How can you restrict the access of one endpoint in a mule application?

Suppose you have two endpoints in a mule application and you want to restrict access of one endpoint to a particular client application and make only another endpoint available for access.How can you implement this?

terminology – Component used for themes or customization at the top of the application

I noticed recently an interesting feature in the Microsoft Office 365 applications that seemed subtle but piqued my interest.

enter image description here

It sits at the top right of the application window as a wispy cloud like effect, which made me wonder if it was a theming element or just a stylistic inclusion that improved the design aesthetics.

I haven’t really noticed other applications that introduces theming or style elements in this particular section of the application interface, because it does overlap with some of the clickable icons/features and does not have a distinction area that it is applied to.

I am wondering if there are other instances of this type of theming or styling used in common or popular applications? And how is it referred to (i.e. is there a name for it)?

java – How to build/design a risk scoring web application?

Property rental is a challenging business because of tenant behaviour. I’m a Java developer and trying to come up with a design to assess tenant risk similar to a process used by credit bureaus(TransUnion, Experian etc).

I want to calculate risk from lease infringements(late payments, noise complaints, damage to property, early lease cancellations etc.)

Rental agents and Landlords will be providing/Inputting data about Tenants.

I didn’t study Computer Science which I believe could help me write an algorithm to calculate this.

Are there existing algorithms, machine learning methods or other methods achieve the above?

I tried to look for credit scoring algorithms to maybe customize them but I can’t find them because I think they are proprietary and I’m sure they will be difficult to customize without CS background.

Looking to use, Spring Boot(REST), Postgresql and Keycloak, haven’t decided on the reporting framework/tool.

My Current Database Design

ms office – Microsoft Excel on Mac Error VBA Run-Time 1004 on Application Open – Endless Loop – Cannot Use Excel

When Excel is opened – no matter the document – there is a run-time error as shown in the picture belowClick The Link

clicking on End does nothing but brings up the same error window again, causing a loop that causes Excel to not be usable. Please advise. Thanks! This is Excel on Mac. I tried re-installing already.

How to deploy Flask application with Nginx and uWSGI?

I am deploying Flask application with Nginx and uWSGI for first time. Nginx will listen to port 8000 and WSGI will listen to 8081. I followed the instructions given in problem statement, but the NGINX fails to start.

Problem statement: Deploy a simple flask application with nginx and uwsgi.

Commands for configuring nginx server as per Problem statement:

  1. sudo vi /etc/nginx/nginx.conf
  2. The I was asked to include /projects/challenge/deploy.config in Virtual Host configs.
  3. sudo service nginx restart

For the code, this is what I did: wsgi.py

# Put your code here
from projects.challenge import app
if __name__ == "__main__":
    app.run()

deploy.conf

server {
    listen 8000;
    server_name localhost:8081;

    location / {
        include uwsgi_params;
        uwsgi_pass 127.0.0.1:8080;
    }

    location /Hello {
        alias /project/challenges/api.py
    }
}

The test code given in the question for testing deploy.conf is:

def test_conf_file_contents(self):
        with open('deploy.conf', 'r') as f:
            content = f.read()
            assert "location /Hello" in content
            assert "server localhost:8081" in content
            assert "listen 8000" in content

api.py

from flask import Flask, request, make_response


app = Flask(__name__)
app.secret_key = "Thisisyoursecret"


# Create a simple endpoint /Hello with return message "Welcome to your flask application"

@app.route('/Hello')
def hello():
  res=make_response("Welcome to your flask application")
  return res

As per instruction in the question, I included deploy.conf in Virtual Host Configs of nginx.conf file as follows:

http{
   ...
        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
        include /projects/challenge/deploy.conf
}

uwsgi.ini

(uwsgi)
socket=127.0.0.1:8081
wsgi-file=wsgi.py

The error is:

user@workspacede6jnv452qg2cr45:/projects/challenge$ sudo service nginx restart
 * Restarting nginx nginx                                                                (fail) 
user@workspacede6jnv452qg2cr45:/projects/challenge$ 

On going to path etc/nginx and starting:

user@workspacede6jnv452qg2cr45:/etc/nginx$ sudo service nginx restart
 * Restarting nginx nginx

nginx is failing to restart when I include deploy.conf in Virtual configuration of nginx.conf. But it starts when I do not include deploy.conf.

I might be making some obvious mistake, I went through Google and Youtube but could not figure out what to fix. No solution worked. I suspect the deploy.conf file but I have no clue how to fix the issue.

Kindly suggest me what to do.

design – How to protect an open-sourse distributed application consisting of clients and servers from forks made by hackers?

TL;DR: How distributed open-source apps like Scuttlebutt are secured from DoS and hackers who can make custom version of application?

I’m struggle with designing an open-source distributed application architecture. I want to create an application consisting of open source server, client, and provider. Client sends requests to one random provider instance that have list of all instances both client and server, and sends it to one of the random server, which, after processing the information, sends a result request back to the client. Every part of this distributed app is open-source, so everyone can create their own instance of client, provider, server, and everything seems to be fine, but what if some programmers will have bad intentions, and they will change client code in the way, that it will send millions of requests (DoS attack) to the specific, not random provider, or change providers with, so it will send all requests to one specific server? Also they can change server code, so if client expects to get a specific picture from server database, hacker will send some inappropriate pictures to all avaible clients.

If I hardcode some kind of verification, like hashing of important functions of API, then hacker will just remove this in his own fork. Therefore, I cannot solve this problem in any way, except by making the code of one of the parts private. For example I can make provider application with private code, so it will check hash of both client and server, and if this check fails – provider will delete this instance from list of instances. This solution sounds good, but in this case, the whole project will no longer be open source.

Summarize: I want to create an open source distributed application, so everyone can make their own instance, improve it, add new functionality, but how can I secure it, so this ability to create custom versions should not be misused for DoS, sniffing, or information corruption in conjunction with all many different versions working together.

I don’t quite familiar with this topic, so I’ll be glad if you can give me advice, a link to an article on a similar topic, or a book.

web application – Which is the fastest web path scanner?

Stack Exchange Network


Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

Is web application routing is either Enterprise or Application Business Rules from the viewpoint of Clean Architecture?

From the one side, customer can order “I need products list on /products and conversion statistics on /statistics/conversion“. In this case, we need to obey in and write something like:

const RoutingData: { (routeID: string): Route } = {
  products: {
    URN: "/products",
    queryParameters: {
      category: "CATEGORY",
      tag: "TAG"
    }
  },
  conversion: {
    URN: "/conversion"
  }
}

I suppose, in this case the routing is the Business Rules, because the customers wants it and it will bring the income to customer (at least, the customer thinks as such).

From the other side, the routing is just the Web application feature, but the Business rules must not know about implementation method like Web or Native.

Just in case, I’ll remind the Clean Architecture terminology:

enter image description here

Determining when to use Serverless vs Containerized application (AWS Lambda vs ECS) – Is Java Spring dead?

I work for an organization that heavily leverages AWS. There is a strong push that every team move from containers deployed on ECS to leverage AWS Lambda and step functions for (almost) every project. I know that there are workflows for which lambdas are the best solution, for example if you are running infrequent, short duration processes or processing S3 uploads for example. However I feel like my project isn’t a great use case for them because:

  1. We have many calls to a database and I don’t want to have to worry about having to re-establish connections because the container a lambda was running in isn’t available anymore.

  2. We have many independent flows which would require too many lambdas to manage efficiently. With each new lambda you create you have to maintain an independent deployment pipeline and all the bureaucratic processes and items that go with owning a deploy-able component. By limiting the number of these the team can focus on delivering value vs maintenance.

  3. We run a service that needs to be available 24/7 with Transactions Per Second around 10 to 30 around the clock. The runtime for each invocation is generally under 10 seconds with total transactions for a day in the 10’s of thousands.

Also generally, I’m not bought into the serverless ecosystem because of a few pain points:

  1. Local development. I know the tooling for developing AWS Lambdas on a developer machine has gotten much better, but having to start all these different lambdas locally with a step function to test an application locally seems like a huge hassle. I think it makes much more sense to have a single Java Spring Boot application with a click of a button you can test end to end and debug if necessary.

  2. Reduced Isolation. If you have two ECS clusters and one is experiencing a huge throughput spike, the other ECS cluster will not be impacted because they are independent. Not so for lambda. We’ve seen that if other lambdas are using all the excess provisioned concurrency and we have to go over our reserved concurrency limit, then we are out of luck and we’ll be rate limited heavily leading to errors. I know this should be a niche scenario, but why risk this at all? I think the fact that lambdas are not independent is one of things I like least about this ecosystem.

Am I thinking about lambdas/ serverless wrong? I am surrounded by developers who think that Java and Spring are dead and virtually every project must be built as a go/python lambda going forward.

@Mods if there are any ways that I can make this question more appropriate for the software engineering stack exchange community or rephrase it, I’m happy to make changes here as well.

Here’s some links to research I’ve done so far on the topic:

  1. https://stackoverflow.com/questions/52275235/fargate-vs-lambda-when-to-use-which
  2. https://clouductivity.com/amazon-web-services/aws-lambda-vs-ecs/
  3. https://www.youtube.com/watch?v=-L6g9J9_zB8

java – What are the best way to publish application event in a spring boot application?

My goal is to collect/publish different types of information from the application. We use Kafka for the event bus. Consider the following sample code.

class UserService {

public User userUpdateService(String username) {

    try {
        userRepo.save(new User(username));
    } catch (Exception e) {

        // this is a direct method call to publish error event in case of error
        publishEvent.asyncPublishUserUpdateErrorEvent(username, e);

        throw new RuntimeException();
    }

    // As the execution reach the last statement, assuming user update success 
    publishEvent.asyncPublishUserUpdateSuccessEvent(username);
}

}

As you see, currently I am calling the method in a UserService class to publish the error or success event. I call this method every time a new event needs to be collected and called directly from the code. I know that the ELK stack can be useful in my use-case, but that’s not an option for me.

One benefit I’ve seen in this direct method call is that I have more control over what kind of information is to be published. But by using this method I have to change the class, which I think violates many OO principles.

So, in practice, how can this type of task be accomplished? I’m using the Spring Boot framework.