I would like to know what exactly does OwnerID/FileID in a QWC file signify. I went through the QBWC_proguide but still it is somewhat unclear to me. I am new to this so please can somebody elaborate this. Thanks in advance!
I would like to know what exactly does OwnerID/FileID in a QWC file signify.
Nothing. :-/
They really serve no purpose except to make sure that you can't load the same .QWC file twice. You can safely make up these values (they have to be valid GUID values) and even change them if you need to legitimately re-load a .QWC file and QuickBooks won't let you.
Just to add to Keith's answer, while it does prevent you from adding the same company connector config twice, I believe you can also pass OwnerID to the CompanyRq query to get back the FileId, which is unique for each company and can be used for multi-connect
See https://stackoverflow.com/a/65679466/2807183 for more details
Related
I took a look at Serilog.Sinks.EventLog at Github and noticed there doesn't seem to be a way to set the Event ID of the logged event (example IDs here).
Would there exist a way to modify the sink so that it'd be possible? Perhaps with some kind of specially formatted message? I don't know if I should put this here or on Github, I'll try here first. :)
There isn't a mechanism currently for this - designing one seems tricky (but ultimately it'd be a great addition to the project!)
I am trying to edit certain attributes in a chef repo.
I see the following (probably default) text in readme of chef-solo:
Absolutely no sensitive values should be kept in the git repo. All secrets should be kept in the password vault. Capistrano will register servers with the vault as needed.
I am not sure which values really should NOT be there in the repo. Can anyone please help with some examples?
Also, I see a statement in one of the roles files in override_attributes section which I do not fully understand but probably is related to above text:
use_vault : true
I understand that this is a vague question but this is all I can give away. Thanks in advance for the help!!
I'd like to clarify something that was confusing me in the first place. Your question is basically analogue to this one: "Should I use fork or teaspoon so I wouldn't harm my child while feeding it with poisonous berries?" And the answer is: "Nevermind the tool, it's berries you should worry about!"
Now, let's separate override_attributes problem (tool), from the risk of exposure of sensitive data (berries).
Override attributes are being used only when we are not sure where the data will come from and we need to override them forcefully. What you're seeing is just that. Writer of that recipe ensured that vault will be used.
Message you posted regarding sensitive data has nothing to do with override_attributes. I presume you wouldn't like to put your private keys, passwords, or your credit card credentials into files and have it pushed to github, public git repo, or make it public in any other way. Message is just there to remind you. So, where should sensitive data be placed? There's no answer but the one you got All secrets should be kept in the password vault.. Thing you should also keep in mind before storing sensitive data on a certain place, are the architecture of a system and privileges of it's users. You want to keep it out of reach of people who doesn't need to know it. All this talk is about keeping your vulnerable, precious, sensitive data as secure as possible, and there's no Q&A recipe for that.
Hope this vague answer helped. If anyone knows how it might be more clear, please comment or edit, I'll be happy to see it improved.
Guys i'have a question.
I'm currently buiding a wizard that has 5 step's until being completed.
The user starts by the first step where he generates the entry id.
From there on i start passing the id over the url like this:
host.com/{controller}/{view}/{id}
This is how my url looks like after the step1,
------- currently at view step2 passing the id=120
host.com/{controller}/step2/120
This isn't safe because as you know, anyone can change the id and affect other users's entries. Ofc, it can be quickly solved by reading if the authenticated user is proprietary of the entry that he must be trying to access in each view.
Now, my question is... is there a better way to do this?
Any tips for future work?
Is what i'm doing enougth?
(begginer doubt praying for a expert awnser)
Cheers
...It can be quickly solved by reading if the authenticated user is proprietary of the entry that he must be trying to access in each view.
Yes, that's true. You should start there.
Here are some other things that you could do:
You could make your entry ids Guids instead, so that a would-be hacker would never try to guess an entry id.
Because using GET for sensitive data is a bad idea, you could, as endyourif suggests, pass the entry ids with hidden fields instead.
If you are truly concerned about the user altering the ID in the URL, then you must spend the additional time adding an "isOwnedBy" like functionality.
As an additional security measure, you could pass it via a hidden variable in the form so it is at least not as easy to change as well.
Edit: I like #LeffeBrune's suggestion of encrypting the idea as well. However, I still suggest that the validation is performed on the function to ensure the user owns the object. It's just good practice.
What is the following portion of a Gmail URL for?
https://mail.google.com/mail/?**zx**=1efobg68r40co&**shva**=1#inbox
If you change it, nothing happens!!
I know Gmail is not an Open-Source program so we can't trace the code. But every website try to make the URL shorter so they ideally shouldn't add redundant data to the URL. At the same time they don't make any difference nor error if they change.
Edit: I know it's a parameter for a scripting language since I'm a PHP developer but as a developer I don't EVER add a useless parameter and I think it's obvious/primitive sense!
The acronym stands for "Should have valid authentication" as noted here:
http://googlesystem.blogspot.com/2010/07/gmails-shva-parameter.html
As others have noted, 1 is the default value.
If I'm remembering correctly, back when they were working on the current version of the interface, you could preview it by setting shva=2 instead of the default. That version is now the default and you can't get the old version, so shva does nothing now.
It may be used again in the future, who knows?
But every website try to make the URL shorter so they ideally shouldn't add redundant data to the URL...
This is self-evidently not true. Look at StackOverflow URLs for a perfect example. This post:
http://stackoverflow.com/questions/1692968/shva-in-gmails-url-what-is-this
could just as easily be (it works):
http://stackoverflow.com/questions/1692968
I don't think anyone worries these days about the extra couple bytes of data involved with an extra query string parameter.
Some of them saying it is" should have valid Authentication". We shall consider it OK.
But the real expansion of shva is "security host verification and authentication".
It always comes when you open Gmail.
We won't know what it 'exactly' means unless someone inside Google answers your question. But my guess would be that it has to do with security and encryption. Nothing happens when you change it because it is part of the cookie as well. So when you change it they must also compare it with what is set in the cookie.
"shva" is an acronym for "should have valid authentication". Apparently, the parameter is only included after a successful authentication.
The 1 is the default value applied to the parameter check. It's also a shorthand way for programmers to say true, like when you have successfully logged in.
The other part, #inbox, tells Gmail to load up your inbox as the first screen. You can change that to one of the other folders (or even labels you've created) to load them up.
E.g., https://mail.google.com/mail/?shva=1#sent will show your Sent folder items.
https://mail.google.com/mail/?shva=1#label/narwhals will load up your "narwhals" label.
Gmail, like many web services, serves a standard interface that will change to show only your information and data when you've logged in.
The particulars are referenced on their end through the use of an ID from the cookies or sessions generated after the login screen.
I'm using embedded web browser from Bsalsa to write an email client in Delphi
I have a problem with cid embedded attachments such as:
<IMG src="cid:5D4219C71EAE43B1864AE9CB27C224A8#somehost">
I store the attachments in the database but can't figure out how to provide them to the browser. It seems custom moniker might need to be implemented but the documentation is scarce.
Any help would be appreciated.
I've implemented it using a "pluggable protocol" handler and it's easier thant it looks. Start here: http://msdn.microsoft.com/en-us/library/aa767916(VS.85).aspx and here: http://www.bsalsa.com/protocols.html
I am sorry I can't share the code I wrote but it's written for the company I work for and I have restrictions about it. Basically you need a com object that implements the proper interface to get the data and allow the web browser control read them.
That's IMHO the correct way to do it - altering the mail and storing temporary data may bring issue in the long run.
The simplest solution is to extract your "attachments" as requested into a temporary folder, then change the reference in the source to point to these temporary files, prior to being displayed. In the past I have used diHTMLParser to just this with great success.
If I remember correctly, the message contains these mime attachments along with an optional filename which doesn't always exist, but will have a mime type so you might have to have a translation table to get a default file extension for an attachment. Also, keep track of the files you place in your temp directory and clean up once your message window is closed. If you allow multiple messages opened at once, allow for name collisions and generate unique files.. it is common for signatures to have the same name, but be from different people... can be confusing if your message from John is signed Mary. :)