Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Is there any API to integrate bank accounts into a .NET application? I am looking to provide the user an ability to pull bank statements into my software.
Please suggest.
You'll need to ask the bank that, which bank are you with? Most major providers allow some kind of programmatic access to their systems.
Failing that (and security aside) you could generate a HTTP Request/Response to the banks website and replying on being provided the correct credentials should be able to retreive any information available online (such as past statements) - bonus if they provide them in PDF format.
Not sure which country you are in but Egg Plc use an Active X control to open and read the balance of customers other bank accounts for them - obviously with their permission. It works pretty well.
I am pretty sure that there are some heavy limitations for this. Every bank may have another API, every bank may/will have a pretty good security context. But lets assume you do have access to an API of one (many) banks. So you do provide another UI for e.g. bank account information.
If I would use your program I would be very, very careful! I don't see your code, I do not know what you do with my user/account information - so I would not give you any account information!
What if you misuse my information and try to withdraw money (yea yea I know, in most cases there will be a seperate security layer preventing this TANs, PINs aso). In any way - A software using/providing net-banking functionality - which is not provided BY a bank / or authorized/officially checked by a bank - looks very suspicious to me!
I am sorry, but I would recommend not implementing any netbanking functionality using others account information.
There is not much that can be suggested there in terms of "use this and that". The problem is that each and every bank has its own system to do things and its own interfaces (if they even provide any). Banks are most often huge constructs that build on traditional old systems and are slow to adapt thus it is quite possible that they don't provide any interface for external programs at all (in addition to being traditional it is also about security measures).
That prelude said this means that you would need to decie which banks your customers most likely use and then talk with these banks if they provide any interface for external programs/providers to get the infos you want to provide to your customers. But be prepared for that the bank says that they only provide this service to other banks or even an outright no.
It is slightly different if we talk about internet constructs that are similar to banks like paypal,.... I say similar as they also have accounts and those can be filled and used, ... . These constructs OFTEN have some form of interface that can be used to use them BUT as far as I am aware even these don't provide a direct way for you to tell your customer what the current account status of theirs is. For this they have to go and log into their account THERE.
Thus all in all you will have to talk to the individual providers/banks but aside from them giving you informations on how to call their website so that the initial info for one transaction is filled in it is HIGHLY unlikely you will get any interface there (and for normal banks.....most probably no interface at all).
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I am trying to create a website that when a person registers with the site they have to have an access pin (or code) to complete creating the account. The person creating the account in a sense would be submitting an application to receive permission to view the data. I understand how to block anonymous users, but want a code generated that is sent to an employee which they would review the application to view the data and would determine whether to send the approval code. To add, I'm hoping to have the key as a rotating key which has to be provided by our company for people to create an account with us.
What I'm hoping to have once the account has been approved that the page is as follows:
Email Address
Password
Account Passcode (The part I'm wondering on how to tackle)
The email address and password I know they are built-in functions for these first two; however, looking at having a passcode to activate the account which has to be provided by the company after they have verified that the user falls within our guidelines for acceptable usage.
Edit: The data itself isn't confidential and just best practices and how to guides to using our medical products we support. The main focus is to keep patients from finding the information on the internet and performing self-treatment. No vital information, secrets, or confidential information is used.
To add, it would almost be like having an owner's manual for a vehicle that you only want a certified mechanic to use because you're afraid of the average joe misunderstanding the information, using something incorrectly, or ends up hurting themselves from improper use of the tools.
I believe the core of your problem is that you do not separate authentication from authorization.
I work in the health care industry as well. The way we secure data is the following:
Anyone can register on our application. Once they are registered however, they only have access to features and data that require no security.
Another application is only accessible by our staff. This application allows our staff to grant and revoke privileges for users.
We have a procedure for establishing which user account. This is authentication, and is up to you to figure out. Identity verification is a large and complex problem that is way outside the scope of StackOverflow.
Once we are confident that a user account really does belong to who they say they are, we grant privileges to the account.
From this point on, the user can access medical data and secure features.
Now if you want to persist in your PIN solution, you must keep the following in mind:
First, the security of your PIN is directly related to its length. The PIN is a so-called shared secret in IT security parlance. Currently, the acceptable length of shared secrets is 256 bits according to OWASP. I would actually recommend that you read a lot of OWASP as it will guide you in how to secure your application.
If after reading all this you still persist on using a PIN, I would recommend finding an entropy source to generate a GUID that your customers will trust.
EDIT: Ohh dear (god, gods, rocks, whatever you believe in), please do not use this method to secure confidential medical data.
The easiest way to create the rotating PIN like you describe would be to figure out the interval that you want it to rotate on (hours, days, weeks, etc), reduce the current date and time to that interval, then hash it down to a shorter, easier to enter number that you can give to users as needed. Whether or not this whole plan is a good idea or not, I'll leave up to you, but it isn't something I would recommend.
As a very simple example, this is a (very poor) method of generating a PIN for a particular date. Please do not use this method in your real program, it is for demonstration purposes only. I'm not responsible if you do use it, and get hacked.
static void Main(string[] args)
{
Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 26)));
Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 27)));
Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 28)));
Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 29)));
Console.ReadLine();
}
static string GetPinForDate(DateTime targetDate)
{
var days = Math.Floor((targetDate - new DateTime(2000, 1, 1)).TotalDays);
return (days.GetHashCode() << 8).ToString().Substring(6);
}
It produces the following output:
33760
68224
02688
37152
In your real program, you would collect the PIN from the user during registration and compare it to the pin generated by this function for the current date. If they match, allow the user to continue, if not, yell at them. You could have a small program that just displays the PIN for the current date using the same method running at your office, that you give out when someone calls and wants to create an account.
Just to explain, there are 2 main reasons I don't recommend this pattern.
The first is that it is just an odd authentication mechanism, it seems inconvenient for you, and is easily bypassed if someone figures out how to generate the PIN pattern.
In this particular example, the hashing is very weak, and untested. I came up with it in 30 seconds, and only tested it against 5 dates. There may be (and most likely are) cryptographic weaknesses in it that make guessing the PIN for a particular date fairly trivial.
I better method would be to use the existing authentication mechanisms in MVC. Add an Approved flag to your user accounts that is set to false by default. Let users create an account, and call you to request approval and activation, which is done on your end by modifying the flag through a web interface.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
So a friend of mine has a small business, where he sells paper products, as well as custom posters, banners, and the like. He doesn't have a website, so he's hired me to create one for him, where users can place orders, check the status of their order, etc.
Other than his requirements, I'm trying to come up with other common functionalities that I should include in the site; things like a company blog, an admin section containing a simple CMS and error tracking/logging, a contact form, etc. Just common things that would be useful for a business site that he (or even I) might not think of.
Even small ideas are welcome. Someone suggested a global announcement module that would display a message on every page, for announcements like "Site maintenance from 1:00 - 4:00 tomorrow", or something like that.
Any other suggestions?
For a small business site I wouldn't even think of building it myself. Instead, just get a CMS like DotNetuke, or Drupal. Basically pick your poison.
All of the major ones have a number of free (and for sale) modules you can just drop in. Little things like shopping carts, blogs, photo carousels, etc.
Also, I wouldn't consider setting up a blog on the site unless the owner is going to commit to actually posting stuff to it.
All of this has been built a million times over and doing a custom solution for your friend is just going to hamstring him and lock you into doing updates. Ultimately you can set up a site in an afternoon with a decent skin for under $200 using one of the CMS's above. This is going to be far less than the amount of time you spend coding it yourself... And, I can pretty much guarantee he would end up with far more functionality than you could conceivably provide in any feasible amount of time.
Now if you just want to build your own CMS then I'd suggest doing it for your own site instead of his. Friends don't let Friends code when it's not necessary.
You could work on some design related ideas like pricing tables for his products or the ability for clients to be able to publisise the work he sells by creating links to DIGG, TWTITTER, FACEBOOK, etc.
Consider:
http://uxmovement.com/
It's an excellent design oriented blog that concentrates a lot on website and UI design.
Good luck!
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am new to component building, and I have noticed that other components have a comment on top of their units like agreement, terms and condition etc. whether its free or commercial.
How important is to register(license) your own component and how/where? and when do you need to register it?
How about freeware? Must have a license too?
How do we know that they're using it?
I think it's a must to always have a license for anything that you distribute publicly. Even if it is freeware take up at least a license that ensures that you are never responsible for damages. There is a wide choice of suitable licenses you could use such as MPL/GPL and so on.
Even if you do not ask money for the use of your code, it is important to claim your copyright and to tell people what they can and cannot do when using your code. That is what a licensen does. Of course it doesn't guarantee that everybody will abide by your "license", but at least they can't claim ignorance or your failure to state what is allowed/acceptable. Some blog authors have phrases along these lines: "You can do use this code however you see fit, even without attribution, except you can't claim it as your own."
Edit:
And as Remko points out a disclaimer to avoid damage claims can be pretty important too.
The license is an agreement between you and your customers. It is not important if the library is commercial with $1M price or freeware. The person who has started to use it, got it from you (copyright owner). So, he/she is your customer. And, as a customer, he/she may expect something from you. To make these expectations meet your own requirements / thoughts, you have to have an agreement with your customer.
To simplify things, take some existing license text as a base for your own one. If in there you find something missing which is important to you, then just put that into the text. For example, you may give the full right to change the copyright text and redistribute the library as the customer wants it. Or you may prohibit that.
The library units are a part of your library. To make that clear for others, you may put a comment at the unit top. There you may say, "this unit is a part of the library Xxx. For more details check the license text". Or something like that.
While its not a requirement for you to add this information to the top of any unit you release, it is good manners. It easily tells anyone who might be interested in using your unit, any constraints on such usage (such as not using in commercial products, or a notification be placed in the about of the main product... or even who to send a beer or postcard too).
If you don't put a license on your code, nobody else can legally use it. Really.
If you write code, you automatically own the copyright on it (unless you explicitly release it into the public domain). That means that nobody else is legally allowed to copy it without your consent. One of the main functions of any license is to give that consent. Sometimes there are conditions on that consent, but every license includes language along the lines of "you're allowed to copy this code and compile it into your applications". Without that, anybody who uses your code is breaking the law.
Many people think that if you post your code online, you probably intended for it to be free to use. But legally, you could choose to prosecute them for using your code, even if you posted it publicly. I know of people who will not use software if it doesn't have a license, simply because they don't need the legal questions hanging over their head.
If you don't want to think too hard about which license to use, just use the MIT license. It basically says "use this however you want".
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm developing a price calculation engine. I've looked all over and there's nothing that really fits what we need. However, I'm now looking how to implement specific prices and/or discounts. I don't want to introduce a rule based engine to my end-users, because they won't get it.
For example, when you order an ItemX the price is $30. But in combination with ItemY the price of ItemX is $20. Or when ordering five of ItemX, each after it will be only $15.
Any ideas on where to start? How to take this on? Perhaps some (open source) example applications that contain practices like these? Any (technical) patterns I could use? Preferably in C#.
Thanks in advance!
There are many ways you can achieve this, but I think the one which might be most useful for you would be to define a DSL that you can use to express your discounts in such a way where they can be easily explained and rationalised with business users. An example from one of ayende's articles on DSLs in boo is:
apply_discount_of 5.percent:
when order.Total > 1000 and customer.IsPreferred
when order.Total > 10000
suggest_registered_to_preferred:
when order.Total > 100 and not customer.IsPreferred
As you can see you can see, this is the kind of thing you can print out and show to a client and they will immediately understand what's going on.
Of course developing something like this is time consuming, expensive and fraught with funky edge cases. However it has the benefit of being code which can be unit tested, executed and debugged.
If boo isn't your thing, then maybe you could look at defining something similar in ironruby, ironpython or F#. I would however suggest staying away from XML for defining these rules unless you really enjoy a world of pain.
This is however the kind of thing that products like Biztalk were designed to handle. Which rules engines have you evaluated and found lacking?
We use a Rule Engine for this type of complex calculation. Our platform is Java and we use Drools (which we're happy with). Drools is also available for .Net. Here's a list of open source Rules Engines for .NET.
I am sorry to have to say this, but this would seem like you would have to apply some Pricing Rule Engine to achive what you are after.
Would seem like you have to
Store the available items, and their
discounts on per pruchase.
Store which items in combination
would discount each other.
Also maybe thinking of per
unit/quantity purchased per unit, or
maybe per package/special.
Might want to look at keeping a
archive/storage of these
specials/packages, just incase the
customer wants a reprint of the
original invoice.
In general there is a lot of possible rules/combinations that can be thought of, and you as developer can implement these and hide them from the user, or allow the user to create them, but somebody has to do so.
And then, when you dont feel like implementing your own, GOOGLE shold provide some:
Open Source Rule Engines
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I have created an application which needs 'hand-over' to the support group in the next month.
The application is fairly small (2 months development), and consists of two client side applications and a database, it's written in c# for the windows platform.
I have a broad idea of what to include in a support document, but I haven't needed to make very many support documents so far in my career and I want a solid list of items to include.
I guess my goal is to make the lives of everyone in the support group easier and as stress free as possible.
So I guess my questions are:
What should a support document absolutely contain
What additional things have you put in support documents to make them extra useful.
What other activities can be done before hand-over to make all our lives easier?
Having been on both sides of this process professionally, I can say that the following should be mandatory:
the documentation of the code (javadoc, doxygen, etc)
details on build process
where to get current source
how to file bugs (they will happen)
route to provide patches either to the source or to customers
how it works (simple, but often overlooked)
user-customizable portions (eg there is a scripting component)
primary contacts for each component, aka escalation path
encouragement for feedback from Support as to what else they want to see
I'm sure lots of other things can be added, but these are the top priority in my mind.
Functional Specification (If you have one)
User Manual. Create one if you don't have
Technical Manual, Containing
Deployment Diagram
Softwares Used
Configuration and build details
Deatils of Server ip and admin / oracle / websphere passwords
Testing Document
Over view document giving out
Where all documents are kept
Version Control repository and its project/ user details
Application usernames / password
Any support SQL's/tools etc created by the development team, for analysis, loading data etc.
Include Screenshots of operations and output.
Prefer "online easily update-able" doc (wiki-like) instead of paper or pdf.
If online, make it searchable and cross-linked.
A usermanual is a neat thing (pictures, descriptions, aso.)
A rundown of the different features within the application
Thats what i'm thinking ontop of my head if this is "only" for support staff and not further development.