Search Results

Search found 4151 results on 167 pages for 'mod auth'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 117/167 | < Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >

  • Approach for authentication and storing user details.

    - by cappuccino
    Hey folks, I am using the Zend Framework but my question is broadly about sessions / databases / auth (PHP MySQL). Currently this is my approach to authentication: 1) User signs in, the details are checked in database. - Standard stuff really. 2) If the details are correct only the user's unique ID is stored in the session and a security token (user unique ID + IP + Browser info + salt). The session in written to the filesystem. I've been reading around and many are saying that storing stuff in sessions is not a good idea, and that you should really only write a unique ID which refers back to the user's details and a security token to prevent session hijacking. So this is the approach i've taken, i use to write the user's details in session, but i've moved that out. Wanted to know your opinions on this. I'm keeping sessions in the filesystem since i don't run on multiple servers, and since i'm only writting a tiny tiny bit of data to sessions, i thought that performance would be greater keeping sessions in the filesystem to reduce load on the database. Once the session is written on authentication, it really is only read-only from then on. 3) The rest of the user's details (like subscription details, permissions, account info etc) are cached in the filesystem (this can always be easily moved to memory if i wanted even more performance). So rather than keeping the user's details in session, the user's details are cached in the file system. I'm using Zend_Cache and the unique cache id is something like md5(/cache/auth/2892), the number is the unique id of the user. I guess the benefit of this method is that once the user is logged in, there is essentially not database queries being run to get the user's details. Just wonder if this approach is better than keeping the whole lot in session... 4) As the user moves throughout the site the only thing that is checked is the ID in the session and the security token. So, overall the first question is 1) is the filesystem more efficient than a database for this purpose 2) have i taken enough security precautions 3) is separating user detail's from the session into a cached file a pointless task? Thanks.

    Read the article

  • Cannot get xmlhttprequest.responseText from JQuery

    - by Felix Guerrero
    Hi. I got this function function verify_at_bd(){ var u = "foo"; var p = "bar"; return $.post('auth.php', { name: u, password: p, mobile: '' }, function(result){ return result; },'json'); } If I do a console.log(verify_at_bd()) I'm getting an xmlhttprequest but cannot access to responseText property. I'm using header("Content-Type: application/json") into my PHP. I'm using firefox 3.6 on OS X.

    Read the article

  • protect_from_forgery & Unobtrusive Javascript

    - by Matt Grande
    Hi all, I have some javascript making an ajax call in my Rails site: $.ajax({type: "PUT", url: url, data: { dummy: data }, complete: function(data) {}}); When Rails gets it, it throws back an ActionController::InvalidAuthenticityToken Error. I'd like to keep the protect_from_forgery stuff in there, if possible... But I'm at a loss for how can I pass the auth token from a javascript file? Can anyone help me out?

    Read the article

  • Why second user login redirects me to /accounts/profile/ url?

    - by drupality
    I am using Django built in view for user login: url(r'^user/login/$', 'django.contrib.auth.views.login', {'template_name': 'users/templates/login.html'}, name='user-login'), After login when I goto user/login again I can login second time. I submit the form and getting: The current URL, accounts/profile/, didn't match any of these. I haven't declare this url in urls.py. What I am doing wrong? Why framework want to redirect to this url?

    Read the article

  • What could cause Django to start failing its own tests after an OS and Django reinstall?

    - by Macha
    I had to reinstall my OS, and so, I reinstalled django 1.1. Since reinstalling, when I run tests in my app, I get several failures from django.contrib.auth. Logs: http://dpaste.com/178153/ I asked on #django, and no one is too sure what the cause of the errors are. Some of my own code fails its tests, because it's not fully written yet, but that shouldn't cause django to fail it's core tests... I have included django.contrib.admin, which was mentioned as a possible cause.

    Read the article

  • What could cause Django to start failing it's own tests after an OS and Django reinstall?

    - by Macha
    I had to reinstall my OS, and so, I reinstalled django. Since reinstalling, when I run tests in my app, I get several failures from django.contrib.auth. Logs: http://dpaste.com/178153/ I asked on #django, and no one is too sure what the cause of the errors are. Some of my own code fails its tests, because it's not fully written yet, but that shouldn't cause django to fail it's core tests...

    Read the article

  • Need Opinions: Should an ASP.NET Application allow administrators to change MSSQL connection?

    - by Brent Pabst
    As the title suggests: What is your opinion on allowing administrators to update the SQL Connection string dynamically from the application versus just showing them the connection details in the application? Because the database connection is so important and on a heavily used system the abrupt change to the connection seems like it could cause problems. However I would think displaying the server and catalog and whether the connection is using SSPI or SQL Auth could be helpful for administrators who don't like playing with .NET config files. Thoughts?

    Read the article

  • CakePHP ACO based on each entry

    - by Randuin
    I'm trying to make a blogging system but obviously certain users in certain groups should only be able to edit/delete their own posts/comments. How would I go about doing this in CakePHP? I followed the manual's basic Acl guide to setup my current Auth system.

    Read the article

  • Should I use my models in a library?

    - by Piers
    I've got my auth library in codeigniter which accesses the database to check to see if the email/password combination is correct. If I'm sticking to the MVC practice, should I move the function that interacts with the database to my model, or is it best practice to leave it where it is so I can use it in the future? Doesn't make much difference to me, other than the fact I'd have to re-write the library and create the function in my model, but if that's the way it should be then so be it.

    Read the article

  • problem with twitter api friends_timeline

    - by siznax
    i can get my user_timeline fine: curl -u user:pwd http://www.twitter.com/statuses/user_timeline/user.json {blob of tweets} but when i try to get the friends_timeline, i get an auth error: curl -u user:pwd http://www.twitter.com/statuses/friends_timeline.json {"request":"\/statuses\/friends_timeline.json", "error":"Could not authenticate you."} do i just not understand the documentation? http://apiwiki.twitter.com/REST+API+Documentation#friendstimeline

    Read the article

  • Twitter API with urllib2 in python

    - by Dirk Nachbar
    I want to use the Twitter API in Python to lookup user ids from name using the lookup method. I have done similar requests simply using response = urllib2.urlopen('http://search.twitter.com...') but for this one I need authentication. I don't think I can do it through the Google python twitter API because it doesn't have the lookup method. Any ideas how can I can auth with urllib2??

    Read the article

  • Authorization error in facebook aplication

    - by bhaskaragr29
    require_login($required_permissions = 'email,photo_upload'); $auth= $facebook-do_get_session($_GET['auth_token']); $facebook-set_user($s['uid'], $s['session_key'], $s['expires'], $s['secret']) ? when ever i tries to login into my app it just refreshed and refresh with wih different auth_tokens. please help

    Read the article

  • get JSON object attribute name

    - by Laurent Luce
    I know that I can retrieve "session" by using item.fields.name but what if I don't know in advance that the attribute is called "name". How can I retrieve the list of the attributes names in fields first. [ { "pk": 2, "model": "auth.group", "fields": { "name": "session" } } ]

    Read the article

  • Digest authentication using LDAP only

    - by Elephant
    Is there a way to validate digest authentication using LDAP only? I.e. if I have the following request from a client (stealed from Wikipedia): GET /dir/index.html HTTP/1.0 Host: localhost Authorization: Digest username="Mufasa", realm="[email protected]", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" could I validate the user against LDAP, meaning if I don't now user password hence is not able to construct a digest hash to compare with the response?

    Read the article

  • Django context processor gets AnonymousUser

    - by myfreeweb
    instead of User. def myview(request): return render_to_response('tmpl.html', {'user': User.objects.get(id=1}) works fine and passes User to template. But def myview(request): return render_to_response('tmpl.html', {}, context_instance=RequestContext(request)) with a context processor def user(request): from django.contrib.auth.models import User return {'user': User.objects.get(id=1)} passes AnonymousUser, so I can't get the variables I need :( What's wrong?

    Read the article

  • create hgrc file for all paths on a machine

    - by noam
    I want to create a hgrc file to set the username and password for all paths on some machine, e.g no matter in which directory I am in, hg clone some_path will always work without prompting for a username and a password (this is for an auto-deploy script). I followed the instructions and created a file: /etc/mercurial/hgrc.d/deploy.rc it's contents: [auth] default.prefix= http://myrepo default.username = myuname default.password = pwd But when I do hg clone some_path I get abort: error: Connection refused. What Am i doing wrong?

    Read the article

  • Android String.equals doesn't work when I trying to match from httpresponse

    - by user469652
    RestClient.post("auth/login/", loginparam, new AsyncHttpResponseHandler() { @Override public void onSuccess(String s) { Toast.makeText(getApplicationContext(), String.valueOf(s.toLowerCase().equals("ok")), Toast.LENGTH_LONG).show(); if (s.equals("ok")) { startActivity(new Intent(getApplication(), HomeActivity.class)); } } }); This is the code I used for login in android app, In the Toast text, I can see the server did returned "ok", but s.equals always failed in my case, can someone explain that? Thank you.

    Read the article

  • How to protect an ASP Classic Page?

    - by SH
    How can I protect an ASP Classic page with either HTTP AUTH (you must provide a username and password to service) or a randomly generated access key that will be included as one of the parameters of the HTTP POST using the variable name access_key. Can anybody provide asp classic code in this regard? Quick help will be appreciated... PS: OrderGroove is a 3rd party service... neglect it.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >