Search Results

Search found 15798 results on 632 pages for 'authentication required'.

Page 30/632 | < Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >

  • Opinions on Dual-Salt authentication for low sensitivity user accounts?

    - by Heleon
    EDIT - Might be useful for someone in the future... Looking around the bcrypt class in php a little more, I think I understand what's going on, and why bcrypt is secure. In essence, I create a random blowfish salt, which contains the number of crypt rounds to perform during the encryption step, which is then hashed using the crypt() function in php. There is no need for me to store the salt I used in the database, because it's not directly needed to decrypt, and the only way to gain a password match to an email address (without knowing the salt values or number of rounds) would be to brute force plain text passwords against the hash stored in the database using the crypt() function to verify, which, if you've got a strong password, would just be more effort than it's worth for the user information i'm storing... I am currently working on a web project requiring user accounts. The application is CodeIgniter on the server side, so I am using Ion Auth as the authentication library. I have written an authentication system before, where I used 2 salts to secure the passwords. One was a server-wide salt which sat as an environment variable in the .htaccess file, and the other was a randomly generated salt which was created at user signup. This was the method I used in that authentication system for hashing the password: $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; //create a random string to be used as the random salt for the password hash $size = strlen($chars); for($i = 0; $i < 22; $i++) { $str .= $chars[rand(0, $size - 1)]; } //create the random salt to be used for the crypt $r_blowfish_salt = "$2a$12$" . $str . "$"; //grab the website salt $salt = getenv('WEBSITE_SALT'); //combine the website salt, and the password $password_to_hash = $pwd . $salt; //crypt the password string using blowfish $password = crypt($password_to_hash, $r_blowfish_salt); I have no idea whether this has holes in it or not, but regardless, I moved over to Ion Auth for a more complete set of functions to use with CI. I noticed that Ion only uses a single salt as part of its hashing mechanism (although does recommend that encryption_key is set in order to secure the database session.) The information that will be stored in my database is things like name, email address, location by country, some notes (which will be recommended that they do not contain sensitive information), and a link to a Facebook, Twitter or Flickr account. Based on this, i'm not convinced it's necessary for me to have an SSL connection on the secure pages of my site. My question is, is there a particular reason why only 1 salt is being used as part as the Ion Auth library? Is it implied that I write my own additional salting in front of the functionality it provides, or am I missing something? Furthermore, is it even worth using 2 salts, or once an attacker has the random salt and the hashed password, are all bets off anyway? (I assume not, but worth checking if i'm worrying about nothing...)

    Read the article

  • Trying to compile x264 and ffmpeg for iPhone - "missing required architecture arm in file"

    - by jtrim
    I'm trying to compile x264 for use in an iPhone application. I see there are instructions on how to compile ffmpeg for use on the platform here: http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/2009-October/076618.html , but I can't seem to find anything this complete for compiling x264 on the iPhone. I've found this source tree: http://gitorious.org/x264-arm that seems to have support for the ARM platform. Here is my config line: ./configure --cross-prefix=/usr/bin/ --host=arm-apple-darwin10 --extra-cflags="-B /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.2.sdk/usr/lib/ -I /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.2.sdk/usr/lib/" ...and inside configure I'm using the gas-preprocessor script (first link above) as my assembler: gas-preprocessor.pl gcc When I start compiling, it chunks away for a little while, then it spits out these warnings and a huge list of undefined symbols: ld: warning: option -s is obsolete and being ignored ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures ld: warning: in /usr/lib/crt1.o, missing required architecture arm in file ld: warning: in /usr/X11R6/lib/libX11.dylib, missing required architecture arm in file ld: warning: in /usr/lib/libm.dylib, missing required architecture arm in file ld: warning: in /usr/lib/libpthread.dylib, missing required architecture arm in file ld: warning: in /usr/lib/libgcc_s.1.dylib, missing required architecture arm in file ld: warning: in /usr/lib/libSystem.dylib, missing required architecture arm in file Undefined symbols: My guess would be that the problem has to do with the "missing required architecture arm in file" warning...any ideas?

    Read the article

  • Google analytics ignoring "required step" in goals

    - by Matt Huggins
    I am A/B testing a landing page to see which converts better. The funnels are set up exactly the same in terms of the goal completion URL and funnel steps, with one exception: the first step (which is a required step) has a different URL to represent each of the two landing pages. Unfortunately, Google is tracking a conversion for both of these goals regardless of which landing page a user is reaching! It looks like the "required step" is broken...perhaps it is a deeper issue if others haven't noticed it, such as it only not working when the goal URL is the same between multiple goals. Here is an example of what I mean. Goal 1: Goal URL: /users/dashboard (head match) Funnel: 1. /homepages/index1 (required step) 2. /users/register 3. /users/edit Goal 2: Goal URL: /users/dashboard (head match) Funnel: 1. /homepages/index2 (required step) 2. /users/register 3. /users/edit As you can see, the only difference is step #1 of the funnel. Since I am A/B testing the landing page of the site, this should be the only difference. However, when I look at the goal page of Google Analytics, I see that the goal is being recorded for both of these regardless of the landing page being reached. The only tinkering I've done is attempting to wrap each funnel step's goal in ^ and $ characters for an exact regular expression match, but this didn't make a difference. Thoughts?

    Read the article

  • HTTP Basic authentication using Authlogic or authenticate_or_request_with_http_basic for API call?

    - by Gaius Parx
    I have a Rails 2.3.x app that implements the act_as_authentic in User model and a UserSession model as per Authlogic Github example. I am implementing an API to allow access from iPhone. Will be using HTTP Basic authentication via https (will not implement single access token). Each API call requires a username/password for the access. I am able to access the API by calling http://username:password@localhost:3000/books.xml for example. Authlogic will not persist if using the single access token. But I am using HTTP Basic which I think Authlogic will create session for the API calls, which is not used for my API methods. So for each API call I made, new session object is created. Thus appear to me that this would load up the server resource pretty quickly. Sounds like a bad idea. The alternative is to use the Rails authenticate_or_request_with_http_basic for API controllers. Example adding a before_filter: def require_http_auth_user authenticate_or_request_with_http_basic do |username, password| if @current_user = User.find_by_email(username) @current_user.valid_password?(password) else false end end end This will bypass the Authlogic UserSession and just use the User model. But this will involve using separate authentication codes in the app. Anyone has any comments and can share their experience? Thanks

    Read the article

  • What is wrong with my Basic Authentication in my Browser?

    - by Pure.Krome
    Hi folks, i'm trying to goto the following url :- http://user1:pass1@localhost:1234/api/users?format=xml nothing to complex. Notice how i've got the username/password in the url? this, i believe, is for basic authentication. When I do that, the Request Headers are MISSING the 'Authorize' header. Er... that's not right :( I have anonymous authentication only setup on the site. I don't want to have anon off and basic turned on .. because not all of the site requires basic.. only a few action methods. So .. why is this not working? Is this something to do with the fact my code is not sending a 401 challenge or some crap? For What It's Worth, my site is ASP.NET MVC1 running on IIS7 (and the same thing happens when i run it on cassini). Update: If this is an illegal way of calling a resource using basic auth (ala security flaw) .. then is this possible to do, for an ASP.NET MVC website .. per action method (and not the entire site, per say)?

    Read the article

  • Windows "forms" authentication - <deny users="?"> redirecting to foreign page!

    - by Erik5388
    Like the title states - I have a web.config file that looks like, <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms name="login" protection="All" timeout="30" loginUrl="login" defaultUrl="~/"> <credentials passwordFormat="Clear"> <user name="admin" password="password" /> </credentials> </forms> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </configuration> I want to do exactly what it says it should do... I want to deny all users who try to enter the site. It works however, it redirects to a "Account/Login?ReturnUrl=%2flogin" url I have never heard of... Is there a place I can change this?

    Read the article

  • Token based Authentication for WCF HTTP/REST Services: The Client

    - by Your DisplayName here!
    If you wondered how a client would have to look like to work with the authentication framework, it is pretty straightfoward: Request a token Put that token on the authorization header (along with a registered scheme) and make the service call e.g.: var oauth2 = new OAuth2Client(_oauth2Address); var swt = oauth2.RequestAccessToken( "username", "password", _baseAddress.AbsoluteUri);   var client = new HttpClient { BaseAddress = _baseAddress }; client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", swt); var response = client.Get("identity"); response.EnsureSuccessStatusCode(); HTH

    Read the article

  • Authentication issue with CUPS 5.3.1 on SMB Printer

    - by Julius
    I am trying to print to a samba printer via CUPS. I have configured the printer allright, but there seems to be a problem with authentication. The error message I get is Session setup failed: NT_STATUS_LOGON_FAILURE The GUI also tells me: Idle - Tree connect failed (NT_STATUS_ACCESS_DENIED) It used to work with previous versions of CUPS (1.4.3 and 1.4.6) under Ubuntu 11.04 I am doing this on a clean install of Ubuntu 12.04, CUPS version 1.5.3. I have tried changing some rights relating to apparmor, with no success as described here: http://www.compdigitec.com/labs/2010/01/16/fixing-usrlibcupsbackendsmb-failed-error-in-ubuntu/ I have been working with Ubuntu for years - but this is the kind of problem I need help with.

    Read the article

  • cannot use sudo on ubuntu server passwordless authentication?

    - by Lucas Crijns
    Hello I'm new at the forum and I want to introduce myself: I'm Lucas Crijns and I'm a very happy user of ubuntu server. I was reading about passwordless authentication with ssh. So I made a key and published it to ubuntu server, it worked well and I could login with my private key. But then I locked the account to prevent hacking from my password. After I ran "passwd -l lucas", I was not longer able by my next login to use sudo. Because it was asking for a password and I locked it. I was thinking that sudo would also be without a password. My question is now: is it possible to use sudo? And how can I enable it without a valid password for sudo? Thank you for your help!

    Read the article

  • Unwanted authentication request window at login after upgrade to Ubuntu 13.10

    - by UBod
    I recently upgraded to Ubuntu 13.10 (64bit) on my Dell Laptop. Since then, at each login, a dialog window entitled "Authentication request ... Please enter the password for account "[email protected]"." appears (I would rather post a screenshot if I could, but I am not entitled to do that because I do not have the necessary 10 reputation credits). I neither have any idea why my password (I checked it a hundred times) does not work ("Password was incorrect") nor why this dialog is displayed at all. As said, I never saw it before 13.10. I looked around in different forums and it seems (please correct me if I am wrong) that it stems from evolution server. I also deleted ~/.config/evolution/ entirely - without any effect. Further note that I am not using evolution at all and I would rather like to get rid of it completely, but I do not dare to remove evolution-server. Any ideas? Thanks in advance, Ulrich

    Read the article

  • Forcing Nautilus to use Kerberos (Active Directory) authentication

    - by user14146
    Is there a way to get Nautilus or any other file manager that runs on Ubuntu 11.04 to use Kerberos for authentication? I'm using Likewise Open to join machines to the domain, and I can't type in passwords for every user on every computer that needs to mount a network share. I've been able to get Kerberos working with the command line smbclient, but oddly Kerberos does not seem to be Nautilus-integrated. I also checked the SSH config file, and it looks like you can enable GSSAPIAuthentication, but it only works for Kerberos v2, not the current version, which I think is v5.

    Read the article

  • Web api authentication techniques

    - by Steve
    We have a asp.net MVC web service framework for serving out xml/json for peoples Get requests but are struggling to figure out the best way (fast, easy, trivial for users coding with javascript or OO languages) to authenticate users. It's not that our data is sensitive or anything, we just want users to register so we can have their email address to notify them of changes and track usage. In our previous attempt we had the username in the URI and would just make sure that username existed and increment db tables with usage. This was super basic but we'd notice people using demo as a username etc so we need it to be a little more sophisticated. What authentication techniques are available? What do the major players use/do.

    Read the article

  • Configure Oracle Identity Manager AD/LDAP Authentication

    - by Arda Eralp
    Requirements (on AD side) LDAP connection user with the necessary rights in AD to do subtree searches on your users and groups container, respectively in the scope we configure below For LDAP in OIM to work, you need an AD Group called "oimusers", in which all users who shall be able to login to OIM need to be member. The group need to be named exactly "oimusers". Step 1: Login Weblogic Administration Console  Step 2: Create New Provider Authentication Provider Name: ADAuthenticationProvider Type: ActiveDirectoryAuthenticator Control Flag: SUFFICIENT   User scope configuration User Base DN: Container where your users are found Rest of the parameters stay default   Group scope configuration Group Base DN: Container where your groups are found Your "oimusers" group must be found in this container or in the subtree Rest of the parameters stay default  Step 3: Restart Admin Server Step 4: Check oimusers group Step 5: Re order providers Step 6: Restart Admin Server

    Read the article

  • Empathy authentication error to XMPP server

    - by Shauna
    I recently installed Ubuntu 12.04 on a new machine and have been working on setting it up, but I've run into an interesting problem. I have a custom XMPP server for work (I don't control it, but we're using an in-house install). I can connect to it just fine via Pidgin, but due to some UI issues I'm having with Pidgin (and what appears to be better overall integration between Empathy and Ubuntu/Unity), I'd like to use Empathy instead. However, Empathy won't connect to my XMPP server, and I keep getting an authentication error and repeatedly prompted for my password. This happens even when importing the working account information from Pidgin (so I know things like the password are correct). Is there a way I can get Empathy working with my XMPP server?

    Read the article

  • Security for LDAP authentication for Collabnet

    - by Robert May
    In a previous post, I wrote about how to get LDAP authentication working in Collabnet. By default, all LDAP users are put into the Users role on the server.  For most purposes, this is just fine, and I don’t have a way to change this.  The documentation gives hints that you can add them to other roles, but for now, I don’t have the need. However, adding permissions to different repositories is a different question. To add them, go to the repositories list, select Access Rules and then you can enter in their username, as it sits in Active Directory to the lists for the repositories or for the predefined groups that you have created.  To my knowledge, you cannot use the Active Directory groups in collabnet, which is a big problem.  Needing to micromanage users really limits the usefulness of the LDAP integration. Technorati Tags: subversion,collabnet

    Read the article

  • Address Book Authentication

    - by Gus E
    I just upgraded to Ubuntu 14.04.1 and run Gnome Shell. I am consistently getting a pop up window prompting me for my Gmail address book authentication. The window pops up the moment I type something into gnome shell after hitting the super key. I'm assuming that Ubuntu wants to search my address book for people to include in the search. I have opened up the settings and deleted my account from the online accounts section and rebooted, nothing seems to stop the popup. Where is it getting my email address from? Most importantly, how to I stop this super annoying popup from appearing?

    Read the article

  • Authentication error when trying to upgrade from 11.10 to 12.04

    - by mahmuodmasri
    I wrote : ~$ do-release-upgrade and the system says: Checking for a new ubuntu release Get:1 Upgrade tool signature [198 B] Get:2 Upgrade tool [1551 kB] Fetched 1551 kB in 6s (167 kB/s) extracting 'precise.tar.gz' authenticate 'precise.tar.gz' against 'precise.tar.gz.gpg' exception from gpg: GnuPG exited non-zero, with code 2 Debug information: gpg: Signature made Thu 11 Oct 2012 07:47:10 AM EET using DSA key ID 437D05B5 gpg: can't open `/etc/apt/trusted.gpg' gpg: keydb_search failed: file open error gpg: Can't check signature: public key not found Authentication failed Authenticating the upgrade failed. There may be a problem with the network or with the server. Please help me!

    Read the article

  • jquery adding required to a dropdownbox [SOLVED]

    - by Crays
    Hi i would like to know how do i add a required attribute to a dropdownbox? I've search numerous ways but none worked, here's my code <script> $(document).ready(function(){ $('.orderingmenu .burgers').change(function(){ var selectVal= $(this).val(); if(selectVal != 'none'){ $(this).next().attr('required', true); } }); }); </script> i am really out of idea on how to do this, i tested the selectors and they're working fine, but it just doesn't seem to add in the required attribute to that select field =/ any help please? what i have tried is $(this).next().prop('required', true); $(this).next().attr('required', 'true'); $(this).next().attr('required', ''); $(this).next().prop('required'); none have worked =/ EDIT the HTML <div class="orderingmenu" style="margin-bottom: 0.5%;"> <select name="burgerlist" class="burgers" style="width: 35%; float: left; font-size: 12px;"> <option selected="selected" value="none">NONE</option> <option value="A">A</option> </select> <select name="option" id="option" class="setornot" style="width: 30%; font-size: 12px;"> <option selected="selected" value="none">NONE</option> <option value="ALA CARTE">ALA CARTE</option> <option value="SET">SET</option> </select> <input type="text" placeholder="ANY REMARKS?" name="remarks" style="width: 30%; float: right; font-size: 12px;"> </div> i had it looped with a php script, but basically what i wanted to do is so that if there is any selection other than 'none', the other selection is required. EDIT 2 found out the problem was that i had the value for none!

    Read the article

  • Forms Authentication logs out very quickly , locally works fine !!!

    - by user319075
    Hello to all, There's a problem that i am facing with my hosting company, I use a project that uses FormsAuthentication and the problem is that though it successfully logs in, it logs out VERY QUICKLY, and i don't know what could be the cause of that, so in my web.config file i added those lines: <authentication mode="Forms" > <forms name="Nadim" loginUrl="Login.aspx" defaultUrl="Default.aspx" protection="All" path="/" requireSSL="false"/> </authentication> <authorization> <deny users ="?" /> </authorization> <sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" cookieless="false" timeout="1440"> </sessionState> and this is the code i use in my custom login page : protected void PasswordCustomValidator_ServerValidate(object source, ServerValidateEventArgs args) { try { UsersSqlDataSource.SelectParameters.Clear(); UsersSqlDataSource.SelectCommand = "Select * From Admins Where AdminID='" + IDTextBox.Text + "' and Password='" + PassTextBox.Text + "'"; UsersSqlDataSource.SelectCommandType = SqlDataSourceCommandType.Text; UsersSqlDataSource.DataSourceMode = SqlDataSourceMode.DataReader; reader = (SqlDataReader)UsersSqlDataSource.Select(DataSourceSelectArguments.Empty); if (reader.HasRows) { reader.Read(); if (RememberCheckBox.Checked == true) Page.Response.Cookies["Admin"].Expires = DateTime.Now.AddDays(5); args.IsValid = true; string userData = "ApplicationSpecific data for this user."; FormsAuthenticationTicket ticket1 = new FormsAuthenticationTicket(1, IDTextBox.Text, System.DateTime.Now, System.DateTime.Now.AddMinutes(30), true, userData, FormsAuthentication.FormsCookiePath); string encTicket = FormsAuthentication.Encrypt(ticket1); Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); Response.Redirect(FormsAuthentication.GetRedirectUrl(IDTextBox.Text, RememberCheckBox.Checked)); //FormsAuthentication.RedirectFromLoginPage(IDTextBox.Text, RememberCheckBox.Checked); } else args.IsValid = false; } catch (SqlException ex) { ErrorLabel.Text = ex.Message; } catch (InvalidOperationException) { args.IsValid = false; } catch (Exception ex) { ErrorLabel.Text = ex.Message; } Also you will find that line of code: FormsAuthentication.RedirectFromLoginPage(IDTextBox.Text, RememberCheckBox.Checked); is commented because i thought there might be something wrong with the ticket when i log in , so i created it manually , every thing i know i tried but nothing worked, so does anyone have any idea what is the problem ? Thanks in advance, Baher.

    Read the article

  • How do I get a permanent long term authentication token for google apps application?

    - by Ali
    Hi guys I'm working on my google apps application - currently I've build the authentication upon the example available at google namely this url The problem is that the session seems to time out and that everytime I am logged into my google apps account and go to my application I need to authenticate again and go through the screen where google asks me if I should allow the application to access the services like GMAIL, Docs etc listed in the manifest xml file. I don't think I'm doing it right as other applications allow instant access. Any ideas

    Read the article

  • With IIS, how do I turn off authentication on WebResource.axd and other httpHandler "files"?

    - by Scott Stafford
    I have an IIS 6 server hosting a website that is authenticated with NTLM. I would like to turn on anonymous access to most resources, such as css, icons, and javascript. I noticed, using Fiddler, that an NTLM handshake is occuring for all resources pulled from WebResource.axd and other HTTP handlers I am using. How do I turn authentication off on a file that doesn't really exist?

    Read the article

  • Usernames are evil. How can I make Restful Authentication only require an email address and password

    - by Koning WWWWWWWWWWWWWWWWWWWWWWW
    As the title says: how can I use the Restful Authentication Plugin with Ruby on Rails. When I want to create a new user, it requires me to set the (wrong-named, confusing field) login (= username), email address and password. However, I want, like Facebook does, to require the user to enter only an email address and password, not a username. People will also login with this email address. Can anyone help me?

    Read the article

  • Usernames are evil. How can I make Restful Authentication only require a username and password, inst

    - by Koning WWWWWWWWWWWWWWWWWWWWWWW
    As the title sais: How can I use the Restful Authentication Plugin with Ruby on Rails. When I want to create a new user, it requires me a (wrong-named, confusing field) login (= username), email address and password. However, I want, like Facebook does, only require the user to enter an email address and password, not a username. People will also login with this email address. Can anyone help me?

    Read the article

< Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >