Support Forum

Ask questions and get help from MobileTogether experts.
MobileTogether Product Information
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
View
Go to last post Go to first unread
jwatt222  
#1 Posted : Sunday, September 16, 2018 11:12:10 AM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
I am trying to figure out how Verizon Wireess is able to download one of my apps and get an anonymous license where the only allowed permissions is set for the root (admin) and I am using the customized loggin that requires username and password.

More:
I have an app that I removed from google and apple and locked it down so that no one could access it. I originally built the app as stand alone so that it did not require internet. After dealing with a shit load of pirated websites stripping the code and giving it away for free and users buying and quickly refunding knowing that once they had it, they had it, I removed it from sale. At the time I was allowing anonymous login.

After removing the app from sale, I set all the permissions on the container to "no access" except for root. I have also done the same on the public folder. However, a verizon wireless ip address appeared on my server with an anonymous license and downloaded the app.

I am including snapshots to show the ip on the firewall, the ip on the server with anonymous license, the settings set to use customized login, the public folder all set to no access except root, the apps container set to no access except for root, and domain whitepages showing the ip as verizon wireless.

Would greatly appreciate if you can tell me how verizon is able to access this app.

Thanks,
File Attachment(s):
verizon wireless.zip (351kb) downloaded 9 time(s).
jwatt222  
#2 Posted : Wednesday, September 19, 2018 7:36:41 PM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
Is there anyone available to assist? I see that the files have been downloaded 5 times since the post 4 days ago, but no one has responded.

Also is there a need for questions on the forum to appear in search engine results or how can they be blocked?
AFC  
#3 Posted : Thursday, September 20, 2018 7:31:24 AM(UTC)
AFC

Rank: Administration

Groups: Registered, Administrators
Joined: 9/15/2014(UTC)
Posts: 57
Austria

Was thanked: 8 time(s) in 8 post(s)
Hello jwatt222!

User licenses are used already when a client connects to a server in case you are using licensing mode "Auto"(also see User Licenses).
This does not mean, that this client can start any solution from your server.

Why do you think something has been downloaded? Do you have corresponding log entries or can you reproduce this somehow?

By the way: "Use customized login and index page" only applies to the web client (also see Settings)
For the MobileTogether client and compiled apps, the container/workflow permissions are effective.

Best regards,
AFC
jwatt222  
#4 Posted : Thursday, September 20, 2018 8:20:35 AM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
I have read the references that you cited and was still left confused since as demonstrated in the screenshots I have done what reading the text would tell me to do. However, Just this week I had a customer who provided me with proof of purchase but could not download this exact same app. I changed the permissions to anonymous and allowed him to access and download the app. I then reset the permissions back to no access. If this blocked this customer from getting the app, why did it not block the user in which caused me to contact you?

If (For the MobileTogether client and compiled apps, the container/workflow permissions are effective.) I'm confused as to how a client can access the "APP" and be assigned an "anonymous license" where the permissions are set to "NO ACCESS" for everyone except the root. If the license assigned would have been root, I would think that somehow they got ahold of my password but this is not the case since the license assigned was not "root".

It happened again today but since I have already forwarded the screenshots that I did, I'm not sure that there is a need to do it again. Also If I could reproduce it, then I assume that I would know how they did it.

If you don't mind, please explain in detail why they got pass the "NO Access" permissions and showed up on the server with an "anonymous license". If what I have done already as demonstrated in the screenshots is not enough to stop it then I need to know what is.

AFC  
#5 Posted : Thursday, September 20, 2018 11:31:58 AM(UTC)
AFC

Rank: Administration

Groups: Registered, Administrators
Joined: 9/15/2014(UTC)
Posts: 57
Austria

Was thanked: 8 time(s) in 8 post(s)
Hello!

As written in the previous post, this user license entry only means that a "etaptacalcuator" AppStore App has connected to your server.
It does not mean that any solution has been started or anything has been downloaded.

You can also see this behavior when switching to licensing mode "Manual".
You will see all devices, which connect to your server, in the "User Licenses" tab, but no one can start anything unless you manually approve that device.

best regards,
AFC
jwatt222  
#6 Posted : Thursday, September 20, 2018 4:45:56 PM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
Thanks! Can you point me to where it tells me in the manual either designer or server how to install a database in admin on the server? I am on my third year now of using the system and have yet to figure out how to do this. I believe that if I could do this and figure out how to add permissions to the database along with username and password that I could take control of all of this. Seeing your My Collections app shows me that it can be done but does not help me to see how to set it up.

Unfortunately, I have spent $3000 on the server thus far which I have not made back. I cannot afford to pay another $150 an hour to have someone do it for me. With instructions or a video tutorial, I can do it myself.

I have subscribed to your YouTube channel and do not see a video on this which I believe is quite important.

Thanks,
bbv  
#7 Posted : Thursday, September 20, 2018 5:52:22 PM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 363

Was thanked: 59 time(s) in 59 post(s)
What exactly do you want to do? What do you mean to install a database in admin?

MyCollections has its own user management, not via MobileTogether Server means. It highly depends from your actual task whether you can simply rely on what MobileTogether Server provides or whether implement your own
jwatt222  
#8 Posted : Saturday, September 22, 2018 2:32:35 AM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
See this post: Sunday, August 28, 2016 10:46:02 PM

Currently I am using option 1. creating a user, setting password, and assigning permissions and roles and sending the username and password to the user for login.

I want to speed this up automating this process by using option 2. Have a database table (recommended) or XML file on server to save user names, passwords, and rights.

1. I want to install the database into the admin folder and set the permissions for access only by root.
2. When the user registers using a form on the app, I want the username and password written or saved into the database table for that specific app where the roles and permissions are already set.
3. When the user log in, I want to query the database to see if the user is registered.
4. I want to setup an http request to query the google developer console to check the status of the purchase id using google's developer api.
5. If the user is not registered deny access, If purchase id status is canceled or does not exist, then deny access. otherwise grant access to the app.

I want the database to have a table for each of five apps with the following fields for registration: email, username, password, confirm password, role, and status.

I can create the database with msaccess but have no idea how to install it on the server in admin.

The bottom line is that I need a way to register a user, have a way for the user to login but be able to verify that user before allowing that user access to the apps.
bbv  
#9 Posted : Saturday, September 22, 2018 1:57:41 PM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 363

Was thanked: 59 time(s) in 59 post(s)
Well - that is easy. There is a working folder on server where you can put your XML or database files. See documentation under "Server side working directory" https://manual.altova.co...r/mts_webui_settings.htm

You don't need to have the database under admin, as you say, because there is no direct access to your database from outside - only MobileTogether Server will have one.
jwatt222  
#10 Posted : Tuesday, September 25, 2018 10:42:17 AM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
Can you point me to a tutorial or video which shows how to setup the username and password registration and login from a mobile device using a database?
bbv  
#11 Posted : Tuesday, September 25, 2018 2:35:01 PM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 363

Was thanked: 59 time(s) in 59 post(s)
There is no such sample readily available, because there are different ways how to confirm user's email address. For example, MyCollections generates a number and sends this number to the user's email address.

Based on your email where you described what table and what fields it should have, I actually assumed you know for sure what to do?

In any case, if you are looking for similar functionality like in MyCollections, we will add a new sample together with the upcoming v5.0 due in November
jwatt222  
#12 Posted : Tuesday, September 25, 2018 8:48:20 PM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
I have indeed worked with databases on numerous occassions prior to using MobileTogether. I actually use databases in my apps which are stored in the server-side directory and loaded on the client device on first use. However, what I have done with these databases does not seem to be working for registering a user, logging them in or using api's to verify their account before giving them anonymous loggin and having them run emulators on my server. I have a serious need to take control of the users who have bad intentions and preventing them from getting access. In asking for help, I have no problem in telling you that I know what I want but having difficulty making it happen.

If you asked me to calculate the yield of a nuclear detonation and the rate of decay from the fallout or predict the downwind affects of a chemical or biological attack I can tell you quickly how to do it and how easy it is because it is that in which I am an expert. However, I would not assume that you would know this.

I have contacted Altova in Massachusettes who refers me to the support forum. I do not see where I can actually call anyone for technical support so I assume the only option is to contact you. I ca also see that there are over 700 people who have viewed this post so I am confident that if only 10 percent of them are experiencing the problems that I am having, that a demo video would be quite helpful.

I have reviewed your help videos which are all based on building the books example from a database which is already populated with data. Unfortunately this is not what I am trying to build and I can't seem to take from it what makes what I am trying to do work.

I am confident that an example to help control the access to the server is of the utmost importance.

Sincerely,

Thanks,
jwatt222  
#13 Posted : Thursday, September 27, 2018 9:13:31 AM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
I think I finally got this working. I haven't added the api to check the purchase id yet but everything else seems to be working fine. I am registering and writing to the database and can check the username to see if it has been used. I can check to see if the password and confirm password match. When logging in I can check to see if the username is valid and whether the password is valid.

It would be nice if I could send it to you to check to see if I did it the best possible way and to get your suggestions for necessary changes. Is there a way that I can send it to you without posting it here?

Thanks,
bbv  
#14 Posted : Thursday, September 27, 2018 10:33:56 AM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 363

Was thanked: 59 time(s) in 59 post(s)
As I said, we will definitely ship a ready to use sample with 5.0 We always love to help as much as we can

It will demonstrate Create New Account with and without email verification, Sign In, Log Out, Change Password, Forgot Password, Change credentials, reviewing users from the Admin side

I would suggest to wait for it, if possible, because it also relies on a new XPath function which we've introduced in 5.0 for encoding passwords.
jwatt222  
#15 Posted : Sunday, November 4, 2018 4:57:51 PM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
I had to update to cover APK 26 by November 1, 2018 per Google requirements so I went with my own version. It's working fine but I am anxious to see the new demo. Any idea on the release date of 5.0?

Thanks,
bbv  
#16 Posted : Sunday, November 4, 2018 6:01:25 PM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 363

Was thanked: 59 time(s) in 59 post(s)
within the next 1-2 weeks
thanks 1 user thanked bbv for this useful post.
jwatt222 on 11/4/2018(UTC)
jwatt222  
#17 Posted : Sunday, November 4, 2018 6:13:43 PM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
Thanks
jwatt222  
#18 Posted : Friday, November 23, 2018 12:56:36 PM(UTC)
jwatt222

Rank: Advanced Member

Groups: Registered
Joined: 5/23/2016(UTC)
Posts: 91
United States
Location: Virginia

Thanks: 14 times
Thanks for the User Management System! Users are now required to validate email address and Play Store Order ID before they can gain access to the Application. I can also deactivate them when necessay and block them out when necessary.

Much needed and Greatly Appreciated!
Users browsing this topic
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.