Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I just entered a company which is developing a website supporting hosts in Airbnb. Basically, this website will give the recommending price for hosts after they login in the Airbnb.
I noticed that the website have stored the hosts' passwords of Airbnb in database. The passwords are stored in secret code, but it can be encrypted by a key. When a host wants to update the price on this site, the site will send a request to Airbnb to get the token with the password stored in database.
Websites such as Beyondpricing have similar function. I am wondering how they realised it. Should a website storage Airbnb users' passwords?
The general rule is passwords should always be hashed to protect from improper use.
In this case your company (and likely others) are encouraging AirBnB customers to break AirBnB's Terms of Service, from their website:
You are responsible for safeguarding your password. You agree that you will not disclose your password to any third party.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
complete noob here.Any help is really appreciated because we are under the cosh.
My team is building out a bespoke donation form for a charity client and are trying to integrate Paypal.
The problem is that the api we are working with is requesting a Paypal ClientID and ClientSecret ID.
What is the best practice for getting these values? I've read that you have to set up a developer account via Paypal and then set up an app, however, does that mean we require access to their paypal account.
Can they grant limited access to their paypal account so we can create values?
Thanks in advance :)
You'll need to use a sandbox account:
https://developer.paypal.com/developer/accounts/
This will create a dummy version with no real transactions that you'll have full access to, alongside a production version that only your client will see.
You can determine which of these accounts is used through env vars, switching out the client ID as needed depending on which environment you're performing the transactions on.
But at the end of the day, yeah, you will have access to their production client ID and client secret ID. There's no way to get these onto your server unless your client is able to do it themselves.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I am at the beginning of my website project and now for requirements step I want to grouping the roles of website users,there is three roles for the users:
Users who visit the website an use it's free services.
Users who have an account and uses it's more free services.
Users who have an account and monthly pay for using paid services.
Admin user of the website.
What is the best roles for these users?
You seem to have two roles:
Admin
User
The User role seems to be separated into three tiers or types:
Unregistered users
Registered Users
Paid/Subscription Users
That's how you need to be thinking about your groups of users. Admins don't really count unless you have special privileges. How you treat your different levels of users is very important however since I assume your goal is to "land and expand". i.e. Lure in users with free services, get them to register with further offerings and then get them to pay for even more advanced levels of service.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have a web app which requires user to register and login to use it. In the database, i have a serial number for every user that is auto generated. The buisness logic uses these serial number to identify users and not their username or email id. Now if i login using Facebook or google +, how to proceed? without a serial number, the buisness logic fails.
You can auto register the user while making them log into the system by google or fb. Then you can easily auto generate the serial numbers as per your business logic.
You will get more insight by checking this link http://www.sanwebe.com/2012/11/login-with-google-api-php
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I have a database that contains my company clients info. We want to enable those clients to register on our website and see their data. How should be newly registered user matched with Client entity in our database? Should it be manually done by administrator? If so, what data do we need to identify them? SHould the admin be informed by an email?
It's a matter of privacy.
INSECURE SOLUTION
If you don't mind the possibility of someone seeing your client's info, I would suggest the following:
Provide a form for your clients where they enter their customer ID (if they know it) or simply their full name
Match this info to your database and present a pre-filled form to your clients that they only need to check for changes.
SECURE SOLUTION
Send an email to all of your clients asking them to register using their code (you send them their personal code in this email and you can match this to your database).
Alternatively, you can let your clients enter all of their information and manually match this to the client entity in your db. I cannot suggest this, but if you want to do this, check it on a daily basis.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I am looking for a Google Apps API that allows me to retrieve all domain names associated with the Google Apps instance.
I am looking for the programmatic equivalent of this: https://www.google.com/a/cpanel/gcompany.nl/DomainSettingsDomains
As an added bonus it would be really nice if there is also a way to check if a given domain name is used as an Alias or in a Multi-domain configuration.
Additional requirements:
I need this API to be available using a Google App Engine app (Java).
the API must allow authentication using OAUTH.
The owner of the app is NOT a Google Apps Reseller (no special privileges).
The app only needs readonly access.
Your answer is correct. There's a issue requesting an API call to retrieve the domains associated with an instance. I'd suggest starring it:
http://code.google.com/a/google.com/p/apps-api-issues/issues/detail?id=2278
The "lightest weight" retrieve all users function is the Retrieve All Organization Users since only the primary email and Org is returned for each user, not details like first and last name, suspended status, admin status, etc:
https://developers.google.com/google-apps/provisioning/#retrieving_organization_users_experimental
domain aliases and secondary domains which have no users won't be returned by this functionality of course.
Jay
I could not locate a Google Apps API to do this. Too bad.
The next best thing is to either use the Provisioning API or User Profiles API, fetch all (user) entries, take the PRIMARY Email address for each entry and parse that to get the domain name.
This is pretty messy, especially if you've got a Google Apps domain with tens of thousands of users.