Search Results

Search found 12426 results on 498 pages for 'selectors api'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 46/498 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

  • GPL vs plugin interfaces not designed with a specific application in mind

    - by Kristóf Marussy
    I am not seeking or in need of legal advice, but an interesting though experiment came to my mind. Imagine the following situtation (I cannot really think about a concrete example and I am unsure if a real manifestation even exists): there is a free (libre) api A licensed under some permissive license or even LGPL. Non-free application B implements this api in order host plugins, but there are other free software doing the same thing. Moreover, there is plugin C acting as a plugin under api A. It links to library D, that is under GPL, so C is also under GPL. Plugins using A are loaded into hosts via a dlopen-like mechanism and use complex data structure for host-plugin communication. Neither B nor C distribute any files that may be required for A to function properly (like headers containing the structure definitions of A or dynamic libraries containing helper functions for A written by the authors of A), but such things may exist. Now some user installs application B and plugin C on his machine, along with anything that may be required for api A to function properly. Then he proceeds and loads C into B and creates some intellectual property with B which is not a piece of software. Did a GPL violation happend at some point, and if so, who violated GPL and why? The authors of C violate D's license by making C possible to be used in non-free host B? This is a possibility because they can't give and exception of GPL (like one described in http://www.gnu.org/licenses/gpl-faq.html#GPLPluginsInNF or http://www.gnu.org/licenses/gpl-faq.html#LinkingOverControlledInterface) due to D's license terms. The authors of B violate C's and D's license by making C possible to be loaded in B? This is a possibility because http://www.gnu.org/licenses/gpl-faq.html#NFUseGPLPlugins disallows the mechanisms A uses for communitation between the free and non-free modules. The authors of A, because the api may be used (and in this case, was used) for communication between GPL'd and non-free software. This would be extremely absurd. The user, because at the moment of loading B into C, he made a derived work of C. I think this is impossible, because he does not distribute it. But would the situation change is he decided to release a configuration file of B which makes B load C as a plugin? Nobody, because A counts as a 'system library', and both B and C directly interact only with A, not eachother. In a sane world, this would happen... A concrete example of A could be some kind of audio (think LADSPA) or image processing api. However, I could find no such interface (that is free software, generic and is also implemented by commercial tools). A real-world example could also be quite enlightening.

    Read the article

  • RESTFul: state changing actions

    - by Miro Svrtan
    I'am planning to build RESTfull API but there are some architectural questions that are creating some problems in my head. Adding backend bussiness logic to clients is option that I would like to avoid since updating multiple client platforms is hard to maintain in real time when bussiness logic can rapidly change. Lets say we have article as a resource ( api/article ), how should we implement actions like publish, unpublish,activate or deactivate and so on but to try to keep it as simple as possible? 1) Should we use api/article/{id}/{action} since a lot of backend logic can happen there like pushing to remote locations or change of multiple properties. Probably the hardest thing here is that we need to send all article data back to API for updating and multiuser work could not be implemented. For instance editor could send 5 seconds older data and overwrite fix that some other journalist just did 2 seconds ago and there is no way that I could explain to clients this since those publishing an article is really not in any way connected to updating the content. 2) Creating new resource can also be an option, api/article-{action}/id , but then returned resource would not be article-{action} but article which I'am not sure if this is proper. Also in server side code article class is handling actuall work on both resource and I'm not sure if this goes against RESTfull thinking Any suggestions are welcomed..

    Read the article

  • What layer to introduce human readable error messages?

    - by MrLane
    One of the things that I have never been happy with on any project I have worked on over the years and have really not been able to resolve myself is exactly at what tier in an application should human readable error information be retrieved for display to a user. A common approach that has worked well has been to return strongly typed/concrete "result objects" from the methods on the public surface of the business tier/API. A method on the interface may be: public ClearUserAccountsResult ClearUserAccounts(ClearUserAccountsParam param); And the result class implementation: public class ClearUserAccountsResult : IResult { public readonly List<Account> ClearedAccounts{get; set;} public readonly bool Success {get; set;} // Implements IResult public readonly string Message{get; set;} // Implements IResult, human readable // Constructor implemented here to set readonly properties... } This works great when the API needs to be exposed over WCF as the result object can be serialized. Again this is only done on the public surface of the API/business tier. The error message can also be looked up from the database, which means it can be changed and localized. However, it has always been suspect to me, this idea of returning human readable information from the business tier like this, partly because what constitutes the public surface of the API may change over time...and it may be the case that the API will need to be reused by other API components in the future that do not need the human readable string messages (and looking them up from a database would be an expensive waste). I am thinking a better approach is to keep the business objects free from such result objects and keep them simple and then retrieve human readable error strings somewhere closer to the UI layer or only in the UI itself, but I have two problems here: 1) The UI may be a remote client (Winforms/WPF/Silverlight) or an ASP.NET web application hosted on another server. In these cases the UI will have to fetch the error strings from the server. 2) Often there are multiple legitimate modes of failure. If the business tier becomes so vague and generic in the way it returns errors there may not be enough information exposed publicly to tell what the error actually was: i.e: if a method has 3 modes of legitimate failure but returns a boolean to indicate failure, you cannot work out what the appropriate message to display to the user should be. I have thought about using failure enums as a substitute, they can indicate a specific error that can be tested for and coded against. This is sometimes useful within the business tier itself as a way of passing via method returns the specifics of a failure rather than just a boolean, but it is not so good for serialization scenarios. Is there a well worn pattern for this? What do people think? Thanks.

    Read the article

  • Implicit OAuth2 endpoint vs. cookies

    - by Jamie
    I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL). The web app is completely javascript based and is quite similar to the native clients anyway - except it currently does not work offline. What I'm hoping to do is merge the fragmented APIs into a single restful API. The web app currently authenticates by issuing a cookie to the client whereas the native clients work using a custom HMAC access token implementation. Obviously a public/private key scenario for a javascript app is a little pointless. I think the best solution would be to create an OAuth2 endpoint on the API (like Instagram, for example http://instagram.com/developer/authentication/) which is used by both the native apps and the web app. My question is, in terms of security how does an implicit OAuth2 flow compare (storing the access token in local storage) to "secure" cookies? Presumably although SSL solves man in the middle attacks, the user could theoretically grab the access token from local storage and copy it to another machine?

    Read the article

  • How to document experimental or incomplete APIs like @deprecated?

    - by Michael Levy
    Is there a good term that is similar but different than "deprecate" to mean that a method or API is in the code base but should not be used because its implementation is not complete or will likely change? (Yeah, I know, those methods shouldn't be public, yada yada yada. I didn't create my situation, I'm just trying to make the best of it.) What do people suggest? Experimental, Incomplete, something else? If I'm building javadoc documentation for this API that is still in flux, should I use the @deprecated tag or is there a better convention? To me @deprecated implies that this API is old and a newer preferred mechanism is available. In my situation, there is no alternative, but some of the methods in the API are not finished and so should not be used. At this point I cannot make them private, but I'd like to put clear warnings in the docs.

    Read the article

  • How Can I create different selectors for accepting new connection in java NIO

    - by Deepak
    I want to write java tcp socket programming using java NIO. Its working fine. But I am using the same selector for accepting reading from and writing to the clients. How Can I create different selectors for accepting new connection in java NIO, reading and writing. Is there any online help. Actually when I am busy in reading or writing my selector uses more iterator. So If more number of clients are connected then performance of accepting new coneection became slow. But I donot want the accepting clients to be slow // Create a selector and register two socket channels Selector selector = null; try { // Create the selector selector = Selector.open(); // Create two non-blocking sockets. This method is implemented in // e173 Creating a Non-Blocking Socket. SocketChannel sChannel1 = createSocketChannel("hostname.com", 80); SocketChannel sChannel2 = createSocketChannel("hostname.com", 80); // Register the channel with selector, listening for all events sChannel1.register(selector, sChannel1.validOps()); sChannel2.register(selector, sChannel1.validOps()); } catch (IOException e) { } // Wait for events while (true) { try { // Wait for an event selector.select(); } catch (IOException e) { // Handle error with selector break; } // Get list of selection keys with pending events Iterator it = selector.selectedKeys().iterator(); // Process each key at a time while (it.hasNext()) { // Get the selection key SelectionKey selKey = (SelectionKey)it.next(); // Remove it from the list to indicate that it is being processed it.remove(); try { processSelectionKey(selKey); } catch (IOException e) { // Handle error with channel and unregister selKey.cancel(); } } } public void processSelectionKey(SelectionKey selKey) throws IOException { // Since the ready operations are cumulative, // need to check readiness for each operation if (selKey.isValid() && selKey.isConnectable()) { // Get channel with connection request SocketChannel sChannel = (SocketChannel)selKey.channel(); boolean success = sChannel.finishConnect(); if (!success) { // An error occurred; handle it // Unregister the channel with this selector selKey.cancel(); } } if (selKey.isValid() && selKey.isReadable()) { // Get channel with bytes to read SocketChannel sChannel = (SocketChannel)selKey.channel(); // See e174 Reading from a SocketChannel } if (selKey.isValid() && selKey.isWritable()) { // Get channel that's ready for more bytes SocketChannel sChannel = (SocketChannel)selKey.channel(); } } Thanks Deepak

    Read the article

  • Implementing a modern web application with Web API on top of old services

    - by Gaui
    My company has many WCF services which may or may not be replaced in the near future. The old web application is written in WebForms and communicates straight with these services via SOAP and returns DataTables. Now I am designing a new modern web application in a modern style, an AngularJS client which communicates with an ASP.NET Web API via JSON. The Web API then communicates with the WCF services via SOAP. In the future I want to let the Web API handle all requests and go straight to the database, but because the business logic implemented in the WCF services is complicated it's going to take some time to rewrite and replace it. Now to the problem: I'm trying to make it easy in the near future to replace the WCF services with some other data storage, e.g. another endpoint, database or whatever. I also want to make it easy to unit test the business logic. That's why I have structured the Web API with a repository layer and a service layer. The repository layer has a straight communication with the data storage (WCF service, database, or whatever) and the service layer then uses the repository (Dependency Injection) to get the data. It doesn't care where it gets the data from. Later on I can be in control and structure the data returned from the data storage (DataTable to POCO) and be able to test the logic in the service layer with some mock repository (using Dependency Injection). Below is some code to explain where I'm going with this. But my question is, does this all make sense? Am I making this overly complicated and could this be simplified in any way possible? Does this simplicity make this too complicated to maintain? My main goal is to make it as easy as possible to switch to another data storage later on, e.g. an ORM and be able to test the logic in the service layer. And because the majority of the business logic is implemented in these WCF services (and they return DataTables), I want to be in control of the data and the structure returned to the client. Any advice is greatly appreciated. Update 20/08/14 I created a repository factory, so services would all share repositories. Now it's easy to mock a repository, add it to the factory and create a provider using that factory. Any advice is much appreciated. I want to know if I'm making things more complicated than they should be. So it looks like this: 1. Repository Factory public class RepositoryFactory { private Dictionary<Type, IServiceRepository> repositories; public RepositoryFactory() { this.repositories = new Dictionary<Type, IServiceRepository>(); } public void AddRepository<T>(IServiceRepository repo) where T : class { if (this.repositories.ContainsKey(typeof(T))) { this.repositories.Remove(typeof(T)); } this.repositories.Add(typeof(T), repo); } public dynamic GetRepository<T>() { if (this.repositories.ContainsKey(typeof(T))) { return this.repositories[typeof(T)]; } throw new RepositoryNotFoundException("No repository found for " + typeof(T).Name); } } I'm not very fond of dynamic but I don't know how to retrieve that repository otherwise. 2. Repository and service // Service repository interface // All repository interfaces extend this public interface IServiceRepository { } // Invoice repository interface // Makes it easy to mock the repository later on public interface IInvoiceServiceRepository : IServiceRepository { List<Invoice> GetInvoices(); } // Invoice repository // Connects to some data storage to retrieve invoices public class InvoiceServiceRepository : IInvoiceServiceRepository { public List<Invoice> GetInvoices() { // Get the invoices from somewhere // This could be a WCF, a database, or whatever using(InvoiceServiceClient proxy = new InvoiceServiceClient()) { return proxy.GetInvoices(); } } } // Invoice service // Service that handles talking to a real or a mock repository public class InvoiceService { // Repository factory RepositoryFactory repoFactory; // Default constructor // Default connects to the real repository public InvoiceService(RepositoryFactory repo) { repoFactory = repo; } // Service function that gets all invoices from some repository (mock or real) public List<Invoice> GetInvoices() { // Query the repository return repoFactory.GetRepository<IInvoiceServiceRepository>().GetInvoices(); } }

    Read the article

  • Oracle HRMS API – Update Employee

    - by PRajkumar
    API - hr_person_api.update_person Example --   Before Firing Update API -- Middle Name and Status is NULL lets update Middle Name and Status     DECLARE     -- Local Variables     -- -----------------------     ln_object_version_number       PER_ALL_PEOPLE_F.OBJECT_VERSION_NUMBER%TYPE  := 7;      lc_dt_ud_mode                            VARCHAR2(100)                                                                                     := NULL;      ln_assignment_id                       PER_ALL_ASSIGNMENTS_F.ASSIGNMENT_ID%TYPE          := 33564;      lc_employee_number                 PER_ALL_PEOPLE_F.EMPLOYEE_NUMBER%TYPE               := 'PRAJ_01';        -- Out Variables for Find Date Track Mode API     -- ----------------------------------------------------------------     lb_correction                                  BOOLEAN;      lb_update                                        BOOLEAN;      lb_update_override                      BOOLEAN;       lb_update_change_insert           BOOLEAN;    -- Out Variables for Update Employee API     -- -----------------------------------------------------------      ld_effective_start_date                       DATE;      ld_effective_end_date                        DATE;      lc_full_name                                         PER_ALL_PEOPLE_F.FULL_NAME%TYPE;      ln_comment_id                                    PER_ALL_PEOPLE_F.COMMENT_ID%TYPE;       lb_name_combination_warning    BOOLEAN;      lb_assign_payroll_warning             BOOLEAN;      lb_orig_hire_warning                        BOOLEAN; BEGIN     -- Find Date Track Mode     -- --------------------------------      dt_api.find_dt_upd_modes      (    -- Input Data Elements           -- ------------------------------           p_effective_date                           => TO_DATE('29-JUN-2011'),           p_base_table_name                    => 'PER_ALL_ASSIGNMENTS_F',           p_base_key_column                   => 'ASSIGNMENT_ID',           p_base_key_value                       => ln_assignment_id,           -- Output data elements           -- -------------------------------          p_correction                                   => lb_correction,          p_update                                         => lb_update,          p_update_override                       => lb_update_override,          p_update_change_insert            => lb_update_change_insert    );      IF ( lb_update_override = TRUE OR lb_update_change_insert = TRUE )    THEN           -- UPDATE_OVERRIDE           -- ---------------------------------           lc_dt_ud_mode := 'UPDATE_OVERRIDE';    END IF;    IF ( lb_correction = TRUE )    THEN          -- CORRECTION          -- ----------------------          lc_dt_ud_mode := 'CORRECTION';    END IF;    IF ( lb_update = TRUE )    THEN         -- UPDATE         -- --------------          lc_dt_ud_mode := 'UPDATE';    END IF;       -- Update Employee API     -- ---------------------------------       hr_person_api.update_person     (       -- Input Data Elements             -- ------------------------------             p_effective_date                              => TO_DATE('29-JUN-2011'),             p_datetrack_update_mode         => lc_dt_ud_mode,             p_person_id                                     => 32979,             p_middle_names                            => 'TEST',             p_marital_status                             => 'M',             -- Output Data Elements             -- ----------------------------------            p_employee_number                       => lc_employee_number,            p_object_version_number              => ln_object_version_number,            p_effective_start_date                      => ld_effective_start_date,            p_effective_end_date                       => ld_effective_end_date,            p_full_name                                       => lc_full_name,            p_comment_id                                   => ln_comment_id,            p_name_combination_warning   => lb_name_combination_warning,            p_assign_payroll_warning           => lb_assign_payroll_warning,            p_orig_hire_warning                      => lb_orig_hire_warning     );      COMMIT; EXCEPTION        WHEN OTHERS THEN                    ROLLBACK;                    dbms_output.put_line(SQLERRM); END; / SHOW ERR;   After Firing Update Employee API -- Middle Name and Status  

    Read the article

  • Which HTTP redirect status code is best for this REST API scenario?

    - by Aseem Kishore
    I'm working on a REST API. The key objects ("nouns") are "items", and each item has a unique ID. E.g. to get info on the item with ID foo: GET http://api.example.com/v1/item/foo New items can be created, but the client doesn't get to pick the ID. Instead, the client sends some info that represents that item. So to create a new item: POST http://api.example.com/v1/item/ hello=world&hokey=pokey With that command, the server checks if we already have an item for the info hello=world&hokey=pokey. So there are two cases here. Case 1: the item doesn't exist; it's created. This case is easy. 201 Created Location: http://api.example.com/v1/item/bar Case 2: the item already exists. Here's where I'm struggling... not sure what's the best redirect code to use. 301 Moved Permanently? 302 Found? 303 See Other? 307 Temporary Redirect? Location: http://api.example.com/v1/item/foo I've studied the Wikipedia descriptions and RFC 2616, and none of these seem to be perfect. Here are the specific characteristics I'm looking for in this case: The redirect is permanent, as the ID will never change. So for efficiency, the client can and should make all future requests to the ID endpoint directly. This suggests 301, as the other three are meant to be temporary. The redirect should use GET, even though this request is POST. This suggests 303, as all others are technically supposed to re-use the POST method. In practice, browsers will use GET for 301 and 302, but this is a REST API, not a website meant to be used by regular users in browsers. It should be broadly usable and easy to play with. Specifically, 303 is HTTP/1.1 whereas 301 and 302 are HTTP/1.0. I'm not sure how much of an issue this is. At this point, I'm leaning towards 303 just to be semantically correct (use GET, don't re-POST) and just suck it up on the "temporary" part. But I'm not sure if 302 would be better since in practice it's been the same behavior as 303, but without requiring HTTP/1.1. But if I go down that line, I wonder if 301 is even better for the same reason plus the "permanent" part. Thoughts appreciated!

    Read the article

  • GitHub Api: How to get Root :tree_sha of a repository?

    - by Chris Jacob
    How do I get the Root :tree_sha of a GitHub repository via the GitHub API? The GitHib API help pages don't seem to explain this critical piece of information: http://develop.github.com/p/object.html Can get the contents of a tree by tree SHA tree/show/:user/:repo/:tree_sha To get a listing of the root tree for the facebox project from our commit listing, we can call this: $ curl http://github.com/api/v2/yaml/tree/show/defunkt/facebox/a47803c9ba26213ff194f042ab686a7749b17476

    Read the article

  • How can I get a static URL to a map image using the Google Static Maps API?

    - by Argote
    === BACKGROUND === Hello, so I've published a Web-App (still in "Beta") which uses the Flickr API to get information for the photos of a particular Flickr user and generates IPB code to post any of his/her images. While Flickr now gives you the IPB code to show the image and link back to the photo site directly on its site, my App also has the option of embeding the title, description, select EXIF data, location information, etc. into the post for the IPB forum. === PROBLEM === I've most recently added the option to integrate a Google Maps image of the photo's geolocation data into the post by using the Google Static Maps API. The problem is that the image URL I have is in the following form (including IPB [IMG] tags): [IMG]http://maps.google.com/maps/api/staticmap?zoom=16&size=600x600&maptype=hybrid&markers=19.387687,-99.251732&sensor=false[/IMG] Which shows this example image (In practice the image size is user selectable): However, some IPB forums seem to not support dyamic image URLs which gives me a broken image, I'd like to replace the [IMG]http://maps.google.com/maps/api/staticmap?zoom=16&size=600x600&maptype=hybrid&markers=19.387687,-99.251732&sensor=false[/IMG] with something like [IMG]http://maps.google.com/maps/api/staticmap/map0000001.png[/IMG] which should be supported by all IPB forums. Thanks in advance for your help. In case you're interested, the most recent "released" version of my Web-App can be found here: http://flickr.argote.mx/ (The changes I mention here are still on local development server).

    Read the article

  • Why doesn't the Java Collections API include a Graph implementation?

    - by dvanaria
    I’m currently learning the Java Collections API and feel I have a good understanding of the basics, but I’ve never understood why this standard API doesn’t include a Graph implementation. The three base classes are easily understandable (List, Set, and Map) and all their implementations in the API are mostly straightforward and consistent. Considering how often graphs come up as a potential way to model a given problem, this just doesn’t make sense to me (it’s possible it does exist in the API and I’m not looking in the right place of course). Steve Yegge suggests in one of his blog posts that a programmer should consider graphs first when attacking a problem, and if the problem domain doesn’t fit naturally into this data structure, only then consider the alternative structures. My first guess is that there is no universal way to represent graphs, or that their interfaces may not be generic enough for an API implementation to be useful? But if you strip down a graph to its basic components (vertices and a set of edges that connect some or all of the vertices) and consider the ways that graphs are commonly constructed (methods like addVertex(v) and insertEdge(v1, v2)) it seems that a generic Graph implementation would be possible and useful. Thanks for helping me understand this better.

    Read the article

  • What to keep in mind when creating your own custom web services API?

    - by John Conde
    I have created a website which allows users to sign up for, and use, an online service. To help promote the website we will be have resellers who will be offering their own branded services through us. The initial plan is to allow resellers to place registration, login, and lost password forms on their own website and use an API created by us to handle these requests. I have begun outlining how I expect the API to work (and starting documenting it as well) and I want to make sure I get it right, or as close to right, as I can from the beginning as I know once you have declared a public API you want to avoid changing that API at all costs. So far I have decided: To have the user pass their account credentials with each request To require SSL for all requests What else should I be keeping in mind?

    Read the article

  • is it possible to change the query parameters in REST API from script editor in SOAPUI?

    - by user1518659
    i am doing load test on this REST API using SOAPUI. http://maps.googleapis.com/maps/api/geocode/xml?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&sensor=false i ve successfully setup the testsuite and all. my doubt is is it possible to change the query parameters in the REST API url by passing values from the script editor(either javascript or groovy) for the test suite when i perform test? if so, how should i write the script? Hope I am clear with my ques.

    Read the article

  • iPhone Development - calling external JSON API (will Apple reject?)

    - by RPM1984
    Ok guys, so im new to iPhone development, so apologies if this is a silly question, but before i actually create my app i want to know if this is possible, and if Apple will reject this. (Note this is all theoretical) So i'd have a API (.NET) that runs on a cloud server somewhere and can return HTML/JSON/XML. I'll have a website that can access this API and allow customers to do some stuff (but this is not important for this question). I would then like my iPhone app to make a call to this API which would return JSON data. So my iPhone app might make a call to http://myapp/Foos which would return a JSON string of Foo objects. The iPhone app would then parse this JSON and do some funky stuff with it. So, that's the background, now the questions: Is this possible? (that is, call an external cloud API over HTTP, parse JSON response?) What are the chances of Apple rejecting this application (because it would be calling a non-Apple API) Are there any limitations (security, libraries, etc) on the iPhone/Objective-C/Cocoa that might hinder this solution? On this website, they seem to be doing exactly what im asking. Thoughts, suggestions, links would be greatly appreciated...

    Read the article

  • How to pass UTF8 string into your PHP HTML API?

    - by Ole Jak
    so I have my php API (html Get api for Flash builder and C# apps). So if you want to submit data to it you use string like http://localhost/cms/api.php?method=someMethod&string=Your_String If there are english letters in it its ok. But what if I need to pass UTF-8 string like this &#1056;&#1091;&#1089;&#1089;&#1082;&#1086;&#1077; &#1048;&#1084;&#1103; to my api what shall I do?

    Read the article

  • How To Add Custom ModelValidatorProviders To Web API Project?

    - by Mark S.
    I'm moving some MVC code to Web API and I need to update my custom ModelValidatorProviders. It seems as though my validators can stay much the same only they should inherit the System.Web.Http.Validation namespace. What I can't figure out is how to add the provider to Web API. When using MVC I can just add the following to my global.asax: ModelValidatorProviders.Providers.Add(new CustomModelValidatorProvider()); How do I use the custom provider with Web API?

    Read the article

  • How does this script work for the ImageShack.us API?

    - by vette982
    I'm looking into using the ImageShack.us API for uploading images from my website. I found this tutorial for using it with the XML return http://elliottback.com/wp/using-the-imageshack-xml-api/, but I'm not sure about what to do with it. Where do I enter my API key for this script? Furthermore, he shows the use of two PHP files - should these be combined into one file? Any help with this would be appreciated (examples would be even better).

    Read the article

  • How to override [Authorize] attribute in the MVC Web API?

    - by NullReference
    I have a MVC Web Api Controller that uses the [Authorize] attribute at the class level. This makes all of the api methods require authorization but I'd like to create an attribute called [ApiPublic] that overrides the [Authorize] attribute. There is a similar technique described here for normal MVC controllers. I tried creating an AuthorizeAttribute based of the System.Web.Http.AuthorizeAttribute but none of the overridden events are called if I put it on a api method that has the [Authorize] at the class level. Anyone have an idea how to override the authorize for the web api? [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public class ApiPublicAttribute : AuthorizeAttribute { protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { base.HandleUnauthorizedRequest(actionContext); } public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnAuthorization(actionContext); } protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { return true; } }

    Read the article

  • Authenticating users in iPhone app

    - by Myron
    I'm developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we're developing, but I'm designing this with future uses in mind (such as mobile apps for other platforms). I'm trying to decide on the best way to authenticate users so they can access their accounts from the iPhone. I've got a design that I think works well, but I'm no security expert, so I figured it would be good to ask for feedback here. The design of the user authentication has 3 primary goals: Good user experience: We want to allow users to enter their credentials once, and remain logged in indefinitely, until they explicitly log out. I would have considered OAuth if not for the fact that the experience from an iPhone app is pretty awful, from what I've heard (i.e. it launches the login form in Safari, then tells the user to return to the app when authentication succeeds). No need to store the user creds with the app: I always hate the idea of having the user's password stored in either plain text or symmetrically encrypted anywhere, so I don't want the app to have to store the password to pass it to the API for future API requests. Security: We definitely don't need the intense security of a banking app, but I'd obviously like this to be secure. Overall, the API is REST-inspired (i.e. treating URLs as resources, and using the HTTP methods and status codes semantically). Each request to the API must include two custom HTTP headers: an API Key (unique to each client app) and a unique device ID. The API requires all requests to be made using HTTPS, so that the headers and body are encrypted. My plan is to have an api_sessions table in my database. It has a unique constraint on the API key and unique device ID (so that a device may only be logged into a single user account through a given app) as well as a foreign key to the users table. The API will have a login endpoint, which receives the username/password and, if they match an account, logs the user in, creating an api_sessions record for the given API key and device id. Future API requests will look up the api_session using the API key and device id, and, if a record is found, treat the request as being logged in under the user account referenced by the api_session record. There will also be a logout API endpoint, which deletes the record from the api_sessions table. Does anyone see any obvious security holes in this?

    Read the article

  • Should my web based app be a consumer of my api?

    - by seanbrant
    I will be developing a mobile app (iPhone) and a web based app (Django) soon. For the mobile app I will be creating a REST api (most likely using Django) to send data back and forth from phone to server. When I comes time to create the web based version does it make sense to just create it as any other client of the api. In other words both the mobile app and the web app will get there data from an external API over HTTP. Or should the web based app have direct access to the database that the api is using and just get its data that way?

    Read the article

  • How to create simpliest PHP Get API with UTF-8 support?

    - by Ole Jak
    How to create simpliest *(less lines of code, less strange words) PHP Get API *(so any programm made in .Net C# could call url like http://localhost/api.php?astring=your_utf-8_string&bstring=your_utf-8_string ) with UTF-8 support? What I need Is PHP API with one function - concatinate 2 strings so that a simple .net client like this would be able to use it: public string setStream(string astring, string bstring) { string newAstring =Uri.EscapeDataString(astring); string newBstring = Uri.EscapeDataString(bstring); WebClient client = new WebClient(); var result = client.DownloadString(("http://localhost/api.php?" + string.Format("astring={0}&bstring={1}", newAstring, newBstring)).ToString()); return result; }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >