So is it possible that when someone accesses my website by sending a request to my server, another post request is sent from his machine to another server ?
if possible where can i find more material on this? thanks !
Related
I need to log the server response body along with the client which requested it.
Tried mod_dumpio which logs the response body but it doesn't reveal
the client IP so I am not able to map the request and response.
The other option was audit log which seemed the exact tool I needed,
but it doesn't support logging actual response body as
yet.
Could anyone please suggest me an appropriate solution?
I was reading some topics about security and how hackers can look at the request you send to the backend to figure out how your system works but I did not find any good solution to avoid this.
So I was wondering what would you do in your app (here an iphone app) to make sure that hackers cannot see the content of the request your sending to the backend.
example http://myserver.com/api.php/login&pwd=test&username=pwd,
how to hide this so that no one can see the content.
I was thinking of different solutions:
1) encrypt the pwd and the username (not ideal as hacker can still see the post function of the server you are sending the request to)
2) use SSL request (I think this is only interesting to secure the connection to the server, meaning if the hacker is using his phone to connect to the server he should be able to see the request he is sending and so see the full URL)
3) change my backend so that all the request are sent to the same post function with an encrypted message. Finally the backend would decrypt and dispatch the message to the right function. This could work as the hacker would only see the url I am sending my request but would not have any information on what I am sending.
example: http://myserver.com/api.php/receiver&message=415gre6168sg4rg4e61g6r8g
"415gre6168sg4rg4e61g6r8g" could be decrypted as:
"login#pwd#username" and so I would be able to send this to the right function
But I am sure some of you have encounter similar issues and have better suggestions, would be interested to see what you would do,
Thanks
Any encryption you add is an extra effort for the hackers.
But in terms of what concerns to Apple use SSL connection should be enought based on iOS and the new IT - Security.
You can read more about the security polices used/recommended by Apple on iOS Security Guide
I am working on a chat app using XMPP Protocol.
I tried following
this tutorial from github . Everything is working fine using
XMPP.
But I'm unable to receive offline messages when user comes
online.
As user A is logged out and user B sends messages to user A, and when user A logs into app, it must receive all the messages that
were sent by user B during offline session.
How can I receive these offline messages?
My app is totally stuck on this issue. Please help if anyone
knows the solution. Any help will be appreciated. Thanks
You need to enable mod_offline on server, if you are using ejabberd XMPP Server.
Here is the code needs to enable module:
ignore_pep_from_offline: true
max_user_offline_messages:
admin: 5000
all: 100
mod_offline:
access_max_user_messages: max_user_offline_messages
Write this code in ejabberd.yml config file.
It will store unto 100 messages per user received when client was offline.
At client side, you may have to register for service:
'http://jabber.org/protocol/disco#info'
If you done this, whenever offline client gets online, server will send those stored messages to respective client.
You've to send Request for offline message if server supports. XMPP works on TCP protocol so as soon as client is up, it should send request to server.
<iq type='get'>
<query xmlns='http://jabber.org/protocol/disco#info'
node='http://jabber.org/protocol/offline'/>
</iq>
I'm working upon Paypal integration for our website. As we know, we will provide IPN URL for every orders processing through Paypal, Last week, I have given a server URL for the Paypal Notification and also using that, I have processed the payments.
But, today, when i shifted my projects into an another server, where i have implemented the same IPN system. But I dont get the Notification for the same URL, in my new server. It seems that my new apache server doesn't support Asynchronous Request Processing.
What can i do to make my server to process Asynchronous Requests. Anyone please let me know, how can i do it?
Thanks in advance.
The "asynchronous" in the word doesn't refer to a feature that has to be activated in Apache. It's just that PayPal sends the request whenever it's ready, and your script calling it has no way of telling when that is.
Most likely, the server move changed something in the server URL. Try out some of the requests that you are telling PayPal to do manually and see what happens and what errors you get.
I am writing one Web Application using XUL. In that Iam using AJAX XMLHttpRequest Object for sending request to server. When I use GPRS connection to send the request to the server from my web application the request is not going, but readyState has changed to 4 and status=0. If the request is not going out how the readyState is Changing.
The same Code working fine in local network. If I send the request to server from the browser using GPRS it is working fine. Can any body help me out in solving this problem.
Thanks in Advance.
the request is not going
How do you determine that?
Do you use the HTTP scheme? If so, status == 0 is an issue, (google says there are known quirks in Firefox).
status == 0 is also returned when the request is using a non-HTTP protocol. So if you're making a file:// request accidentally, it would explain all the symptoms...
[edit 2009-09-07]
Also found this issue: https://bugzilla.mozilla.org/show_bug.cgi?id=488605
aborted XMLHttpRequests have status==0 since Firefox 3.
[edit] I'm not /quite/ sure, but I think that cross-domain requests that are not allowed also end up with status == 0.