I am testing these "translate" and "google-translate-api" libraries, they are fantastic, I can translate to all google translate languages directly in react-native, but they can give me problems since it is unlimited and free.
I am building an application with a chat where people of different languages can chat and I am adding the option to translate the chats so that there can be a more fluid communication between people who speak different languages.
When reviewing the code of these libraries I realize that they call this URL: https://translate.googleapis.com/translate_a/single?client=gtx&sl=$%7Bfrom%7D&tl=$%7Bto%7D&dt=t&q=${ encodeURI(text)}`
This gives me the translated phrase as a result, in this way each user (client) can translate the chats directly from the application, but can calling that URL that is apparently free give me any problem?
This is not a legal forum. Nor should you rely on legal forums even if it were the case. Your best course of action is to consult a lawyer that has experience with IP and licenses.
Keep in mind that in general each license has its own caveat. And having available source code does not equal free-to-use as I heard some claim or assume. It is an incorrect assumption and can lead to trouble. Second caveat of license is when using multiple third-parties. Some apparently "free-to-use" licenses (and I say "apparently" as some have some conditions, i.e. not for commercial use) might not be compatible with other apparently "free-to-use" licenses. Again, consult a lawyer on how to handle such scenarios.
This is as far as any "legal advice" can go on this forum. TLDR: talk to a layer.
Related
I'm trying to secure my play application but I have no idea where to start. In play tutorial I have not found any chapter about that topic. As far as I see security topic is changing between play versions. So what are You guys using to secure Yours applications.
I'm new in Play so please forgive me if I'm asking obvious questions.
Edit:
Ok, maby question was't clear enough(I'm really sorry about that). When talking about security I mean that I need something to deal with users credentials and tool which allows me to restrict access to some pages and eventually to some rest actions in my application.
Edit2:
I'll try deadbolt2 now and we'll see how does it works. But I still encurage You guys to share Your knowledge about Play security with others:)
The documentation seems to still be a bit lacklustre on this topic, but essentially, authentication/authorisation functionality is usually performed using Action composition, which is the basis of reusable controller code in Play. There an example here (also linked from the docs that should help give you the general idea.)
Action composition in Play 2.2.x is done using ActionBuilders. These take a block which accepts a request and returns a Future[SimpleResult]. This allows the action builder to either execute the given block, or return a different Future[SimpleResult] (say, an Unauthorized in the case that a user's credentials did not check out.)
In our app we use the Play2-auth module for handling authentication with session cookies. This has (just) been updated to work with Play 2.2.x but uses a slightly different mechanism for action composition (stackable controllers.) You might be best off working out how the precise functionality you need can be accomplished just using the native framework tools before adding a dependency to it.
I agree with the other answers but just add that I use securesocial to integrate with other auth providers (google, FB, etc...), so I don't have to do auth myself. It's quite easy to get up and running.
https://github.com/jaliss/securesocial
Access control, security, etc. is a very wide topic, because it means very different things depending on context. This may be one of the reasons why Play has little documentation for it, which puzzled me at the beginning as well.
Play2 has some security helpers, namely it's the Authenticated method, for some insights on how to use it, check the comments in the source code. Its a simple method that you could implement yourself, and most do. It, essentially, just proposes a structure for where to place your methods that would check if request is authenticated and what to do if it's not.
Play2 also has some cryptography logic, which is used for signing cookies.
That's about it, you don't have any more pre-built security structures, but that's a good thing, because you don't want the framework making decisions like that for you, if it doesn't know in what context it will be used.
What is essential is to go and research how attacks relevant to your application are carried out, best practices and so on. I recommend going to OWASP, particularly the OWASP Cheat Sheets. If the list of Cheat Sheets seems intimidating start with the OWASP Top Ten Cheat Sheet. Don't mind the large volume of information, it's very useful knowledge.
I am investigating SCORM compliance as an option for a software project I am involved in. If this is too esoteric for SO, I am sorry - not sure where else to turn.
I am a little confused as to how the SCO (Sharable Content Object) reports a quiz score, for example, to the LMS. From what I can gather from the official documentation, this is to be done using using LMSSetValue function in the RTE API object, which is just a bunch of Javascript.
This seems wildly insecure to me, as it takes nothing to rewrite the values passed to the LMS this way.
My question is therefore, am I missing something? Are SCOs meant simply to not report such values to the LMS? It is my impression it is the only permitted mode of communication between SCOs and the LMS.
The JavaScript API is the way data is passed from the SCO to the LMS. Are there more secure ways to pass data? Sure. But the implementation is not brand-spanking new, remember. In addition, because of portability constraints, many of the most highly secure ways of passing data are not available to SCORM developers. Portability was the main priority of the standard, not security. There is a community of experts talking about what should replace SCORM. It's called Project Tin Can. And different ways of exchanging data, including cross-domain and server-side, are being discussed there.
I have been planning to build a Dentist Application for the use of the Dentist to add patients(with medical profiles...), organize visits, manage balance/fees....etc
I know Java, .NET( C#) (some windows forms), and Python. Do you have any suggestions with the language I should maybe start with and the framework and IDE that will make my life easier (and help me finish in a good amount of time). This program will be connected with a database of at least 1000 patients...
IDE's I am familiar with : eclipse, Netbeans, and Visual Studio.
I want suggestions with reason explanations (why would you favor C# over Java ....compatibility....etc)
Thanks,
It's not the database side, or even the programming environment, that will be the issue for a dental practice.
I consult for a dentist friend of mine, and the opportunity arose to sell him a fully-functional contact/document management application to run his patient database.
In the end, I couldn't in good conscience recommend my own application, because not being designed for the dental sector, it lacks the specialised interfaces with dental imaging systems.
Databases, appointments, invoices, etc, are easy.
But what a dentist needs is something that integrates with the dental records themselves - the X-ray images of teeth. It needs a simple UI, easily usable by the dental nurse while she works with the dentist while he has his hands in the patient's mouth.
We could have written a suitable graphical interface to an image library (imagine a diagrammatic representation of the teeth in their relative positions in the mouth, linked to the images themselves), but it wasn't worth it - especially as there are several highly specialised dental packages around already.
I suggest to start with some research on the subject (the dentist domain) and to make a decent functional design before you start to think about IDE's and languages.
And then try to figure out some other things:
For instance, will you make a SAAS or a windows client, do all your customers have internet access. Iis the sensitive patient data allowed to be stored on the web.
I believe that question is very relative to the person programming. I think as the developer you have to figure out where you would be most successful at or what you want to get out of the project. If you are using this project to make money then do what you are comfortable with. If you are using it to better yourself as a developer then pick a language you are less confident in.
The one thing I want to add, is remember PHI (Protected Health Information). So, you have to have patient privacy in mind when building an app like this.
If it were me... I would write something in .NET and use Visual Studio which works very well for windows forms. Windows forms would work very well in an office environment.
Just my 2 cents.
First introduce yourself to the business knowledge. Healthcare programs aren't written overnight and you have to take into account that you need to have a very secure application and probably also need to keep years of information (the program I was involved in in 2001-2002 had to keep 30 years of patient history due to Belgian law).
Choosing the technology is actually entirely up to you: what are you good at? Can you find already prebuild pieces of code or controls ...
You can write such an application in any of the languages you have mentioned.
Research the features you will need and the support you can expect from each language and the different available libraries.
You need to come up with a good design first (regardless of language/platform), and make sure you have all the requirements - how many people should be supported in the system, how many concurrent users, privacy of data, security features, access patterns etc...
You should probably use the language you are most comfortable with, in particular if the features you require have similar support in the different languages/frameworks.
I repeatedly find that establishing user requirements is one of the hardest parts of my job. This is for several reasons, for example, lack of shared technical vocabulary, incomplete understanding of domain on my part, inability of user to 'imagine' completed UI / product, etc etc.
Since this appears to be an ongoing challenge for me, has anyone here had a 'eureka' moment that has really helped them with this part of developing? For example, I have heard of the book 'Domain Driven Design', but not read it yet. Has anyone found a book, online resource of piece of advice that has really turned things around for them?
I won't aspire for eureka experience, however, if you are interested in DDD, which is about establishing common language for you and the users (among other things), than if you don't have access to the book, look for the Domain-Driven Design Quickly on DZone.
Generally speaking, any time user cannot imagine the thing and therefore state proper requirements, go for the prototyping (if you can). Recently I was pleased by really super simple tool which is a Firefox extension called Pencil, which enables easy and quite fast prototyping even for non-programmers. It is far from perfect, but it enables you to create own components and it is extensible.
Are you creating the user requirements on your own or are you actually interacting with the user to generate the requirements?
If you are creating a piece of software without a customer then starting with a simple high-level mock-up of what I want to create is where I will usually start and will formulate my User Requirements how I think a user would use the software.
If you have a customer I would suggest breaking the software into smaller modules (manageable chunks) and sitting down with the user to talk to them, step-by-step, how they want the module to function.
In my organisation, we have some very inefficient processes around managing requirements, tracking what was actually delivered on what versions, etc, do subsequent releases break previous functionality, etc - its currently all managed manually. The requirements are spread over several documents and issue trackers, and the implementation details is in code in subversion, Jira, TestLink. I'm trying to put together a system that consolidates the requirements info, so that it is sourced from a single, authoritative source, is accessible via standard interfaces - web services, browsers, etc, and can be automatically validated against. The actual domain knowledge is not that complicated but is highly proprietary and non-standard (i.e., not just customers with addresses, emails, etc), and is relational: customers have certain functionalities, features switched on/off, specific datasources hooked up - all on specific versions. So modelling this should be straightforward.
Can anyone advise the best approach for this - I a certain that I can develop a system from scratch that matches exactly the requirements, in say ruby on rails, grails, or some RAD framework. But I'm having difficulty getting management buy-in, they would feel safer with an off the shelf solution.
Can anyone recommend such a system? Or am I better off building it from scratch, as I feel I am? I'm afraid a bought system would take just as long to deploy, and would not meet our requirements.
Thanks for any advice.
I believe that you are describing two different problems. The first is getting everyone to standardize and the second is selecting a good tool for requirements management. I wouldn't worry so much about the tool as I would the process and the people. Having the best tool in the world won't help if your various project managers don't want to share.
So, my suggestion is to start simple. Grab Redmine or Trac and take on the challenge of getting everyone to standardize. Once you have everyone in the right mindset then you can improve the tools you use for storage.
{disclaimer - mentioning my employer's product}
The brief experiments I made with a commercial tool RequisitePro seemed pretty good me. Allowed one to annotate existing Word docs and create a real-time linked database of the identified requisistes then perform lots of analysis and tracking of them.
Sometimes when I see a commercial product I think "Oh, well nice glossy bits but the fundamentals I could knock up in Perl in a weekend." That's not the case with this stuff. I would certainly look at commercial products in this space and exeperiment with a couple (ReqPro has a free trial, I guess the competition will too) before spending time on my own development.
Thanks a mill for the reply. I will take a look at RequisitePro, at least I'll be following the "Nobody ever got fired for buying IBM" strategy ;) youre right, and I kinda knew it, in these situations, buy is better. It is tempting when I can visualise throwing it together quickly, but theres other tradeoffs and risks with that approach.
Thanks,
Justin
While Requisite Pro enforces a standard and that can certainly help you in your task, I'd certainly second Mark on trying to standardize the input by agreement with personnel and using a more flexible tool like Trac, Redmine (which both have incredibly fast deploy and setup times, especially if you host them from a VM) or even a custom one if you can get the management to endorse your project.