I have a customer with a very small SharePoint 2010 system where they don't need to log in and they don't have an Active Directory. I think it's always the same person logged in.
They want a workflow where they can choose a person from a list and a notification email will be sent to the person. And they want the data to be stored in a MySql database.
Is it possible to store SharePoint users in a MySql database?
Or can I build a simple MySql table with names and email addresses and then send emails to those from inside a SharePoint workflow? Will SharePoint understand that those are email addresses?
You need to setup your web application to use claims authentication and then implement a custom membership provider. There is some implementations for mysql membership providers out there:
http://www.codeproject.com/Articles/12301/Membership-and-Role-providers-for-MySQL
Here is an article about how to setup claims authentication with an ASP.NET membership provider:
http://msdn.microsoft.com/en-us/library/gg252020(v=office.14).aspx
Obviously you need to adapt the implementation to the MySQL Membership provider which should be easy enough.
Sorry about providing links but the ammount of steps is so big that is not suitable to be posted here.
Related
I have 2 systems let's call them i and j. Each have it's own database.
Each have a registration page, where a user is inserted in a user table.
What is the best way to synchronize both tables, where if any user registers at system i it will be also registered at system j.
Notes:
I cannot read from each other databases directly.
I can do small changes in the code if needed and it will not affect the system performance or natural behavior.
I can create API's for both systems if needed.
I can add any tables or fields if needed.
I can create any cron jobs unless it will affect the performance of the system or server.
I'm using cPanel.
Technologies:
MySQL
PHP
REST API's
The fact that you list cpanel as a technology shows you're working with an inflexible budget hosting vendor. So it's unlikely they'll cooperate in setting up background tasks (cron jobs) to merge your user tables behind the scenes. (cpanel isn't a technology: it's a system administration user interface provided by hosting vendors who don't trust their customers' skills.)
So. you should design and implement a REST API in the code of both your apps to perform user registration and authentication tasks. You didn't show us the details of your app, so it's hard to design it for you. Still it seems likely you'll have to implement these operations:
PUT user
DELETE user
GET user
POST user to validate a user's password, etc. (Don't use GET to pass secret information: GET request parameters go into server logs.)
PATCH to update details of a user.
If you get the API working, whenever you create/retrieve/update/delete user information in one app, you'll use the API to change it in the other.
Your best bet would be to create a third app just for user management, and have both your existing apps use it. That way you're sure to have one coherent source of truth about users. But you can do it just within two apps.
I am trying to setup ejabberd as IM solution for my project, which will be mobile app + backend. I am using SQL auth (and SQL store for all modules also), using MSSQL via ODBC. I have some questions I didnt find answered in docs.
Do I understand correctly, that ejabberd is multi-tenant (since it can support multiple domains). If so, how are users assigned to particular tenant (domain)? In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
I want to create XMPP accounts on ejabberd automatically (user doesnt need to know anything about underlaying service) - do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
Create a new database for each vhost, and use the host_config option in ejabberd.yml to tell which database to use for each vhost:
https://docs.ejabberd.im/admin/configuration/#database-and-ldap-configuration
Or you can enable the new SQL schema, see https://blog.process-one.net/ejabberd-18-03/
do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
Both are acceptable. In the second case, there are chances that some task performed at account registration is missing in your server, but I don't remember any module that performs any task at account registration. So, it looks OK.
I am trying to build an API first web app that has two parts:
Part A: The Project Management App. This would be built using php/mysql. One of the table in the mysql DB will be the users table where all users information will be stored viz username, password, email etc.
Part B: The online chat App. The users of the project management system will be able to chat among themselves. This will be built using nodejs/mongo. The mongodb DB would store the chat transcripts of each users and so would have a users collection containing the user details. The users collection would contain the same user information that the mysql users table has viz username, password, email etc.
Now, i have a couple of questions in terms of the architecture of this app.
Question 1: Is it at all a wise idea to maintain two different sources to store the user's information? The reason why I wanted to have a replica of the users table in the MongoDB as well is because since there will be too many reads and writes happening in the chat app so its best we use a nosql DB. (Lets assume here that my app will be used heavily going forward)
Question 2: If the answer to Question 1 is "Yes", how do we make sure of data consistency? I have thought of two approaches to achieve this:
Option A: Since we are using the API first approach, so during the registration of a user when the CREATE user api call is made, it will add the user in both mysql and mongodb databases.
Option B: I setup a cron that will sync the data between the mysql users table and the mongodb users collection periodically.
Can someone please throw some light on this and tell me if my approaches are right and that if I am going towards the right direction.
Many thanks
Im looking for a way to encrypt a mysql DB so that only a logged in user can access their data, any other user will not be able to access the data, even if they are the system admin and are able to download the .sql file and browse it locally.
Is there a way to implement this ?
Background / Why I would want to do this - Someone was talking to me the other day about creating a web application for use in their industry, they wanted to produce the web app, use it in house, but also offer it to other companies in their industry as a SaaS platform, as a point of trust they wanted to setup their DB so that they could not access the data of what would be their users (which may also happen to be their competitors)
If each user/account holder has to provide a cryptographic key at login, which is stored in the session (not the database) then all their data could be encrypted (hashed) so that anyone with admin access would look at the tables and not see data.
There's no way to guarantee that the administrator, already having database access, couldn't get webserver access and intercept the key, however.
Backstory
I work for a company that has an online site that allows user to text personal information for collection. We collect the data, and make it available online. Users can choose to share the data with other users.
Going Forward
At some point, this may become classified an FDA-governed medical tool. In anticipation, we'd like to have in place a logging system that shows each time someone accesses our users' data, whether it be the user themselves, another authorized user, or a support person.
Current Architecture
We are currently running Ruby/Rails, and using a MySQL database. The personal information is encrypted in the database.
Data Access for Support
Today, support personnel can access data one of three ways:
admin site The admin site is limited to whatever screens we develop. While we don't currently, we could easily add logging to keep an audit trail of who accessed which data using the admin tool.
sql client I use MySQLWorkbench to access production. However, when connected this way, all personal information (user name, cell number, etc), is encrypted.
Ruby Rails console - Finally, support can log into one of the production boxes and use the Ruby/Rails console from command line. Ruby will decrypt the data, so we can do some simple things such as
u=User.find_all_by_state('active')
and it will return the recordset of all users with state='active', and decrypt their personal information in the resultset.
Holy Grail
logging
easy access for support
I'd love to be have a way to allow easy support access (once authenticated) to the data, but would log everything that is accessed (read or updated). That way, if I'm checking out my buddy's ex-wife's data for example, it gets logged to a place where I can't get in and clean it the audit trail. (See Google firing Gmail employee for an example of employees breaching the data policies).
Anyone have ideas, thoughts, experiences, suggestions with this issue?
hey devguy. This was a issue for me a couple months back. We ended up centralizing our mysql queires so that we could start to track all information coming in and out. Unfortunately the class I wrote is in PHP but the idea behind it could make it very easy to start logging.
https://code.google.com/p/php-centralized-mysql-controller/
Try stored procedures. Make all code use the stored procedures for CRUD activities. This defines an API that your developers can use while business rules are global enforced (don't return entire SSN values, but only last 4 digits, etc).
This serves as the basis for an external API as well.
If you want logging/auditing, you put it in the procedure.
This protects you from everyone except the DBAs.