Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
I have been trying to integrate Sage Pay using their form integration but cannot get passed the infamous 5080 error. I have been through 10 days of back and forth with Sage support and thay have conceded that they can no longer help and are convinced it is an encryption issue. I have also trawled through the answers here and I cannot seem to get the solution. I have done many integrations using other systems before but the lack of feedback from the system is very frustrating makes debugging almost impossible
Things I can confirm:
- PHP Version 7.0.15, as part of Wordpress install
- passing unique VendorTxCode
- passing all required fields with live success & failure URLS
- passing VPSProtocal, TxType, VendorName and Crypt (confirmed by viewing network tool in Chrome aftre request fails)
- tried both test and live portal using the relevant keys and correct gateways
- had numerous showposts viewed by support and verified as correct format
- confirmed the encryption - supplied an unencrypted string to support, their escalation team encrypted the string and sent back encrypted string - used a string compare app to compare strings and they are identical
- I cannot seem to see Invalid transactions in portal as I dont have a transations tab to view and support said thay cannot even see the request attempst hitting the server.
They keep telling me its an encryption issue Any suggestions as how to best debug this or any unapparent solutions that helped others woudl be of great help - im not sure what is best to post here for you to see but I can as required
Many thanks
Log into My Sage Pay with your admin credentials, create a user and give that user permission to see transactions (etc - just click the lot!). Log in as that user and you will be able to see transactions. Look under Invalid, and you should see the reason.
Check you are using the correct encryption password. They are different for live / test
Failing that, post your unencrypted crypt string here - I will look at it and tell you where you are going wrong.
https://test.sagepay.com/gateway/service/vspform-register.vsp?VPSProtocol=3.00&TxType=PAYMENT&Vendor=sagepaylabs2&Crypt=#ba357b87773ffd296f15443bf65b10324d654c2177ee642055d1d112638ff4a22f1cf3656637dafcc437783ed2f091ddea0b6c6d703b2dfefc7196f85baaf6b6fdea618046b03d8b3ee3fa1594b31957e462d5fe58586ae997425f2f449f3cec21c1d82f9c025d2be1335159a552f000480909f0dba755260a5512a5d20e4b5e98b4e165c0dcaf2ecf7ec503a651ea7d8bb6cb35e9ac1f962f5876306060d188973d93a378750d72046ac2a3b34ef43d43cde9446c157b41ca9299f15ac6498996c4b5f471dd7e69df58c58a46fc567819462aaba78e51f712216bf7e1d5ae2712151144968e842c69ad3807eff0f44b1425ce5f06aa503d2469282720f5b39ec7612b3bf178341737adc8c0401247ecf12b3b5f37a5e9da23ec3a1b2db324cb4c1f4287c2c67ea1f7277b08355693f29162381b2dba77045291434f161d04d5bb07c70025eaa3f682d3701a81e8eb7d06b2485dc70df576adef9791fabb599a66f8c1fbfb84c820ff726eb64a1c721f09aa764e1cca12d05ce7ff8c9f89154c27b4aa57112a30062cbfd69bd2ae6dad591d006fce915aabd2ad9432ff75184de30a44fc50c52ced889982eeedaa1c52dcd2e86114fb8b1b914eb32cfd2e2d06f49a74f6e734cca20008d1b8f328281a
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I hope you're well, I need some orientation since I'm new to using the Cloud Messaging service of the Firebase suite.
Here I have 2 applications, myapp_client and myapp_admin. What happens is the following, with myapp_admin I publish information that I insert in the Firestore database and with myapp_client I read this information inserted in the Firestore database.
What I want is that once the myapp_admin application publishes this information then it sends a notification to the users of the myapp_client application who can then open it.
I've done some research and I haven't found a good documentation (even the official one) that would explain how to send notifications programmatically from the dart/flutter code without using Cloud functions (This is possible)?
Can you please guide me? I'm not asking you to give me solutions but to guide me to find the solutions I need to implement such an operation.
THANKS
What you are describing will certainly require you to listen for new snapshots from a collection of notifications in Firestore in a background process of myapp_client, and then trigger a local notification when new data is received by using a plugin like flutter_local_notifications. Here is a helpful article explaining how code execution in the background can be done in Flutter.
If you want the myapp_client app to receive the data published by myapp_admin as push notifications even when your app is in the background without executing code in the background, the only viable and tested solution that works really well with Flutter AFAIK, is using Cloud functions.
The description by Nikolai using the local notification package together with client subscriptions is a fine solution.
Out of curiosity, why do you want to avoid cloud functions?
Using CF is a quite straightforward way to do it.
admin write information to firestore
cloud function triggers with the onWrite function on collection/doc that match where your admin wrote the data.
cloud function use FCM to send push notification to a topic that your clients subscribe to, or to individual devices.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I've registered a GitHub account to test their email verification process. So:
They've sent me an email with a link, containing my username and 40-chars code, like:
https://github.com/users/USERNAME/emails/120066679/confirm_verification/47889d71648523e5d99db5b969f59809c2715fb6
I have not followed the link
4 days later, the've sent me another (a reminder), that I have to verify my email, containing link with another different 40-chars code
So, what was the purpose of changing 40-chars code? As I remember, other services, used to expire verification code anyway. If there is already a username in verification link, is there really a need to do that? In case of brute force, I can just count failed attempts related to specific user and block it, right?
P.S. Also interesting, what is the purpose of emails/120066679 in link? (which is similar for both letters)
There are several reasons why quick expiration of verification codes is the best practice.
If protection with a verification code is deemed appropriate, it's safest to make it not only complex enough but also valid for minimum amount of time. If you only make the code work for the time needed (usually really short), you diminish the risk of someone abusing it. (For example, someone could programmatically 'guess' the codes - the more time for this exercise, the higher chance for success.)
Also, it's not efficient to store data of this kind. It's used once, it doesn't contain any actual information and as soon as it's used, it's ready to be "thrown away". It's not a good practice to store anything that doesn't add value when stored.
In addition, it's fairly rare that users don't use the codes immediately/soon. For the small percentage of cases where the code expires by the time the user tries to use it, it's more efficient to generate new ones.
Well, the purpose of an email validation link is to make sure that you actually own the email. Most validation links simply contain some secret that they send out your way, only in the possession of which may you verify the email address.
The reason they changed the code is because it probably expires. In that case you could not activate the account, so they sent you another in case you'd like to continue.
What if they don't send out a secret like this then?
In that case there is nothing that prevents an attacker from "verifying" emails that they actually have no control over. They could just visit the url with the username plugged in and activate the account.
Normal users would not do this, but spammers might.
For the case of brute force:
If the secret is sufficiently random, and the keyspace is large enough, trying to guess it is a fool's errand.
We can assume this is a random 40 hex char number, which gives us:
16**40 == 1461501637330902918203684832716283019655932542976
possible values for it. It is safe to say that no one will guess this number in the near future.
This question already has answers here:
When should I use GET or POST method? What's the difference between them?
(15 answers)
Closed 9 years ago.
What is the difference between the GET and POST form method except one(GET) send data from URL and post send directly ?
And if i use SSL then should i choose only post since get wont work ?
There really is nothing different between GET and POST. While GET uses URL visibly, you should not think that POST data is hidden in anyway, as this could create false sense of security. While POST indeed hides data from URL, it's still there, exposing slightly less data to a casual observer.
Even if HTTPS is used, preventing the data from being intercepted in transit, the browser history and the web server's logs will likely contain the full URL in plaintext, which may be exposed if either system is hacked. In these cases, HTTP POST should be used.
GET is used to read data. It's mostly used in search strings and in actions, where you get data from end point and where you don't modify anything. Because it's visible in URL, you can bookmark it for later use, that's not possible with POST.
POST is used to create, update and delete data in end point. For example form data is supposed to be sent as POST.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I want to implement a simple in-house table that tracks user page views on my website. Without targeting some specific hypothesis, what is useful data to store? Eventually I'll use it to build graphs or decision trees to better learn about our user base. This is static (no javascript).
Things I can think of:
URL accessed
HTTP refer[r]er
HTTP Accept Language
Browser-agent
Session id
User id (if logged in)
Time visited
It depends on how public your site is. If your site requires authentication you can have more controlled statistics because you can trace the user (visitors) history. In the case the user does not require authentication you are limited to the information provided by the SERVER VARIABLES: HTTP_USER_AGENT; REMOTE_USER; REMOTE_ADDR; REMOTE_HOST; REMOTE_PORT; HTTP_COOKIE; HTTP_USER_AGENT.
I have implemented something like this for some non-public site each time the user logs on to the site, the information I'm storing looks like:
User Key
Remote host IP
Date Logon
Last Request Datetime
Total time connected (minutes)
Last Request Minutes
Event/Action performed
Sounds like a good start,
I'd be inclined to store visitor IP address, and derived from that via a geo ip lookup the location of the visitor.
Also you could consider reverse dns'ing the IP to get an idea of the isp you're user is on, you might never use it but then again it could be useful if you have a report of downstream caching causing problems.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I was asked to recall a message I sent out to remove some personal info from it and replace it with a generic made up person as an example.
Does message recall really work?
It's my opinion because you get told a message has been recalled it just causes you to want to find out what was in the original message. All you do is find someone who had already read it.
Can exchange server be adjusted to not tell users when a message is recalled or replaced?
What about bcc, recall doesn't seem to work on these and global emails tend to be the ones you really need to recall.
EDIT Also people with smartphones which is common now don't seem to get email retrieved from their phone either
In most cases, it's too late, it just let's me know there was an email you didn't want me to read.
Only works on unopened mail, for users of MS Exchange/Outlook.
read this blog post and comments for more information.
To add a bit of information, if the message is displayed in a preview pane, it is considered read making recalling impossible.
We did some testing just yeasterday and discovered that the recall feature is pretty lame. As mentioned above it is only recalled if it is unread (or unpreviewed). In the case where it has been read, the recall only makes the message MORE obvious. Not the desired effect by far.
Only works on unopened mail, local to the server you sent it on. (as far as I know, I suppose it could work on server farms/clusters too?)
If the recipient is offline and message is not delivered to his PST by the Exchange server, then RECALL works and you get the message accordingly.
Thanks & Regards,
Ajay
Yes it is true that the Recall This Message Outlook functionality very often does not work.
WinDeveloper just released a server-side solution for Excahnge 2007/2010. It works equally well for both emails addressed to local recipients and for emails sent to foreign recipients. For more details:
WinDeveloper vs Native Exchange Message Recalling
http://www.windeveloper.com/recall/recall_features.htm
Message Recalling Works! Here is how
http://www.windeveloper.com/recall/recall_howitworks.htm