how to include attributes in soap xml structure to create a client (Magento 1)

I am trying to create a client using the path "/ api / soap /? Wsdl"
I am sending this structure:

   

  
  
    
      125310091e72358b74d81ef6dasdasadf
      customer.create
      ababab001@a.com

      
        
            
                email
                my_email@hotmail.com
            
        
        
            email
            my_email@hotmail.com
        
      my_email@hotmail.com
      
      
        
          email
          my_email@hotmail.com
        
        my_email@hotmail.com
      
      
        
          email
          my_email@hotmail.com
        
        my_email@hotmail.com
      
      
        
          email
          my_email@hotmail.com
        
        my_email@hotmail.com
      
    
  

connections and everything is fine, however I am getting this answer:

Customer email required

I can't figure out how to send the client attributes (email, username, etc.), I am trying to use arguments, customerData etc., but you are not receiving the email, so what is the correct structure?
(I'm doing it this way, I don't want php methods please, I'm just asking for the correct xml structure to include the customer data in the xml)

Cisco vpn client: is it true that once we log in to VPN, it is as if we are in a remote location?

Let's say, if we are in San Francisco, and then once we log in to the San Jose company's VPN, will it be as if we are in San José? (Will all our network requests start to leave San José?)

So if we are in San Francisco, and we log into a VPN to Boston, and then we look at a web page with the server in Oregon, then the request will go from San Francisco to Boston by VPN, and then from Boston, send a request for back to Oregon?

swagger – $ ref using wrong path when generating client

My project (using node):

Openapi
- docs
  - openapi.yaml
  - paths
    - activity
      - activitys.yaml

I use $ ref inside activitys.yaml for the parameters and it looks like this:

parameters:
  - $ref: '../../openapi.yaml#/components/parameters/Fields'
  - $ref: '#/components/parameters/Limit'
  ...

Both references work with the openapi user interface but neither when generating a sdk / client.

in contrast, when generating, only the reference: ../openapi.yaml#/components/parameters/Fields It works, which is strange because it is the completely wrong way.

Any ideas why this is so / how to fix it?

c ++: unable to connect client to server using SFML

I have created a simple board game in C ++ SFML, but now, to learn about networks, I want it to be multiplayer, SFML has network methods, but for the life of me I can't understand them, all I know is that I have to declare a socket, and then connect it to an IP address and a port, and then declare in the other program an other socket and a listener, other than that I don't know what IP to use or how to get it, or if I just give an ip random, the same for the port.
I also tried from client to client but that didn't work either

sf::TcpSocket my_socket;
sf::Socket::Status status = my_socket.connect("192.168.0.5", 53000,sf::seconds(10));
if (status != sf::Socket::Done)
{
    std::cout<<"error";
}

Also here is the source code if you wanted it https://pastebin.com/uAvUE250

tls: client certificate and key storage on the client machine

Related to a question I posted here, but I thought it would make sense to ask it here too.

Basically I'm developing a web application that will display a dashboard with sensor data from an installation that uses MQTT. I implemented a certificate provisioning system that provides server and client (microcontroller) certificates within that facility. The broker I use is Mosquitto and in the config file I added an option to require clients to show a valid client certificate during TLS handshake. Storing the certificates and keys in the microcontroller or the installation in general is not a problem because I will have control over those devices to maintain and secure the system. However, for web clients it is not the same.

Ideally, there should be an option in the Mosquitto agent that would allow some clients not to be forced to provide a client certificate during the handshake, but a username and password. I have not found a way to do this.

My idea for the web application is to have two layers of security:

  1. Access to the web application by username and password

  2. Access to the Mosquitto agent once the user logs in through the client
    certificates

The client certificate and key would only be sent in two cases: first login and certificate renewal. Therefore, there is no way to request a certificate outside of those two cases.

If someone can get the username and password, they will still need a certificate to view the MQTT data. If a malicious user can steal a valid certificate and key, they will still need a valid username and password combination. Is it okay from a security point of view?

What is the correct way to store private keys to access some (your) system within a client machine over which you have no control?

Start web architecture design question. Two different roles (client = event creator) than the other (animator = event responder)

  • Thinking of having a database where the client can write an event
    to him on his authenticated page.

  • Then artists can see all events on their
    authenticated pages and add their name to "available artists"
    column in the database. From here, the customer can choose one that
    they want to come to your event and then the chef can see this on
    your side of the website.

Is this reliance on reading and writing to a database and using conditionals the best way to do it?

All opinions greatly appreciated.

spring boot: XContentBuilder error could not be closed when creating index through ES Rest High Level client

I am using Spring Boot to create an index through Elasticsearch High Level Rest Client.

Below is the code for it:

public Boolean createIndex() throws IOException {
        CreateIndexRequest request = new CreateIndexRequest("movie");
        request.settings(Settings.builder()
                .put("index.number_of_shards", 1)
                .put("index.number_of_replicas", 2)
        );
        request.mapping(
                "{n" +
                "  "properties": {n" +
                "    "message": {n" +
                "      "type": "text"n" +
                "    }n" +
                "  }n" +
                "}", 
                XContentType.JSON);
        CreateIndexResponse indexResponse = client.indices().create(request, RequestOptions.DEFAULT);
        System.out.println("response id: "+indexResponse.index());
        return indexResponse.isAcknowledged();
    }

But when I'm running it, I get an error like Error closing XContentBuilder . The full trace of the error stack is mentioned below:

    {
    "timestamp": "2020-04-01T04:42:43.518+0000",
    "status": 500,
    "error": "Internal Server Error",
    "message": "Found interface org.elasticsearch.common.bytes.BytesReference, but class was expected",
    "trace": "java.lang.IncompatibleClassChangeError: Found interface org.elasticsearch.common.bytes.BytesReference, but class was expectedrntat org.elasticsearch.client.indices.CreateIndexRequest.innerToXContent(CreateIndexRequest.java:354)rntat org.elasticsearch.client.indices.CreateIndexRequest.toXContent(CreateIndexRequest.java:343)rntat org.elasticsearch.common.xcontent.XContentHelper.toXContent(XContentHelper.java:367)rntat org.elasticsearch.client.RequestConverters.createEntity(RequestConverters.java:746)rntat org.elasticsearch.client.RequestConverters.createEntity(RequestConverters.java:741)rntat org.elasticsearch.client.IndicesRequestConverters.createIndex(IndicesRequestConverters.java:114)rntat org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1510)rntat org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1499)rntat org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1466)rntat org.elasticsearch.client.IndicesClient.create(IndicesClient.java:131)rntat com.example.topIMDBMovies.service.IndexService.createIndex(IndexService.java:44)rntat com.example.topIMDBMovies.controller.IndexController.createMovieIndex(IndexController.java:28)rntat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)rntat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)rntat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)rntat java.lang.reflect.Method.invoke(Method.java:498)rntat org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)rntat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)rntat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)rntat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:879)rntat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793)rntat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)rntat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)rntat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)rntat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)rntat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)rntat javax.servlet.http.HttpServlet.service(HttpServlet.java:634)rntat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)rntat javax.servlet.http.HttpServlet.service(HttpServlet.java:741)rntat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)rntat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)rntat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)rntat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)rntat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)rntat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)rntat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)rntat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)rntat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)rntat org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)rntat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)rntat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)rntat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)rntat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)rntat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)rntat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)rntat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)rntat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)rntat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)rntat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)rntat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)rntat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)rntat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)rntat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)rntat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)rntat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)rntat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)rntat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1594)rntat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)rntat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)rntat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)rntat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)rntat java.lang.Thread.run(Thread.java:745)rntSuppressed: java.lang.IllegalStateException: Failed to close the XContentBuilderrnttat org.elasticsearch.common.xcontent.XContentBuilder.close(XContentBuilder.java:1011)rnttat org.elasticsearch.common.xcontent.XContentHelper.toXContent(XContentHelper.java:362)rntt... 59 morerntCaused by: java.io.IOException: Unclosed object or array foundrnttat org.elasticsearch.common.xcontent.json.JsonXContentGenerator.close(JsonXContentGenerator.java:469)rnttat org.elasticsearch.common.xcontent.XContentBuilder.close(XContentBuilder.java:1009)rntt... 60 morern",
    "path": "/movieIndex"
}

I also tried to pass the mapping through HashMap, but the error remains the same.

Elasticsearch version used is 7.6.1.

tls: can MItM repeat client https requests?

Suppose the client already has an established http session and sends a single HTTP POST request containing the message & # 39;Toggle like in post X& # 39 ;. This request will be encrypted using symmetric session key at the TLS level and transferred using TCP. Meanwhile, MiTM captures the packets containing this request and sends them back to the server (preliminary edit of TCP / IP headers by setting the client IP, fixes the ACK and SYN fields to make it look like the same TCP connection to the server) , then, the server will think that the client sends a POST query again and to the actions described in it (it deletes as from the publication).

This attack will not work if the session key expired. But if it still wasn't, will this work? Should we avoid this at the application level (for example, adding action_number on request and reject actions that have less value than last_action_id on the server)?

Advanced REST client ignores a custom host header

I am testing my proxy which simply sends a client request to a proxy server and returns a response. The current implementation requires the client to send the fully prepared valid request to the proxy (the value of the Host header must match a DNS of the proxy server from the predefined source code).

Here is my custom request for the proxy representing a www.example.com:
enter the image description here

But the result request that ARC sends to localhost is:

GET / HTTP/1.1
Host: localhost:1234
connection: close

it is then sent to www.example.com but the Host header is invalid, so 404 is returned as a result.