csom – SharePoint High Trust some users getting 401

Hi I’ve created a High Trust application, but some users seem to be getting the 401 from time to time.
I’ve got a hunch that it’s down to them not logging off and something not 100% accurate with their AD account. Basically maybe something with the claims in their profile and that’s causing an issue. Would this ring true to anyone.

We do tell users to log off each night and power down their machines – but not too sure if they are.

Anyone had any experience in this field?

Authenticate users (REST-API)

What I’m trying to build

  • REST-API using Express and SQLite
  • 5 to 10 authors should be able to post articles to /articles
  • except them, no one is allowed to post anything

My approach to build it

  • authors are stored in the database
  • password matched with regex and hashed with salt
  • provide a login route for authors to login
  • after login, a JWT is sent to the author

I have built APIs like that a couple of times for school, but never in production.

I am really worried if this approach may isn’t safe. I thought about using Auth0 or some other IdaaS-providers, but I’d rather do it by myself, especially because I am not sure if I the free plans of these providers cover all features I need.

To conclude, what are the security risks of builing the authentication by yourself? Can I make my approach more secure? Are there better "workflows" to implement a form of authentication for my problem?

Deprive all users permission from SharePoint site except specific user by Power Automate

I’m using Modern experience in SharePoint Online.

I want to deprive all users permission from SharePoint site except for a specific user by PowerAutomate.

I know this is possible by PowerShell.

But I want to do it regularly, so I want to do it with Power Automate. Is it possible?

I would appreciate it if you could teach me how to do it. Thank you for any information.

Can I restrict user’s access on a certain IP?

Like in a certain way in MySQL.

CREATE 'dbuser'@'10.1.0.1' identitifed by 'password';

GRANT USAGE on *.* to 'dbuser'@'10.1.0.1';

We are not using any mongodb tools except for Robo

logic – Visualize Users Group Selection and Intersection

Your statements are complex because they contain a lot of information

Yes, natural language makes it easier to read, but it does not help with processing the 5 elements (desktop, mobile,…) and relations in one sentence. It is up to you to restrict the user to a more simple version of this, so it will be easier to comprehend. Look at email filters, for example (see image below).

Some relations cannot be expressed in natural language

For example, it is not clear to me if your statement includes Desktop users per-se or both desktop and mobile users have to belong to a group.

Desktop AND (Mobile users who belong to ...) or
Desktop AND Mobile who belong to ...

email-filter

applications – Is it possible to get the list of contacts for a user’s gmail conversation?

I want to get a user’s email contact in my app, I can get the users contact list by reading contacts and get the emails if there is any email associated with any contact number(but the problem is it is very rare that people save email along with phone number) , so I wanted to have the gmail contacts of a user with whom the user has contacted or mailed/replied, is it possible to do that or any relevant api/ tutorial.
Any resource or guidance is very much appreciated!

¿Which Mac Book/Mac Book Pro is LAST models users can change battery, memory, and hard drive?

¿Which Mac Book/Mac Book Pro is LAST models users can easy change/replace/upgrade battery, memory, and hard drive? Now (year 2021) no Mac Book/Mac Book Pro allow user easy upgrade. Easy upgrade means Apple allow user upgrade, no lose warranty.

plugins – How can I programattically add users dropdown list in Woocommerce Subscription add / edit page

Hope you are doing well.

Well I am using WordPresss’ Woocommerce plugin and using its paid plugin called as Woocommerce Subscriptions and its working fine as per my requirements.

Now I have a custom requirement. I want to add new dropdown which will have user’s list whenever I go to Subscription add/edit pages.

Hence I have installed ACF (Advanced Custom Fields) plugin and there I can get an option to create and show your custom fields based on post type and its working fine for me.

But I want to show programatically without using ACF plugin something like this https://stackoverflow.com/a/37150732/6829420 , Here they are showing custom fields in user edit profile page only. I want to achieve something like this.

I have researched further and I am trying to find if there is any hook available inside Woocommerce subscriptions plugin or anything else.

Can someone guide me please how can I achieve the same from here on programatically ?

Any suggestion or guidance will be really helpful.

Thanks

security – Do Discord mod (moderator) and other users have access to our IP address?

We can use Discord on the smartphone and as a web app, but let’s focus on web app since this is a web app forum.

I ran into a mod and another user that seemed to support him that would accuse users, and become rude, argumentative, and defensive. If I swallow it, it might be ok, but if I state that I didn’t do what they accuse me of and talk back, can they revenge by using by IP? Does the mod (moderator) or other users have some way to tell my IP and launch some attacks if they want to?

security – How can users verify a game distributed peer-to-peer has not been modified maliciously?

I’m interested in p2p software distribution, and I’m also directly including a modding interface into my game, which is built on my own custom engine.

I was working with a folder inside of the Roaming folder to store the data (resource, saves… etc), and I quickly figured out a malicious programmer could easily modify my program and make or erase (at least) folders.

How would one prevent this kind of modification, without owning the whole distribution process?

Do you really have to trust the provider/source to trust the software? Or could you trust software on the client side using some hash or such?

The only solution I can think of would be having a website on which I put a hash of my game, and any user that gets an instance of my game can verify it was not modified by hashing it and comparing it with the one on my website. But it is definetely not user-friendly at all…