Securing Azure web app (easy tables) - javascript

I have created a backend for an android app (xamarin.android) usng Azure EasyTables. Now everything's working but I also want to access my EasyTables db from a website.
Currently as a test, I'm using the Azure mobile javascript sdk. As an absolute beginner, I really don't have an idea how I can make this secure. I have lines of code like
var MobService = WindowsAzure.MobileServiceClient;
var client = new MobService(MYAPPURL);
var reportsTable = client.getTable("rp_Table");
var totalActs;
var query = reportsTable;
query.where(function (){return this.LicensePlate == lplate || this.ReporterId == uname;})
.includeTotalCount().read().done(function (results){ });
all of which are EXPOSED to anyone. Where do I even begin to look to secure this? Is there a way to have some sort of stored procedure in Azure EasyTables so I can just disable anonymous CRUD permissions?

You can disable anonymous CRUD permissions on the table via the Azure portal like this:
navigate to your App Service -> Easy tables -> select the table -> Change permissions
For more information, please refer to the following documentation articles:
How to: Use authentication claims with your tables
30 DAYS OF ZUMO.V2 (AZURE MOBILE APPS): DAY 6 – PERSONAL TABLES

Raphael,
Could you try setting the firewall on your EasyTables DB as mentioned here: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-security-tutorial
You would be able to specify client IP addresses to which you would like access to be granted to.

Related

Mettler toledo IND780 read weight through javascript

How one can communicate with Mettler toledo IND780 device for reading weight through browser application through javascript. I know ActiveXObject will work with only Internet explorer . But is there any documentation or API to do this via javascript.
First, You need to contact the developers of the Mettler toledo IND780 device and confirm with them, whether this product can interact with any Web application or not. As other community member already informed you that this kind of devices can not be accessible from any web app.
I try to visit their site and I find that this product can work like below.
Reference:
IND780 Advanced Weighing Terminal
They can give you the proper idea or any example to interact with this device.
If they deny you that this device cannot work with Web app then try to store the data from that device to any Excel file and then try to import the data from that Excel file to your web app may help you to solve the issue.
You need to use a TelNet client to communicate with the device. Currently i'm using C# to connect and read information. I think you can use a similar library from JavaScript side.
Old thread but maybe this answer can help someone, best way around is to code a back-end application to get the data you need from the Shared Data of the IND780 (Shared Data Reference manual), example in Python3:
import socket
import time
# Create a TCP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Connect the socket to the port where the server is listening
server_address = ('172.16.40.98', 1701)
print('connecting to {} port {}'.format(*server_address))
sock.connect(server_address)
try:
time.sleep(0.1)
data = sock.recv(2048)
print('1 received {!r}'.format(data))
message = b'user admin\n'
print('2 sending {!r}'.format(message))
sock.sendall(message)
data = sock.recv(2048)
print('3 received {!r}'.format(data))
print(len(message))
print('')
message = b'read wt0101\n'
# wt--01 Displayed Gross Weight
print('4 sending {!r}'.format(message))
sock.sendall(message)
data = sock.recv(2048)
print('5 received {!r}'.format(data))

.php is getting downloaded instead of loading it on firebase web hosting [duplicate]

I'm trying to test out if PHP works from my Firebase hosting using the following:
(index.html)
<form action="welcome.php" method="post">
<input type="submit">
</form>
(welcome.php)
<?php
$to = "my#email.com";
$subject = "My subject";
$txt = "Hello world!";
$headers = "From: dummy#email.com";
mail($to,$subject,$txt,$headers);
?>
Every time I try this the browser keeps on attempting to open the PHP file rather than processing it. Is simple PHP enabled on the Firebase server hosting to process a simple form like this? If I can get it to work this way, I will be building the form out correctly including validation etc.
Thanks,
From the Firebase Hosting site (emphasis mine):
We deliver all of your static content (html, js, images, etc.) over a secure SSL connection and serve it on a CDN.
Firebase Hosting is for hosting static assets. Firebase currently doesn't offer any way to execute your code on Firebase's servers.
Update (2018-08-08): You can now run Node.js/JavaScript code but connecting your Firebase Hosting project to Cloud Functions + Firebase Hosting. But that still won't allow you to run PHP code.
As per the latest update firebase has started using Cloud Functions
Cloud Functions for Firebase lets you run mobile backend code that automatically responds to events triggered by Firebase features and HTTPS requests. Your code is stored in Google’s cloud and runs in a managed environment. There's no need to manage and scale your own servers.
For more : https://firebase.google.com/docs/functions/
There is no PHP but nodeJS available for server-side scripting ...
Google Cloud Functions are written in JavaScript, and execute in
a Node.js runtime.
Mandrill also supports nodeJS and it features a Webhooks API.
Therefore, one can require that node module within these "cloud functions" and "web hooks" ...and then post with a HTML form onto them.
There would need to be a few HTTP cloud functions defined on the Firebase Console, in order to let them subscribe, unsubscribe and manage their subscriptions. One could even generate the HTML markup for the input form with cloud functions and then attach it. As an example, not tested and no guarantee included:
const functions = require('firebase-functions');
const mandrill = require('mandrill-api/mandrill');
var client = new mandrill.Mandrill('YOUR_API_KEY');
/* TODO: add the user on Firebase, respond through the API */
exports.user_add = functions.https.onRequest((req, res) => {
});
/* TODO: change subscription settings on Firebase, respond through the API */
exports.user_edit = functions.https.onRequest((req, res) => {
});
/* TODO: remove the user on Firebase, respond through the API */
exports.user_remove = functions.https.onRequest((req, res) => {
});
/* optional: generate the HTML markup of the form, send HTTP response */
exports.markup = functions.https.onRequest((req, res) => {
});
One can bind the events of Firebase Auth, to keep two user databases in in-sync (this is not required for Mandrill, but required for MailChimp - no matter whether using the PHP or nodeJS wrapper):
exports.on_user_create = functions.auth.user().onCreate(event => {
const user = event.data;
});
exports.on_user_delete = functions.auth.user().onDelete(event => {
const user = event.data;
});
Firebase on Websites explains it, while there is a Local Emulator for Cloud Functions.
You can play around with any of these: Angular, Ember, Knockout, React,
Node JS. The same thing you PHP code does you can make happen with pretty much any Javascript technologies - just no dynamic language. Also another way to do it is to used an online form providers like Jot Forms or others. You can create and style the form withing you online form account then simply add it to you site. Then when user post it will post to the form. As a result you have a centralized environment not only for you current site but for any others down the road. You can create a web service and post values there - then do whatever you want with them: save them to the database... Otherwords have another server that handles all those things so you can just call it from Firebase hosted sites. Hope that helps
PS: I am currently building a product that is a simplified version of Online Forms to be used on Firebase websites. I am planning to have a few people using for now so if you would like you can email me and I will create an account for you to use it. As long as there is no abuse like sending a bunch of emails - you will be fine!

Get current Active Director user name in javascript/ajax/json from a Meteor App

I am already connected in an organisation in an Active Directory (LDAP). After that, I want to connect with Meteor to a MongoDB etc... I have to get the user name (Me in occurrence who is already connected) from Active Directory. But first of all, how do I get my user in js. or ajax,json call in meteor.js(node.js or others?).
I have look a lot at different things, like if you are in server side with asp.net you can do this : Page.User.Identity.Name So maybe create a web service that return your user?
Would
<script language="javascript">var username =
'<HttpContext.Current.User.Identity.Name %>';
</script>
work?
But if I follow the link it explain it's for Razor.
How to get the user's username in my intranet web application in a windows network
Maybe the solution is to get an API with Meteor to do call json to get username like JSonAuth? Or to use node.js with passport.js but now new version of Meteor use oAuth it seems..
or to call the IIS Server to know the current user?
How to get the profile of current user in node js

How to use a same DB with 2 different React applications

I have to make an offline application that sync with another online app when it can.
I developed the offline app using PouchDB. I create this app thanks to the github repo create-react-app. This app is running at localhost:3000. In this app, I create and manage a little DB named "patientDB".
I manage the db with the classical put method like we can see in the documentation:
var db = new PouchDB('patientDB')
db.put({
_id: 'dave#gmail.com',
name: 'David',
age: 69
});
With the development tool for chrome given by PouchDB, I can see that the DB is working like I want (the documents are created):
The other application is another React application with a node server. During the development, this app is running at localhost:8080.
In this app I try to fetch all the docs contained in the "patientDB" with the following code:
const db = new PouchDB('patientDB', { skip_setup: true });
db.info()
.then(() => {
console.log("DBFOUND")
db.allDocs({include_docs: true})
.then(function (result) {
console.log("RESULT" , result)
}).catch(function (err) {
console.log("NOPE")
console.log(err);
});
})
My problem is that I can't get the "patientDB" created with the offline app in the online app. When I do a var db = new PouchDB ('patientDB') it create a new and empty db because it can't find a db which is already present.
I use google chrome to run all my application so I thought that the dbs could be shared.
However I did little and very simple tests with two html files:
First.html which initialize a new db with a doc
Second.html which read the db create in First.html
In this case, I can fetch the doc created with First.html in Second.hmtl even if the are two separated "website".
I think that the application which run at a localhost are like isolated of the rest of the application even if, like I said before, I use the same browser for all my applications...
I don't know what to do or I don't know if it's even possible to do what I want to do. If someone has an idea for me, I would be pleased.
EDIT
I can see why my DBs are not shared:
When I look at all my local DBs after running an html file I can see the following thing :
As we can see, the DBs come from the files _pouch_DB_NAME - file://
When I check my DB from the application running localy (localhost), I can see this :
The DB don't come from file but from localhost:8080
If you know how I can fetch doc from a local db in an app running in a server, it could be really helpful for me!
PouchDB is using IndexedDB in the browser, which adheres to a same-origin policy. MDN says this:
IndexedDB adheres to a same-origin policy. An origin is the domain, application layer protocol, and port of a URL of the document where the script is being executed. Each origin has its own associated set of databases. Every database has a name that identifies it within an origin.
So you have to replicate your local database to a central server in order to share the data. This could be a PouchDB Server together with your node app. You can also access PouchDB Server directly from the browser:
var db = new PouchDB('http://localhost:5984/patientDB')
As an alternative, you can use CouchDB or IBM Cloudant (which is basically hosted CouchDB).

Unable to proceed with Twilio Programmable Video Javascript

I am new to Twilio and facing few problems. I have downloaded twilio programmable video SDK Javascript version for my web app and it works pretty fine however I am unable to figure out how I can enable different users to create conversations and invite people. I want Many to Many relationship and don't know if twilio video supports it or not. Any help would be highly appreciated. Please share any tutorial as well.
Here is the code which i Got from Twilio website for JS/C#
public string generate_token()
{
string AccountSid = "SID";
string ApiKeySid = "APIKEY";
string ApiKeySecret = "APISECRET";
const string ConfigurationProfileSid = "klinik";
// Create an Access Token
var token = new AccessToken(AccountSid, ApiKeySid, ApiKeySecret);
// Set the Identity of this token
token.Identity = "example-user";
// Grant access to Conversations
var grant = new ConversationsGrant();
grant.ConfigurationProfileSid = ConfigurationProfileSid;
token.AddGrant(grant);
return token.ToJWT().ToString();
// Serialize the token as a JWT
// Console.WriteLine(token.ToJWT());
}
I am getting the following error on .ToJWT function in visual studio:
Error CS0012 The type 'JwtHashAlgorithm' is defined in an assembly that is not referenced. You must add a reference to assembly 'JWT, Version=1.3.3.0, Culture=neutral, PublicKeyToken=null'.
Twilio developer evangelist here.
It's difficult to help you any further as you haven't shared any code or anything you've tried.
The JavaScript quickstart is the best example of how to get started with the Video SDK. I recommend taking a look through the code to see how it is built.
To make many to many conversations, you just need to invite another user to an existing conversation or invite many users at one time. Make sure you invite them from all the existing participants as this is a peer to peer connection, so every user needs to create a connection with every other user. For that reason, it's not recommended to make many to many conversations of more than 4 people total (though you should test to see what kind of results you get).
Let me know if that helps at all.

Categories

Resources