Thursday, 30 January 2014

Add loop multiple HTML5 videos using javascript

 In Head tag:
      <script type="text/javascript">
            $(document).ready(function () {
                $("#divVideo").mouseover(function () {
                    $("#divmarquee").css("bottom", "47px");
                });
                $("#divVideo").mouseout(function () {
                    $("#divmarquee").css("bottom", "21px");
                });
            });   
        </script>

   In Body Tag:
   <div id="divVideo" style="width: 30%;">
        <video id="video" width="100%" controls>
        <source id="sovideo" src="ModelVideo/1/video1.mp4" />       
        </video>
        <div id="divmarquee" style="width: 100%; 
bottom: 47px; position: relative;">
            <marquee behavior="scroll" direction="left" 
onmouseover="this.stop();" onmouseout="this.start();"
                scrolldelay="250" scrollamount="5">
<span style="color:White;text-align: center;">Go on... hover over me!
</span></marquee>

        </div>
    </div>

Script to logout and redirect to login page if user is idle for 5minutes.



Keep this script code inside scripting tags.


var CurrentTime = 0; var TimeOut_Time = 300; var refreshIntervalId = setInterval(function () { CurrentTime = CurrentTime + 1; if (CurrentTime == TimeOut_Time) { location.href = '@Url.Content("~/Admin/Logout")'; clearInterval(refreshIntervalId); } }, 1000); $(document).mousemove(function (event) { CurrentTime = 0; }); $(document).keydown(function (event) { CurrentTime = 0; });

Coupling and Cohesion



COUPLING
An indication of the strength of interconnections between program units.
Highly coupled have program units dependent on each other. Loosely coupled are made up of units that are independent or almost independent.
Modules are independent if they can function completely without the presence of the other. Obviously, can't have modules completely independent of each other. Must interact so that can produce desired outputs. The more connections between modules, the more dependent they are in the sense that more info about one modules is required to understand the other module.
Three factors: number of interfaces, complexity of interfaces, type of info flow along interfaces.
Want to minimize number of interfaces between modules, minimize the complexity of each interface, and control the type of info flow. An interface of a module is used to pass information to and from other modules.
In general, modules tightly coupled if they use shared variables or if they exchange control info.
Loose coupling if info held within a unit and interface with other units via parameter lists. Tight coupling if shared global data.
If need only one field of a record, don't pass entire record. Keep interface as simple and small as possible.
Two types of info flow: data or control.
Passing or receiving back control info means that the action of the module will depend on this control info, which makes it difficult to understand the module.
Interfaces with only data communication result in lowest degree of coupling, followed by interfaces that only transfer control data. Highest if data is hybrid.
Ranked highest to lowest:
Content coupling: if one directly references the contents of the other.
When one module modifies local data values or instructions in another module. (can happen in assembly language)
if one refers to local data in another module.
if one branches into a local label of another.
Common coupling: access to global data.
modules bound together by global data structures.
Control coupling: passing control flags (as parameters or globals) so that one module controls the sequence of processing steps in another module.
Stamp coupling: similar to common coupling except that global variables are shared selectively among routines that require the data. E.g., packages in Ada. More desirable than common coupling because fewer modules will have to be modified if a shared data structure is modified. Pass entire data structure but need only parts of it.
Data coupling: use of parameter lists to pass data items between routines.


COHESION


Measure of how well module fits together.
A component should implement a single logical function or single logical entity. All the parts should contribute to the implementation.
Many levels of cohesion:
Coincidental cohesion: the parts of a component are not related but simply bundled into a single component. harder to understand and not reusable.
Logical association: similar functions such as input, error handling, etc. put together. Functions fall in same logical class. May pass a flag to determine which ones executed. interface difficult to understand. Code for more than one function may be intertwined, leading to severe maintenance problems. Difficult to reuse
Temporal cohesion: all of statements activated at a single time, such as start up or shut down, are brought together. Initialization, clean up.
Functions weakly related to one another, but more strongly related to functions in other modules so may need to change lots of modules when do maintenance.
Procedural cohesion: a single control sequence, e.g., a loop or sequence of decision statements. Often cuts across functional lines. May contain only part of a complete function or parts of several functions.
Functions still weakly connected, and again unlikely to be reusable in another product.
Communicational cohesion: operate on same input data or produce same output data. May be performing more than one function. Generally acceptable if alternate structures with higher cohesion cannot be easily identified.
still problems with reusability.
Sequential cohesion: output from one part serves as input for another part. May contain several functions or parts of different functions.
Informational cohesion: performs a number of functions, each with its own entry point, with independent code for each function, all performed on same data structure. Different than logical cohesion because functions not intertwined.
Functional cohesion: each part necessary for execution of a single function. e.g., compute square root or sort the array.
Usually reusable in other contexts. Maintenance easier.
Type cohesion: modules that support a data abstraction. Not strictly a linear scale. Functional much stronger than rest while first two much weaker than others.
Often many levels may be applicable when considering two elements of a module. Cohesion of module considered as highest level of cohesion that is applicable to all elements in the module.

Chetu Interview Question WCF



What is WCF?
Windows Communication Foundation (WCF) is an SDK for developing and deploying services on Windows. WCF provides a runtime environment for services, enabling you to expose CLR types as services, and to consume other services as CLR types.

WCF is part of .NET 3.0 and requires .NET 2.0, so it can only run on systems that support it. WCF is Microsoft’s unified programming model for building service-oriented applications with managed code. It extends the .NET Framework to enable developers to build secure and reliable transacted Web services that integrate across platforms and interoperate with existing investments.

Windows Communication Foundation combines and extends the capabilities of existing Microsoft distributed systems technologies, including Enterprise Services, System.Messaging, Microsoft .NET Remoting, ASMX, and WSE to deliver a unified development experience across multiple axes, including distance (cross-process, cross-machine, cross-subnet, cross-intranet, cross-Internet), topologies (farms, fire-walled, content-routed, dynamic), hosts (ASP.NET, EXE, Windows Presentation Foundation, Windows Forms, NT Service, COM+), protocols (TCP, HTTP, cross-process, custom), and security models (SAML, Kerberos, X509, username/password, custom).

What is service and client in perspective of data communication?
A service is a unit of functionality exposed to the world. The client of a service is merely the party consuming the service.

What is endpoint in WCF? or What is three major points in WCF?
Every service must have Address that defines where the service resides, Contract that defines what the service does and a Binding that defines how to communicate with the service.

In WCF the relationship between Address, Contract and Binding is called Endpoint. The Endpoint is the fusion of Address, Contract and Binding.

1. Address : Specifies the location of the service which will be like http://Myserver/MyService.Clients will use this location to communicate with our service.

2. Contract : Specifies the interface between client and the server.It’s a simple interface with some attribute.

3. Binding : Specifies how the two paries will communicate in term of transport and encoding and protocols.

What is binding and how many types of bindings are there in WCF?

A binding defines how an endpoint communicates to the world. A binding defines the transport (such as HTTP or TCP) and the encoding being used (such as text or binary).

A binding can contain binding elements that specify details like the security mechanisms used to secure messages, or the message pattern used by an endpoint.

WCF supports nine types of bindings.

1. Basic binding :
Offered by the BasicHttpBinding class, this is designed to expose a WCF service as a legacy ASMX web service, so that old clients can work with new services. When used by the client, this binding enables new WCF clients to work with old ASMX services.

2. TCP binding :

Offered by the NetTcpBinding class, this uses TCP for cross-machine communication on the intranet. It supports a variety of features, including reliability, transactions, and security, and is optimized for WCF-to-WCF communication. As a result, it requires both the client and the service to use WCF.

3. Peer network binding :
Offered by the NetPeerTcpBinding class, this uses peer networking as a transport. The peer network-enabled client and services all subscribe to the same grid and broadcast messages to it.

4. IPC binding :
Offered by the NetNamedPipeBinding class, this uses named pipes as a transport for same-machine communication. It is the most secure binding since it cannot accept calls from outside the machine and it supports a variety of features similar to the TCP binding.

5. Web Service (WS) binding :
Offered by the WSHttpBinding class, this uses HTTP or HTTPS for transport, and is designed to offer a variety of features such as reliability, transactions, and security over the Internet.

6. Federated WS binding :

Offered by the WSFederationHttpBinding class, this is a specialization of the WS binding, offering support for federated security.

7. Duplex WS binding :
Offered by the WSDualHttpBinding class, this is similar to the WS binding except it also supports bidirectional communication from the service to the client.

8. MSMQ binding :

Offered by the NetMsmqBinding class, this uses MSMQ for transport and is designed to offer support for disconnected queued calls.

9. MSMQ integration binding :

Offered by the MsmqIntegrationBinding class, this converts WCF messages to and from MSMQ messages, and is designed to interoperate with legacy MSMQ clients.

What is contracts in WCF?
In WCF, all services expose contracts. The contract is a platform-neutral and standard way of describing what the service does.

WCF defines four types of contracts.
1. Service contracts : Describe which operations the client can perform on the service.

2. Data contracts : Define which data types are passed to and from the service. WCF defines implicit contracts for built-in types such as int and string, but we can easily define explicit opt-in data contracts for custom types.

3. Fault contracts : Define which errors are raised by the service, and how the service handles and propagates errors to its clients.

4. Message contracts : Allow the service to interact directly with messages. Message contracts can be typed or untyped, and are useful in interoperability cases and when there is an existing message format we have to comply with.

What is address in WCF and how many types of transport schemas are there in WCF?
Address is a way of letting client know that where a service is located. In WCF, every service is associated with a unique address. This contains the location of the service and transport schemas. 

WCF supports following transport schemas
1. HTTP
2. TCP
3. Peer network
4. IPC (Inter-Process Communication over named pipes)
5. MSMQ

The sample address for above transport schema may look like

http://localhost:81
http://localhost:81/MyService
net.tcp://localhost:82/MyService
net.pipe://localhost/MyPipeService
net.msmq://localhost/private/MyMsMqService
net.msmq://localhost/MyMsMqService

What is the difference WCF and Web services?
1. Web services can only be invoked by HTTP. While Service or a WCF component can be invoked by any protocol and any transport type.

2. Second web services are not flexible. But Services are flexible. If you make a new version of the service then you need to just expose a new end point. So services are agile and which is a very practical approach looking at the current business trends.

How can we host a service on two different protocols on a single server?
Let’s first understand what this question actually means. Let’s say we have made a service and we want to host this service using HTTP as well as TCP.

You must be wondering why to ever host services on two different types of protocol. When we host a service it’s consumed by multiple types of client and it’s very much possible that they have there own protocol of communication. A good service has the capability to downgrade or upgrade its protocol according the client who is consuming him.

Let’s do a small sample in which we will host the ServiceGetCost on TCP and HTTP protocol.

Once we are done the server side coding its time to see make a client by which we can switch between the protocols and see the results. Below is the code snippet of the client side for multi-protocol hosting

How does WCF work?
Follows the ‘software as a service’ model, where all units of functionality are defined as services.

A WCF Service is a program that exposes a collection of Endpoints. Each Endpoint is a portal (connection) for communication with either clients (applications) or other services.

Enables greater design flexibility and extensibility of distributed systems architectures.

A WCF application is represented as a collection of services with multiple entry points for communications.

What are the main components of WCF?
1.Service: The working logic or offering, implemented using any .Net Language©.

2.Host:
 The environment where the service is parked. E.g. exe, process, windows service

3.Endpoints: The way a service is exposed to outside world.

Explain transactions in WCF.
Transactions in WCF allow several components to concurrently participate in an operation. Transactions are a group of operations that are atomic, consistent, isolated and durable. WCF has features that allow distributed transactions. Application config file can be used for setting transaction timeouts.

What are different isolation levels provided in WCF?
The different isolation levels:

1. READ UNCOMMITTED: – An uncommitted transaction can be read. This transaction can be rolled back later.

2. READ COMMITTED :-
 Will not read data of a transaction that has not been committed yet

3. REPEATABLE READ: – Locks placed on all data and another transaction cannot read.

4. SERIALIZABLE:- Does not allow other transactions to insert or update data until the transaction is complete.

How do I serialize entities using WCF?
LINQ to SQL supports serialization as XML via WCF by generating WCF serialization attributes and special serialization specific logic during code-generation. You can turn on this feature in the designer by setting serialization mode to ‘Unidirectional’. Note this is not a general solution for serialization as unidirectional mode may be insufficient for many use cases.

What is End point ?
Every service must have Address that defines where the service resides, Contract that defines what the service does and a Binding that defines how to communicate with the service. In WCF the relationship between Address, Contract and Binding is called Endpoint.

The Endpoint is the fusion of Address, Contract and Binding.

Saturday, 4 January 2014

PCI-DSS Programming Guidelines






Objective

The objective of this document is to define programming guidelines for implementing PCI DSS standards.

Overview

The Payment Card Industry (PCI) Data Security Standard (DSS) provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data.
Below is a high-level overview of the 12 PCI DSS requirements.


Build and Maintain a Secure Network
1.     Install and maintain a firewall configuration to protect cardholder data
2.     Do not use vendor supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3.     Protect stored cardholder data
4.     Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5.     Use and regularly update anti-virus software or programs.
6.     Develop and maintain secure systems and applications.
Implement Strong Access and Control Measures
7.     Restrict access to cardholder data by business need to know
8.     Assign a unique ID to each person with computer access
9.     Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10.  Track and monitor all access to network resources and cardholder data
11.  Regularly test security systems and processes
Maintain and Information Security Policy
12.  Maintain a policy that addresses information security for all personnel



PCI DSS Programing Guidelines

1.     Do not store sensitive authentication data after authorization (even if encrypted).
i)      Do not store the full contents of any track (from the magnetic stripe located on the back of a card, equivalent data contained on a chip, or elsewhere). This data is alternatively called full track, track, track 1, track 2, and magnetic-stripe data.
ii)     Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions.
iii)    Do not store the personal identification number (PIN) or the encrypted PIN block.



Data Element
Storage Permitted
Render Stored Account Data Unreadable?
Cardholder Data
Primary Account Number (PAN)
Yes
Yes
Cardholder Name
Yes
No
Service Code
Yes
No
Expiration Date
Yes
No
Sensitive Authentication Data
Full Magnetic Stripe Data 2
No
Cannot store
CAV2/CVC2/CVV2/CID
No
Cannot store 
PIN/PIN Block
No
Cannot store 


2.     Mask PAN when displayed anywhere including portable digital media, backup files and in logs. (The first six and last four digits are the maximum number of digits to be displayed).

3.     Use strong cryptography and security protocols (for example, SSL/TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks.

4.     Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.).

5.     Remove any custom application accounts, user IDs, and passwords before applications become active or are released to customers.

6.     Implement Role based security levels for user IDs and confirm that access rights for privileged user IDs are restricted to least privileges necessary to perform job responsibilities.

7.     Set passwords for first-time use and resets to a unique value for each user and change immediately after the first use.

8.     Immediately revoke access for any terminated users.

9.     Remove/disable inactive user accounts at least every 90 days.

10.  Change user passwords at least every 90 days.

11.  Require a minimum password length of at least seven characters.

12.  Use passwords containing both numeric and alphabetic characters.

13.  Do not allow an individual to submit a new password that is the same as any of the last four passwords he or she has used.

14.  Limit repeated access attempts by locking out the user ID after not more than six attempts.

15.  If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session.

16.  Authenticate all access to any database containing cardholder data. This includes access by applications, administrators, and all other users.

17.  Restrict user direct access or queries to databases to database administrators.

18.  Logging requirements:
i)      All logs must be stored in database and flat file.
ii)     Data to store in log file:
·         User identification (Username and User IP Address)
·         Type of event
·         Date and time
·         Success or failure indication
·         Origination of event (URL, Server IP Address, Server Name, Request Method [get, head, post, etc.])
iii)    All state changing actions must be logged. Examples of state changing actions are transaction creation, data modification, etc.
iv)    All changes to user account access must be logged.
v)     All log in's, log outs, log in attempts must be logged.