I'm writing an application for the Mac App Store in Obj-C/Cocoa. The app processes .html files and does not require an internet connection.
I was wondering, what would be the best way to collect statistics? All I'm interested in is the number of files processed.
That way, on the app's home page, I can display XXX,XXX files processed.
I was thinking that I would just post to a web server whenever a file was converted, but that would considerably slow down the app and wouldn't work if the user was not connected to the internet.
You could accumulate the stats internally to be uploaded only every so often (each day, perhaps). You'd save the accumulated number across restarts using NSUserDefaults.
You should ask the user for permission to upload data, even something so seemingly innocuous as a count of processed files.
You'd use a simple HTTP request to upload the data. (You know it will be vulnerable to spoofing, right?) You should use the network reachability API to check whether the system is network connected before trying, so you don't force a dial-up, for example. The reachability API can't tell you that your connection will for sure succeed, so you should handle failure to connect gracefully.
Related
I would like to programmatically validate that the OneDrive (for Business) client is successfully connected and syncing (SDK, file, event log, registry, etc.) on our Windows 10 desktops.
I have seen the OneDriveLib project, which claims to offer this through PowerShell, although it’s not working for me because of the known bug when Files On-Demand is enabled.
We’re looking to implement OneDrive as the default save location for our 5000+ users. When it works, it works great, but how can we know it’s working for all our users? There’s a good possibility that some of the OneDrive clients will break at over time, so any locally saved data will not be synced. At best it will mean that the data will not roam with the user, but worst case scenario would be a machine goes pop with months/years of unrecoverable un-synced data.
there are some local data files here, but i've yet to decipher their meaning:
$env:LOCALAPPDATA\Microsoft\OneDrive\logs\Business1\DeviceHealth.json |
and
$env:LOCALAPPDATA\Microsoft\OneDrive\logs\Business1\DeviceHealthSummaryConfiguration.ini
I am making a mobile app using Cordova and I need to save some sensitive and not so sensitive data inside the phone. I am a bit lost on what is the best way to do it.
I need to save:
A JSON web-token (for authentication).
A response from server (I save this to populate my page in case the GET request fails).
Coordinates information when user is logging data to the app (for later upload to a server from with in the app). These will be many separate logs, and can be large in size for local storage ~5-10 MB.
Till now i have been successfully saving everything I need to the local storage but I don't think that is the correct way to do it. So that is why I need some help in deciding what is the best course to take from security point of view.
Saving server response is just for better UI experience and static in size so I guess local storage is a good option to use.
But web-tokens and GPS logs is sensitive information and I dont want to keep it in the local storage as it is accessible from outside the app.
What other options do I have?
Cordova still doesn't have encrypted storage.
Is saving to files a good approach? This here says that data contained inside cordova.file.applicationStorageDirectory is private to the app.So can I use it to save the logs and the token?
The plugin also lists the file systems for Android and iOS and lists which of those are private.
I am currently working with android phones but want to extend the app to iOS later. I have never worked with file systems and caches before so I am a bit lost.
Im using basic auth in nginx, no issue there, but i would like to limit the number of distinct locations a user is authenticated,
The end goal is to prevent user sharing access data to website, since the website does real time "monitoring" of some data, i wan't that if the same user/pass combination is used from another ip, that or either both users stop getting data,
or one of them stops getting data.
I don't think that is a good idea, because a user may log in via pc and mobile phone at the same time and has two different ip addresses that way. Also http-auth isn't designed to do what you want it to. It would have to remember the ip-address and make it expire somehow, when the user leaves without logging out. Altogether would it be difficult to guess for how long the session is valid. Another problem is, that most users don't have static IPs and get disconnected by their providers every 24 hours. What happens if that occurs after a valid login?
The most popular method to deal with this kind of problems are session-cookies. These can be described as a one time password and you can use that for as long as you want or until it expires. SessionIDs are usually saved in some kind of database and making those sessions unique would not be a big deal and may therefor be what you want. Luckily the
ngx_http_auth_request_module would allow you to only implement this missing part and would bring you as close as you can get without developing your own nginx-module (see https://www.nginx.com/resources/wiki/modules/ for available modules).
On the other hand: Don't do that. Seriously. If you care for security, do not try to reinvent the wheel and use something, that has already proven. E.g. ngx_http_auth_jwt_module allows you the use of OpenID, which also sets you free from saving sensible user data on your server (because nobody wants to save passwords unless it is absolutely necessary).
Both of these methods require nginx-modules, which may not be installed on your server. If you don't have the permissions to build them, I would suggest to add that to your question, so that others can suggest solutions for non root servers.
If you want to keep it simpler you should also consider to generate download links each and every time and save ip-address and download link address in a database. Delete entries when a user downloads that file and you are done. For that to work you can use the
Content-Disposition: attachment; filename=FILENAME-HTTP-Header, so that your download.php doesn't save a file that called alike.
May be you can also find some kind of javascript to replace ngx_http_auth_jwt_module and use OpenID with http-auth. That can work, because it is possible to do the authentication with ajax as well.
Last but not least: If you still want to do http-auth, also use HTTPS, because your passwords won't be encrypted by this auth-method by default.
What you want to do is unusual so you will need to write a lot of the logic to handle the process.
Your code will need to store a User ID and IP Address pair for each loged in user and validate each attempted log in against this. As the previous answer pointed out, you will need to expire logins etc. Basically, you need to roll a session handler.
This is not impossible or particularly difficult but you need to write it yourself in one of the scripting languages available to Nginx which are either Perl, which is not recommended due to limited ecosystem in Nginx, or Lua, which is highly recommended due to the massive Nginx lua ecosystem (used by Cloudflare for instance).
You will need to compile in the 3rd party Nginx Lua Module and associated modules or just uninstall Nginx and use the Openresty Bundle which already has everything you will need included instead ... including Redis for storage if you need to scale up.
Here are some tools you can use as your building blocks
Openresty Session Library
Openresty Redis Session Library
Openresty Encrypted Session Module
Note that you can implement Openresty stuff directly in Nginx if you wish without having to run Openresty as it is just a convenient bundle of Nginx and useful module.
I have an auto suggestion mechanism that works fairly nice for desktop version where we have a wireless or a wired internet connection. The worst response time is 320ms.
(Without using solr as of now, I use a storage system on the server that gives back the result).
I have users that belong to the group where you can have a slow internet connection also known as a 2G connection where the downspeed can be ~10Kbps-50Kbps.
I have seen that google provides Auto Suggestion to this speed as-well, my my system cannot.
I have tried these:
Make a txt and JSON file on the server and when the user does a keydown (1st) it fires ajax to bring the entire 2.2MB data inside a JS variable on client side and show suggestions.
Make a service that is called when the user types 2 characters, service reads the txt/JSON file for those 3 character occurence anywhere in the words and gives data into a JS variable.
Repeat the above step and store the result in localStorage, for a fresh 3 characters again the same process occurs and storage happens. The benefit is that the user in future gets a prompt suggestion but according to me browser storage is used very sensibly.
Anyone with suggestions how www.google.com and www.flipkart.com handles auto suggestions for slow internet connections on mobile (smartphones).
Is there a way to prevent BackgroundTransfer from trying indefinitely to upload a file. Let's say one of my user is trying to upload a movie from the phone to Facebook. Facebook Graph API doesn't accept byte-range/resume/etc. Let's say the network is slow, less than 50 kbps. Under 50 kbps, BackgroundTransferService will restart the upload.
That being said, when testing my app, I've noticed that the uploaded restarted 4-5 times under my very slow 3G wifi router (yeah... I'm a mix of the two cases).
Will this behavior happen on a GSM/3G/4G network?
What think is that this behavior is totally welcome, on a Wifi, but not on a phone network, as data costs more.
[Edit]
I forgot one important info: I don't have internet on my WP, so that's why I ignore the behavior of BTS on a phone network.
Yes, the agent will try and reattempt the transfer if the connection is dropped. This is one of the benefits of using the agent, you let it worry about reattempting and network conditions so you don't have to. The API does all you a level of control over usage of cellular data via the TransferPreferences property. You could set this if you're concerned. Alternatively, let the user set their own preferences about data usage via the built in settings on the phone.
There is more information at http://msdn.microsoft.com/en-us/library/windowsphone/develop/hh202955(v=vs.105).aspx#BKMK_TimelinessofCompletion