In my project I have to use geocode to validate user input address fields. This includes Address, City, State, and Zip. When user entered value those information are sent to geocode server as http parameters. The return result is xml file content. I use ColdFusion 2018 as my back-end programming language. I'm able to navigate through the document and get to the section that contains data. Here is example of what I get back from geocode:
As you can see in the image above I will get the information with overall correctness of the address. My question is how this should be handled and presented to the user before I save data? Should I display the returned data back and tell them that address is 100% correct like in this case or maybe if address is not 100% show them the address as suggestion? I'm not sure which approach is the best way to go and I never used geocode before. Any help would be greatly appreciated.
Related
Our app's postal-address entry UI is a two-line Address1/Address2 field like this (borrowing screenshot from Amazon.com).
But real users' data entry is always messy. Some users will ignore our directions and will sometimes put the street address in Address1 and sometimes put it in Address2. Other users will import lists of addresses from external sources (like an existing mailing list), which will also likely cause some cases where the street address is unpredictably in Address1 or Address2.
When it comes time to geocode the address, what's a good algorithm to maximize the chance of successful geocoding if we're not sure whether the street address is in Address1 or Address2? A naive approach could be to try Address1, and if it fails then try Address2. But I'm sure I'm not the first person to try geo-coding real-world messy data entry... how is this problem usually solved?
We're using the Google Maps Geocoding API, if it matters.
I believe Google recommends using the autocomplete widget.
Have a look at the best practices document:
https://developers.google.com/maps/documentation/geocoding/best-practices
It says
Respond, in real time, to user input (includes ambiguous, incomplete, poorly formatted, or misspelled addresses entered by a user)
Use the Places API Place Autocomplete service to obtain a place ID, then the Geocoding API to geocode the place ID into a latlng.
Apartment, suite, unit etc. typically is not present in Google database. So you can bind the autocomplete to the first input where the user selects address and you can get corresponding place ID, the rest of information the user can enter in the second field which is not relevant for Google Geocoding API.
There are several examples of place autocomplete in the official documentation.
https://developers.google.com/maps/documentation/javascript/examples/places-autocomplete
https://developers.google.com/maps/documentation/javascript/examples/places-autocomplete-addressform
https://developers.google.com/maps/documentation/javascript/examples/places-placeid-geocoder
I hope this helps!
I'm designing a REST API where, amongst others, there are two objects.
Journey
Report
For each Journey there are many Reports enroute, and each Report has exactly one associated Journey.
A user might create a Journey using the API as follows...
POST /journey/
Then retrieve the details...
GET /journey/1226/
The first question is, if a user wanted to post an Report to their Journey, which is the 'correct' URL structure that the API should impose? This seems intuitive to me...
POST /journey/1226/report/
...or is this the case...
POST /report/
...whereby in the latter, the Journey ID is passed in the request body somewhere?
The second question is, how might one go about implementing the first case in a tool such as the Django REST framework?
Thanks!
The URL/URI structure is almost completely irrelevant. It is nice to be able to read it, or easily change or even guess it, but that is it. There is no "requirement" official or unwritten how they should look like.
The point is however, that you supply the URIs to your clients in your responses. Each GET will get you a representation that contains links to the next "states" that your client can reach. This means the server has full control over URI structure, the client usually has to only know the "start" or "homepage" URI, and that's it.
Here is an article which discusses this question, has some good points: http://www.ben-morris.com/hackable-uris-may-look-nice-but-they-dont-have-much-to-do-with-rest-and-hateoas/
Pass for the second question :) I didn't use that particular framework.
I am using redirectTo() function with params to redirect to another pages with a query string in the url. For security purpose this does not look appealing because the user can change the parameters in the url, thus altering what is inserted into the database.
My code is:
redirectTo(action="checklist", params="r=#r#&i=#insp#&d=#d#");
Is there anyway around this? I am not using a forms, I just wish to redirect and I want the destination action/Controller to know what I am passing but not display it in the url.
You can obfuscate the variables in the URL. CfWheels makes this really easy.
All you have to do is call set(obfuscateURLs=true) in the config/settings.cfm file to turn on URL obfuscation.
I am sure this works with linkTo() function. I hope it works with RedirectTo() funcation as well. I do not have a set up to check it now. But if doesn't work for RedirectTo(), you can obfuscateParam() and deObfuscateParam() functions to do job for you.
Caution: This will only make harder for user to guess the value. It doesn't encrypt value.
To know more about this, Please read the document configuration and defaults and obfuscating url
A much better approach to this particular situation is to write params to the [flash].1 The flash is exactly the same thing as it is in Ruby on Rails or the ViewBag in ASP.Net. It stores the data in a session or cookie variable and is deleted at the end of the next page's load. This prevents you from posting back long query strings like someone that has been coding for less than a year. ObfuscateParam only works with numbers and is incredibly insecure. Any power user can easily deobfuscate, even more so with someone that actually makes a living stealing data.
having issues with this formula.
=(EXACT(E2;”Spoofing”);“Impersonates user or system to gain elevated privileges.”;"";IF(EXACT(E2;”Tampering”);”Integrity issues that can modify data or code or configuration files or DLL files.”;"";IF(EXACT(E2;”Repudiation”);”Something claims to have performed an action and did not”;"";IF(EXACT(E2;”Information Disclosure”);“Disclosure of sensitive information”;"";IF(EXACT(E2;”Denial of Service”);”Affects the availability of the network or server and causes the server or website to crash or send information anywhere.”;"";IF(EXACT(E2;”Elevation of Privilege”);”Authorization issue and gains access to a higher user like the Root password”;"";IF(EXACT(E2;”Parameter Manipulation”);”Parameters in URL or Web page form field data entered by a user are changed without that user's authorization.”;"";IF(EXACT(E2;”Cross-site Scripting”);”Exploits a vulnerability to place malicious code on a web server which then collects some type of data”;"";IF(EXACT(E2;”Buffer Overflow”);”Sends data to adjacent buffer in which codes can be executed”;""; IF(EXACT(E2;”SQL Injections”);”Attacker adds code to a Web form input box to gain access to resources or make changes to data.”;"";IF(EXACT(E2;”Password Guessing”);”Brute forcing or the use of a small executable file that keeps guessing randomly until it’s correct.”;"";IF(EXACT(E2;”IT Sabotage”);”Insider threat where the insider use of information technology to direct harm at an organization or individual”;"";IF(EXACT(E2;”Theft”);”Insider threat that uses the network and masks as a specific IP address to steal intellectual property or sensitive information.”;"";IF(EXACT(E2;”Fraud”);”Insider threat that uses the network for the unauthorized modification or addition or deletion of an organization’s data.”;"")))))))))))))
IF(EXACT(E2;”Tampering”); 'boolean value
”Integrity issues that can modify data or code or configuration files or DLL files.”; 'true case
""; 'false case
IF(EXACT(E2;”Repudiation”); 'SMH case
You have one too many arguments in each of the if functions you have.
Even if this could be solved I still highly recommend placing the matching values in a table and then using VLOOKUP to retrieve the description to the articles.
I want to validate an opinion with you.
I have to design a web service that searches into a database of restaurants affiliated to a discount program in a specific country around a given address.
The REST call to such a webservice will look like http://server/search?country=<countryCode>&language=<languageCode>&address=<address>&zipcode=<zipcode>
The problem is that some countries do not have zipcodes or do not have them in the entire country.
Now, what would you do if the user passes such a parameter for a country that does not have zipcodes, but he/she passes a valid address?
Return 400 Bad request.
Simply igonre the zipcode parameter and return results based on the valid address
Return an error message in a specific format (e.g. JSON) stating that zipcodes are not supported for that country
Some colleagues are also favoring the following option
4. Simply return no results. And state in the documentation that the zipcode parameter is not supported. Also we have to create a webservice method which returns what fields should be displayed in the user interface.
What option do you think is best and why?
Thanks!
Well the OpenStreetMap Nomination Server returns results even if you dont know the ZIP Code and you can look at the results anyway. What if the user doesnt know the zip code but wants to find hist object?
I would try to search for that specific object anyway, especially because you said that some countries have zip codes partially.
If you simply return nothing te user doesnt know what went wrong and he wont know what to do.
That would depend on the use case. How easy is it for a user of the API to trigger that case? Is it a severe error which the user really should know how to avoid? Or is it something that is not entirely clear, where a user may know (or think he knows) a zipcode where officially there shouldn't be one? Does it come down to trial and error for the user how to retrieve correct results from your API? Is it a bad enough error that the user needs to be informed about it and that he needs to handle this on his side?
If you place this restriction in your API, consider that it will have to be clearly documented when this case is triggered, every user of the API will have to read and understand that documentation, it needs to be clear how to avoid the problem, it needs to be possible for the user to avoid the problem and every user will have to correctly implement extra code on his side to avoid this problem. Is it possible for the user to easily know which areas have zipcodes and which don't?
I think the mantra of "be flexible in what you accept, strict in what you output" applies...