All I want to do is set a boolean that all the users have to false using a Javascript tool. I'm getting "Error 206: ParseUserCannotBeAlteredWithoutSessionError" when I try to do so. The user I log in as for the tool has an "Administrator" role that has read/write CLP for the User table.
In this blog (http://blog.parse.com/learn/engineering/parse-security-iii-are-you-on-the-list/) they briefly mention the Master Key, but never explain how to use it. This: https://www.parse.com/questions/masterkey-in-nodejs didn't work either, the script wouldn't even run.
Can someone please tell me how to use the master key in JS like Parse probably should somewhere in their documentation?
You can set the master key while initializing the Parse. You can do this,
Parse.initialize( applicationId, javaScriptKey, masterKey)
more information can be found here.
Hope this helps.
Related
Everything is more or less said in the title. When I start the sentry sdk I have a dsn string that I have to write in my code to initialize it. I was wondering if I can hardcode this string or if I have to store it somewhere else. I wonder if it is dangerous or not. Thanks in advance.
Example of initialization: Sentry.init("https://examplePublicKey#o0.ingest.sentry.io/0")
This is a public address. The DSN string only allows events to be sent to a Sentry project. It doesn't give access to retrieve any data from it nor it can be used to execute any operation on your behalf. If for some reason it gets abused (bogus events start coming in), you can easily discard that DSN and create a new one.
I need to generate logs in service now whenever the browser is closed or the session is expired. I tried using global business rule but couldnt achieve it. It will be greatfull if i can if i get an idea to achieve this.
Thanks in advance.
I assume you already know how to generate a log and such in ServiceNow, and the problem you're having, is how to run code when the user closed their browser.
The best solution would probably be to create an onload client script which sets onbeforeunload to a function that triggers a log.
More on that here: https://developer.mozilla.org/en-US/docs/Web/API/WindowEventHandlers/onbeforeunload
For the second part of your question, user sessions are tracked in a "user sessions" table. If you want to also log when theirs expires, you can do so with a business rule on that table.
You can use
GlideAjax to call from your client script to a server side script include.
Look at GSLog
Try this one
var gl = new GSLog("com.snc.sla.tasksla.log", "TaskSLA");
In our MVC website log I can see lot of errors with message "A public action method was not found". Requests are coming with junk action method name.
For example if I have action name "GetProducts" then requests are coming with actiona name as "GetProducts AND 1=1" , "GetProducts;id'" , "GetProductswhscheck".
is this because of internet bots are trying to access my website with junk values?
It may be bots, it may be script kiddies, or it may be crackers. Either way - somebody is trying to find vulnerabilities on your site.
Let's look at the first one:
GetProducts AND 1=1"
This looks like an attempt at SQL Injection. There was probably a longer query after the "1=1", trying to get information out of your database - like usernames, e-mail addresses, and so on.
To defend yourself, make sure your queries are parameterized. You may also want to add some form of rate-limiting on your system; if possible, see if you can add captchas.
You may also want to look at this answer on Information Security Stack Exchange, and the OWASP top 10 security vulnerabilities.
Do this as soon as possible, because somebody's trying to break in to your system.
Recently, I have been working on a CredentialProvider in order to unlock automatically (the trigger can be any event, so let’s say the end of a timer) a Windows Vista (or more recent version) user session.
For that I read some useful articles on the subject, the change between GINA and this new architecture. http://msdn.microsoft.com/en-us/magazine/cc163489.aspx.
I think, like everyone in the process of creating a custom CredentialProvider, I didn’t start from scratch but from the sample code provided by Microsoft. And then I tried to change the behaviour (things like logging) in the different functions.
So in the end I can use the custom CredentialProvider, enter the SetUsageScenario methods but still I cannot reach the Set or GetSerialization method. From what I’ve understood in the technical documentation on CredentialProvider (still provided by Microsoft) theses two methods should be called automatically. Is there something I missed ?
Also, my original idea was to get an authentication package using Kerberos in order to perform an implicit user authentication. I got this idea by seeking information on other SO or MSDN threads like
Is this approach the good one ?
Thank you very much for your time answering my questions. Any clarifications are welcomed, even if they don’t directly resolve my problems :-)
First of all - you need to set autologon flag to true in your implementation of the ICredentialProviderCredential::SetSelected(BOOL *pbAutoLogon) and ICredentialProvider::GetCredentialCount methods.
Next, you need to call ICredentialProviderEvents::CredentialsChanged when your timer is hit.
LogonUI will recreate your credentials, and because autologon is set to true it will call your GetSerialization() method.
SetSerialization and GetSerialization functions are called from your provider by LogonUI. After user enters username/password and presses ENTER button, LogonUI calls GetSerialization function and provides a pointer, as one of the four parameters, that will point in future to CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION structure created and filled by you, and then this structure will be sent from LogonUI to Winlogon to perform authentication. I don't know how to make LogonUI to call GetSerialization from your credential provider code and as far as I know you can't call GetSerialization by your own because where will you pass your filled CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION structure if no one requested it, but only LogonUI can path it to Winlogon?
There is a document called "Credential Provider Technical Reference", there you can read some details about credential providers. In the Shell samples folder there is a strange folder called "Autologon", maybe it will help you! Good Luck!
Short description
I'm getting used to CakePHP right now and am wondering about how to get more debug-information about what is happening inside the framework.
Let me please explain my situation a little more detailed
As you know CakePHP does a lot for you without putting you into the need to write additional code. One example is the handling of models.
I just created a model User and added validation-rules (no other methods). As described in the API methods like save will just work.
After that I created the needed controller and view to add a new user. When I try to add a user from the view I just receive the flash-message The user could not be created. Please, try again. No validation-violations are flashed.
I also did set the debug-level to 2: Configure::write('debug', 2); but do not receive any errors. The error.log inside \tmp\logs is also empty.
I really do want to learn how to solve those issues in the future.
So what else can I do to debug / display inner processes of cake?
Thank you very much for your help!
DebugKit is an official plugin that gives you lots of information on the request, queries and variables produced by Cake:
https://github.com/cakephp/debug_kit
You can also use trace() and other methods in the Debugger to show what is being executed in the background:
http://book.cakephp.org/2.0/en/development/debugging.html
Use a PHP IDE with an integrated debugger. That will allow you to follow execution line by line as it is executed and even inspect variable values as you go. Netbeans is a free one.