I wonder what is the best way to ensure unique users. I will issue a common instruction to 100 people to my website. Once they come to my site, I'll need to allocate them to North south east west region, one after another. I also need to prevent one user from having many accounts. (The user may use another computer / their phone to access)
What is the best way to do this in grails?
There no way to be 100% sure that all users are uniq, btw you if you gather and validate as much details as possible, like:
email (you know), easy to counterfeit btw
cell number (send text message with special code to confirm number), but user can also use a friend number, or buy new one
ask for scan of person ID, and/or
address verification (require scan of bill/other pappers with full user name and address on it, or send a letter to this address with special code to confirm)
Are you controlling who gets the initial instructions, like from a contact list or something? If so could include a "registration key" and only let a particular key register once, or only let those particular email addresses be used to register (once), or even create the users ahead of time and send them the instructions to login.
Related
I need to create a webpage for a specific customer to use only during certain time frames.
I would like to make this page as secure as possible, by not allowing anybody else to see this page during this time frame. I would also like to make it as easy as possible for this customer to open this page.
My thinking is:
Open time frame
Send customer link via email
Email contains passcode to use to enter the page
After task is complete or time frame expires, the passcode also expires
To me, this seems pretty secure.
My concerns are:
The customer forwarding the email (I don't see why they would do this, so may be a mute point)
There is an inherent flaw in my thinking that I am not aware of.
The time frame is kept in a database. Each user action will have the passcode checked against the time frame to ensure that it is valid.
Is this method secure, within a reasonable degree, or is there a better way that you know of, or an existing technology that deals with this problem already?
As i gather, you want to limit access to third-parties as much as possible. i think you'd want something login-based - have a simple registration procedure with which you can connect the email to a user, let the client choose their own password, give the user rights to access the page, share the link (either use encryption with email or do it with the user account), restrict multiple sessions. Once the client has the information, you can't really ensure that they don't misuse it..
I have a very simple Twilio setup for my company as our phone system. I've one specific problem: at the moment, anyone can use any of the numbers that have been associated with the company on the site for calling out. So Bob might accidentally use Alice's number, and that's unfortunate.
How do I change that? I would like to be able to set it so that each non-administrator user can only use one phone number for calling out, specifically the number associated with their user or device.
You could use subaccounts:
http://www.twilio.com/docs/api/rest/subaccounts
Alternatively, enforce the extra Caller ID logic in your own application and refuse calls if they don't match the correct params.
I have a bunch of customer data that is normalized into multiple tables. I want to decide the best criteria for make a best guess that a customer might be the same. There needs to be a balance between minimizing the number of duplicates but also minimizing the false positives and therefore interrupting users to ask about potential dupes.
I am looking at some combination of first/last name + phone number || email address.
The first question is, what is a good set of criteria for determining if a customer might be the same as another customer.
The second question is, for this specific application, I only want to detect duplicates for customers that have signed up within the last 2 months or so. Does this change the detection criteria at all?
How would you go about asking a customer if they are the owner of a duplicate accoount?
"Hey Sam Jones, there is another Sam Jones that has an ip in your local area, his email is sam.jones#abc.com and your latest registration had an email of sam.jones#apple.com, are you the same guy/girl?"
If the above is even close to your scenario, then you would be leaking private information. i.e. the other Sam Jone's email address.
Typically you don't allow a customer to signup with the same email address, and secondly you verify that the email address they do sign up with is valid. That way if they signup again with a mistype in the email, they can't validate it.
An important thing is to choose attributes that are unlikely to change. If you use something like telephone number or email address, you risk having duplicates any time someone changes ISPs or mobile phone providers.
If these customers are customers that have made purchases in the past, you can store a hash of their credit card number and a hash of their billing address. Whenever they make another purchase, hash their payment info and compare it to your database. (notice I said to store a
hash, NOT their actual payment info)
if this question is of still interest to you, please check this tool https://sourceforge.net/projects/deduper/
I wrote this tool mainly for the purpose that you have mentioned in this question
I have a blogging application. Once a blog-post is created by a user, it will be sent as an email to some of user's friends. I want a functionality where the friends will just reply to the email and the content of the email will go as comments for that particular blog-post.
One way to do this is to do something similar to what http://ohlife.com does. It basically creates a unique ID per user per day, has the reply-to attribute of the email set to post+{unique_id}#ohlife.com and probably parses this field to know which user is the email for, when it gets received. But it really has only 1 email address which is post#ohlife.com. The part after the "+" get's ignored by email servers. This also is applicable to gmail.
What I wanted to know, is whether this property is for particular email servers or is it universal? If it is not universal, is there is email server independent way of implementing this? I would not want this to be based on the email subject, as it's the trivial solution I know of.
it is depending on your mail server and how it is configured.. (although it is quite a standard) - for example in postfix:
recipient_delimiter = +
you could set it to anything you like .. i once configured it to be a dot so i can use it all over the web.. http://www.postfix.org/postconf.5.html#recipient_delimiter
but you could simply make it configurable in your application as well..
Besides using the email subject or address, one other easy way to accomplish this would be to just stick an identifier number at the bottom of the outgoing email's body. It would then come back to you in the quoted part of the response message. This is much less obtrusive than putting stuff in the subject or address, and if you're using HTML messages you can even make the code invisible.
We are working on an online food ordering application. When the user orders something from any restaurant, an email is sent to the restaurant's email address mentioning the order details. However, our client wants that an order print out should be generated automatically as soon as a new order is received.
Is it feasible using ROR? If not, any alternate solution to the problem?
When my group wrote something like this we went a little lower tech, and had the system generate a fax and send it to a fax machine at the restaurant. Of course, that's mainly because this was a system working across many restaurants, with disparate IT infrastructures, and the one thing they had in common was each had a fax machine.
I would figure this could be done in 1 of two ways:
1- Outlook event-- Outlook has the ability to set up 'rules', one of which I think allows printing.
2- Create a script that runs every few minutes, checks the email (either through IMAP, or POP, depending on the account), and prints all of them out.
See this: http://ruby.about.com/od/tasks/a/pop3.htm for info on how to check POP3 mail with ruby on rails.
For printing, the links mentioned here seem useful: http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/504a616bf3e28057/ff6cb91462dfe961?pli=1
Ensure that you have 'from' or 'subject' filters setup, otherwise there will be a lot of spam printing.
You can use software to print your order automatically when email is received, it supports also print attachment like pdf, word, etc...
It is used by a lot of restaurant to print online order:
http://www.automatic-email-manager.com/