Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 129/388 | < Previous Page | 125 126 127 128 129 130 131 132 133 134 135 136  | Next Page >

  • rpxnow - How to promote users to sign in

    - by Harry
    Since adding rpxnow to our website, less users are signing in. Are these readers worried about giving their (eg hotmail) password to a third party site? Has anyone found a good way to promote use of rpxnow (or other openid managers) as a secure method of authentication to non tech savvy readers?

    Read the article

  • OpenID Attribute Exchange - should I use it?

    - by Josh
    My website will be using only OpenID for authentication. I'd like to pull user details down via attribute exchange, but attribute exchange seems to have caused a lot of grief for StackOverflow. What is the current state of play in the industry? Does any OpenID provider do a decent job of attribute exchange? Should I just steer away from OpenID attribute exchange altogether? How can I deal with inconsistent support for functionality?

    Read the article

  • Selectively turning off Devise's flash notices in Rails 3

    - by Sim
    The Devise authentication framework uses flash notices everywhere. This makes it easy to integrate with apps but it leads to poor user experience sometimes. I am wondering what's an easy way to selectively turn off some of the Devise flash notices in my Rails 3 app. In particular, I'd like to get rid of the blatantly obvious signed_in and signed_out flashes. Some searching suggested subclassing the session controller or use something like this but I haven't been able to find any simple solutions to this problem.

    Read the article

  • Sanitize file_get_contents

    - by Luis
    I want to use file_get_contents to implement a proxy so I can do ajax cross domain requests. Querystring will be used to supply the URL to file_get_contents. Now the problem is people can muck around with the qurystring in order to read local files on the server. I dont wnat this. Can someone get me a function to sinitize the querystring in order only to accept urls and not local files: ie: ?url=http://google.com.au - OK ?url=./passwords.txt - Not OK

    Read the article

  • Twitter rss feed 401 - unauthorisation

    - by RenegadeAndy
    Hey. I have a public twitter account and this is the rss feed for it: http://twitter.com/statuses/friends_timeline/150784631.rss The problem is, im getting an http 401 whenever im trying to access it. Can anybody explain how to stop this - and get it to work either with authentication or without! Cheers

    Read the article

  • Session handling in python / django

    - by Gaurav
    I am creating an application that lets users login using Google, Facebook and the website's native login. The site is being built in Python / Django. What would be the best way to handle login, session management and user authentication? I do not want to use the in-built Django user management. I am using Django very sparingly(URLs, templates)

    Read the article

  • Authenticating users in iPhone app

    - by Myron
    I'm developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we're developing, but I'm designing this with future uses in mind (such as mobile apps for other platforms). I'm trying to decide on the best way to authenticate users so they can access their accounts from the iPhone. I've got a design that I think works well, but I'm no security expert, so I figured it would be good to ask for feedback here. The design of the user authentication has 3 primary goals: Good user experience: We want to allow users to enter their credentials once, and remain logged in indefinitely, until they explicitly log out. I would have considered OAuth if not for the fact that the experience from an iPhone app is pretty awful, from what I've heard (i.e. it launches the login form in Safari, then tells the user to return to the app when authentication succeeds). No need to store the user creds with the app: I always hate the idea of having the user's password stored in either plain text or symmetrically encrypted anywhere, so I don't want the app to have to store the password to pass it to the API for future API requests. Security: We definitely don't need the intense security of a banking app, but I'd obviously like this to be secure. Overall, the API is REST-inspired (i.e. treating URLs as resources, and using the HTTP methods and status codes semantically). Each request to the API must include two custom HTTP headers: an API Key (unique to each client app) and a unique device ID. The API requires all requests to be made using HTTPS, so that the headers and body are encrypted. My plan is to have an api_sessions table in my database. It has a unique constraint on the API key and unique device ID (so that a device may only be logged into a single user account through a given app) as well as a foreign key to the users table. The API will have a login endpoint, which receives the username/password and, if they match an account, logs the user in, creating an api_sessions record for the given API key and device id. Future API requests will look up the api_session using the API key and device id, and, if a record is found, treat the request as being logged in under the user account referenced by the api_session record. There will also be a logout API endpoint, which deletes the record from the api_sessions table. Does anyone see any obvious security holes in this?

    Read the article

  • send and recive packet in the Lan with multiple mac Addresses in C#

    - by MGH
    Hi , in our Network bandwith assign to mac address and if you can get more than one , you can get more bandwith :) if there any application or class in C# that can do this .... I'm already have the http proxy or port maper to send packets in different ip addresses but because of they are use same mac address it won't work . Any help is appreciated .

    Read the article

  • LDAP user data caching on local database

    - by Eduardo
    I am integrating LDAP authentication in my web enterprise application. I would like to show listing of people name and email. Instead of querying the LDAP server for the name and email each time a listing containing several users I thought about caching the data locally in the database. Do you guys know about caching LDAP data best practices? Should I cache LDAP user data? When should I insert and refresh the data?

    Read the article

  • Knowing the user name in a Page

    - by ctacke
    Let's assume the following: I have an IIS web site set up IIS is configured to use Digest authentication I'm running an ASP.NET page The page has a code-behing assembly that overrides Page_Load When a user navigates to that page, I get a security prompt for the username and password. If the username and password are invalid (i.e. incorrect password) is there a way for the called page, in Page_Load to know, or does IIS handle this and return the 401 before the ASP.NET engine ever gets around to resolving the actual Page class that will get executed?

    Read the article

  • How can I configure Devise for Ruby on Rails to store the emails and passwords somewhere other than in the user model?

    - by TLK
    I'd like to store emails in a separate table and allow users to save multiple emails and log in with any of them. I'd also like to store passwords in a different table. How can I configure Devise to store authentication info elsewhere? Worst case scenario, if I just have to hack into it, is there a generator to just port everything over to the app? I noticed there was a generator for the views. Thanks.

    Read the article

  • Pros & Cons of separating the controllers using subfolders on an ruby on rails app based?

    - by user293179
    Hi, Need some help gathering thoughts on this issue. Our team is moving ahead with the idea that separating the authenticated and public sections of our app in two separate folders will allow us to be more organized and secured. I have seen this approach for Admin apps within the site but never for authentication. We are currently using Authlogic. What would be the disadvantage of this? Thanks for your help.

    Read the article

  • Credentials - Can I do this?

    - by zburns
    I've got an ASP.NET website that I use forms authentication using the default provider you can setup. This works just fine for the site. The question is can I pass the credentials from the web site to a web app on the same server?

    Read the article

  • ASP.NET Login Page Redirection Problem

    - by Daniel
    Hello everyone! I'm building a silverlight application hosted on ASP.NET Web App. / IIS7 / SSL-enabled website. For security, I put my silverlight page inside a Members folder in the ASP.NET Web Application, and restricted access from anonymous users.(see web.config below) when users try to access pages under Members folder, they get redirected to https://www.ssldemo.com/authenticationtest/login.aspx. (see web.config below) (I've mapped www.ssldemo.com to 127.0.0.1). for security, I'm switching to HTTPS in login.aspx, and back to HTTP after validation. below is the code for login.aspx.cs. protected void Page_Load(object sender, EventArgs e) { LoginControl.LoggedIn += new EventHandler(LoginControl_LoggedIn); } void LoginControl_LoggedIn(object sender, EventArgs e) { //for going to ReturnURL & switching back to HTTP string serverName = HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]); string returnURL = Request["ReturnURL"]; Response.Redirect(ResolveClientUrl("http://" + serverName + returnURL)); } The problem is, when I deploy another application to http://www.ssldemo.com/authenticationtest/members/AnotherApplication/ and open http://www.ssldemo.com/authenticationtest/members/AnotherApplication/default.aspx, Users get redirected to https://www.ssldemo.com/authenticationtest/login.aspx?ReturnUrl=%2fauthenticationtest%2fmembers%2fanotherapplication%2fdefault.aspx. but even when I enter the correct credentials at login page, I get redirected to the same login page again, not to the ReturnUrl. when I looked into fiddler, it said '302 object moved to here.' Thank you for reading! Any input will be much appreciated. <configuration> <connectionStrings> <add name="CompanyDatabase" connectionString="Data Source=192.168.0.2;Initial Catalog=SomeTable;User ID=Username;Password=P@ssword" /> </connectionStrings> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms slidingExpiration="true" timeout="15" loginUrl="https://www.ssldemo.com/authenticationtest/login.aspx" defaultUrl="~/Members/Default.aspx" > </forms> </authentication> <!--Custom Membership Provider--> <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="MyMembershipProvider" type="AuthenticationTest.Web.MyMembershipProvider" connectionStringName="CompanyDatabase" applicationName="AuthenticationTest.Web"/> </providers> </membership> </system.web> <!--securing folders--> <location path="Members"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> </configuration>

    Read the article

  • mobile browsers' can't login to my site

    - by imin
    i've tested my site on 2 phone models using the 'generic' browser that came with the phone, but sadly, everytime I tried to login, it will return me back to my index page. here's my login code <form name='login' method='POST' action='authentication.php'> <table border=0 cellpadding=2> <tr><td>Login:</td><td></td></tr> <tr><td>E-mail: </td><td><input type=text name='email' id='email' size=20 maxlength="200"></td></tr> <tr><td>Password: </td><td><input type=password name='password' id='password' size=20 maxlength="100"></td></tr> <tr><td></td><td><input type=submit value='Login'></td></tr> </table></form> and here's the authentication.php (snippet) $currentUserEmail = $_POST["email"]; $currentUserPwd = md5($_POST["password"]); $stmt = $dbi->prepare("select status from users where email=? and pwd=?"); $stmt->bind_param('ss', $currentUserEmail,$currentUserPwd); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $isUserAvailable = mysqli_stmt_num_rows($stmt); $stmt->bind_result($getUserStatus); $stmt->execute() or die (mysqli_error()); $stmt->store_result(); $stmt->fetch(); $stmt->close(); if($isUserAvailable > 0){ if ($getUserStatus == "PENDING") { $userIsLoggedIn = "NO"; $registeredUser = "NO"; unset($userIsLoggedIn); setcookie("currentMobileUserName", "", time()-3600); setcookie("currentMobileUserEmail", "", time()-3600); setcookie("currentMobileSessionID", "", time()-3600); setcookie("currentMobileUID", "", time()-3600); header('Location: '.$config['MOBILE_URL'].'/index.php?error=2&email='.$currentUserEmail); }elseif (($getUserStatus == "ACTIVE") || ($getUserStatus == "active")){ //means successfully logged in //set the cookie setcookie("currentMobileUserName", $currentUserName, $expire); setcookie("currentMobileUserEmail", $currentUserEmail, $expire); setcookie("currentMobileSessionID", $getGeneratedMobileUSID, $expire); setcookie("currentMobileUID", $currentUID, $expire); $userIsLoggedIn = "YES"; $registeredUser = "YES"; $result = $stmt->execute() or die (mysqli_error($dbi)); if ($caller == "indexLoginForm"){ header('Location: '.$config['MOBILE_URL'].'/home.php'); }else{ header('Location: '.$config['MOBILE_URL'].'/home.php'); } } }else{ $userIsLoggedIn = "NO"; $registeredUser = "NO"; unset($userIsLoggedIn); setcookie("currentMobileUserName", "", time()-3600); setcookie("currentMobileUserEmail", "", time()-3600); setcookie("currentMobileSessionID", "", time()-3600); setcookie("currentMobileUID", "", time()-3600); header('Location: '.$config['MOBILE_URL'].'/index.php?error=1'); } The only way I can access my mobile site is by using opera mini. Just FYI, both the 'generic browsers' i tested my site with supports cookie (at least this is what the browser settings said). thanks

    Read the article

  • Stop lazy loading or skip loading a property in NHibernate? Proxy cannot be serialized through WCF

    - by HelloSam
    Consider I have a parent, child relationship class and mapping. I am using NHibernate to read the object from the database, and intended to use WCF to send the object across the wire. Goal For reading the parent object, I want to selectively, at different execution path, decide when I would want to load the child object. Because I don't want to read more than what I needed. Those partially loaded object must be able to sent through WCF. When I mean I don't load it, neither side will access such property. Problem When such partially loaded object is being sent through WCF, as those property is marked as [DataContract], it cannot be serialized as the property is lazy load proxy instead of real known type. What I want to archive, or solution that I can think of lazy=false or lazy=true doesn't work. Former will eagerly fetch all the relationships, latter will create a proxy. But I want nothing instead - a null would be the best. I don't need lazy load. I hope to get a null for those references that I don't want to fetch. A null, but not just a proxy. This will makes WCF happy, and waste less time to have a lazy-load proxy constructed. Like could I have a null proxy factory? -OR- Or making WCF ignoring those property that's a proxy instead of real. I tried the IDataContractSurrogate solution, but only parent is passed to GetObjectToSerialize, I never observe an proxy being passed through GetObjectToSerialize, leaving no chance to un-proxy it. Edit After reading the comments, more surfing on the Internet... It seems to me that DTO would shift major part of the computation to the server side. But for the project I am working on, 50% of time the client is "smarter" than the server and the server is more like a data store with validation and verification. Though I agree the server is not exactly dumb - I have to decide when to fetch the extra references already, and DTO will make this very explicit. Maybe I should just take the pain. I didn't know http://automapper.codeplex.com/ before, this motivates me a little more to take the pain. On the other hand, I found http://trentacular.com/2009/08/how-to-use-nhibernate-lazy-initializing-proxies-with-web-services-or-wcf/, which seems to be working with IDataContractSurrogate.GetObjectToSerialize.

    Read the article

  • Why RSA SSH authentication only works after console log-in?

    - by smorhaim
    I setup RSA authentication on one of my Ubuntu servers, however after every restart, I can't log-in via ssh RSA. In order to log-in with ssh I need to first log-in via console, then the RSA starts working. Why??? Below are my sshd config file as well as an output from the ssh -vv command before console log-in and after. . Before console log-in: debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/smorhaim/.ssh/smorhaim (0x7ff8d8c242c0) debug2: key: /Users/smorhaim/.ssh/id_rsaadmin (0x7ff8d8c24cf0) debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/smorhaim/.ssh/smorhaim debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Offering RSA public key: /Users/smorhaim/.ssh/id_rsaadmin debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). After console log-in: debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/smorhaim/.ssh/smorhaim (0x7f91c14242c0) debug2: key: /Users/smorhaim/.ssh/id_rsaadmin (0x7f91c1424ae0) debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/smorhaim/.ssh/smorhaim debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp b1:d5:90:43:be:43:52:a9:7f:05:c7:04:86:57:b3:ff debug1: Authentication succeeded (publickey). Authenticated to 10.10.30.151 ([10.10.30.151]:22). sshd config: Port 22 Protocol 2 ListenAddress 10.10.30.151 UsePrivilegeSeparation yes SyslogFacility AUTHPRIV PermitRootLogin no PasswordAuthentication no ChallengeResponseAuthentication no UsePAM yes X11Forwarding yes

    Read the article

  • Can ISC dhcpd operate as a proxy dhcp server for PXE boot?

    - by Matt
    I have an existing LAN with a DHCP server already dishing out IP addresses. For various reasons I cannot replace that server so it will still need to dish out IP addresses. I've been experimenting with dnsmasq in proxy mode to provide PXE boot filenames. Now I have dnsmasq chainloading iPXE ok, but I found that the problem with dnsmasq is that in proxy mode it won't send dhcp options down. So I can't seem to send option 17 to boot iscsi san. I read somewhere that it's not enabled in the source code. Oh well, so I thought perhaps I should try isc dhcpd (default version4 with ubuntu). But I can't find any configuration examples that work as a proxy. Does isc dhcpd even work in proxy mode? examples on the web imply patching the source. What other options do I have?

    Read the article

  • Mac OS X printing to CUPS - More intuitive authentication failure?

    - by Moduspwnens
    We have a network-wide CUPS server that offers authenticated printer access to all our campus users. We've been pretty disappointed with the way Mac clients handle bad printing authentication, though. In any other authentication dialog, when a user types in a bad username or password, the window shakes briefly, allowing the user to re-enter. With printers, this isn't the case. It'll happily accept (and even save to the keychain, if specified) bad credentials. The authentication dialog is dismissed, and the user then has to deal with the print jobs showing up as "On hold (authentication required)". To get their job printed, they need to select it in the printer's queue, click "Resume", then re-enter appropriate credentials. Is there a way to get failed printing authentication to work more intuitively for Mac OS X clients? We're trying to support a BYOD environment, but our end users have been really confused by this. It's made even worse by the way it pre-populates the user's full login name (e.g. "Smith, John"), which tends to make them think to use their local machine passwords.

    Read the article

  • Is it possible to make a web browser proxy tunnel with Netcat/Socat?

    - by djangofan
    Concerning the Netcat/Socat utility . From the man page, it seems like it is possible to create a secure proxy using netcat by which I could point my web browser to like a proxy server , that could fork/drive my web traffic through the proxy. Is this possible? Any hints on how to do this? Socat on windows is preferrable but netcat on linux is ok. http://www.dest-unreach.org/socat/doc/socat.html

    Read the article

  • How to create public html (apache2) with LDAP authentication?

    - by borjamf
    Im running Apache2 on Ubuntu 12.04 Server because I want to create a home directory for each ldap user. I'm using LDAP for authentication and it's working ok. Also I've done some tests with LDAP module for Apache2 and it's working ok. The problem with this LDAP authentication is that any success login can access to ~user/public_html, even if the user is not the owner of that home. I dont know how to control that, for example, userldap2 access to userldap1/public_html. I want that only the userldap1 access to userldap1. Could anybody tell me how to control that with LDAP authentication? I hope that you'll understand me. My config (auth_ldap.conf) <Directory /home/disco2/*/public_html> AuthName "Authentication" AuthType basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://prueba.borja/dc=prueba,dc=borja?uid? Require ldap-filter objectClass=posixAccount </Directory>

    Read the article

  • Why does iChat Server keep connecting to proxy.eu.jabber.org?

    - by Tom Hamming
    I have OS X Server 10.6.5 running on a new Mac Mini (server model), serving several functions among which is iChat Server (iChat and Pidgin on Windows as clients). In the iChat log in Server Admin, I kept seeing entries about connecting to proxy.eu.jabber.org. It's for our office network and I wasn't excited about external access to it, so I disabled server-to-server XMPP federation and now the connections just time out. But why is it doing that in the first place? Sample log entry: (datetime) (servername)jabberd/resolver[portnum]: [xmpp-server._tcp.proxy.eu.jabber.org resolved to 208.68.163.220:5269 (300 seconds to live) then: sending dialback auth request for route '(full server hostname)/proxy.eu.jabber.org' A couple minutes later, it comes back with: dialback for outgoing route '(full server hostname)/proxy.eu.jabber.org' timed out

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 125 126 127 128 129 130 131 132 133 134 135 136  | Next Page >