I know this question was asked a lot, but I didn`t find anything that could help me.
I`m using Java, JSF, EJB, JPA, GlassFish, MySQL.
I developed web sites with autentification, using these technologies, but with only from one location (one session at a time) and if another user logged in from another location (s)he could see the state of the first users session.
Now I need to develop a multiuser web application with a commom home page and a few commom features, but the rest needs to be user dependent a multi thread access to the web application and to the database.
I need to:
limit the users capabilities to start a session from only one location, one computer
have them make them register on the site for a limited period of time (the profile should be active for 1 year lets say)
to give them timeouts after 1 hour
and so on...
Please help me understand what I have to do to!
I dont know how and where to start, I read a lot of articles about this, but it was just bits and pieces and I dont have a full picture about this.
Thank you for your time, happy coding and keep up the excelent work your doing here!
if another user logged in from another location (s)he could see the state of the first users session.
This is not right. This application was badly designed from the beginning on. This can happen when you're storing request and/or session-scoped data in a static variable or in the application scope. This is not right. Request scoped data should be stored in non-static variable in a request scoped bean. Session scoped data should be stored in a non-static variable in a session scoped bean.
In other words, stop using static variables until you really understand what that means and don't store the data in a too wide scope.
See also:
How to choose the right bean scope?
Related
I am working on a project and one of the key components is creating customized user profiles. I already have a schema design for the user data that will generate said profile. But I am lost on how the technology works.
I am mostly front-end so it has been sort of overwhelming. The goal is to allow multiple user profile creations and so far I have only seen that this can be achievable via NodeJs or PHP. I have not found any guides.
I am not sure if I am asking the right questions.
Any help is appreciated. Thank you.
Since you mention you already have schema for the user table, I assume you are going to design your own database and backend node.js API to handle user profiles. You may want to build authentication functionalities in the future. If you are not familiar with Node.js yet, I recommend you to start with https://www.tutorialspoint.com/nodejs/index.htm. It's a good tutorial for beginners.
The whole purpose of a back-end node.js API is building numbers of service with specified route. Once a http request is made to a particular path, it takes parameters and execute some script. In you case the scripts will do something in database containing user profile data, for example, add a row in your data table. This operation is equivalent to creating a new user. Then, the API send response to front-end.
Keep in mind maintaining user profile data is nothing special than regular data. You should be able to pick it up with a couple of days training if you know javascriopt. But if you have to build authentication functionality you need more technologies.
So I just set this up:
http://www.phpeasystep.com/phptu/6.html
It was fairly easy, now I have it redirecting to another page but how can I pull the successful username used?
I'm trying to build a basic chat program to learn with.
Getting this would solve how I will add the variable when a message is sent off to the mysql database and to verify it was sent by the right person.
I think you are looking for what we commonly call SESSION variables. This type of variable offers persistence over different pages. The api for handling sessions is nice and simple, and in my (personal opinion) session variables can be very handy, and dead simple to put in action.
Especially for tasks like the one you have at hand, keeping messages and usernames and such. You can even pass objects in sessions, if you want to get wild, just serialise and deserialise the data before and after saving it in a $_SESSION var.
Read up the session handling section in php, this should give you a hint on how to tackle your problem.
On a sidenote, though, there are other ways that don't need session variables, since you posted php code I assumed you wanted a php related answer.
Good-luck
Here is what I'm doing. I will have an online game that is a real exe application that clients run. Clients connect to my game server. They will have stats, achievements, and be able to buy various things for which I will use PayPal IPN service.
When a player wants to log on, I must be able to retrieve their profile and information from somewhere. When a player wins a game, the game server must be able to add a point to their profile.
Users will need to be able to access their stats from the Web Site, or from the game itself.
Would it be a good idea to use the MySQL database that comes with the Web Site for everything. In that, the game server would get and set properties through php or something?
Otherwise what might be a better solution? Is there a way for my web site to use a database that is on the game server machine, if so would that be a good idea?
How is this sort of problem usually solved?
Thanks
Where you put the database doesn't really matter. If you already have one and it can handle the load, use it. But for security and general organization, you should create a separate database and user within MySQL for your game score information. The user should only be able to access the game data database. This way your other data in the data base is protected from your web interface to the game data in case of a PHP or SQL vulnerability.
MySQL is defineatly the way to go. I have a current setup in a folder outside of public html called users, when a user registers a subfolder inside users is created along with a mysql entry. I use MySQL for username/pass/DOB/etc. and the user's folder for storing pics, acheivements in XML, and comments.
As for the client, I'm sure you could initialize a invisible web browser to access the page, and then use simple coding to get data from the web browser.
MySQL is a popular choice for persistence. Load up the profile at login and cache the data on the client. Then write the updates back at the end of the session. This is one of the things MySQL/PHP was made for. It is cheap, easy and performs and scales well.
Backstory
I work for a company that has an online site that allows user to text personal information for collection. We collect the data, and make it available online. Users can choose to share the data with other users.
Going Forward
At some point, this may become classified an FDA-governed medical tool. In anticipation, we'd like to have in place a logging system that shows each time someone accesses our users' data, whether it be the user themselves, another authorized user, or a support person.
Current Architecture
We are currently running Ruby/Rails, and using a MySQL database. The personal information is encrypted in the database.
Data Access for Support
Today, support personnel can access data one of three ways:
admin site The admin site is limited to whatever screens we develop. While we don't currently, we could easily add logging to keep an audit trail of who accessed which data using the admin tool.
sql client I use MySQLWorkbench to access production. However, when connected this way, all personal information (user name, cell number, etc), is encrypted.
Ruby Rails console - Finally, support can log into one of the production boxes and use the Ruby/Rails console from command line. Ruby will decrypt the data, so we can do some simple things such as
u=User.find_all_by_state('active')
and it will return the recordset of all users with state='active', and decrypt their personal information in the resultset.
Holy Grail
logging
easy access for support
I'd love to be have a way to allow easy support access (once authenticated) to the data, but would log everything that is accessed (read or updated). That way, if I'm checking out my buddy's ex-wife's data for example, it gets logged to a place where I can't get in and clean it the audit trail. (See Google firing Gmail employee for an example of employees breaching the data policies).
Anyone have ideas, thoughts, experiences, suggestions with this issue?
hey devguy. This was a issue for me a couple months back. We ended up centralizing our mysql queires so that we could start to track all information coming in and out. Unfortunately the class I wrote is in PHP but the idea behind it could make it very easy to start logging.
https://code.google.com/p/php-centralized-mysql-controller/
Try stored procedures. Make all code use the stored procedures for CRUD activities. This defines an API that your developers can use while business rules are global enforced (don't return entire SSN values, but only last 4 digits, etc).
This serves as the basis for an external API as well.
If you want logging/auditing, you put it in the procedure.
This protects you from everyone except the DBAs.
I am working on an application which acts as a setup box for other child applications. I want to set up child applications from one central parent application. Set up includes database setup (db:create and db:migrate), subdomain set up etc for child apps.
This is going to work like this: a Subscriber will subscribe many applications. On subscription the application will be configured to work on subscribers provided subdomain (on my site). Every instance of a subscribed application will have its own database. So I need to set up database for each subscriber, and domain name too.
Currently I am creating database based on child application subdomain, using ActiveRecord::Base.connection.execute.
After creation of the database I want to load the schema of the child app to the database created. For this I had posted a question here
schema.sql not creating even after setting schema_format = :sql
Is there any good efficient method/approach that will help me?
Also I am a bit confused about subdomaining how its gonna be work?
Any help/thought appreciated...
Thanks,
Pravin
Since there is no real need for a separate database for each user and for each 'app', you may want to check out a term called multi tenant.
Also, subdomains can be handled in rails 3 and use something called Devise for User authentication. Github has a rails 3 sudomain devise authentication fork to get you started.
Until you really see a need for all these databases, keep it simple. One database per application, and connect to each application via Active Resource.
Be warned, that what you are undertaking can confuse even a hardened app builder, so i hope your experience begets that of which your current Stackoverflow rate is at.
All the best.