I need information about currently executing request in server in CORBA application. I am using Corba omniORB. I know, that in Ice for every function implemented in server-side there is parameter Ice::Current. Is there something similar in CORBA ?
Client certificates and other transport-related details were deliberately abstracted away by the CORBA spec. OmniORB might have some extension that allows this kind of investigation but I doubt it.
Your best bet is to turn up logging to the max and see if the client certificate's details appear anywhere.
Related
https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers/
Our organization is finding this announcement somewhat problematic! We use an IMAP library extensively to read various service based email accounts in o365. Any guidance on how to address this would be greatly appreciated.
Note, we have many console apps written in .NET (4.8) that run on a server based fired by many scheduled tasks. I understand we'd need to somehow register our "application" (I'm assuming that can be a generic one for our company), but we cannot involve any "user" interaction. These are utility apps. Glancing at the existing sample code for OAuth, they all seem to involve popping up a browser window to get someone to interact with "asking permission" which is exactly what we need to avoid.
We've used IMAP all this time to simply read and parse service based email accounts. I'm not sure I understand why IMAP over a secure connection is "less secure" than a more complex solution. Why take the option away?
On the other hand, the Microsoft Graph API looks significantly more complicated and appears to be OAuth based which, again, seems to involve quite a bit of authentication complexity.
Most REST APIs we've interacted w/ in other .NET console apps use a simple set of API "keys." Why not offer that at least?
As I say, we're looking for a way to write some process that run programmatically to automate a number of operations related to certain mailboxes. IMAP has worked like a charm so far, so we're looking for direct guidance on what to migrate to.
We understand your concerns. While a secure IMAP connection protects the data that's being transported, Basic Authentication exposes your Exchange Online accounts to attack techniques like phishing or brute forcing.
The primary objective of this change is to protect our customers from these threats. In addition, Modern Auth enables admin visibility into app access and enables fine-grained control of these apps.
To answer your question on implementation guidance, there is an existing approach in Graph to achieve exactly what you're looking to do. It's called "OAuth 2.0 client credentials flow". You can read more at https://learn.microsoft.com/en-us/graph/auth-v2-service
(Disclosure - I'm a Senior PM at Microsoft)
I have implemented a custom email server and web client. The server is just a REST API (similar to google's gmail API) that uses a 3rd party (sendgrid) for sending and receiving. The emails are stored in a database. The web client just talks to the REST client for sending and receiving.
The problem with this approach is it doesn't implement IMAP anywhere, which makes it impossible for standard clients (outlook, iphone, etc.) to connect to and use our email API. This limits customers to using only our client for email.
What I need is some sort of IMAP Server "facade" that will manage the connections to clients and make calls to my REST API for actually handling the requests (get email, send email, etc.).
How can an IMAP facade be implemented? Is there maybe a way to take an existing MailServer and gut it and point all it's "events" to making calls to my API?
tl:dr; write your gateway in Perl; use Net::IMAP::Server; override Net::IMAP::Server::Mailbox; and use one of the many Perl REST clients to talk to your server.
Your best bet for doing this quickly, while maintaining a reasonable amount of code security, is with Perl. You'll need two Perl modules. The first is Net::IMAP::Server, and here is the Github repository for that module. This is a standards-compliant RFC 3501 server that was purposely designed to have a configurable mail store. You will override the default Net::IMAP::Server::Mailbox implementation with your own code that talks to your custom email backend.
For your second module, choose your favorite Perl module(s) to use to speak to your REST server. Your choice depends on how much fine grained control you want to have over the construction and delivery of the REST messages.
Fortunately, here you have tons of choices. One possibility is Eixo::REST, which has a Github repository here. Eixo::REST seems to deal well with asynchronous vs. synchronous REST API calls, but it doesn't provide a lot of control over X509 key management. Depending on how googley your API is, there's also the REST::Google module. Interestingly, this family also has a REST::Google::Apps::EmailSettings module, specifically for setting Gmail-specific funkiness like labels and languages. Lastly, the REST::Consumer module seems to encapsulate a lot of https-specific things like timeout and authentication as parameters to Perl object instantiation.
If you use these existing frameworks, then about 90% of the necessary code should already be done for you.
Don't do this by hacking Dovecot or any other mail server written in C or C++. If you hack together a mail server quickly using a compiled language, your server will sooner or later experience all the joy of buffer overflows and stack smashing and everything else that the Internet does to fuck over mail servers. Get it working safely first, then optimize later.
(This is basically my comment again, but elaborated quite a bit more.)
Some IMAP servers, most notably Dovecot, are structured such that the file access is in a separate module with a defined interface. Dovecot isn't the only one, but it's by far the most popular and its backend interface is known to be appropriate, so I'd take that absent specific concerns.
There already exist non-file modules such as imapc, which proves that it can be done. When a client opens a mailbox backed by imapc, Dovecot parses IMAP commands, calls message access functions in imapc, imapc issues new IMAP commands, parses the server responses, returns C structs to Dovecot, Dovecot fashions new IMAP responses and returns them to the client.
I suggest that you take the dovecot source, look at src/lib-storage/inbox/index/imapc and the other backends in that directory, and implement one that speaks your REST API as a client.
Since you're familiar with .NET, I would suggest hacking either of the following implementations of IMAPv4 servers to your liking:
Lumisoft Mail Server - a very old project indeed (let's call it "mature", huh?). Don't be too turned off by the decade-old website and the lack of a github link - the source is provided under "other downloads".
McNNTP - also an older project and with a major focus on NNTP (as the name says) but very close to what you're trying to achieve in terms of the IMAP component. Take a look, you'll probably find this a good starting point.
I'm starting a new system creating using .NET MVC - which is a relatively large scale business management platform. There's some indication that we'll open the platform to public once it is released and pass the market test.
We will be using ExtJs for the front-end which leads us to implement most data mining work return in JSON format - this makes me think whether I should learn the OAuth right now and try to embed the OAuth concept right from the beginning?
Basically the platform we want to create will initially fully implemented internally with a widget system; our boss is thinking to learn from Twitter to build just a core database and spread out all different features into other modules that can be integrated into the platform. To secure that in the beginning I proposed intranet implementation which is safer without much authentication required; however they think it will be once-for-all efforts if we can get a good implementation like OAuth into the platform as we start? (We are team of 6 and none of us know much about OAuth in fact!)
I don't know much about OAuth, so if it's worth to implement at the beginning of our system, I'll have to take a look and have my vote next week for OAuth in our meeting. This may effect how we gonna implement the whole web service thing, so may I ask anyone who's done large-scale web service /application before give some thoughts and advice for me?
Thanks.
OAuth 1 is nice if you want to use HTTP connections. If you can simply enforce HTTPS connections for all users, you might want to use OAuth 2, which is hardly more than a shared token between the client and server that's sent for each single request, plus a pre-defined way to get permission from the user via a web interface.
If you have to accept plain HTTP as well, OAuth 1 is really nice. It protects against replay attacks, packet injection or modification, uses a shared secret instead of shared token, etc. It is, however, a bit harder to implement than OAuth 2.
OAuth 2 is mostly about how to exchange username/password combinations for an access token, while OAuth 1 is mostly about how make semi-secure requests to a server over an unencrypted connection. If you don't need any of that, don't use OAuth. In many cases, Basic HTTP Authentication via HTTPS will do just fine.
OAuth is a standard for authentication and authorization. You can read about it in many places and learn; Generally the standard lets a client register in the authentication server, and then whenever this client attempts to access a protected resource, he is directed to the auth-server to get a token (first he gets a code, then he exchanges it with a token). But this is only generally, there are tons of details and options here...
Basically, one needs a good reason to use oAuth. If a simpler authentication mechanism is good for you - go for it.
I have had experienced with iOS development but no Client Server type applications.
I have heard about HTTPS, REST, JSON, etc. I am confused on the differences.
My app that I want to build is getting a list of data to output to the user and also sending a form to the server to be processed. E.g. A Membership Application to the Server with personal information and other pertaining information to be stored in the server. I also need the connection to be secure and the user must logon to the server with a username and password.
How does my app communicate with the server? Is it using NSURLRequest?
What is the best method or protocol to accomplish this?
Thanks!
HTTPS, REST, and JSON are different tools you can use when performing networked operations (more specifically, a secure protocol, a web service architecture, and a method of object serialization, respectively). If you don't know what these mean, I would do a little reading before attempting to build an iOS app that functions as a client. The link johnathon posted in the comments is a little low-level for what you're wanting to do, but searching around for "consuming a web service with iOS" might be good.
Also, does the service already exist? If so, your task is essentially to understand how to communicate with the server.
Once you're a little more up-to-speed on the fundamentals, however, the AFNetworking library is phenomenal.
I have been coding against a Delphi EXE (win32 desktop app) to access twitter and do certain functions. It used to use Basic authentication with the api limitation. I know I have to convert this to OAuth. I have been reading over the documentation trying to determine the best approach. I understand the best method is the Web browser with a call back url. I also know that Twitter includes a Pin Based (oob) authentication method. I figured this was the route to go with this application, but I want to make sure since that is not seamless. It requires the user to go external to the application and get a pin number. It also is not as secure since the access token returned never expires.
I am using Indy v10 components to do the GET/POST operations, so I am wondering if there is a way to do this using them and being able to do a callback and not use the Pin authentication method.
Can anyone help me?
Also I've been trying to get Chuck Beasley's Twitter Class working in Delphi 7 with Indy v10 and I've been having trouble. IdObjs and Idsys don't exist anymore. Has anyone got this class to work with my scenario?
Thanks,
David
OAuth is a standard used for Web applications, its text is liberally littered with the word 'agent', meaning a browser. The best solution IMHO is, if possible, to actually have a callback URL, meaning you have your own site which provides the service to back your application functionality. There are services that make this possible for third parties already, like JanRain. If these options are not feasible (meaning you cannot provide a true WWW site for the callback URL) not feasible, then your only option is indeed the out-of-band authentication, oob. Don't even think about having the OAuth authentication call back the app listening on some port, that is completely unreliable for 1) the vast majority of apps will sit behind some sort of NAT device (router, outbound proxy) which makes them unreachable from the OAuth prvider and 2) the OS firewall will block your incoming calls.
In the mean time, Beasly's Twitter class has been expanded/updated; see the latest incarnation
I've started a library that uses Synapse to access twitter. It can use OOB/PIN authentication and predefined oauth token/secret. It can be extended to use browser based auth. Currently written using FPC but should be adaptable to Delphi quite easily. FPCTwit code
You may wanna try my take on twitter, supports unicode as well unlike the other delphi implementations:
http://eden.fm/2011/02/27/twitter-library-for-delphi/
I don't use Indy though, but ICS