchange.com/questions/8145/does-https-prevent-man-in-the-middle-attacks-by-proxy-server
3) I don't think they have some logger which they can read. But if you are concerned you can try to write your own. There are some APIs which you can read HTML easily with jQuery sintax:
https://pypi.python.org/pypi/pyquery or XPath: http://net.tutsplus.com/tutorials/javascript-ajax/web-scraping-with-node-js/
I have a flash based game that has a high score system implemented with a SOAP service. There are prizes involved and I want to prevent someone from using FireBug or similar to discover the webservice path and submit fake scores.
I considered using some kind of encryption on the data but am aware that someone could decompile the swf and work out how I did it.
I also considered using an IP whitelist but since the incoming data will come from the users IP and not the servers that won't work. (I'm sure I'm missing something obvious here...)
I know that there is a tried and tested solution for this, but I don't seem to be asking google the right questions to get to it.
Any help and suggestions will be appreciated, thank you
What you want to achieve is impossible. You can only make it harder for people to do. The best you can do is to use encryption and encrypt the SWF it self, which usually causes higher filesize and poorer performance.
The safest method is to evaluate or even run the whole game on the server. You can try to determine whether what the client sends you is possible at all. Rather than making sure people use your client, you're making sure people play the game according to your rules.
greetz
back2dos
All security is based on making things hard. It never makes things impossible. How about having your game register with a separate service when it starts up. It could use client information to build some kind of special code that would be unique for each iteration of the game. The game could morph the code in a way that would be hard to emulate. Then when the game is over the score gets submitted with the morphed code and validated on the server side.
I wanted to know if JSON is still used in live applications? I am creating a service and want to understand if I should output data using JSON too?
What is the latest standard now?
JSON is very popular, and there is no sign that this is changing.
I am creating a service and want to understand if I should output data using JSON too?
You really need to ask the potential customers of the service that question. Or at least, give us some hint as to what the service is and what clients are likely to use it.
What is the latest standard now?
There is no official standard for JSON. In theory, JSON is a subset of ECMAScript (aka JavaScript), so the relevant ECMAScript standard would be normative.
In practice, JSON is implemented in many languages independently of ECMAScript. The description on the JSON.org website, and IETF RFC 4627 are probably the most relevant to someone implementing JSON for themselves, but neither of these sources have the authority of a standard. If you want JSON libraries, the JSON.org site is a good place to start looking.
Yes, JSON is still very popular. Even Google web services API gives search output in JSON.
Take a look at this example:
http://zamples.com/JspExplorer/samples/google.jsp
Overwhelmingly yes. For me, JSON is the transport format of choice for AJAX requests and inter-application data sharing. To date, there are 1271 questions about JSON on SO.
I am planning to create a site that provides several games for self written game-agents.
There will be a Tic-Tac-Toe for example (and some more complex games of course). Programmers can register their agents and from time to time there will be a tournament. The gameserver will contact the registered agents, present the board and ask for a move.
My basic problem is: What would be a good way for the gameserver to communicate with the agents?
No communication: A special script language for the agents that can be submitted and interpreted on the server itself. This avoids the problem altogether, but it would be more fun if everyone could use his favorite language.
REST: This is a bit sparse in one direction.
SOAP?
REST with POST?
What connection-method would you like, if you would participate in such a game?
I'd use a form of REST supported by sever state, SOAP is too inhuman. If you use REST people can even make bots with cUrl, so you'll have the widest audience
I had great success using Twisted and developing my own application protocol built off of that.
I would use a private protocol, that leaves you the option to implement server and clients in different languages. You can add your favorite encryption mode as well.
The scripting language would definitely be the easiest thing to write on your end. Personally, as long as you specify the protocol exactly on the site, and give an example of formatting the messages, any person scripting should be able to use whatever format you choose.
For Go, there is already the existing Go Text Protocol. I would use similar protocols for other games.
Plain old TCP with a set of custom commands for your game?
(under asp.net enviro)
I will be sending data to a central server via a web service, and I want to hash the data to ensure that it didn't get corrupted during transfer.
Which hash method should I use?
Can I hash when the web service is passing objects?
I would recommend using WCF is you have a situation where you might actually have a heavier traffic while requiring reliable transmission. It supports standard SOAP, Binary, etc.
It got all the bells and whistle you will need.
Cheers
Preferably use SHA1. You can also use MD5.
You could also use Web Services Enhancements (WSE) 3.0 to sign your messages. The nice thing is that everything is built right in, so you won't have to do a whole ton of work.
There's a wide variety of turn-key security options, but it sounds like you would be the most interested in the AnonymousOverCertificate solution. For your implementation, you could define a couple of really simple policy files.
Bear in mind you'll need to use WSE 3.0 on both sides, though. (Client and server sides, that is.)
For more information, check out the link below. It gives a general overview of WSE 3.0.
What's New in Web Services Enhancements (WSE) 3.0
I'd recommend just calling GetHashcode() on the byte array of your data. Send this value as part of the webservice call and verify that they match on the other side.