I want to create a way to notify users about expiring certificates that they may possess in a predetermined amount of time before it actually expires (ex. 1 week, 1 month, 6 months, etc). Are there any other ways to run this system other than using a cronjob that perhaps checks all stored certificates once a day to see what certificates are expiring soon? Or is this the industry standard?
Related
I would like to know if AWS Cognito offers any facility where I can configure to disable a confirmed user if the user hasn't logged in for, say 60 days.
One way I thought of doing this is to keep track of the user's last logged-in date and calculate if it exceeds 60 days. If yes, then disable the account by using AdminDisableUserCommand from the SDK.
But before I do this I want to know if AWS offers any out-of-the-box solution to disable users who haven't logged-in for a while.
I saw the following link which talks about deleting an unverified user.
How to delete a AWS Cognito user automatically after certain time
But as my case slightly differs of actually disabling a confirmed user, I feel there might be some out-of-the-box solution provided where I do not have to rely on a Lambda trigger.
Is this possible?
The company I am working at offers a web based calculation tool which has to be paid monthly (a fixed price for a license).
Normally, users go to our website and authenticate themselves with their credentials and then can use the application. When they cancel their subscription they are not able to use the tool anymore, obviously.
Now another company called us because they want to provide our application for their own clients. We have already fixed that they have to pay a license fee for every of their clients. But there is also a restriction: their users should not have to log in on any of our websites (only on the website of our client). But the web application is hosted on our server and is loaded as an iframe.
Now there is that problem that we are not sure whether our client tells us the correct number of people who use our application wherefore we would like to verify that in some way.
One of my ideas is the following:
Our client has to call an API for every users who would like to use our application in order to submit some information like name or an unique ID of that user
When the user would like to access our application, an ID parameter is appended to the iFrame URL
I think that this is not a very good solution because our client could use the same ID for every access and pretend that only one users uses the application. By saving the ip address and id of the accesses it is possible to determine fraud in some cases because ip address will not change frequently.
We even do not have to know WHICH user accesses the application but only the NUMBER of users per month.
I am interested if there is a cryptographic solution where it is hard to cheat. Something like an authentication method which does not require any interaction of the user.
Well you can't. You should require the partner to issue a token for each user so you know they came from the partner.
You could have the partner call an api you expose to issue a one time token for a user and specify user id and IP. You could alternatively have the partner digitally sign such a login request.
If you bill the partner per user, and the partner decitfull he could claim less users.
You can fingerprint the users, you can give long term coockies, you can check IP and fonts installed etc. These will allow you to detect most types of fraud.
If you give a declared userId a cookie and then see him again without it, you assign him a new cookie and then later see the first cookie again while the partner is always declaring same id that is a very strong indicator of fraud.
If I was the decietfull partner I would pair up geographicly close users and merge their IDs. it would look no different from a user with two devices. But this still limits the extent of fraud possible. Two devices per user is plausible. 10 less so.
Find business partners you trust.
Recently I renewal my developer account. But unfortunately i didn't delete UDID's from the list. Now it reaches 100. I have 9 months time to again renewal my account. SO how can i add new UDID's ? Is there any chance again to renewal my account for adding/ Managing devices.Please provide me suggestion.
As far as I know there is no way to remove old UDIDs before next license renewal.
So I suggest you to buy second developer license and use it for you needs.
I am working on an iPhone app and I want to implement the new model of auto-renewal for in-app purchases. I am able to successfully implement transactions and can even get subscribed to the app, but what if the user cancels the auto renewal subscription?
How will I be able to know that it has been cancelled, and so not continue to allow access (once expired)?
You can find the expiration date of a user's subscription by sending a receipt verification to Apple's servers. Check out figure 1-3 on the In-App Purchase Programming Guide.
Basically the steps are:
On the device, get a transaction receipt for an in-app-purchase. Either one you've saved during a transaction or by calling [SKPaymentQueue restoreCompletedTransactions].
Send that receipt to your server. (This is preferred over trying to do a receipt verification with Apple's servers directly from the app, since that would require you to store your shared secret on the device.)
Send the receipt to Apple's servers from your server, and in the response look for a key named expires_date (expressed in milli seconds since Jan 1, 1970 GMT).
I used this guide to help me on the server side: Verifying Apple App Store Receipts For In App Purchases With PHP and cURL.
There is no way to determine if the user has auto-renewal turned on or off. Apple doesn't give you access to this information. The only way is to wait until the expiration date passes without a renewal.
if the receipt status is 21006 and there is a key named cancellation_date, then it's a cancellation, you can find the new expiration date in that key but it's a formatted date, if you need a better value to parse check for receipt['latest_expired_receipt_info']['cancellation_date_ms'] same as expires_date
I am having a product and its license is gets validated from server. Can any body tell me how many test scenarios i can prepare on this to validate license...?
How do we know how many unless we know how the validation works? ;-)
Well if you server validated based on time try changing the time in the client and valdate.
Change system time (future date) , install app and then change the date to current date and then try validating.
Enter the same license key (if any) in two copies and try validating
You might also want to consider using an off-the-shelf license server scheme like FlexNet. This allows your customer to manage your product licensing along many other licensed products.
Validate whether the license will work for 24 hours or not
Validate whether the license will expire in 24 hours or it will expire in 24:59:59
(Ex: When a license expires in one day then check whether it expires in 24 hrs or same day 24:59:59)