摘要:
Systems and methods provide logic that validates a code generated by a user, and that executes a function of a programmatic interface after the user code is validated. In one implementation, a computer-implemented method performs a multifactor authentication of a user prior to executing a function of a programmatic interface. The method includes receiving, at a server, a user code through a programmatic interface. The server computes a server code in response to the user code, and compares the user code to the server code to determine that the user code corresponds to the server code. The server validates the user code and executes a function of the programmatic interface, after the user code is validated.
摘要:
Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.
摘要:
Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service) —in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
摘要:
A processor which cooperates with directory servers to handle requests for values of dynamic attributes which would otherwise present a real-time processing challenge to the directory server due to the server's dependence on the data normally being static in nature. Special schema syntax identifiers are used to identify dynamic attributes which then are not stored directly in the directory, but whose values are resolved at the time a read request is made for those attributes. This approach eliminates the need to store the dynamic information in the directory, and allows user-supplied modules to perform the resolution of the dynamic attributes in a real-time manner, including not only retrieving a value from a dynamic data source, but optionally performing calculations or manipulations on the data as well. One embodiment of the invention cooperates with Lightweight Directory Access Protocol (“LDAP”) directory servers.
摘要:
Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure.
摘要:
Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
摘要:
Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure.
摘要:
A method is presented for processing data in a multithreaded application to alleviate impaired or substandard performance conditions. Work items that are pending processing by the multithreaded application are placed into a data structure. The work items are processed by a plurality of threads within the multithreaded application in accordance with a first algorithm, e.g., first-in first-out (FIFO). A thread within the multithreaded application is configured apart from the plurality of threads such that it processes work items in accordance with a second algorithm that differs from the first algorithm, thereby avoiding the impairing condition. For example, the thread may process a pending work item only if it has a particular characteristic. The thread restricts its own processing of work items by intermittently evaluating workflow conditions for the plurality of threads; if the workflow conditions improve or are unimpaired, then the thread does not process any work items.
摘要:
Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.
摘要:
A directory server handles requests for values of dynamic attributes by providing at least one declaration for an attribute to be handled as a real-time attribute associated with but external to a directory structure; receiving a directory access protocol request for access to an attribute value from the associated directory structure; detecting requested access to an attribute declared as a real-time external attribute; resolving a real-time value by obtaining an attribute value from a real-time source external to the directory structure; converting the obtained attribute value from a real-time attribute to a static attribute, wherein the real-time attribute is incompatible with the directory access protocol, and wherein the static attribute is compatible with the directory access protocol; and returning to a requester the converted real-time attribute directly in the directory access protocol, wherein storing and updating of the converted real-time attribute value in the directory structure is eliminated or avoided.