We're evaluating Zenoss and are interested in Device Access Control. We would like to set up the system so that our customers could access Zenoss and only see their devices and status. This feature apparently only exists in the enterprise version as can be seen here.
In the user configuration page there is a "Administered Objects" section but in the community version it has no practical effect, apparently. There is also a roles and permissions configuration page available at http://.../zport/manage_access but I haven't really figured out how to use it for this use case.
Can anyone give me some tips on how we could limit a certain user to certain devices or device groups? Would it require changing a lot of code in the Zenoss core? Can we do that with a ZenPack? Are there any examples on how to do this?
Thanks in advance!
I am working on this right now. Part of the issue is that there are a number of bugs around the Zenoss Administered Objects concept. I have posted some findings at the Zenoss forum at http://community.zenoss.org/message/59100#59100 . I have also opened a number of tickets with Zenoss (referenced in the previous url). If you can add extra supporting information to the tickets then it may get their priority raised. Meanwhile, I am working on my own code fixes / ZenPack workaround and almost have something ready for alpha testing if you are interested.
Cheers,
Jane
Related
I'm working on a software that deals with drones.
My team introduced a server to allow command and control activities with multiple drones.
Now, I'd like to test its API and create a python module for automated testing.
The API includes actions like add marker, delete marker and so on and so forth that you can do in the app.
I've been researching if there might be a tool to allow me to randomize these actions automatically to create scenarios that imitate user actions.
For example:
check the license, add mission, add a marker, fly to position and delete Marker.
Each of those actions is a request sent to the server within the app, but I've already recreated those activities as functions in python. The server actions have also been written in Python(server is tornado). Now I just need to find a way to randomize their activation(the data they send to the server is generated randomly and legally as well, and that's not a problem).
So before wasting a lot of my time creating these scenarios by hand, I'm sure someone already faced this kind of problem. I couldn't find it here though. Searched for hours but there are so many questions I might have missed something related to my issue.
I can build such a tool myself and even share a git to it here if it comes to that. Then it will be helpful to anyone encountering this question.
I thought it would be worth asking anyway.
Let me know if there are any other details you need to know to answer this question.
Thanks!
We are considering implementing a voting system (up, down votes) without using any type of credentials--no app accounts nor OpenID or anything of that sort.
Concerns in order:
Prevent robot votes
Allow individuals under a NAT to vote without overriding/invalidating someone else's vote
Preventing (or, at the very least making very difficult for) users to vote more than once
My questions:
If you've implemented something similar, any tips?
Any concerns that perhaps I'm overlooking?
Any tools that I should perhaps look into?
If you have any questions that would help for you in forming an answer to any of these questions, please ask in the comments!
To address your concerns:
1: a simple Captcha would probably do the trick, if you google "django captcha", there are a bunch of plugins. I've never used them myself, so I can't say which is the best.
2 & 3: Using Django's sessions addresses both of these problems - with it you could save a cookie on the user's browser to indicate that the person has already voted. This obviously allows people to vote via different browsers or by clearing their cache, so it depends on how important it is that people not be allowed to vote twice. I would imagine that only a small percentage of people would actually think to try clearing their cache, though. As far as I know the only other way to limit users without a sign-in process would be to test IP addresses, but that would violate your second criteria since people on the same network will show up as having the same IP address.
If you don't want multiple votes to be as simple as deleting browser cookies, you could also allow facebook or twitter login - the django-socialregistration plugin is pretty well documented and straightforward to implement.
Hope that helps!
Recaptcha is an excellent choice. For Django, here's the one that I've had the most success with, which actually uses images loaded from Recaptcha (as opposed to local images generated on the fly):
http://pypi.python.org/pypi/recaptcha-client#downloads
Instructions for installation are in this snippet:
http://djangosnippets.org/snippets/433/
If Recaptcha is a bit unwieldy for what you're doing, I've heard of people implementing a form that loads with a hidden input containing a timestamp value, corresponding to when the form was loaded. Then, when the form is submitted, generate a new timestamp and get the difference between the two. If the difference in seconds is below a certain threshold that's unreasonable for a human visitor, chances are you have a bot. This works for contact forms with several fields...it usually takes a person more than 10 seconds to fill them out.
I can't speak to how effective this technique actually is in production....a lot of these spam bots these days are smarter than I am. But it might be something you'd consider looking into or testing.
I am going to use Flask micro-framework (based on Werkzeug, and I'll be using Python 2.7 or 2.6) to make a games website.
I want to allow users to vote (simple 1-5 stars) on games, and also to track how many unique visits there have been to each game page - such that I can dynamically order links to the games based on their score/popularity.
Currently I plan on using the client's remote address (via this attribute: http://werkzeug.pocoo.org/documentation/dev/wrappers.html#werkzeug.BaseRequest.remote_addr) to test for uniqueness, by storing all the ip-addresses that have voted for/visited a game so they cannot vote again, and their visit only gets recorded once.
For the voting: it is important that users don't have to login.
Is this a good way to go about this, what are it's advantages/disadvantages?
Or can you think of a better solution? Are there ways built into the framework to handle these tasks you know of?
Thank you very much for your help, it is very much appreciated :-)
Jonathan
In my opinion using the IP address isn't the correct approach.
Many colleges, campuses, hotels, dorms, and offices use a single or small block IP range. This means that only a single person in one of those environments can vote. So if you have a dorm building with 3,000 kids in it who are all behind a single IP via NAT, only one lucky person gets to vote.
IP Addresses change. Any person that insists on voting more than once can usually power cycle their equipment or go into the management for their router and lease a different IP.
If not logging in is required, I would suggest cookies. Yes - cookies can be cleared, but there are other more permanent ways of storing a cookie if you absolutely must. However, in many cases, I would think a general cookie with an expiration date 10 years in the future works just fine.
Generate a GUID and put in evercookie
I'm building this app in Python with Django.
I would like to give parts of the site wiki like functionality,
but I don't know how to go on about reliability and security.
Make sure that good content is not ruined
Check for quality
Prevent spam from invading the site
The items requiring wiki like functionality are just a few: a couple of text fields.
Can anyone help on this one?
Would be very much appreciated. :)
You could try using Django Wikiapp, which gives you most of the features you want in a wiki, including history and the ability to revert to older versions of an article. I have personally used this app and it's pretty self-explanatory; they also have a bit of documentation at http://code.google.com/p/django-wikiapp/source/browse/trunk/docs.
In terms of spam protection you can to one of two things or both: password protect the pages that have to do with editing the wiki, and use Akismet to filter for spam. I'm working on something similar and this is probably what we'll end up doing.
Assuming that there will be a community of users you can provide good tools for them to spot problems and easily undo damage. The most important of these is to provide a Recent Changes page that summarizes recent edits. Then each page that can be edited should retain prior versions of the page that can be used to replace any damaging edit. This makes it easier to undo damage than it is to damage things.
Then think about how you are going to handle either locking resources or handling simultaneous edits.
If you can tie edits to users you can provide some administrative functions for undoing all edits by a particular user, and banning that user.
Checking for quality would be tied to the particular data that your application is using.
Make sure that good content is not ruined = version each edit and allow roll-backs.
Check for quality = get people to help with that
Prevent spam from invading the site = get people to help with that, require login, add a captcha if need be, use nofollow for all links
In Django, how can I see the number of current visitors? Or how do I determine the number of active sessions?
Is this a good method?
use django.contrib.sessions.models.Session, set the expiry time short. Every time when somebody does something on the site, update expiry time. Then count the number of sessions that are not expired.
You might want to look into something like django-tracking for this.
django-tracking is a simple attempt at
keeping track of visitors to
Django-powered Web sites. It also
offers basic blacklisting
capabilities.
Edit: As for your updated question... [Answer redacted after being corrected by muhuk]
Alternatively, I liked the response to this question: How do I find out total number of sessions created i.e. number of logged in users?
You might want to try that instead.
django-tracking2
can be helpful to track the visitors.
As specially this is easy to configure in the deployment like AWS, because it is not required any dependency and environment variables.
django-tracking2 tracks the length of time visitors and registered users spend on your site. Although this will work for websites, this is more applicable to web applications with registered users. This does not replace (nor intend) to replace client-side analytics which is great for understanding aggregate flow of page views.
There is also a little application django-visits to track visits https://bitbucket.org/jespino/django-visits
Edit: Added some more information about why I present this answer here. I found chartbeat when I tried to answer this same question for my django based site. I don't work for them.
Not specifically Django, but chartbeat.com is very interesting to add to a website as well.
django-tracking is great, +1 for that answer, etc.
Couple of things I could not do with django-tracking, that chartbeat helped with; tracked interactions with completely cached pages which never hit the django tracking code and pages not delivered through django (e.g. wordpress, etc.)