Search Results

Search found 1725 results on 69 pages for 'token'.

Page 28/69 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

• where should we place HIDDEN variable in JSP

  - by micheal

  I need to use Hidden variables in my JSP for session tracking. this is the code: <input type="hidden" name="REQ_TOKEN" value="<%=session.getAttribute("SESN_TOKEN").toString()%>" /> i am using this to compare the request token with session token, so only when both are equal i will evaluate that request otherwise i will throw an error. Now the problem is, when i place this code inside <form></form> tags, it is working fine. Unfortunately there are some JSPs in my application where we dont have tag(I know that sounds weird!). where can i place my code so that it will work? Cant i use Hidden variables without FORM tag???

  Read the article

• Twitter oauth_callback parameter being ignored!

  - by Astrofaes

  Hi guys, I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course). So my request URL looks like this: http://twitter.com/oauth/request_token?oauth_callback_url=http%3A%2F%2Fmydomain.com%2Ftwittercallback Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters. However, my response comes through as: oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful! Thanks, A.

  Read the article

• Authenticated Referrals & Server-Side Auth Flow - What is the redirect_uri?

  - by Brian P. Hamachek

  From an authenticated referral (such as from a timeline story) to my website, I am trying to use the server-side authentication flow to obtain an access token for the referred user. I need to pass my app secret, the auth code, and the original redirect URI to the Facebook access token endpoint. Since I did not initiate the authentication request, how do I determine the original redirect_uri? The link from the Facebook timeline looks like: http://www.facebook.com/connect/uiserver.php?app_id=153644678059870&method=permissions.request&redirect_uri=http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity&response_type=code&display=page&auth_referral=1 So I figure that the redirect URI I need to pass is: http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity The URI that the user is ultimately redirected to is: http://www.wnmlive.com/post/141833948?fb_action_ids=10100708032119787&fb_action_types=wnm-live%3Apost&fb_source=recent_activity&code=AQALK-Mwb_Nwi4z7FWnFaL6tEXvNtVJiRKrgarG9X73sp22TJyk8v2GWKtuXuevJk4hPSRNnuNpEgZXLFdOS_k-pY-mE15DYytIa8Y7VdSw3VL-XYi-CR9BCqRQGq4uBJvSSdZayCp6MWzDMaNqWd5r8OhKVnOhg_yDlvfoLl21N2SMwkJaOfD5mlPnPb5A-Q4A#_=_ Is it safe to assume that I can just chop off everything starting with the "&code=" and use that as the redirect URI?

  Read the article

• Doesn't get into Debug Mode

  - by Grace Jones

  When I Press F5 on my VS2005 to debug the application, it launches the web app window but it is coming out of debug mode. When I tried to trace the Error in the EventViewer, this was the error: Failed in Token.vb(GetToken). The token was not in memory and the identity of the authenticated IIS caller was not permitted. The session may have unexpectedly terminated. The specific error message included: Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the \\ section in the application configuration. I don't have any httpModules section in my config file and the sessionState mode="InProc"...

  Read the article

• Problem with Validate Anti Forgery

  - by Mikael Egnér

  Hi! I have a problem regarding MVC Anti forgery token. When I do my authentication I have pseudo code like this: var user = userRepository.GetByEmail(email); System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; by doing so I'm able to get the current user in my code like this: var user = HttpContext.Current.User as EntityUser; This works fine until I add the [ValidateAntiForgeryToken] attribute to an action. When I add the attribute I get A required anti-forgery token was not supplied or was invalid. If I comment out this line: System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; The antiforgery validation works fine, but the I don't have my convenient way of getting my "EntityUser" from the HttpContext. Any ideas of how to work around this? Best regards Mikael

  Read the article

• How to query a date in HQL (Hibernate) with Joda Time?

  - by fabien7474

  I am sure that someone familiar with HQL (I am myself a newbie) can easily answer this question. In my Grails application, I have the following domain class. class Book { org.joda.time.DateTime releaseDate //I use the PersistentDateTime for persisting via Hibernate (that use a DATETIME type for MySQL DB) } In my HQL query, I want to retrieve books whose release date is included in range date1..date2 For instance I tried: DateTime date1, date2 ... def queryStr = "select * from Book as b where b.releaseDate > $date1 and b.releaseDate < $date2" def res = Book.executeQuery(queryStr) But I got the exception ...caused by: org.springframework.orm.hibernate3.HibernateQueryException: unexpected token: The error token points to date format (for instance 2009-11-27T21:57:18.010+01:00 or Fri Nov 27 22:01:20 CET 2009) I have also tried to convert date1 into a Date class without success So what is the correct HQL code ? Should I convert to a specific format (which one?) using the patternForStyle method or is there another -cleaner- way to do it? Thanks, Fabien.

  Read the article

• Flickr API automated login using Python library flickrapi

  - by Dave Aaron Smith

  I have a web application that I want to sync with Flickr. I don't want the users to have to log into Flickr so I plan to use a single login. I believe I'll need to do something like this: import flickrapi flickr = flickrapi.FlickrAPI(myKey, mySecret) (token, frob) = flickr.get_token_part_one(perms='write', my_auth_callback) flickr.get_token_part_two((token, frob,)) flickr.what_have_you(... I don't know what my_auth_callback should look like though. I suspect it will have to post my login information to flickr. Could I do the get_token_part_one step just once manually perhaps and then re-use it in get_token_part_two?

  Read the article

• "Invalid signature": oAuth provider with Django-piston

  - by Martin Eve

  Hi, I'm working with django-piston to attempt to create an API that supports oAuth. I started out using the tutorial at: http://blog.carduner.net/2010/01/26/django-piston-and-oauth/ I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes. The urls are successfully wired-up and the oAuth provider is called. However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error: Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0 The problem seems to lie inside the _check_signature method of Piston's oauth.py, where valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature) is returning false. I can't, however, work out how to get the signature validated. Any ideas? -----Update----- If I remove the test consumer from piston's backend, the response returned is correctly set to "Invalid consumer", so this lookup appears to be working.

  Read the article

• How to do call function after client finishes download from tornado web server?

  - by Shabbyrobe

  I would like to be able to run some cleanup functions if and only if the client successfully completes the download of a file I'm serving using Tornado. I installed the firefox throttle tool and had it slow the connection down to dialup speed and installed this handler to generate a bunch of rubbish random text: class CrapHandler(BaseHandler): def get(self, token): crap = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(100000)) self.write(crap) print "done" I get the following output from tornado immediately after making the request: done I 100524 19:45:45 web:772] 200 GET /123 (192.168.45.108) 195.10ms The client then plods along downloading for about 20 seconds. I expected that it would print "done" after the client was done. Also, if I do the following I get pretty much the same result: class CrapHandler(BaseHandler): @tornado.web.asynchronous def get(self, token): crap = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(100000)) self.write(crap) self.finish() print "done" Am I missing something fundamental here? Can tornado even support what I'm trying to do? If not, is there an alternative that does?

  Read the article

• Is using GET with a tokenID for security a good idea?

  - by acidzombie24

  I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?

  Read the article

• Authlogic: Create records on other users' behalf

  - by Friðrik

  Hi Using Authlogic, what is the best way to create a record in rails on other users' behalf? Description: I have a c++ server which handles Tcp connections from many c++ clients, and I want the c++ server to create a new record in the rails database using its REST api. However, the c++ server needs to be authenticated before creating that record. What I want is to attach the original user ID (from the c++ client) to the record (but not the servers) so I know from which user the record came from. One way is for the c++ client to send its persistence token over to the c++ server which sends that token as a parameter to the create action, does that make sense? or are there maybe some better ways to do this? I have a rails app which uses authlogic for authentication. I also have another c++ client which is logs in and provides I have a c++ server which uses

  Read the article

• Basic Profanity Filter in Objective C for iPhone

  - by David van Dugteren

  How have you like minded individuals tackled the basic challenge of filtering profanity, obviously one can't possibly tackle every scenario but it would be nice to have one at the most basic level as a first line of defense. In Obj-c I've got NSString *tokens = [text componentsSeparatedByString:@" "]; And then I loop through each token to see if any of the keywords (I've got about 400 in a list) are found within each token. Realising False positives are also a problem, if the word is a perfect match, its flagged as profanity otherwise if more than 3 words with profanity are found without being perfect matches it is also flagged as profanity. Later on I will use a webservice that tackles the problem more precisely, but I really just need something basic. So if you wrote the word penis it would go yup naughty naughty, bad word written.

  Read the article

• Paypal - DoExpressCheckoutPayment null pointer

  - by user969894

  String nvpstr = "&TOKEN=" + token + "&PAYERID=" + payerID + "&PAYMENTREQUEST_0_PAYMENTACTION=" + paymentType + "&PAYMENTREQUEST_0_AMT=" + finalPaymentAmount + "&PAYMENTREQUEST_0_CURRENCYCODE=" + currencyCodeType + "&IPADDRESS=" + serverName; Having done an earlier call to SetExpressCheckout, I had to change a few parameter names because Paypal had changed it in the documentation but not in the code from the integration wizard. Now for DoExpressCheckoutPayment I've modified a few but I get a null pointer at strAck: HashMap nvp = httpcall("DoExpressCheckoutPayment", nvpstr); String strAck = nvp.get("ACK").toString(); if (strAck.equalsIgnoreCase("Success")) { return nvp; } Not sure what is wrong, any suggestions for debugging this or possible solutions?

  Read the article

• Rails: Generated tokens missing occasionally

  - by Vincent Chan

  We generate an unique token for each user and store it on database. Everything is working fine in the local environment. However, after we upload the codes to the production server on Engine Yard, things become weird. We tried to register an account right after the deploy. It is working fine and we can see the token in the db. But after that, when we register new accounts, we cannot see any tokens. We only have NULL in the db. Not sure what caused this problem because we can't re-produce this in the local machine. Thanks for your help.

  Read the article

• How do I read input character-by-character in Java?

  - by Jergason

  I am used to the c-style getchar(), but it seems like there is nothing comparable for java. I am building a lexical analyzer, and I need to read in the input character by character. I know I can use the scanner to scan in a token or line and parse through the token char-by-char, but that seems unwieldy for strings spanning multiple lines. Is there a way to just get the next character from the input buffer in Java, or should I just plug away with the Scanner class? Edit: forgot to say where the input is coming from. The input is a file, not the keyboard.

  Read the article

• Storing n-grams in database in < n number of tables.

  - by kurige

  If I was writing a piece of software that attempted to predict what word a user was going to type next using the two previous words the user had typed, I would create two tables. Like so: == 1-gram table == Token | NextWord | Frequency ------+----------+----------- "I" | "like" | 15 "I" | "hate" | 20 == 2-gram table == Token | NextWord | Frequency ---------+------------+----------- "I like" | "apples" | 8 "I like" | "tomatoes" | 12 "I hate" | "tomatoes" | 20 "I hate" | "apples" | 2 Following this example implimentation the user types "I" and the software, using the above database, predicts that the next word the user is going to type is "hate". If the user does type "hate" then the software will then predict that the next word the user is going to type is "tomatoes". However, this implimentation would require a table for each additional n-gram that I choose to take into account. If I decided that I wanted to take the 5 or 6 preceding words into account when predicting the next word, then I would need 5-6 tables, and an exponentially increase in space per n-gram. What would be the best way to represent this in only one or two tables, that has no upper-limit on the number of n-grams I can support?

  Read the article

• Approach for authentication and storing user details.

  - by cappuccino

  Hey folks, I am using the Zend Framework but my question is broadly about sessions / databases / auth (PHP MySQL). Currently this is my approach to authentication: 1) User signs in, the details are checked in database. - Standard stuff really. 2) If the details are correct only the user's unique ID is stored in the session and a security token (user unique ID + IP + Browser info + salt). The session in written to the filesystem. I've been reading around and many are saying that storing stuff in sessions is not a good idea, and that you should really only write a unique ID which refers back to the user's details and a security token to prevent session hijacking. So this is the approach i've taken, i use to write the user's details in session, but i've moved that out. Wanted to know your opinions on this. I'm keeping sessions in the filesystem since i don't run on multiple servers, and since i'm only writting a tiny tiny bit of data to sessions, i thought that performance would be greater keeping sessions in the filesystem to reduce load on the database. Once the session is written on authentication, it really is only read-only from then on. 3) The rest of the user's details (like subscription details, permissions, account info etc) are cached in the filesystem (this can always be easily moved to memory if i wanted even more performance). So rather than keeping the user's details in session, the user's details are cached in the file system. I'm using Zend_Cache and the unique cache id is something like md5(/cache/auth/2892), the number is the unique id of the user. I guess the benefit of this method is that once the user is logged in, there is essentially not database queries being run to get the user's details. Just wonder if this approach is better than keeping the whole lot in session... 4) As the user moves throughout the site the only thing that is checked is the ID in the session and the security token. So, overall the first question is 1) is the filesystem more efficient than a database for this purpose 2) have i taken enough security precautions 3) is separating user detail's from the session into a cached file a pointless task? Thanks.

  Read the article

• Testing with Unittest Python

  - by chrissygormley

  Hello, I am runninig test's with Python Unittest. I am running tests but I want to do negative testing and I would like to test if a function throw's an exception, it passes but if no exception is thrown the test fail's. The script I have is: try: result = self.client.service.GetStreamUri(self.stream, self.token) self.assertFalse except suds.WebFault, e: self.assertTrue else: self.assertTrue This alway's passes as True even when the function work's perfectly. I have also tried various other way's including: try: result = self.client.service.GetStreamUri(self.stream, self.token) self.assertFalse except suds.WebFault, e: self.assertTrue except Exception, e: self.assertTrue Does anyone have any suggestions? Thanks

  Read the article

• steps for facebook connect graph api

  - by dskanth

  Hi, iam using facebook connect in my site, and i want to know how do i use the graph api for authenticating the user. I followed these steps: 1) Initially i sent a request for "code", by clicking on the facebook icon in my site: https://graph.facebook.com/oauth/authorize? client_id=xxx&redirect_uri=http://xxxxxxxx 2) And then after getting a code, i sent a request for "access token", by clicking on another link in my site: https://graph.facebook.com/oauth/access_token? client_id=xxx&redirect_uri=http://xxxxxxx&client_secret=xxxx&code=xxxxx 3) And after i got the token, i sent another request for getting user data, by clicking on yet another link: https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Then finally i got the user data in array format, which i need to parse for my required data like user's firstname, email, etc. Now my question is that how i can automate this process with just one click ? Right now, iam using 3 different links for sending those requests. Can anyone suggest a solution ?

  Read the article

• Force CL-Lex to read whole word

  - by Flávio Cruz

  I'm using CL-Lex to implement a lexer (as input for CL-YACC) and my language has several keywords such as "let" and "in". However, while the lexer recognizes such keywords, it does too much. When it finds words such as "init", it returns the first token as IN, while it should return a "CONST" token for the "init" word. This is a simple version of the lexer: (define-string-lexer lexer (...) ("in" (return (values :in $@))) ("[a-z]([a-z]|[A-Z]|\_)" (return (values :const $@)))) How do I force the lexer to fully read the whole word until some whitespace appears?

  Read the article

• Using perl's Regexp::Grammars, how do I make a capture dependent on $MATCH?

  - by Evan Carroll

  I've got a token like such: <delim2=((?{ $MATCH{delim} }))> and what I want to happen is for delim2 to capture and be set to the value of delim. When I run this, delim2 is set, but the capture is never done. I think this is an error in my reasoning: I'm trying to chain this form: <ALIAS= ( PATTERN )> Match pattern, save match in $MATCH{ALIAS} and this form: (?{ MATCH{delim} }) into something like this <ALIAS= ( (?{MATCH{delim}) )> Matches the value of $MATCH{delim} save to $MATCH{delim2} but this simply doesn't seem valid. I can verify my original token works <delim2=((?{ die $MATCH{delim} }))> will die with the value, and, if I hard code it, I get the right capture and everything works <delim2=(')>? So how do I go about achieving sane results, while having a dynamic pattern?

  Read the article

• django-uni-form helpers and CSRF tags over POST

  - by linked

  Hi, I'm using django-uni-forms to display my fields, with a rather rudimentary example straight out of their book. When I render the form fields using <form>{%csrf_tag%} {%form|as_uni_form%}</form>, everything works as expected. However, django-uni-form Helpers allow you to generate the form tag (and other helper-related content) using the following syntax -- {% with form.helper as helper %}{% uni_form form helper%}{%endwith%} -- This creates the <form> tag for me, so there's nowhere to embed my own CSRF_token. When I try to use this syntax, the form renders perfectly, but without a CSRF token, and so submitting the form fails every time. Does anyone have experience with this? Is there an established way to add the token? I much prefer the second syntax, for re-use reasons. Thanks!

  Read the article

• Testing Zend_Controller wich is using Twitter API

  - by ArneRie

  Hi, iam trying to write an unit test for an Controller wich calls the Twitter API through an Service class. /** * Authenticate Step 1 for Twitter */ public function authenticateAction() { $this->service->authenticate(); } The Service does: /** * Authenticate with twitter * * @return void */ public function authenticate() { $consumer = new Zend_Oauth_Consumer($this->config); $token = $consumer->getRequestToken(); $this->session->twitterRequestToken = serialize($token); $consumer->redirect(); exit; } My Problem is, i have no idea to repleace the authenticate action inside the service for the unit test. I dont want to call the Twitter API while the tests run. Is there any Mocking Framework wich can do such things?

  Read the article

• how to customize NSTokenField like in "To/ CC" fields in mac mail?

  - by Miraaj

  Hi all, I am able to work with NSTokenField, it is easy to use.. but I want your suggestions on how can I customize it just like it is in "To/ CC" fields in mac mail ie. when no. of tokens in a token field increases height of "To" field gets increased to a certain limit then a vertical scroller starts appearing! By default when we use a token field neither its height gets increased nor a vertical scroller appears! I tried different combinations in IB but I could not obtain mac mail like functionality. Can anyone suggest me some solution for it?? Thanks, Miraaj

  Read the article

• can this code be broken?

  - by user105165

  Consider the below html string <p>This is a paragraph tag</p> <font>This is a font tag</font> <div>This is a div tag</div> <span>This is a span tag</span> This string is processed to tokanize the text found in it and we get 2 results as below 1) Token Array : $tokenArray == array( 'This is a paragraph tag', 'This is a div tag', '<font>This is a font tag</font>', '<span>This is a span tag</span>' ); 2) Tokenized template : $templateString == "<p>{0}</p>{2}<div>{1}</div>{3}"; If you observe, the sequence of the text strings segments from the original HTML strings is different from the tokenized template The PHP code below is used to order the tokenized template and accordingly the token array to match the original html string class CreateTemplates { public static $tokenArray = array(); public static $tokenArrayNew = array(); function foo($templateString,$tokenArray) { CreateTemplates::$tokenArray = $tokenArray; $ptn = "/{[0-9]*}*/"; // Search Pattern from the template string $templateString = preg_replace_callback($ptn,array(&$this, 'callbackhandler') ,$templateString); // function call return $templateString; } // Function defination private static function callbackhandler($matches) { static $newArr = array(); static $cnt; $tokenArray = CreateTemplates::$tokenArray; array_push($newArr, $matches[0]); CreateTemplates::$tokenArrayNew[count($newArr)] = $tokenArray[substr($matches[0],1,(strlen($matches[0])-2))]; $cnt = count($newArr)-1; return '{'.$cnt.'}'; } // function ends } // class ends Final output is (ordered template and token array) $tokenArray == array('This is a paragraph tag', '<font>This is a font tag</font>', 'This is a div tag', '<span>This is a span tag</span>' ); $templateString == "<p>{0}</p>{1}<div>{2}</div>{3}"; Which is the expected result. Now, I am not confident whether this is the right way to achieve this. I want to see how this code can be broken or not. Under what conditions will this code break? (important) Is there any other way to achieve this? (less important)

  Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >