Getting sending IP/Computer from HL7 event - hl7

We are currently in the design phase of a product we are building for a hospital. We want to install a custom developed software on each computer and one on a central server. It should catch the event of updated patient information of any kind when for example a patient was edited and saved in the HIS. Then on the computer on which the patient was saved we want to display information about the patient in the locally installed software.
We thought about retrieving the HL7-event from a central server and then analyze the data and send back information to our software on the sending computer. But for this we would need the IP address of the computer that caused the HL7-event (e.g. the computer on which the patient was saved in the HIS). Is there any header in which we could find the original IP address? Or when the hospital has a central HL7-server will this give us the IP address of the originally sending computer?
Or can you think of any other way to receive an information about that a patient was saved on the same computer or by the same user? E.g. listening to outgoing traffic seems to be extremely difficult and not very clean. Another option could be to detect the sending user (e.g. AD-user or LDAP-user) but is that information documented within the HL7-event in any way?

TCP level
This is the best option I can imagine; bypassing HL7. I hope you are going to communicate on TCP level. With TCP, on receiving connection, you easily get information about clients IP address. You can use this IP for your purpose.
Custom field in Z segment
Implement ZDS segment and define some field (ZDS(2) may be) with mutual communication and pass the IP address in this field.
Use MSH(2) (Sending Application) and MSH(3) (Sending Facility)
Data in these fields identify the sending application and facility. If this is configured different on each computer in network, you can maintain a table in your database to map IP address against this data.

Related

IP address with different country

We are using IP geolocation vendor in our application. And vendor will update their database in monthly basis.
But IP address is getting assigned to different country over time. Any proper reference or standard for this changes?
You can publish a geofeed file and host it in your website. The format is based on RFC 8805.
However, it is still up to the geolocation vendor to trust your feed and take into records. IP geolocation is under heavily manipulation due to many reasons.

How does the URL I type in lead to the eventual content I see in my browser?

I'm trying to figure out how these all work together, and there are bits and pieces of information all over the internet.
Here's what I (think) I know:
1) When you enter a url into your browser that gets looked up in a domain name server (DNS), and you are sent an IP address.
2) Your computer then follows this IP address to a server somewhere.
3) On the server there are nameservers, which direct you to the specific content you want within the server. -> This step is unclear to me.
4) With this information, your request is received and the server relays site content back to you.
Is this correct? What do I have wrong? I've done a lot of searching over the past week, and the thing I think I'm missing is the big picture explanation of how all these details tie together.
Smaller questions:
a) How does the nameserver know which site I want directions to?
b) How can a site like GoDaddy own urls? Why do I have to pay them yearly fees, and why can't I buy a url outright?
I'm looking for a cohesive explanation of how all this stuff works together. Thanks!
How contents get loaded when I put a URL in a browser ?
Well there some very well docs available on this topic each step has its own logic and algorithms attached with it, here I am giving you a walk through.
Step 1: DNS Lookup : Domain name get converted into IP address, in this process domain name from the URL is used to find IP address of the associated server machine by looking up records on multiple servers called name servers.
Step 2: Service Request : Once the IP address is known, as service request depending on protocol is created in form of packets and sent to the server machine using IP address. In case of a browser normally it will be a HTTP request; in other cases it can be something else.
Step 3: Request handling: Depending on the service request and underlying protocol, request is handled by a software program which lives normally on the server machine whose address was discovered in previous step. As per the logic programmed on the server program it will return a appropriate response in case of HTTP its called HTTP Response.
Step 4: Response handling: In this step the requesting program in your case a browser receives the response as mentioned in the previous step and renders it and display it as per defined in the protocol, in case of HTTP a HTTP body is extracted and rendered, which is written in HTML.
How does the nameserver know which site I want directions to
URL has a very well defined format, using which a browser find out a hostname/domain name which is used in turn to find out the associated IP address; there are different algorithms that name-servers runs to find out the correct server machine IP.
Find more about DNS resolution here.
How can a site like GoDaddy own urls? Why do I have to pay them yearly fees, and why can't I buy a url outright?
Domain name are resources which needed management and regulation which is done ICANN they have something called registries from which registrar(like GoDaddy) get domains and book them for you; the cost you pay is split up between ICANN and registrar.
Registrar does a lot of work for you, eg setup name server provide hosting etc.
Technically you can create you own domain name but it won't be free off course because you will need to create a name server, need to replicate it other servers and that way you can have whatever name you want (has too be unique); a simple way to do that is by editing your local hosts files in linux it is located at /etc/hosts and in windows it is located at C:\Windows\System32\drivers\etc\hosts but its no good on internet, since it won't be accepted by other servers.
(Precise and detailed description of this process would probably take too much space and time to write, I am sure you can google it somewhere). So, although very simplified, you have pretty good picture of what is going on, but some clarifications are needed (again, I will be somewhat imprecise) :
Step 2: Your computer does follow the IP address received in step 1, but the request set to that IP address usually contains one important piece of information called 'Host header', that is the actual name as you typed in your browser.
Step 3: There is no nameserver involved here, the software(/hardware) is usually called 'webserver' (for example Apache, IIS, nginx etc...). One webserver can serve one or many different sites. In case there are more than one, webserver will use the 'Host header' to direct you to the specific content you want.
ICAAN 'owns' the domain names, and the registration process involves technical and administrative effort, so you pay registrars to handle that.

Prevent Visitors from Voting again

Orginal Question
I want to implement a voting system on my page that is open to visitors and users i.e. non-authenticated users can vote.
Is there a rails/rack (or other) solution to identify visitors for this purpose?
Summary/Result:
If you want to implement a system where a visitor can take a certain action only once, i.e. a voting system. You have to divide your visitors into two groups:
Visitors that don't want to/don't have the tools to trick voting
Visitors that don't manipulate the result can be tracked using techniques such as: evercookie, Webbrowser Fingerprinting (panopticklick) and IP-Blocking.
Gems:
https://github.com/daddyz/evercookie
https://github.com/Valve/fingerprintjs
JS:
https://github.com/carlo/jquery-browser-fingerprint
Paid-Services:
http://threatmetrix.com
Visitors that want and can trick voting
Visitors that want to manipulate the result will and can do this. Here's a example. You can set the barrier high for those visitors, but its usually easier for them to bypass those than for you to implement them. The reasons for this are perfectly outlined by the answers to this question.
Client software identification
Web browser fingerprinting
panopticklick only identify browser configuration, not human beings. Just using a different browser (IE/FF/Opera/Chrome) on the same computer, using the same browser on a different user account on the same computer (different set of installed plug-ins, so different browser fingerprint) or using a different computer will "fool" panopticklick.
This is not a weakness of panopticklick, as panopticklick does not try to identify human beings, only Web browsers.
"Private browsing mode" should make the browser fingerprint less unique.
Cookies
evercookie, just like any sort of cookie, is specific to a user account (or a computer) : just using a different account or a different computer would give you a different identity. (Different users cannot access each other cookies because of file permissions.)
"Private browsing mode", if implemented properly, will clear all cookies, including "super cookies".
IP address
Changing IP address
Some subscribers have :
a fixed IP address;
an IP address which changes rarely;
an IP address which changes if they unplug their modem for hour, days, or weeks;
an IP address which changes almost every time they reboot their modem;
an IP address which changes every 24 h, even if they do not want that (as the IP address change will break TCP connexions).
This is not made-up. I know ISP with all these different IP allocation policies. I have no statistics about the number of users in these different categories, however.
Some ISP will make you pay just to have a fixed IP address. So I believe a changing IP address is pretty much the norm in practice for most Internet users.
Proxies
Using an anonymous proxy (including Tor) will give a different IP address, just as a VPN.
But all the proxy users (or all users of a Tor exit node) will probably have the same IP address.
Shared IP address
In almost all cases, family members will share an IP address.
Most small/medium businesses have only one outside address. This has been a problem in practice with per-IP anti-spam limit for webmails.
Almost all mobile IP users share the same IP address with a few or a lot of other users. This has been a problem in practice with per-IP anti-DOS limit! The server administrator had to list outgoing IP addresses and white-list them! Whenever the mobile ISP uses a new outgoing IP address, its clients are blocked again until the server administrator adds the new IP address.
You probably do not want to play this "game".
You can use cookie, but that can be disabled and expired, or IP address to identify the visitor. This can be tricked too, and there is a chance that from larger networks, people come with the same IP (e.g. from corporate network).
Basically there is no foolproof solution. I think the IP address can be "good enough" if nothing important depends on it.

Membase? How does this work?

When I add an IP address and make connection, does the client gets All server's available IP addresses?
Or does client need to know at least 2 IP addresses for when one of them goes down?
This is the code I've been testing with (JAVA)
List addrList = new ArrayList();
addrList.add("192.168.20.105:11211");
addrList.add("192.168.20.106:11211");
addrList.add("192.168.20.101:11211");
try {
List addr = AddrUtil.getAddresses(addrList);
mbsClnt = new MemcachedClient (new BinaryConnectionFactory() , addr);
If I've added only one IP address, and while i was doing the gets and sets operation and the server goes down.
Will the client be able to connect to other available servers?
because if I add an observer and see the available servers, i dont see any (if i add only one server in the list)
Does this mean I have to add as many IP addresses as possible to avoid connection failures?
Another question is that , I can see that when i add the IP address, I have to put in PORT number which is linked to specific vBucket. Does it make any overflow from making all the clients watching a same vbucket? If so, how am I supposed to balance the Clients to watch different vBuckets?
Sorry if My English isn't really getting to you T^T.
Any kind of advices or answers will be very appreciated! Thanks!
The issue here is that your using the memcached constructors in MemcachedClient. If you are on 2.7.x or lower you want to use the constructor that takes a list of URI's, a bucket name, and a password. That constructor will connect to a Membase/Couchbase node and get a list of all servers in the cluster. Then if you rebalance or failover nodes Spymemcached will do the right thing and connect to new nodes or drop connections to nodes leaving the cluster.
In Spymemcached 2.8.x and later we actually removed this functionality and placed it into a new project called Couchbase Client. In that project you will find only the constructor I mentioned above. This should make it more obvious for what you should do. Couchbase Client 1.0.1 currently doesn't have support for views, but that will be added in the next release. Also Couchbase Client is compatible with all versions of Membase.
One other thing. You only need to provide one URI in order to get a list of all nodes in the cluster, but it is recommended that you add as many URI's as you have servers in the cluster. The reason for this is that if the node you specify in the URI goes down you will lose connection to the cluster since you won't be able to get cluster updates. If you specify more than one URI then Spymemcached/Couchbase Client will try to connect to the next node in the list of URI's.

setup POP3server for the internet

I have built several applications in delphi using the indy components suite(version 10.5.2 i think) and they all are working. I have just finished setting up the POP3server and it works locally. I can see mail sent locally on there. I have been using "localhost" as my hostname. However, i want to graduate to a higher level of function. I want to be able to receive email from the internet such from msn, gmail, yahoo ... The problem is I don't know how to do this. What address should I be using inorder to do this? So far "myhouse#localhost" has been working but only internally; can't seem to get external mail in there. Is it possible to receive mail like this? Thanks.
You need to register a domain, and then setup its DNS records (in particular, its MX records) to point to your server machine. That way, when an email is destined for any "#yourdomain" address by any sending service, it will be routed to your server machine (which needs to run an SMTP server to receive emails - POP3 is for downloading emails from your mailbox, not for putting emails into it). If your server does not have a static IP, then you need to use a service like DynDNS to mange the DNS records for you so they can account for your dynamic IP whenever it changes.
"The Internet" doesn't use POP3 to send and receive email, it uses SMTP. Here's how email "flows" from the sending computer to the receiving computer:
Server needs to send email to address: myhome#localhost. The first thing it does is isolate the server name, that's the part after "#". Next it uses DNS to lookup the SERVER IP for the computer that's supposed to receive email for the given domain. DNS contains a special record for this purpose, it's called the "MX" record. You can use command line tools like dig on Linux or nslookup on Windows to find this address, or you can use an online tool like the one found at http://www.mxtoolbox.com/ (google found this site, I assume there are many others!).
If you try to locate the MX record for your "localhost" domain you'll obviously discover it's not possible, because it's not a fully-qualified name. You first need to get yourself an domain name, so you can register a MX record!
Things you need in order to RECEIVE email
Need an "real" IP address. Servers outside your local network need to contact your server, and they obviously need a way to do it. Make sure no routers along the way block SMTP ports.
You need to register an domain name, add a MX record and point it to your "real" IP address.
Need to run SMTP server software on your box. You can use Indy components to write one.
Things you need in order to SEND email
Theoretically sending email with SMTP is the easy part. You just contact the responsible server using SMTP and send email, that's the way the protocol works: any computer in the world may send email to any SMTP server.
Practically sending email is the most difficult thing you'd have to do, mostly because foreign SMTP servers don't trust you (ever heard of SPAM?). Here are some of the things you might need to do so foreign SMTP servers accept email from you. There's no definitive list because the protocol itself doesn't include a clear authentication mechanism, so every big SMTP server out there uses it's own heuristics to decide rather to accept email from you or not. You'll find yahoo especially fun!
You need to have REVERSE DNS for the IP you're using to send email.
You need to send from one of the SMTP servers listed in DNS as your MX servers.
Your DNS records need to have long TTL (this rules out Dynamic DNS services)
Many other things...
What people usually do?
eMail is hard, there's a surprisingly small number of full SMTP servers available for your own server: Exchange, Notes, Postfix, QMail, Sendmail. They're all notoriously difficult to configure. Most people would use hosted mail services, some people would use the SMTP services provided by the ISP, and very few would install one of the mentioned services.
If you really want to write your own SMTP server go ahead, but you might want to install one of the ready-made ones before, to get a bit of eMail and DNS experience. The Linux ones are cheap to install and may also help with development (you don't want to send too much bad email to your free yahoo address, you might get blacklisted!)
POP3 is a protocol to read email from a mailbox. The TidPOP3Server component implements a POP3 server (and AFAIK it has no host property to set...), while TidPOP3 implements a POP3 client. To read mail from GMail or any POP3 server you need a TidPOP3 component. The hostname to set is the DNS name the service instructs you to use (i.e. pop3.mydomain.com).

Resources