Search Results

Search found 5866 results on 235 pages for 'authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 78/235 | < Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85  | Next Page >

  • Login for webapp, needs to be available for support staff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • Why is it not good to use $_SESSION in Restful Implementations?

    - by keisimone
    Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • FormsAuthentication.SetAuthCookie

    - by Miral
    hi we are using FormsAuthentication.SetAuthCookie(profile.Id, false); Now the question is when does this cookie expires? It ofcourse expires once i close all the browsers but it doesn't i keep the browser open and i dont know the timelimit.

    Read the article

  • How to retreive SID's byte array

    - by rursw1
    Hello experts, How can I convert a PSID type into a byte array that contains the byte value of the SID? Something like: PSID pSid; byte sidBytes[68];//Max. length of SID in bytes is 68 if(GetAccountSid( NULL, // default lookup logic AccountName,// account to obtain SID &pSid // buffer to allocate to contain resultant SID ) { ConvertPSIDToByteArray(pSid, sidBytes); } --how should I write the function ConvertPSIDToByteArray? Thank you!

    Read the article

  • how to decrypt a string

    - by Avinash
    Hi, How to restore the value of a string after using FormsAuthentication.HashPasswordForStoringInConfigFile() i have a string s1 = "abc" then FormsAuthentication.HashPasswordForStoringInConfigFile(s1, "SHA1") = A9993E364706816ABA3E25717850C26C9CD0D89D How can i decrypt "A9993E364706816ABA3E25717850C26C9CD0D89D" back to "abc"??

    Read the article

  • How can I validate/secure/authenticate a JavaScript-based POST request?

    - by Bungle
    A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

    Read the article

  • Login with Kohana auth module - what am I doing wrong?

    - by keithjgrant
    I'm trying to login with the following controller action, but my login attempt keeps failing (I get the 'invalid username and/or password' message). What am I doing wrong? I also tried the other method given in the examples in the auth documentation, Auth::instance()->login($user->username, $form->password);, but I get the same result. Kohana version is 2.3.4. public function login() { $auth = Auth::instance(); if ($auth->logged_in()) { url::redirect('/account/summary'); } $view = new View('login'); $view->username = ''; $view->password = ''; $post = $this->input->post(); $form = new Validation($post); $form->pre_filter('trim', 'username') ->pre_filter('trim', 'password') ->add_rules('username', 'required'); $failed = false; if (!empty($post) && $form->validate()) { $login = array( 'username' => $form->username, 'password' => $form->password, ); if (ORM::factory('user')->login($login)) { url::redirect('/accounts/summary'); } else { $view->username = $form->username; $view->message = in_array('required', $form->errors()) ? 'Username and password are required.' : 'Invalid username and/or password.'; } } $view->render(true); }

    Read the article

  • How to transfer url parameters to repoze custom predicate checkers

    - by user281521
    I would like to create a repoze custom predicate checker that is capable to access url parameters and validate something. But I would like to use allow_only to set this permission checker in all the controller's scope. Something like: class MyController(BaseController): allow_only = All(not_anonymous(msg=l_(u'You must be logged on')), my_custom_predicate(msg=l_(u'something wrong'))) def index(self, **kw): return dict() then, my_custom_predicate should check the url paramters for every request in every MyController method, and do whatever it do. The problem is just that: how to allow my_custom_predicate to check the url parameters, using it in that way I wrote above.

    Read the article

  • Calling https process from ASP Net

    - by David M
    I have an ASP NET web server application that calls another process running on the same box that creates a pdf file and returns it. The second process requires a secure connection via SSL. The second process has issued my ASP NET application with a digital certificate but I still cannot authenticate, getting a 403 error. The code is a little hard to show but here's a simplified method ... X509Certificate cert = X509Certificate.CreateFromCertFile("path\to\cert.cer"); string URL = "https://urltoservice?params=value"; HttpWebRequest req = HttpWebRequest.Create(URL) as HttpWebRequest; req.ClientCertificates.Add(cert); req.Credentials = CredentialCache.DefaultCredentials; req.PreAuthenticate = true; /// error happens here WebResponse resp = req.GetResponse(); Stream input = resp.GetResponseStream(); The error text is "The remote server returned an error: (403) Forbidden." Any pointers are welcome.

    Read the article

  • Rails creating a new session every page view

    - by danhere
    Hi everyone, I'm following the Agile RoR book somewhat to apply it to a project for school. It's going good until I get to sessions. I continually get Authenticity Invalid Tokens and when I look at my sessions table in the database, there's a new session being created every time I refresh the page. Is that right or is something messed up? Thanks.

    Read the article

  • Rails: Accessing the username/password used for HTTP Basic Auth?

    - by Shpigford
    I'm building a basic API where user information can be retrieved after that user's login and password are correctly sent. Right now I'm using something like this: http://foo:[email protected]/api/user.xml So, what I need to do is access the user/password sent in the request (the foo and bar) but am not sure how to access that info in a Rails controller. Then I'd check those variables via a quick User.find and then set those as the username and password variables for authenticate_or_request_with_http_basic. It's possible I'm looking at this at the completely wrong way, but that's where I'm at right now. :)

    Read the article

  • Why always fires OnFailure when return View() to Ajax Form ?

    - by Wahid Bitar
    I'm trying to make a log-in log-off with Ajax supported. I made some logic in my controller to sign the user in and then return simple partial containing welcome message and log-Off ActionLink my Action method looks like this : public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { if (MembershipService.ValidateUser(model.UserName, model.Password)) { FormsService.SignIn(model.UserName, model.RememberMe); if (Request.IsAjaxRequest()) { //HERE IS THE PROBLEM :( return View("LogedInForm"); } else { if (!String.IsNullOrEmpty(returnUrl)) return Redirect(returnUrl); else return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); if (Request.IsAjaxRequest()) { return Content("There were an error !"); } } } return View(model); } and I'm trying to return this simple partial : Welcome <b><%= Html.Encode(Model.UserName)%></b>! <%= Html.ActionLink("Log Off", "LogOff", "Account") %> and of-course the two partial are strongly-typed to LogOnModel. But if i returned View("PartialName") i always get OnFailure with status code 500. While if i returned Content("My Message") everything is going right. so please tell me why i always get this "StatusCode = 500" ??. where is the big mistake ??. By the way in my Site MasterPage i rendered partial to show long-on simple form this partial looks like this : <script type="text/javascript"> function ShowErrorMessage(ajaxContext) { var response = ajaxContext.get_response(); var statusCode = response.get_statusCode(); alert("Sorry, the request failed with status code " + statusCode); } function ShowSuccessMessage() { alert("Hey everything is OK!"); } </script> <div id="logedInDiv"> </div> <% using (Ajax.BeginForm("LogOn", "Account", new AjaxOptions { UpdateTargetId = "logedInDiv", InsertionMode = InsertionMode.Replace, OnSuccess = "ShowSuccessMessage", OnFailure = "ShowErrorMessage" })) { %> <%= Html.TextBoxFor(m => m.UserName)%> <%= Html.PasswordFor(m => m.Password)%> <%= Html.CheckBoxFor(m => m.RememberMe)%> <input type="submit" value="Log On" /> < <% } %>

    Read the article

  • Django Comments and Users integration

    - by Patrick
    Hi folks, I am new to django. I am trying to use django.contrib.comments, I saw the table in the database like this, but how can I integrate it with user_id, user_photos, user_name, user_email....and those things with the django commenting system? I also tried to use thread-comments, but I can't configure it properly, is the django threadedcomments table similar to following ? Please let me know if any of you have done this before....all I need is a user login, and post comments, and then show list of comments with users' profile photos and username, as well as there comments. I think shouldn't be that hard. Thank you very much again. +-----------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | content_type_id | int(11) | NO | MUL | NULL | | | object_pk | longtext | NO | | NULL | | | site_id | int(11) | NO | MUL | NULL | | | user_id | int(11) | YES | MUL | NULL | | | user_name | varchar(50) | NO | | NULL | | | user_email | varchar(75) | NO | | NULL | | | user_url | varchar(200) | NO | | NULL | | | comment | longtext | NO | | NULL | | | submit_date | datetime | NO | | NULL | | | ip_address | char(15) | YES | | NULL | | | is_public | tinyint(1) | NO | | NULL | | | is_removed | tinyint(1) | NO | | NULL | | +-----------------+--------------+------+-----+---------+----------------+

    Read the article

  • When to Store Temporary Values in Hidden Field vs. Session vs. Database?

    - by viatropos
    I am trying to build a simple OpenID login panel similar to how Stack Overflow's works. The goal is: User clicks OpenID/Oauth provider OpenID/Oauth stuff happens, we end up with the result (already made that) Then we want to confirm that the user wants to actually create a new account (vs. associating account with another OpenID account). In StackOverflow, they keep a hidden field on a form that looks like this: <form action="/users/openidconfirm" method="post"> <p>This is an OpenID we haven't seen on Stack Overflow before:</p> <p class="openid-identifier">https://me.yahoo.com/a/some-hash</p> <p>Do you want to associate this OpenID with your Stack Overflow account?</p> <div> <input type="hidden" name="fkey" value="9792ab2zza1q2a4ac414casdfa137eafba7"> <input type="hidden" name="s" value="c1a3q133-11fa-49r0-a7bz-da19849383218"> <input type="submit" value="Associate OpenID"> <input type="button" value="Cancel" onclick="window.location.href = 'http://stackoverflow.com/users/169992/viatropos?s=c1a3q133-11fa-49r0-a7bz-da19849383218'"> </div> </form> Initial question is, what are those hashes fkey and s? Not that I really care what these specific hashes are, but what it seems like is happening is they have processed the openid response and saved it to the DB in a temporary object or something, and from there they generate these keys, because they don't look like Oauth keys to me. Main situation is: after I have processed OpenID/Oauth responses, I don't yet want to create a new user/account until the user submits the "confirm" form. Should I store the keys and tokens temporarily in a "Confirm" form like this? Or is there a better way? It seems that using a temp database object would be a lot of work to manage properly. Thanks for the help. Lance

    Read the article

  • How to handle security constraints using GWT 2.1's RequestFactory?

    - by Marc
    I am currently developing a GWT 2.1 application that is to be deployed on Google App Engine. I would like to realise the server communication using the new RequestFactory. Now my question is how to handle fine-grained security issues in this context? Some server actions (of those declared in the RequestContext stubs) shall be restricted to certain users (possibly depending on the parameters of the remote call). If a call is unauthorised, I would like the client to show a login page (so that one may log in as a different user, for example). From the Expenses example, I know how to implement an automatic redirection to a login page, but in this example, the security model is quite simple: A client is allowed to access the servlet if and only if a user is logged in. Shall I raise a custom UnAuthorizedException in my server-side service? Where should I intercept this exception? (Can I do this in a servlet filter like the GaeAuthFilter of the Expenses example?)

    Read the article

  • Automatically authenticating windows users on an apache/Linux server

    - by Peter Carrero
    If I wanna authenticate windows accounts to AD when a user browses to an apache-running site on a Linux server, here are the usual suspects:   * mod_ntlm (which I used in a distant past) - last update on 2003 * mod_auth_ntlm_winbind - last update on 04/2007 * mod_auth_kerb - last update on 12/2008 No luck getting any of those to work with a recent, fully patched, windows 2000 AD server. Do you have any clues as to a recipe that does work?  -Peter -- UPDATE my current build environment is this: OS: Ubuntu Lucid Apache 2.2.14 (from repos) the auth modules I recompiled from source.

    Read the article

  • Update User Info with restful_authentication plugin in Rails?

    - by benoror
    Hi people, I want to give the users the ability to change their account info with restful_authentication plugin in rails. I added this two methods to my users controller: def edit @user = User.find(params[:id]) end def update @user = User.find(params[:id]) # Only update password when necessary params[:user].delete(:password) if pàrams[:user][:password].blank? respond_to do |format| if @user.update_attributes(params[:user]) flash[:notice] = 'User was successfully updated.' format.html { redirect_to(@user) } format.xml { head :ok } else format.html { render :action => "edit" } format.xml { render :xml => @user.errors, :status => :unprocessable_entity } end end end Also, I copied new.html.erb to edit.html.erb. Considering that resources are already defined in routes.rb I was expecting it to work easily, bute somehow when I click the save button it calls the create method, instead of update, using a POST http request. Inmediatly after that it autocatically log out form the session. Any ideas?

    Read the article

  • Is it inmoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The inmediate reaction of other coworkers was a request to remove it, saying that it was innapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see innapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • Did anyone have this issue with a simple Facebook app or know how to solve it?

    - by Jian Lin
    I have a really simple few lines of Facebook app, using the new Facebook API: <pre> <?php require 'facebook.php'; // Create our Application instance. $facebook = new Facebook(array( 'appId' => '117676584930569', 'secret' => '**********', // hidden here on the post... 'cookie' => true, )); var_dump($facebook); ?> but it is giving me the following output: http://apps.facebook.com/woolaladev/i2.php would give out object(Facebook)#1 (6) { ["appId:protected"]=> string(15) "117676584930569" ["apiSecret:protected"]=> string(32) "**********" <--- just hidden on this post ["session:protected"]=> NULL ["sessionLoaded:protected"]=> bool(false) ["cookieSupport:protected"]=> bool(true) ["baseDomain:protected"]=> string(0) "" } Session is NULL for some reason, but I am logged in and can access my home and profile and run other apps on Facebook (to see that I am logged on). I am following the sample on: http://github.com/facebook/php-sdk/blob/master/examples/example.php http://github.com/facebook/php-sdk/blob/master/src/facebook.php (download using raw URL: wget http://github.com/facebook/php-sdk/raw/master/src/facebook.php ) Trying on both hosting companies at dreamhost.com and netfirms.com, and the results are the same.

    Read the article

  • What is the best way to get support from microsoft developers [closed]

    - by Malcolm Frexner
    I have a problem at my production web, that I am not able to solve. I am not able to reproduce the problem in stage or development. It only appears when the website is under heavy load. I think it is solvable if somebody who has a very good understanding of the internals of FormsAuthentication would have a look at it by logging into our system. It should be at least Scottgu! Somebody told me that Microsoft Premier Support is a good choice for this kind of problems. We have no MSDN subscription or other connection to microsoft that enables us to use MPS. Is there a way to get support on a incident base? Are there other ways to get this kind of support? EDIT Here is the problem itself: http://stackoverflow.com/questions/2448720/different-users-get-the-same-cookie-value-in-aspxanonymous

    Read the article

  • acl9 and devise don't seem to work well together

    - by Nik
    I have a user model which is access controlled by ACL9 in userscontroller: ACL9 related stuff before_filter :load_user, :only = [:show] access_control do allow :owner, :of = :user, :to = [:show] end def load_user user = User.find(params[:id]) end in ApplicaitonController I have a rescue_from 'Acl9::AccessDenied', :with = :access_denied def access_denied authenticate_user! # a method from Devise end it is no problem to type in url for sign in page http://localhost:3000/users/sign_in but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically thru the logic above http://localhost:3000/users/1 #= infinite redirect hell. it tries to redirect back to users/1 again(!?) instead of directing to users/sign_in Does anyone have an opinion as to what might be going wrong? Thanks!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85  | Next Page >