Search Results

Search found 2683 results on 108 pages for 'sign'.

Page 12/108 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >

  • Digitally sign MS Office (Word, Excel, etc..) and PDF files on the server

    - by Sébastien Nussbaumer
    I need to digitally sign MS Office and PDF files that are stored on a server. I really mean a digital signature that is integrated in the document, according to each specific file formats. This is the process I had in mind : Create a hash of the file's content Send the hash to a custom written java applet in the browser The user encrypts the hash with his/her private key (on an usb token via PKCS#11 for example), thus effectively signing the file. The applet then sends the signature to the server On the server I would then incorporate the signature in the file's (MS Office and PDF files can do that without changing the file's content, probably by just setting some metadata field) What is cool is that you never have to download and upload the complete file to the server again. What is even cooler, the customer doesn't need Office or PDF Writer to sign the files. Parts 2, 3 and 4 are OK for me, my company bought all the JAVA technology I need for that for a previous project I worked on. Problem : I can't seem to find any documentation/examples to do parts 1 and 5 for Office files . Are my google skills failing me this time ? Do you have any pointers to documentation or examples for doing that for MS Office files ? The underlying technology isn't that important to me : I can use Java, .Net, COM, any working technology is OK ! Note : I'm 95% sure I can nail points 1 and 5 for PDF files using iText Thanks ** Edit : If I can't do that with hashes and must download the complete file to the client, it's also possible. But then I still need the documentation to be able to sign Office file... in java this time (from an applet)

    Read the article

  • How to publish your key used to sign deb packages so you will be able to use your repository from any machine?

    - by Sorin Sbarnea
    I am looking for a solution that would prevent me from seeing things like: W: GPG error: http://updates.example.com lenny Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 00AABBCCDDEE0011 The question applies for both Debian and Ubuntu. Isn't possible to publish the key somewhere where it can be automatically downloaded by apt-get based on it's signature? Note: I know that I can put my signature to an we server and use wget to get it and install it from there, still I am using for a better solution.

    Read the article

  • Why is a # sign added to the end of URLS?

    - by Niro
    Note: I'm asking this from the perspective of the site developers (trying to help someone there). not as a user. Please don't forward this to superuser.com. It's a server admin question. Have a look here http://www.wanimo.com/fr/chiens/coussin-matelas-tapis-pour-chien-sc28/tapis-plat-urban-chic-sf7263/ you'll see that the page gets redirected to the same page with # at the end. Worse, when you click back you get garbage url. I'm trying to debug what is causing the redirect. Any advice on how to find it ?

    Read the article

  • Do you think asking to sign contributor license agreement for a open source project creates a resistance for contributors?

    - by Appu
    I am working on a open-source project which is backed by an organization. Organization pays a team to make this open-source project. This project will be licensed with GPLv3. We are debating on having a CLA for contributors. Do you think mandating a CLA will reduce the number of contributors? I have observed that people have no issues in signing a CLA when the project is really popular. So do you think CLA will create a resistance to contribute?

    Read the article

  • How to do a login page for third party service without letting them sign on?

    - by AAA
    We have a unique situation (at least for me, first time seeing this). We have a web form where accountants can fill in requests and that part is taken care of. But after their login we redirect them to a third-party website where we need more information from them. The process is crazy right now since we have to give our account login info to all people filing with us. So is there a way in PHP or any other solution where we can after that form on our website auto login with our information to that third party website in a way that our credentials are not visible to the users using the service?

    Read the article

  • How i can sign and/or group a specific set of vertices in a 3D file container like OBJ ? - in Blender

    - by user827992
    I would like to export a 3D model with each part having a name or a label if you will. For example i would like to export a model of an human body and name each part in specifics vertex groups like: left hand, right hand, right foot, head, ears, ... and you got the idea; so i can have a single 3D model that i can explode in various parts if needed. If there is a better technique about how to mark vertex groups in a 3D file please share your solution. As 3D editor i use Blender.

    Read the article

  • Is constantly looking for code examples a sign of a bad developer?

    - by Newly Insecure
    I am a CS student with several years of experience in C and C++, and for the last few years I've been constantly working with Java/Objective C doing app development and now I have switched to web development and am mainly focused on ruby on rails and I came to the realization that (as with app development , really) I reference other code way too much. I constantly Google functionality for lots of things I imagine I should be able to do from scratch and it's really cracked my confidence a bit. Basic fundamentals are not an issue, I hate to use this as an example but I can run through javabat in both java/python at a sprint - obviously not an accomplishment and but what I mean to say is I have a strong base for the fundamentals I think? I know what I need to use typically but reference syntax constantly. Would love some advice and input on this, as it has been holding me back pretty solidly in terms of looking for work in this field even though I'm finishing my degree. My main reason for asking is not really about employment, but more that I don't want to be the only guy at a hackathon not hammering out nonstop code and sitting there with 20 Google/github tabs open, and I have refrained from attending any due to a slight lack of confidence... Is a person a bad developer by constantly looking to code examples for moderate to complex tasks?

    Read the article

  • Is looking for code examples constantly a sign of a bad developer?

    - by Newly Insecure
    I am a comp sci student with several years of experience in C and C++, and for the last few years I've been constantly working with Java/Objective C doing app dev and now I have switched to web dev and am mainly focused on ruby on rails and I came to the realization that (as with app dev, really) I reference other code wayyyy too much. I constantly google functionality for lots of things I imagine I should be able to do from scratch and it's really cracked my confidence a bit. Basic fundamentals are not an issue, I hate to use this as an example but I can run through javabat in both java/python at a sprint - obviously not an accomplishment and but what I mean to say is I have a strong base for the fundamentals I think? I know what I need to use typically but reference syntax constantly. Would love some advice and input on this, as it has been holding me back pretty solidly in terms of looking for work in this field even though I'm finishing my degree. My main reason for asking is not really about employment, but more that I don't want to be the only guy at a hackathon not hammering out nonstop code and sitting there with 20 google/github tabs open, and I have refrained from attending any due to a slight lack of confidence... Is a person a bad developer by constantly looking to code examples for moderate to complex tasks?

    Read the article

  • Do you sign each of your source files with your name? [duplicate]

    - by regularfry
    Possible Duplicate: How do you keep track of the authors of code? One of my colleagues is in the habit of putting his name and email address in the head of each source file he works on, as author metadata. I am not; I prefer to rely on source control to tell me who I should be speaking to about a given set of functionality. Should I also be signing files I work on for any other reasons? Do you? If so, why? To be clear, this is in addition to whatever metadata for copyright and licensing information is included, and applies to both open sourced and proprietary code.

    Read the article

  • Digitally sign my email (in WLM) with my GnuPG key?

    - by Relequestual
    Hi all, If I understand PGP correctly, I can digitally sign my email with my private key, which will prove they are from me, right? I created my public and private key on my server, but I can't work out how to set up digital signing with Windows Live Mail. Just to be clear, I'm talking about my own domain email account and not a hotmail account. Any ideas? Thanks in advance.

    Read the article

  • Twitter URL encoding. Getting error when placing UK Currency sign in URL?

    - by bbacarat
    I'm attempting to setup a retweet button with some pre-written post text. However I need to place a pound sign in like so: £50k I've search the web and for the UK currency sign I've been told it is supposed to be replaced with the code: %a3 However when I attempt to click on the link I get the error message: "Invalid Unicode value in one or more parameters" This is the document declaration at the top of the html page I'm using: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    Read the article

  • How can I access the sign bit of a number in C++?

    - by Keand64
    I want to be able to access the sign bit of a number in C++. My current code looks something like this: int sign bit = number >> 31; That appears to work, giving me 0 for positive numbers and -1 for negative numbers. However, I don't see how I get -1 for negative numbers: if 12 is 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1100 then -12 is 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 0011 and shifting it 31 bits would make 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001 which is 1, not -1, so why do I get -1 when I shift it?

    Read the article

  • What is the code for a number sign in sharepoint?

    - by Robin
    I've created a link in Sharepoint using the Content Editor Web Part. My link uses html to open up an email with the fields to, cc, subject, and body filled out. However, in the cc section I need a number sign (#) for a mailbox. When I use the html code & #35;(minus the space) my entire code crumbles. Everything starting at the "&" disappears. However, just for kicks I tried & pound;(minus the space) and the code works for a european pound sign. Not sure what else to try. Any suggestions?

    Read the article

  • Failing rspec Rails Tutorial Chapter 9.3

    - by greyghost24
    I am failing 3 tests and I have found numerous examples on here and on on the internet in general but I can't seem to find where I'm going wrong. Thanks for any help. 1) User pages signup with valid information edit page Failure/Error: before { visit edit_user_path(user) } ActionView::Template::Error: undefined method `model_name' for NilClass:Class # ./app/views/users/edit.html.erb:6:in `_app_views_users_edit_html_erb___4113112884365867193_70232486166220' # ./spec/requests/user_pages_spec.rb:96:in `block (5 levels) in <top (required)>' 2) User pages signup with valid information edit page Failure/Error: before { visit edit_user_path(user) } ActionView::Template::Error: undefined method `model_name' for NilClass:Class # ./app/views/users/edit.html.erb:6:in `_app_views_users_edit_html_erb___4113112884365867193_70232486166220' # ./spec/requests/user_pages_spec.rb:96:in `block (5 levels) in <top (required)>' 3) User pages signup with valid information edit page Failure/Error: before { visit edit_user_path(user) } ActionView::Template::Error: undefined method `model_name' for NilClass:Class # ./app/views/users/edit.html.erb:6:in `_app_views_users_edit_html_erb___4113112884365867193_70232486166220' # ./spec/requests/user_pages_spec.rb:96:in `block (5 levels) in <top (required)>' Finished in 0.26515 seconds 3 examples, 3 failures Failed examples: rspec ./spec/requests/user_pages_spec.rb:100 # User pages signup with valid information edit page rspec ./spec/requests/user_pages_spec.rb:99 # User pages signup with valid information edit page rspec ./spec/requests/user_pages_spec.rb:101 # User pages signup with valid information edit page authentication_pages_spec.rb require 'spec_helper' describe "Authentication" do subject { page } describe "signin page" do before { visit signin_path } it { should have_selector('h1', text: 'Sign in') } it { should have_selector('title', text: 'Sign in') } end describe "signin" do before { visit signin_path } describe "with invalid information" do before { click_button "Sign in" } it { should have_selector('title', text: 'Sign in') } it { should have_selector('div.alert.alert-error', text: 'Invalid') } describe "after visiting another page" do before { click_link "Home" } it { should_not have_selector('div.alert.alert-error') } end end describe "with valid information" do let(:user) { FactoryGirl.create(:user) } before do fill_in "Email", with: user.email fill_in "Password", with: user.password click_button "Sign in" end it { should have_selector('title', text: user.name) } it { should have_link('Profile', href: user_path(user)) } it { should have_link('Sign out', href: signout_path) } it { should_not have_link('Sign in', href: signin_path) } describe "followed by signout" do before { click_link "Sign out" } it { should have_link('Sign in') } end end end end Here is the users_controller: class UsersController < ApplicationController def show @user = User.find(params[:id]) end def new @user = User.new end def create @user = User.new(params[:user]) if @user.save sign_in @user flash[:success] = "Welcome to the Sample App!" redirect_to @user else render 'new' end end end def edit @user = User.find(params[:id]) end edit.html.erb: <% provide(:title, "Edit user") %> <h1>Update your profile</h1> <div class="row"> <div class="span6 offset3"> <%= form_for(@user) do |f| %> <%= render 'shared/error_messages' %> <%= f.label :name %> <%= f.text_field :name %> <%= f.label :email %> <%= f.text_field :email %> <%= f.label :password %> <%= f.password_field :password %> <%= f.label :password_confirmation, "Confirm Password" %> <%= f.password_field :password_confirmation %> <%= f.submit "Save changes", class: "btn btn-large btn-primary" %> <% end %> <%= gravatar_for @user %> <a href="http://gravatar.com/emails">change</a> </div> here is the user_pages_spec: require 'spec_helper' describe "User pages" do subject { page } describe "profile page" do let(:user) { FactoryGirl.create(:user) } before { visit user_path(user) } it { should have_selector('h1', text: user.name) } it { should have_selector('title', text: user.name) } end describe "signup page" do before { visit signup_path } it { should have_selector('h1', text: 'Sign up') } it { should have_selector('title', text: full_title('Sign up')) } end describe "signup" do before { visit signup_path } describe "with invalid information" do it "should not create a user" do expect { click_button "Create my account" }.not_to change(User, :count) end describe "error messages" do before { click_button "Create my account" } it { should have_selector('title', text: 'Sign up') } it { should have_content('error') } end end describe "with valid information" do before do fill_in "Name", with: "Example User" fill_in "Email", with: "[email protected]" fill_in "Password", with: "foobar" fill_in "Confirmation", with: "foobar" end it "should create a user" do expect do click_button "Create my account" end.to change(User, :count).by(1) end describe "after saving the user" do before { click_button "Create my account" } let(:user) { User.find_by_email('[email protected]') } it { should have_selector('title', text: user.name) } it { should have_selector('div.alert.alert-success', text: 'Welcome') } it { should have_link('Sign out') } end end end describe "signup page" do before { visit signup_path } it { should have_selector('h1', text: 'Sign up') } it { should have_selector('title', text: full_title('Sign up')) } end describe "signup" do before { visit signup_path } let(:submit) { "Create my account" } describe "with invalid information" do it "should not create a user" do expect { click_button submit }.not_to change(User, :count) end end describe "with valid information" do before do fill_in "Name", with: "Example User" fill_in "Email", with: "[email protected]" fill_in "Password", with: "foobar" fill_in "Confirmation", with: "foobar" end it "should create a user" do expect { click_button submit }.to change(User, :count).by(1) end describe "edit" do let(:user) { FactoryGirl.create(:user) } before { visit edit_user_path(user) } describe "page" do it { should have_selector('h1', text: "Update your profile") } it { should have_selector('title', text: "Edit user") } it { should have_link('change', href: 'http://gravatar.com/emails') } end describe "with invalid information" do before { click_button "Save changes" } it { should have_content('error') } end end end end end edit: users_controllers.rb was formatted incorrectly. It should look like this: class UsersController < ApplicationController def show @user = User.find(params[:id]) end def new @user = User.new end def create @user = User.new(params[:user]) if @user.save sign_in @user flash[:success] = "Welcome to the Sample App!" redirect_to @user else render 'new' end end def edit @user = User.find(params[:id]) end end

    Read the article

  • How to sign an APK with more than one certificate?

    - by ddcruver
    How do I sign an APK with more than one certificate, so that I can do this when I publish to the Android Market: Version 1.0 = Signed with Certificate A Version 2.0 = Signed with Certificate A & B Version 3.0 = Signed with Certificate B The Android Market does give me some hope but I am not sure what to make of it, when I upload with a different sign certificate it gives me this message: "The apk must be signed with at least one certificate in common with the previous version." Motive: I have published an app on the market using the Android Signing Tool as part of MotoDev Studio for android. The problem is that it handles the keys itself and there is no way (documented) to get them. I want to change it to use a keystore and certificate that I have more control of and can use even if I don't use MotoDev Studio anymore. Also it seems that MotoDev Studio will lock you out of new features such as shared libraries.

    Read the article

  • Is there any mechanism provided by Apple Store to make the user sign-up to my website before he/she

    - by Lucky
    I am creating an iphone application that requires the users to have an account at my website. But if i have to distribute it through apple store, how should I make the users of this Iphone Application first create an account with my website. There could be a few options like : 1) Ask the user to create an account when he/she tries to run the application on iphone. 2) Provide a 'Sign-Up' page in the Iphone application itself. My question is "Is there any mechanism provided by Apple Store to make the user sign-up to my website before he/she can download the application". Kindly give in your suggestions for the same. Which would be the best approach for solving my problem. Thanks, LG

    Read the article

  • =~ (equal-sign tilde) and m" ... " in .htaccess directive [closed]

    - by Lèse majesté
    I saw this bit of code on an old forum post: SSLRequire %{HTTP_HOST} =~ m"\.secure\.powweb\.com" And I was just wondering what the =~ and m" ... " meant. I've been searching online and in the Apache documentation for any mention of the equal-sign tilde operator, but I've found no mention of it. I know that some directives can take a tilde to use a regular expression, but I've never seen the m" ... " form used before. What exactly is that m" ... " for? Where else would you see this form?

    Read the article

  • What is the @ sign on the end of file permission on terminal?

    - by shannoga
    I have a sound file in my app that the iPhone does not play. After checking other problems I checked the file permission in terminal. What I can see is that the file permission of this file has a- @ at the end of it. I don't know if that is the problem but this is the only difference from the other sound files that plays fine. What is this sign ? Could it cause a problem ? EDIT Thanks this is what I get: com.apple.FinderInfo: 00000000 4D 34 41 20 68 6F 6F 6B 00 00 00 00 00 00 00 00 |M4A hook........| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 Thanks Shani

    Read the article

  • DKIM sign any outgoing mail as the same domain. is possibly?

    - by Felipe Alcacibar
    I have a website, and the users recommend via email to another persons, so the mail come from my site, but I need to appear the user as sender, but "via" mydomain. The logically and what lists management software and companies do is differ the "MAIL FROM" SMTP command and the "From" header (like mailchimp, for example). So I want to DKIM sign a mail with mydomain.com, even if the From header says another domain. is possibly this? I am using postfix with Debian GNU/Linux, and in this case using dkim-filter and dk-filter.

    Read the article

  • Oracle Internet Directory 11gR1 11.1.1.6 Certified with E-Business Suite

    - by Elke Phelps (Oracle Development)
    Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder.  For details about third-party integration architectures, see either of these article for EBS 11i and 12: In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12 In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i Oracle Internet Directory 11.1.1.6 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.6 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.6.0, also known as FMW 11g Patchset 5.  Certified E-Business Suite releases are: EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher EBS Release 12.0.6 and higher EBS Release 12.1.1 and higher Supported Configurations Oracle Internet Directory 11.1.1.5.0 can be integrated with two single sign-on solutions for EBS environments: Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x). Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 11gR1 (11.1.1.5) with an existing Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x). Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 5  (11.1.1.6.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x) Oracle Access Manager strongly recommended Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server. Platform certifications Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.References Overview of Single Sign-On Integration Options for Oracle E-Business Suite Note 1388152.1 Using the Latest Oracle Internet Directory 11gR1 Patchset with Oracle Single Sign-on and Oracle E-Business Suite (Note 876539.1) Integrating Oracle E-Business Suite with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate (Note 1309013.1) Integrating Oracle E-Business Suite with Oracle Access Manager 10g using Oracle E-Business Suite AccessGate (Note 975182.1) Migrating Oracle Single Sign-On 10gR3 to Oracle Access Manager 11g with Oracle E-Business Suite (Note 1304550.1) Oracle Fusion Middleware Download, Installation & Configuration Readme Oracle Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) (Part Number E12002-09) Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management 11g Release 1 (11.1.1) (Part Number E10129-09) Oracle Fusion Middleware Upgrade Planning Guide 11g Release 1 (11.1.1) (Part Number E10125-06) Oracle Fusion Middleware Patching Guide 11g Release 1 (11.1.1) (Part Number E16793-12) Related Articles Understanding Options for Integrating Oracle Access Manager with E-Business Suite In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12 In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i Oracle Access Manager 10gR3 Certified with E-Business Suite Portal 11.1.1.4 Certified with E-Business Suite Discoverer 11.1.1.4 Certified with E-Business Suite

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Tweak Conky Layout via a script

    - by begtognen
    I'm using a script in Conky in order to display my new gmail on my desktop. It works beautifully, but is kind of ugly, and I'm not sure how to fix it. What I've currently got looks like this: And what I'd like is this: Any ideas for how to make that happen are much appreciated. Here's the script I'm currently using (I think I've snipped out the correct part, if I haven't please let me know.) #!/usr/bin/perl use Switch; use Text::Wrap; my $what=$ARGV[0]; $user="username"; #username for gmail account $pass="password"; #password for gmail account $file="/tmp/gmail.html"; #temporary file to store gmail #wrap format for subject $Text::Wrap::columns=65; #Number of columns to wrap subject at $initial_tab=""; #Tab for first line of subject $subsequent_tab="\t"; #tab for wrapped lines $quote="\""; #put quotes around subject #limit the number of emails to be displayed $emails=-1; #if -1 display all emails &passwd; #give password the proper url character encoding switch($what){ #determine what the user wants case "n" {&gmail; print "$new\n";} #print number of new emails case "s" { #print $from and $subj for new email &gmail; if ($new0){ my $size=@from; if ($emails!=-1 && $size$emails){$size=$emails;} #limit number of emails displayed for(my $i=0; $i$emails){print "$emails out of $size new emails displayed\n";} } } case "e" { #print number of new emails, $from, and $subj &gmail; if($new==0){print "You have no new emails.\n";} else{ print "You have $new new email(s).\n"; my $size=@from; if ($emails!=-1 && $size$emails){$size=$emails;} #limit number of emails displayed for(my $i=0; $i$emails){print "$emails out of $size new emails displayed\n";} } } else { print "Usage Error: gmail.pl \n"; print "\tn displays number of new emails\n"; print "\ts displays from line and subject line for each new email.\n"; print "\te displays the number of new emails and from line plus \n"; print "\t\tsubject line for each new email.\n"; } #didn't give proper option } sub gmail{ if(!(-e $file)){ #create file if it does not exists `touch $file`; } #get new emails `wget -O - https://$user:$pass\@mail.google.com/mail/feed/atom --no-check-certificate $file`; open(IN, $file); #open $file my $i=0; #initialize count $new=0; #initialize new emails to 0 my $flag=0; while(){ #cycle through $file if(//){$flag=1;} elsif(/(\d+)/){$new=$1;} #grab number of new emails elsif($flag==1){ if(/.+/){push(@subj, &msg);} #grab new email titles elsif(/(.+)/){push(@from, $1); $flag=0;} #grab new email from lines } } close(IN); #close $file } sub passwd{ #change to url escape codes in password #URL ESCAPE CODES $_=$pass; s/\%/\%25/g; s/\#/\%23/g; s/\$/\%24/g; s/\&/\%26/g; s/\//\%2F/g; s/\:/\%3A/g; s/\;/\%3B/g; s/\/\%3E/g; s/\?/\%3F/g; s/\@/\%40/g; s/\[/\%5B/g; s/\\/\%5C/g; s/\]/\%5D/g; s/\^/\%5E/g; s/\`/\%60/g; s/\{/\%7B/g; s/\|/\%7C/g; s/\}/\%7D/g; s/\~/\%7E/g; $pass=$_; } sub msg{ #THE HTML CODED CHARACTER SET [ISO-8859-1] chomp; s/(.+)/$1/; #get just the subject #now replace any special characters s/\&\#33\;/!/g; #Exclamation mark s/\&\#34\;/"/g; s/\"\;/"/g; #Quotation mark s/\&\#35\;/#/g; #Number sign s/\&\#36\;/\$/g; #Dollar sign s/\&\#37\;/%/g; #Percent sign s/\&\#38\;/&/g; s/\&\;/&/g; #Ampersand s/\&\#39\;/'/g; #Apostrophe s/\&\#40\;/(/g; #Left parenthesis s/\&\#41\;/)/g; #Right parenthesis s/\&\#42\;/*/g; #Asterisk s/\&\#43\;/+/g; #Plus sign s/\&\#44\;/,/g; #Comma s/\&\#45\;/-/g; #Hyphen s/\&\#46\;/./g; #Period (fullstop) s/\&\#47\;/\//g; #Solidus (slash) s/\&\#58\;/:/g; #Colon s/\&\#59\;/\;/g; #Semi-colon s/\&\#60\;//g; s/\>\;//g; #Greater than s/\&\#63\;/\?/g; #Question mark s/\&\#64\;/\@/g; #Commercial at s/\&\#91\;/\[/g; #Left square bracket s/\&\#92\;/\\/g; #Reverse solidus (backslash) s/\&\#93\;/\]/g; #Right square bracket s/\&\#94\;/\^/g; #Caret s/\&\#95\;/_/g; #Horizontal bar (underscore) s/\&\#96\;/\`/g; #Acute accent s/\&\#123\;/\{/g; #Left curly brace s/\&\#124\;/|/g; #Vertical bar s/\&\#125\;/\}/g; #Right curly brace s/\&\#126\;/~/g; #Tilde s/\&\#161\;/¡/g; #Inverted exclamation s/\&\#162\;/¢/g; #Cent sign s/\&\#163\;/£/g; #Pound sterling s/\&\#164\;/¤/g; #General currency sign s/\&\#165\;/¥/g; #Yen sign s/\&\#166\;/¦/g; #Broken vertical bar s/\&\#167\;/§/g; #Section sign s/\&\#168\;/¨/g; #Umlaut (dieresis) s/\&\#169\;/©/g; s/\©\;/©/g; #Copyright s/\&\#170\;/ª/g; #Feminine ordinal s/\&\#171\;/«/g; #Left angle quote, guillemotleft s/\&\#172\;/¬/g; #Not sign s/\&\#174\;/®/g; #Registered trademark s/\&\#175\;/¯/g; #Macron accent s/\&\#176\;/°/g; #Degree sign s/\&\#177\;/±/g; #Plus or minus s/\&\#178\;/²/g; #Superscript two s/\&\#179\;/³/g; #Superscript three s/\&\#180\;/´/g; #Acute accent s/\&\#181\;/µ/g; #Micro sign s/\&\#182\;/¶/g; #Paragraph sign s/\&\#183\;/·/g; #Middle dot s/\&\#184\;/¸/g; #Cedilla s/\&\#185\;/¹/g; #Superscript one s/\&\#186\;/º/g; #Masculine ordinal s/\&\#187\;/»/g; #Right angle quote, guillemotright s/\&\#188\;/¼/g; s/\¼\;/¼/g; # Fraction one-fourth s/\&\#189\;/½/g; s/\½\;/½/g; # Fraction one-half s/\&\#190\;/¾/g; s/\¾\;/¾/g; # Fraction three-fourths s/\&\#191\;/¿/g; #Inverted question mark s/\&\#192\;/À/g; #Capital A, grave accent s/\&\#193\;/Á/g; #Capital A, acute accent s/\&\#194\;/Â/g; #Capital A, circumflex accent s/\&\#195\;/Ã/g; #Capital A, tilde s/\&\#196\;/Ä/g; #Capital A, dieresis or umlaut mark s/\&\#197\;/Å/g; #Capital A, ring s/\&\#198\;/Æ/g; #Capital AE dipthong (ligature) s/\&\#199\;/Ç/g; #Capital C, cedilla s/\&\#200\;/È/g; #Capital E, grave accent s/\&\#201\;/É/g; #Capital E, acute accent s/\&\#202\;/Ê/g; #Capital E, circumflex accent s/\&\#203\;/Ë/g; #Capital E, dieresis or umlaut mark s/\&\#204\;/Ì/g; #Capital I, grave accent s/\&\#205\;/Í/g; #Capital I, acute accent s/\&\#206\;/Î/g; #Capital I, circumflex accent s/\&\#207\;/Ï/g; #Capital I, dieresis or umlaut mark s/\&\#208\;/Ð/g; #Capital Eth, Icelandic s/\&\#209\;/Ñ/g; #Capital N, tilde s/\&\#210\;/Ò/g; #Capital O, grave accent s/\&\#211\;/Ó/g; #Capital O, acute accent s/\&\#212\;/Ô/g; #Capital O, circumflex accent s/\&\#213\;/Õ/g; #Capital O, tilde s/\&\#214\;/Ö/g; #Capital O, dieresis or umlaut mark s/\&\#215\;/×/g; #Multiply sign s/\&\#216\;/Ø/g; #Capital O, slash s/\&\#217\;/Ù/g; #Capital U, grave accent s/\&\#218\;/Ú/g; #Capital U, acute accent s/\&\#219\;/Û/g; #Capital U, circumflex accent s/\&\#220\;/Ü/g; #Capital U, dieresis or umlaut mark s/\&\#221\;/Ý/g; #Capital Y, acute accent s/\&\#222\;/Þ/g; #Capital THORN, Icelandic s/\&\#223\;/ß/g; #Small sharp s, German (sz ligature) s/\&\#224\;/à/g; #Small a, grave accent s/\&\#225\;/á/g; #Small a, acute accent s/\&\#226\;/â/g; #Small a, circumflex accent s/\&\#227\;/ã/g; #Small a, tilde s/\&\#228\;/ä/g; #Small a, dieresis or umlaut mark s/\&\#229\;/å/g; #Small a, ring s/\&\#230\;/æ/g; #Small ae dipthong (ligature) s/\&\#231\;/ç/g; #Small c, cedilla s/\&\#232\;/è/g; #Small e, grave accent s/\&\#233\;/é/g; #Small e, acute accent s/\&\#234\;/ê/g; #Small e, circumflex accent s/\&\#235\;/ë/g; #Small e, dieresis or umlaut mark s/\&\#236\;/ì/g; #Small i, grave accent s/\&\#237\;/í/g; #Small i, acute accent s/\&\#238\;/î/g; #Small i, circumflex accent s/\&\#239\;/ï/g; #Small i, dieresis or umlaut mark s/\&\#240\;/ð/g; #Small eth, Icelandic s/\&\#241\;/ñ/g; #Small n, tilde s/\&\#242\;/ò/g; #Small o, grave accent s/\&\#243\;/ó/g; #Small o, acute accent s/\&\#244\;/ô/g; #Small o, circumflex accent s/\&\#245\;/õ/g; #Small o, tilde s/\&\#246\;/ö/g; #Small o, dieresis or umlaut mark s/\&\#247\;/÷/g; #Division sign s/\&\#248\;/ø/g; #Small o, slash s/\&\#249\;/ù/g; #Small u, grave accent s/\&\#250\;/ú/g; #Small u, acute accent s/\&\#251\;/û/g; #Small u, circumflex accent s/\&\#252\;/ü/g; #Small u, dieresis or umlaut mark s/\&\#253\;/ý/g; #Small y, acute accent s/\&\#254\;/þ/g; #Small thorn, Icelandic s/\&\#255\;/ÿ/g; #Small y, dieresis or umlaut mark s/^\s+//; return $_; }

    Read the article

  • Can I use IIS to do ActiveDirectory single-sign-on for another website?

    - by brofield
    I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server. Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y). Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this? Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself? Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS? Update: For example, what I am trying to create is: [CLIENT] [IIS] [AD] [SOAP-SERVER] 1. |---------------->| 2. |<--------------->|<---------->| 3. |--------------------------->| 4. |<---------------------------| 5. |<----------------| 1. POST to http://example.com/foo/bar.cgi 2. Client is not authenticated, so do authentication 3. Once validated, send request to server (X-Remote-User: {userid}) 4. Process request, send response 5. Forward response to client I need to know how to configure IIS to do the automatic authentication of the user using AD, and then to proxy the request to the actual server, sending the userid in the X-Remote-User HTTP header.

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >