Could someone please explain how to establish a connection between Python and IBM TM1 using the TM1py script.
TM1py is a Python library that acts as a wrapper around the TM1 REST API abstracting useful operations into a Pythonic API. You might want to be more specific about what you're trying to achieve.
As for how to connect, there are some examples in the tm1py-samples repository which show how a connection can be made as well as other useful snippets for getting started.
From TM1py samples using standard security. You obviously want to manage your secrets in a sensible way but here is the basic idea:
ADDRESS = "localhost"
PORT = 8009
USER = "admin"
PWD = "apple"
SSL = True
tm1 = TM1Service(address=ADDRESS, port=PORT, user=USER, password=PWD, ssl=SSL)
The instance tm1 of the TM1Service object will then allow to "do" things using the REST API.
How exactly you need to connect will also be governed by the security mode being used by your TM1 server. There is an overview of the different modes here
Related
I have an application using a PostgreSQL database with multiple backend-API's. Because we some times run out of connections, I would like to be able to identify which backend API has active connections in view pg_stat_activity. Is it possible to identify the connection from node pg-postgres?
What you see (in pg_stat_activity) is what you get. If none of those fields are helpful, then I guess the answer is no.
Aren't all the APIs pooled together through the same shared connections?
Application_name could help if you can convince node.js to set them per API. query text could help if you recognize what query text is from which API.
Actually am looking for a technical explanation for the thing that I am doing. am not an expert for orcaldb for nodejs.
I have a nodejs application used as API with Expressjs, connecting with the database is done with orcaledb single connection, BUT I am using user impersonation to make the connection to be able to take the user privileges in Oracle.
oracledb.getConnection({
user: dbConfig.user + ((user_Id === '') ? '' : '[' + user_Id + ']'),
password: dbConfig.password,
connectString: dbConfig.connectString
}
what am asking is;
Using the connection in this way do behave as Pool connection sense the user is changed every time, or its single connection. the main-user have got grant access for sub-user. main-user[sub-user].
any help is appreciated
BUT I am using user impersonation to make the connection to be able to take the user privileges in Oracle
The term for the feature you're using is "proxy authentication".
Using the connection in this way do behave as Pool connection sense the user is changed every time, or its single connection.
It's still a single connection. The two features are distinct: connection pool and proxy authentication. You can use either one independently or both together.
The idea behind the pool is to reduce the overhead associated with creating new connections (new process, memory allocation, etc.). Since you're working with an Express web server, chances are you're creating a multi-user application. That's the type of application that would benefit from a connection pool (as opposed to a job that runs every hour, for example).
There are several uses for proxy authentication, but one of the primary uses is identity preservation. In other words, rather than connect as a single generic user, you can proxy connect as the end user. This allows for better integration with security features such as roles and auditing.
To combine both, see the section of the doc on Pool Proxy Authentication.
I'm implementing an one-to-many multi-protocol server (+ clients) and I'd like to add 2-way security. Here's what I'd like to accomplish:
both client and server authenticate to each other in a secure way. there is no human interaction involved on the client side.
client's code checksum is validated on the server.
client's code may be written in an interpreted language (such as python or javascript), so I'd like to prevent the possibility to compromise the network after someone gains access to the client (this may be an overkill though, because my clients won't be executing anything on the server, just reporting the results of their actions)
How should I design the authentication flow? What techniques should I use/google for, or - on a lower level - what existing solutions could I try? (my prototype is written using node.js)
SSL can do authentication both ways. Out of the box, nothing special needed. One can even get the certificates for free (self-signed or from recognized CAs).
Client certificates can be used to distinguish clients if that's a need, similarly they can be used to prevent copies of clients that log in simultaneously.
What you fundamentally cannot do is prevent a smart malicious user from controlling a client in such a manner as that they reverse engineer how it interacts with the server and instead of running your intended client, run their own that still acts as if it is the real client but isn't.
The solution to the impossibility of trusting the client is to not let it do things that you have to trust it is running your code unaltered. That often means moving from a 2 tier model (heavy client - server) to a 3 tier model where the code that you want to run is kept on hardware you control, and only an (untrusted) user interfacing is pushed to the user controlled hardware.
I'm trying to create a Flash app with some real time functionality, and would like to use Redis' pubsub functionality which is a perfect fit for what I need.
I know that connecting to a data store directly from client is almost always bad. What are the security implications of this (since I'm not an expert on Redis), and are there ways to work around them? From what I read, there is a possible exploit of doing config sets and changing the rdb file location and be able to arbitrary overwrite files. Is there anything else? (If I don't use that particular redis instance for anything at all, i.e. no data being stored)
I understand the alternative is to write some custom socket server program and have it act as the mediating layer for connecting to redis and issuing commands -- that's the work I'd like to avoid having to write, if possible.
** Edit **
Just learned about the rename-command configuration to disable commands. If I disable every single command on the redis instance and leave only SUBSCRIBE and PUBLISH open, would this be good enough to run on production?
I think it would be a bad idea to connect directly your client to Redis. Redis offers an authentication system for a unique user only. It expects this user to be your server app.
From my point of view, directly exposing Redis is always a bad idea. It would allow anybody to access all of your data. This is confirmed by the Redis doc.
So you won't avoid adding or developing the server side of your app.
I am creating a TCP based game server for iOS, it involves registration and login.
Users will be stored as a collection in MongoDB.
when login is done, I generate a unique session id - How ?
I wanted to know what all data remains with node server and what can be stored in db.
data like session tokens, or collection of sockets if I am maintaining a persistent connection etc.
Node.JS does not have any sessions by default. In fact, there is a plug-in for managing sessions with MongoDB.
It's not clear that you really need sessions however. If you're opening a direct socket with socket.io, that is a defacto session.
Node.js itself does not manage sessions for you. It simply exposes an API to underlying unix facilities for Socket communication. HTTP in it self is a stateless protocol and does not have sessions either. SSH on the other hand is a stateful protocol, but I do not think either one would be good for you.
Creating a uniuqe ID is really simple, all you need to do is hash some data about the user. Their SHA(IP address + time + username). See: http://nodejs.org/api/crypto.html
One approach a lot of applications take is to create their own protocol and send messages using that. You will have to handle a lot of cases with that. And I myself have never dealt with mobile where you have serious connectivity challenges and caching requirements that are not a big problem on desktops.
To solve these problem, founder of Scribd started a company called Parse which should make it much easier for your to do things. Have a look at their website: https://parse.com/.
If you want to do some authentication however, have a look at Everyauth, it provides a lot of that for you. You can find it here: https://github.com/bnoguchi/everyauth/.