So I'm building my own spell check provider but it's rather a specific one to certain cases and doesn't correct all mistakes. Is there a way to spell check through my provider then forward the word to another provider ( Microsoft spell check )? This would be useful if anyone wants to extend Microsoft spell checker features.
You would need to be both a provider and a client, but there isn't a way to request a specific spell check provider when you are the client. That is controlled only by the user. I'm guessing from your question though that you want to support a specific case like legal or medical terms. If that's the case, you may want to consider just adding a word list of these terms and allowing the built in provider to handle.
Related
I would like to ask you if it is possible to create constraint in Neo4j(cypher) with the usage of regex.
To be specific, I have lot of nodes which serves as IPs and I would like to ensure, that each node(property ip_address) is having proper format for IP address.
If the answer is no, is there any workaround ? The only one which currently comes to my mind, is to check every node in programming language before adding them to Neo4j
This isn't currently available in an easy-to-apply constraint form.
While the recommended approach when you need specific formatting is to handle this at the application layer, you could create a trigger that could check if a newly-added node of the given label has the correct formatting and fail out if not.
This does take some additional work and testing however.
TransactionEventHandlers are used to implement this. Here's the TransactionEventHandler java interface you'll need to implement.
Alternately you can use triggers in APOC Procedures to implement this with Cypher.
Is there any method to identify from which source an API is called? source refer to IOS application, web application like a page or button click( Ajax calls etc).
Although, saving a flag like (?source=ios or ?source=webapp) while calling api can be done but i just wanted to know is there any other better option to accomplish this?
I also feel this requirement is weird, because in general an App or a web application is used by n number of users so it is difficult to monitor those many API calls.
please give your valuable suggestions.
There is no perfect way to solve this. Designating a special flag won't solve your problem, because the consumer can put in whatever she wants and you cannot be sure if it is legit or not. The same holds true if you issue different API keys for different consumers - you never know if they decide to switch them up.
The only option that comes to my mind is to analyze the HTTP header and see what you can deduce from it. As you probably know a typical HTTP header looks something like this:
You can try and see how the requests from all sources differ in your case and decide if you can reliably differentiate between them. If you have the luxury of developing the client (i.e. this is not a public API), you can set your custom User-Agent strings for different sources.
But keep in mind that Referrer is not mandatory and thus it is not very reliable, and the user agent can also be spoofed. So it is a solution that is better than nothing, but it's not 100% reliable.
Hope this helps, also here is a similar question. Good luck!
When creating or editing a model that contains a reference/foreign key to another object, you have to use the uri of that object. For example, imagine we have two classes: User and Group. Each Group has many Users and each User can belong to exactly one group.
Then, if we are creating a User, we might send an object that looks like this:
{"name":"John Doe", "group":"/path/to/group/1/"}
instead of
{"name":"John Doe", "group_id":1}
I believe this is related to one of the principles of HATEOAS, but I can't find the rationale for using the resource uri rather than the id. What are some reasons for using the uri?
(I'm not interested in opinions about which is better, but in any resources that can help me understand this design choice.)
I'll take a stab
The simplest reason is that surrogate keys like your 1 only mean something within the boundaries of your system. They are meaningless outside of the system.
Expanding on this, you could build your app such that there's no limitations on the URLs that identify groups, only the conformance of the resources gathered from the response of those URLS. Someone could add a user in your system that is in a group in the FaceBook system, as long as the two systems could negotiate what a group is. There are standards for concepts like group, and it's not impossible to do such a thing.
This is how most web apps work. EG: the citation links in a wikipedia article which can point to any other article (until the wiki trolls remove it for not being an appropriate citation resource...)
having your app work like this gets you closer to RESTful conformance. Whether or not you consider RESTful architecture a good idea is what you asked us not to discuss, so i won't.
Another often cited benefit would be the ability for you to completely re-key your setup. You may dismiss this at first...but if you really use 1 for id's, that's probably an int or long, and you'll soon run out of those. Also such an id means you have to sequence them appropriately. At some point you may wish you had used a guid as your id's. Anyone holding on to your old ID scheme would be considered legacy. The URLs give you a little abstraction from this..old url's remain a legacy thing, but it's easier to identify a legacy url than it is to identify a legacy id (granted not much...it's pretty easy to know if you're getting a long or a guid, but a bit easier to see a url as /old/path/group/1 vs /new/path/group/). Generally using URLs gives you a little more forward compatibility and room to grow.
I also find providing URLs as identifiers makes it very easy for a client to retrieve information about that thing. the self link is so VERY convenient. Suppose i have some reference to a group:1....what good is that? How many UI's are going to show a control that says "add group 1". You'll want to show more. If you pass around URLs as identifiers of selections then clients can always retrieve more information about what that selection actually is. In some apps you could pass around the whole object (which would include the id) to deal with this, but it's nice to just save the URL for later retrieval (think bookmarks). Even more importantly it's always nice to be able to refresh that object regularly in order to get the latest state of it. A self link can do that very nicely, and i'd argue it's useful enough to always include...and if an always included self link identifies the resource...why do you need to also provide your surrogate key as a secondary identifier?
One side note. I try to avoid services that require a url as a parameter. I'd prefer to create the user, than have the service offer up possible group memberships as links, then have the client choose to request those state transitions from non-membership to membership. If you need to "create the user with groups" i'd go with intermediate states prior to actual submission/commitment of the new user to the service. I've found the less inputs the client has to provide, the easier the application is to use.
We are looking at using a library to help us detect SQL injections.
We are using sprocs and parametrized statements, but for the sake of this post that we are only using some sore of library that detects/ verifies user input.
Whats the best one? Easiest to implement? Easiest to update/manage?
Why prefer one over the other?
On a side note:
I've just started using Owasp. with C#.
I was hoping that there would be more default rules while validating.
When using the isValid function, there are only 5 default rules.
CREDIT_CARD -- Rule name key for the credit card validation rule.
DATE -- Rule name key for the date validation rule.
DOUBLE -- Rule name key for the double validation rule.
INTEGER -- Rule name key for the integer validation rule.
PRINTABLE -- Rule name key for the printable validation rule.
I was hoping that there would be more default rules for string SQL Injection Detection.
Thanks
Using stored procs is a pretty big step in the right direction. What I’d add to that is input validation which it looks like you’re trying to do with the OWASP ESAPI library but it pretty simple to implement by regex in most cases. You should find plenty of publicly available patterns for most untrusted data.
The other thing you might want to do is to apply the principle of least privilege at your data layer. Consider using more than one SQL account and restricting the access of your account(s) used by publicly facing users to the absolute bare minimum functions. You’re using stored procs; try and avoid any datareader or datareader rights if you haven’t already.
More info in OWASP Top 10 for .NET developers part 1: Injection
I'm using AntiXSS for validating user input - specifically including protection aganist SQL Injection. I've seen a few attacks but nothings gotten through - so seems to work well for me.
Also - Troy knows what he's talking about - His article on the subject is a really good one :)
What is the normal way to send crash reports, product registrations, etc? In other words, how do you guarantee your C++ Windows apps can 'call home'?
I'm not a novice by any means but I'm completely lost in this area. I've never done it before so would appreciate any advice.
Kind Regards,
For crash reports I would strongly recommend taking advantage of Microsoft's WinQual service rather than attempting to create your own. It's free and seamlessly integrated with Windows, at least since XP. It also requires no code or client-side changes at all at its most basic level. To take advantage of more advanced features you can use the Windows Error Reporting APIs.
Code I've written simply creates an email with the required information using the users default email application with information in plain text. I always get the permission of the user to send it, explaining clearly why I think the information is necessary. Nothing is sent without their express permission.
I also prefer to use plain text (not alway possible with memory dumps and such) so they can check what's being sent and no personal or identifying information.
I'm very careful with that stuff since there are possible legal implications with doing it, at least in the jurisdiction where I operate. In any case, it should always be done with the users permission as a matter of courtesy.
As far as crash reporting is concerned, there's WER for starters. It has its drawbacks (the biggest being you have to sign up for it at microsoft and all reports are sent to a central microsoft server) and is best for driver software.
If you need anything else (add your own wishes here), you can either roll your own solution (codeproject.com search provides a few alternatives - just go "crash report").
Regarding product registration - there must be 3rd party solution available as well. I have not heard of anything "built-in" for that, but it is a vast topic - you have to be more specific on features you're after.