How does the following script manage to pull data from an external domain without requiring CORS headers?

Script in Question: http://samples.geekality.net/image-fetcher/

You can click "view source" at the bottom to pull up the exact PHP and Javascript being used.

I used part of this script to extract images on a site of mine from another on separate domains and servers. I had to go to the one being scraped and add a CORS header "Access-Control-Allow-Origin" to allow my specific domain to do the AJAX $ .post and actually receive data.

The script above does not require any site to have the CORS header for security. As far as I can tell I’m doing nothing different.

I have an HTML form then I’m grabbing the field data with jQuery and doing a $ .post where the action is a PHP file that uses DomDocument to grab the HTML. The PHP then sorts through the data and echoes a JSON object. Then the jQuery sorts it all out and displays it on the page. Same thing they’re doing.

I can’t see how they’re getting around the need for a "Access-Control-Allow-Origin" header on the site they’re grabbing images from?

Thanks for your time and energy in this!

How to manage in-game factions, alliances, federations, etc

So this question is code or engine agnostic but, I’m looking for ideas on how a game can keep track of a pre-determined number of factions or alliances. For example, say I made a space game that has 2 major and 3 minor federations of planets. A planet may join or leave a federation, but the federation itself may have an alliance or be at war with another (actually, to keep it simpler, I think all these changes will solely be reliant on the player’s actions).

However, I would also like to keep track of such diplomatic endeavours on the ‘individual’ level as well. Say the player has joined one federation that is at war with another. If the player should encounter another ship of the opposing federation, that ship becomes hostile. On the other side, two ships have an alliance, they might help one another.

What is the best way to keep track of all this?

One way I was thinking was creating a manager that holds all the Federation classes (which hold the status it holds with all other federations — say less than 0 and the federations are at war; more than x-amount, there’s an alliance). Meanwhile, each player/ship holds similar data in its class, along with its current alliance to whatever federation. Is my thinking logical in this or are there better ways of managing such things? Many thanks.

Software to manage AD&D characters [closed]

Is there some software out there (beside core rules) that does character management? Really what I am looking for is a way to fill out the sheet and remember the information so I can update it and print it out (and make a PDF copy) for the next session. Does this make any sense? Core rules has never really worked for me once you factor in the house rules and modifications.

How to manage page caching to serve different AdSense units for Mobile and Desktop

I’m trying to cache the pages of my website, which are responsive and show the same contents for Desktop and for Mobile, with the exception of the location of the AdSense units if the visit is from Desktop or from Mobile:

  • for Desktop, I place the first ad (a 728×90 banner) just under the page title
  • for Mobile, the first ad is a below-the-fold 300×250 unit

The rest of the HTML contents are identical, except the AdSense code for the first ad. So I cannot cache the pages and I must query the database with the consequent load increment.

I wondered if any of you had similar experiences. Would you place the same AdSense code (e.g. responsive units) for the first ad (for both Desktop and Mobile), just in the below-the-fold of the mobile pages?

How to manage players who stay in the gamemaster mindset when they are only player?

The situation takes place in an online Pathfinder 2 community. Here everybody have PCs and can play on any session with a level that more or less matches the level of one of his PCs. A handful of those persons are also GMs and organize the sessions (by vocal+a VTT). There are guidelines about many aspects of the games (like the amount of xp per session so that each encounter is worth a certain amount of xp depending on its difficulty).

The problem I encounter is that when I have the most ancient members of the community as players on my games they tend to behave like they were the gamemaster, and have expectations that the game is ran as they would run it, which can be more or less troublesome. For example:

  • They ask other player for checks

  • They correct me by quoting the rules of the book when I want to enforce rule of cool

  • They look at the monster’s stats to correct me on how they work in the middle of a fight

  • They are bad sports when I correct them about a rule they got wrong

  • They grumble about the amount of xp I give to them because they think the combat encounters are worth more

Outside of those games they are nice people, but the more I play with them as players the worse it gets. What can I do? I don’t have any issue with the other players on this community.

There are similarities with this question but as here I am in the GM position and it is an online roleplaying community I think it is worth a different question.

How do I manage combat situations without a physical map?

I am about to start running a new DnD campaign and for the first time in a long time I am running it at a table with pencil and paper, in recent years players have had there own laptops at the table, and I have run using roll20.

Prior to using online resources I ran my combat systems pretty free not worrying to much about movement speeds or displaying things out on a map but having now got used to players moving on the roll20 map I find that I missed an important aspect of combat.

The session this week is a one shot and in the medium term I have plans to order gridded paper and draw out my combat maps, and possibly look at getting some miniatures, what is the best way to manage tings like Player/NPC Monster positions without a physical gridded map or miniatures

How do very big companies manage passwords?

Third-party password managers such as 1password, etc. are very useful for people, businesses, etc. to store passwords, but obviously I bet Facebook, Google, Twitter and other super big tech companies don’t use such third-party services and have their own password managers for their most critical passwords.

How can a very big company manage some of the world’s most sensitive passwords? (example: Gmail team root access password!)

Even with the most advanced password manager, you still have the problem of the master password.

Should this be shared among a few trusted people? Or kept by only 1 or 2 people (then what happens in the case of an accident?)

Are big companies known to use implementations of Shamir’s Secret Sharing?

More generally, what are well known methods that very big companies use to manage their most sensitive passwords? (i.e. passwords that, if lost, could generate tens of billions of $ of loss)

Oauth2.0 | How to manage user session in Single Page application running in an iframe?

I’m new to security domain, and recently I have learned about Oauth2.0/OpenID connect and JWT tokens. I have an existing REST based web application where I need to implement security.

Server

Application A: Spring boot back-end application sever, with some RestEndpoints exposed connected with Mysql database.

Front End

Application B: Spring boot Web Applicaiton which have some JSP pages for login and some other template features(Also connected with same Mysql database used by back-end server).

Application C: Inside application B we have an Iframe in which Angular app is running, angular app calls the back-end server and show data.

Also in future we want to use SSO for our application as well.

Current Security

At the moment we don’t have any security on back-end server (i.e We can simply call RestEnd points without any authentication), Application B has basic login security implemented via spring security. User logins on application B and then he/she can use application C (Angular) as well. User session is managed at Application B, when session expires users forced to logout.

Oauth2 Authorization

What we are trying to acheive is make the server (Application A) as Oauth2Resource server and Oauth2Authorization server. Application B (JSP front end) remove database connection from it as well as the login controller, application B will call oauth2 server for authorizing user with "password" flow, when application B will receive access_token and refresh_token it will then somehow pass it to Iframe (angular app) to store these tokens inside cookie and on every subsequent request to server angular will add access token to it.

I’ve read articles about that Oauth2.0 have deprecated the use of "Implicit Flow", and they prefer to use the "Authorization Code Flow". I am having a very hard time to understand how this flow can be used for single page applications(SPA like angular). Also where to store the access_token and refresh_token if I use the implcit flow? I’m aware that storing both tokens in cookies is not a good practice.

Also how to manage user session now? what I have gathered so far is that, on requesting resource server with Bearer access token, when we get unauthorized response, we’ll then request for new access token with help of refresh token, but in case when refresh_token is also expired I will force user to login screen. Is this right approach?

Sorry for the long context, any help will be highly appreciated. Thanks

I manage to connect to Azure Analysis Services from SSMS, but not from SSIS

I’m new to the Microsoft Server Suite.

I’ve downloaded SSMS and connected to Azure Analysis Services from it. I’m able to query my data using mdx without any problems.

However, I actually intend to build an ETL pipeline with the AAS cube as one of the sources. So I installed SSIS and have been trying to connect it to the AAS cube.

I first add "Analysis Services Processing Task" to the package. The result looks ok (when I click on "Test connection" the result is positive). But when I click on "Add", it doesn’t detect any cubes (there are two on the AAS server specified):

enter image description here

I assumed it worked anyway, but I can’t query the cube no matter how I try to do that. I added "Execute SQL task", but when I run it, it gives me an error:

enter image description here

enter image description here

enter image description here

The error message is:

An OLE DB record is available. Source: "Microsoft OLE DB Driver for SQL Server" Hresult: 0x80004005 Description: "Login timeout expired". An OLE DB record is available. Source: "Microsoft OLE DB Driver for SQL Server" Hresult: 0x80004005 Description: "A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.". An OLE DB record is available. Source: "Microsoft OLE DB Driver for SQL Server" Hresult: 0x80004005 Description: "Named Pipes Provider: Could not open a connection to SQL Server [53]. ". Error: 0xC00291EC at Execute SQL Task, Execute SQL Task: Failed to acquire connection "asazure://northeurope.asazure.windows.net/xxxx". Connection may not be configured correctly or you may not have the right permissions on this connection. Task failed: Execute SQL Task Warning: 0x80019002 at Package: SSIS Warning Code DTS_W_MAXIMUMERRORCOUNTREACHED. The Execution method succeeded, but the number of errors raised (1) reached the maximum allowed (1); resulting in failure. This occurs when the number of errors reaches the number specified in MaximumErrorCount. Change the MaximumErrorCount or fix the errors. SSIS package "C:\Users176\source\repos\Integration Services Project1\Integration Services Project1\Package.dtsx" finished: Failure. The program ‘[18664] DtsDebugHost.exe: DTS’ has exited with code 0 (0x0).

Any ideas?

How to manage a mute PC?

I am GM in a custom universe I created (medieval fantastic), and a player asked me if he could create a mute character. I refused because I was afraid it would be too hard to manage, and not fun for him to play. Not to mention that the system I use is very basic and does not handle such a case, so I cannot rely on it.

By mute I mean a character who cannot make sounds with his mouth/throat. There is no universal sign language in this universe.

More specific concerns:

  • I am afraid the player will not play as much as before. He is a good player with good experience, but he sometimes thinks that RP restrictions forbid him from acting in some situations (if he is not the most skilled person in the group in a specific issue, he will not participate in it). How could I encourage roleplaying of the mute character (just like you would encourage a warrior to do things by putting battles in the story)?

  • As a GM, creating a place in the story for that kind of character seems almost impossible. He won’t be able to discuss his feelings or ideas with the other PCs and NPCs. As the stories I create are generally based on ethical discussions, information gathering from other characters, and are generally socially focused, I don’t know how to give the mute character his own piece of the cake. How can I give the player challenges and rewards while he is unable to do anything that involves discussion in a mostly social story?

  • A character who cannot express its ideas in the group is a sad character. What means do I have as a GM, and does he have as a PC, to communicate with the group in a easy and direct way, to make it immersive yet enjoyable?

  • Finally, if possible, I would like to know if you have any experience with this. I would like to let the player try, but I don’t want to ruin a whole campaign because of that decision.

EDIT : Regarding the answers

I accepted the answer because it displays the most practical advice, and experience, while covering all points of my question very carefully. The other answers here are still very good, and I suggest you look at all of them is you are in the same position as me.