Is there a library that masks sensitive fields(encrypts with random characters) in Rest API response. The masked data should be sent back to the UI. And if UI sends the masked data back in consecutive requests, it should be again unmasked and send it to server(so that server can interpret and work correctly).
Note: I don't want to exclude the fields in response. I want to perform operation on the masked data based on user interaction on UI.
Say, If there's a credit card number in API response, this should be shown as xxxxxxyyyyyy in UI... And when UI want to send it back in a post call, it should be unmasked and sent back to server
Related
I want to send some custom properties in the attachment for interactive messages and retrieve them back in the action response. is there a way to do this?
Yes, that is possible. However, it only works well for small sets of data.
Assuming we are talking about buttons the normal approach would be to use the value field of an action to transfer custom data based on which button the user clicked back to your app. The field is a normal string within a JSON message, which is send by POST request to your app. So it can in principle contain a whole data set, not only a single value. All you need to do is include it in the button attachment that is send to Slack and your app will receive the respective value field back. (depending on what data you want to send you might need to encode it, e.g. you want to encode binary data into base64, so that is can be transferred as JSON string)
I have used it successfully in one of my apps to transfer serialized objects containing information about the user's application context.
There is one caveat though, that caused me to later abandon this approach again. As I found out the field length is limited, so if your string is too long you might end up with truncated data. In my estimation the limit is about 2.000 chars, but I do not have a definitive number.
Instead of transferring all data in the attachment, I now keep the user application context in a server session (PHP) and only transfer IDs through the value field of my buttons.
Conclusion: If you have small sets of data you can transfer them through the value field. If you have larger sets of data I would not recommend it.
I´m writing a software that work to process a set of data that came from use input process it and send an answer to the user.
The flow starts based on a configured API Callthat start a chain of API calls passing the result of each API for the next one until reachs the final output.
The problem is that the chain of calls is configurable by the user in order to process the data before saving it to the database.
Giving you a little example:
I receive data from an API that has the readings from a field sensor, on the arrival of this data I should do the following things:
Save the data on the database
Process the Data
Based on the data and on a configuration that should be made by the user I should get information from a diferent API (the APIs depend on the content of the data)
Send the information that I got from the other API to a third which will send it back to the sensor
Do you know any solution that´s capable of doing this kind of work?
Doesn´t mather the language or the framework, since it´s a brand new software we are free to start from the very first step.
Thank you
I am considering that, You have a form where user entering the Data, you are receiving the data, processing it and returning the answer based on the Data and your set of rules.
If you have a single form, get the data and pass to the API - RESTFul API
Process the data at server end
Response to client based on the set of rules of user entered data.
If you have Multiple form and coming to user one after one then do same.
Hope the process works. if you could clarify the Requirement more specifically then I can draw the Process in more depth.
I was wondering if here is a way to send multiple 'data' elements in a single Parse REST API push request. I know we can send the same message to multiple devices or channels as required. But i have a different message for each channel. So what i need is a way to call Parse REST API once with the JSON of different channels but each with a different data and alert message.
is is possible? or do i need to make such requests one by one.
I am trying to check pop and smtp values entered by user.. I wish to validate that pop and smtp say for example(pop.gmail.com,smtp.gmail.com) which is entered by user is correct or wrong.
For that I am sending only one request to server by taking both pop and smtp values entered by user which will do two tasks
1. Checks user entered pop by making connection to that particular server ,
2. Checks user entered smtp by sending 1 mail to some dummy mail id..
I finished all these tasks..
But now what my requirement is, I have to show the user after validating each thing.. I mean in ui i have to show as
POP connection Checked.. ok
smtp connection Checked.. ok like that.
But i sent only one request to server for doing both these tasks..So i need to get intermediate status from server after finishing each tasks..So only i can update in client side UI.. But i don't know is it possible to get intermediate responses from server for a single request... Any idea friends? If so can you come up with a little bit of code...
Expecting the suggestions?
you should take a look in the long polling technique, it is possible to retrieve partial response but it doesn't work on all browsers.
You can use HEAD request instead of GET or POST which only return HTTP header
Slightly off topic - but sending a dummy mail can be "dangerous".
Many servers "note" if you try and send to a local address, which does not exist. For example - if the server's domain is "whatever.com" and you send to a random address, say aaa#whatever.com, and "aaa" is not a valid user, then the server notices this.
The server may then take an action like blocking you, as a sender, for a period of time. (This helps to reduce spam from dictionary attacks.) So your "test" ends up effectively blocking the real mail from being delivered.
The reverse is also true. Let's say you try to send to an external address, which you know is valid (your own email address for example) as the test. In this case the from address must be a valid internal address. If you use an invalid internal address, or worse an address which is not internal, it's likely the server will refuse to deliver the mail (at best) and at worst again institute a temporary block.
The key factor in both these situations is that although the SMTP protocol is very "loose", SMTP servers watch very closely for "bad behavior" because this is one way of distinguishing a spamming program. So any hide of "incorrect" behavior can lead to it arbitrarily refusing to accept your mails (usually for a limited period of time.)
Incidentally, back to your original question.
Both of your tests are pretty much instantaneous. Even if the email server is on the other side of the world you can do both checks inside a couple seconds. So chances are even if you send back 2 packets, to the user they'll appear as "arriving together". And since 1 request from the browser can only handle 1 response from the server you would need to send the response in 2 packets.
ie do first test - send first part of response - do second test - send second part of response.
For a normal HTTP packet this is no big deal. Do some sort of flush / send after the first response is ready, and then again after the second response. The browser is used to displaying partial pages as they arrive.
However for an AJAX request you'll need to get into your framework at quite a low level. Most frameworks, that I'm aware of, require the incoming Async packet to be "complete" before they start to parse it. This is especially true if the packet is formatted as say xml where partial parsing is useless in pretty much all cases.
What are the strengths of GET over POST and vice versa when creating an ajax request? How do I know which I should use at any given time? Is it a security-minded decision?
Also, what is the difference in how they are actually sent?
GETs should be used for idempotent operations, that is operations that can be safely repeated more than once without changing anything. Browsers will cache GET requests (for normal and AJAX requests)
POSTs should be generally be used for non-idenpotent operations, like saving something. Although you can use them for other operations if you want.
Data for GETs is sent over the URL query string. Data for POSTs is sent separately. Some browsers have a maximum URL length (I think Internet Explorer is 2048 characters), and if the query string becomes too long you'll get an error.
You should use GET and POST requests in AJAX calls just as you would use GET and POST requests in normal calls. Basic rule of thumb:
Will the request modify anything in your Model?
YES: The request will modify (add/update/delete) data from your data store,
or in some other way change the state of the server (cause creation of
a file, for example). Use POST.
NO: The request will not affect the state of anything (database, file system,
sessions, ...) on the server, but merely retrieve information. Use GET.
POST requests are requests that you do not want to accidentally happen. GET requests are requests you are OK with happening by a user pointing a browser to via a URL.
GET requests can be repeated quite simply since their data is based in the URL itself.
You should think about AJAX requests like you think about regular form requests (and their GET and POST)
The Yahoo! Mail team found that when using XMLHttpRequest, POST is implemented in the browsers as a two-step process: sending the headers first, then sending data. So it's best to use GET, which only takes one TCP packet to send (unless you have a lot of cookies). The maximum URL length in IE is 2K, so if you send more than 2K data you might not be able to use GET.
http://developer.yahoo.com/performance/rules.html#ajax_get