My team has been migrating the old rundeck 1.6.6 to 3.1.2.
Besides Rundeck, we also have a lot of web interfaces that query (Ajax) rundeck's API.
That used to work because we just needed to be logged in to rundeck.
It doesn't work anymore! (as you might have guessed)
There is a need for the user to be connected to order handle his access roles (what he can and cannot do).
I saw a mention that this feature was disallowed by default, but i cannot find anywhere which option to change in order to reallow it again.
Do you guys have an idea please?
Related
I am working on a site that uses the PayPal API. This new site will replace the old site at my job. As of right now, I need to check what data the old site sent to the PayPal API. Is there a way to check what data is being sent to and from a different site or API? It is data that is not typed in by the user, but data that already exists in the database that is being sent to the API.
Any help or advice would be great.
Thank you!
It "depends". On Windows platform you could use:
Fiddler or;
Microsoft Message Analyzer
to inspect traffic i/o (on the client system where either tool is installed). I'm sure other platforms will have similar tools.
Chrome Dev (or any other browser) tool will help with browser based traffic.
IMHO, depending on how "old" the existing system is, it maybe worth looking at the API again to see if any newer features are worth the effort since you're updating things...and seems to me getting paid/payments systems/ops would be something high on the priority list :)
Hth...
Does anyone know how to push tickets from one Trac instance to another?
The problem that I'am trying to solve is the following:
Our company is doing some development for big international firm (let's call it CompanyX) that has everything behind VPN's. We have our Trac, hosted at our firm, which we use for management of all our projects. CompanyX also uses Trac, and since the developers from CompanyX cannot use our Trac for tracking bugs, requests and issues, they use their own. The reason is that their security policy is very restrictive with no Internet access to our server, and nothing can be done about that.
The problem is that we are also forced to use THEIR Trac because they prefer to communicate everything through it internally, and they expect from us to conform to their workflow as well. And for that purpose we have to connect to their VPN via some IE java plugin client from Juniper (which does not remember passwords) and every time have to configure whatnot, just to see a ticket or two on weekly basis which is really tiresome.
Since the communication is mainly one directional, from client to our firm, with no real interaction, I was wondering is there an EASY way to just push (or even sync) the tickets and their updates from client's Trac to our Trac server which would satisfy their outsourced security provider?
(It is not possible for us to touch the Trac's source on their server, so by EASY, I mean some plugin or script or something similar which would be easily accepted by their admin)
There is TicketImportPlugin that can import tickets from csv or excel files. The opposite is to export tickets as csv or tsv files via link on the bottom of a ticket page.
TicketMoverPlugin is able to move tickets from one Trac instance to another.
You should be able to do something using the XMLRPC plugin. You can script up an application that queries your client's Trac for tickets (using ticket.query()), then grabs the ticket details (ticket.get()) and posts them to your Trac in a new ticket (ticket.create()).
This would require both Trac instances to install that plugin and create a trac account that has the XML_RPC permission. You will have to make sure that your client finds this acceptable. Since it's a pre-packaged plugin that you can enable on a per-account basis, it shouldn't disrupt their normal workflow very much.
Background:
One of my clients' websites has become a malware infested hotbed.
Disposing of the malware has proven difficult and time consuming, and, in the meantime, we still have had to do work on the site.
For now, we went to some trouble to do our work - creating a disposable VM to just run a web browser, so we can see what the site looks like for the designers' work, for example.
I'm wondering if there's an easier (and faster) way to get an idea what the design of the site looks like. Not everyone on the project is tech savvy enough to be trusted with, for example, properly handling switching VMs.
Question:
Is there a method for safely seeing what a malware infested website looks like (for example, a service which will browse the site for me and send a screenshot), one which ideally is easy and simple enough to use that I can trust our non-tech-savvy designers to user?
You might take at look at Internet Archive: Wayback Machine to see if the site has been archived.
If a screenshot is all you need, there are several online browser simulators, such as Net Renderer (which will run any inputted web URL in a given version of Internet Explorer and then supply a screenshot). You might also try BrowserStack, which requires an account, and is not free, but does have a free trial period, and offers more than Internet Exploder.
You could also try running a browser in Sandboxie, which is simpler to set up and use than a VM (you just install it, and then use the windows right-click menu to launch any program in a sandbox of your choosing). However, it isn't free for commercial use.
I don't know if exist a standalone tool to parse a website for malwares, but I think this can help you, it's a google tool that you can you with a request and they will send you a response.
Follow the link:
http://support.google.com/webmasters/bin/answer.py?hl=en&answer=168328
Hope it helped.
I have an existing application working on DNN 4.3. I am planning to write another application using DNN 6.2. I want to share user infromation between these two instances.
Is importing user data my only option or is there a better way of doing this.
Almost surely using the Datasprings Interactive User Import tool will be the best option. This option is preferred if you can get by with syncing either once, or at intervals larger than a week.
A second option is to verify that both web.configs have the same machinekey and to sync your user-authentication-system tables in a more manual fashion. I'm not sure if the user-authentication-system tables have changed between version 4.3 and version 6.2; I'd wager that they've changed a little and that you will have to build a manual syncing tool. DotNetNuke has its own UAC tables that ride in parallel to the standard ASP.NET UAC tables. Both will have to be synced if you go this route. This option will likely require a serious bit of research and development.
Is this sort of thing that would be of use?
"Cross Portal Authentication: If a user attempts to login that belongs to another portal but not in the current portal then they are automatically registered to the current portal and logged in."
If so then see OnyakTech LogIn. It will take a bit of work to set up, however the developer provides good support. Worth investigating to see if its of use.
I'm in the process of installing an open-source Python based web application to an internal server here at work. The existing code is open - it doesn't require a login to view it - but one of the requirements is that users have to be approved before they can see anything.
Is there a good way (using Apache configuration files for example, but any method would be great) to wrap the application so that any access requires a login? I would like to avoid modifying the open-source code (a maintenance nightmare every time a new release comes out).
Any thoughts or suggestions?
Apache supports Authentication, Authorization and Access Control.
It is a detailed process, and summarising it here would not do it justice. I refer you to the link provided,