How to update token name and decimal on solana network? - solana

I did submit PR to solana-token git repository for my token.
But I want to update my token name and decimals.
How can I do that?
I did resubmit but getting error.

You've done the right thing, it will just take the developers some time to review your pull request. The automatic checks ensure that someone isn't changing someone else's entry, and in your case, you're changing an existing entry. They will need to double check that you put in the first request before merging this in.

Related

Plaid.com the login details of this item have changed (credentials, MFA, or required user action)

I have a case open with Plaid support, but it has not been even touched since opening 12/26, perhaps they are just all on vacation for the last week.
We had use the prior API for a site and wanted to use it for a new site. We found the API has drastically changed since the last time, as year ago, and have everything seeming to work in the sandbox, but for "development" or "production" cannot get the TD Business Direct to link up and produce the needed access_token so we can pull transactions into our application.
So I am hopeful with the post I may get some help knowing what the error of "the login details of this item have changed (credentials, MFA, or required user action) and a user login is required to update this information. use Link's update mode to restore the item to a good state" really means. The Plaid Link flow seems to accept the initial credentials and the responses to MFA, but after the second question is answered gives the error and we are not able to link the account.
We see a 400 status when it tries to post out after the second MFA question is answered and shows:
{
"display_message": null,
"error_code": "ITEM_LOGIN_REQUIRED",
"error_message": "the login details of this item have changed (credentials, MFA, or required user action) and a user login is required to update this information. use Link's update mode to restore the item to a good state",
"error_type": "ITEM_ERROR",
"request_id": "request_id_here"
}
Other details when we exit that may be helpful:
{"institution":{"name":"TD Bank - Business Direct","institution_id":"ins_107836"},"request_id":"request_id_here","link_session_id":"session_id_here","status":"requires_questions"}
From just reading the message would seem we may not have entered the right credentials, but we can login to the bank site just fine, so they are right and the account is not locked out.
When I've faced the similar issue, the reason was in changed user's details. Every time some details changed, you'll need to re-link user's bank account with plaid in update mode.
Exception with "error_code": "ITEM_LOGIN_REQUIRED" will help you detect such cases and handle them appropriately.
They have more info in their docs: https://plaid.com/docs/link/update-mode/
Link update should work fine. If you are facing some issues further, then create a support ticket to plaid and let them know that request id, bank_id and what type of error you are getting.
Sometimes the issue is on their side. There are quite slow in responding but you will get reply within 2 days and if there is some fix, they would ask you to test it after the fix is pushed on their side.

Is it good practice to check for user access level at every step of a given process?

I have a laravel webapp and I check if the user can perform certain actions or access certain information at every step of the way not just during the login. For example when they wish to view their assets I check for their UAC, after they click on them I check again, even if the edit, delete buttons are not visible, there is still a check in place in the code. And this pattern continues throughout the whole webapp. Is this overkill, will it make my webapp too cluttered with checks all over the place?
Yes, it is. Every time you don't check for access before performing a privileged action, you take the risk that an intruder might find a way to bypass your earlier checks and somehow trigger that action without actually having proper access to it. A few extra checks are a small price to pay for robustness and peace of mind.
In particular, you should always re-check privileges on the server for each new request made by the client, since you should never trust user input, and since everything the client sends to the server is potentially under the user's control. For example, even if you disable the "edit" or "delete" buttons in the client interface, what's to stop a malicious (or even just inquisitive) user from re-enabling them e.g. through their browser's developer tools, or even from simply spoofing the actual edit/delete request that the button would trigger?
If you're lucky, all a missing server-side privileges check will do is let some user see a bunch of deleted garbage. If you're not so lucky, it might give them full admin access on your site.
It is indeed a good practice and middleware can help you achieve this goal more easily.
Check the Laravel documentation for more information

The user credentials are need to obtain access token. Please call the non-silent acquireTokenWithResource methods. ADALiOS issue

In my swift project, I am using convergence dev branch source code. I have added ADALiOS files manually in my project. Currently retrieving access token from refresh token is a problem.
Till last week my project was working all fine but as I opened my project on Mondat i.e. 20th March, 2016, I don't know how and why my app is not able to save access token in local cache. So whenever I tried to get access token silently it is unable to retrieve it from local cache. For every call I am getting following error
"The argument 'cacheItem.scopes' is invalid. Value:(null)." and
"The user credentials are need to obtain access token. Please call the non-silent acquireTokenWithResource methods."
From my side I haven't done any changes. I am able to see that new release has been done in convergence branch. Please suggest me how could I solve it also can someone suggest me whether server side changes has also been done or not because of which I am facing this issue?
For the same project settings we are using adalios in our android app and web page also. But those guys are not going through any such issue only iOS team is facing it.
If anyone has any idea please help me.
After reading full ADALiOS file structure I got to know that there are 2 imp web requests going, first is to get auth code, in this call selected "policy" is present in URL. Other call is made after my access token has expired, so to get new access token it is passing refresh token. Particularly in this call I noticed that no policy has been provided in URL. So manually I did some changes to it and added policy in the URL. After that my app is working all good and now I don't have to login again and again.
This might happen if keychain sharing is disabled. One solution might be:
Xcode > Target > Capabilities > Keychain Sharing -> Switch to ON
Add com.microsoft.adalcache into Keychain Group.
Hope this helps.

Implementing Security for Ajax calls

I am facing difficulty in making my Ajax request secure.
The problem is Data tampering. I have read about this problem and it is suggested that never trust the information what ever is coming from client. It can be very well changed using fiddler or any such tool. We need to validate in server side as well. But my question is how to validate.
Let's see one example.
Suppose I have Employee information in database and I have exposed one method GetEmployeeDetailByEmployeeId. Before any employee make this request he will be authenticated with userId and password and authorized whether user of this type are allowed to make this request or not.
But if one employee gives employeeId of some other employee, he will actually gets the data which he is not supposed to see. To fix this issue we have two solution
1. We should check the request against the database, whether the information requested by the person is meant for him or he is the manager of that guy
2. We should somehow validate in app layer itself whether we should reject the call or not.
First approach is performance intensive where I have to make database request and finding the association of record, also it will add cost to development.
Pls suggest which way to go and do we have any better solution to solve this kind of problem.
Clearly you need to check it at your back-end side, otherwise your application is likely to exploit by a kid.
Update
you need to implement an authorisation mechanism in your back-end, then after you load the permissions at the beginning, you can add it to the user session, so you don't need to look-up the database each time, you just need to check the user permission against the task required permission.
More
To implement the authentication mechanism: Goal, user can see it's own profile but supervisor can see everyone within his department.
user A has the user_id already loaded at the session, let say user_id = 123
user A can only request his information so if (user_id == req_user_id) then show the information, otherwise show error.
user B has the permission value of 100, let's call him supervisor then. Now if (user_id == req_profile_id) is not true we will check the permission. Let say the task permission for this particular task is 10 so if (user_perm >= task_perm), go ahead and check the department, if both the requested user and current user are at the same department, then show the information, otherwise show an error.
this should works based on your information.

Magento checkout data persistence

I am trying to preserve the user input from the onepage checkout. If the user refreshes the page it needs to be redirected to the review step and all the previous provided data should be restored. I managed to skip to the final step using instructions mentioned in this post Magento: Show the Review Step in One Page Checkout
but however, there is no data loaded.
I tried finding where the checkout data is 'unset' but couldn't get it to work.
Any help would be greatly appreciated. Thanks!
Checkout data is stored as part of the request and not consistently added to one place. For instance, your checkout address information and shipping choices are saved to your quote, but payment information is not saved whatsoever. To do this well, you'll need to save all this request data to the session and add some JS around transitioning to the correct step.
For payment data, CC numbers will be a special case. Saving credit card information is almost always a violation of PCI compliance in the US (and may also be prohibited in other countries). If you integrate a payment wallet from an established gateway (like Authnet), or if you only use non-CC payment types with non-personal information, you may be safe here.
Hope that helps!
Thanks,
Joe

Resources