Is there a kind of a superuser or admin for a pubsub service who can literally do everything for example a useful pubsub nodes use-case:
Delete a collection or a leaf node which has been created by another entity
This would be implementation specific, so it would have to be set in your server (providing your server supports such a user).
For example, in Openfire you would set the property
xmpp.pubsub.sysadmin.jid
Related
Can I create a walled garden allowing only my organisation's users/ clients to use my ejabberd instance/ service.
This includes registration of users done only by my backend and preventing other clients' users to register or access the server. Additionally users of another server can not be added by existing users.
This includes registration of users done only by my backend
Then probably limit mod_register using the options access_from and ip_access:
https://docs.ejabberd.im/admin/configuration/modules/#mod-register
And then write your custom web application that sends ReST or XMP-RPC queries to ejabberd's
https://docs.ejabberd.im/developer/ejabberd-api/#understanding-ejabberd-commands
and executes the "register" API command:
https://docs.ejabberd.im/developer/ejabberd-api/admin-api/#register
and preventing other clients' users to register
If you use your custom web to show a formulary, that's your duty.
or access the server.
Additionally users of another server can not be added by existing users.
You may want to disable S2S (server-to-server), so communication from/to your XMPP server to other XMPP servers is not allowed.
I am using a mobile application that connects directly to the database instance (Postgres), as such, I have to keep the ports open for traffic that is generated from the internet (4G, mobile app).
This mobile app (QFIELD, mobile version of QGIS) has a direct connection to the database, this is the reason why the database is reachable from the internet on a public ip but this is a critical issue for the security of the data and the requests that can be sent to the database.
I would like to proxy the requests so that the database is only available to local machines and not open for connections directly.
The mobile appp would send the request to an HTTP url which would send the request to the local ip and port, this way I would avoid to have the database exposed on the internet.
Ideally, I would like to go from this app (which uses a postgres connection string to connect to the server) to an HTTP server that routes the request locally, as such:
APP connects to https://myproxy/postgres
Request is proxied to a local server
Can I do this with Apache2? Any ideas?
At the moment I cannot write a middleware that proxies requests from the APP to the local postgres.
If your application is expecting to connect directly to a PostgreSQL database and you don't want to change that then you need to connect to something that "speaks" PostgreSQL's client protocol.
You can place a proxy such as pgbouncer or pgpool in front of it, but they aren't a guarantee of greater security just by themselves. This is the same problem as with any proxy - it is just forwarding requests and responses to your actual server so any vulnerability is still exposed.
What you can do is:
restrict the number of connections at the proxy point
restrict which users can connect non-locally to your PostgreSQL cluster
restrict where they can connect from to just your proxy
restrict those users permissions within the database(s)
That last point is particularly important - assume any user account your application can be used maliciously. Restrict the account to prevent mass updating or deleting of data. Also take special care to restrict access to other users' data.
If I was forced to allow access like this, I would want one PostgreSQL user account per actual user at the very least. In practice I wouldn't get to this point with a production application.
how does one connect to a distributed setup in orientdb. I have 3 servers cluster setup and running. They are communicating and data from one is available from the other. But how do I connect to them as a cluster in my program?
in mongo there is the connection URI :
mongodb://[username:password#]host1[:port1][,...hostN[:portN]][/[database][?options]]
is there something similar in orientdb? Currently, I connect to just one and insert my data but the program stops when this server stops for some reason. can I automatically have the program connect to one of the other servers and continue? All 3 are masters in this case, no replication servers.
You need to first authenticate the user, using basic auth, with the /connect/ API which will return the OSESSIONID as a cookie.
Then pass the OSESSIONID as a header to other APIs (in postman it is auto passed to other APIs).
Some of the OrientDB REST APIs require basic auth - they document it as "Requires additional authentication to the server."
I have an authentication server using oauth2.
I use it for :
Authentication from the other services, subscription, change and retrieve password etc.
As resource server to store and retrieve more users and groups informations. I have a ManyToMany relationship between users and groups.
Should I seperate the second part of functionalities of this app on another standalone service that will work as resource server only. And only keep the authentication part on the authorization server?
That way I could horizontally scale these two services separately.
Yes, the better idea would be to have the configuration as a separate standalone service running on cloud. With configuration server as a separate service you can add all the authorization and other sort of details like DB details, API details, messaging queue configuration etc, and get connected to N number of services.
In terms of MongoDb terminology what are
Bound Service
Service
in AppFog MongoDb service?
Is Bound Service the db name? Or is it the collection name?
A service means a running instance of a software (e.g. MongoDB). Its there and is running, but not related to any client process. You have no idea what endpoint or credentials it needs as your PAAS provider manages it.
Bound service means exposing service's endpoint to your app, with appropriate credentials. For example:
if(process.env.VCAP_SERVICES){
var env = JSON.parse(process.env.VCAP_SERVICES);
var mongo = env['mongodb-1.8'][0]['credentials'];
}
Here the App process's environment variable VCAP_SERVICES holds connection data of those services which have been bound to this App's process. Connection data is auto configured for you by PAAS provider, here mongo object has it already, you need not remember URL, Post, username, password etc for that service.
So, a service bound to your App has its connection data readily available to you, through the environment variable.
Refer to Appfog's docs on services here.