This question may not be directly related to Django, however, since my application is built with Django, I am looking solutions specific to Django.
My application has a check-in function that requires an employee to personally go to a specific machine and enter his/her ID and PSW to show his/her attendance. So, the website has to recognize every individual machine.
There are already some discussions, for examples: this and this.
But it seems software solutions are not quite feasible. So, I am looking for some hardware solutions. For example, is it possible to plug in some USB device on the machine which Django can recognize? In that case, the device (or the content in the device) can not be duplicated. Any feasible solutions, please?
For hardware solution, you can use yubikeys. This is an piece of hardware plugged into USB port that will generate on demand tokens for double-factor authentication. They are constructed in way that you can't copy them, so each key will generate different tokens.
Related
I have a Django project representing an abstract retail store. Let's say it's deployed on a server and is available in the local network. I want to write another program (or extend this one?) to generate a bunch of Users, automate the process of signing up and logging in and automate their interaction with the system: make them interact with the system to order goods. So it's not just unit testing of my system but rather demonstration of how it works in real life. And I want to spawn many users to see how my system can handle many requests at once.
Is there some kind of framework for that? How would you implement this? Thanks.
There are plenty of software available for this specific need.
https://jmeter.apache.org/
https://www.cypress.io/
https://www.browserstack.com/selenium#:~:text=Selenium%20is%20an%20open%2Dsource,%2C%20and%20C%23%2C%20among%20others.
Go through these, hope you will find your solution
After I written most of my websites in a way which you don't even want to see, I now came to a point where I mostly think about what I am doing instead of just typing it. Some friends of mine and me now have developed a game. It is quite a mixture of good and bad styles, but thats another story. Now I want to reimplement our webservices to make it possible to host all our stuff with a single RESTful API.
My most important goal is to keep everything very clear and understandable. So I'd like to have a main system which, for example manages all users so you can address all users at http://example.com/user/XXXX
The next point is that I want to be able to have some resources for special sub-services like stats for a game which then is accesible at http://example.com/user/XXXX/gamename/stats In this case the user management system should be able to authorize or reject the access and then redirect to the service which manages the game (e.g. another server).
Also the whole system should be able to make a difference between the game which calls the stats, or the user who wants to see his stats in the browser via our website)
Is there a state of the art way to implement a system like this?
Your description of the problem is too vague, but from what I can understand I would suggest having a look at Web Api. For real-time communication between clients and server, also have a look at SignalR.
Here's my scenario. I am writing a web app for a client that needs to be portable, i.e. they need to plug it into different PCs (Windows) and have it simply work. Life would have been easier if they could just put it up on a domain, but no can do in this case, cause internet access might not always be available. So, I am trying out Railo Express with Jetty (http://www.getrailo.org/index.cfm/download/) which has everything I need. I actually managed to install (well, copy and configure really) the package on a USB stick, created a new site in the "/webapps" folder and wired that up, then downloaded the drivers for SQLITE and got that connected and working just fine.
This is not going to be a very intense web app at all, or does it need many users connected to it (max 2-3 at a time). I use Bootstrap and other than a Dashboard with a couple of graphs, all the pages are basically forms and read/write to the SQLITE db.
So, while everything seems to work do you think this is a viable solution? It seems to work fine, but will I run into any issues, like perhaps performance or compatibility issues with the different PCs the client might be using? And is there a better way of doing this?
EDIT:
Thanks for replying guys. Here's some more info to hopefully clear things out. I should have been more specific as to why use a portable web app. The app is for a car wash business to log the business going through. There is basically one computer at the counter where things will be accessed from (and the USB will be attached here), and possibly one iPod at the entrance where cars going in will be logged by the attendant (and will connect to the local computer via wireless). The reason for portability? They want to take the stick home with them and review stats, so it's either a full installation on the computer and a backup on the stick (extra work), or just everything on the stick. The reason for not simply going online and making things easier for everyone: tricky internet reception, which would mean downtime of the app.
From your descriptions it looks like a simple and not very intensive application. Based on my experience with Railo Express, I think you have the power needed to run this.
What I would do is to install the application on the computer at the counter since that is the main hub (you mention the iPad connecting wireless). Use the stick as a backup and before they take it home, make sure the stick is updated with data. You might also consider designed the app so that there is separation between writing data and consuming it (e.g. people at home running reports).
Will the app on the stick run at home, most likely it will work, or if you run into some problems will not be hard to fix.
I need to design and implement a Java web application that can be used by multiple users at the same time. The data that is handled by this application is going to be huge and may take about 5 minutes for a page to display the results(database records).
I had designed this application using HTML, Servlets and JSP. But when two users would try to get the records, only one user was able to view the results while the other faced an error.
I always thought a web application would take care of handling multiple users but this is not the case.
Any insights on this would be highly appreciated.
Thanks.
I always thought a web application would take care of handling multiple users but this is not the case.
They do if they're written correctly. Obviously yours is not. That's all we can tell you unless you give more information, most importantly details of the error shown to the second user.
One possibility is that everything is OK on the web layer but your DB access for the first user causes an exclusive lock so that the second user cannot access the data at the same time. This could be fixed by using non-exclusive read locks. How to do that depends mainly on what DB you're using.
Getting concurrency right requires you to choose the correct tools and use them correctly. It doesn't just happen magically because it's a web app.
What are are using to develop this web-application? If you are developing it in your own way from the start I must say you are trying to re-invent the same wheel which has been already created and enhanced by very solid frameworks.
I suggest you analyze your requirements thoroughly and study some available frameworks. Let them handle the things like multi threading and other aspects in the best possible manner.
Handling multiple request at a time is a container work and as an application developer we have to concentrate how we are handling and processing those requret being forwarded by the container.
I must suggest you to get some insight how web-application work and how request -response cycle happens
I want to encrypt a given data using the log-in user's password on a windows machine using WINAPI. I've been looking for a function that uses a token (or something like that) but I couldn't find one.
Does anyone know how to do that?
Thanks! :-)
The Windows Data Protection API sounds like what you need. The CryptProtectData and CryptUnprotectData functions perform encryption using the logon credentials of the current user.
I had written this answer earlier but then reconsidered, since I hadn't heard of the DPAPI before. However, upon some further consideration, I'd like to offer the following opinion. The important preface here is that it all depends on your needs, though. Two conflicting possibilities come to mind:
You want to offer your user complete protection and encryption that the user can trust only she will be able to decrypt, no matter the circumstances.
You're an enterprise IT manager and have all employees on a tight leash. You want them to encrypt business data as part of their workflow so that they cannot see each other's data, but the admins can happily read everyone's data.
If you're in situation (2), then stop reading now and go with DPAPI, which is well suited to that case. If you prefer scenario (1), then read my original answer below.
That's probably not a good idea. Here's why:
The actual password will not be stored on the system (unless you have Windows 3.11 or something like that). Instead, only a hash of the password will be stored, and at login time the password that the user enters is hashed and compared to the stored hash.
So at best you could retrieve the stored hash from the system (if you have admin rights, say). However, if that's the only datum you can go on, then any encryption key you make will be derived from that hash, rather than from the actual password. Thus anyone with access to the system could get to the stored hash, and from there derive the encryption key with relative ease.
In short, don't. Ask the user for a dedicated, fresh password for your data and use it for only that.
use Kerberos (Linux-based authentication server, or other servers using Kerberos) / LDAP framework (Windows server) instead of designing your own login algorithm.
Windows Platform SDK & 3rd-party libraries have connectors with these frameworks.
More information in MSDN about Kerberos: http://msdn.microsoft.com/en-us/library/ff649429.aspx
How to safely store a password
Win32 bcrypt: http://msdn.microsoft.com/en-us/library/aa375421%28v=vs.85%29.aspx