I am kind of new to Geocoding. What I want to do is pull a bunch of names of places from the DB, and display them as markers on the page. And then allow people to choose different options which would force another db query, which would place a number of new markers on the page.
Is that possible? It seems like relatively simple functionality, but since I am not good at JSON, it is giving me a hard time.
Thanks,
Alex
There are lots of ways to geocode and really you need to give more information!
For example, in an offline environment, MapPoint is a pretty good solution (costs about $200/300 license). It can be made to work on a webserver but isn't usually worth the effort.
For a web server, then I would look at a web service. These are usually limited for free use, or pay for heavier (or commercial) use. Your question is too wide to give specifics, but look at the web services provided by Bing Maps, Google Maps, Yahoo (yes they're still around), and OpenStreetMaps-based. bing Maps and Google Maps look like they'll be around for a long time - but might cost, depending on your application. OpenStreetMaps promises to have the widest coverage (including non NAm/EUR countries), but probably doesn't have the coverage of the others, yet.
After figuring this out, I made a tool that takes an address and converts it to lat/lng. It also has a code tutorial: http://comehike.com/utils/address_to_geolocation.php
I hope it helps people. Would be fun to get feedback too :)
Related
I am trying figure out which one (Pedestal, Hoplon, Bidi) should i use? I didn't find any good article in the Internet which help me with this choice.
From https://github.com/juxt/bidi i can read Pedestal is isomorphic, but Bidi is also cljs. What is it mean? What is the difference?
I found compojure is too simply. I can't even generate URLs in HTML templates. I started looking something else. I found also route-one (library to generate URLs working with compojure), but i guess soon i will discover i need something more then compojure have again.
My intuition say me to choose between: Pedestal, Hoplon and Bidi.
What i need:
I want have independent business model architecture like
http://blog.8thlight.com/uncle-bob/2012/08/13/the-clean-architecture.html
http://blog.find-method.de/index.php?/archives/209-Dependency-inversion-in-Clojure.html
I don't want depend this part of code with any framework. Less dependency is better.
On next stage i want inject this model business into something like bridge, which will be the connector with user interface. It can be time for framework or additional libraries.
And at least i want create frontend user interface as website. It will be dynamic content with ClojureScript or mayby static. I don't know. I have to thing about both.
What i found out in Clojure i really like conception of building my own set of libraries based on my preferences. But i don't want write my own code to use things like generate URLs for routes. So mayby i should also consider route-one?
Please write something clever what help me choose one or complicate my live with some other option to choose :)
https://github.com/juxt/bidi
https://github.com/pedestal/pedestal
https://github.com/tailrecursion/hoplon
https://github.com/clojurewerkz/route-one
This is an ancient question, and I don't pretend to have an answer (much less "the" answer). But I'm googling for some of the same basic pieces tonight, and my search results came back with this response.
So I figured I'd jot down notes about my [very] limited understanding here.
Bidi seems awesome. From what I've seen, juxt produces very high quality software. For places where I need REST-style interface routing (which includes sending related routes back), this is my current GOTO choice.
Pedestal - also awesome. But it seems to be a very different use case. Routing
is a very small subset here (and they've tried multiple approaches to come up with a really good set of options). This seems to be more of a fairly low-level full-featured server-side library for integrating the code you care about with the underlying server pieces that you don't.
To be honest, I'm not sure Pedestal's routing libraries really support the reverse endpoints you have to have for REST. I think they almost definitely do, but I'm not positive. My use cases have all been about their interceptor chaining abstraction, which is mind-blowingly awesome.
Hoplon - I haven't looked at this in 2-3 years. At the time, it seemed like a big, bold, high-level kitchen-sink framework that's somewhere in the same ballpark as Ruby On Rails (although I think there are also front-end components). I've been writing API end-points, and this didn't seem like a good fit at the time. It deserves more attention than I gave it.
route-one - I hadn't heard about it before this question. I've gotten good impressions from everything that I have used from clojurewerkz, but that usage has been very light.
I am looking for a geocoding service where I can make a request with an address or intersection, not necessarily separated into separate fields (street, city, state, etc.) and get the latitude and longitude, along with suggestions and corrections for misspelled or ambiguous queries.
I really like the Google Geocoding API, but the terms of use say that I am not allowed to store the responses or use the service for any purpose other than showing the result on one of their maps. I am planning to use it for a lightweight, mobile-friendly website that may have the option of displaying results with text only, so this would not work, assuming I am interpreting their terms correctly.
The Yahoo PlaceFinder API looks nice but it comes with similar restrictions.
I am trying to decide what would be a good choice. The Bing API looks good. I don't see any sort of restriction in their terms but am I missing something?
Does anyone know what would be a good choice? I have very limited funding, so I would prefer something that is free or cheap, at least for the near future.
You could try Nominatim, it's a tool to search OpenStreetMap data by name and address.
MapQuest provide a free API as long as you give the appropriate credit
I'm not sure how well it handles misspellings or ambiguous queries though!
I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications.
I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development).
Is anyone aware of a similar tool? Preferably it should be:
cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok)
open source (I really like being able to audit my security tools)
able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)
Edit: I'd like to clarify my goal: I'd like a tool that directly writes the result of a successful XSS/SQL injection attack into the database. The idea is that I want to check that every place in my app does correct output encoding. Detecting and avoiding the data getting there in the first place is an entirely different thing (and might not be possible when I display data that's written to the DB by a third-party application).
Edit 2: Corneliu Tusnea, the author of the tool I linked to above, has since released the tool as free software on codeplex: http://xssattack.codeplex.com/
I think metasploit has most of the attributes you are looking for. It may even be the only one that has all of what you specify, since all the others I can think of are closed source. There are a few existing modules that deal with XSS and one in particular that you should take a peek at: HTTP Microsoft SQL Injection Table XSS Infection. From the sounds of that module it is capable of doing exactly what you are wanting to do.
The framework is written in Ruby I believe, and is supposed to be easy to extend with your own modules which you may need/want to do.
I hope that helps.
http://www.metasploit.com/
Not sure if this is what you're after, its a parameter fuzzer for HTTP/HTTPS.
I haven't used it in a while, but IIRC it acts a proxy between you and the web application in question - and will insert XSS/SQL Injection attack strings into any input fields before deeming whether the response was "interesting" or not, thus whether the application is vulnerable or not.
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
From your question I'm guessing it is a type of fuzzer you're looking for, and one specifically for XSS and web applications; if I'm right - then that might help you!
Its part of the Open Web Application Security Project (OWASP) that "jah" has linked you to above.
There are some Firefox plugins to do some XSS testing here:
http://labs.securitycompass.com/index.php/exploit-me/
A friend of mine keeps saying, that php-ids is pretty good. I haven't tried it myself, but it sounds as if it could approximately match your description:
Open Source (LGPL),
Cross Platform - PHP is not in your list, but maybe it's ok?
Detects "all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks" (this is from the FAQ)
Logs to databases.
I don't think there is such a tool, other than the one you pointed us to. I think there's a good reason for that: It's probably not the best way to test that each and every output is properly encoded for the applicable context.
From reading about that tool it seems the premise is to insert random xss vectors into the database and then you browse your application to see if any of those vectors succeed. This is rather a hit and miss methodology, to say the least.
A much better idea, I think, would be to perform code reviews.
You may find it helpful to have a look at some of the resources available at http://owasp.org - namely the Application Security Verification Standard (ASVS), the Testing Guide and the Code Review Guide.
Background:
I have a new site in the design phase and am considering using ColdFusion. The Server is currently set-up with ColdFusion and Python (done for me).
It is my choice on what to use and ColdFusion seems intriguing with the tag concept. Having developed sites in PHP and Python the idea of using a new tool seems fun but I want to make sure it is as easy to use as my other two choices with things like URL beautification and scalability.
Are there any common problems with using ColdFusion in regards to scalability and speed of development?
My other choice is to use Python with WebPy or Django.
ColdFusion 9 with a good framework like Sean Cornfeld's FW/1 has plenty of performance and all the functionality of any modern web server development language. It has some great integration features like exchange server support and excel / pdf support out of the box.
Like all tools it may or may not be the right one for you but the gotchas in terms of scalability will usually be with your code, rarely the platform.
Liberally use memcached or the built in ehache in CF9, be smart about your data access strategy, intelligently chunk returned data and you will be fine performance wise.
My approach with CF lately involves using jQuery extensively for client side logic and using CF for the initial page setup and ajax calls to fill tables. That dramatically cuts down on CF specific code and forces nice logic separation. Plus it cuts the dependency on any one platform (aside from the excellent jQuery library).
To specifically answer your question, if you read the [coldfusion] tags here you will see questions are rarely on speed or scalability, it scales fine. A lot of the questions seem to be on places where CF is a fairly thin layer on another tool like Apache Axis (web services) and ExtJs (cfajax) - neither of which you need to use. You will probably need mod-rewrite or IIS rewrite to hide .cfm
Since you have both ColdFusion and Python available to you already, I would carefully consider exactly what it is you're trying to accomplish.
Do you need a gradual learning curve, newbie-friendly language (easy for someone who knows HTML to learn), great documentation, and lots of features that make normally difficult tasks easy? That sounds like a job for ColdFusion.
That said, once you get the basics of ColdFusion down, it's easy to transition into an Object Oriented approach (as others have noted, there are a plethora of MVC frameworks available: FW/1, ColdBox, Fusebox, Model-Glue, Mach-ii, Lightfront, and the list goes on...), and there are also dependency management (DI/IoC) frameworks (my favorite of which is ColdSpring, modeled after Java's Spring framework), and the ability to do Aspect-Oriented Programming, as well. Lastly, there are also several ORM frameworks (Transfer, Reactor, and DataFaucet, if you're using CF8 or earlier, or add Hibernate to the list in CF9+).
ColdFusion also plays nicely with just about everything else out there. It can load and use .Net assemblies, provides native access to Java classes, and makes creating and/or consuming web services (particularly SOAP, but REST is possible) a piece of cake. (I think it even does com/corba, if you feel like using tech from 1991...)
Unfortunately, I've got no experience with Python, so I can't speak to its strengths. Perhaps a Python developer can shed some light there.
As for url rewrting, (again, as others have noted) that's not really done in the language (though you can fudge it); to get a really nice looking URL you really need either mod_rewrite (which can be done without .htaccess, instead the rules would go into your Apache VHosts config file), or with one of the IIS URL Rewriting products.
The "fudging" I alluded to would be a url like: http://example.com/index.cfm/section/action/?search=foo -- the ".cfm" is in the URL so that the request gets handed from the web server (Apache/IIS) to the Application Server (ColdFusion). To get rid of the ".cfm" in the URL, you really do have to use a URL rewriting tool; there's no way around it.
From two years working with CF, for me the biggest gotchas are:
If you're mainly coding using tags (rather than CFScript) and formatting for readability, be prepared for your output to be filled with whitespace. Unlike other scripting languages, the whitespace between statements are actually sent to the client - so if you're looping over something 100 times and outputting the result, all the linebreaks and tabs in the loop source code will appear 100 times. There are ways around this but it's been a while - I'm sure someone on SO has asked the question before, so a quick search will give you your solution.
Related to the whitespace problem, if you're writing a script to be used with AJAX or Flash and you're trying to send xml; even a single space before the DTD can break some of the more fussy parsing engines (jQuery used to fall over like this - I don't know if it still does and flash was a nightmare). When I first did this I spent hours trying to figure out why what looked like well formed XML was causing my script to die.
The later versions aren't so bad, but I was also working on legacy systems where even quite basic functionality was lacking. Quite often you'll find you need to go hunting for a COM or Java library to do the job for you. Again, though, this is in the earlier versions.
CFAJAX was a heavy, cumbersome beast last time I checked - so don't bother, roll your own.
Other than that, I found CF to be a fun language to work with - it has its idiosyncracies like everything else, but by and large it was mostly headache free and fast to work with.
Hope this helps :)
Cheers
Iain
EDIT: Oh, and for reasons best known to Adobe, if you're running the trial version you'll get a lovely fat HTML comment before all of your output - regardless of whether or not you're actually outputting HTML. And yes, because the comment appears before your DTD, be prepared for some browsers (not looking at any one in particular!) to render it like crap. Again - perhaps they've rethought this in the new version...
EDIT#2: You also mentioned URL Rewriting - where I used to work we did this all the time - no problems. If you're running on Apache, use mod_rewrite, if you're running on IIS buy ISAPI Rewrite 3.
do yourself the favor and check out the CFWheels project. it has the url rewriting support and routes that you're looking for. also as a full stack mvc framework, it comes with it's own orm.
It's been a few years, so my information may be a little out of date, but in my experience:
Pros:
Coldfusion is easy to learn, and quick to get something up and running end-to-end.
Cons:
As with many server-side scripting languages, there is no real separation between persistence logic, business logic, and presentation. All of these are typically interwoven throughout a typical Coldfusion source file. This can mean a lot more work if you want to make changes to the database schema of a mature application, for example.
There are some disciplines that can be followed to make things a little more maintainable; "Fusebox" was one. There may be others.
Having a small, SEO-friendly corporate site behind a basic password protection scheme, I'd like to add a basic search facility by using one of the off-the-shelf solutions. (I don't mind Google, or Yahoo having the site's content, as long as it doesn't leak to the web).
Google doesn't seem to support this, so I'd like to ask the SO community for recommendations, and pros/cons of each (preferably free) solution? (Rolling my own is the least prefered solution)
Wikipedia has a nice list of Enterprise Search Vendors which links to information about each of them. It's a bit difficult to recommend certain ones without knowing what breadth of features you are looking for past text indexing.
Xapian is one of the free solutions that is readily availible to integrate with your existing applications in several languages, they also have Omega which is a packaged search solution.
If you can run PHP on your site, Wrensoft's Zoom Search Engine is pretty good. It's free for sites under 50 pages, and cheap for larger sites. I use it for my site at http://entrian.com/source-search/ if you want to see it in action. (I'm not affiliated with Wrensoft - just a happy user.)