Search Results

Search found 412 results on 17 pages for 'openid'.

Page 13/17 | < Previous Page | 9 10 11 12 13 14 15 16 17  | Next Page >

  • Google app engine error when I login.

    - by zjm1126
    i am using http://code.google.com/p/gaema/source/browse/#hg/demos/webapp, and this is my traceback: Traceback (most recent call last): File "D:\Program Files\Google\google_appengine\google\appengine\ext\webapp\__init__.py", line 510, in __call__ handler.get(*groups) File "D:\gaema\demos\webapp\main.py", line 31, in get google_auth.get_authenticated_user(self._on_auth) File "D:\gaema\demos\webapp\gaema\auth.py", line 641, in get_authenticated_user OpenIdMixin.get_authenticated_user(self, callback) File "D:\gaema\demos\webapp\gaema\auth.py", line 83, in get_authenticated_user url = self._OPENID_ENDPOINT + "?" + urllib.urlencode(args) File "D:\Python25\lib\urllib.py", line 1250, in urlencode v = quote_plus(str(v)) UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-1: ordinal not in range(128) how to do this thanks updated i change the code from args = dict((k, v[-1]) for k, v in self.request.arguments.iteritems()) args["openid.mode"] = u"check_authentication" url = self._OPENID_ENDPOINT + "?" + urllib.urlencode(args) to args = dict((k, v[-1].encode('utf-8')) for k, v in self.request.arguments.iteritems()) args["openid.mode"] = u"check_authentication" url = self._OPENID_ENDPOINT + "?" + urllib.urlencode(args) but also error.

    Read the article

  • How to Integrate SharePoint 2007/2010 and Google Apps?

    - by goober
    Hello All, My (smaller) company has an existing Google Apps Deployment, used for E-Mail / Calendar, etc. I'm looking into a SharePoint setup (2010 most likely). One of the best features is that new events are added to one's Outlook Calendar, e-mails can be sent automatically, etc. Naturally, this works best out-of-the-box with Exchange. I know I can add my own OpenID login system via an OpenID provider for SharePoint and get my users into the system. My question is, can anyone recommend the best way to go about making sure that events automatically find their way into users' calendars and e-mails on the Google Apps system? This would enable us to deploy SharePoint without worrying about migrating our e-mail system to Exchange first (Google Apps is more cost-effective for our needs and I'm required to keep it.) Thanks in advance for any help!

    Read the article

  • Need a host which supports OSQA

    - by Josip Gòdly Zirdum
    Hi i'm looking to install OSQA and see how it goes I have a great niche which I think may work real well, but till I get a large enough audience I'd like to use shared hosting then move up to a dedicated or vps hosting... Almost all hosts i've looked at don't support something OSQA needs I need relatively cheap shared hosting with cpanel. Any recommendations? It needs to support: Django Python markdown html5lib Python OpenId South

    Read the article

  • SSO "Portal"

    - by Clinton Blackmore
    Pursuant to my question on alleviating the password explosion, I've contacted some of the services to whom we are paying money to access their websites to ask if we could authenticate our own users, and some of them said yes and send me specs on how to do so. (One of the sites called such a system a page a "portal"; I've never heard the term used in quite that way.) It is simple enough that I am tempted to roll my own. The largest complication is that one site wants us to store a key for every user in our database (and I think the LDAP database makes sense) after their initial login. So, non-trivial, but doable. The nature of these sorts of tasks, I expect, is that if they start out small and simple, they don't end that way. There must be some software that addresses this that is readily extended, surely. In my searching, I've come across: SimpleSAMLphp JOSSO RubyCAS-Server Shibboleth Pubcookie OpenID [Wow, gee. I'd missed some of those in my previous searches! The wikipedia page on Central Authentication Services is useful, and the section on Alternatives to OpenID makes it look like there is a lot of choice.] Can anyone recommend any of these, or suggest ones to avoid? Internally, we are authenticating using Apple's Open Directory [ == OpenLDAP + Kerberos + Password Server (which, I believe, == SAML) ]. As far as extending/tweaking/advanced configuration of a system, I am able to program in Python, C++, can do some basic PHP, and may be able to remember some Java. Looks like I need to pick up Ruby at some point. Addendum: I would also like users to be able to change their passwords over the web (and for certain users to change passwords of other users).

    Read the article

  • Please help to clean up my RoR development environment

    - by PeterWong
    I started RoR development a few months ago, and being new to Mac... Time flies and now I have a lot different ruby versions, rails versions and gems versions located everywhere......And currently I installed rvm and things got even worst, all things messed! And so I started want to clean all things and use rvm again! I want to uninstall all gems, all rails, and all ruby versions, except the system's default one (the very old one born with the mac). Or any other better solutions or suggestions!? Please help! there is some info that I think will be useful: which -a ruby /opt/local/bin/ruby /opt/local/bin/ruby /usr/local/bin/ruby /usr/bin/ruby /usr/local/bin/ruby which -a rails /usr/local/bin/rails /usr/bin/rails /usr/local/bin/rails which -a compass # simliar for rspec and many other gems /usr/local/bin/compass /usr/local/bin/compass gem list *** LOCAL GEMS *** abstract (1.0.0) actionmailer (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2, 2.3.9, 2.3.5, 2.3.4) actionpack (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2, 2.3.9, 2.3.5, 2.3.4) activemodel (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2) activerecord (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2, 2.3.9, 2.3.5, 2.3.4) activeresource (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2, 2.3.9, 2.3.5, 2.3.4) activesupport (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2, 2.3.9, 2.3.5, 2.3.4) addressable (2.2.2) arel (2.0.6, 1.0.1, 1.0.0.rc1) authlogic (2.1.6, 2.1.3) aws-s3 (0.6.2) base32 (0.1.2) block_helpers (0.3.3) bluecloth (2.0.9) bowline (0.9.4) bowline-bundler (0.0.4) bson (1.1.2) builder (2.1.2) bundler (1.0.2, 1.0.0) compass (0.10.6) crack (0.1.7) devise (1.1.3) diff-lcs (1.1.2) differ (0.1.1) dynamic_form (1.1.3) engineyard (1.3.1) engineyard-serverside-adapter (1.3.3) erubis (2.6.6) escape (0.0.4) extlib (0.9.15) facebooker (1.0.75) faker (0.3.1) faraday (0.5.3, 0.5.2) fast_gettext (0.5.10, 0.4.17) fastercsv (1.5.3) fastthread (1.0.7) ffi (0.6.3) formatize (1.0.1) formtastic (1.1.0, 1.0.1) gemcutter (0.5.0) gettext (2.1.0) git (1.2.5) gosu (0.7.25 universal-darwin) haml (3.0.24, 3.0.23, 3.0.22, 3.0.21, 3.0.18) haml-rails (0.3.4) heroku (1.10.13, 1.9.13) highline (1.5.2) hirb (0.3.4, 0.3.3) hpricot (0.8.2) i18n (0.5.0, 0.4.2, 0.4.1, 0.3.7) jeweler (1.4.0) json (1.4.6) json_pure (1.4.3) linkedin (0.1.8) locale (2.0.5) mail (2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.7, 2.2.6.1) memcache-client (1.8.5) meta_search (0.9.8, 0.9.7.2, 0.9.7.1, 0.9.6, 0.9.4) mime-types (1.16) mongo (1.1.2) mongoid (2.0.0.beta.20) multi_json (0.0.5) multipart-post (1.0.1) mysql (2.8.1) mysql2 (0.2.6, 0.2.4, 0.2.3) net-ldap (0.1.1) nice-ffi (0.4) nokogiri (1.4.4, 1.4.2) oa-basic (0.1.6) oa-core (0.1.6) oa-enterprise (0.1.6) oa-oauth (0.1.6) oa-openid (0.1.6) oauth (0.4.4, 0.4.3, 0.4.1) oauth-plugin (0.4.0.pre1) oauth2 (0.1.0) omniauth (0.1.6) paperclip (2.3.6, 2.3.4, 2.3.1.1) passenger (2.2.12) polyglot (0.3.1) pyu-ruby-sasl (0.0.3.2) querybuilder (0.9.2, 0.5.9) rack (1.2.1, 1.1.0, 1.0.1) rack-cache (0.5.3) rack-cache-purge (0.0.2, 0.0.1) rack-mount (0.6.13) rack-openid (1.2.0) rack-test (0.5.6, 0.5.4) railroady (0.11.2) rails (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2, 2.3.9, 2.3.5, 2.3.4) railties (3.0.3, 3.0.1, 3.0.0, 3.0.0.rc2) rake (0.8.7) RedCloth (3.0.4) rest-client (1.6.1) roxml (3.1.5) rscribd (1.2.0) rspec (2.3.0, 2.2.0, 2.1.0, 2.0.1) rspec-core (2.3.0, 2.2.1, 2.1.0, 2.0.1) rspec-expectations (2.3.0, 2.2.0, 2.1.0, 2.0.1) rspec-mocks (2.3.0, 2.2.0, 2.1.0, 2.0.1) rspec-rails (2.3.0, 2.2.0, 2.1.0, 2.0.1) ruby-hmac (0.4.0) ruby-mysql (2.9.3) ruby-ole (1.2.10.1) ruby-openid (2.1.8) ruby-openid-apps-discovery (1.2.0) ruby-recaptcha (1.0.2, 1.0.0) ruby-sdl-ffi (0.3) ruby-termios (0.9.6) ruby_parser (2.0.5) rubyforge (2.0.4) rubygame (2.6.4) rubygems-update (1.3.7) rubyless (0.7.0, 0.6.0, 0.3.5) rubyntlm (0.1.1) rubyzip2 (2.0.1) scribd_fu (2.0.6) searchlogic (2.4.27, 2.4.23) sequel (3.16.0, 3.15.0, 3.13.0) sexp_processor (3.0.5) shoulda (2.11.3) sinatra (1.0) slim (0.8.0) slim-rails (0.1.2) spreadsheet (0.6.4.1) sqlite3-ruby (1.3.2, 1.3.1) ssl_requirement (0.1.0) subdomain-fu (1.0.0.beta2, 0.5.4) supermodel (0.1.4) syntax (1.0.0) taps (0.3.13, 0.3.11) templater (1.0.0) temple (0.1.6) text-format (1.0.0) text-hyphen (1.0.0) thor (0.14.6, 0.14.4, 0.14.3, 0.14.1, 0.14.0) tilt (1.1) treetop (1.4.9, 1.4.8) tzinfo (0.3.23) uuidtools (2.1.1, 2.0.0) validates_timeliness (3.0.0.beta.4, 2.3.1) warden (0.10.7) will_paginate (3.0.pre2, 2.3.15, 2.3.14) xml-simple (1.0.12) ya2yaml (0.30) yajl-ruby (0.7.8, 0.7.7) yamltest (0.7.0) zena (0.16.9, 0.16.8) ====== I have ran sudo rvm implode and sudo rm -rf ~/.rvm, so no rvm now. gem env RubyGems Environment: - RUBYGEMS VERSION: 1.3.7 - RUBY VERSION: 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin10.2.0] - INSTALLATION DIRECTORY: /usr/local/lib/ruby/gems/1.8 - RUBY EXECUTABLE: /usr/local/bin/ruby - EXECUTABLE DIRECTORY: /usr/local/bin - RUBYGEMS PLATFORMS: - ruby - x86-darwin-10 - GEM PATHS: - /usr/local/lib/ruby/gems/1.8 - /Users/peter/.gem/ruby/1.8 - GEM CONFIGURATION: - :update_sources => true - :verbose => true - :benchmark => false - :backtrace => false - :bulk_threshold => 1000 - :sources => ["http://rubygems.org/", "http://gems.github.com"] - REMOTE SOURCES: - http://rubygems.org/ - http://gems.github.com === ls -al /usr/local/lib/ total 5704 drwxr-xr-x 7 root wheel 238 Jun 1 2010 . drwxr-xr-x 9 root wheel 306 Dec 15 16:20 .. -rw-r--r-- 1 root wheel 1717208 Jun 1 2010 libruby-static.a -rwxr-xr-x 1 root wheel 1191880 Jun 1 2010 libruby.1.8.7.dylib lrwxrwxrwx 1 root wheel 19 Jun 1 2010 libruby.1.8.dylib -> libruby.1.8.7.dylib lrwxrwxrwx 1 root wheel 19 Jun 1 2010 libruby.dylib -> libruby.1.8.7.dylib drwxr-xr-x 6 root wheel 204 Jun 1 2010 ruby

    Read the article

  • Standards Corner: OAuth WG Client Registration Problem

    - by Tanu Sood
    Phil Hunt is an active member of multiple industry standards groups and committees (see brief bio at the end of the post) and has spearheaded discussions, creation and ratifications of  Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} industry standards including the Kantara Identity Governance Framework, among others. Being an active voice in the industry standards development world, we have invited him to share his discussions, thoughts, news & updates, and discuss use cases, implementation success stories (and even failures) around industry standards on this monthly column. Author: Phil Hunt This afternoon, the OAuth Working Group will meet at IETF88 in Vancouver to discuss some important topics important to the maturation of OAuth. One of them is the OAuth client registration problem.OAuth (RFC6749) was initially developed with a simple deployment model where there is only monopoly or singleton cloud instance of a web API (e.g. there is one Facebook, one Google, on LinkedIn, and so on). When the API publisher and API deployer are the same monolithic entity, it easy for developers to contact the provider and register their app to obtain a client_id and credential.But what happens when the API is for an open source project where there may be 1000s of deployed copies of the API (e.g. such as wordpress). In these cases, the authors of the API are not the people running the API. In these scenarios, how does the developer obtain a client_id? An example of an "open deployed" API is OpenID Connect. Connect defines an OAuth protected resource API that can provide personal information about an authenticated user -- in effect creating a potentially common API for potential identity providers like Facebook, Google, Microsoft, Salesforce, or Oracle. In Oracle's case, Fusion applications will soon have RESTful APIs that are deployed in many different ways in many different environments. How will developers write apps that can work against an openly deployed API with whom the developer can have no prior relationship?At present, the OAuth Working Group has two proposals two consider: Dynamic RegistrationDynamic Registration was originally developed for OpenID Connect and UMA. It defines a RESTful API in which a prospective client application with no client_id creates a new client registration record with a service provider and is issued a client_id and credential along with a registration token that can be used to update registration over time.As proof of success, the OIDC community has done substantial implementation of this spec and feels committed to its use. Why not approve?Well, the answer is that some of us had some concerns, namely: Recognizing instances of software - dynamic registration treats all clients as unique. It has no defined way to recognize that multiple copies of the same client are being registered other then assuming if the registration parameters are similar it might be the same client. Versioning and Policy Approval of open APIs and clients - many service providers have to worry about change management. They expect to have approval cycles that approve versions of server and client software for use in their environment. In some cases approval might be wide open, but in many cases, approval might be down to the specific class of software and version. Registration updates - when does a client actually need to update its registration? Shouldn't it be never? Is there some characteristic of deployed code that would cause it to change? Options lead to complexity - because each client is treated as unique, it becomes unclear how the clients and servers will agree on what credentials forms are acceptable and what OAuth features are allowed and disallowed. Yet the reality is, developers will write their application to work in a limited number of ways. They can't implement all the permutations and combinations that potential service providers might choose. Stateful registration - if the primary motivation for registration is to obtain a client_id and credential, why can't this be done in a stateless fashion using assertions? Denial of service - With so much stateful registration and the need for multiple tokens to be issued, will this not lead to a denial of service attack / risk of resource depletion? At the very least, because of the information gathered, it would difficult for service providers to clean up "failed" registrations and determine active from inactive or false clients. There has yet to be much wide-scale "production" use of dynamic registration other than in small closed communities. Client Association A second proposal, Client Association, has been put forward by Tony Nadalin of Microsoft and myself. We took at look at existing use patterns to come up with a new proposal. At the Berlin meeting, we considered how WS-STS systems work. More recently, I took a review of how mobile messaging clients work. I looked at how Apple, Google, and Microsoft each handle registration with APNS, GCM, and WNS, and a similar pattern emerges. This pattern is to use an existing credential (mutual TLS auth), or client bearer assertion and swap for a device specific bearer assertion.In the client association proposal, the developer's registration with the API publisher is handled by having the developer register with an API publisher (as opposed to the party deploying the API) and obtaining a software "statement". Or, if there is no "publisher" that can sign a statement, the developer may include their own self-asserted software statement.A software statement is a special type of assertion that serves to lock application registration profile information in a signed assertion. The statement is included with the client application and can then be used by the client to swap for an instance specific client assertion as defined by section 4.2 of the OAuth Assertion draft and profiled in the Client Association draft. The software statement provides a way for service provider to recognize and configure policy to approve classes of software clients, and simplifies the actual registration to a simple assertion swap. Because the registration is an assertion swap, registration is no longer "stateful" - meaning the service provider does not need to store any information to support the client (unless it wants to). Has this been implemented yet? Not directly. We've only delivered draft 00 as an alternate way of solving the problem using well-known patterns whose security characteristics and scale characteristics are well understood. Dynamic Take II At roughly the same time that Client Association and Software Statement were published, the authors of Dynamic Registration published a "split" version of the Dynamic Registration (draft-richer-oauth-dyn-reg-core and draft-richer-oauth-dyn-reg-management). While some of the concerns above are addressed, some differences remain. Registration is now a simple POST request. However it defines a new method for issuing client tokens where as Client Association uses RFC6749's existing extension point. The concern here is whether future client access token formats would be addressed properly. Finally, Dyn-reg-core does not yet support software statements. Conclusion The WG has some interesting discussion to bring this back to a single set of specifications. Dynamic Registration has significant implementation, but Client Association could be a much improved way to simplify implementation of the overall OpenID Connect specification and improve adoption. In fairness, the existing editors have already come a long way. Yet there are those with significant investment in the current draft. There are many that have expressed they don't care. They just want a standard. There is lots of pressure on the working group to reach consensus quickly.And that folks is how the sausage is made.Note: John Bradley and Justin Richer recently published draft-bradley-stateless-oauth-client-00 which on first look are getting closer. Some of the details seem less well defined, but the same could be said of client-assoc and software-statement. I hope we can merge these specs this week. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} About the Writer: Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identity Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards.  Phil blogs at www.independentid.com and a Twitter handle of @independentid.

    Read the article

  • Rails3 server and bundler error: uninitialized constant Bundler (NameError)

    - by .yandex.rurap-kasta
    I just install rails 3 and all gems that it need, but when I try to start server, it says about problem in boot script. [rap-kasta@acerAspire testR3]$ script/rails server /home/rap-kasta/tmp/testR3/config/boot.rb:7:in `rescue in <top (required)>': uninitialized constant Bundler (NameError) from /home/rap-kasta/tmp/testR3/config/boot.rb:2:in `<top (required)>' from script/rails:9:in `require' from script/rails:9:in `<main> So, I tried to reinstall Bundler, install "pre"-version (but really it has version number lower then i install by gem install bundler Now there are next gems in system: abstract (1.0.0) actionmailer (3.0.0.beta, 2.3.5, 2.3.4) actionpack (3.0.0.beta, 2.3.5, 2.3.4) activemodel (3.0.0.beta) activerecord (3.0.0.beta, 2.3.5, 2.3.4) activeresource (3.0.0.beta, 2.3.5, 2.3.4) activesupport (3.0.0.beta, 2.3.5, 2.3.4) arel (0.2.1, 0.2.pre) builder (2.1.2) bundler (0.9.5) erubis (2.6.5) fxri (0.3.7) fxruby (1.6.20) i18n (0.3.3) jemini (2010.1.24, 2010.1.5) mail (2.1.2) memcache-client (1.7.8) mime-types (1.16) mysql (2.8.1) nifty-generators (0.3.2, 0.3.0) rack (1.1.0, 1.0.1, 1.0.0) rack-mount (0.5.1, 0.4.0) rack-openid (0.2.3, 0.2.2) rack-test (0.5.3) rails (3.0.0.beta, 2.3.5, 2.3.4) railties (3.0.0.beta) rake (0.8.7) rawr (1.3.8) RedCloth (4.2.2) ruby-mysql (3.0.2) ruby-openid (2.1.7) rubygems-update (1.3.5) rubyzip (0.9.4, 0.9.1) rubyzip2 (2.0.1) sqlite3-ruby (1.2.5) text-format (1.0.0) text-hyphen (1.0.0) thor (0.13.2, 0.13.1) tzinfo (0.3.16) Also, there is same error with rails console and similar with bundle check: [rap-kasta@acerAspire testR3]$ bundle check /usr/lib/ruby/gems/1.9.1/gems/bundler-0.9.5/bin/bundle:12:in `rescue in <top (required)>': uninitialized constant Bundler::BundlerError (NameError) from /usr/lib/ruby/gems/1.9.1/gems/bundler-0.9.5/bin/bundle:10:in `<top (required)>' from /usr/bin/bundle:19:in `load' from /usr/bin/bundle:19:in `<main>'

    Read the article

  • Logging into StackOverflow.com and Meta.StackOverflow.com

    - by Tahir Hassan
    I have recently created a myopenid to log into stack overflow. This login works on stackoverflow.com but NOT on meta.stackoverflow.com. Why is this? This seems like it is a problem on (meta)stackoverflow's side rather than myopenid's side. When I attempt to login to meta.stackoverflow.com using myopenid login, I end up being redirected to a blank page with a very long query string. The url of the blank page is http://www.myopenid.com/server?... Secondly, my google login does not work. When I attempt to login to stackoverflow.com using my google login I end up seeing a blank page with a url beginning with http://stackoverflow.com/users/authenticate/?s... I am using Firefox 3.6.3 and I can successfully login to stackoverflow.com using myopenid but NOT with myopenid onto meta.stackoverflow.com and NOT with google onto stackoverflow.com. Please note that I would prefer to use my google login to login to stackoverflow. I only created myopenid account to get to the root of the problem. Stackoverflow should seriously consider giving users the option of having stackoverflow specific credentials because for me and I am sure countless others this openid thing don't work. (I know this should be posted in meta.stackoverflow.com but this requires a working openid, which I do not have).

    Read the article

  • Modifying my website to allow anonymous comments

    - by David
    I write the code for my own website as an educational/fun exercise. Right now part of the website is a blog (like every other site out there :-/) which supports the usual basic blog features, including commenting on posts. But I only have comments enabled for logged-in users; I want to alter the code to allow anonymous comments - that is, I want to allow people to post comments without first creating a user account on my site, although there will still be some sort of authentication involved to prevent spam. Question: what information should I save for anonymous comments? I'm thinking at least display name and email address (for displaying a Gravatar), and probably website URL because I eventually want to accept OpenID as well, but would anything else make sense? Other question: how should I modify the database to store this information? The schema I have for the comment table is currently comment_id smallint(5) // The unique comment ID post_id smallint(5) // The ID of the post the comment was made on user_id smallint(5) // The ID of the user account who made the comment comment_subject varchar(128) comment_date timestamp comment_text text Should I add additional fields for name, email address, etc. to the comment table? (seems like a bad idea) Create a new "anonymous users" table? (and if so, how to keep anonymous user ids from conflicting with regular user ids) Or create fake user accounts for anonymous users in my existing users table? Part of what's making this tricky is that if someone tries to post an anonymous comment using an email address (or OpenID) that's already associated with an account on my site, I'd like to catch that and prompt them to log in.

    Read the article

  • Setting attributes of a class during construction from **kwargs

    - by Carson Myers
    Python noob here, Currently I'm working with SQLAlchemy, and I have this: from __init__ import Base from sqlalchemy.schema import Column, ForeignKey from sqlalchemy.types import Integer, String from sqlalchemy.orm import relationship class User(Base): __tablename__ = "users" id = Column(Integer, primary_key=True) username = Column(String, unique=True) email = Column(String) password = Column(String) salt = Column(String) openids = relationship("OpenID", backref="users") User.__table__.create(checkfirst=True) #snip definition of OpenID class def create(**kwargs): user = User() if "username" in kwargs.keys(): user.username = kwargs['username'] if "email" in kwargs.keys(): user.username = kwargs['email'] if "password" in kwargs.keys(): user.password = kwargs['password'] return user This is in /db/users.py, so it would be used like: from db import users new_user = users.create(username="Carson", password="1234") new_user.email = "[email protected]" users.add(new_user) #this function obviously not defined yet but the code in create() is a little stupid, and I'm wondering if there's a better way to do it that doesn't require an if ladder, and that will fail if any keys are added that aren't in the User object already. Like: for attribute in kwargs.keys(): if attribute in User: user.__attribute__[attribute] = kwargs[attribute] else: raise Exception("blah") that way I could put this in its own function (unless one hopefully already exists?) So I wouldn't have to do the if ladder again and again, and so I could change the table structure without modifying this code. Any suggestions?

    Read the article

  • tipfy for Google App Engine: Is it stable? Can auth/session components of tipfy be used with webapp?

    - by cv12
    I am building a web application on Google App Engine that requires users to register with the application and subsequently authenticate with it and maintain sessions. I don't want to force users to have Google accounts. Also, the target audience for the application is the average non-geek, so I'm not very keen on using OpenID or OAuth. I need something simple like: User registers with an e-mail and password, and then can log back in with those credentials. I understand that this approach does not provide the security benefits of Google or OpenID authentication, but I am prepared to trade foolproof security for end-user convenience and hassle-free experience. I explored Django, but decided that consecutive deprecations from appengine-helper to app-engine-patch to django-nonrel may signal that path may be a bit risky in the long-term. I'd like to use a code base that is likely to be maintained consistently. I also explored standalone session/auth packages like gaeutilities and suas. GAEUtilities looked a bit immature (e.g., the code wasn't pythonic in places, in my opinion) and SUAS did not give me a lot of comfort with the cookie-only sessions. I could be wrong with my assessment of these two, so I would appreciate input on those (or others that may serve my objective). Finally, I recently came across tipfy. It appears to be based on Werkzeug and Alex Martelli spoke highly of it here on stackoverflow. I have two primary questions related to tipfy: As a framework, is it as mature as webapp? Is it stable and likely to be maintained for some time? Since my primary interest is the auth/session components, can those components of the tipfy framework be used with webapp, independent of the broader tipfy framework? If yes, I would appreciate a few pointers to how I could go about doing that.

    Read the article

  • how to store/model users/faceboook users/linkedin users, etc, with ActiveRecord?

    - by crankharder
    My app has "normal" users: those which come through a typical signup page facebook(FB) users: those which come from Facebook connect "FB-normal" users: a user that can log with both email/password * FB connect Further, there's the a slew of other openID-ish login methods (I don't think openID itself will be acceptable since it doesn't link up the accounts and allow the 3rd party specific features (posting to twitter, adding a FB post, etc etc)) So, how do I model this? Right now we have User class with #facebook_user? defined -- but it gets messy with the "FB-normal" users - plus all the validations become very tricky and hard to interpret. Also, there are methods like #deliver_password_reset! which make no sense in the context for facebook-only users. (this is lame) I've thought out STI (User::Facebook, User::Normal, User::FBNormal, etc.) This makes validations super slick, but it doesn't scale to other connection types, and all the permutations between them... User::FacebookLinkedInNormal(wtf?) Doing this with a bunch of modules I think would suck a lot. Any other ideas?

    Read the article

  • Faster Javascript text replace

    - by Stacey
    Given the following javascript (jquery) $("#username").keyup(function () { selected.username = $("#username").val(); var url = selected.protocol + (selected.prepend == true ? selected.username : selected.url) + "/" + (selected.prepend == true ? selected.url : selected.username); $("#identifier").val(url); }); This code basically reads a textbox (username), and when it is typed into, it reconstructs the url that is being displayed in another textbox (identifier). This works fine - there are no problems with its functionality. However it feels 'slow' and 'sluggish'. Is there a cleaner/faster way to accomplish this task? Here is the HTML as requested. <fieldset class="identifier delta"> <form action="/authenticate/openid" method="post" target="_top" > <input type="text" class="openid" id="identifier" name="identifier" readonly="readonly" /> <input type='text' id='username' name='username' class="left" style='display: none;'/> <input type="submit" value="Login" style="height: 32px; padding-top: 1px; margin-right: 0px;" class="login right" /> </form> </fieldset> The identifier textbox just has a value set based on the hyperlink anchor of a button.

    Read the article

  • CodePlex Daily Summary for Sunday, November 21, 2010

    CodePlex Daily Summary for Sunday, November 21, 2010Popular ReleasesMDownloader: MDownloader-0.15.24.6966: Fixed Updater; Fixed minor bugs;Smith Html Editor: Smith Html Editor V0.75: The first public release.MiniTwitter: 1.59: MiniTwitter 1.59 ???? ?? User Streams ????????????????? ?? ?????????????? ???????? ?????????????.NET Extensions - Extension Methods Library for C# and VB.NET: Release 2011.01: Added new extensions for - object.CountLoopsToNull Added new extensions for DateTime: - DateTime.IsWeekend - DateTime.AddWeeks Added new extensions for string: - string.Repeat - string.IsNumeric - string.ExtractDigits - string.ConcatWith - string.ToGuid - string.ToGuidSave Added new extensions for Exception: - Exception.GetOriginalException Added new extensions for Stream: - Stream.Write (overload) And other new methods ... Release as of dotnetpro 01/2011Code Sample from Microsoft: Visual Studio 2010 Code Samples 2010-11-19: Code samples for Visual Studio 2010Prism Training Kit: Prism Training Kit 4.0: Release NotesThis is an updated version of the Prism training Kit that targets Prism 4.0 and added labs for some of the new features of Prism 4.0. This release consists of a Training Kit with Labs on the following topics Modularity Dependency Injection Bootstrapper UI Composition Communication MEF Navigation Note: Take into account that this is a Beta version. If you find any bugs please report them in the Issue Tracker PrerequisitesVisual Studio 2010 Microsoft Word 2...Free language translator and file converter: Free Language Translator 2.2: Starting with version 2.0, the translator encountered a major redesign that uses MEF based plugins and .net 4.0. I've also fixed some bugs and added support for translating subtitles that can show up in video media players. Version 2.1 shows the context menu 'Translate' in Windows Explorer on right click. Version 2.2 has links to start the media file with its associated subtitle. Download the zip file and expand it in a temporary location on your local disk. At a minimum , you should uninstal...Free Silverlight & WPF Chart Control - Visifire: Visifire SL and WPF Charts v3.6.4 Released: Hi, Today we are releasing Visifire 3.6.4 with few bug fixes: * Multi-line Labels were getting clipped while exploding last DataPoint in Funnel and Pyramid chart. * ClosestPlotDistance property in Axis was not behaving as expected. * In DateTime Axis, Chart threw exception on mouse click over PlotArea if there were no DataPoints present in Chart. * ToolTip was not disappearing while changing the DataSource property of the DataSeries at real-time. * Chart threw exception ...Microsoft SQL Server Product Samples: Database: AdventureWorks 2008R2 SR1: Sample Databases for Microsoft SQL Server 2008R2 (SR1)This release is dedicated to the sample databases that ship for Microsoft SQL Server 2008R2. See Database Prerequisites for SQL Server 2008R2 for feature configurations required for installing the sample databases. See Installing SQL Server 2008R2 Databases for step by step installation instructions. The SR1 release contains minor bug fixes to the installer used to create the sample databases. There are no changes to the databases them...VidCoder: 0.7.2: Fixed duplicated subtitles when running multiple encodes off of the same title.Craig's Utility Library: Craig's Utility Library Code 2.0: This update contains a number of changes, added functionality, and bug fixes: Added transaction support to SQLHelper. Added linked/embedded resource ability to EmailSender. Updated List to take into account new functions. Added better support for MAC address in WMI classes. Fixed Parsing in Reflection class when dealing with sub classes. Fixed bug in SQLHelper when replacing the Command that is a select after doing a select. Fixed issue in SQL Server helper with regard to generati...MFCMAPI: November 2010 Release: Build: 6.0.0.1023 Full release notes at SGriffin's blog. If you just want to run the tool, get the executable. If you want to debug it, get the symbol file and the source. The 64 bit build will only work on a machine with Outlook 2010 64 bit installed. All other machines should use the 32 bit build, regardless of the operating system. Facebook BadgeDotNetNuke® Community Edition: 05.06.00: Major HighlightsAdded automatic portal alias creation for single portal installs Updated the file manager upload page to allow user to upload multiple files without returning to the file manager page. Fixed issue with Event Log Email Notifications. Fixed issue where Telerik HTML Editor was unable to upload files to secure or database folder. Fixed issue where registration page is not set correctly during an upgrade. Fixed issue where Sendmail stripped HTML and Links from emails...mVu Mobile Viewer: mVu Mobile Viewer 0.7.10.0: Tube8 fix.EPPlus-Create advanced Excel 2007 spreadsheets on the server: EPPlus 2.8.0.1: EPPlus-Create advanced Excel 2007 spreadsheets on the serverNew Features Improved chart support Different chart-types series on the same chart Support for secondary axis and a lot of new properties Better styling Encryption and Workbook protection Table support Import csv files Array formulas ...and a lot of bugfixesAutoLoL: AutoLoL v1.4.2: Added support for more clients (French and Russian) Settings are now stored sepperatly for each user on a computer Auto Login is much faster now Auto Login detects and handles caps lock state properly nowTailspinSpyworks - WebForms Sample Application: TailspinSpyworks-v0.9: Contains a number of bug fixes and additional tutorial steps as well as complete database implementation details.ASP.NET MVC Project Awesome (jQuery Ajax helpers): 1.3 and demos: It contains a rich set of helpers (controls) that you can use to build highly responsive and interactive Ajax-enabled Web applications. These helpers include Autocomplete, AjaxDropdown, Lookup, Confirm Dialog, Popup Form and Pager tested on mozilla, safari, chrome, opera, ie 9b/8/7/6 new stuff in 1.3 Autocomplete helper Autocomplete and AjaxDropdown can have parentId and be filled with data depending on the value of the parent PopupForm besides Content("ok") on success can also return J...Nearforums - ASP.NET MVC forum engine: Nearforums v4.1: Version 4.1 of the ASP.NET MVC forum engine, with great improvements: TinyMCE added as visual editor for messages (removed CKEditor). Integrated AntiSamy for cleaner html user post and add more prevention to potential injections. Admin status page: a page for the site admin to check the current status of the configuration / db / etc. View Roadmap for more details.UltimateJB: UltimateJB 2.01 PL3 KakaRoto + PSNYes by EvilSperm: Voici une version attendu avec impatience pour beaucoup : - La Version PSNYes pour pouvoir jouer sur le PSN avec une PS3 Jailbreaker. - Pour l'instant le PSNYes n'est disponible qu'avec les PS3 en firmwares 3.41 !!! - La version PL3 KAKAROTO intégre ses dernières modification et prépare a l'intégration du Firmware 3.30 !!! Conclusion : - UltimateJB PSNYes => Valide l'utilisation du PSN : Uniquement compatible avec les 3.41 - ultimateJB DEFAULT => Pas de PSN mais disponible pour les PS3 sui...New Projects1600hours: 1600hours project made in C++.aoleDownload: Aole Series DownloadBills and Cash Flow: Bills and Cash Flow is a simple multi-tenant application to track bills and view cash flowCUDAagrep: CUDAagrep, a fast CUDA implementation of agrep algorithm for approximate DNA/RNA sequence matching.DNN5 Simple Ticketing Module: This is a simple DNN module that accepts trouble tickets and creates a knowledge base for a company.EntityOH: Dynamic Entities ORMFxcop ASP.NET Security Rules: Fxcop ASP.NET security rules This is a set of code analysis rules aiming at analyzing ASP.NET and ASP.NET MVC security against best practices. The rules can be used by Visual Studio 10 Ultimate or FxCop v10 standalone.Head First Design Patterns - Code Examples in C#: This project consists of ported code examples from the book Head First Design Patterns by Eric and Elizabeth Freeman into C#.HTML5 Media Player (Video / Audio): A .NET implementation of the VideoJS and AudioJS open source projects with video and audio support for HTML5. Excellent for use with iPod, iPad, iPhone, etc.Keyword Auction Simulator: This is the project for simulating the keyword auction like Adwords.mAdcOW Office Add-Ins: A collection of handy Office 2010 add-ins.Manga to Epub: Manga to Epub allow you to convert a bunch of images to a single "epub" file, readable on your reader. It handles most of the image types as well as several archives. You have multiple customization options, such as trimming the images in order to remove white borders.Mapua Career Ramp Up: A joint endeavor with the Philippine IT industry leaders and with Mapua School of Information Technology to build an online collaborative database system to Ramp-Up graduating students on their career as future IT Professionals. minami: Minami is a Project what focuse the work on Stability and Features. Is Development in C++minami-dev: Comes later the Description.Mobile RPG: Mobile RPG is five ATtiny85 microcontrollers playing their own RPG characters with a primary MCU acting as GM. Its a fun exercise in autonomous role playing.NetSnoop: Netsnoop allows everyone to get a quick overview over alle the current connections on their workstation.nGso: GSO algorithm implementation based on http://www.springerlink.com/content/y065470472612847/fulltext.pdf Glowworm swarm optimization for simultaneous capture of multiple local optima of multimodal functions K.N. Krishnanand · D. GhoseOpenID Starter Kit for ASP.NET MVC: OpenID Starter Kit for ASP.NET MVC is used to jump start building your web application with ASP.NET MVC with OpenID login system. It is also a good education resource if you want to learn how to implement OpenID into a ASP.NET MVC.Orchard Contact Us Module: Add a contact us page to your Orchard site using this module.Persian Scheduler and Calendar Control: This is a Jalali (Persian or shamsi) calendar and scheduler control in silverlight. Choosing the name 'Jalali' is in honor of 'Hakim omar khayyam' the founder of Jalali calendar. This is under the lisence of 'Barid New Systems' company.Popfly Metadata Generator: Creates Metadata for New project.PurpleStoat: A modular, extensible Silverlight application shell using Prism, Unity and the Enterprise Library, and written in C#. It includes a WCF service which provides AuthZ and logging services to the shell, which are also available to the modules.QL Config Compare Tool: The QL Config Compare Tool enables you to compare two QuakeLive configs. It creates a detailed overview of the differences and is able to save statistics.SQL PHI Identifier: SQL PHI Identifier is an auditing tool for DBA's in a healthcare environment to be able to help identify which databases/tables might hold protected health information (PHI). Using this information a DBA can then take the necessary steps to secure that data adequately.Sqlite ORM: Sqlite ORM is at present a simple Class to Table mapper for Sqlite databases. Tables are created on demand, and designed to future proof for Sharding. Code has 100% unit test coverage.Test shop: Test shopVarMerger - ??????? ????????? ??? ???????? ????????????.: VarMerger - ?????????? (Add-In) ??? MS Word 2007, ??????? ????????? ??????????? ???????? ???????? ??????? ?? ??????, ?????????? ????????? ?????? ? ??????. Visual Studio Add-In For creating Vista Gadget: The absence of tools in Visual Studio that can help developers to create Vista gadgets is strange and disappointing, in my opinion., I want to show you some tools that can help you to develop Vista gadgets using only Visual Studio 2008 or 2010 IDE.Vocal Remover - VST Plugin: VST Plugin Removes vocal form songs using M/S system trick with EQ on mid signal. source in C++ IDE: Visual Studio 2010 Express Edition LIB: Steinberg VST SDK 2.4Windows Phone 7 To Go: A project with demos for Windows Phone 7 FeaturesWinware: Winware is not only an Entity Framework, but beyond.XTengine: Xtengine makes it easier for XNA developers to develop in a compositional manner. You'll no longer have to write specific game classes with deep hierarchies or hardcode to load levels. It's developed in C# with XNA 4.0, with WP7 in mind.

    Read the article

  • Opera user script to fill out some form fields

    - by STATUS_ACCESS_DENIED
    I'm looking for a user script that lets me fill out some form fields that are not covered by the Magic Wand in Opera. Alternately I could accept a solution that lets Opera accept other form fields with the Wand. To give you one example: when logging into any of the StackExchange sites, I need to manually enter (or enter from a note) the URL of the OpenID provider. I would like to automate this in particular plus several other sites where a similar situation exists.

    Read the article

  • Federated access to desktop and network resources in MS AD domains

    - by Glenn Stauffer
    We are looking for a way to provide members of three loosely connected organizations with access to authenticated resources such as file shares, printers, and lab computers. I've seen federation facilities for web resources; is ther something similar for domain logins? Our Active directory domains are not connected so we would have to use email addresses for the username to insure uniqueness. Is there any openid like mechanism that works for AD logins?

    Read the article

  • Google I/O 2010 - Where is the social web going next?

    Google I/O 2010 - Where is the social web going next? Google I/O 2010 - Where is the social web going next? Social Web 201 Adam Nash, Daniel Raffel, Chris Messina, Angus Logan, Ryan Sarver, Chris Cole, Kara Swisher (moderator) With the advent of social protocols like OAuth, OpenID and ActivityStrea.ms, it's clear that the web has gone social and is becoming more open. Adam Nash (LinkedIn), Daniel Raffel (Yahoo), Chris Messina (Google), Angus Logan (Microsoft), Ryan Sarver (Twitter), and Chris Cole (MySpace) will discuss the importance of such emerging technologies, how they've adopted them in their products and debate what's next. Kara Swisher will moderate. For all I/O 2010 sessions, please go to code.google.com From: GoogleDevelopers Views: 13 0 ratings Time: 01:07:35 More in Science & Technology

    Read the article

  • j2ee implementing security and using a framwork pros and cons

    - by Ismail Marmoush
    I'm a newbie to j2ee security, and i'm not j2ee expert either, though i'm really willing to put some effort and learn I've an application that i'm about to develop on Google App Engine (GAE) --with no time constraints. As you know GAE handles a lot of web container security issues for you, also I will be using openID for authentication exclusively (sessions will be handled by provider). GAE supports SSL which will help with confidentiality and integrity maybe. Authorization can be done through filters. I know reinventing the wheel is a mess, but I was looking forward to learn something about security and implement that in my new app. so what the pros and cons of using a framework like shiro, spring security, jguard etc or filling the rest of gaps on my own ?

    Read the article

  • Google I/O 2010 - Fluid social experiences across sites

    Google I/O 2010 - Fluid social experiences across sites Google I/O 2010 - Bridging the islands: Building fluid social experiences across websites Social Web 201 John Panzer, Joseph Smarr As more sites add social functionality, profiles, friends, and conversations are becoming increasingly fragmented. But an emerging collection of open technologies aim to help bridge these social islands, allowing users to seamlessly move between sites and have unified conversations that span multiple web sites. Learn how OpenID, OAuth, Portable Contacts, ActivityStrea.ms, and Salmon can help you connect to the rest of the Social Web. For all I/O 2010 sessions, please go to code.google.com/events/io/2010/sessions.html From: GoogleDevelopers Views: 2 0 ratings Time: 01:01:42 More in Science & Technology

    Read the article

  • Sharing Authentication Across Subdomains using cookies

    - by Jordan Reiter
    I know that in general cookies themselves are not considered robust enough to store authentication information. What I am wondering is if there is an existing design pattern or framework for sharing authentication across subdomains without having to use something more complex like OpenID. Ideally, the process would be that the user visits abc.example.org, logs in, and continues on to xyz.example.org where they are automatically recognized (ideally, the reverse should also be possible -- a login via xyz means automatic login at abc). The snag is that abc.example.org and xyz.example.org are both on different servers and different web application frameworks, although they can both use a shared database. The web application platforms include PHP, ColdFusion, and Python (Django), although I'm also interested in this from a more general perspective (i.e. language agnostic).

    Read the article

  • Access Control Service v2

    - by Your DisplayName here!
    A Resource-STS (others call it RP-STS or federation gateway) is a necessity for non-trivial federated identity scenarios. ADFS v2 does an excellent job in fulfilling that role – but (as of now) you have to run ADFS on-premise. The Azure Access Control Service is a Resource-STS in the cloud (with all the usual scalability/availability) promises. Unfortunately a lot of (the more interesting) features in ACS v1 had to be cut due to constrained time/resources. The good news is that ACS v2 is now in CTP and brings back a lot of the missing features (like WS* support) and adds some really sweet new ones (out of the box federation with Google, Facebook, LiveID – and OpenId in general). You can read about the details here. On a related note – ACS v2 works out of the box with StarterSTS – simply choose the ADFS v2 option and point the management portal to the StarterSTS WS-Federation metadata endpoint. Have fun ;)

    Read the article

  • Life, Identity, and Everything

    Life, Identity, and Everything Tim Bray is the Developer Advocate, and Breno de Madeiros is the tech lead, in the group at Google that does authentication and authorization APIs; specifically, those involving OAuth and OpenID. Breno also has his name on the front of a few of the OAuth RFCs. We're going to talk for a VERY few (less than 10) minutes on why OAuth is a good idea, and a couple of things we're working on right now to help do away with passwords. After that, ask us anything. From: GoogleDevelopers Views: 0 0 ratings Time: 30:00 More in Science & Technology

    Read the article

  • Google I/O 2010 - The open & social web

    Google I/O 2010 - The open & social web Google I/O 2010 - The open & social web Social Web 101 Chris Messina This session will cover the latest and most important trends of the Social Web and dive deep into where this is all going, at both technical and conceptual levels. From the concepts of digital identity, relationships, and social objects, this session will cover emerging technologies like WebFinger, Salmon, ActivityStrea.ms, OpenID, OAuth and OpenSocial. For all I/O 2010 sessions, please go to code.google.com From: GoogleDevelopers Views: 4 0 ratings Time: 47:12 More in Science & Technology

    Read the article

  • Forum that integrates into CMS and has curated category pages with tagged threads

    - by user6172
    I'm looking for a forum that meets these requirements: Login using Facebook/Twitter/OpenID etc. User profiles with reward system Voting/thumbs up function Categories and tags for sorting threads Custom category pages with moderated static header Embeddable threads and categories (For example, a whole category or single thread can be integrated into wordpress) API to users, discussions etc. I've looked at forums like Vanilla, Disqus, OSQA etc, but none seem to match the above "hybrid criteria". Hosted or self-hosted doesn't matter but I'm really looking for something that can be integrated into an existing CMS to replace comments while at the same time have curated category pages and user profiles. Thanks.

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17  | Next Page >