Search Results

Search found 13776 results on 552 pages for 'password reset'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 327/552 | < Previous Page | 323 324 325 326 327 328 329 330 331 332 333 334  | Next Page >

  • Is it possible to authenticate on another website?

    - by Blankman
    If I am on a website#1, and I enter my username/pwd for website#2 on a login page that is on website#1, and website#1, behind the scenes, makes a httpwebrequest to website#2 and posts to the login page. If I then navigate to website#2, should I be logged in? website#2 uses formsauthentication and I call a httpHandler that is on website#2 and pass it the username/password via the querystring. Should this work?

    Read the article

  • Default program not choosing on Windows 7

    - by Trollolz
    this is my first time posting and i need some help. I have a file named .kv6 format. I used slab6 (the correct and only program) to edit this file. I had it chosen as default program to open it upon double click. But today it stopped using that and reset to an unknown file. So I tried to set it again and when I hit "Browse" and select slab6 again it acts like it chooses it but doesn't actually show up as the default program or Other Programs. I can choose whatever other program and it will show up as a new Default Program but won't work to open it =\ Any help you be appreciated, thanks.

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Chrome logs me out of everything when I exit--tried cookie-related stuff already

    - by GreatBigBore
    I've been using Chrome very successfully for a long time. It has always kept me logged in to all my sites even after exiting the app. Recently it started logging me out of everything when I exit Chrome. I've fooled around with all the various advanced cookie settings, and I've cycled through the options hoping that Chrome just needed a wakeup call or a reset or something. I've also deleted all the cookies in case a corrupted one is confusing Chrome. Nothing works! I see cookies when I log in, but they all go away when I exit Chrome. I've searched all over the place and seen only the standard answers relating to resetting cookies, local data, sessions, that sort of thing. Any Chrome gurus out there, please send a telepathic message to my browser asking it to resume its previous excellent behavior. Alternatively, you could suggest other possible solutions.

    Read the article

  • problem with logout script in php

    - by user225269
    I'm a beginner in php, and I am trying to create a login and logout. But I am having problems in logging out. My logout just calls for the login form which is this: <? session_start(); session_destroy(); ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="checklogin.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="myusername" type="text" id="myusername"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="mypassword" type="text" id="mypassword"></td> </tr> <tr> <td>&nbsp;</td> <td>&nbsp;</td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> My problem is, when I try to press the back button in the browser. Whoever user is using it can still access what is not supposed to be accessed when a user hasn't logged in. Do I need to add a code on the user page? I have this code on the user page: <? session_start(); if(!session_is_registered(myusername)){ header("location:main_login.php"); } ?> What can you recommend that I would do so that a script will prompt to enter the username and password again when a user clicks on the back button.

    Read the article

  • Using PHP5s SOAP Client to send data to an ASP/.NET based SOAP server.

    - by user325143
    I am trying to write a snippet of PHP to connect to a third party's API via SOAP to enter some data into their database. The API requires me to pass several mandatory fields for every call (username, password, companyid, entitytype) in addition to the mandatory data fields. It also requires me to call the "ValidateEntity" funciton before calling the "CreateEntity" function. Documentation can be found here: http://wiki.agemni.com/Getting_Started/APIs/Database_API I have never worked with SOAP before, so I am very new to this. Here is what I have so far: error_reporting(E_ALL); ini_set('display_errors', '1'); $client = new SoapClient("http://agemni.com/AgemniWebservices/service1.asmx?WSDL", array('trace'=> true)); $options = array( 'username' => "myuser", 'password' => "mypassword", 'companyid' => myID, 'entitytype' => 2 ); $params = array( 'fname' => "John", 'lname' => "Doe", 'phone' => "859-333-3333", 'zip' => "40332", 'area id' => "12345", 'lead id' => "28222", 'contactdate' => "4/10/2010" ); $validate = $client->__soapCall("ValidateEntity", array($params), array($options)); $client->__soapCall("CreateEntity", array($params), array($options)); echo "<pre>"; var_dump($client-> __getLastRequestHeaders()); var_dump($client-> __getLastRequest()); var_dump($client-> __getLastResponseHeaders()); var_dump($client-> __getLastResponse()); var_dump($result); echo "</pre>"; Upon executing this code, I get the following error: Fatal error: Uncaught SoapFault exception: [Client] SOAP-ERROR: Encoding: object hasn't 'objecttype' property in /www/tmp/index-soap.php:24 Stack trace: #0 /www/tmp/index-soap.php(24): SoapClient->__soapCall('ValidateEntity', Array) #1 {main} thrown in /www/stealth/tmp/index-soap.php on line 24 I guess my question is.. am I even going about doing this the right way? I know this is a very broad question, but I appreciate any advice you can give me about making this work. Please let me know if you require more detail. Thanks!

    Read the article

  • Mac OS X Server 10.6.6 "disables" CPU in VMware Fusion [closed]

    - by wjlafrance
    Hello! I installed Mac OS X Server 10.6.0 in VMWare Fusion the other night and it worked perfectly, until I ran Software Update. I upgraded to 10.6.6 through the combo updater, and now when I start the VM it says: "The CPU has been disabled by the guest operating system. You will need to power off or reset the virtual machine at this point." I've switched the operating system in the options to OS X Server 32bit, 64bit, and even to Windows 7, and nothing has worked. Does anyone have any ideas?

    Read the article

  • Not able to create a datasource registration with WAMP MysQL 5.0 in DBArtisan

    - by Alf Christophersen
    I try in a test version of DBArtisan to set up a datasource and register both servere as localhost, database to use, my username and password, but, when testing the connection, I get message that connection failed. Hooking up from eg. Delphi and other utilities run nicely. But not DBArtisan, Is MySQL 5.0 not supported yet ?? Or is it WAMP that is the culprit naming the service wampmysqld insted of just mysqld ??

    Read the article

  • When I connect my iPhone 3GS to my PC, iTunes "freezes": Activity Monitor shows iTunes as "Not Respo

    - by reachmanoj74
    When I connect my iPhone 3GS to my PC, iTunes "freezes": Activity Monitor shows iTunes as "Not Responding". The iPhone indicates that it is being charged, and otherwise seems normal. When I disconnect the iPhone, iTunes immediately returns to normal operation. Connect again, and instant freeze again. I have rebooted the PC, uninstalled iTunes and reinstalled it and have reset the iPhone. No help. Everything worked fine yesterday. I haven't installed software or changed anything since the last time I synced. iPhone 3GS is running version 3.1.2(7D11). It is jailbroken.

    Read the article

  • Facebook Photo upload using PHP/Java

    - by shyam
    Is there a way I can post photos to my facebook profile using my username and password only? The code may be in PHP or Java. I dont want to make a facebook app and allow it to post photos to my profile. Any help is much appreciated. Thanks in advance.

    Read the article

  • Is it possible for a router to "go bad" with time?

    - by JQAn
    I've been having problems with my internet connection over the past weeks (intermittent disconnections, slow transfers, etc), and my provider keeps telling me that the problem is not on their end. I have cablemodem with a wifi router (this router was not provided by them). The router is quite old (DIR-300), so I'm starting to wonder if it could be the issue and if I should replace it. Is it possible that it is the cause? Can they become so outdated that they cause intermittent interruptions of service? If I reset the modem and the router, they work fine for a few hours, but the problems starts again after a while.

    Read the article

  • Are cookies enough for storing login data? (PHP)

    - by jpjp
    I am reading the Head First PHP/Mysql book and they say to store both the user's username, email into cookies and sessions. Is it safe to assume that everyone know a day has cookies? Or should I store both in sessions and cookies? I am not storing any sensitive data in cookies such as password, etc.

    Read the article

  • SSH tunnel doesn't work

    - by s1ck
    I am trying to use my server as a "proxy" with ssh. However, setting up tunneling with ssh -D localhost:8000 user@myserver does not work. I tested this on various machines with ssh and putty - It connects just fine, but when I set my browser settings accordingly, I just get an error "Connection has been reset". I tried monitoring the traffic with wireshark, but I didn't even see some tunnel-traffic. I explicitly set AllowTcpForwarding to "yes" but I still can't use the tunnel. When running ssh in verbose mode, I don't get any errors but debug1: Connection to port 8000 forwarding to socks port 0 requested. debug1: channel 3: new [dynamic-tcpip] debug1: channel 3: free: dynamic-tcpip, nchannels 4 What am I doing wrong?

    Read the article

  • focus doesn't work in IE

    - by Syom
    i have the following function function change() { var input=document.getElementById('pas'); var input2= input.cloneNode(false); input2.type='password'; input.parentNode.replaceChild(input2,input); input2.focus(); } but focus() doesn't work in ie7, so what can i do! i want to have the cursor inside of input! thanks

    Read the article

  • How to build this encryption system that allows multiple users/objects.

    - by Patrick
    Hello! I am trying to figure out how to create an optimal solution for my project. I made this simple picture in Photoshop to try to illustrate the problem and how i want it (if possible). Illustrative image Ill also try to explain it based on the picture. First off we have a couple of objects to the left, these objects all get encrypted with their own encryption key (EKey on the picture) and then stored in the database. On the other side we have different users placed into roles (one user can be in a lot of roles) and the roles are associated with different objects. So one person only has access the to the objects that the role provides. So for instance Role A might have access to Object A and B. Role B have access only to Object C and Role C have access to all objects. Nothing strange in that, right? Different roles have different objects that they can access. Now to the problem part. Each user has to login with his/her username/password and then he/she gets access to the objects that his/her roles provide. All the objects are encrypted so she needs to get a decryption key somehow. I don't want to store the encryption key as a text string on the server. It should be, if possible, decrypted using the users password (along with the role) or similar. That way you have to be a user on the server in order to decrypt an object an to work with it. I was thinking about making a public/private key encryption system, but i am kinda stuck on how to give the different users the decryption key to the objects. Since i need to be able to move users to and from roles, add new users, add new roles and create/delete objects. There will be one administrator that then adds some data to allow the users in that role to get the decryption key to decrypt the object. Nothing is static and i am trying to get a picture of how this can be built or if there is a far better solution. The only criteria are: -Encrypted objects. -Decryption key should not be stored as text. -Different users have access to different objects. -Does NOT have to have roles.

    Read the article

  • Windows Media Service authentication issue

    - by George2
    Hello everyone, I am using Windows Server 2008 R2 with Windows Media Service. At the client side, I want to use Silverlight to play the media file. I am using VSTS 2008 + Silverlight 3 + ASP.Net + .Net 3.5. I want to know how to implement a custom authentication protocol (I have a custom user database, which contains user name and password. I want to enable logged-in user to be able to play through Silverlight)? thanks in advance, George

    Read the article

  • PHP class function.

    - by Jordan Pagaduan
    What is wrong with this code? <?php class users { var $user_id, $f_name, $l_name, $db_host, $db_user, $db_name, $db_table; function user_input() { $this->$db_host = 'localhost'; $this->$db_user = 'root'; $this->$db_name = 'input_oop'; $this->$db_table = 'users'; } function userInput($f_name, $l_name) { $dbc = mysql_connect($this->db_host , $this->db_user, "") or die ("Cannot connect to database : " .mysql_error()); mysql_select_db($this->db_name) or die (mysql_error()); $query = "insert into $this->db_table values (NULL, \"$f_name\", \"$l_name\")"; $result = mysql_query($query); if(!$result) die (mysql_error()); $this->userID = mysql_insert_id(); mysql_close($dbc); $this->first_name = $f_name; $this->last_name = $l_name; } function userUpdate($new_f_name, $new_l_name) { $dbc = mysql_connect($this->db_host, $this->db_user, "") or die (mysql_error()); mysql_select_db($this->db_name) or die (mysql_error()); $query = "UPDATE $this->db_table set = \"$new_f_name\" , \"$new_l_name\" WHERE user_id = \"$this->user_id\""; $result = mysql_query($query); $this->f_name = $new_f_name; $this->l_name = $new_l_name; $this->user_id = $user_id; mysql_close($dbc); } function userDelete() { $dbc = mysql_connect($this->db_host, $this->db_user, "") or die (mysql_error()); mysql_select_db($this->db_name) or die (mysql_error()); $query = "DELETE FROM $this->db_table WHERE $user_id = \"$this->user_id\""; mysql_close($dbc); } } ?> The error is: Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\jordan_pagaduan\class.php on line 21 Cannot connect to database : Access denied for user 'ODBC'@'localhost' (using password: NO) The code cannot define this "$this->db_host" as "localhost".

    Read the article

  • Add if else function in Ajax Jquery function

    - by Naga Botak
    Is it possible to add other else function in my JS like this: ? if response == success redirect to home if response == failed redirect to failed $.ajax({ type: "POST", url: action, data: form_data, success: function(response) { if(response == 'success') window.location.replace("home"); else $("#message").html("<div class='error_log'><p class='error'>Invalid username and/or password.</p></div>"); } });

    Read the article

  • Spring OpenSessionInViewFilter with @Transactional annotation

    - by Gautam
    This is regarding Spring OpenSessionInViewFilter using with @Transactional annotation at service layer. i went through so many stack overflow post on this but still confused about whether i should use OpenSessionInViewFilter or not to avoid LazyInitializationException It would be great help if somebody help me find out answer to below queries. Is it bad practice to use OpenSessionInViewFilter in application having complex schema. using this filter can cause N+1 problem if we are using OpenSessionInViewFilter does it mean @Transactional not required? Below is my Spring config file <context:component-scan base-package="com.test"/> <context:annotation-config/> <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <property name="basename" value="resources/messages" /> <property name="defaultEncoding" value="UTF-8" /> </bean> <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" p:location="/WEB-INF/jdbc.properties" /> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" p:driverClassName="${jdbc.driverClassName}" p:url="${jdbc.databaseurl}" p:username="${jdbc.username}" p:password="${jdbc.password}" /> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean"> <property name="dataSource" ref="dataSource" /> <property name="configLocation"> <value>classpath:hibernate.cfg.xml</value> </property> <property name="configurationClass"> <value>org.hibernate.cfg.AnnotationConfiguration</value> </property> <property name="hibernateProperties"> <props> <prop key="hibernate.dialect">${jdbc.dialect}</prop> <prop key="hibernate.show_sql">true</prop> <!-- <prop key="hibernate.hbm2ddl.auto">create</prop> --> </props> </property> </bean> <tx:annotation-driven /> <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory" ref="sessionFactory" /> </bean>

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 323 324 325 326 327 328 329 330 331 332 333 334  | Next Page >