I am managing an existing FIX client application that uses QuickFIX library to connect to various FIX servers.
When a user wants to connect and login an account to server, the client app uses separate connection with its own configuration (.cfg) file. App currently does not allow to connect multiple users that means to create multiple connections with separate accounts.
My question is if there is a possibility to connect and login multiple separate accounts (users with different usernames and passwords) under single connection to FIX server?
Thanks for any advice.
P.S.: I now that there can be multiple sessions under one connection but sessions must be linked with single master account and that is not what I want.
Related
We have user data which is present in a single mongoDB. Multiple applications are using this database for user authentication.
The current method for the authentication is when the user signs in any application for the first time, data is fetched from parentDB and saved it respective local application db. The flaw with this method is when the user gets altered in parentDB, local copy needs to be synced.
Another method that we tried was writing the model definition in all the applications and connecting to parentDB of which the flaw is changing the model definition in all the applications if their is any change
What would be the suggested method for maintaining such user management ?
I would move authentication to separate server connected to parent db, and make all user management also request authentication server. Can also proxy authentication from app server to authentication server, so from outside it still looks like each app has its own auth.
I'm getting into the world of fullstack development and I'm trying to develop app which front is completely separated from backend (front is being served from node server and backend is java).
Now, the issue - how should I get about securing my app?
I'd like to have many fronts and many backend instances connected through load balancers and I'd like to keep all the state on client, so I can without any issue switch to another backend server and continue as nothing happened.
Currently I'm using OAuth2 tokens but I'm concerned about security and stealing the tokens, which are completely stored in cookie on user side. Also, The app (obviously) stores those tokens somewhere, so another instance of my backend app wouldn't accept the token. In best case scenario I can implement some mechanism that would automatically request a new one and in worst case I'd have to login again. I don't want that to happen.
Also, here I have a problem with social auth. Allright, I'm receiving token from Google on front, but giving it to backend and creating a user there is major pain, I have to write a lot of code manually to create such user and save it.
And again, I'm not certain about security level of this solution.
So the question is basically - currently, what is the best way to secure an app which should have completely separate front and backend, which would have no issue with switch backend server between requests?
As regards tokens being stolen from the Client: you can't do anything about this. It is up to the client to protect themselves. What I mean is, if you need a username and password to access a service, and the Client is infected with a key-logger, and a hacker steals those credentials, there is nothing you can do on the server side to protect against this.
As regards your idea of multiple back-ends, this is a common feature of any system with multiple application servers. For example, if you have multiple web servers and want any request to be routable to any server. For this, you need a central database which stores any information which needs to be shared. It's slower, obviously, but much more resilient.
I am building an application in which front end is iPhone and I am using ROR as my backend with mongoDB as my database. It is a kind of chatting application for which I am using jabber protocol and XMPP server. Now I want that when a user is created in my rails app, the same user should be created on the XMPP server. Any help would be much appreciated.
The ideal situation is to have only a single source for users and configure your XMPP server to use that same service.
For example it is common to have an XMPP server authenticate against LDAP, then all user management is delegated to the LDAP server. The XMPP server doesn't handle user management at all, but defers any user related queries to LDAP.
This would ultimately be more reliable than trying to keep two separate systems in synch. If the user management in your case is custom (which it appears to be), it might mean you will also have to add a custom module/plugin to your XMPP server (you haven't mentioned which one you are using) to use that service.
I have a web application using XMPP for chatting. The only real problem is that users have to create their own XMPP account on the right server. I'd like to automate this process.
How do I automatically create a new XMPP account for a new user ? How do I know what address can be used or not for the account ?
There are a few different approaches:
Have the client register in-band. They can then choose their username themselves.
Connect to an existing user database, or interface with it directly.
The server might have some CLI or Web-based management tool that can be used.
As ggozad wrote, use the Add user command defined by Service Administration.
You need to implement (and your server to support) XEP-0133 Service Administration and in particular the add user command. You can create random user ids or generate them with some logic and store them somehow to check for uniqueness. The get-registered-users command might also be of help.
I'm building a live chat using JSJaC and ejabberd . It's all working except that all site visitors are given the account 'guest'. If two visitors try to livechat at the same time the responses get muddled or the first user is logged out.
I can randomly set the guest name but then I need to check whether that name is registered or auto-register and hope it hasn't been registered before. I tried assigning each login to a random resource name but this still merged the conversations.
In short i'm looking for the easiest way to allow multiple anonymous logins to start individual conversations with the livechat account. Even better (but optional) if the livechat could round-robin to a different user when the primary livechat account is in a chat.
The solution can be web-client or server based, I don't care since I control both (and ejabberd supports various modules).
BTW, when I try to auto-register a registered account the JSJaC simpleclient demo returns:
An error occured:
Code: 409
Type: cancel
Condition: conflict
I haven't established yet if this is something I can ignore or override with a custom client or server setup. I suppose I could just detect this error and try again without auto-register but I'd like to hear better/easier options.
Try enabling anonymous login mode on your ejabberd server? Then you don't have to register the client accounts, just pick any random username and password and ejabberd should accept them...
I guess you can use external authentication in ejabberd
I'm in the same situation: I want anonymous users to be able to login in the server, but some special users also be able to login for adiminstrative tasks...
So I decided to write a php script as an authentication handler for ejabberd.
Then it will accept all logins with the name starting with anon_*
and authenticate other users against a database.
We had a similar issue in a project - we wanted users to be able to login without requiring any account creation or clashes - auto-registration would not work for us because names could clash. In the end we chose anonymous login with SASL authentication in ejabberd - it allows anonymous login and dynamic account creation and I believe the accounts do not stay on the system (they are alive only whilst the connection is open), however from what I remember the server will generate a random ID for the user.
The GUID JID problem might be able to be solved with the use of Nicknames
Set up SASL
Ejabberd Support Page - SASL
If you can't get ejabberd's anonymous mode working, you might try creating a GUID for each user's base name, and just registering the user on the fly. You'll want to have a periodic script that deletes old unused accounts from the database.