Search Results

Search found 1725 results on 69 pages for 'token'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 41/69 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • sshd: How to enable PAM authentication for specific users under

    - by Brad
    I am using sshd, and allow logins with public key authentication. I want to allow select users to log in with a PAM two-factor authentication module. Is there any way I can allow PAM two-factor authentication for a specifc user? I don't want users - By the same token - I only want to enable password authentication for specific accounts. I want my SSH daemon to reject the password authentication attempts to thwart would-be hackers into thinking that I will not accept password authentication - except for the case in which someone knows my heavily guarded secret account, which is password enabled. I want to do this for cases in which my SSH clients will not let me do either secret key, or two-factor authentication.

    Read the article

  • Stuck on Login PhpMyAdmin

    - by TMP
    Hi. I've isntalled phpmyadmin via apt-get. I've set the apache env-vars to the correct user:group. I've set ownership of /etc/apache2 and /etc/phpmyadmin to this user:group. I've restarted both apache2 and mysql several times. My Problem: When I access [ServerIP]/phpmyadmin I get the login screen, I enter the information, and i'm right back at the login screen, with not even an error "permission denied" or "password wrong" or whatever. The only things thats different is the URL: Instead of the Original http://[ServerIP]/phpmyadmin/index.php I am now at http://[ServerIP]/phpmyadmin/index.php?token=[Long Hex string here] However, still the login dialog. My Question: How Do I fix this?

    Read the article

  • What if a computer with Ethernet

    - by George Nixon
    I'm just revising for an exam on Networks and Data Communications, and there's one thing I don't get about CSMA/CD and Ethernet. It's supposed to be fairly stable, for instance if a computer drops out of the network, it's not a problem like it might be in a token ring network (I think). But Ethernet works by all the other computers waiting for the currently transmitting computer to finish what it's doing, and then the others use CMSA/CD to determine who goes next. What if one computer malfunctioned and kept sending a continuous stream of data in an infinite loop? In fact, is there a standard time for pcs to transmit before they yield to others?

    Read the article

  • centos cron job running php file

    - by user50946
    I have a php file under php called test.php set to run every 5th minute of the hour. When ever I run the file manually (by going to the web browser and runnint the path) it works fine. But when the cron job tries to run it I get the error message my cron job is #### Delete Records 5 * * * * /var/www/html/phpsysinfo/cronUpdateLeadBucketOnEnergycAlliance.php my phpfile is (path : /var/www/html/phpsysinfo/phpfile) <?php require("dbconnect.php"); $sql = mysql_query("DELETE FROM list where status <> 'LEAD'") or die(mysql_error()); ?> and the error that I get is: /var/www/html/phpsysinfo/phpFile.php: line 1: ?php: No such file or directory /var/www/html/phpsysinfo/phpFile.php: line 2: syntax error near unexpected token `"dbconnect.php"' /var/www/html/phpsysinfo/phpFile.php: line 2: `require("dbconnect.php"); thanks

    Read the article

  • openSuse full disk encryption

    - by djechelon
    I'm a proud Suser. I'm about to reinstall 12.2 on my ASUS N76VZ (UEFI x64 laptop). Since I'm very sensitive about laptop security against theft or unwanted inspection, I chose to use BitLocker with USB dongle in Windows 7. When installing Suse the last time I found that only the home partition (separated from root) was capable of being encrypted. Does Suse offer a full disk encryption solution like BitLocker that I haven't discovered yet? Or is encrypting home partition the only way to protect data? Encrypting only home is feasible as one stores personal data in home, but I still would like to encrypt the whole thing! Also, using a hardware token (no TPM available) for unlocking is preferred to password, if possible! Thanks

    Read the article

  • is there a way to prevent network manager from storing the password for a wireless network

    - by tolomea
    Our corporate wireless network uses continuously changing passwords with RSA tokens. So every time we need to connect to the wireless we need to enter a new password off the RSA token. For extra fun using the wrong password a couple of times in a row causes the users account to be locked. Network manager automatically stores and reuses the password, with the net result that it is constant getting my account locked. Is there some way to prevent it from storing my password for that network? Or perhaps someway to get the gnome keyring to not store it?

    Read the article

  • Start ELEVATED script from within script

    - by Ulrich
    Hallo, I'm playing around with Powershell (relative NewBie) and I'm looking for the easiest way to call a Powershell script with elevated rights from within another script. I know of the runas verb for start-process which allows me to start a new script with a different account. My problem is, however, that under Vista (UAC active) every admin account has two access tokens, a normal privilege one and an elevated one. If I use the runas method, the second scripts gets started under the right account but with the non-elevated access token. Is there an easy way to control this? Thanks a lot for your help! Ulrich

    Read the article

  • SQL 2008. I have user in a db which has no login on the server. How is it possible?

    - by Boppity Bop
    I am talking about windows authentication. I dont have access to the server adming rights but a dbadmin sent me screenshot where my user is not in the logins of the server. and also there is only one windows group called admin - databases which I am 100% sure my guy cannot be part of it. BUT... his username is in users of my db... How come user can appear in a db not having login on the server? P.S. in the logs it prints: Login failed for user 'xxxx'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors

    Read the article

  • How do I install Visual Studio 2010 Express somewhere besides C:?

    - by TwentyMiles
    I have a SSD as my primary (C:) drive, mainly used for quickly loading games. It's pretty small (~30 GB) so I want to keep things that don't really need a speed boost off of it. I attempted installing the Visual Studio 2010 Express beta last night, and It claimed to require 2.1 GB of space so I changed the install directory to a secondary, non-SSD drive. After this, the installer said that it would use 1.8 GB on C: and ~200 MB on the secondary drive. While this token gesture of moving 1/10 of the app to the place I told it to is cute, I really want to install everything I can to the secondary drive. Is there any way to install all of Visual Studio 2010 Express to a drive besides C:?

    Read the article

  • How do I install Visual Studio 2010 Express somewhere besides C:?

    - by TwentyMiles
    I have a SSD as my primary (C:) drive, mainly used for quickly loading games. It's pretty small (~30 GB) so I want to keep things that don't really need a speed boost off of it. I attempted installing the Visual Studio 2010 Express beta last night, and It claimed to require 2.1 GB of space so I changed the install directory to a secondary, non-SSD drive. After this, the installer said that it would use 1.8 GB on C: and ~200 MB on the secondary drive. While this token gesture of moving 1/10 of the app to the place I told it to is cute, I really want to install everything I can to the secondary drive. Is there any way to install all of Visual Studio 2010 Express to a drive besides C:?

    Read the article

  • Virtualise Excel in a browser

    - by Macros
    Is it possible to give users access to a virtualised instance of Excel - I don't want to give them access to a full OS (although this will clearly be running in the background, all they can access is Excel - they don't even see any other screens)? Secondly, if it is possible, is it possible to do within a browser? Edit I am building a system which is designed to test candidates skills in Excel and for this reason needs to use the full desktop version and not a web app. I don't want to have to ensure Excel is installed on the client machine as there will be issues around differing versions and security as the workbook(s) that are used in the test use VBA extensively to customise and mark the exercises. Ideally my web app would be able to open a session to the server which then just puts the user into an instance of Excel without ever seeing a desktop. I would also need to be able to pass in command line parameters in order to define which workbook to open and also pass in a unique token to identify the user

    Read the article

  • How to do safely test Biztalk app by manipulating the Windows OS system time w/o breaking the Active Directory?

    - by melaos
    i have a biztalk - window service tied middleware application which talks to other system. recently we had a request to test for scenarios which relates to the date. as we have a lot of places in the application which uses the .net Datetime.Now value, we don't really want to go into the code level and change all these values. so we're looking at the simplest way to test which is to just change the OS time. but what we notice is that sometimes when we change the system date time, we will get account lock out due to Active Directory. So my question is what's a good and safe way that i can test for future dates, etc by changing the windows OS system date time but without causing any issues with the Active Directory. And where can i find out more about AD and how it issues token and what's the correlation with the system date time changes. Thanks! ~m

    Read the article

  • LinkedIn API returns 'Unauthorized' response (PHP OAuth)

    - by Jim Greenleaf
    I've been struggling with this one for a few days now. I've got a test app set up to connect to LinkedIn via OAuth. I want to be able to update a user's status, but at the moment I'm unable to interact with LinkedIn's API at all. I am able to successfully get a requestToken, then an accessToken, but when I issue a request to the API, I see an 'unauthorized' error that looks something like this: object(OAuthException)#2 (8) { ["message:protected"]=> string(73) "Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)" ["string:private"]=> string(0) "" ["code:protected"]=> int(401) ["file:protected"]=> string(47) "/home/pmfeorg/public_html/dev/test/linkedin.php" ["line:protected"]=> int(48) ["trace:private"]=> array(1) { [0]=> array(6) { ["file"]=> string(47) "/home/pmfeorg/public_html/dev/test/linkedin.php" ["line"]=> int(48) ["function"]=> string(5) "fetch" ["class"]=> string(5) "OAuth" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> string(35) "http://api.linkedin.com/v1/people/~" [1]=> string(3) "GET" } } } ["lastResponse"]=> string(358) " 401 1276375790558 0000 [unauthorized]. OAU:Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy|48032b2d-bc8c-4744-bb84-4eab53578c11|*01|*01:1276375790:xmc3lWhXJvLSUZh4dxMtrf55VVQ= " ["debugInfo"]=> array(5) { ["sbs"]=> string(329) "GET&http%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~&oauth_consumer_key%3DBhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy%26oauth_nonce%3D7068001084c13f2ee6a2117.22312548%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276375790%26oauth_token%3D48032b2d-bc8c-4744-bb84-4eab53578c11%26oauth_version%3D1.0" ["headers_sent"]=> string(401) "GET /v1/people/~?GET&oauth_consumer_key=Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy&oauth_signature_method=HMAC-SHA1&oauth_nonce=7068001084c13f2ee6a2117.22312548&oauth_timestamp=1276375790&oauth_version=1.0&oauth_token=48032b2d-bc8c-4744-bb84-4eab53578c11&oauth_signature=xmc3lWhXJvLSUZh4dxMtrf55VVQ%3D HTTP/1.1 User-Agent: PECL-OAuth/1.0-dev Host: api.linkedin.com Accept: */*" ["headers_recv"]=> string(148) "HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 Date: Sat, 12 Jun 2010 20:49:50 GMT Content-Type: text/xml;charset=UTF-8 Content-Length: 358" ["body_recv"]=> string(358) " 401 1276375790558 0000 [unauthorized]. OAU:Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy|48032b2d-bc8c-4744-bb84-4eab53578c11|*01|*01:1276375790:xmc3lWhXJvLSUZh4dxMtrf55VVQ= " ["info"]=> string(216) "About to connect() to api.linkedin.com port 80 (#0) Trying 64.74.98.83... connected Connected to api.linkedin.com (64.74.98.83) port 80 (#0) Connection #0 to host api.linkedin.com left intact Closing connection #0 " } } My code looks like this (based on the FireEagle example from php.net): $req_url = 'https://api.linkedin.com/uas/oauth/requestToken'; $authurl = 'https://www.linkedin.com/uas/oauth/authenticate'; $acc_url = 'https://api.linkedin.com/uas/oauth/accessToken'; $api_url = 'http://api.linkedin.com/v1/people/~'; $callback = 'http://www.pmfe.org/dev/test/linkedin.php'; $conskey = 'Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy'; $conssec = '####################SECRET KEY#####################'; session_start(); try { $oauth = new OAuth($conskey,$conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI); $oauth->enableDebug(); if(!isset($_GET['oauth_token'])) { $request_token_info = $oauth->getRequestToken($req_url); $_SESSION['secret'] = $request_token_info['oauth_token_secret']; header('Location: '.$authurl.'?oauth_token='.$request_token_info['oauth_token']); exit; } else { $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']); $access_token_info = $oauth->getAccessToken($acc_url); $_SESSION['token'] = $access_token_info['oauth_token']; $_SESSION['secret'] = $access_token_info['oauth_token_secret']; } $oauth->setToken($_SESSION['token'],$_SESSION['secret']); $oauth->fetch($api_url, OAUTH_HTTP_METHOD_GET); $response = $oauth->getLastResponse(); } catch(OAuthException $E) { var_dump($E); } I've successfully set up a connection to Twitter and one to Facebook using OAuth, but LinkedIn keeps eluding me. If anyone could offer some advice or point me in the right direction, I will be extremely appreciative!

    Read the article

  • Multiple "pages" in GWT with human friendly URLs

    - by Andreas Borglin
    Hi. I'm playing with a GWT/GAE project which will have three different "pages", although it is not really pages in a GWT sense. The top views (one for each page) will have completely different layouts, but some of the widgets will be shared. One of the pages is the main page which is loaded by the default url (http://www.site.com), but the other two needs additional URL information to differentiate the page type. They also need a name parameter, (like http://www.site.com/project/project-name. There are at least two solutions to this that I'm aware of. Use GWT history mechanism and let page type and parameters (such as project name) be part of the history token. Use servlets with url-mapping patterns (like /project/*) The first choice might seem obvious at first, but it has several drawbacks. First, a user should be able to easily remember and type URL directly to a project. It is hard to produce a human friendly URL with history tokens. Second, I'm using gwt-presenter and this approach would mean that we need to support subplaces in one token, which I'd rather avoid. Third, a user will typically stay at one page, so it makes more sense that the page information is part of the "static" URL. Using servlets solves all these problems, but also creates other ones. So my first questions is, what is the best solution here? If I would go for the servlet solution, new questions pop up. It might make sense to split the GWT app into three separate modules, each with an entry point. Each servlet that is mapped to a certain page would then simply forward the request to the GWT module that handles that page. Since a user typically stays at one page, the browser only needs to load the js for that page. Based on what I've read, this solution is not really recommended. I could also stick with one module, but then GWT needs to find out which page it should display. It could either query the server or parse the URL itself. If I stick with one GWT module, I need to keep the page information stored on server side. Naturally I thought about sessions, but I'm not sure if its a good idea to mix page information with user data. A session usually lives between user login and logout, but in this case it would need different behavior. Would it be bad practise to handle this via sessions? The one GWT module + servlet solution also leads to another problem. If a user goes from a project page to the main page, how will GWT know that this has happened? The app will not be reloaded, so it will be treated as a simple state change. It seems rather ineffecient to have to check page info for every state change. Anyone care to guide me out of the foggy darkness that surrounds me? :-)

    Read the article

  • WCF and Firewall

    - by Jim Biddison
    I have written a very simple WCF service (hosted in IIS) and web application that talks to it. If they are both in the same domain, it works fine. But when I put them in different domains (on different sides of a firewall), then the web applications says: The request for security token could not be satisfied because authentication failed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. The revelant part of the service web.config is: <system.serviceModel> <services> <service behaviorConfiguration="MigrationHelperBehavior" name="MigrationHelper"> <endpoint address="" binding="wsHttpBinding" contract="IMigrationHelper"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> <endpoint binding="httpBinding" contract="IMigrationHelper" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MigrationHelperBehavior"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> The web appliation (client) web.config says: <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_IMigrationHelper" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/> <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/> <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="http://mydomain.com/MigrationHelper.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMigrationHelper" contract="MyNewServiceReference.IMigrationHelper" name="WSHttpBinding_IMigrationHelper"> <identity> <dns value="localhost"/> </identity> </endpoint> </client> </system.serviceModel> I believe both these are just the default that VS 2008 created for me. So my question is, how does one go about configurating the service and client, when they are not in the same domain? Thanks .Jim Biddison

    Read the article

  • Loading a PyML multiclass classifier... why isn't this working?

    - by Michael Aaron Safyan
    This is a followup from "Save PyML.classifiers.multi.OneAgainstRest(SVM()) object?". I am using PyML for a computer vision project (pyimgattr), and have been having trouble storing/loading a multiclass classifier. When attempting to load one of the SVMs in a composite classifier, with loadSVM, I am getting: ValueError: invalid literal for float(): rest Note that this does not happen with the first classifier that I load, only with the second. What is causing this error, and what can I do to get around this so that I can properly load the classifier? Details To better understand the trouble I'm running into, you may want to look at pyimgattr.py (currently revision 11). I am invoking the program with "./pyimgattr.py train" which trains the classifier (invokes train on line 571, which trains the classifier with trainmulticlassclassifier on line 490 and saves it with storemulticlassclassifier on line 529), and then invoking the program with "./pyimgattr.py test" which loads the classifier in order to test it with the testing dataset (invokes test on line 628, which invokes loadmulticlassclassifier on line 549). The multiclass classifier consists of several one-against-rest SVMs which are saved individually. The loadmulticlassclassifier function loads these individually by calling loadSVM() on several different files. It is in this call to loadSVM (done indirectly in loadclassifier on line 517) that I get an error. The first of the one-against-rest classifiers loads successfully, but the second one does not. A transcript is as follows: $ ./pyimgattr.py test [INFO] pyimgattr -- Loading attributes from "classifiers/attributes.lst"... [INFO] pyimgattr -- Loading classnames from "classifiers/classnames.lst"... [INFO] pyimgattr -- Loading dataset "attribute_data/apascal_test.txt"... [INFO] pyimgattr -- Loaded dataset "attribute_data/apascal_test.txt". [INFO] pyimgattr -- Loading multiclass classifier from "classifiers/classnames_from_attributes"... [INFO] pyimgattr -- Constructing object into which to store loaded data... [INFO] pyimgattr -- Loading manifest data... [INFO] pyimgattr -- Loading classifier from "classifiers/classnames_from_attributes/aeroplane.svm".... scanned 100 patterns scanned 200 patterns read 100 patterns read 200 patterns {'50': 38, '60': 45, '61': 46, '62': 47, '49': 37, '52': 39, '53': 40, '24': 16, '25': 17, '26': 18, '27': 19, '20': 12, '21': 13, '22': 14, '23': 15, '46': 34, '47': 35, '28': 20, '29': 21, '40': 32, '41': 33, '1': 1, '0': 0, '3': 3, '2': 2, '5': 5, '4': 4, '7': 7, '6': 6, '8': 8, '58': 44, '39': 31, '38': 30, '15': 9, '48': 36, '16': 10, '19': 11, '32': 24, '31': 23, '30': 22, '37': 29, '36': 28, '35': 27, '34': 26, '33': 25, '55': 42, '54': 41, '57': 43} read 250 patterns in LinearSparseSVModel done LinearSparseSVModel constructed model [INFO] pyimgattr -- Loaded classifier from "classifiers/classnames_from_attributes/aeroplane.svm". [INFO] pyimgattr -- Loading classifier from "classifiers/classnames_from_attributes/bicycle.svm".... label at None delimiter , Traceback (most recent call last): File "./pyimgattr.py", line 797, in sys.exit(main(sys.argv)); File "./pyimgattr.py", line 782, in main return test(attributes_file,classnames_file,testing_annotations_file,testing_dataset_path,classifiers_path,logger); File "./pyimgattr.py", line 635, in test multiclass_classnames_from_attributes_classifier = loadmulticlassclassifier(classnames_from_attributes_folder,logger); File "./pyimgattr.py", line 529, in loadmulticlassclassifier classifiers.append(loadclassifier(os.path.join(filename,label+".svm"),logger)); File "./pyimgattr.py", line 502, in loadclassifier result=loadSVM(filename,datasetClass = SparseDataSet); File "/Library/Python/2.6/site-packages/PyML/classifiers/svm.py", line 328, in loadSVM data = datasetClass(fileName, **args) File "/Library/Python/2.6/site-packages/PyML/containers/vectorDatasets.py", line 224, in __init__ BaseVectorDataSet.__init__(self, arg, **args) File "/Library/Python/2.6/site-packages/PyML/containers/baseDatasets.py", line 214, in __init__ self.constructFromFile(arg, **args) File "/Library/Python/2.6/site-packages/PyML/containers/baseDatasets.py", line 243, in constructFromFile for x in parser : File "/Library/Python/2.6/site-packages/PyML/containers/parsers.py", line 426, in next x = [float(token) for token in tokens[self._first:self._last]] ValueError: invalid literal for float(): rest

    Read the article

  • Why does Keychain Services return the wrong keychain content?

    - by Graham Lee
    I've been trying to use persistent keychain references in an iPhone application. I found that if I created two different keychain items, I would get a different persistent reference each time (they look like 'genp.......1', 'genp.......2', …). However, attempts to look up the items by persistent reference always returned the content of the first item. Why should this be? I confirmed that my keychain-saving code was definitely creating new items in each case (rather than updating existing items), and was not getting any errors. And as I say, Keychain Services is giving a different persistent reference for each item. I've managed to solve my immediate problem by searching for keychain items by attribute rather than persistent references, but it would be easier to use persistent references so I'd appreciate solving this problem. Here's my code: - (NSString *)keychainItemWithName: (NSString *)name { NSString *path = [GLApplicationSupportFolder() stringByAppendingPathComponent: name]; NSData *persistentRef = [NSData dataWithContentsOfFile: path]; if (!persistentRef) { NSLog(@"no persistent reference for name: %@", name); return nil; } NSArray *refs = [NSArray arrayWithObject: persistentRef]; //get the data CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionaryAddValue(params, kSecMatchItemList, refs); CFDictionaryAddValue(params, kSecClass, kSecClassGenericPassword); CFDictionaryAddValue(params, kSecReturnData, kCFBooleanTrue); CFDataRef item = NULL; OSStatus result = SecItemCopyMatching(params, (CFTypeRef *)&item); CFRelease(params); if (result != errSecSuccess) { NSLog(@"error %d retrieving keychain reference for name: %@", result, name); return nil; } NSString *token = [[NSString alloc] initWithData: (NSData *)item encoding: NSUTF8StringEncoding]; CFRelease(item); return [token autorelease]; } - (void)setKeychainItem: (NSString *)newToken forName: (NSString *)name { NSData *tokenData = [newToken dataUsingEncoding: NSUTF8StringEncoding]; //firstly, find out whether the item already exists NSDictionary *searchAttributes = [NSDictionary dictionaryWithObjectsAndKeys: name, kSecAttrAccount, kCFBooleanTrue, kSecReturnAttributes, nil]; NSDictionary *foundAttrs = nil; OSStatus searchResult = SecItemCopyMatching((CFDictionaryRef)searchAttributes, (CFTypeRef *)&foundAttrs); if (noErr == searchResult) { NSMutableDictionary *toStore = [foundAttrs mutableCopy]; [toStore setObject: tokenData forKey: (id)kSecValueData]; OSStatus result = SecItemUpdate((CFDictionaryRef)foundAttrs, (CFDictionaryRef)toStore); if (result != errSecSuccess) { NSLog(@"error %d updating keychain", result); } [toStore release]; return; } //need to create the item. CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionaryAddValue(params, kSecClass, kSecClassGenericPassword); CFDictionaryAddValue(params, kSecAttrAccount, name); CFDictionaryAddValue(params, kSecReturnPersistentRef, kCFBooleanTrue); CFDictionaryAddValue(params, kSecValueData, tokenData); NSData *persistentRef = nil; OSStatus result = SecItemAdd(params, (CFTypeRef *)&persistentRef); CFRelease(params); if (result != errSecSuccess) { NSLog(@"error %d from keychain services", result); return; } NSString *path = [GLApplicationSupportFolder() stringByAppendingPathComponent: name]; [persistentRef writeToFile: path atomically: NO]; [persistentRef release]; }

    Read the article

  • Devise / Rails 4 Windows mobile authentication failure

    - by Nic Willemse
    Im using devise with a rails 4 application. Authentication works fine on most devices, including some old feature phones. I am however running into problems with the Nokia Lumia. Please see log snippet below. By the looks of things this appears to be a rails issue rather than a devise problem. Please Help! 014-05-30T09:47:38.668478+00:00 app[web.1]: Started POST "/users/sign_in" for 197.111.223.249 at 2014-05-30 09:47:38 +0000 2014-05-30T09:47:38.668505+00:00 app[web.1]: Started POST "/users/sign_in" for 197.111.223.249 at 2014-05-30 09:47:38 +0000 2014-05-30T09:47:38.672961+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML 2014-05-30T09:47:38.672968+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML 2014-05-30T09:47:38.674163+00:00 app[web.1]: Can't verify CSRF token authenticity 2014-05-30T09:47:38.673021+00:00 app[web.1]: Parameters: {"utf8"="?", "authenticity_token"="Ckyw9vAfxbgksugLMainfWoG2jRdq7GB5xBBGxqYhCs=", "user"={"email"="", "password"="[FILTERED]", "remember_me"="0"}, "commit"="Sign in"} 2014-05-30T09:47:38.673027+00:00 app[web.1]: Parameters: {"utf8"="?", "authenticity_token"="Ckyw9vAfxbgksugLMainfWoG2jRdq7GB5xBBGxqYhCs=", "user"={"email"="", "password"="[FILTERED]", "remember_me"="0"}, "commit"="Sign in"} 2014-05-30T09:47:38.674170+00:00 app[web.1]: Can't verify CSRF token authenticity 2014-05-30T09:47:38.677792+00:00 app[web.1]: Completed 422 Unprocessable Entity in 5ms 2014-05-30T09:47:38.677799+00:00 app[web.1]: Completed 422 Unprocessable Entity in 5ms 2014-05-30T09:47:38.683294+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): 2014-05-30T09:47:38.683299+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:170:in handle_unverified_request' 2014-05-30T09:47:38.683289+00:00 app[web.1]: 2014-05-30T09:47:38.683298+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:163:inhandle_unverified_request' 2014-05-30T09:47:38.683303+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:177:in verify_authenticity_token' 2014-05-30T09:47:38.683305+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.1/lib/active_support/callbacks.rb:417:in_run__3672081613755604432__process_action__callbacks' Form : <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => {:class => "form-signin"}) do |f| %> <h2 class="form-signin-heading">Sign in</h2> <%= devise_error_messages! %> <div><%= f.label :email %><br /> <%= f.email_field :email, :autofocus => true, :class=> "form-control" %></div> <div><%= f.label :password %><br /> <%= f.password_field :password , :class=> "form-control"%></div> <% if devise_mapping.rememberable? -%> <div><%= f.check_box :remember_me, :class=> "form-control"%> <%= f.label :remember_me %></div> <% end -%> <div><%= f.submit "Sign in" ,:class => "btn btn-lg btn-primary btn-block"%></div> <input name="authenticity_token" type="hidden" value="<%= form_authenticity_token %>"/> <%= render "devise/shared/links" %> <% end %>

    Read the article

  • Upgrade 10g Osso to 11g OAM (Part 2)

    - by Pankaj Chandiramani
    This is part 2 of http://blogs.oracle.com/pankaj/2010/11/upgrade_10g_osso_to_11g_oam.html So last post we saw the overview of upgrading osso to oam11g . Now some more details on same . As we are using the co-existence feature , we have to install the OAM server and upgrade the existing OSSO 10g server to the OAM servers. OAM Upgrade Steps Overview Pre-Req : You already have a OAM 11g Installed Upgrade Step 1: Configure User Store & Make it Primary Upgrade Step 2: Create Policy Domain , this is dome by UA automatically Upgrade Step 3: Migrate Partners : This is done by running Upgrade Assistant Verify successful Upgrade Details on UA step : To Upgrade the existing OSSO 10g servers to OAM server , this is done by running the UA script in OAM , which copies over all the partner app details from osso to OAM 11g , run_ua.sh is the script name which will ask you to input the Policies.properties from SSO $OH/sso/config folder of osso 10g & other variables like db password . Some pointers Upgrading oso to Oam 11g , by default enables the coexistence mode on the OAM Server Front-end the OAM server with the same Load Balancer that is the front end of the OSSO 10g servers. Now, OAM and OSSO 10g servers are working in a co-exist mode. OAM 11g is made to understand 10g OSSO Token format and session handling capabilities so as to co-exist with 10g OSSO servers./li How to test ? Try to access the partner applications and verify that single sign on works. Also, verify that user does not have to login in if the user is already authenticated by either OAM or OSSO 10g server. Screen-shots & Troubleshooting tips to be followed .......

    Read the article

  • Parsing flat files using SSIS : SSIS Nugget

    - by jamiet
    Often when using SQL Server Integration Services (SSIS) you will find there is more than one way of accomplishing a task and that the most obvious method of doing so might not be the optimal one. In the video below I demonstrate this by way of an experiment using SSIS’s Flat File Source component; I show different ways that you can pull data from a flat file into the SSIS dataflow and also how the nature of the data itself can influence your choice as to how this task should be accomplished. If you are having trouble viewing the video in your blog reader then head to http://sqlblog.com/blogs/jamie_thomson/archive/2010/03/25/parsing-flat-files-using-ssis-ssis-nugget.aspx to see it as it is hosted on my blog!  The main point I want to get across from this video is that a little bit of creative thinking when building your dataflows can sometimes be very beneficial for performance; quite often building a solution that isn’t the most obvious might actually turn out to be the best one. You’ll notice, if you have watched the video, that my editing skills weren’t quite up to snuff and I cut off the final few words however all I was saying was that if you have any feedback on this video then I would love to hear it either via email or preferably the comments section below. I hope this turns out to be useful to some of you. @Jamiet P.S. Incidentally the parsing that we do using SSIS expressions in the video would be much easier if we had a TOKENISE function in SSIS’s expression language and I have asked for the introduction of such a function on Connect at [SSIS] TOKEN(string, tokeniser_string, occurence) function. Feel free to go and vote that up if you think this feature would be useful! Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • Beware: Upgrade to ASP.NET MVC 2.0 with care if you use AntiForgeryToken

    - by James Crowley
    If you're thinking of upgrading to MVC 2.0, and you take advantage of the AntiForgeryToken support then be careful - you can easily kick out all active visitors after the upgrade until they restart their browser. Why's this?For the anti forgery validation to take place, ASP.NET MVC uses a session cookie called "__RequestVerificationToken_Lw__". This gets checked for and de-serialized on any page where there is an AntiForgeryToken() call. However, the format of this validation cookie has apparently changed between MVC 1.0 and MVC 2.0. What this means is that when you make to switch on your production server to MVC 2.0, suddenly all your visitors session cookies are invalid, resulting in calls to AntiForgeryToken() throwing exceptions (even on a standard GET request) when de-serializing it: [InvalidCastException: Unable to cast object of type 'System.Web.UI.Triplet' to type 'System.Object[]'.]   System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken) +104[HttpAntiForgeryException (0x80004005): A required anti-forgery token was not supplied or was invalid.]   System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken) +368   System.Web.Mvc.HtmlHelper.GetAntiForgeryTokenAndSetCookie(String salt, String domain, String path) +209   System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain, String path) +16   System.Web.Mvc.HtmlHelper.AntiForgeryToken() +10  <snip> So you've just kicked all your active users out of your site with exceptions until they think to restart their browser (to clear the session cookies). The only work around for now is to either write some code that wipes this cookie - or disable use of AntiForgeryToken() in your MVC 2.0 site until you're confident all session cookies will have expired. That in itself isn't very straightforward, given how frequently people tend to hibernate/standby their machines - the session cookie will only clear once the browser has been shut down and re-opened. Hope this helps someone out there!

    Read the article

  • Standards Corner: OAuth WG Client Registration Problem

    - by Tanu Sood
    Phil Hunt is an active member of multiple industry standards groups and committees (see brief bio at the end of the post) and has spearheaded discussions, creation and ratifications of  Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} industry standards including the Kantara Identity Governance Framework, among others. Being an active voice in the industry standards development world, we have invited him to share his discussions, thoughts, news & updates, and discuss use cases, implementation success stories (and even failures) around industry standards on this monthly column. Author: Phil Hunt This afternoon, the OAuth Working Group will meet at IETF88 in Vancouver to discuss some important topics important to the maturation of OAuth. One of them is the OAuth client registration problem.OAuth (RFC6749) was initially developed with a simple deployment model where there is only monopoly or singleton cloud instance of a web API (e.g. there is one Facebook, one Google, on LinkedIn, and so on). When the API publisher and API deployer are the same monolithic entity, it easy for developers to contact the provider and register their app to obtain a client_id and credential.But what happens when the API is for an open source project where there may be 1000s of deployed copies of the API (e.g. such as wordpress). In these cases, the authors of the API are not the people running the API. In these scenarios, how does the developer obtain a client_id? An example of an "open deployed" API is OpenID Connect. Connect defines an OAuth protected resource API that can provide personal information about an authenticated user -- in effect creating a potentially common API for potential identity providers like Facebook, Google, Microsoft, Salesforce, or Oracle. In Oracle's case, Fusion applications will soon have RESTful APIs that are deployed in many different ways in many different environments. How will developers write apps that can work against an openly deployed API with whom the developer can have no prior relationship?At present, the OAuth Working Group has two proposals two consider: Dynamic RegistrationDynamic Registration was originally developed for OpenID Connect and UMA. It defines a RESTful API in which a prospective client application with no client_id creates a new client registration record with a service provider and is issued a client_id and credential along with a registration token that can be used to update registration over time.As proof of success, the OIDC community has done substantial implementation of this spec and feels committed to its use. Why not approve?Well, the answer is that some of us had some concerns, namely: Recognizing instances of software - dynamic registration treats all clients as unique. It has no defined way to recognize that multiple copies of the same client are being registered other then assuming if the registration parameters are similar it might be the same client. Versioning and Policy Approval of open APIs and clients - many service providers have to worry about change management. They expect to have approval cycles that approve versions of server and client software for use in their environment. In some cases approval might be wide open, but in many cases, approval might be down to the specific class of software and version. Registration updates - when does a client actually need to update its registration? Shouldn't it be never? Is there some characteristic of deployed code that would cause it to change? Options lead to complexity - because each client is treated as unique, it becomes unclear how the clients and servers will agree on what credentials forms are acceptable and what OAuth features are allowed and disallowed. Yet the reality is, developers will write their application to work in a limited number of ways. They can't implement all the permutations and combinations that potential service providers might choose. Stateful registration - if the primary motivation for registration is to obtain a client_id and credential, why can't this be done in a stateless fashion using assertions? Denial of service - With so much stateful registration and the need for multiple tokens to be issued, will this not lead to a denial of service attack / risk of resource depletion? At the very least, because of the information gathered, it would difficult for service providers to clean up "failed" registrations and determine active from inactive or false clients. There has yet to be much wide-scale "production" use of dynamic registration other than in small closed communities. Client Association A second proposal, Client Association, has been put forward by Tony Nadalin of Microsoft and myself. We took at look at existing use patterns to come up with a new proposal. At the Berlin meeting, we considered how WS-STS systems work. More recently, I took a review of how mobile messaging clients work. I looked at how Apple, Google, and Microsoft each handle registration with APNS, GCM, and WNS, and a similar pattern emerges. This pattern is to use an existing credential (mutual TLS auth), or client bearer assertion and swap for a device specific bearer assertion.In the client association proposal, the developer's registration with the API publisher is handled by having the developer register with an API publisher (as opposed to the party deploying the API) and obtaining a software "statement". Or, if there is no "publisher" that can sign a statement, the developer may include their own self-asserted software statement.A software statement is a special type of assertion that serves to lock application registration profile information in a signed assertion. The statement is included with the client application and can then be used by the client to swap for an instance specific client assertion as defined by section 4.2 of the OAuth Assertion draft and profiled in the Client Association draft. The software statement provides a way for service provider to recognize and configure policy to approve classes of software clients, and simplifies the actual registration to a simple assertion swap. Because the registration is an assertion swap, registration is no longer "stateful" - meaning the service provider does not need to store any information to support the client (unless it wants to). Has this been implemented yet? Not directly. We've only delivered draft 00 as an alternate way of solving the problem using well-known patterns whose security characteristics and scale characteristics are well understood. Dynamic Take II At roughly the same time that Client Association and Software Statement were published, the authors of Dynamic Registration published a "split" version of the Dynamic Registration (draft-richer-oauth-dyn-reg-core and draft-richer-oauth-dyn-reg-management). While some of the concerns above are addressed, some differences remain. Registration is now a simple POST request. However it defines a new method for issuing client tokens where as Client Association uses RFC6749's existing extension point. The concern here is whether future client access token formats would be addressed properly. Finally, Dyn-reg-core does not yet support software statements. Conclusion The WG has some interesting discussion to bring this back to a single set of specifications. Dynamic Registration has significant implementation, but Client Association could be a much improved way to simplify implementation of the overall OpenID Connect specification and improve adoption. In fairness, the existing editors have already come a long way. Yet there are those with significant investment in the current draft. There are many that have expressed they don't care. They just want a standard. There is lots of pressure on the working group to reach consensus quickly.And that folks is how the sausage is made.Note: John Bradley and Justin Richer recently published draft-bradley-stateless-oauth-client-00 which on first look are getting closer. Some of the details seem less well defined, but the same could be said of client-assoc and software-statement. I hope we can merge these specs this week. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} About the Writer: Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identity Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards.  Phil blogs at www.independentid.com and a Twitter handle of @independentid.

    Read the article

  • Security exception in Twitterizer

    - by Raghu
    Hi, We are using Twitterizer for Twitter integration to get the Tweets details. When making call to the method OAuthUtility.GetRequestToken, following exception is coming. System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. When the application is hosted on IIS 5, the application works fine and the above error is coming only when the application is hosted in IIS 7 on Windows 2008 R2. and the method OAuthUtility.GetRequestToken throws above exception. It seems the issue is something with code access security. Please suggest what kind of permissions should be given to fix the security exception. The application has the Full Trust and I have even tried by registering the Twitterizer DLL in GAC and still the same error is coming. I am not sure what makes the difference between IIS 5 and IIS 7 with regards to code access security to cause that exception. Following is the stack track of the exception. [SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0 System.Security.CodeAccessPermission.Demand() +54 Twitterizer.OAuthUtility.ExecuteRequest(String baseUrl, Dictionary`2 parameters, HTTPVerb verb, String consumerKey, String consumerSecret, String token, String tokenSecret, WebProxy proxy) +224 Twitterizer.OAuthUtility.GetRequestToken(String consumerKey, String consumerSecret, String callbackAddress, WebProxy proxy) +238 Twitter._Default.btnSubmit_Click(Object sender, EventArgs e) +94 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11045655 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11045194 System.Web.UI.Page.ProcessRequest() +91 System.Web.UI.Page.ProcessRequest(HttpContext context) +240 ASP.authorization_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\twitter\c2fd5853\dcb96ae9\App_Web_y_ada-ix.0.cs:0 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171 Any help would be greatly appreciated. Thanks in advance. Regards, Raghu

    Read the article

  • New Fusion CRM Webinars for Partners dates and subjects announced

    - by Richard Lefebvre
    New Fusion CRM Weekly webinars dates and subjects have been announced! Visit our microsite to find out the sessions to come and mark them in your agenda. The next session will take place Monday April the 2nd at 3pm GMT / 4pm CET and will address the Fusion CRM Sales Planning  In order to check the complete agenda and see login-details, please visit our dedicated microsite. How to join the dedicated microsite: Click on http://isdportal.oracle.com/isd_html/sf.htm Enter your Email Address in the corresponding field Enter fusion_crm in the “Access URL/Page Token” field Agenda: The list of sessions is published and will be regularly updated in the microsite. Duration: Each session lasts up to 60 minutes Webex: The respective webinar link and session ID are published in the microsite Audio:  The audio call details (telephone numbers by country, call number and password) is indicated in the microsite Slides: For your convenience, a pdf copy of each presentation will be stored in the microsite’s document section. We hope that this series of webcasts will be instrumental to your way of Fusion CRM business success!  For further information please contact me at [email protected]

    Read the article

  • Regular Expressions Quick Reference

    - by Jan Goyvaerts
    The Regular-Expressions.info website has a new quick reference to regular expressions that lists all of the regex syntax in one single table along with a link to the tutorial section that explains the syntax. The quick reference is ordered by syntax whereas the full reference tables are ordered by feature. There are multiple entries for some of the syntax as different regex flavors may use the same syntax for different features. Use the quick reference if you’ve seen some syntax in somebody else’s regex and you have no idea what feature that syntax is for. Use the full reference tables if you already know the feature you want but forgot which syntax to use. Of course, an even quicker reference is to paste your regex into RegexBuddy, select the application you’re working with, and click on the part of the regex you don’t understand. RegexBuddy then selects the corresponding node in its regex tree which summarizes exactly what the syntax you clicked on does in your regex. If you need more information, press F1 or click the Explain Token button to open the relevant page in the regex tutorial in RegexBuddy’s help file.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >