I've an old Sitefinity 4.1 project that has almost 4 years of data inserted daily.
I've been asked to do some management on this and one of the steps I've to performs is to avoid a user can download a file if he's not authenticated.
Right now if I point to the file path it prompts me to download. Since the backend is quite slow , is there a way I can set this via API?
Thanks
Surely, you can achieve this using the Fluent API, more info: http://docs.sitefinity.com/for-developers-modify-permissions-of-dynamic-content-items-using-the-fluent-api. Needless to say, if you want to avoid the quite slow backend you definitely need to upgrade to latest version of the CMS.
Hope this helps!
Related
I am working on a site that uses the PayPal API. This new site will replace the old site at my job. As of right now, I need to check what data the old site sent to the PayPal API. Is there a way to check what data is being sent to and from a different site or API? It is data that is not typed in by the user, but data that already exists in the database that is being sent to the API.
Any help or advice would be great.
Thank you!
It "depends". On Windows platform you could use:
Fiddler or;
Microsoft Message Analyzer
to inspect traffic i/o (on the client system where either tool is installed). I'm sure other platforms will have similar tools.
Chrome Dev (or any other browser) tool will help with browser based traffic.
IMHO, depending on how "old" the existing system is, it maybe worth looking at the API again to see if any newer features are worth the effort since you're updating things...and seems to me getting paid/payments systems/ops would be something high on the priority list :)
Hth...
As a jQuery user, I link the remote library from Google using
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
which is very clever because it's already loaded in the brower cache if the reader visited another site that did the same.
As I discover Phaser, I was hoping to see people on the web doing the same with
<script src="https://raw.githubusercontent.com/photonstorm/phaser/master/build/phaser.min.js"></script>
or any library hoster, but apparently no one does.
Is there a reason why Phaser users don't do that?
I would strongly advise against linking to the master release as it will absolutely break your games over time. Most of the 2.0.x updates have been non-API changing, but 2.1 and above will be altering some core aspects of Phaser. You should only ever link to specific versions.
For a similar service to the Google hosted APIs (of which they only host very specific libraries that they've selected) we use CDN.js, which offers the same thing. You can find details in the Phaser README or just go to http://cdnjs.com/ and search for Phaser.
There is as such no issue if you link to a specific version. But you don't want the latest build, as this can potentially break your site by making changes.
I don't know Github's policies on referencing their site like this.
I want to first of all thank everyone for the help I got here in the past. After completing my web application using Html, PHP, jQuery, Javascript, CSS, MYSQL, I realized I don’t want a website. In the end, for security, I prefer knowing who will be accessing my application. Having said that, I want to use most of the work I already did for my website. I understand I can use PHP with AIR and MySQL. I read that many would recommend using SQLite, but my problem is that I will constantly be updating the database. I also read there are some security issues using MYSQL and AIR.
Question 1, if I took the "necessary" security precautions within PHP which connects to MYSQL, would that be ok or is there soething else I should be aware of wit AIR ?
Question 2 if I really need to use SQLite, is there a way to connect to Mysql so that I may update the database.
I'm open to suggestions if there is a third party software that will covert my project to a desktop application with connectivity to MYSQL I also have a third party flash embedded.
Thanks
Make it mandatory to sign in to the website to use it. Will that not be sufficient to know who is accessing your application?
PHP is a server side language. Adobe AIR is desktop application framework. I am not sure that converting a PHP-MySQL application to an Adobe AIR application will be a trivial task.
You can take the distributed application route though by doing the client side in AIR and writing the web services in PHP/MySQL. And if you want a distributed database too, it will get lot more complicated.
You can build a rest api with php and integrate it with adobe air applications via http no need js for this. Just use actionscript with urlloader urlstream.
If you need an offline db you can use sqlite and sync with Mysql via php.
You'll have to forget PHP and use javascript and SQL sintax to do it. You can check this pretty guide from adobe to do so http://help.adobe.com/en_US/air/html/dev/air_htmldevguide.pdf
It won't be easy ;P
I have an existing application working on DNN 4.3. I am planning to write another application using DNN 6.2. I want to share user infromation between these two instances.
Is importing user data my only option or is there a better way of doing this.
Almost surely using the Datasprings Interactive User Import tool will be the best option. This option is preferred if you can get by with syncing either once, or at intervals larger than a week.
A second option is to verify that both web.configs have the same machinekey and to sync your user-authentication-system tables in a more manual fashion. I'm not sure if the user-authentication-system tables have changed between version 4.3 and version 6.2; I'd wager that they've changed a little and that you will have to build a manual syncing tool. DotNetNuke has its own UAC tables that ride in parallel to the standard ASP.NET UAC tables. Both will have to be synced if you go this route. This option will likely require a serious bit of research and development.
Is this sort of thing that would be of use?
"Cross Portal Authentication: If a user attempts to login that belongs to another portal but not in the current portal then they are automatically registered to the current portal and logged in."
If so then see OnyakTech LogIn. It will take a bit of work to set up, however the developer provides good support. Worth investigating to see if its of use.
I'm in the process of installing an open-source Python based web application to an internal server here at work. The existing code is open - it doesn't require a login to view it - but one of the requirements is that users have to be approved before they can see anything.
Is there a good way (using Apache configuration files for example, but any method would be great) to wrap the application so that any access requires a login? I would like to avoid modifying the open-source code (a maintenance nightmare every time a new release comes out).
Any thoughts or suggestions?
Apache supports Authentication, Authorization and Access Control.
It is a detailed process, and summarising it here would not do it justice. I refer you to the link provided,