Search Results

Search found 9658 results on 387 pages for 'authentication provider'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 38/387 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • Drop in service for account management, authentication, identity?

    - by Mike Repass
    I'm building an Android app and associated set of web services for uploading/downloading data. I need a basic (no frills) solution for account management (register, login, logout, verify credentials/token). What open source / third party solutions exist for this scenario? I need: create a new account db based on a salt simple web service to create a new account simple web service to authenticate supplied credentials and return some sort of token That's it, I can get by without 'fancy' email activation or password reset for the time being. Are there off-the-shelf components for this? Should I just use a 'blank' django or rails app to get this done? Seems crazy for everyone to be doing CREATE TABLE user_accounts ... Thoughts? Thank you.

    Read the article

  • Handle all authentication logic in database or code?

    - by Snuffleupagus
    We're starting a new(ish) project at work that has been handed off to me. A lot of the database sided stuff has been fleshed out, including some stored procedures. One of the stored procedures, for example, handles creation of a new user. All of the data is validated in the stored procedure (for example, password must be at least 8 characters long, must contain numbers, etc) and other things, such as hashing the password, is done in the database as well. Is it normal/right for everything to be handled in the stored procedure instead of the application itself? It's nice that any application can use the stored procedure and have the same validation, but the application should have a standard framework/API function that solves the same problem. I also feel like it takes away the data from the application and is going to be harder to maintain/add new features to.

    Read the article

  • Silverlight 4 + RIA Services - Ready for Business: Authentication and Personalization

    To continue our series,  In real business applications our data is often very valuable and as such we need to know who is accessing what data and control certain data access to only users with privilege.  Luckily this is very easy to do with RIA Services.  For example, say we want to let only authenticated users access our data in this example.   That is as easy to accomplish as adding an attribute, see line 2 below.    1: [EnableClientAccess] 2: ...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Best Method/Library For Remote Authentication

    - by Mike
    I have a web app that has a REST API interface: http://api.example.com/core that uses API Keys and domain specific keys (key has to be used on the specified domain). I then will have several client sites with ajax forms where we will require users to sign in before being able to submit the form. This form will add data to a table, and submit an email to several recipients along with checking credentials. This form will use an ajax submit to our REST API. All Communication to/from the API is over SSL Ideal Flow: Visitor Fills Form Out -> Enters User/pass -> Submits Form -> ajax request to REST API -> API Verifies credentials -> does CRUD -> sends emails -> returns 200/403 -> perform DOM manipulation based on return code in ajax call Are there any libraries in PHP that currently do something to this similarly? Would OAuth be a good use for this scenario? Languages used are: js/html/css/php/MySQL

    Read the article

  • CUPS Authentication for Admin on localhost:631 interface

    - by Tony Kruse
    I have searched quite a bit, saw the one response that purported to have a solution to this but it did not work in my case. My Brother printer is not shown in CUPS so I go to Admin-Add Printer it gives me the User Name/Password popup with refuses to recognize my user name on the machine. This is a brand new install of 13.1. My Restrict Access to the admin pages section has: Order allow, deny Allow localhost

    Read the article

  • Sending login form to an open-mesh acess point for authentication with my own RADIUS server

    - by PachinSV
    I have my RADIUS server up and running and a custom external captive portal. But I'm not sure: what information should I send to the Open-Mesh AP with my login form (it is necessary to encrypt the password?, because if I don't use a secret word to encrypt in my network configuration the RADIUS server complaints about it and in the log shows me some strange characters in the password) I don't know what to do with the "challenge" and "md" parameters in my login splash page. Thank you very much for your help.

    Read the article

  • ??????Oracle Developer Tools for Visual Studio(ODT)???

    - by Yusuke.Yamamoto
    ????? ??:2010/11/12 ??:???? Oracle ??Oracle Developer Tools for Visual Studio(???ODT)????? Visual Studio ??????????????????ODT ????????????????????ODT ????????????SQL*Plus ???????????????????????·????????????Oracle??????·????????????????? ?????????????ODT ???????ODT ???????Visual Studio ?? ODT ???Visual Studio ?? Oracle??????·????????????????? ????????? ????????????????? http://codezine.jp/article/detail/5499

    Read the article

  • SonicOS Enhanced 5.8.1.2 L2TP VPN Authentication Failed

    - by Dean A. Vassallo
    I have a SonicWall TZ 215 running SonicOS Enhanced 5.8.1.2-6o. I have configured the L2TP VPN using the default crypto suite ESP: 3DES/HMAC SHA1 (IKE). Proposals are as such: IKE (Phase 1) Proposal DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time (seconds): 28800 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 Enable Perfect Forward Secrecy DISABLED Life Time (seconds): 28800 When attempting to connect via my Mac OS X client I get an authentication error. It appears to pass the pre-authentication but fails to complete. I am at a complete loss. I reconfigured from scratch multiple times...used simple usernames and passwords to verify this wasn't a miskeyed password issue. I have Here are the logs (noted IP has been removed for privacy): 7/1/13 8:19:05.174 PM pppd[1268]: setup_security_context server port: 0x1503 7/1/13 8:19:05.190 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: pppd 2.4.2 (Apple version 727.1.1) started by dean, uid 501 7/1/13 8:19:05.192 PM pppd[1268]: L2TP connecting to server ‘0.0.0.0’ (0.0.0.0)... 7/1/13 8:19:05.193 PM pppd[1268]: IPSec connection started 7/1/13 8:19:05.208 PM racoon[1269]: accepted connection on vpn control socket. 7/1/13 8:19:05.209 PM racoon[1269]: Connecting. 7/1/13 8:19:05.209 PM racoon[1269]: IPSec Phase 1 started (Initiated by me). 7/1/13 8:19:05.209 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 1). 7/1/13 8:19:05.209 PM racoon[1269]: >>>>> phase change status = Phase 1 started by us 7/1/13 8:19:05.231 PM racoon[1269]: >>>>> phase change status = Phase 1 started by peer 7/1/13 8:19:05.231 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 2). 7/1/13 8:19:05.234 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 3). 7/1/13 8:19:05.293 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 4). 7/1/13 8:19:05.295 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 5). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode). 7/1/13 8:19:05.315 PM racoon[1269]: IPSec Phase 1 established (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: IPSec Phase 2 started (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: >>>>> phase change status = Phase 2 started 7/1/13 8:19:06.308 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). 7/1/13 8:19:06.332 PM racoon[1269]: attribute has been modified. 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). 7/1/13 8:19:06.333 PM racoon[1269]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode). 7/1/13 8:19:06.333 PM racoon[1269]: IPSec Phase 2 established (Initiated by me). 7/1/13 8:19:06.333 PM racoon[1269]: >>>>> phase change status = Phase 2 established 7/1/13 8:19:06.333 PM pppd[1268]: IPSec connection established 7/1/13 8:19:07.145 PM pppd[1268]: L2TP connection established. 7/1/13 8:19:07.000 PM kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 3) 7/1/13 8:19:07.146 PM pppd[1268]: Connect: ppp0 <--> socket[34:18] 7/1/13 8:19:08.709 PM pppd[1268]: MS-CHAPv2 mutual authentication failed. 7/1/13 8:19:08.710 PM pppd[1268]: Connection terminated. 7/1/13 8:19:08.710 PM pppd[1268]: L2TP disconnecting... 7/1/13 8:19:08.711 PM pppd[1268]: L2TP disconnected 7/1/13 8:19:08.711 PM racoon[1269]: IPSec disconnecting from server 0.0.0.0 7/1/13 8:19:08.711 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). 7/1/13 8:19:08.712 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). 7/1/13 8:19:08.713 PM racoon[1269]: glob found no matches for path "/var/run/racoon/*.conf" 7/1/13 8:19:08.714 PM racoon[1269]: pfkey DELETE failed: No such file or directory

    Read the article

  • Passing binary blob through an Android content provider

    - by velocityb0y
    I have a content provider that is custom to my set of Android applications, and one of the things it needs to expose is a small (20-30k) byte array. The uri for these blobs looks like content://my.authority/blob/# where # is the row number; the resulting cursor has the standard _id column and a data column. I'm using a MatrixCursor in the provider's query method: byte[] byteData = getMyByteData(); MatrixCursor mc = new MatrixCursor(COLUMNS); mc.addRow(new Object[] { id, byteData }); Later, in the application consuming the data, I do Cursor c = managedQuery(uri, null, null, null, null); c.moveToFirst(); byte[] data = c.getBlob(c.getColumnIndexOrThrow("data")); However, data does not contain the contents of my original byte array; rather, it contains something like "[B@435cc518", which looks more like the address of the array than the contents. I tried wrapping the byte array in an implementation of java.sql.Blob, figuring that it might be looking for that since the content provider subsystem was written to be easy to use with SQLite, but it didn't help. Has anyone gotten this to work? If the data was in the file system, there are methods in ContentProvider that I could use to provide a marshalled InputStream to the client, but the data I'm trying to send back lives as a resource in the content provider's APK.

    Read the article

  • why does entity framework+mysql provider enumeration returns partial results with no exceptions

    - by Freddy Rios
    I'm trying to make sense of a situation I have using entity framework on .net 3.5 sp1 + MySQL 6.1.2.0 as the provider. It involves the following code: Response.Write("Products: " + plist.Count() + "<br />"); var total = 0; foreach (var p in plist) { //... some actions total++; //... other actions } Response.Write("Total Products Checked: " + total + "<br />"); Basically the total products is varying on each run, and it isn't matching the full total in plist. Its varies widely, from ~ 1/5th to half. There isn't any control flow code inside the foreach i.e. no break, continue, try/catch, conditions around total++, anything that could affect the count. As confirmation, there are other totals captured inside the loop related to the actions, and those match the lower and higher total runs. I don't find any reason to the above, other than something in entity framework or the mysql provider that causes it to end the foreach when retrieving an item. The body of the foreach can have some good variation in time, as the actions involve file & network access, my best shot at the time is that when the .net code takes beyond certain threshold there is some type of timeout in the underlying framework/provider and instead of causing an exception it is silently reporting no more items for enumeration. Can anyone give some light in the above scenario and/or confirm if the entity framework/mysql provider has the above behavior? Update: I can't reproduce the behavior by using Thread.Sleep in a simple foreach in a test project, not sure where else to look for this weird behavior :(.

    Read the article

  • API Auth vs User Auth

    - by user1626384
    I have read many posts and articles on this topic but still cant connect the dots. I want to make a Rails app that is strictly a JSON API maybe using Sinatra or the rails-api gem. I also want to make both a web client app and an iPhone app which consumes the API. No plans on letting third party dev's use it. So I could create a separate username/password combination for both the web and mobile client and use HTTP Basic over SSL. Each app would have these values as configs in the source and use it to authenticate to the API so only these can make a call. Anyone else trying would get a 401 error returned. This would be considered handling the API authentication. The web and mobile client apps allow end users to sign up and read/write data to the API. When each user is created, I create and save a token in their profile. If a user successfully signs in, I send back the token. On each future read/write then also send along this token in the header. I get the token and lookup the user in the database and make the read/write. Does this sound like an appropriate way to handle it. For the web client, when I initially send back the token, where do I store it. In a cookie? Do I also drop a cookie to handle session state?

    Read the article

  • How to fix sudo: setreuid(ROOT_UID, user_uid): Operation not permitted error?

    - by David R.
    I am using LDAP authentication on my Ubuntu 11.10 server. I installed libpam-ldap, and configured things accordingly. It works great, except that I get this error every once in a while when I try to sudo: sudo: setreuid(ROOT_UID, user_uid): Operation not permitted I know I have sudoers set up correctly, since it works most of the time. It's not just my log in either, others have the same problem when I have it. When this error is occurring, I can't ssh in with my regular system user at all. When I sign in directly, I can't get any gnome-terminal to start. Once I restart the server, the problem goes away. 'Course, that's not a solution, if it was a prod server, I'd be in trouble. How do I fix this? Edit 3/1/12: I just figured out that if stop and start the nscd service, the problem goes away. service nscd stop service nscd start Not much of a solution since I have to be logged into the server directly, not via ssh.

    Read the article

  • How do I install FreeNX server so that it works correctly?

    - by Niklas
    I've tried every single possible way of installing the server now, I've read every how to available and I still can't get it to work. Please let me know in which step I do wrong. I'm using ubuntu 10.10. I will mainly be referring to the following how-to, but also this, and this one. First I add the ppa Install Freenx Download the special Freenx package as stated in the howto, fix ownership - install it Create custom SSH key Copy the file /var/lib/nxserver/home/.ssh/client.id_dsa.key to the client and import it in nomachine (windows 7 x64) Check that both the user I will be logging in with and the user nx is in AllowedUsers in the /etc/ssh/sshd_config file Check the port that ssh is listening on Login through nomachine with my regular user account in ubuntu I always receive the message "authentication failed for [user]" when I try to log in. And I can't see the user "nx" which is said to be created during installation when I look under System-Administration-"Users & Groups". Can anyone please enlighten me if there is any step that I miss or have misunderstood? Thank you very much! (Or is there an easier way of enabling remote desktop that it can be used with a windows machine? I prefer not using VNC because I was hoping of being able to get better performance than that. And when I tried using XRDP I only received a black screen on the client.)

    Read the article

  • Cannot authenticate to SBS 2003

    - by Lerp
    I am trying to connect my machine to my work's entirely windows network and I am having a few issues: Whenever I try to access the server, the authentication dialog just keeps popping back up. I cannot connect to the printers (it says connecting to device failed) I have tried setting up samba, winbind, kerberos, likewise open all to no avail. I have a feeling I am just setting them up wrong. My nautilus shows this when I go to Network Windows Network MASTERMAGNETS I can ping both MASTERMAGNETS.LOCAL and 192.168.0.2 after modifying my /etc/hosts james@jamesmaddison:~$ cat /etc/hosts 127.0.0.1 localhost jamesmaddison 192.168.0.2 MASTERMAGNETS.LOCAL 192.168.0.50 Sharp-Printer # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters I believe that's the correct domain (not sure if that's the correct term) as when I do nslookup MASTERMAGNETS.LOCAL I get the following: james@jamesmaddison:~$ nslookup MASTERMAGNETS.LOCAL Server: 192.168.0.2 Address: 192.168.0.2#53 Name: MASTERMAGNETS.LOCAL Address: 192.168.0.3 Name: MASTERMAGNETS.LOCAL Address: 192.168.0.2 It all worked fine before I reinstalled Ubuntu and now I just cannot get access to the server. All help is appreciated, I need to get this working or I fear I will be forced to develop in a windows environment :(

    Read the article

  • What .NET objects should I use to create a cookie based session in MVC?

    - by makerofthings7
    I'm writing a custom password reset application that uses a validation technique that doesn't fit cleanly with ASP.NET Membership Provider's challenge questions. Namely I need to invoke a workflow and collect information from the end user (backup phone number, email address) after the user logs in using a custom form. The only way I know to create a cookie-based session (without too much "innovation" on my part) is to use WIF. What other standard objects can I use with ASP.NET MVC to create an authenticated session that works with non-windows user stores? Ideally I can store "role" or claim information in the session object such as "admin", "departmentXadmin", "normalUser", or "restrictedUser" The workflow would look like this: User logs in with username and password If the username and pw are correct a (stateless) cookie based session is created The user gets redirected to a HTML form that allows them to enter their backup phone number (for SMS dual factor), or validate it if already set. The user can then change their password using the form provided The "forgot password" would look like this User requests OTP code to be sent to the phone User logs in using username and OTP If the OTP is valid and not expired then create a cookie based session and redirect to a form that allows password reset Show password reset form, and process results.

    Read the article

  • Implicit OAuth2 endpoint vs. cookies

    - by Jamie
    I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL). The web app is completely javascript based and is quite similar to the native clients anyway - except it currently does not work offline. What I'm hoping to do is merge the fragmented APIs into a single restful API. The web app currently authenticates by issuing a cookie to the client whereas the native clients work using a custom HMAC access token implementation. Obviously a public/private key scenario for a javascript app is a little pointless. I think the best solution would be to create an OAuth2 endpoint on the API (like Instagram, for example http://instagram.com/developer/authentication/) which is used by both the native apps and the web app. My question is, in terms of security how does an implicit OAuth2 flow compare (storing the access token in local storage) to "secure" cookies? Presumably although SSL solves man in the middle attacks, the user could theoretically grab the access token from local storage and copy it to another machine?

    Read the article

  • correct way to implement auth/acl in mvc

    - by WiseStrawberry
    I am looking into making a correctly laid out MVC auth/acl system. I think I want the authentication of a user (and the session handling) to be seperate from the ACL system. (I don't know why but this seems a good idea from the things I've read) What does mvc have to do with this question you ask? Because I wish for the application to be well integrated with my acl. An example of a controller (CodeIgniter) <?php class forums extends MX_Controller { $allowed = array('users', 'admin'); $need_login = true; function __construct() { //example of checking if logged in. if($this->auth->logged_in() && $this->auth->is_admin()) { echo "you're logged in!"; } } public function add_topic() { if($this->auth->allowed('add_topic') { //some add topic things. } else { echo 'not allowed to add topic'; } } } ?> My thoughts $this->auth would be autoloaded in the system. I would like to check the $allowed array against the user currently (not) logged in and react accordingly. Is this a good way of doing things? I haven't seen much literature on mvc integration and auth. I want to make things as easy as possible.

    Read the article

  • SIMPLEST way to set up password protection for a static site, with basic admin UI?

    - by Joseph Turian
    I have a static site. I would like the simplest approach to password protecting a directory, with a basic admin UI for adding/removing users. I will have so few users that I don't care about performance. I don't care if it's PHP or Django or whatever, I just want a complete software package. Apache basic auth isn't good, because you can't log out. Nor is there a UI for adding users. I tried throwing everything behind Django auth and serving the files through Django. However, Chrome treats all my text/css headers as text/plain, so I don't get any stylesheets showing. I can't use mod_xsendfile on my server because I can't reconfigure Apache to add new modules. I think this approach is overkill anyway. I can try configuring Nginx's X-Accel-Redirect, however that requires implementing all the Django code for auth myself, and I'd prefer an existing solution. However, this is my backup plan. Is there a code package that implements authentication with basic admin for a static site?

    Read the article

  • Can I set up samba so it automatically allows all the local usernames and passwords?

    - by dialer
    I have set up samba like this (this is the complete smb.conf): [global] log file = /var/log/samba/log log level = 2 security = user [homes] browsable = false read only = no valid users = %S I'd like to enable every user on server to access their home directories, but for some unknown reason only my 'administrator' account can do so. (I have done that with ftp before, but now smb is also needed). When I try to smbclient -L localhost -U [user], I get NT_STATUS_LOGON_FAILURE, except with the administrator (which is the user created during the ubuntu installation, not root). The samba log file says NT_STATUS_NO_SUCH_USER: [2012/04/04 20:26:02.081454, 2] smbd/reply.c:554(reply_special) netbios connect: name1=LOCALHOST 0x20 name2=DIALER-X 0x0 [2012/04/04 20:26:02.081733, 2] smbd/reply.c:565(reply_special) netbios connect: local=localhost remote=dialer-x, name type = 0 [2012/04/04 20:26:02.087200, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [public] - [public] FAILED with error NT_STATUS_NO_SUCH_USER I suspect that I have to manually create samba users, but the man pages state that If the client has passed a username/password pair and that username/password pair is validated by the UNIX system's password programs, the connection is made as that username. To me that sounds like as long as the provided username/password is a valid login on the server, it should work. Am I missing something totally obvious? I don't want / can't afford to manually update the samba users and passwords to match the server's. 11.10

    Read the article

  • How can I restore my Acer Aspire one GNU version 1.98 to factory settings?

    - by user100380
    Requires keyring and authentication to install and unistall programs or update anything. I just want to restart from scratch so i can clean it up anyways. Can anyone help? Also, on start up a list on a black screen will come up saying Ubuntu with linux version 26.32-40 generic or recovery version and at the bottom of different versions has one Window 7 loader option. When I get into recovery menu to try and restore to factory settings my netbook has no restore option. I've tried pressing alt-f10 and holding alt and repeatedly tap f10 but nothing seems to work, and my acer asks for a password login to even load windows 7 which I don't have. Any ideas? I've looked a lot on the internet for help but I'm getting to my last resort, to get of this thing for once and for all. I want to be able to personalize and add programs as I please, this is all bs to go through to unistall one freaking game or get rid of ubuntu gnome keyring!! Please help!! Thank you. :)

    Read the article

  • What is the correct way to implement Auth/ACL in MVC?

    - by WiseStrawberry
    I am looking into making a correctly laid out MVC Auth/ACL system. I think I want the authentication of a user (and the session handling) to be separate from the ACL system. (I don't know why but this seems a good idea from the things I've read.) What does MVC have to do with this question you ask? Because I wish for the application to be well integrated with my ACL. An example of a controller (CodeIgniter): <?php class forums extends MX_Controller { $allowed = array('users', 'admin'); $need_login = true; function __construct() { //example of checking if logged in. if($this->auth->logged_in() && $this->auth->is_admin()) { echo "you're logged in!"; } } public function add_topic() { if($this->auth->allowed('add_topic') { //some add topic things. } else { echo 'not allowed to add topic'; } } } ?> My thoughts $this->auth would be autoloaded in the system. I would like to check the $allowed array against the user currently (not) logged in and react accordingly. Is this a good way of doing things? I haven't seen much literature on MVC integration and Auth. I want to make things as easy as possible.

    Read the article

  • Approach to Authenticate Clients to TCP Server

    - by dab
    I'm writing a Server/Client application where clients will connect to the server. What I want to do, is make sure that the client connecting to the server is actually using my protocol and I can "trust" the data being sent from the client to the server. What I thought about doing is creating a sort of hash on the client's machine that follows a particular algorithm. What I did in a previous version was took their IP address, the client version, and a few other attributes of the client and sent it as a calculated hash to the server, who then took their IP, and the version of the protocol the client claimed to be using, and calculated that number to see if they matched. This works ok until you get clients that connect from within a router environment where their internal IP is different from their external IP. My fix for this was to pass the client's internal IP used to calculate this hash with the authentication protocol. My fear is this approach is not secure enough. Since I'm passing the data used to create the "auth hash". Here's an example of what I'm talking about: Client IP: 192.168.1.10, Version: 2.4.5.2 hash = 2*4*5*1 * (1+9+2) * (1+6+8) * (1) * (1+0) Client Connects to Server client sends: auth hash ip version Server calculates that info, and accepts or denies the hash. Before I go and come up with another algorithm to prove a client can provide data a server (or use this existing algorithm), I was wondering if there are any existing, proven, and secure systems out there for generating a hash that both sides can generate with general knowledge. The server won't know about the client until the very first connection is established. The protocol's intent is to manage a network of clients who will be contributing data to the server periodically. New clients will be added simply by connecting the client to the server and "registering" with the server. So a client connects to the server for the first time, and registers their info (mac address or some other kind of unique computer identifier), then when they connect again, the server will recognize that client as a previous person and associate them with their data in the database.

    Read the article

  • Spring Security DB Authentication w/Hibernate and hashed passwords?

    - by Seth
    I'm trying to set up spring security 3 to authenticate users against my hibernate 3 database. I'm storing only sha1 hashes of the passwords in the database (not plaintext). I've looked at this and this, which tell me to implement my own UserDetailsService. Unfortunately, the UserDetails that loadUserByUsername spits out seem to need the plaintext password, which I don't have. How is this usually handled? Can Spring Security actually do what I need here? Am I missing something?

    Read the article

  • Authenticating Apache HTTPd against multiple LDAP servers with expired accounts

    - by Brian Bassett
    We're using mod_authnz_ldap and mod_authn_alias in Apache 2.2.9 (as shipped in Debian 5.0, 2.2.9-10+lenny7) to authenticate against multiple Active Directory domains for hosting a Subversion repository. Our current configuration is: # Turn up logging LogLevel debug # Define authentication providers <AuthnProviderAlias ldap alpha> AuthLDAPBindDN "CN=Subversion,OU=Service Accounts,O=Alpha" AuthLDAPBindPassword [[REDACTED]] AuthLDAPURL ldap://dc01.alpha:3268/?sAMAccountName?sub? </AuthnProviderAlias> <AuthnProviderAlias ldap beta> AuthLDAPBindDN "CN=LDAPAuth,OU=Service Accounts,O=Beta" AuthLDAPBindPassword [[REDACTED]] AuthLDAPURL ldap://ldap.beta:3268/?sAMAccountName?sub? </AuthnProviderAlias> # Subversion Repository <Location /svn> DAV svn SVNPath /opt/svn/repo AuthName "Subversion" AuthType Basic AuthBasicProvider alpha beta AuthzLDAPAuthoritative off AuthzSVNAccessFile /opt/svn/authz require valid-user </Location> We're encountering issues with users that have accounts in both Alpha and Beta, especially when their accounts in Alpha are expired (but still present; company policy is that the accounts live on for at a minimum of 1 year). For example, when the user x (which has en expired account in Alpha, and a valid account in Beta), the Apache error log reports the following: [Tue May 11 13:42:07 2010] [debug] mod_authnz_ldap.c(377): [client 10.1.1.104] [14817] auth_ldap authenticate: using URL ldap://dc01.alpha:3268/?sAMAccountName?sub? [Tue May 11 13:42:08 2010] [warn] [client 10.1.1.104] [14817] auth_ldap authenticate: user x authentication failed; URI /svn/ [ldap_simple_bind_s() to check user credentials failed][Invalid credentials] [Tue May 11 13:42:08 2010] [error] [client 10.1.1.104] user x: authentication failure for "/svn/": Password Mismatch [Tue May 11 13:42:08 2010] [debug] mod_deflate.c(615): [client 10.1.1.104] Zlib: Compressed 527 to 359 : URL /svn/ Attempting to authenticate as a non-existant user (nobodycool) results in the correct behavior of querying both LDAP servers: [Tue May 11 13:42:40 2010] [debug] mod_authnz_ldap.c(377): [client 10.1.1.104] [14815] auth_ldap authenticate: using URL ldap://dc01.alpha:3268/?sAMAccountName?sub? [Tue May 11 13:42:40 2010] [warn] [client 10.1.1.104] [14815] auth_ldap authenticate: user nobodycool authentication failed; URI /svn/ [User not found][No such object] [Tue May 11 13:42:40 2010] [debug] mod_authnz_ldap.c(377): [client 10.1.1.104] [14815] auth_ldap authenticate: using URL ldap://ldap.beta:3268/?sAMAccountName?sub? [Tue May 11 13:42:44 2010] [warn] [client 10.1.1.104] [14815] auth_ldap authenticate: user nobodycool authentication failed; URI /svn/ [User not found][No such object] [Tue May 11 13:42:44 2010] [error] [client 10.1.1.104] user nobodycool not found: /svn/ [Tue May 11 13:42:44 2010] [debug] mod_deflate.c(615): [client 10.1.1.104] Zlib: Compressed 527 to 359 : URL /svn/ How do I configure Apache to correctly query Beta if it encounters an expired account in Alpha?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >