Does IBM Domino track the last login date for web users(UserName/Password and internet certificate)? I know the access logs contains this information but wanted to know if there may be something built into Domino (maybe in Address Book). Trying to come up with a method to disable web accounts that have not accessed a domino server in a specified time period.
Thanks,
Kev
The User Activity area in the Database Properties picks up from the log.nsf, which is where this information is stored. But, typically, the log.nsf will only have a few days' worth of information. When I've had this requirement before, I've manually captured it via a custom login page or an initUser function I've had in applications.
One of the easiest solutions is to trigger an action from a live web page that generates a database.nsf?openagent event.
like:
or
Ideally you've use the openagent to print a content type and a response, but if you don't browsers do pretty well with invalid responses from servers.
inside your "myagent" you will have the users name available to you to write it to a document.
Your next challenge will be in getting the agent to trigger, but, not too often, ideally only on login.
When a user uses a custom login form it submits the username/password and redirection url in POST method. You could change that to ...?openagent&nexturl=/blablabla.nsf
Your tiny little agent would run one and only one time upon login and update a document in a your custom logging database.
That's a developer's solution.
There are also admin solutions. The server does keep track of active web sessions, but, it does not drop them into the log.nsf like it does upon session ending for a notes session. I don't think it would be too much work from an admin standpoint to get that information there are a lot of event triggers available to you. It's just been way too long since I worked on any server that anyone cared about statistics.
Related
I have developed a chatbot using Microsoft BotFramework and node.js and deployed it in webchat. As per this documentation, it is written that the bot's secret 's' can be replaced with a temporary token 't' which is valid for one conversation only.
But the problem is the life span of this token is 30 minutes and within this time window, if some intruder accesses the entire URL: "https://webchat.botframework.com/embed/YOUR_BOT_ID?t=YOUR_TOKEN_HERE&userid=some_user_id" then it is just a child’s play for him to get all of the user’s data because it mimics the chat of the actual user in the other machine.
Is there anything in the BotFramework (apart from DirectLine) that can be done that restricts the URL with the same token to be opened in another machine?
There is an issue on GH which is facing the same event with you, and with the comments, we can found that this situation will not be changed currently.
However, we can get some hints from the comment:
Ultimately, you can't hide the secret/token from clients.
If you want to remove it from the URL, you can host the JS control on your own.
If you want to remove it from page source, you can pass the value in a cookie >and read it in JS in your webpage.
However, in all cases, the value will be available in memory.
I think you can build another simple web site yourself as the bridge from the iframe and yout bot application. You can restrict your user whether is unique in this website's session. And also you can verify your user before instantiate the Bot WebChat.
I have just set up and created by first ever SharePoint development effort: a project for a web part, to be hosted in a SharePoint Online instance (my Office 365 trial).
I have figured out how to use the List API to pull the content I am supposed to present, being a rotating list of banner images, but I have one remaining concern. I would like to keep track of where in the list I am, and when last I changed images. Another question of mine answers this quite nicely if I go with local storage, but is there any SharePoint REST or JSOM API I can use to persist this state in the SharePoint service?
I like the local storage answer, but you could also write the state information to another SharePoint list.
Keep track of the information on a per user basis (probably against their user ID, since they'll likely be authenticated) and have send an AJAX request or a JSOM request without any visible callback behavior each time the viewer's state changes (maybe even use a web worker for users that support them).
Writing info to SharePoint lists isn't the fastest operation in the world, so it's possible you could have the banner rotate, the request fire, and the user close the browser before the request was complete -- but in that case they would just wind up on the same slide they were at before (so just repeating the last step in the rare occassion where this happens).
I m working with xpages for following scenario.
I have one agent that will update the value to one of the field of datasource from notesview. sometimes, while one user is opening the datasource via xpage and other user run the agent in the same time. at that time, agent can run and update the field of datasource. but from the xpages side, we can catch the exception for the document is modified by other user and cannot save the xpages.
i would like to prevent this from agent side. i would like to know whether there is a way to know that document is opened by one of the user from agent side, so that agent wont update the value to that datasource.
thank for your help.
First of all: mixing agent and XPages is more trouble than it is worth, you are better off converting your agent code into a Java class (and pay the technical debt accumulated over time in the agent).
One BIG reason: an agent and XPages do not share anything other than the document in memory (if handed over) on that one user's session.
If you launch the agent from an XPage: you can use an ApplicationScope variable (e.g. a java.util.HashMap) that you fill with the unid and username when a user opens a document. Before you launch that agent, you check the scope if the unid is inside with a different username. If yes, don't run the agent.
You need to build a mechanism to expire and renew these locks otherwise you end up with dead lock entries.
If the agent is launched directly or on schedule things get a little more complicated. You could implement a web service servlet that handles the locks since both XPages and agents can talk to a web service.
Hello I'm developing a web app where the user needs to verify that they are the "Owner" of the website. I know there is code verification but how would I check if that verification is on their site without over complicating the verification method?
Also, I'm thinking about giving the site owner an hour to verify, how would I automatically detect if the hour is over and be able to delete them from the database?
The way Google or Yahoo do this is to require the webmaster to create a file with a special cryptic name (the file length can be 0), which is generated by Google/Yahoo. Could be something like "dsaa6fd4sgfdsf324gd.html". So you generate such a unique (name) string for each websit eto be verified, store it in the DB, and then you go and try to GET it from that site. If the GET succeeds you can set "verified=true" in the DB for that site and file name.
To answer the 1hr question we'd have to know what technology you are using. There are many options to run timed background jobs from a web application. Usually you write the job details into the database, and have a background daemon check the DB periodically and execute any pending jobs. You could tell it (that daemon) to execute a job one hour later to see if the file (see above) exists. Well, you have to do it that way in any case, it's no use simultaneously telling the webmaster to create that file and check for it right away :)
I'm in charge of a Sharepoint collection, and a user asks this. Is it possible that when a user creates an item, some fields are automatically filled with some info, such as email address and location?
Authentication uses Active Directory, so every user is identified when using Sharepoint. The only issue is that, being in a big corporate company, I don't have any access to the server, so it must be feasible through configuration of said site/list or using Sharepoint Designer, but I can't and won't be allowed to deploy anything server side.
Any idea?
With your limitations, your best bet would be a combination of ajax (I suggest jquery) and sharepoint webservices (if necessary), you need to do a XmlHttpRequest in the userdisp.aspx page, if this page has all the info you need, then get it, otherwise, get the currently logged account and use it to query the webservices (this part I'm not sure if theres a method that will return this info).
This all works using only the browser (Content Editor WebPart) or the SharePoint Designer client.