Our Blog

Cooking with CAS

By Josh Tolley
March 10, 2020

Photo by Flickr user reidrac, licensed under CC BY-SA 2.0

One of our customers asked us to host a new suite of web-based applications for them and to protect them with a single sign-on (SSO) solution. Ok, easy enough; these applications were in fact designed with a particular SSO system in mind already, but our situation required a different one, and we eventually chose Apereo’s open source Central Authentication Server project, or CAS. I’d like to describe the conversion process we went through.

The ingredients

Our customer’s application suite included:

• The principal Java application using JAAS authentication
• Another Java application based on Spring Security
• A pair of PHP applications
• A few automated tasks that needed to authenticate.

The original SSO system sets a header on each request, identifying an authenticated user. This requires a gateway system to sanitize request headers to ensure malicious users cannot forge a header themselves. It also requires each application inspect request headers and respond appropriately.

CAS is a bit more complex: applications redirect unauthenticated requests to a CAS server, which authenticates the user through any of various configurable …

Symfony Quickstart

By Árpád Lajos
March 2, 2020

Photo by Arindam Mahanta

This article is written for anyone who has experience working with PHP and is starting to work with Symfony. We won’t assume any prior knowledge you might have with Symfony, so if getting started with this framework is a high priority, then this article is for you. I know that it can be difficult and you may be unsure where to look; I was in the same situation when I first worked with Symfony.

You might be pointed to consult the documentation, but even though the documentation is very detailed and nicely written, you might have a very urgent issue to solve, and thus not have time to read multiple articles about the framework before you start working. You might just need to quickly start, solve a few issues and worry about the details later.

How do I run this stuff?

If your project does not exist yet, you will need to set up Symfony, using the steps nicely outlined in Symfony’s setup guide.

Assuming that the project already exists and you need to quickly start working on it, you will need to run composer install in the root folder of the project to make sure that the dependencies are properly set. This could result in errors; for example, PHP might be not …

Bucardo 5.6.0 Released

By David Christensen
March 1, 2020

Bucardo 5.6.0 was released on February 28, 2020.

Bucardo is an asynchronous multi-master replication system for PostgreSQL. In addition to some bug fixes and minor compatibility tweaks for Pg 11 and 12, Bucardo 5.6.0 includes performance optimizations and an improved custom unique conflict handler.

Bucardo 5.6.0 is available for download here:

https://bucardo.org/downloads/Bucardo-5.6.0.tar.gz

Detached signature (signed with key ID DF9B65B8):

https://bucardo.org/downloads/Bucardo-5.6.0.tar.gz.asc

Detailed changes

• Minor PostgreSQL 11/12 tweaks in bucardo install

• Add config option log_timer_format to glog() to customize timestamp output

• Change handling of file-path config settings so that they are no longer lower-cased—the new log_timer_format config will also be case-preserved

• Fixed the relation parameter to the add customcode command to support schema-qualified relation names

• Optimized table lookup when validating syncs to a single query, rather than separate queries for each table. Also added checks to avoid purging “toast” tables and old delta tables

• Improve the unique conflict exception handler sample code and test

• Map timestamp from PostgreSQL to MongoDB datetime …

A Tool to Compare PostgreSQL Database Schema Versions

By Selvakumar Arumugam
February 11, 2020

Photo by @kelvyn on Unsplash

The End Point development team has completed a major application migration from one stack to another. Many years ago, the vendor maintaining the old stack abandoned support and development. This led to a stack evolution riddled with independent custom changes and new features in the following years.

The new application was developed by a consortium that created migration scripts to transfer data to a fresh stack resulting in a completely restructured database schema. While we could not directly use those consortium migration scripts to our client application, attempting to create migration scripts from scratch would be tedious due to the many labor-intensive and time-consuming tasks. We looked to reuse and customize the scripts in order to ensure an exact match of the customized changes to the client’s application.

Liquibase: A Schema Comparison Tool

After an arduous hunt for a suitable solution, we came across Liquibase, an open-source schema comparison tool that utilizes the diff command to assess missing, changed, and unexpected objects.

Installation and Usage

Let’s see how to use Liquibase and review the insights and results offered by the diff …

A primer on Java

By Árpád Lajos
February 10, 2020

What is Java and why is it interesting?

Java is a descendant of C++ and it is a C-based language. C was therefore the original language and it is probably not an overstatement to say that C is the most popular programming language in history. Most programmers speak at least C or one of its descendants. Let’s take a quick look at the most popular on the list of C-based languages:

• C
• C++
• C#
• Fantom
• Go
• Java
• JavaScript
• Objective C
• Perl
• PHP
• Swift

Java is a member of a large family of programming languages and as a result, if someone learns Java, then they will have an easier time learning one of its cousins. And at the same time, if someone already speaks a C-based language, then Java is not too difficult to learn. Also, if someone is already a programmer and does not speak a C-based language yet, then it is in his/​her interest in most cases to learn a C-based language and thus to have an understanding of the most popular language family.

Let’s see the list of popular languages according to Stackify:

End Point Security Tips: Securing your Infrastructure

By Charles Chang
February 5, 2020

Photo from comparitech.com

Implement Security Measures to Protect Your Organization & Employees

In this post, I’ll address what I believe are the three important initiatives every organization should implement to protect your organization and employees:

1. Train employees on security culture.
2. Implement the best technical tools to aid with organizational security.
3. Implement recovery tools in case you need to recover from a security breach.

Habits of a Security Culture

Train everyone in your organization on these fundamentals:

1. The only time you should be requested to reset your password by email is when you initiate it. There are rare exceptions to this rule, such as when accounts are compromised and providers request all users reset their passwords, but those events should be publicly announced. Staff can confirm with security personnel before acting on such requests.
2. If you are asked to reset your password, it will typically be after you successfully logged into a website and the old one has expired.
3. If you receive an email and do not know the sender, do not trust the contents or open attachments. Get advice from security personnel if needed.
4. If you think the email is from …

Ecommerce sales tax primer

By Elizabeth Garrett Christensen
January 13, 2020

Co-authored by Greg Hanson

Source image

Tax collection is one of the topics du jour for those of us in the ecommerce industry. Since state and local authorities are now able to levy taxes on ecommerce goods, taxation for online stores has become quite complicated. The purpose of this post is to give you some next steps and ideas on implementation if you’re new to the topic and need to know how to get started on tax collection for your ecommerce business.

Current ecommerce sales tax policy stems from the 2018 U.S. Supreme Court decision South Dakota v. Wayfair, Inc. Since that decision, favoring South Dakota, 30 states have enacted legislation to require ecommerce stores to pay sales tax if they fit the definition of having an ‘economic nexus’, that is, they do enough business in the state to be worth taxing.

Talk to your Tax Accountant

So the first and most important note is to get your own legal counsel in regards to your taxes. There are many rules and things are changing every month with local and state authorities, so you’ll need reliable counsel on the topic.

If you’re looking for someone to help, make sure this person has:

1. Knowledge about product variants. For example, …

Decreasing your website load time

By Juan Pablo Ventoso
January 7, 2020

Photo by Johan Larsson, used under CC BY 2.0

We live in a competitive world, and the web is no different. Improving latency issues is crucial to any Search Engine Optimization (SEO) strategy, increasing the website’s ranking and organic traffic (visitors from search engines) as a result.

There are many factors that can lead to a faster response time, including optimization of your hosting plan, server proximity to your main traffic source, or utilization of a Content Distribution Network (CDN) if you are expecting visitors on an international level. Some of these solutions and many others can be implemented with only a couple hours of coding.

Inline styles and scripts for the topmost content

Nobody enjoys waiting for long load times. When opening a Google search link, being met with a blank page or a loading GIF for several seconds can seem agonizing. That’s why optimizing the initial rendering of your page is crucial.

The content that immediately appears to the user without the need to scroll down is referred to as “above-the-fold”. This is where your optimization efforts should be aimed. So here’s a plan to load and display as quickly as possible:

• First, differentiate the …