PolicyMon - How to determine the policies my application uses? - policy

We (company) have written a pretty large software application over the last couple of years and we have just started running it under non-admin (restricted) accounts - as we are doing this we are realizing that there are certain OS (Windows XP) level policies that we needed. I have been tasked with identifying these policies up-front.
I have been looking and have been unable to find any kind of "policy monitoring" software (like regmon and filemon) so I am looking to create my own, something that I can run in the background while I perform operations on my application. The goal is to find out what "policies" I "hit" and identify them as ones I need to set (this part is easy - setting the policies programmatically).
Does anyone know if there is some API or something I can use to hook into the policy part of WindowsXP to setup some kind of monitor (or other suggestions?

Related

CodeReady Containers: developer doesn't have permissions to see the Topology

In layman's/beginner's terms, how do you give the developer permissions to the Topology section and whatever else they need, to perform general development with CodeReady Containers, as described in the instructions?
I'm looking into using OpenShift, which initially looked promising. However Minishift and CodeReady Containers have both had issues working on my Windows machine, so now I'm trying to use CodeReady Containers on a Cent OS system.
After setting up CRC and opening the console in Firefox, I select the htpasswrd_provider option and log in as developer/developer, which is exactly what Red Hat's instructions/tutorials say to do. And as they recommend, I created a new project, then switched to the Developer view and tried going into the Topology section.
There I get this error:
deploymentconfigs.apps.openshift.io is forbidden: User "developer" cannot list resource "deploymentconfigs" in API group "apps.openshift.io" in the namespace "default"
Rolls eyes. This is contrary to their own directions. Furthermore Red Shift's tutorials act like the developer is initially the only user available, although the username itself can be admin, developer, or whatever else you want it to be. So this user really just needs to be able to work.
On a personal note, I have spent a lot of time researching containers and container orchestration the last few months, having come from a Windows/.NET background, and I am sick and tired of every "simplification" of Kubernetes and other, related technologies failing to work as described, having to be troubleshot and "repaired" straight out of the box. I have Googled this, but have spent enough time sifting through haystacks troubleshooting issues like this, and to some extent, I feel like this software and/or its documentation is just broken.
In layman's/beginner's terms, how do you give the developer permissions to the Topology section and whatever else they need, to perform general development with CodeReady Containers, as described in the instructions?

In OpenERP 7.x how to give a customer read-only access through the portal to a small set of documents

I have been trying for a few days to figure out how to allow a set of customers to view a specific set of documents in OpenERP's knowledge management module. The goal is to easily add access to various sets of documents to existing customers. My particular use is that I deliver three different types of training sessions each of which has a set of materials in pdf format. I would like to offer all the attendees access to those materials through OpenERP (since they are already in the system as customers). I am not using the Events modules and I am not particularly interested in exploring it at this time.
Setup that I have tried:
Have some existing customers with at least a name and email address
Create a "Directory" in Knowledge->Document Management->Directories
Add a few pdf files in Knowledge->Documents each with the directory just created
Create a "Group" in Settings->Groups
... ???
I've tried various combinations of access rights, rules, users, etc. but nothing seems simple and nothing works exactly as I'm hoping: namely that a customer receives access through the web client to a clearly labeled menu that then shows them exactly the set of documents that they are allowed to access.
I have also tried the various "Share" features that can be done with documents, but again, they don't seem to work well for existing customers, nor so well with groups of related documents.
I have been able to get a user (not a customer) to get restricted access to see only a small set of the documents in the Knowledge Management system, but even there I'm having a hard time restricting that user to see only the documents that are in the specified directory.
I've taken a look at a number of sites (including ZestyBeanz) that describe various means of getting users to access the portal / limited features of OpenERP.
My OpenERP installation is self-hosted on Amazon so I have full control. I have written sophisticated modules for OpenERP and I am a reasonably capable Python programmer so please feel free to get seriously technical if that would help. I'm willing to consider writing a custom module to enable what I feel should be an obvious and easy feature, but that really seems like overkill!
To be clear: either a configuration or programming solution would be fine by me.

Application Scope settings or something else

I am in the process of building a completely fresh version of an application that has been in existence for a good many years. I can look back with horror now at some of the things I had done, but the whole point of life is to learn as we go along. The nice thing now is that I have a clean slate from which to work, and it's because of that that I thought that I would seek some advice from you all.
User settings are great for those things that each individual user would naturally want to and ought to be able to change, a theme or visual style for example. Application settings should quite obviously apply to the entire application irrespective of whoever uses it.
Somewhere in the middle though are a set of settings that I would like to give the system administrator the opportunity to change (default work periods, appointment time slots, the currency the company wants to use as its main trading one etc etc). These can't be user settings because individual users should not be able to change them, nor should they be application settings because I as the developer have no idea what the end user (or to be more exact the senior end user) would want to set them to.
Many years ago I might have considered writing such settings to the registry, or an ini file. I could perhaps (as this is an application that is tightly integrated with its own custom database) create a one off settings table, and read in the relevant settings at program startup. I could perhaps opt for a separate 'universal settings' xml configuration file stored in the all users directory. Clearly a number of options.
What I would like to try and establish though is the most efficient way to approach this. What is the best trade off between file read and write operations as against reading everything into a set of public constants at application start-up? These are not going to be settings that will only be referred to occasionally so efficiency is going to be key.
Just so that there is no ambiguity as to what the application will be. Traditional winforms, using vs 2012 as the development ide and vb.net as the code base based on .net4.5 and ef 5.0. Backend data to be stored in either sql express or full sql server. Target operating system for end users will be windows 7 or above (so due respect for the uac will be required).
I'd welcome any suggestions that you might have.

Dropbox API - Using Dropbox as a server

I was wanting to use a file sharing server to keep certain files up-to-date and constant across multiple instances of my application across multiple computers - like (for example) writing a multiplayer game, which stores all the player's positions in a text file, and uses something like Dropbox to keep the text file constant across all the applications, and each application instance can change the file with that application's player's position, and then the rest of the applications can update accordingly. This is only an example, and is not what I intend to do using this technology. What I want to do does not rely on fast sharing of data very quickly - but only periodically downloading and updating the text file.
I was wondering how I might be able to do this using the Dropbox API for Objective-C without prompting the user for any Dropbox username/password - just store a single Dropbox account's login information, log into it automatically and update/download the file stored on it?
From what I have found out from experimenting, Dropbox prompts users for their passwords via a web-broswer, and is designed to accommodate multiple accounts, whereas I only need to accommodate the 'Server' account.
So, is there anyway to do this sort of thing using the Dropbox API, or should I use something else. Or do I need to find out how to write my own server. Using some sort of file sharing API seems a lot easier to me than writing an actual server.
Thanks for any help,
Ben
You might think about using Google App Engine (GAE). I had a similar requirement recently and I'm thinking this is a good option when you want centralized data. Plus you can do the no-browser account login by using your own custom authentication, or I think it's even possible via OAuth? Depends on how sensitive the data is I guess. I just rolled my own.
From my research I found that using Dropbox as a server has some issues with scalability, since you'll be limited to maybe 5,000 calls per day. source It's built on Amazon S3, so you could also look at using that directly.
GAE lifts that limit up to 675,000, but can be increased up to 91 million for free.
https://developers.google.com/appengine/docs/quotas
I did find an open-source project for doing this with Java, alternative you could look at Python example
I've written a daemon that continuously checks for updated files and syncs them. I wrote it for my own file manager iOS app. You can find the implementation here:
https://github.com/H2CO3/MyFile/tree/master/DropboxDaemon
I'm personally not an iOS developer but I came across this question while looking for something else and thought I would offer up another potential solution to the OP's question.
Microsoft just released something called Azure Mobile Services which supports iOS development (among other platforms). It's basically a convenient way to set up a back end system complete with push notifications, authentication, etc. without rolling your own. You don't need to know anything about Azure or servers as the setup process walks you through most of it. It is new so keep that in mind, but it looks promising for situations like this.
Here's a 10 minute video explaining how to use it with an iOS developed app along with links to more documentation:
http://channel9.msdn.com/posts/iOS-Support-in-Windows-Azure-Mobile-Services/
Hope this helps.

Website data retrieval

An recent article has prompted me to pick up a project I have been working on for a while. I want to create a web service front end for a number of sites to allow automated completion of forms and data retrieval from the results, and other areas of the site. I have acheived a degree of success using Selenium and custom code however I am looking to extend this to a stage where adding additional sites is a trivial task (maybe one which doesn't require a developer even).
The Kapow web data server looks to achieve a lot of this however I am told it is quite expensive (currently awaiting a quote). Has anyone had experience with this, or can suggest any alternatives (Open Source ideally)?
Disclaimer: I realise the potential legality issues around automating data retrieval from 3rd party websites - this tool is designed to be used in a price comparison system and all of the websites integrated with it will be done with the express permission of the owners. Where the sites provide an API this will clearly be the favoured approach.
Thanks
Realised it's been a while since I posted this, however should anyone come across it, I have had lots of success in using the WSO2 framework (particularly the mashup server) for this. For data mining tasks I have also used a Java library that this wraps - webharvest - which has achieved everything I needed