MD5 in ActionScript - actionscript

I am trying to build a web based flash application. I am quite new to flash. I would like to develop it in two forms - demo and paid version. For this application to act as a paid version I need to have some kind of serial key. In order to achieve this I googled and came across something like this
MD5(MD5(thisuri)+thisuri)
I think 'thisuri' points to the current url page but I don't know how to get that url and I don't know whether '+' acts as a character or an operator.
Can you please help me?

It seems that a library exists in AS3.0 : as3corelib
An ActionScript 3 Library that contains a number of classes and utilities for working with ActionScript? 3. These include classes for MD5 and SHA 1 hashing, Image encoders, and JSON serialization as well as general String, Number and Date APIs.
To use it, just download the zip file, decompress it and copy the contents of "src" directory to the root of your project.
Then in your actionscript code, simply do the following :
import com.adobe.crypto.MD5;
var hash:String = MD5.hash(”test”);
source in french

To add to #Julien's recommendation of using as3corelib, you will also need the advice from this post to get the current url: Get Current Browser URL - ActionScript 3
Somehow I think there's a more elegant way to get the url, but I don't remember it.
While this may provide you with some basic check for the paid version, a determined hacker will easily fool this algorithm. For example, I could fool the environment into thinking that its being served from a domain that you've registered as part of the "paid" version. Also, since the client has the flash code, they can decompile the binary and potentially see the algorithm you're using. Depending on what you're offering in the app, this extreme case may or may not be acceptable to you.
Look into more secure authentication mechanisms if you're serious about security.

Related

URL structure for multilingual websites

I'm developing a SPA web app and it will support various languages. It is build with AngularJS and I am using angular-translate to provide i18n.
But I am struggling a little bit with how the URL structure should be. I do no plan on using either gTLDs nor ccTLDs, so that leaves me with three options.
Use query params: ?locale=en-us
Use url paths: /en-us/page
Store the chosen locale in localStorage or a cookie
The first option is a no-go according to Google's guidelines for web apps SEO. So that leaves me with the last two options.
I have a hard time deciding which is more beneficial, though I am inclined to believe that using url paths would probably be more crawler friendly.
P.S: Not sure if this is the best place to ask such a question either.
The second option is your safest bet as according to https://webmasters.stackexchange.com/questions/59652/what-happens-if-i-try-to-set-a-cookie-on-a-bot cookies are ignored. You can test this yourself by going to the Google Console and fetching your website.
As of now most crawlers ignore cookies and DO NOT execute JavaScript. This means that they usually just download the html and make their judgements from there.
Some developers get around the no javascript problem by pre-rendering parts of their content. I haven't done it personally but you might want to check out https://prerender.io/
Edit
As rolandjitsu mentioned google crawls and executes javascript content.
You should go with second option: provide the language tag (and, optionally, region subtags) in the URL path as first segment.
For the simple reason that it allows you, visitors, and bots to link to specific translations.

What's the proper and correct way to access files on O365 from iOS

I know that someone mean will probably close this question for being opinion, but the truth is, I'm not after opinion as such, but actual facts about the correct way and how to do this.
I've been searching around for quite a time and I'm still unclear as to what direction to take. It seems there are a billion* libraries that I could use, but I want to know what would be the correct, proper supported method of achieving this.
Essentially, I have a very simple requirement to list and download files from Sites on our Office 365 subscription to an iOS application.
Initially, I looked at the REST interface for Sharepoint and, from a browser, was able to easily perform a GET to our site and receive and receie a response with meta data about the file, for example:
https://mytenantid.sharepoint.com/_api/web/getfilebyserverrelativeurl('/MyFile/Here/Document.txt')
I could also retrieve JSON output instead of XML by specifying an Accept header of application/json using the POSTMAN REST client for Chrome.
So far, so easy. Just the authentication to do outside of the browser and that's it.
Phew!!
I started by looking at Basic authentication, but wasn't sure if this is the right way to do it and even if it would work?
On looking further, it seems that actually, using OAuth might be the way to go. Apparently, you can either do this yourself (no idea how), or use a library (ADAL?) from Microsoft? Unfortunately, this all looks half baked will very little documentation that seems to work. It also requires the use of CocoaPods and workspaces and isn't just a simple library that I can copy to my project and start using (a la SwiftyJSON). There also seems to be a lot of other libraries around too.
I should mention that I'm using Swift, so I've tried converting code from Objective C to Swift (unsuccessfully) too. Apparently I can't use "readWithCallback" with an argument list that the code tells me I should actually use -- even a sample application I downloaded had the same issue.
I've also tried using node.js with a script (not a Web Application) and the documentation and number of libraries available for that is almost worse.
Any assistance to achieve this really simple capability would be hugely appreciated -- it's been driving me nuts.
Many thanks,
D.
*this might be a slight exaggeration.
Office 365 has a RESTful API that you can use any programming language to authentication and integrate in your app.
Here is a simple example for iOS connected app to office 365. The sample shows how to do this in Objective C and SWIFT.
https://github.com/OfficeDev/O365-iOS-Connect
If you want to full iOS samples for office 365 connected apps, Check out this link:
https://msdn.microsoft.com/en-us/office/office365/howto/starter-projects-and-code-samples
Enjoy :)

is there any widely accepted syntax for writing post data in url?

You can give someone an url with get:
http://myserver.com/?var=val
But what to do with POST method ? I know that the program I put url into must support this, I do not know any browser that can (maybe with plugin possible), but is there widely accepted syntax to do it, for example I came up with this:
http://myserver.com/<var=val>
or maybe:
http://myserver.com/??var=val
http://myserver.com/?!var=val
http://myserver.com/!!var=val
http://myserver.com/!var=val
etc...
I'm writing a tool to do it , and I wonder if I must think on my own just like first guy who created e-mail and out of the air conceived # character since it was rarely used then...
The idea is that some services use post data and there is no way to send someone link to resource there. And yes I know that when there is post data that resource is not meant to be such easy passeable to people... but wait since when author of a website has to have power over what I can and can't do with his service.
You'd better introduce a separate argument for passing POST data to your tool. Mixing it together with URL would just cause confusion among your users. Remember that POST data be quite large, so you'd end up introducing features like loading POST data (or a value of an individual variable) from a file anyway.

Digitally sign a pdf document in iOS

Recently I was assigned an iOS project, where I need to digitally sign a pdf document using a key that the application will download from a server.
I don't yet have a clear idea of the process involved in signing documents, what I know until now is that I will be signing my pdf using a private key file provided to me, and then the verification will be done using the public key version of the same file.
I have seen that digital sign can be achieved using libraries like iText for Java or iTextSharp for C#. That's why I would like to know if there is something similar for iOS?. And if not, what would be the process to achieve this using Quartz abilities to manage pdf documents?
Well... I have been checking the Apple docs, and I found this:
https://developer.apple.com/documentation/security/certificate_key_and_trust_services
I think this is supposed to support the X.509 format... which I could use to sign the pdf as an instance os CFData I guess. Also I have been checking the CryptoExercise sample code, but I am not 100% sure if this is what I am looking for.
Other suggestions have told me to check Adobe documentation, but haven't found yet a C api to sign documents using certificates.
If somebody has used the certificate services provided by Apple... it would be great any suggestion or more sample codes to understand the process.
Pablo,
signing PDF documents is a tough task (my company is doing this in the windows world in Pascal).
In general, I can tell you that you probably will not find usable source code you can just incorporate into you project. To see how it is done, the iText source is a good starting point, cause everything is in there.
In objective-c you are on the right path. Using X.509 certificates with functions like SecKeyRawSign is the right way (cause the actual given paddings are to old, you need to create your own padding for supporting e.g. SHA256. You can see here, how this is done: What is the difference between the different padding types on iOS?).
The 'dataToSign' is nothing else than the hash of PDF Content (e.g. SHA256) you want to sign.
To find out which part of the PDF source you have to sign exactly, you must check the adobe PDF 1.6 documentation, or do some searches in groups talking about that. It makes no difference in which language you are going to sign the PDF.
In the end, you will embed the signature and some information about the signature in the predefined portion of the PDF document (look out to not break the valid hash by doing that ;) ) and it could be seen and verified with any other PDF signature/verification software.
I'm sorry that I can't provide you with relevant code, but you'll find enough samples around the X.509 certificates - e.g. creating a SSL/SSH connection. And if you search for SecKeyRawSign, you'll even find some samples for signing (at least with other patterns). That's all you need, if you find the PDF Syntax for taking the content portion to sign and to embed the signature into the final PDF.
I hope this was of help for you
Jimmy

How to get product information from amazon, just based on the URL?

I just have a link to a product page, at amazon. How do I get all the information (photo, price etc), in my ruby program, just using this link?
Here's the list of supported urls as disclosed by amazon for their oembed, product advertising API would come to picture only after parsing through these URLs and getting the ASINs
http://*amazon.*/gp/product/*
http://*amazon.*/*/dp/*
http://*amazon.*/dp/*
http://*amazon.*/o/ASIN/*
http://*amazon.*/gp/offer-listing/*
http://*amazon.*/*/ASIN/*
http://*amazon.*/gp/product/images/*
http://*amazon.*/gp/aw/d/*
http://www.amzn.com/*
http://amzn.com/*
I found this library (I'm using Rails)
amazon-ecs
I'm experimenting with it. Still, I'd require some kind of ID (product id?) to get details of a particular product. For example, consider this link to kindle
http://www.amazon.com/Kindle-Amazons-Wireless-Reading-Generation/dp/B00154JDAI/ref=amb_link_84372271_1?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-1&pf_rd_r=06JJGQP9J3BHKPE38SXP&pf_rd_t=101&pf_rd_p=478184871&pf_rd_i=507846
In that link, I noticed ASIN, which is B00154JDAI.
Looks like I can use this ID, to get product information (using amazon-ecs). I just need to parse the URL, to get ASIN.
Is there any other way to do it?
No, I am not going to do screen scraping, that is not a good idea anytime.
If you want to do this, the Nokogiri or hpricot libraries both allow HTML parsing and searching. However, this kind of screen-scraping is notoriously unreliable (as it may break any time Amazon decides to reorganize their HTML), so if you're planning to do this sort of thing for any length of time I'd recommend leveraging the Amazon Product Advertising API instead.
In your program: fetch the page and parse HTML. Filter out the required information. There may be some libraries in Ruby (that I am unaware of), which parse HTML.
hpricot seems to do what you want.
You should use the library Ruby/AWS (google for it, my karma is not high enough to allow external links...). It has been written exactly for that.
You might need to use the built-in Search to find the item you're looking for. After that, the API gives access to pictures, links and all usable information.

Resources