I need to send email notification to web site subscribers. All subscribers receive simply the same thing. I can create a for loop and send one email per user, which is not very efficient as the same thing is being copied from the app to email server every time. On the other hand, I can set multiple receivers in in the "to" field. This is not good as I don't want to expose the emails to all receivers. So, is there an option to send a single email to all users and hide the receivers from each other?
Sending each email individually may be inefficient, but it is not like you have to carry each email by hand to the mail server, so it should not be a problem. If you already have it working, I would suggest that you leave it as it is. Especially since this method has an advantage which I will show further down.
If you really feel like spending time to optimize things, you can place recipients of the message in the Bcc: field. This means that they will not see each others' address. (The mail server will make sure they don't.)
There are two problems with Bcc:
Most mail servers impose a limit on how many people you may Bcc:, and it is not like they advertise what this limit is, so you might end up having to discover it yourself with trial and error, possibly accidentally spamming some people in the process.
Most mail servers will still require you to put some recipient in the To: field, regardless of who you put in Bcc:, and then the problem is that people are going to be receiving emails addressed to some unknown-to-them address, like the "undisclosed-recipients" receiver of mailing lists of old. And anti-spam filters tend to dislike this kind of recipient.
Sending each email individually allows you to address each email to its proper intended recipient. Email nowadays is plagued by spam and spam filters, so it is best to not take chances with it.
Related
I use this sample: 16.proactive-messages - as the base for my bot and it works fine, but I'd like to extend it, so that it can send messages in a group chat without anyone interacting with it first (like sending a "Hello I'm up!" message at startup), because currently it can only respond if someone has mentioned the bot after it has initialized.
Perhaps there is a proper way to get the group chat(s) where the bot resides at the bot initialization?
I've answered before some tips on Proactive messaging, please see here for that.
To answer your question though, the bot can definitely start the engagement, either by replying to an existing message in a group chat or starting a completely new thread in the chat. However, it does require to have been installed initially, either by a user or programmatically (e.g. Graph API). That part only needs to be done once, then you can capture the conversation reference and use it again anytime thereafter. That is shown in the sample I link to in my other answer I referenced above.
It's not possible to send proactive message without prior interaction.
Sending a proactive message is different from sending a regular message. There's no active turnContext to use for a reply. You must create the conversation before sending the message.
Ref Doc: https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/conversations/send-proactive-messages?tabs=dotnet
I'm developing a simple Spring Boot RESTful API for poll management. In a few words, it's possible to create public polls and other "users" can vote for it.
Now I've to make sure that each client just votes once per poll. Because I want to prevent using common authentication mechanisms like HTTP Basic or JWT, I thought about authorizing by clients IP address. Means I store en entity like the following in database:
public class Vote {
private Long pollId;
private Long choiceId;
private String ipAddress;
...
}
Using something like such an approach, I prevent the need of authentication and account management.
Is this the right approach or are there better ones to ensure each client votes just once? Also how to deal with IP spoofing? Hope for any recommendations.
Is this the right approach or are there better ones to ensure each
client votes just once?
Not really. The idea that each computer has a unique IP address is only partially true.
In reality, people have more than one device (e.g. phone, computer at work, computer at home). And each device could be connected to a different network, with a unique IP in each one. Also, IP address change quite frequently. Disconnect your home modem/router for a couple of minutes and you're likely to get a new IP address when it reconnects. So one can change his home IP and vote again. Moreover, many (if not most) clients are behind NAT devices, which means that their IP is shared with many other users. Under the scheme you propose, once someone behind the same NAT as you votes, no one else can.
Lastly, users can easily use VPNs, TOR and various other techniques to basically vote as many times as they want.
Also how to deal with IP spoofing?
IP address spoofing is not trivial if one is using TCP. However, getting an actual IP address that's different from your current one is quite easy (VPNs, TOR, etc), and there's little you can do about it.
I am developing an application(Employee exit process from a company) where a employee requesting for exit and his request would be forwarded to his primary supervisor for approval(We have a table in database where we have respective details about candidates like
employee->primary supervisor->HR Manager. So the supervisor will get an email to approve or reject the request. so depending on the reply of that mail we have to forward the request to HR for further approval or to inform the employee through mail that his request is rejected(the condition is all this should be processed automattically)..
Is there any solution that you can suggest ???
As far as I understood the aim is to develop the described system and the question is about its general architecture.
I'll try to give a couple of tips, hopefully they would help.
The primary indicator of the primary supervisor response is its e-mail reply? If its so, I think its not a good approach.
I wouldn't reply on e-mails for managing a "protocol" which is, essentially a part of the business logic of your application.
Using e-mail is totally fine to "notify" the supervisor that the employee wants to quit.
Now, as for me, you should build a server based application what will run in some container (you mention java), so take a look on tomcat, jetty and so forth.
This application will have the following logic:
The employee that wishes to quit, opens the application and gets to the screen "Report my will to quit" (I omit credentials and everything for brevity) with a button "Report".
Now, when the employee hits the report button, the system should find out who is the direct supervisor of that employee, generate an e-mail to him/her and send.
Now, this mail is a notification it should contain the information like this:
- Employee "John Johnson" has reported that he wants to quit. Please check the now the link should come. The link leads to the aforementioned system (with parameters and everything). The Supervisor now gets to the special screen where he/she has an option to agree (a button) or to disagree (another button).
If the supervisor agrees, the system generated an e-mail to HR and to the employee.
General notes:
Pay attention, everything is done within the system, the e-mail is used only as a notification mechanism.
In addition to this fairly basic functionality the system should "memorize" the state of the whole process. The states should be like "employee X has asked to quit", "the supervisor agreed" and so forth.
The system is independent of the e-mails (If e-mails go offline or something your system will still work). Moreover sometimes the supervisor just wants to enter the system and see what happens there without even opening the e-mail. The same holds for HR.
Of course this explanation is fairly basic, but I guess you've got the idea.
Hope this helps
Could someone explain the Broker pattern to me in plain english? Possibly in terms of Java or a real life analogy.
Try to imagine that 10 people have messages they need to deliver. Another 10 people are expecting messages from the previous group. In an open environment, each person in the first group would have to deliver their message to the recipient manually, so each person has to visit at least one member of the second group. This is inefficient and chaotic.
In broker, there is a control class (in this case the postman) who receives all the messages from group one. The broker then organizes the messages based off destination and does any operations needed, before visiting each recipient once to deliver all messages for them. This is far more efficient.
In software design, this lets remote and heterogeneous classes communicate with each other easily. The control class has an interface which all incoming messages can interact with so a sorts of messages can be sent and interpreted correctly. Keep in mind this is not very scalable, so it loses effectiveness for larger systems.
Hope this helped!
I'm hoping not to re-invent the wheel -- I'm fairly new to Java, but I need a simple but robust algorithm/code/software to perform email verification for users of a web application (e.g. I only need help with step 4 below). That is, I need to verify the user logging in has access to the email address he/she provides during log in.
The steps I have in mind for the Java middle-tier would be:
Java POJO receives user's email and password from client.
The POJO talks to a database server to verify the email/password combo is valid.
If valid, the POJO sends an email to the email address, asking user to reply to email (or click on some provided link, etc.)
The POJO receives notification (how?) that the user has replied to email (or clicked on link, etc.).
The POJO informs the web-application of success (or failure) of authentication, thereby permitting or denying access to the application.
I can write everything except step 4. Essentially I need a way to send an email to a user and then receive some type of response indicating the user received the email.
Anyone know how this can be accomplished? If not, what do you recommend as the next best/simplest solution?
I'm not using a framework as my Java middle tier is very simple. I'd like to keep the solution lean (meaning, don't want to install/implement more than I need; Spring seems overkill). I read up Shiro, but didn't find any evidence it supports email authentication. Any advice is much appreciated to help me avoid writing unnecessary/unproven routines.
The easiest way is to have some code that connects to the mailbox of the destination address, using either POP3 or IMAP, and waits for new, incoming messages.
When you send the email, you can add a Message-ID header. When the user replies to the email, there will be a References that should have the Message-ID that the user is replying too.
When you can use this ID to correlate what they are responding to.
For safety, you may wish to embed the ID within the message itself (since most folks today don't edit replies), so you can look through the body of the message if for some reason the Reference header isn't supplied. There are other techniques that let you give each mail a customer Reply-To address, that's another way this can be done, but that requires some mail server support.
But, anyway, once you have the message structure figured out, you simply listen to the inbox of the address, and look for new messages. As they arrive, your strip the Message IDs, and flag them as appropriate in the DB, or whatever.
As for "waiting" for the message, you must appreciate that it can be a long wait. Rather than having a POJO waiting for it, rather have a simple process that pings the status. You can have a timer that fires every second, and then checks the database to see if it's been updated, etc. Obviously, this is something you want to be able to cancel.
For all of the mail needs, you can use JavaMail -- it does all this, and it pretty straightforward to use.
there are two controllers involved (two POJOs).
the first connection, for steps 1,2+3 talks to one object in the server. as part of (2) a unique code (the UUID mentioned in comments)is generated and saved to the database.
the second connection, when the user clicks on the link, goes to another controller (another POJO, which could be the same class, or could be a different class, depending on your implementation). that reads the UUID from the link, goes to the database, finds the email associated with the UUID, and marks the email as verified.
update i'm struggling to see what you are missing, but when the user clicks on a link in an email the operating system opens a web browser. the web browser makes a connection to the server. the server receives the HTTP GET request with the UUID in the URL and passes the UUID to the POJO.
some more terms: the process of handling the incoming request in the webserver is typically called "routing" and the general pattern used to structure the code that is called is "MVC". exact details will depend on the application framework you are using. for servlet-based java code there's a mapping from URLs to servlets (servlets are java code implementing a certain interface - a framework might provide the servlet which ultimately invokes what you are calling a POJO, or you might write the servlet yourself, in which case that would be your POJO, although in that case it's a misnomer since it implements a specific interface) in the web.xml file.
also, i guess, the web browser on the client uses TCP to make a connection across the network (almost always this is on top of a protocol called IP because you are using the internet). on top of this, the client "speaks" messages in HTTP. all these different layers are described in the "7 layer osi network model".
there's a huge amount of detail on so many levels. hope that gets you started.
see also http://www.quora.com/What-happens-when-you-type-a-URL-into-your-browser