I created an application that needs information from my website. But I don't want this information to be accessible by any other way. My client-sided app has to be the only entity that can get this information. How can I achieve that?
After some research, I have found these solutions, but I am not sure which approach is the best?
Custom user agent
Password is the request
httpassword, but how to handle it in Java?
If someone want to get this information outside of your app, there is no way to prevent it, if the person really want get it. They can just decompile your code and analyse the function. This should be clear.
But for preventing it for normal people, you can use a robots.txt, user agent, custom HTTP Headers and other things you mentioned. Just an encryption could be helpful too.
I would suggest a private subdomain, combined with API keys (per HTTP Headers) and an encryption.
You can whitelist the IP address of your application from your website.
Related
I'm creating an android app which has an option for client to send email using JavaMail API.
I am using my email address to do this. I just want to make sure that where should I save my password. Is it safe to save it in the resources? If not, can you please suggest any method to do so?
Thanks in advance
Unfortunately, keeping passwords in resources is not good idea, because anyone can very easily read it (using i.e. apktool).
Keeping it in code isn't also safety, beacuse apk can be easily decompile and (even if code is obfustated) it can be found.
Sending it from the server site can be also dangerous,
because it could be sniffed (even if https would be used).
In sum it isn't good idea to use your email address.
Why every user can not use their own email? In this situation you can save user passwords (for future use) in shared preferences (like Shane said).
I'm building my own HTTP server in java, but i'm facing with a problem: I would like to build a page dynamically by creating every HTML object at runtime, the question is: how can i determine the screen dimension of the client's browser?
This information is not present in the HTTP header, so I was thinking about writing a "fake" webpage that runs a javascript that tells the server about the screen (it should redirect to something like www.website.com/w:1920,h:1080) but I don't know anything about cookies (that I suppose are essential to store those informations).
Do you think that I should learn somthng about cookies or there's another way?
BTW I'm not using servlets, just Socket, because that's what I know... should I use servlets?
Thanks for your time!
Matteo
Server knows nothing about client's screen until client send this information. Javascript is easiest way to determine screen size:
window.screen.availHeight
window.screen.availWidth
AJAX request can be used to send the information to the server where it can be stored in session data and backed in database for example if the user is logged in or identified somehow. In such case you don't need cookies. However solution with cookies is easier, check how to set them via javascript. But I'm afraid such solution would be a bit of non-standard, if your site is gonna depend on javascript why not to use it extensively and generate all objects on client side, get that lazy computer working and save your server's resources :) Just feed data by sending simplest HTML containing script doing the work.
Servlets? Can be really light-weight and done with minimal knowledge if you have time go for it.
I have searched around the web but could not find any solution.
Also, I have tried a lot of different solutions, but none works.
Please, keep an open mind while looking to this situation.
Requirements:
Should use Java/J2SE (Console, GUI, any).
Do not use any external or third party jar/package only JNDI.
Do not ask or store user password.
Get the e-mail from Windows logged in user in LDAP.
Assumptions:
Do not need to dive into the details of LDAP server, it is working on other languages like VBS/.Net/etc. but not Java.
Note:
The piece of VBS is working even asking for other users (not the one logged in).
I do not know about LDAP server configuration but the information above should make sense for those who knows it.
Piece of VBS code that is working fine:
Dim objSysInfo, objUser<br>
Set objSysInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
MsgBox objUser.mail
How can I make it work?
The problem here is not the JNDI part, it is getting the user's login name in the same format as provided by ADSystemInfo.UserName. You could see whether System.getProperty("user.name") returns the right thing, otherwise you are into some ActiveX Bridge thing to emulate the VB code you posted.
The LDAP part just maps very straightforwardly into JNDI, you shouldn't have any problem with that part.
Windows and the VBS APIs use a "SASL GSSAPI mechanism to achieve Single Sign-on (SSO)" form the client to a Active Directory Server.
There are many versions of Windows Active Directory and countless different methods that various parameters could be set in your implementation. So your success may vary.
I found an article that might help point you in the right direction:
http://dmdaa.wordpress.com/2010/04/10/utilize-sasl-gssapi-mechanism-to-achieve-single-sign-on-sso-for-jndi-ldap-client/
I want to access the data in Facebook but the access token is needed and it changes from time to time, so I need a way to make my application (Java) access this data automatically. Must I have a good way to generate the access token every time the application wants to access data?.
I use the way in this link http://developers.facebook.com/docs/authentication/
So I make the app and get the app id and the secret and it generated this URL:
http://www.facebook.com/code=AQATgv4b8yXDeh8Rh9VlJjTUH9z0ux6zfIiw0IzD6Bo1xPWMpbTmNyuz8Hudh7srwYJ3lz6g_oc5vWyPJr8zHtNcqcJLiuzBgcJvF0gzTZoWjS_b4miJjESnduoHxvIBO7eW1Bznl13gC4TLpjECJa2pZ_8V3vOauDC-JlCdK32vGVc_LJNIgDLqil-KUa3Zk8rGAPIvCBjcfxw64mRZEs9z#_=_
But the problem is that the code that generated is also changed over the time. I tried to use Java code to get the redirect url but it was not the right way because it return another URL
I search a lot on the internet but I could not find the right way so help me plz.
Look into Spring-social and see if that can give you what you need. It's purpose is to integrate with saas services (like facebook).
So in this documentation it said it uses OAuth protocol. You application also should support it.
I used Spring Security OAuth http://spring-security-oauth.codehaus.org/intro.html library for that: quite easy to configure
It makes all the work for you - generating tokens, redirects and so on.
i want to get client MAC address (in jsp,java)
it's possible? how to do?
thanks for help
Unfortunately, this is not possible directly in JSP because it will not be passed as part of the HTTP Header. You would need to have some client side script to run, that has access to the network adapter to find this information.
I am not sure if an applet would be able to get this for you, but this would need extended permissions if it were possible, and a user is unlikely to allow it.
Why? Are you aware they can be changed by intermediiate routers? And users? So they are of no practical use except to the network layer?