I am trying to create an app which automatically inputs a previously saved password to an input field, by reading your fingerprint. For example, say I am accessing my e-mail account on the Chrome browser, and after typing my e-mail, I focus the input field for the password. I then place my finger on the sensor, and the app I want to build, which will be running as a service, identifies my fingerprint, checks that I'm using Chrome and that its current URL is the login page for my e-mail, and that the input field is the password field, and then it places my password for this account at the input field. This data is supposed to be learned by the app by logging in manually a first time. Is it possible to achieve such results? Can I read the input fields IDs inside a browser, from my app?
From user A's mailbox application, can an agent send reminder to another user B?
I coded a (Java) agent, which runs within user A's mailbox to create reminder for user A him/herself. This works.
If I replace
reminderDocument.save();
reminderDocument.putInFolder("$Alarms");
with
reminderDocument.replaceItemValue("SendTo", recipient);
reminderDocument.send();
then
the reminder is sent to User B. However, the alarm notification doesn't appear because this document is not part of User B's $Alarms folder. Is there a solution to this? Thanks.
"Sending" a reminder will always have the recipient do something with the reminder for it to become an alarm.
Please check the Calendaring and Scheduling Schema
for how to do it "right".
If you need to place an alarm in another users inbox, without him to interact, then you need to create the document there directly and put it in his "alarm"- folder, or you have to setup "automatic processing" in the recipients mailbox (what he probably does not want).
In short: There is no easy way to do this without following the "workflow" (see Page 3 of linked document
I allow users to register on my website using a registration form.
Once form is submitted a token will be generated and will be sent by email to user, they need to click on the token link to activate their account.
My question is that if I do it, do the malicious codes can still send multiple emails to my website to register, should I use Captcha to protect the website or there is any other method ?
If all you want is to prevent double submissions, you can generate a unique token for the form that you check on submission. This requires some thought if there are multiple forms per page. Also, a simple method is to just disable the form/button on submission. This is even more effective if the form is submitted via Ajax (so that the action parameter of the form can be absent and thus not easily harvestable).
If you want to prevent automatic submissions (by bots), while Captcha is probably the strongest of the common methods, it is also very user-hostile. Instead, unless you have a reason to believe your site is being specifically targeted, it is usually enough to just use honey-pot fields (invisible fields that a human would never fill but a bot would) and hidden fields that you fill with a known value after a short delay using JS (a bot wouldn't normally execute JS nor take time to type into fields like a human). Simply doing an Ajax submission is also usually enough. I recommend using one or a mixture of these methods before falling back to Captcha.
Captcha is one of the standard methods.
Another way is do not do a direct submit of the form.Use AJAXfied server calls sos that form does not get posted by itself but has some data scrambling of inner fields & delays the submissions.
$("#contactForm").submit(function(event)
{
/* stop form from submitting normally */
event.preventDefault();
/* get some values from elements on the page: */
var $form = $( this ),
$submit = $form.find( 'button[type="submit"]' ),
name_value = $form.find( 'input[name="name"]' ).val(),
email_value = $form.find( 'input[name="email"]' ).val(),
phone_value = $form.find( 'input[name="phone"]' ).val(),
message_value = $form.find( 'textarea[name="message"]' ).val();
/* Send the data using post */
var posting = $.post( "contact-form-handler.php", {
name: name_value,
email: email_value,
phone: phone_value,
message: message_value
});
posting.done(function( data )
{
/* Put the results in a div */
$( "#contactResponse" ).html(data);
/* Change the button text. */
$submit.text('Sent, Thank you');
/* Disable the button. */
$submit.attr("disabled", true);
});
});</script>
I'm no expert in this matter, but the solution seems rather obvious to me:
Everyone uses CAPTCHA. There's simply no other way to protect your server from automated attack. It won't save you from DDoS, but will handle pretty much everything else because CAPTCHA is, well, CAPTCHA.
You do have multiple CAPTCHA solutions available though, so choose one that suits you best.
As Velis mentioned, easiest way is to use Captcha.
Other solutions exist but can be easily beaten if bots are targeted for your website, for example, having an hidden field like "re-enter email" which will be filled by bots, but can be caught on the server side and registration can be rejected.
Certain, complicated methods also exist, like recording mouse clicks or time taken to fill the form, but these require significant JS work and can be overkill until your website becomes a bot target.
Captcha is one plausible solution, but most humans don't like it.
How about instead if you add some intelligence to your system?
Implement a cooldown between emails. Before sending an email, wait one minute. If another email request comes then wait another minute and don't send the first one. (This could be another form of attack but only if this is the only line of defense).
Would a person try to register 30 times in the last minute? No.
Would a person re-register if the last register was successful? No.
You can also combine these with the IP of the registering user: Would a user try to create 10 new account for other users from the same IP in 10 minutes? Unlikely.
If this is a corporate website and you MUST prevent the email spamming, then consider secondary ways of communication. For example, if you have the means, you can request the user to SMS the email address to a specific number, which would create a reset password request.
You could also, upon the user completing the registration, generate a list of numbers that should be used to retrieve the account. Something like: "If your account is lost, it can be retrieved by entering one of these numbers into the RETRIEVE field" And then provide a list of numbers that would be confidential to your company and the customer. The same way Google does it.
Although these mechanisms can become complex, they will be smarter than any captcha; will be easier to adapt, and more comprehensive. On the plus side your users will thank you for not having to read twisted images of numbers and letters.
I'm making a widget who, among other things, displays the quantity of unread emails the user has in a given inbox.
Specifically, I'm asking how to:
-Obtain the list of email accounts on the device
-Make a call to one of the accounts such as
int newMailCount = accountInstance.getMailCount()
Any ideas?
Thanks
Obtain the list of email accounts on the device
This is not possible. You can use AccountManager to try to get at account information, but there is no "email" type that I am aware of, and email programs do not have to use AccountManager.
Make a call to one of the accounts
There is nothing in the Android SDK for email. There are dozens, perhaps hundreds, of email programs out there. None are part of the operating system. Email programs are welcome to create their own app widgets.
I have a group that needs to send out announcements and current events via phone text message. I want to have a central phone number that when it receives a text message, it rebroadcasts that message to a growing list of subscribers. I'm hoping to use a Google Voice number to avoid buying an actual phone number.
Any ideas? I've thought about some type of Java/HTMLunit that continually parses the GVoice html inbox, but I just have that computer-gut feeling that there is a more intuitive way. I haven't been able to find a GVoice API, as I imagine that would be the trick.
Thanks
I've used a different approach. There's a number of E-mail to SMS services out there. So you send an e-mail (using standard JavaMail) to a specific address that is then associated with mobile phone numbers. I use TextMagic, but there are also other similar services out there. They also have API support, if thats what you'd prefer.