I am wondering if there is any way to be able to fetch the CDSID from a JWT?
I can get this information, as of now:
So this question is kind of related to this, might be able to add the CDSID to the JWT in the app manifest in some way? Otherwise I could just split on # but that doesn't feel to safe :P
Looking a bit more in the related question, the "upn" value actually is the user principle name. So I guess the solution could look like this:
var cdsId = user.Identity.Name.Split('#')[0]
Related
Okay. I know this question was a bit confusing, so let me decompose my question a bit further. For example, let's say I have the URL: https://example.com. I have an open GET endpoint at: https://example.com/user/* that will return a specific user's information based on what the contents of the "*" is. Lets say a specific user is at: https://example.com/user/12345. On an HTML page, I would like to put that user's profile contents and some of their hobbies. Again, this is theoretical. I have explored various solutions such as Handlebars.js which can dynamically change values based on the server request. However, this solution does not always work. Take a search engine for example at: https://mysearchengine.com/search?query=dogs. Here, we have a search query for dogs. How do I render all of the results to a HTML document without using a dynamic content module like Handlebars?
This question was particularly difficult to ask, so please do not mark this as "not enough information". I would be more than happy to clarify any questions you may have about the nature of my query. Thank you so much in advance,
Flight Dude.
Just wanted to let y'all know I found my answer: EJS. Thanks!
I have this code here, that I would like to initiate a Many to many connection with, I have the associations set. I do not have foreign keys, as from what I read that is not needed. Where I am stuck here, is how to actually connect the “book” to the “library”. I really would like someone to teach me how to do this instead of just giving me the answer, if that is all possible? Link to the Repo: https://github.com/Corey-Miller85/ManyToMany, The guide I am using to try to teach myself this is, https://sequelize-guides.netlify.com/many-many-associations/
The main part where I get stuck adding a book to the library, according to this article I should now have a method that would allow me to use “Library.addBook()” I have tried this, “Book.addLibrary” and so on with no luck. Does anyone have somewhere I can learn this better, or have someone explain it to me?
why do you think you don't have to set up any keys or foreign keys exactly? Plus this is an issue... when you use as: library_Book and name it the same on both sides of the relationship.. that doesn't really make good sense... in Book the as might make more sense like as: LibrariesForBook and in Library maybe something like as:BooksInLibrary so that your getters make sense... i think you should set up your primary keys and foreign keys and get the parent create working with models.Book.create() or whatever.. and then come back and show what you've done and we can help out with the include for that or another working method
I have used the brilliant JSONAware interface (with the method toJSONString) on jose4j so that I can add a complex JSON structure under a single claim - it generates just what I wanted the JWT to look like.
However now I'm trying to extract the same claim from the JWT, and there seems no built in way to reverse it. I was hoping for another interface (or a method on the same interface) with a method called fromJSONString or something that I could call with:
getClaimValue(String, JSONAwareImpl.class)
that then returned the class (my using the implementation of the method).
Any ideas on this? At the moment my only solution is to get the entire JWT in raw format and parse the entire thing to extract just my claim. It just seemed a little strange to be able to go one way and not back the other way, and wondered if I have just missed something?
Thanks.
I'm working on a simple search engine to let users filter professional profiles based on some criteria.
Let's say I'm looking for a profile able to speak two languages, italian(1) and spanish(2): a GET request could look like ...&languages=1,2&....
But, let's say I'm looking for a profile able to speak italian(1) very good(10) and spanish(2) quite good(9).
How to structure a GET request for this instance?
Easy as ...&languages[1]=10&languages[2]=9&...
Hey guys! Working on a new Cake app and wondering if there is anyway for me to remove the ID-in-URL routing from Cake. Perhaps by passing the ID in POST somehow? Having the ID passed in as a URL param just seems really shoddy and unsafe. Thanks!
"Shoddy"? It's standard practice and a perfectly fine solution to have ids in the URL. Look at the URL of your question:
http://stackoverflow.com/questions/4638262/removing-id-from-cakephp-url
^^^^^^^
id
Also, there's absolutely nothing unsafe about showing an id in a URL. It's just a number that doesn't mean anything. If a user can do something "bad" only by knowing this id, your app is broken and insecure, not the id-passing mechanism.
Trying to work around this scheme means working around the fundamental principle of the HTML protocol and opens up a whole new can of worms.
Some people prefer using slugs instead of primary key ids. This is the removing-id-from-cakephp-url part of the URL from this page. Take a look at the SluggableBehavior.
However, slugs can change. Hence, having the primary key in your URL is useful if you want to have a permalink. StackOverflow does both so that it can support both permalinking from other sites, as well as for SEO reasons. :)
Regarding security issues, I guess the other answers have already pointed out that there are other ways to make your application secure.
Why do you care? URL-s are optimized for SEO reasons, an ID won't matter if it's ain't too long. If the latter, consider using a shorter one with numbers and letters in them instead, it will be as difficult to guess as a long one with just numbers.
If you are not using GET and you do not supply the params in the URL, your users won't be able to copy-paste the location.