I am migrating some code to dml 1.4. Old code used the miss_bank parameter to handle miss read and writes and forward them to some other bank:
dml 1.2;
bank main_bank {
parameter miss_bank = $dev.forwrad_bank;
}
bank forward_bank {
// structure here
}
However the miss bank parameter is now deprecated in dml 1.4 so I have been trying to workaround this issue and get the same or similar behavior.
For this I overridden the io_access_memory function of my main_bank as follows
method io_memory_access(generic_transaction_t *memop, uint64 offset, void *aux_p) -> (bool) {
local bool success = default(memop,offset,aux_p);
if (!success){
log info,4:"Fowarding access to: %s", forward_bank.qname;
success = forward_bank.io_memory_access(memop,offset,aux_p);
}
return success;
}
This works fine for write/read access when there is a miss bank access they are forwarded to the specified bank. However I have noticed this does not work for set inquiry access. I get a log that says, for example "Unmapped inquiry write at 0xdeadbeef" but access is not forwarded to the next bank, seems like the default function returns true anyways.
Is this no longer supported in dml 1.4 and if so how could I work around this?
Related
I'm using BreezeJS and have a question regarding how data is saved. Here's my code and comments
[Authorize]
/*
* I want to point out the security hole here. Any Authorized user is able to pass to this method
* a saveBundle which will be saved to the DB. This saveBundle can contain anything, for any user,
* or any table.
*
* This cannot be stopped at the client level as this method can be called from Postman, curl, or whatever.
*
* The only way I can see to subvert this attack would be to examine the saveBundle and verify
* no data is being impacted that is not owned or related directly to the calling user.
*
* Brute force could be applied here because SaveResult contains Errors and impacted Entities.
*
*/
[HttpPost]
public SaveResult SaveChanges(JObject saveBundle)
{
return _efContext.SaveChanges(saveBundle);
}
To limit access to a callers ability to retrieve data I first extract from the access_token the user_id and limit all my queries to include this in a where clause, making it somewhat impossible for a user to retrieve another users data.
But that would not stop a rogue user who had a valid access_token from calling SaveChanges() in a brute force loop with incremental object ids.
Am I way off on this one? Maybe I'm missing something.
Thanks for any help.
Mike
The JObject saveBundle that the client passes to the SaveChanges method is opaque and hard to use. The Breeze ContextProvider converts that to a map of entities and passes it to the BeforeSaveEntities method. BeforeSaveEntities is a method you would implement on your ContextProvider subclass, or in a delegate that you attach to the ContextProvider, e.g.:
var cp = new MyContextProvider();
cp.BeforeSaveEntitiesDelegate += MySaveValidator;
In your BeforeSaveEntities or delegate method, you would check to see if the entities can be saved by the current user. If you find an entity that shouldn't be saved, you can either remove it from the change set, or throw an error and abort the save:
protected override Dictionary<Type, List<EntityInfo>> BeforeSaveEntities(
Dictionary<Type, List<EntityInfo>> saveMap)
{
var user = GetCurrentUser();
var entityErrors = new List<EFEntityError>();
foreach (Type type in saveMap.Keys)
{
foreach (EntityInfo entityInfo in saveMap[type])
{
if (!UserCanSave(entityInfo, user))
{
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden)
{ ReasonPhrase = "Not authorized to make these changes" });
}
}
}
return saveMap;
}
You will need to determine whether the user should be allowed to save a particular entity. This could be based on the role of the user and/or some other attribute, e.g. users in the Sales role can only save Client records that belong to their own SalesRegion.
Actually I have integrated CCAvenue JSP_Kit to my Lifreay portal 6.2. Till payment every thing is working properly that means after filling all the payment details and submitting no error is coming. But we are getting a response as null.
Below is the code of ReponseHandler.jsp.
encResp is coming null after payment or after cancel the request.
<%
String workingKey = "working key"; //32 Bit Alphanumeric Working Key should be entered here so that data can be decrypted.
String encResp= request.getParameter("encResp");
AesCryptUtil aesUtil=new AesCryptUtil(workingKey);
String decResp = aesUtil.decrypt(encResp);
StringTokenizer tokenizer = new StringTokenizer(decResp, "&");
Hashtable hs=new Hashtable();
String pair=null, pname=null, pvalue=null;
while (tokenizer.hasMoreTokens()) {
pair = (String)tokenizer.nextToken();
if(pair!=null) {
StringTokenizer strTok=new StringTokenizer(pair, "=");
pname=""; pvalue="";
if(strTok.hasMoreTokens()) {
pname=(String)strTok.nextToken();
if(strTok.hasMoreTokens())
pvalue=(String)strTok.nextToken();
hs.put(pname, pvalue);
}
}
}
%>
In the portal world you typically don't have access to the full and original HttpServletRequest. You can get access to it by calling
origRequest = PortalUtil.getOriginalHttpServletRequest(
PortalUtil.getHttpServletRequest());
This, of course, means that you're somewhat outside of the spec, however if you really need to communicate through servlet parameters, that might be your only option. I'd also recommend to add this code to a better testable/maintainable location - e.g. inside the Java Portlet class.
Here's the PortalUtil interface.
I'm trying to store a "Role" object and then get a list of Roles, as shown here:
public class Role
{
public Guid RoleId { get; set; }
public string RoleName { get; set; }
public string RoleDescription { get; set; }
}
//Function store:
private void StoreRole(Role role)
{
using (var docSession = docStore.OpenSession())
{
docSession.Store(role);
docSession.SaveChanges();
}
}
// then it return and a function calls this
public List<Role> GetRoles()
{
using (var docSession = docStore.OpenSession())
{
var Roles = from roles in docSession.Query<Role>() select roles;
return Roles.ToList();
}
}
However, in the GetRoles I am missing the last inserted record/document. If I wait 200ms and then call this function the item is there.
So I am not in sync. ?!
How can I solve this, or alternately how could I know when the result is in the document store for querying?
I've used transactions, but cannot figure this out. Update and delete are just fine, but when inserting I need to delay my 'List' call.
You are treating RavenDB as if it is a relational database, and it isn't. Load and Store are ACID operations in RavenDB, Query is not. Indexes (necessary for queries) are updated asynchronously, and in fact, temporary indexes may have to be built from scratch when you do a session.Query<T>() without a durable index specified. So, if you are trying to query for information you JUST stored, or if you are doing the FIRST query that requires a temporary index to be created, you probably won't get the data you expect.
There are methods of customizing your query to wait for non-stale results but you shouldn't lean on these too much because they're indicative of a bad design - it is better to figure out a better way to do the same thing in a way that embraces eventual consistency, either changing your model (so you get consistency via Load/Store - perhaps you could have one document that defines ALL of the roles in a list?) or by changing the application flow so you don't need to Store and then immediately Query.
An additional way of solving this is to query the index with WaitForNonStaleResultsAsOfLastWrite() turned on inside the save function. That way when the save is completed the index will be updated to at least include the change you just made.
You can read more about this here
How to execute GET method for SNMP of OID without passing the SNMP version.
As in my case, some of the devices respond to V1.0 and some for V2.0.
I have come acrossed in OIDVIEW , there is a "Automatic" SNMP version rather than passing version.
I know V3.0 requires password and username. where as in the case of V1.0 and V2.0 it is just community.
public static string GetData(string ipaddress)
{
string community = "private", response = "";
SimpleSnmp snmp = new SimpleSnmp(ipaddress, community);
if (!snmp.Valid)
response="ip address is invalid. -" + ipaddress;
Dictionary<Oid, AsnType> result = snmp.Get(SnmpVersion.Ver2,
new string[] { "1.3.6.1.2.1.1.1.0" });
if (result == null)
response=("No results received. -" + ipaddress);
else
{
foreach (KeyValuePair<Oid, AsnType> kvp in result)
response = kvp.Value.ToString();
}
return response;
}
I'm expecting something like SnmpVersion.Automatic along with SnmpVersion.Ver1 , Ver2 , Ver3
Is there a solution using snmpsharpnet or any other components?
If you spend some time on RFC documents such as RFC 3584,
https://www.rfc-editor.org/rfc/rfc3584
you will see that even v1 and v2c differ.
#SNMP is designed to be low level library and it does not attempt to be an application level stuff such as OIDVIEW. No detail should be hidden from the users, and that's why there is no "automatic".
"Automatic" is something outside of SNMP RFC documents. OIDVIEW might define it as an algorithm that picks up the most suitable version for users, but I don't see a need that #SNMP to support such vendor defined behaviors.
You can check out snmpsharpnet or other components of course.
Is there a way to programmatically determine if a SharePoint 2007 web application is using Forms authentication? I guess one way might be to read it from the web.config but I was wondering if there is some property exposed in the API.
Take a look at how /_admin/Authentication.aspx does it in Central Admin:
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
string g = base.Request.QueryString["WebAppId"];
this.webApp = (SPWebApplication) SPConfigurationDatabase.Local.GetObject(new Guid(g));
this.zone = (SPUrlZone) Enum.Parse(typeof(SPUrlZone), base.Request.QueryString["Zone"]);
this.lb_Zone.Text = SPHttpUtility.HtmlEncode(SPAlternateUrl.GetZoneName(this.zone));
SPIisSettings iisSettings = this.webApp.IisSettings[this.zone];
// CODE ELIDED
if (AuthenticationMode.Windows != iisSettings.AuthenticationMode)
{
if (AuthenticationMode.Forms != iisSettings.AuthenticationMode)
{
// CODE ELIDED
}
else
{
this.rdo_authForms.Checked = true;
}
// CODE ELIDED
}
}
The part you are interested in is where it uses iisSettings.AuthenticationMode to determine if it is Forms Auth or not. So the trick is to correctly obtain a reference to SPIisSettings that is relevant to your webapp and zone. Getting to that point is where all the work needs to be done.
You'll need to parameterize parts of this code so that information to identify and obtain references to the webApp and Zone are passed in.
See where it assigns his.rdo_authForms.Checked? that's how you know if it's using forms auth.
Also, this implies that you need to know which Zone of the web application you are looking at to see if Forms Authentication is enabled
Using Jon Schoning's answer, I came up with the following code to determine if the current authentication mode is forms:
if (SPContext.Current.Site.WebApplication.IisSettings[SPContext.Current.Site.Zone].AuthenticationMode == System.Web.Configuration.AuthenticationMode.Forms) { ... }