I'm trying to figure out how to disable programatically the fishing site warnings that pop up when you enter a user name and password along with the url to a secure website, such as.
https://UserName:PassWord#Https://Secure.Website.com
Before the url comes up the warning dialog pops up first, since I know that the url I programmed is secure, I don't need the fishing site warning to pop up.
If anyone has any Ideas, I would greatly appreciate it. Thank you in advance.
You just cant do this.
This behavior is in private UIKit apis that you can't alter without being rejected from AppStore.
And for once, there is a good reason to this, a security reason :)
EDIT (after comments below)
I think you can disable these warnings in device settings : Settings App > Safari > Fraud Warning
Note that you can't do this with code from your app. You can only ask user to do so, or maybe by using Enterprise deployment facilities.
EDIT 2 About security concerns
Again, there are very GOOD reason to this security, especially for a company concerned by its confidentiality/security.
It is not because you set a static URL in a UIWebView that this is the URL you will get, phishing is not only from websites servers, it can also come from a middle man attack on the TCP/IP connection, DNS spoofing, or who knows, an admin going nuts :)
Modifying private APIs is not easy, there is no source code, just assembly code that you can disassemble/analyze to figure a way to override/inject code doing what you want. It takes time that sorry I have not.
In other words : you should find an alternative solution, like another URL without https (ask webmaster) but another security, not requesting data from UIWebView... I'm afraid there is no easy workaround. And I guess you know that URL authentication like you are trying to do is highly unsecure, any intermediate could just get the query and login/password.
It is phishing and not fishing :)
Do you know you can edit your comments on stackoverflow?
Related
I want to create a share button for Linkedin, the GUI button is all set up, but it doesn't work when clicking it. I researched a bit and came to the conclusion that using the same sharing mechanism, other sites work but mine doesn't.
I narrowed the problem down and now I'm trying to figure out why google.com works but my site doesn't. I don't use my real company website because it's personal information, but it's a website that has been on the internet for more than 10 years (in case this information is useful). When I go to the links, my website throws an error, but Google works fine.
Ⓧ https://www.linkedin.com/cws/share/?url=https://www.my-company-website.com
〇 https://www.linkedin.com/cws/share/?url=https://www.google.com
Is there any pre-requisite I'm missing, which makes my site not work?
I realized my server was blocking Linkedin (to reduce traffic from Linkedin bots). That's why it wasn't working.
As hint: I was working on closed webpage (for outside users) and that also causing problems with Linkedin share button.
Hint 2: Website uses Lets Encrypt! SSL and information mentioned here is a fake news https://wordpress.org/support/topic/linkedin-share-button-not-working-3/ Work's fine!
If you ever get stuck on trying to figure out why your page simply doesn't populate nice preview data on your LinkedIn share page, then check out the LinkedIn Post Inspector.
Insert the URL of your page (i.e., example.com), not the URL you are using to share (i.e., linkedin.com/share?url=example.com). You'll get detailed information on how your site will appear and why, like, for instance, sharing wikipedia.org...
Hope this helps someone else with a LinkedIn share issue!
I have great luck using a combination of Google (and usually StackOverflow) to locate help with errors in software. But I'm wondering if there's a better way. How about tagging all errors with a unique ID?
This is just a suggestion, hopefully someone will take this in an even better direction. As a starting point I see errors registered the way we register web sites. Maybe they are web sites. Each error would have a URL. And that URL would have an associated abbreviated version for cases where we want to reference the error but want to save space.
The app developer would be under no obligation to provide anything at the error URL location. That would be optional but nice. Maybe the URLs would all be based on a global domain like wikipedia where anyone can contribute info. My main goal though is just to tag errors with something to make web searched more effective when I'm looking for help.
In my app, I've got a share button for facebook and twitter etc. I want that people can tweet and post the link of my app, but the app is not yet available in the app store, so i can't have a link to the app.
In some apps there is a link to the app if you are composing a tweet, how do they do that?
As H2CO3 pointed out, having that AppStore URL delivered from a server you control would likely be something you would prefer. Naturally, the first question to pop to mind would be something of the form 'Why do I have to use a server at all? Can't I just code it into my app directly?'
In short form, you are not required to use a server, but you may find that the benefits and flexibility it offers you in at the cost of a little more networking code and complexity in your app helpful. Let's expand on this a bit, by imagining we lived in the perfect world where we knew with 100% accuracy what that AppStore URL would be and that it would never ever change. We could get away with just coding that URL directly into our app and we would never again have to think about that part of our app -- it would always tweet the correct URL, users would be happy, and you as the developer can turn your attention to more important matters.
Unfortunately, things often don't work perfectly and as software developers we have to consider the ugly edges of reality and write code to handle them gracefully. Here are just a few of the potential problems with hard-coding a URL:
We don't actually know the full AppStore URL.
Apple may decide to change AppStore URL formats and render old URLs invalid.
Despite our best efforts to carefully type the URL into our code, we made a mistake and now we have to issue an update and wait for our app to be reviewed to get a simple typo fixed - Eep!
H2CO3's suggestion to use a server builds likely stems from experience in writing software coupled with developer's inherent risk management driven thought processes -- if there is something I can do to make my software handle these ugly edges more gracefully and make my software more reliable, it may make sense to take the extra time to implement my feature differently to protect it from the shadowy unknowns the future may have in store for my app.
For the sake of a balanced argument against putting the URL on a server:
If your users are in a place that has spotty cell or wifi coverage, they may not be able to connect with your server to get the AppStore URL from your server
Your server might not be working properly so it can't deliver information to your app when requested.
Adding a network request like this can be very easy to do, but also introduces its own set of risks to have to consider (isn't writing software great?)
As indicated above, you do not need to make your app snag the URL from a server you control, but you may want it to do so. Only you, as the app's developer, can determine what degree of risk you are willing to accept and which of the available options you've researched, invented, or otherwise acquired seem to fit your specific needs the best.
Since I don't know your background, I'm going to stay relatively high level and give you another couple of nudges in some directions you can go and do some additional research:
On the 'setup a server' idea -- you can purchase a hosting account from a number of hosting providers around the Internet or if this is a school or work project you may be able to speak with your IT people to request space for a website. After you have that setup, you can put a file on that space with a placeholder URL and write some code in your app to connect to your server and read your file (that has your fake URL in it!) the put it into your Tweet. Once your app is approved, you can change the fake URL on your server with the real one, and your App will work like you want. For the App part of things, you might look into some of the simple +stringWithContentsOfURL: methods on NSString (though do remember to consider things like what happens if the Internet is down, or if you don't get anything back from your server, etc.!)
On the 'just hard code the URL into the app' idea -- Apple makes some marketing resources available to developers even before they release an app. Checkout (https://developer.apple.com/appstore/resources/marketing/index.html) with an emphasis on the Shortlinks section, and also checkout Technical Q&A 1633 (https://developer.apple.com/library/ios/#qa/qa1633/_index.html). Both of these links give you information about how to build a link directly to an application or vendor on the AppStore given just their name(s). Like before, do remember to consider what happens if you ever decide to rename your app, or if linking elsewhere (or maybe nowhere!) would make more sense.
Hopefully this will help you think a little more about what you are actually trying to achieve, and give you a sense about what other developers think about when faced with decisions like the one you've posed here.
While i agree with Bryan i always avoided using servers for basic things. With ios 5+ you can send tweets from inside the app ( and you can add default tweet (i.e. a link to the app)
Your problem can be solved easily this way : make a short link with the link to the app store ( the link to the app store is formatted like this : https://itunes.apple.com/app/id <app id> , and the app id the the one in itunnesconnect under Apple ID )
For example you can make a default tweet like this : " Check out this awesome app!! goo.gl/buya " and then the user can edit it as he wishes.
Also..it's extremely unlikely that Apple will change the format of theyr links...too many users depend on this format to do..a lot of things
Is it posible to write greasemonkey script or add-on for firefox to automaticly add security exception ?
I have plenty of dumb users and I really need to automate this for two of my intranet pages which have wrong certificates.
Thank you very much.
I hope not as that would be a huge security hole ! You should create correct certificates for your sites instead. Create a CA and install the public CA certificate on your user's browser so the site certificates will be valid. There are plenty of articles and howtos found via Google that explain how to roll your own CA and create certificates for your sites.
This is definitely not possible in Greasemonkey. It is probably possible with a Firefox extension -- but then what about users on other browsers?
First, is the problem caused by "www.yourserver.com" versus "yourserver.com" (or some other subdomain issue)?
If so, set redirects so that "www.yourserver.com" always maps to "yourserver.com", and/or switch from a subdomain to a subfolder structure ("somesite.yourserver.com" becomes "yourserver.com/somesite/" instead).
If that's not it, then as Darkdust said, either (1) Get your boss to help you pressure the IT department or (2) Go around the IT department.
You can get valid certificates for as little as $10. Sometimes it takes a little tweaking on an intranet, but it's doable.
I'm making a website using Facebook Connect and decided to use Facebook's XFBML tags like "fb:profile-pic" since they are so easy to use.
I haven't been able to make them work no matter how hard I look online but then I noticed that it worked on all the browser's instead of Firefox.
I also realized that even on Facebook's own "The Run Around" sample app they don't work!! You can check it out here: http://www.somethingtoputhere.com/therunaround/index.php
If you log in with Firefox your picture is not shown, but if you use another browser it is shown. This happens with the fb:profile-pic tag or any other tag like fb:name.
I haven't found any information online so I'm asking other people that have worked with this: Are these tags simply not compatible with Firefox ? Do they have outages or something like that ? Has this happened to anyone before ? Any ideas on how to resolve this ?
I guess they do have "outages". I've spent the whole weekend trying to resolve this and now they post they had a problem and have resolved it.
From the Platform Live Status website:
http://developers.facebook.com/live_status.php#msg_497
We are experiencing a possible config
problem with api.connect.facebook.com.
If you are including Connect JS
library through
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php,
all API requests through JavaScript
would fail. This affects rendering of
XFBML tags (such as fb:name and
fb:profile-pic) as well. While we are
fixing this issue, you can work around
the problem by changing
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
to
http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php.
It's also safe to keep url change
permanently because
connect.facebook.com is just an alias
to facebook.com.
I wish they had updated that sooner, now I'm looking for a place to find out about this stuff before I spend days working on something before realizing it's not a problem with my code!
Open up Firefox > Preferences > Privacy and make sure "Accept third party cookies" is checked. This is needed for Facebook Connect to work. Also, when using Connect, make sure all your tags are fully closed, i.e. <fb:profile-pic></fb:profile-pic> and not <fb:profile-pic/>. From the docs:
The user's browser must be set to
accept 3rd Party Cookies in order for
it to stay connected between clicks.
Source: http://wiki.developers.facebook.com/index.php/Logging_In_And_Connecting
FWIW, I wouldn't use "the run around" as a sample app. That thing has been the same since they introduced Connect and is pretty hacky.
do check in connect section under the canvas option.
there should be a link of your physical file.