I have worked on selenium project in python which uses both chrome and its driver.
For security reasons the customer doesn't want to use chrome, firefox etc... as each days security bugs are discovered in those browsers (highly sensitive data are stored on his machine and he doesn't want to risk it).
What can be done to solve this issue? What other alternatives are there so I can change my code accordingly.
Your two main options are
Most secure option
If your project is really that sensitive (national security), your only option is to air gap1 all systems
ensure that nobody can breach that air gap, such as with USB sticks in the staff car park2, perhaps by putting your infrastructure on Bouvet Island.
Most projects (99.999%) do not need this level of security.
Slightly less secure, significantly more practical.
Ensure that the version of Chrome that selenium is using is always the latest and greatest, with the most up to date security patches applied.
Run your chrome containers in an environment that has limited access to the Internet.
Allow incoming and outgoing requests from only certain countries.
Allow only certain ports to be open.
Side note, never use block lists, only use allow lists.
Block lists
block this stuff only
allow everything else
Allow lists
allow this stuff only
block everything else
Chrome is maintained by Google, a company who,
is huge, so has the funds necessary to keep their products patched
has a vested interest in browser security; they want to ensure that users can continue to click on Google ads.
I would also strongly suggest contributing to the Selenium project, as it is FOSS and needs support.
Life is all about risk mitigation strategies. I could get run over by a bus tomorrow, but I'm not going to ban all buses to mitigate that risk, I'll just look both ways before I cross. Equally, someone might discover a bug in Chrome tomorrow, but does that mean you should stop using the most popular browser on the the planet to test your code? Probably not.
Buttice, C. (2021). What is an Air Gap? - Definition from Techopedia. [online] Techopedia. Available at: https://www.techopedia.com/definition/17037/air-gap [Accessed 20 Apr. 2022].
Pompon, R. (2018). Attacking Air-Gap-Segregated Computers. [online] F5 Labs. Available at: https://www.f5.com/labs/articles/cisotociso/attacking-air-gap-segregated-computers.
Related
I am attempting to quantify how much download quota would be consumed when a certain web page is loaded (in chrome in my case), including all the page's assets (e.g. 'loaded' according to regular human use of the webpage)
Is there a way to achieve this using mainstream techniques (e.g. a python library, selenium, netstat command line utility, curl or something else)?
Note: I guess one very crude way would be to check my ISP stats before/after the page load, but this is fraught with potential inaccuracies, probably most notably the device doing background tasks and the ISP not providing quota estimates fine enough to discern the additional kbs consumed by the page load, so I think this method would not be reliable
There may be better ways, but I found one that seems to work
In chrome, open developer tools (cmd + option + j), click on the 'network' tab, and refresh the page. When it has fully loaded, look for the resources.
Note: to get an accurate reading, it could be important to ensure the 'Disable cache' checkbox is ticked (failing to disallow the cache could underestimate the download quota required)
For the page we're on now, we see it uses 1.5MB without disabling the cache.
Note: the amount seemed to vary for me quite a bit each time I ran it (not always in a downward direction), so depending on the circumstances, it could be worth doing this several times and taking an average.
Suppose I have a dictionary with words and explanations in the following format:
Firefox
<web> A complete {free}, {open-source} {web
browser} from the {Mozilla Foundation} and therefore a true
code descendent of {Netscape Navigator}. The first non-{beta
release} was in late 2004.
{Firefox Home (http://mozilla.org/products/firefox)}.
(2005-01-26)
firehose syndrome
<networking, jargon> An absence, failure or inadequacy of flow
control mechanisms causing the sender to overwhelm the
receiver. The implication is that, like trying to drink from
a firehose, the consequenses are worse than just loss of data,
e.g. the receiver may {crash}.
See {ping-flood}.
[{Jargon File}]
(2007-03-12)
firewall
1. {firewall code}.
2. {firewall machine}.
firewall code
1. The code you put in a system (say, a telephone switch) to
make sure that the users can't do any damage. Since users
always want to be able to do everything but never want to
suffer for any mistakes, the construction of a firewall is a
question not only of defensive coding but also of interface
presentation, so that users don't even get curious about those
corners of a system where they can burn themselves.
2. Any sanity check inserted to catch a {can't happen} error.
Wise programmers often change code to fix a bug twice: once to
fix the bug, and once to insert a firewall which would have
arrested the bug before it did quite as much damage.
[{Jargon File}]
How would I map this type of data so that I can do things with it in spark?
I'm working on a software that stores information on a local database on the computer (yeah, I know, that's incredible). Among that information, we recently added a secret token, provided by a third-party company.
Usually, when doing support the customers send us their database so we can test and reproduce errors reliably. Sadly, some of them send us their database with the secret token in it. Which means importing this database on our test platforms will actually hit the real third-party user production account, and mess with its production data (not cool).
To avoid that, we thought of detecting a host-computer change and disable the token (or erasing it from DB on startup) if the host change was detected.
The thing being, how to detect such a change (using Python, preferably) ? This is close to what one would require for a licensing system, except we probably don't need the same precision.
To make things even funnier, this would need to work for Mac OS X, Windows and Linux.
Any clue ?
We have begun upgrading hardware and software to a 64-bit architecture using Apache with mod_jk and four Tomcat servers (the new hardware). We need to be able to test this equipment with a large number of simultaneous connections while still actually doing things in the app (logging in, etc.)
I currently am using Python with the Mechanize library to do this, but it's just not cutting it. Threading is not "real" in Python, and multiprocessing makes the local box work harder than the machines we are trying to test since it has to load so much into memory for Mechanize.
The bottom line is that I need something that will really hammer this thing's connections and hold a session to make sure that the sticky sessions are working in mod_jk. I need to be able to code it quickly, it needs to be lightweight, and being able to do true multithreading would be a perk. Other than that, I am open-minded.
Any input will be greatly appreciated. Thanks.
Open Source Testing Tools
Not knowing the full requirements makes it difficult, however something from the list might fit the bill.
In order to accomplish what I wanted to do, I just went back to basics. Mechanize is somewhat bulky, and there was a lot of bloat involved in the main functionality tests I had before. So I started with a clean slate and just used cookielib.CookieJar and urllib2 to build a linear test and then run them in a while 1 loop. This provided enough strain on the Apache system to see how it would react in the new environment, and for the record, it did VERY well.
Okay, so not strictly a programming question BUT the point is I want to integrate my new building's business access/alarm system into the rest of my *NIX setup at my business. I do NOT want to use some cruddy windows GUI program written for Windows XP SP1 that manages a bare circuit-board via a serial connection and provides absolutely zero APIs. There's got to be something decent out there!
Any decent access/alarm hardware vendors out there? I'd love to interface via python, perl, ruby, etc. to some nice control panel that has an integrated NIC. Heck, I'd even settle for some CLI tool that I could at least exec and parse.
We've got mag card readers on doors/elevators, mag locks, rex's, fingerprint readers, etc. for our access.
We've got standard door/window, motion, etc. for our alarm.
Hardware vendor suggestions?
What is you physical location? If europe you could have a look at EIB-Technologies. Just google for EIB and you'll see many answers for your question. EIB stands for European Installation Bus. It is a technology used for controlling almost everything in buildings (light, alarms, aircon, etc...) using a bus and centralized control centers. Depending on technology providers you'll also have interfaces to *nix systems.
have a look at e.g. link text
Does this answer your question?
What do you actually want to do with your integrated system?
Two of my former employers developed access control systems, both running on Windows. Both provided a programmatic API (DCOM or TCP socket.) *NIX support was another matter, but you avoid the hardware interfacing problem, at least.
One was Honeywell, but that's designed for big systems and will probably be out of your price (and complexity) range. The other (a small startup) doesn't support all of the devices you list.
If your building wiring is RS485, you're unlikely to be allowed to interface over that. Ethernet to the access control software is your best bet.
Ethernet-connected devices have traditionally been uncommon as the configuration is tricky; your typical alarm installer doesn't know about IP addresses, subnets, switches and whatnot.
I suppose the way to go will be DPWS; as Windows provides built-in support for this now, you can expect hardware vendors to jump on the bandwagon.
I ended up finding some good hardware by eData that was run off of embedded Linux with ssh, SOAP, REST, and Web GUI access. Unfortunately the integrator bid way too high and wouldn't commit to working in our time frame, so we ended up with the crappy Kantech stuff. Yay serial cables. :-(