|
Server A hosts the MSMQ queues and is in a DMZ.
Server B is within the corporate network and hosts the workflow services that monitor the MSMQ queues on Server A.
For transactional message processing DTC is used and the article http://support.microsoft.com/kb/918331 says that ports 135 and the dynamic port allocation need to be opened in both ways on the firewall to allow this process to work.
Does this mean that both inbound and outbound requests need to be allowed through the firewall i.e. an inbound request can be made from Server A to Server B that was not initiated from Server B? The Infrastructure team are not keen on allowing inbound access to the corporate network containing Server B from the DMZ. In an ideal world an outbound request would be initiated from Server B and the traffic could flow in both directions once this connection was made but any inbound requests initiated from Server A to Server B would not be allowed.
Sorry my knowledge of firewalls and how the traffic works between machines and the firewall is not too hot so the explanation might be a bit off or if this is the wrong place for the question.
Thanks
John
|
|
|
|
|
John Padgett wrote: Server A hosts the MSMQ queues and is in a DMZ.
You are in for a world of hurt. Traffic flow MSMQ to MSMQ is very complex and thus very hard to figure out even when one tracks down the documentation.
John Padgett wrote: an inbound request can be made from Server A to Server B that was not initiated
from Server B?
Of course not.
John Padgett wrote: Does this mean that both inbound and outbound requests need to be allowed
through the firewall
I supect you would need to test it. I wouldn't suppose that a post from A to B would require outbound but certainly a post that originates on B would.
|
|
|
|
|
Hi,
I have been given the task of exposing our internal software to the outside world.
the software was written in a proprietory language in the early 80s. The software has a hook that you can use to
instantiate forms in the program just as if you were
a real user typing into them.
This hook is abstracted to the point that it offers
1 class to instantiate any of the available forms(300+)
1 function to perform any type of search on the form (it takes one function parameter, an array of objects)
1 function to perform any type of action on the form (it takes one function parameter, an array of objects)
etc...
So I have several concerns (I have been reading a lot, but have little practical experience)
1. Does anyone know of a good resource that would help me out on designing the interface/choosing how to expose?
2. The above hook is simple, however, it would be a nightmare to consume as is. I feel that I have to remove some of the abstraction.
The forms are a 1:1 with database tables,
would I create a 1:1 class:form ?
OR suggestions...?
3. There is no security/authentication built in to this hook, Can someone point me towards a resource on this as well.
|
|
|
|
|
Realistically it isn't possible to answer this.
If one one knew the forms then one might come up with a better way to organize them.
If not them someone else would need to provide that info.
We can't answer that.
Without that information it is hard to say what should be done.
Obviously the simplest representation is to just to provide each form. And the consumer of these might find that form the easiest to use as well.
Since there appears to be a direct one to one correspondence code generation is the easiest way to quickly get them up.
User management is harder since, again there are no requirements. For starters if you have users who creates/manages them? Do all users have complete access to everything? What sort of users will use it - for example if you are going to allow complete trust with fixed customers then VPN is all you need.
|
|
|
|
|
thanks for your response.
In regards to your questions about user management.
*if you have users, who creates/manages them?
Administrators create and manage users
*Do all users have complete access to everything?
No access is restricted based on products.
The hook available to us does not force a user to log in.
All functions and data are available through the hook.
You can run through the program anonymously using the hook.
*What sort of users will use it?
All users are customers.
It will be available on the internet.
my biggest fear is that if our internet server gets compromised the hacker has an access point to our software and all data without restriction.
I am looking for a way to use the hook available and mitigate/prevent damage, if our gateway server gets hacked.
Perhaps you can point me to a resource that will help/teach me to implement security measures?
jj
|
|
|
|
|
jdjacobucci wrote: Administrators create and manage users
Where do those come from? Has the business committed to tasking someone with that?
jdjacobucci wrote: No access is restricted based on products.
Can a customer that has access to X product set manager their own users or does your company need to do that? The answer to that impacts the architecture, design and implementation.
jdjacobucci wrote: It will be available on the internet.
Then you must concern yourself with security.
jdjacobucci wrote: if our gateway server gets hacked.
Provide a gateway. Your application talks to the existing product. The existing product is NOT exposed to the internet. Actually you should insure that the network access though that portal should be a via a firewall that only allows access from your application box.
|
|
|
|
|
Most languages don't expose features that you (could) need, such as the double-extended format, rounding modes, and things like the "inexact result" flag, that are in the IEEE 754 standard.
So, I guess what I'm asking is, am I even on the right track here?
I've identified some things as necessary or useful:
- the optimizer will not mess with associativity or distributivity or identities such as "a - a == 0" that do not generally hold. Very important. There are compilers that break this rule even if you don't enable something like "-ffast-math", especially things like GPU Shader compilers, destroying many algorithms.
- lexically scoped* rounding modes. Could be done as global state, but that has two effects: 1) you can run the same function several times with different rounding modes, which is a good (not perfect) test for numerically bad code, and 2) it makes reasoning about the code very hard, since you can't make any assumptions about the rounding mode without analyzing all possible call trees.
- lexically scoped control for "flush to zero" and "denormals are zero". Less important, but allows optimization where needed without having to enable it globally.
- support for reading/clearing the sticky flags. Not sure what the syntax should look like to make that nice, but it's probably not super important to make it nice.
And there are some things I'm not too sure about:
- introduce the internal types "auto_double" and "auto_wider_double". Operations on floating point types would automatically upcast once to a wider type. The internal types are to avoid doing (float + float) + (float + float) in overly wide precision.
| float | double | x
float | double | double | x
double | double | x | x
x | x | x | x
But what should x be? There's double-extended, but that can only be implemented with old-school x87 instructions. Double-double arithmetic could be done in xmm registers, and isn't as slow as it seems. But not as fast by far as using the old-school FPU, which suffers almost no penalty for double-extended precision (division, square root, saving and loading is about all that's affected), and, IIRC, double-double arithmetic doesn't always round the way we'd like it to.
And should this be a feature at all? The programmer could just as well do it himself by upcasting - and then the programmer could choose not to do that, without necessitating yet an other lexically scoped mode ("no widening", see below). It would save the average noob's ass once in a while, but history shows that languages oriented at noob often end up so horrifying that only noobs dare use them.
- should double-double (this is not the binary128 type by the way, but an uninterpreted sum of 2 doubles) and quad-double arithmetic be built-in and exposed though types? It would be useful, but not all that often, and could be implemented in code. It's not clear whether the advantages outweigh the costs.
* what should this even look like? Something like this?
float(round nearest) // default mode, so this changes nothing
{
// do some arithmetic
}
// round to +Infinity, denormals are zero, flush to zero and
// don't automatically widen types
float_mode(round up, daz, ftz, no widening)
{
// maybe that whole auto-widening was over the top
}
Other ideas? And I'm not too sure what the keyword should be.
There's probably a ton of things I'm missing here. I'm not even a numerical analyst, not even close. I know just enough about floating point to know that I don't know what I'm doing.
PS: is this topical in this forum?
|
|
|
|
|
Myself I am unclear what the question is.
Are you asking about how one might expose these features in a language?
Or why they are not exposed?
Or alternatives to them?
Or something else?
|
|
|
|
|
All of those, well except the second one.
That's why I didn't go to StackOverflow
Is there anything important that I missed? Should auto-widening be a thing? Is anything I suggested stupid and/or unnecessary?
|
|
|
|
|
There was a recent article on round to nearest bugs, and some comments about compiler options being made available to force rounding mode and the effect of compiler optimizations -O2 etc.
incorrectly-rounded-conversions-in-gcc-and-glibc
This is the closest thing I've found that matches said problems. As I understand it ieee754 is deprecated in favour of SSE.
|
|
|
|
|
dusty_dex wrote: ieee754 is deprecated in favour of SSE The FPU is pretty much deprecated in favour of SSE (it won't disappear though), but SSE also implements IEEE754: it has all the rounding modes, it has the sticky flags, it has the exactly-rounded operations, implements at least one of the required formats (two, even), and can trap for certain kinds of illegal operation (but usually is configured not to).
|
|
|
|
|
harold aptroot wrote: The FPU is pretty much deprecated in favour of SSE (it won't disappear though),
Yes, I still need/want ieee754 to hang around a while longer, as I don't alway's use modern machines with SSE features.
|
|
|
|
|
Can somebody list down some best books on Design & Architecture.
Also, which one to refer for Design Patterns: GoF or Martin Fowler's PEA and why?
Be a good professional who shares programming secrets with others.
|
|
|
|
|
Here are some Link With book name
(1)Head First design pattern:
http://www.amazon.com/First-Design-Patterns-Elisabeth-Freeman/dp/0596007124
Design Patterns CD: Elements of Reusable Object-Oriented Software:
http://www.amazon.com/Design-Patterns-Object-Oriented-Professional-Computing/dp/0201634988
Agile Principles, Patterns, and Practices in C#: http://www.amazon.com/Agile-Principles-Patterns-Practices-C/dp/0131857258
Professional Asp.net Design Patterns:
http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470292784.html
Patterns of Enterprise Application Architecture:
http://www.amazon.com/Patterns-Enterprise-Application-Architecture-Martin/dp/0321127420
Mojam
|
|
|
|
|
Thanks for the information. Can you please tell me which one of them have you read and how was your experience?
Be a good professional who shares programming secrets with others.
|
|
|
|
|
I read professional_asp.net_design_patterns that contains real example that is much necessary for any developer. Also I read some topics of Head First Design pattern also fantastic book. If you are in .net framework I will suggest you to read professional_asp.net_design_patterns and Agile software development: principles, patterns and Practice in C#. Both of them are awesome for read. Both of them contains huge real example that will be helpful for you. professional_asp.net_design_patterns contains some most used GOF design patterns with examples and PER (Patterns of Enterprise Architecture) patterns example with SOLID Principles. I think this will be much better for you.
Mojam
|
|
|
|
|
Thank you so much Mojam. +5d for your explanation.
Be a good professional who shares programming secrets with others.
|
|
|
|
|
I want to create a virtual printer which will be visible under "Devices and Printers" say "ABC Print Driver"
User can select this "ABC Print Driver" as default printer.
When some one gives any print by selecting "ABC Print Driver", it should first authenticate the user with the windows User name and Password against the Active Directory by popping up a dialog and then capture the details (document type, size, time etc) and then, instead of sending it to actual printer, it should upload the printed document to some FTP server.
I am also thinking of catching the prints issued using spooler.
First I will register for spooler notification.
Whenever I get a notification from the spooler that a document is spooled/printed, I will try to get the details such as, "printed by", "submitted date", "job id", "job size" etc. Then I will cancel the job and I will store the print job at some FTP location.
I am doing this so that users can store their prints and get them printed at a later stage.
Please let me know which approach is appropriate.
Also point me to some examples if you know any.
|
|
|
|
|
luckyshah wrote: it should first authenticate the user with the windows User name
Huh?
Why would you need to do that if they are already logged in?
luckyshah wrote: it should upload the printed document
FTP takes files. Presumably the "document" is not already a file otherwiws there would be no point in "printing" it. So exactly how are you going to convert the "document" to a printed form?
|
|
|
|
|
It'd be a major security-hole if you could intercept prints of other users
luckyshah wrote: Please let me know which approach is appropriate.
Also point me to some examples if you know any.
There are some examples on writing a (printer) driver in Microsofts' All In One[^] framework.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
hello
i am working on Project called Inventory Management System for Hardware shop and i play developer role.
Now The database has category table which is consist of many categories such as Motherboard , Ram , Processor and so on.
Now the question is what is best way to store specification in database
because every category has its own specification ,
I Have Two Way :-
either by creating different table for each specification of Category
or create single table for all specification of Every Category.
i am confuse between this two.which one is best and faster.
Thanks in advance..
|
|
|
|
|
Question is imprecise.\
However if you have a FIXED list of characteristics for each product then you create a table that models exactly that.
If you have a VARYING list of characters then you create a meta-model solution such that the tables that holds the characteristics looks like the following.
Inventory: id, product_id, count
Product: id, name, description
Product_characteristic: id, product_id, characteristic_name, characteristic_value
There are more complicated versions of the above.
|
|
|
|
|
I agree with jschell.
Here is slightly different version of that:
Inventory: id, product_id, count, date
Product: id, name, description, price, category_id
Category: id, name, description
Characteristic: id,name, description
Category_Characteristic: category_id, characteristic_id
|
|
|
|
|
To go along with the ideas previously mentioned, I actually had a similar project a few months ago. It was suggest here on CP that I do something like this:
Inventory: id, product_id, count
Product: id, name, description
Product_Specs: id, product_id, spec_name, value_type, value
"value_type" could be "TEXT", "INT", "DOUBLE", "FLOAT", etc. And the application handles the value type as necessary. So if the value type is "FLOAT", the user must input a valid 'float' value. And so on.
djj55: Nice but may have a permission problem
Pete O'Hanlon: He has my permission to run it.
|
|
|
|
|
|