What's the best way of storing (configurable) application settings.
I'm developing an application that has a few dozen settings, which have a default value at installation time, however they may be changed at execution time.
The settings will not be set by the application directly itself, instead it provides an API which independant client applications can use to change the settings.
One client will be a debug/test GUI to view and set the settings.
Another client will be a sort of monitoring program that is able to receive setting updates sent to the device by some mechanism (i.e. HTTP or OTA etc.). When it receives the setting changes it will call the application API to change the settings.
My first question is
- in general what is a good mechanism for storing these settings? (The settings are small things, numbers etc.)
- if the settings are stored in a file or database etc., how can they be made tamper-proof from malicious programs, i.e. is it possible that the only program which can change the settings is my application?
- if my application is the only program which can directly change the settings, that's not secure if any malicious client can access my application's API. Therefore is there a mechanism whereby an application can police usage of its API to a known list of clients?
Thanks
niuniu wrote:
- in general what is a good mechanism for storing these settings? (The settings are small things, numbers etc.)
Configurable settings are generally stored in a property list file (.plist). E.g. see Storing Dictionaries in the NSDictionary reference.
- if the settings are stored in a file or database etc., how can they be made tamper-proof from malicious programs, ...
In general, there's no such thing as tamper-proof. You need to decide on a level of security based on how important your program is and the consequences of a security failure.
- if my application is the only program which can directly change the settings, that's not secure if any malicious client can access my application's API. Therefore is there a mechanism whereby an application can police usage of its API to a known list of clients?
I guess you could require clients to logon in some fashion. But protection against an entity with knowlege of your API and the ability to install a malicious client requires a level of security far above what you've asked about so far. Simply identifying the client in this scenario is a little like securing a water heater against a 9.0 earthquake when we expect the entire building to collapse at 7.5.
For example, a priori I would look at your network input long before I would consider a malicious, local client.
I would suggest defining your security requirements in terms of what kinds of attacks you expect and how far you're willing to go towards a defense. At that point one of the security experts around here might be able to recommend some specific solutions.
Btw, the subject line of this thread doesn't reflect the more difficult security questions you're asking. A more accurate topic description makes the forum easier to search, and also gets the attention of the right experts. So if you don't get the kind of help you need, you might consider a new thread about data security.
\- Ray
Similar Messages
-
What is the best way to port complete applications from DEV - Test - PRD?
Hi,
One of my customers recently asked me, Supposing I do the complete integrations and modelling in SOA Suite on the DEV Environment. Then,
What is the best way to port complete applications from DEV -> Test -> PROD ??
Also, since the URLs in use in the DEV environment would be very different from other environments, what is the easiest way to maintain them, and to build in Access Control mechanisms ?
Best RegardsHi AJ,
Nice PDF !
Though the PDF does give a basic idea as to how we can go about the deployments using ANT and EM in Test and Prod, it doesn't really give extensive details. For eg. ANT would obviously need huge ANT scripts to be written for migrations to multiple Test servers, etc.
Similarly, when we talk about EM, does it mean each of the services has to be manually deployed on Production ?
I am sure we would be looking more towards a fully automated solution. No ?
Best Regards
Nitin -
What is the best way to port complete applications from DEV - Test - PROD
Hi,
One of my customers recently asked me, Supposing I do the complete integrations and modelling in SOA Suite on the DEV Environment. Then,
What is the best way to port complete applications from DEV -> Test -> PROD ??
Also, since the URLs in use in the DEV environment would be very different from other environments, what is the easiest way to maintain them, and to build in Access Control mechanisms ?
Best RegardsIt has been discussed here in detail-
SOA 11g Composite Deployment across multiple Instances: Best Practice
since the URLs in use in the DEV environment would be very different from other environments, what is the easiest way to maintain them, and to build in Access Control mechanisms ?You may use deployment plan for this purpose. For access control, you may use Role Based access of Weblogic and EM. Please refer -
http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10226/appx_roles_privs.htm#BABIHDFJ
Regards,
Anuj -
What is the best way to deploy an application ??
Hi,
Please advise me how to automate in a best way to Deploy 10 different applications(.ear/.war)
to 10 different Clusters(containing 40 Managed servers) in wls6.1......and that
too in a Production environment.
I know that we can use weblogic Console to deploy an application BUT if i have
2 unix boxes and each box contains 4-4 clusters(each containing 16-20 managed
servers) .....then i have to open up 2 Admin server consoles to deploy each of
the respective applications and that too deploying these application to 8 clusters.....OR
i can use deploy commad to do the same.
AND if i have like 100 clusters .....then i would have to "deploy" 100 times ......
is there any way that we can BEST AUTOMATE this process.
Thanks a lot.
-sangitaThanks Tommy. but i would like to know a very important point here: this is using
the weblogic.utility that you just talkd about.
Suppose iam having an ADMIN server that has say 10 clusters and 50 managed servers
underneath to take care.
1 cluster each = 5 managed server
now iam deploying a simple .war file to say a single managed server, i have found
out that it takes a looot of time to get the application deployed.
what do you say about this situation ?
what is the best approach ??????
-sangita
"Tomy Mathew" <[email protected]> wrote:
>
>
To deploy the application from the command prompt in WebLogic 6.1 you
use the
following command
$JAVA_HOME/bin/java -cp $WL_HOME/weblogic.jar weblogic.deploy -port $WEBLOGIC_PORT
-host $WL_HOST_IP $WEBLOGIC_CMD $WEBLOGIC_PWD -component $WL_Server_NAME:$WL_Server_NAME
$WL_APPLICATION_NAME YourApplication.war
$WEBLOGIC_CMD sould be DEPLOY for the first time deployment and UPDATE
for redeployment
For deploying in a cluster you better create a shell script which call
the above
command with different cluster ip address as a parameter.
Tomy
"sangita" <[email protected]> wrote:
Thanks Rob for your expertise advise. I would check to see wls8.1's
ANT tasks.....for
wls6.1, i would guess shell scripts to be a better option for us.
thanks again.
Rob Woollen <[email protected]> wrote:
If you're using 8.1, then it's pretty nice to use ant for
configuration/deployment/starting and stopping servers etc. There's
a
wlconfig task to do configuration, wldeploy to deploy applications,
wlserver to start/stop servers.
For 6.1, it's probably not a huge win to use ant. It's up to you.
If
you're more comfortable using shell scripts, that's certainly a
reasonable route.
-- Rob
sangita wrote:
Thanks Rob.
But all the stuff that ANT can do for me FOR DEPLOYMENT (ONLY) .....ican do it
from a simple shell script too.
And i understand of ANT's cross-platform environment and usage of
JAVA
.....but
can i use ANT to do something like CONFIGURING my wls6.1 managed
servers/clusters/creating
managed servers/db connection pools ......and all the other configurationthat
i do from wls console(or manually) ....????
and if yes, do you know of any examples, suggestions, ideas ?????
basically, if i need to sell(?) ANT to my juniors ......what are
the
basic reasoning
i can put forward....keeping in mind that these guys use wls6.1 &
wls8.1......and
these guys do CONFIGURATION and DEPLOYMENT only.
sorry for asking, may be these silly questions.
thanks, sangita
Rob Woollen <[email protected]> wrote:
sangita wrote:
Thanks Rob.
Rob, do you still consider or suggest using ANT for deploying say
20
applications
on a 10 clustered environment.Yes
do you see any advantages using [ANT + weblogic.deploy]..... over
simply
using
weblogic.deploy utility ???Yes. ANT essentially gives you a cross-platform environment that
allows
extensibility through java. It's very powerful.
-- Rob
-sangita
Rob Woollen <[email protected]> wrote:
sangita wrote:
Rob,
I have found the answer for my question #1 ...this is the URL:
http://edocs.bea.com/wls/docs81/admin_ref/ant_tasks.html
iam still hoping to hear back from you for #2, #3
thanks a ton.
"sangita" <[email protected]> wrote:
Thanks Rob.
quick question:
1) do you know of any example which illustrates the use of ANT
wrapper....or
please
direct me to a URL where i can find some documentation about
it.
2) does this ANT wrapper has any advantages over using weblogic.Deployer
utility
??If you're doing deployment via ant, then it's a bit more convenientto
use <wldeploy> rather than invoking a raw <java> process, but
fundamentally it's just a wrapper around weblogic.Deployer
3) i would certainly check to see weblogic.deploy for wls6.1
....can
i use ANT
for deployment purpose in wls6.1 ?You'll just need to wrap it in a <java> task
See:
http://ant.apache.org/manual/CoreTasks/java.html
-- Rob
Rob Woollen <[email protected]> wrote:
If you were using WLS 7.0 or later, you could use weblogic.Deployer.
If
you were using 8.1, you could use wldeploy which is an ant task
wrapper
for weblogic.Deployer.
In WLS 6.1, you'll have to use weblogic.deploy which is a bit
cumbersome, but it's still certainly possible to script deployment.
-- Rob
sangita wrote:
Hi,
Please advise me how to automate in a best way to Deploy
10
different
applications(.ear/.war)
to 10 different Clusters(containing 40 Managed servers) in
wls6.1......and
that
too in a Production environment.
I know that we can use weblogic Console to deploy an application
BUT
if i have
2 unix boxes and each box contains 4-4 clusters(each containing
16-20
managed
servers) .....then i have to open up 2 Admin server consoles
to
deploy
each of
the respective applications and that too deploying these applicationto 8 clusters.....OR
i can use deploy commad to do the same.
AND if i have like 100 clusters .....then i would have to "deploy"100 times ......
is there any way that we can BEST AUTOMATE this process.
Thanks a lot.
-sangita -
What is the best way of persisting Web-application related data?
My web-application needs to persist some data (a set of XML documents), i.e. save them so that they can survive server or application shutdowns. Saving those documents as files in server's filesystem does not seem to be convinient to me because the container may run the application directly form WAR and it is impossible (maybe I am wrong?) to modify files inside WAR archive. Forcing WAR extraction requires container reconfiguration and is container implementation dependent, which is not acceptable.
What would be ideal is some individual persistent storage bound to an application which does not require any external enitites (external databases etc). And this storage should not depend on any particular implementation of servlet container.
So is there a way to do something like this?Saving it to disk seems like your only alternative.
Presuming you have at least some control over the machine where it is deployed to, you could specify a directory to save the xml documents to (ie not one under your web application structure) This would get around the limitations of the WAR file not being extracted.
Make the directory an environment variable/init parameter in your web.xml file.
All you need then is a directory on the server that you have write permissions to.
Ok it requires more setup when deploying the web application, but I thinks its about the only way to accomplish what you want to do. -
What is the best way to exit an application?
Hi
In many examples I have seen an eventlistener used to exit an applicaiton when the user closes the window. However I recently came across the method:
setDefaultCloseOperation(EXIT_ON_CLOSE)
Is this a better way to close an application? What are the pros and cons of each way and what is the most widely used in the industry.
ThanksIf you dont have anything special to do other than exit, this method would be ok. but if you want to save some properties before exit.. or want to ask user to save before closing or some other confirmation messages, closing network, database connections, etc etc, then you have to use event listener.
-
What is the best way to set up iTunes to deal with a massive media library?
I have a really big media library...probably 7k-10k digital photos, close to 1,000 ripped CDs, and over 600 ripped DVDs, all stored on 1.5TB external hard disks in a 4-drive enclosure.
Due to a recent technical glitch, I find myself installing a new drive and moving the current library. My question is, what is the best way to set up iTunes' settings to deal with a media library that is both external to the Mac on which it runs, and spans multiple physical hard disk units?
I generally like the idea of iTunes organizing my library for me (i.e. keeping everything in Media Type>Artist>Album folders via the "Automatically Add to iTunes" folder), but I'm not sure how that's going to work spanning multiple drives.
I just figure since I'm basically starting over with my iTunes installation, maybe there's a better way to do it.
Thanks in advance for any advice you can offer.You can set them up as a software RAID using Disk Utility.
It'll simply be one large disk for all intents and purposes. -
What's the best way to handle all my data?
I have a black box system that connects directly to a PC and sends 60 words of data at 10Hz (worse case scenario). The black box continuously transmits these words, which contain a large amount of data that is continuously updated from up to 50 participants (again worst case scenario)
i.e. 60words * 16bits * 10Hz * 50participants = 480Kbps. All of this is via a UDP Ethernet connection.
I have LabVIEW reading the data without any problem. I now want to manipulate this data and then distribute it to other PCs on a network via TCP/IP.
My question is what is the best way of storing my data locally on the interface PC so that I can then have clients request the information they require via TCP/IP. Each message that comes in via the Ethernet will relate to one of the participants, so I need to be able to check if I already have data about that participant - if I do then I can just update it, if I don't I need to create a record for the participant, and if I havn't heard from one for a while I will need to delete it. I don't want to create unnecessary network traffic. I also want to avoid global variables if possible - especially considering that I may have up to 3000 variables to play with.
I'm not after a solution, just some ideas about how to tackle this problem... I thought I could perhaps create a database and have labview update a table with the data, adding a record for each participant. Alternatively is there a better way of storing all the data in memory besides global variables?
Thanks in advance.Hi russelldav,
one note on your data handling:
When each of the 50 participants send the same 60 "words" you don't need 3000 global variables to store them!
You can reorganize those data into a cluster for each participant, and using an array of cluster to keep all the data in one "block".
You can initialize this array at the start of the program for the max number of participants, no need to (dynamically) add or delete elements from this array...
Edited:
When all "words" have the same representation (I16 ?) you can make a 2D array instead of an array of cluster...
Message Edited by GerdW on 10-26-2007 03:51 PM
Best regards,
GerdW
CLAD, using 2009SP1 + LV2011SP1 + LV2014SP1 on WinXP+Win7+cRIO
Kudos are welcome -
I am trying to determine the best way to set up our imac so each user account can access the same media (songs, movies etc.) through itunes and also back up and manage their personal devices under their own personal user account. There are 4 users on our iMac. Me, my wife, and our 2 children. We have built an extensive library of music/media together using the same iTunes store account. I would like to establish a seperate apple id and iTunes store account for each of us going forward but have the ability for each of us to share our purchases. What is the best way to configure our system and devices in order to allow shared access to media and at the same time allow for individual management of devices including contacts, apps, photos, etc. Please help, I would like to do this once!
Thank you in advance!OK, seeing as no-one replied (presumably because a lot of this information is on the forums in bits elsewhere) here's how I've got on so far.
Applications - just went through them. About the only one I needed was my media server app. Just downloaded and re-installed, had a quick look back though my email to find the license key and it all went on fine. Installation never seemed quite right on my old machine so solved that problem too.
Movies - New iMovies just copied across the clips and projects into their respective folders. Seems to have worked but haven't checked it all that thoroughly. Some duplicate footage here but I can trim this out at some point when I get a chance to go through here.
Documents - Just copied these across.
Photos - used an app called iPhoto Library Manager. You can download for free but have to pay to use the part that consolidates your libraries. Possibly if I was willing to spend a bit more time I could have got away without using this but given I didn't know the state of my different libraries and just how many duplicates I had this was too much of a convenience to ignore. Also got my library into a state where I can now spend a few hours organising it a bit better with Faces / Events etc.
Not attempted Music or iPhone sync yet as been stuck trying to solve a problem with my power adapter. -
What is the best way to keep my personal files stored in iCloud separate from my work-related files? It seems that I'm not allowed to link my iPad mini and my work iMac using two different accounts, so I'm wondering how to make my single personal account work for both, while keeping personal vs work files reasonably separated.
Thanks for any suggestions.Is it possible for you to upgrade your account to iCloud Drive? That would mean, all Macs upgraded to Yosemite, and all mobile devices to iOS8?
See: iCloud Drive FAQ and iCloud: About using iWork for iOS and iCloud
In iCloud Drive you could create two separate custom folders, one for work documents and one for private documents and organize your documents there. Don't use the app specific folders (Keynote, Pages, Numbers, ...) , because you can only create one level of folders inside these folders. -
What is the best way to configure storage device for rac?
Hi
On my disk array i have 7mirors and two conroler, what is the best way to configure environment?
My application is OLTP, it runs 6-20 o clocj, so i can do backup when nobady work
Database 10g r2, Windows 2003 enterpise
for examlep
First controler
disks 1-5 DATA
second cotnroler
disks 6-7 FLASH
or meyby share one disk on DATA and FLASH?
Thanks in adviceThe best is you use ASM (maybe you do it already) and put one failure group on the first disk array and the second failure group on the second array. Then you can ASM let do the work.
Werner -
What is the best way to configure password in Cisco IOS?
I am running IOS 15.2(4) on a 1921 Router
What is the best way to configure the password for the router? I have already tried once and managed to lock myself out of another switch. I would like to use the most secure method which encrypts the password.
Current Config:
username admin privilege 15 password 0 cisco123Cisco IOS will not let me use a type 5 password. This is the error message I receive:
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
I tried generating an MD5 hash and inputting that in and that did not work either. When I do not specify type 5 it will default to using an encrypted type 4 password.
Also, what is the difference between these two enable secret commands?
enable secret 5 password
username admin privilege 15 secret 5 password -
I have 2 users on a MAC each with separate accounts (email, photo, ITunes) and I want to migrate my ITUnes Library over to a time capsule so that each usewr still has their own library bu don't want to duplicate songs. What is the best way to have both Itunes pointed to separate libraries both stored on the Time Capsule?
A bit of basics on iTunes. iTunes does 99% of what you see through a library.itl file in the iTunes folder. This file is a database and in it are references to the actual media files. These files can be anywhere in theory, but if you have iTunes set to default then they are nicely organized in media folders in the iTunes folder. You have probably moved them to some central shared location in the past, then built up two individual libraries around that central location.
iTunes is very fussy about a person dragging files to a different location, and that goes double if the other location is on a different drive. You can move files, but it is best to let iTunes do it so it can keep track. If this was just for one person I'd say go into preferences, select the other drive for media location, then close preferences. My understanding (never done this before) is iTunes will then ask you if you want to move your media. Say yes and iTunes will move it and keep track of it -- for your library. Now when you go to the other person's library, it opens and you see loads of ! because their library is still looking for the media on the same drive as the library is located on. I don't think it will work (but you could always try) to re-assign the media location to the external drive because the reference in the database is to look for such-and-such a file on the internal drive. iTunes did that for the first library as part of the move, but not for the second one. Note that typically when you want to move a single user's collection from drive to drive we advise moving the whole iTunes folder, library files and all, to another drive, but you don't have that structure.
So I'm not sure what to advise. If it were me and I was absolutely gung-ho on doing this I would re-assign the media with one library. Then edit the .xml version of the library file for the second library so it points to the new file locations and import this into a fresh iTunes library for the second user. This isn't the perfect solution because nominally the .xml version does not 1005 replicate all the characteristics of the original .itl file (which cannot be edited).
Or maybe some other user bas a better idea. -
Using the new iPad, what’s the best way to watch video files (away from home) which are stored on a NAS (WD My Book Live)? Any help would be appreciated!
Before you go, move the files to I tunes and sync them down. There is no viable way to stream from your nas drive to the pad.
-
I have 21,000 photos stored in iphoto. I have a WD 1.5TB backup external hard drive. What is the best way to erase about half of my photos on my internal hard drive?
Here's one way to do what you want:
Make sure the drive is formatted Mac OS Extended (Journaled)
1. Quit iPhoto
2. Copy the iPhoto Library from your Pictures Folder to the External Disk.
Now you have two full versions of the Library.
3. On the Internal library, trash the Events you don't want there
Now you have a full copy of the Library on the External and a smaller subset on the Internal
Some Notes:
As a general rule: when deleting photos do them in batches of about 100 at a time. iPhoto can baulk at trashing large numbers at one go.
You can choose which Library to open: Hold down the option (or alt) key key and launch iPhoto. From the resulting menu select 'Choose Library'
You can keep the Library on the external updated with new imports using iPhoto Library Manager
Maybe you are looking for
-
Field is not coming in BW side
Hi Experts, I am trying to add two fields KWEMNG and ZORIG_KWMENG into standard datasource 2LIS_11_VAITM for Sales cube report pupose. Both these fields are coming from VBAP table. I did manage to add both into the standard datasource 2lis_11_vaitm t
-
Can Help be loaded into a flash application?
I am looking for help solutions that will fit inside another application, a flex app, that would load inside a flash popup window. RoboHelp outputs a hybrid of flash and html, correct? Is there a way to output just swf format so it can be loaded into
-
How to fill multiline attribute in my method.
Hi experts , I want to fill my multiline attribute in my workflow mwthod. please guide me how i can do that. Thanks & Regards Anit Gautam
-
Looking for help with actionscript..... 1/ Have ComboBox on stage with prices say $5 to $10 - $10 to $20 etc 2/ Have xml file with assorted pricing 3/ Have loader to place pic 3/ Looking to sort prices selected in ComboBox to go into DataGrid not usi
-
Over current status led's on AO module always on.
When we power up our FP-AO-210 module, every over current led lights, even ones on channels that are not connected. Any help.