Analyze loopholes in SharePoint Security Framework

Annotated References

Dokic, D., Zrakic, M. D., Bogdanovic, Z., & Labus, A. (2015). Application of SharePoint Portal Technologies in public enterprises. Revija za univerzalno odličnost [Journal of Universal Excellence], 4(1), A11-A25. Retrieved from http://www.fos.unm.si/media/pdf/RUO/2015-4-1/Application_of_sharepoint_portal_technologies_in_public_enterprises.pdf

This paper deals with application of portal technologies for enhanced content management, document management, and collaboration within public enterprises. The goal is to achieve efficient exchange of information on all hierarchical levels, as well as mechanisms of reporting and performance measurements, such as business intelligence and key performance indicators, taking into account concepts of scalability, availability, ubiquity and pervasiveness. A case study of application within the public enterprise Post of Serbia is used to achieve the goal. The results of analysis show that application of Information and Communication Technologies (ICT) necessarily leads to transformation of business processes that are based on flow of paper documents. In addition, application of ICT leads to standardization, changes in organization structure, and change management.

 SharePoint as an ICT needs major organizational level contribution from participants and there is no unified approach available as of date, which could be implemented to streamline process, in order for a smooth transition. When it comes to surface that this transformation is way too expensive than expected and relatively unsecure, generally it’s too late. There should be a formal study published, to identify these risk factors.

Jali, M. Z., Furnell, S. M., & Dowland, P. S. (2010). Assessing image-based authentication techniques in a web-based environment. Information Management & Computer Security, 18(1), 43-53. doi:10.1108/09685221011035250

The authors analyzed usability of two image-based authentication methods when used in the web-based environment - clicking secret points within a single image (click-based) and remembering a set of images in the correct sequence (choice-based). For direct comparison of usability same set of forty participants (thirty-three males and seven females) were given paper and web based tasks and based on user feedback, these two techniques were evaluated. The results suggest that click based authentication is more secure and choice-based authentication has better scores in terms of usability. Although participants rated the choice-based method as weak, it was still their preferred alternative for replacing passwords. This result suggests that participants preferred "convenience", albeit with an awareness of the "security" risks.

With SharePoint 2013 claim based authentication, it might be possible to insert multiple security layers enveloped under same set of services. Username and password combination along with click-based/choice-based user verification is something we need today. It’s worth a million dollar to conduct usability & technical feasibility study of suggested approach.

Nastase, P., & Eni, L. C. (2015). Developing an online collaborative system within the domain of financial auditing. Amfiteatru Economic, 17(39), 823-835. Retrieved from http://econpapers.repec.org/article/aesamfeco/v_3a39_3ay_3a2015_3ai_3a17_3ap_3a823.htm

The paper discusses technical design for online availability of audit records using SharePoint. The online audit records here means information required by both financial auditors and the employees of the Chamber of Financial Auditors of Romania. This technical design evaluation involved feasibility study and later implementation using Microsoft SQL Server 2008 R2, SharePoint Server 2010, SharePoint Designer 2010 and various implementation features: external content types, external lists, business data web parts etc. Two research methods highlighted in this paper are: the first one is empiric, based on formulating a questionnaire and the interpretation of the results, while the second is the analysis of the implementation process by using a step-by-step approach. The online audit database stores information about the results of previous audits, the opinions issued as result of audits, the results of online electronic inspections, audit firms, audited entities, risks identified etc. The conclusion was that the online database, which is updated through Internet, is feasible to implement in SharePoint, for multiple audit stakeholders including financial auditors who can sell their financial audit services benefiting from the transparency that the system provides.

This article, even though elaborates well the technical design and feasibility of SharePoint and related tools for reporting purposes and signifies use cases where business connectivity services may be leveraged. One of the most important concerns is untouched here: dynamic nature of reports (if required) based on business rules for multiple users using same platform. This must be addressed in a separate paper, considering the fact that when a solution is implemented it must cater future needs and at the same time this flexibility should not open new security loopholes.

Send bulk email using gmail or any other server

1. Visit https://www.google.com/settings/security/lesssecureapps  and enable access for less secure apps for some time

2. Verify that your machine where powershell is available , latest version of .Net Framework is installed.

3.  Verify that in powershell you have "Send-MailMessage" available .

(in powershell window type  :---- Get-Command Send-MailMessage )

4.   Export your gmail/ any other email account contacts as csv  . Say it has name of contact column as "name"  and email as "email"

5. Create the sample html you want to send , say some dummy html

6. Here is a sample ps1 using  "Send-MailMessage" with gmail

sample script

7. Give your sleep time in powershell script  with respect to  Gmail send message limits https://support.google.com/a/answer/166852?hl=en  and https://support.google.com/a/answer/175121?hl=en

8. don't forget to disable less secure apps @ https://www.google.com/settings/security/lesssecureapps   after you are done .

null id in entry (don't flush the Session after an exception occurs)

Sample Exception :  ( This example is using postgresql 9.3)

null id in YourModelNamespace.Model entry (don't flush the Session after an exception occurs)
NHibernate.AssertionFailure was caught
HResult=-2146232832
Message=null id in YourModelNamespace.Model  entry (don't flush the Session after an exception occurs)
Source=NHibernate
StackTrace:
at NHibernate.Event.Default.DefaultFlushEntityEventListener.CheckId(Object obj, IEntityPersister persister, Object id, EntityMode entityMode)
at NHibernate.Event.Default.DefaultFlushEntityEventListener.GetValues(Object entity, EntityEntry entry, EntityMode entityMode, Boolean mightBeDirty, ISessionImplementor session)
at NHibernate.Event.Default.DefaultFlushEntityEventListener.OnFlushEntity(FlushEntityEvent event)
at NHibernate.Event.Default.AbstractFlushingEventListener.FlushEntities(FlushEvent event)
at NHibernate.Event.Default.AbstractFlushingEventListener.FlushEverythingToExecutions(FlushEvent event)
at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event)
at NHibernate.Impl.SessionImpl.Flush()
at NHibernate.Transaction.AdoTransaction.Commit()
at YourNamespace.UnitOfWork.NHibernateUnitOfWork.Dispose(Boolean disposing) in c:\Users\..........\UnitOfWork\NHibernateUnitOfWork.cs:line 78
at YourNamespace.UnitOfWork.NHibernateUnitOfWork.Dispose() in c:\Users\..............\UnitOfWork\NHibernateUnitOfWork.cs:line 36
at sourcenamespace.class.method(input parameters ) in c:\Users\hemant\.......\mycalss.cs:line 82
at wrapper.cs in c:\Users\hemant\.....\api\someController.cs:line 134
InnerException:

 

Possible Reasons / Solutions : 

1.  uninstall  FluentNHibernate  ,  NHibernate ,  Iesi.Collections . install FluentNHibernate   , it will automatically install correct version of NHibernate and Iesi.Collections required . Check if your app.config / web.config have wrong versions of dll's referred , may be under runtime .

2. Generally  in nhiberante mappings you define id field for the table like :

Id(x => x.somecolumn).GeneratedBy.Assigned().Not.Nullable();   // reflection to determine column name so its ok to skip .column here

//or

Id(x => x.SomeColumn).GeneratedBy.Assigned().Column("\"SomeColumn\"").Not.Nullable();

//In the above two cases , your own code is responsible to maintain unique id . So used //Assigned

//or

Id(x => x.SomeColumn).GeneratedBy.Assigned().Column("some_column").Not.Nullable();

//snake_case  so ok to skip  \"

//or

Id(x => x.Id).GeneratedBy.Sequence("\"My_Id_seq\"").Column("\"Id\"");

// in the above case you have a Sequence to generate unique ids / primary key  in db

or else

The idea is after GeneratedBy  make sure you have chosen right option as per your table  e.g.

• Assigned :   lets the application to assign an identifier to the object before Save()  is called. ( with or without Params configuration )


• Foreign  :  uses the identifier of another associated object. Usually used in conjunction  with a one-to-one primary key association.


• HiLo :   uses a hi/lo algorithm to efficiently generate identifiers of any integral type, given a table and column (by default hibernate_unique_key and next_hi respectively) as a source of hi values. The hi/lo algorithm generates identifiers that are unique only for a particular database. Do not use this generator with a user-supplied connection. requires a "special" database table to hold the next available "hi" value


• Identity  :   supports identity columns in DB2, MySQL, MS SQL Server and Sybase. The identifier returned by the database is converted to the property type using Convert.ChangeType. Any integral property type is thus supported.


• Increment :   generates identifiers of any integral type that are unique only when no other process is inserting data into the same table. Do not use in a cluster.


• Sequence :  uses a sequence in DB2, PostgreSQL, Oracle or a generator in Firebird. The identifier returned by the database is converted to the property type using Convert.ChangeType. Any integral property type is thus supported.

See FluentNHibernate.Mapping.IdentityGenerationStrategyBuilder  for more possible options.

 

 

 

 

 

 

An error occurred. Detailed message: An error was raised by libgit2.Category = Net (Error). Response status code does not indicate success:401 (Unauthorized).

An error occurred. Detailed message: An error was raised by libgit2. Category = Net (Error).
Response status code does not indicate success: 401 (Unauthorized).

This is what happened when I changed my password for Git Repository ( with Visual Studio Tools for Git http://visualstudiogallery.msdn.microsoft.com/abafc7d6-dcaa-40f4-8a5e-d6724bdb980c )

Solution :

1. Close all Visual Studio instances


2. Go to Control Panel > Credential Manager


3. Delete the entries related to your repository.(Link )


4. Now whenever you will try to connect to server using Visual studio , it will ask for credentials and recreate these entries in Credential manager.

Should I Pay money to Google Adsense ? Prove using Powershell

Last week I  finalized a new hosting plan . It offers me $100 worth of code for Google adsense and similar programs.  This was the 1st time I saw Google adsense with angle of an advertiser . (Probably when I last time renewed my hosting  also , I got these codes , but never used it . Was not even aware of what it is at that moment )

1st question which comes to me , do they make us fool !!! Does this $ 100 really worth something .  After all brainstorming  my conclusion is : if you are selling a product , invest only in a program  which charges you as per actual product sale .  Never invest in Google adsense and similar programs , who just take responsibility of taking user to your door on web , if they don't promise / convert in to actual sale , don't pay them .

Well, I am not saying something in air . I have valid points to prove it , if you agree with below mentioned , you must admit what I said above :

Muliple Get, Put, Post, Delete under Web API calls to same Controller from Angular JS

In the example mentioned below , you could define multiple PUT to same Web API controller

How to Post on all of your FaceBook Groups Using Powershell ?

Powershell script saved as text here( Auth codes removed)

#1. This PowerShell script demonstrate how to use Facebook API's in PowerShell .
#2. How to load new framework dll . (Details How to load .Net 4 compiled dll in Powershell ? ) 
#3. How to generate Auth Access Token in facebook. (Details How to generate Facebook token ? )
#4. How to read online xml file which may be site map . (How to read online xml using PowerShell?  $onlineXMLSitemap = "http://sharepoint.asia/sitemap.xml" ;$doc = New-Object System.Xml.XmlDocument;$doc.Load($onlineXMLSitemap);
#5. How to run c# code from powershell directly . (Add-Type -ReferencedAssemblies $mAs -TypeDefinition $cSource -Language CSharp )
#6. How to solve overload function problem in Powershell ( Post method of facebook API has two overloads , one with Path , one without path . We are using 1st . That is why we called c# code from Powershell)
#7. How to select random entries in a collection . ($doc.urlset.url | Get-Random -count 1 | ForEach-Object )
#8. Business purpose resolved : Randomly post on Facebook in my all groups . This script picks one random url from provided Sitemap.XML and post it on 100 FB Groups and your own wall . You can reduce this number though .$Groups.data  | Get-Random -count 100| ForEach-Object {
#Related terms : Bulk Post on facebook , Post on All Groups ,  Use Facebook API is Powershell , Use Facebook API is c#