Search Results

Search found 1408 results on 57 pages for 'declarative authorization'.

Page 8/57 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • rpcbind authorization problems

    - by Milan
    Hy, I am using rpcbind (SunRPC) on Arch linux and python rpc.py (wich use standard python socket module) interface for comunication with it, but every time I try to send request for registration or unregistration to rpcbind I get message that I am rejected for security reasons. Only situation when everything works is that when I call rpcbind in insecure mode (rpcbind -i) but I realy want to make everything works in secure mode.I found information from rpcbind datasheet that i can make request in secure mode only from loopback address, but I have tried every aproach i had knew to make such socket and everything fall down. Please help me. Thank you

    Read the article

  • How to secure authorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Authorization and Jquery dialog problem.

    - by bbrepols
    Hi, I have a little problem with a Jquery dialog for an action that requires a role. In my example, the user can click on a delete button and must confirm the action. In my controller, the Delete action requires a role, if the user is in the required role, the object is deleted. The problem: How to alert the user if * the element was deleted (redirect to the Index view) * there was an error (alert with the message) * he doesn't have the rights to delete (alert with the message) Before using the authorize filter, the delete action returned a JSON with a Boolean that indicates if there was an error, an URL to redirect on success and a message to alert on error. As I can't return a JSON from my filter, I created an other method with the authorize filter that returns a partial view with the confirm content. If the user doesn't have the rights, the filter returns a partial view with an unauthorized exception content. The problem: How to distinct which partial view was returned. When I create the dialog, I need to know for the buttons function. Thanks!

    Read the article

  • google oauth doesn't redirect to callback after authorization

    - by dstywho
    I can't seem to get google to redirect to the callback url after obtaining the auth token. By redirecting the user to the following url, the user can click grant or deny access. After that the user clicks on one of the choices, the user is not redirected back to the callback url. https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=4%2F5ETLZ84rGmRxE_yx0b-_IFDReUxe&oauth_callback=http://blahblahblah.com/user_sessions/create&oauth_version=1.0&hd=default I'm wondering if anyone knows what the problem might be. Also does google require I use something like openssl.

    Read the article

  • Good way to make Authentication and Authorization information available between application layers

    - by DutrowLLC
    I have a web application running on Google App Engine (GAE) for JAVA. I'm authenticating the client at the Servlet layer but would like to make the client information available to my business and data layers without having to pass the client object through the arguments of every single function. I'm considering setting up a "session" type object using ThreadLocal. That way any function can just say something like: CurrentUser.getRoles(); Is this a good way to do this or is there something else that is a more accepted solution? Thanks!

    Read the article

  • Rails - Seeking a Dry authorization method compatible with various nested resources

    - by adam
    Consensus is you shouldn't nest resources deeper than 1 level. So if I have 3 models like this (below is just a hypothetical situation) User has_many Houses has_many Tenants and to abide by the above i do map.resources :users, :has_many => :houses map.resorces :houses, :has_many => :tenants Now I want the user to be able edit both their houses and their tenants details but I want to prevent them from trying to edit another users houses and tenants by forging the user_id part of the urls. So I create a before_filter like this def prevent_user_acting_as_other_user if User.find_by_id(params[:user_id]) != current_user() @current_user_session.destroy flash[:error] = "Stop screwing around wiseguy" redirect_to login_url() return end end for houses that's easy because the user_id is passed via edit_user_house_path(@user, @house) but in the tenents case tenant house_tenent_path(@house) no user id is passed. But I can get the user id by doing @house.user.id but then id have to change the code above to this. def prevent_user_acting_as_other_user if params[:user_id] @user = User.find(params[:user_id] elsif params[:house_id] @user = House.find(params[:house_id]).user end if @user != current_user() #kick em out end end It does the job, but I'm wondering if there is a more elegant way. Every time I add a new resource that needs protecting from user forgery Ill have to keep adding conditionals. I don't think there will be many cases but would like to know a better approach if one exists.

    Read the article

  • Authentication and authorization for RESTfull API (java jersery)

    - by abovesun
    Hi, implementing service something similar with tinyurl or bit.ly, I'm would like to expose service as API, I'm using java and jersey as RESTfull service implementation. I'm looking for simplest way for authentification of users who use API, OAuth is first thing coming in mind, but the problem is I don't need this 3 iteration calls with request token query, than access token query with callback url passing. I just need to give user ability to invoke api with no additional security calls to my server.

    Read the article

  • Authorization error in facebook aplication

    - by bhaskaragr29
    require_login($required_permissions = 'email,photo_upload'); $auth= $facebook-do_get_session($_GET['auth_token']); $facebook-set_user($s['uid'], $s['session_key'], $s['expires'], $s['secret']) ? when ever i tries to login into my app it just refreshed and refresh with wih different auth_tokens. please help

    Read the article

  • ASP MVC C#: Is it possible to pass dynamic values into an attribute?

    - by wh0emPah
    Okay I'm very new to C# and i'm trying to create a little website using ASP MVC2. I want to create my own authorization attribute. but i need to pass some values if this is possible. For example: [CustomAuthorize(GroupID = Method Parameter?] public ActionResult DoSomething(int GroupID) { return View(""); } I want to authorize the access to a page. but it depends on the value passed to the controller. So the authorization depends on the groupID. Is this possible to achieve this in any way?. Thanks in advance.

    Read the article

  • How to handle authorization in the view layout

    - by mathk
    Authorize attribute are good to do some access control base on Action but suppose that I have some UI element in the layout that should note be output unless the user is authorize. I could possibly set some boolean in the ViewBag but that is not the good solution I guess. Somewhere in the Layout.cshtml: @if (ViewBag.IsAuthorized) { <li>@Html.ActionLink("Index", "Admin")</li> } Let me know if there is a better solution. Thanks.

    Read the article

  • authorization services question cocoa

    - by Marius
    Sorry for being a total beginner in cocoa and for asking the following stupid question, but it's too confusing for me to google it myself or maybe i'm just missing something. I need to run a shellscript with elevated privileges in cocoa. As i understand, "AuthorizationExecuteWithPrivileges" is the correct way to do it. So i've created an application and tried to use some code from one example i found online. The problem is ... if i understand it correctly ... there should be a Security framework in /System/Library/Frameworks that i have to import to the project, but ... it's not there. What am i missing here? Thank you.

    Read the article

  • CouchDB read authorization

    - by mdikici
    In couchdb website - technical overview - security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To protect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protected documents are only viewable by listed users." I searched about how to use it but i found nothing. So is it actually used and if it is how? Thanks. -- Mustafa

    Read the article

  • Setting custom HTTP request headers in an URL object doesn't work.

    - by Blagovest Buyukliev
    I am trying to fetch an image from an IP camera using HTTP. The camera requires HTTP basic authentication, so I have to add the corresponding request header: URL url = new URL("http://myipcam/snapshot.jpg"); URLConnection uc = url.openConnection(); uc.setRequestProperty("Authorization", "Basic " + new String(Base64.encode("user:pass".getBytes()))); // outputs "null" System.out.println(uc.getRequestProperty("Authorization")); I am later passing the url object to ImageIO.read(), and, as you can guess, I am getting an HTTP 401 Unauthorized, although user and pass are correct. What am I doing wrong? I've also tried new URL("http://user:pass@myipcam/snapshot.jpg"), but that doesn't work either.

    Read the article

  • Does Apache allow to authorize an HTTP request based on a result of a subrequest?

    - by Jan Wrobel
    I'm looking for an equivalent of nginx http auth request module but for Apache. For each incoming HTTP requests, the module sends a subrequests to authentication/authorization back-end. Th auth request carries a path and all headers of the original request. Based on the result of the auth request, the original requests is allowed (HTTP code 200), denied (HTTP code 403) or login is requested (HTTP code 401). Such a generic mechanism allows to build really flexible authentication and authorization schemes. Is something like this possible in Apache (likely with a help of some third party module)?

    Read the article

  • Help with authorization and redirection decorator in python (pylons)

    - by ensnare
    I'm trying to write a simple decorator to check the authentication of a user, and to redirect to the login page if s/he is not authenticated: def authenticate(f): try: if user['authenticated'] is True: return f except: redirect_to(controller='login', action='index') class IndexController(BaseController): @authenticate def index(self): return render('/index.mako' ) But this approach doesn't work. When a user is authenticated, everything is fine. But when the user is not authenticated, redirect_to() doesn't work and I am given this error: HTTPFound: 302 Found Content-Type: text/html; charset=UTF-8 Content-Length: 0 location: /login Thank for your help!

    Read the article

  • User authorization in DB2

    - by Daziplqa
    Hi Folks, I am using win Vista, and I am trying to backup some Database under DB2. I am logged in using the Administrator user, and whenever I try to issue the backup command in the "command line processor", I get the following message: SQL1092N "ADMINISTRATOR" does not have the authority to perform the requested command. SQLSTATE=00000 BTW, I have created a username/password pair (db2admin) while installing the DB2 server. So, Will this problem will be get solved if I use the db2admin user? And how to connect to the server (local server BTW) using the db2admin user ?

    Read the article

  • ASP.NET MVC 2 Authorization Regex

    - by Hurricanepkt
    What i currently have is the following: namespace AzureCCCMVC.Controllers { [Authorize(Roles="Admin")] public class AdminController : Controller { //Stuff } } what I want to do is have roles for each client such as Roles { "DEMOAdmin", "GOOGAdmin" , "MSFTAdmin" } and be able to Authorize The Client name (from URL) and in that role I know I am doing a horrible job of explaining this... It is possible that I can have users that are users of several clients but only admin's of one ...

    Read the article

  • Where is the Open Source alternative to WPF?

    - by Evan Plaice
    If we've learned anything from HTML/CSS it's that, declarative languages (like XML) work best to describe User Interfaces because: It's easy to build code preprocessors that can template the code effectively. The code is in a well defined well structured (ideally) format so it's easy to parse. The technology to effectively parse or crawl an XML based source file already exists. The UIs scripted code becomes much simpler and easier to understand. It simple enough that designers are able to design the interface themselves. Programmers suck at creating UIs so it should be made easy enough for designers. I recently took a look at the meat of a WPF application (ie. the XAML) and it looks surprisingly familiar to the declarative language style used in HTML. It's blindingly apparent to me that the current state of desktop UI development is largely fractionalized, otherwise there wouldn't be so much duplicated effort in the domain of user interfaces (IE. GTK, XUL, Qt, Winforms, WPF, etc). There are 45 GUI platforms for Python alone It's painfully obvious to me that there should be a general purpose, open source, standardized, platform independent, markup language for designing desktop GUIs. Much like what the W3C made HTML/CSS into. WPF, or more specifically XAML seems like a pretty likely step in the right direction. Why hasn't anyone in the Open Source community (AFAIK) even scratched the surface of this issue. Now that the 'browser wars' are over should we look forward to a future of 'desktop gui wars?' Note: This topic is relatively subjective in the attempt to be 'future-thinking.' I think that desktop GUI development in its current state sucks ((really)hard) and, even though WPF is still in it's infancy, it presents a likely solution to the problem. Has no one in the OS community looked into developing something similar because they don't see the value, or because it's not worth the effort?

    Read the article

  • custom *arbitrary* TemplateField definitions

    - by end-user
    I'm building a GridView on the fly, and I'd like to pre-define the TemplateFields to be included ondemand. So, what I'd like to do is have a declarative file that defines how the different templates look for a specific column. Like: <asp:TemplateField> <HeaderTemplate> this is a text column </HeaderTemplate> <ItemTemplate> data goes here </ItemTemplate> <EditItemTemplate> <asp:TextBox Text="databindhere" /> </EditItemTemplate> </asp:TemplateField> <asp:TemplateField> <HeaderTemplate> this is a bool column </HeaderTemplate> <ItemTemplate> if(true) "yes" else "no" </ItemTemplate> <EditItemTemplate> <asp:CheckBox Checked="databindme" /> </EditItemTemplate> </asp:TemplateField> So, if my query had a text and two bool fields, I could push the appropriate TemplateFields in the the Columns property as needed. (I hope I'm making sense here) So, how would I go about creating declarative files for the above definitions? And then, how would I reference those definitions programmatically?

    Read the article

  • SQLAlchemy custom query column

    - by thrillerator
    I have a declarative table defined like this: class Transaction(Base): __tablename__ = "transactions" id = Column(Integer, primary_key=True) account_id = Column(Integer) transfer_account_id = Column(Integer) amount = Column(Numeric(12, 2)) ... The query should be: SELECT id, (CASE WHEN transfer_account_id=1 THEN -amount ELSE amount) AS amount FROM transactions WHERE account_id = 1 OR transfer_account_id = 1 My code is: query = Transaction.query.filter_by(account_id=1, transfer_account_id=1) query = query.add_column(func.case(...).label("amount") But it doesn't replace the amount column. Been trying to do this with for hours and I don't want to use raw SQL.

    Read the article

  • All permissions with declarative_authorization

    - by pablorc
    Hi, I have a Rails application using Restful authentication and declarative authorization. I have some roles with an admin. Is there any method to have automatically granted all permissions to this role, instead of hardcode every controller in the authorization_rules? Something like: role :admin do has_permission_on :everything, :to => :manage end Or a uglier approach with introspection, maybe? Thanks in advance

    Read the article

  • silverlight 3: long running wcf call triggers 401.1 (access denied)

    - by sympatric greg
    I have a wcf service consumed by a silverlight 3 control. The Silverlight client uses a basicHttpBindinging that is constructed at runtime from the control's initialization parameters like this: public static T GetServiceClient<T>(string serviceURL) { BasicHttpBinding binding = new BasicHttpBinding(Application.Current.Host.Source.Scheme.Equals("https", StringComparison.InvariantCultureIgnoreCase) ? BasicHttpSecurityMode.Transport : BasicHttpSecurityMode.None); binding.MaxReceivedMessageSize = int.MaxValue; binding.MaxBufferSize = int.MaxValue; binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; return (T)Activator.CreateInstance(typeof(T), new object[] { binding, new EndpointAddress(serviceURL)}); } The Service implements windows security. Calls were returning as expected until the result set increased to several thousand rows at which time HTTP 401.1 errors were received. The Service's HttpBinding defines closeTime, openTimeout, receiveTimeout and sendTimeOut of 10 minutes. If I limit the size of the resultset the call suceeds. Additional Observations from Fiddler: When Method2 is modified to return a smaller resultset (and avoid the problem), control initialization consists of 4 calls: Service1/Method1 -- result:401 Service1/Method1 -- result:401 (this time header includes element "Authorization: Negotiate TlRMTV..." Service1/Method1 -- result:200 Service1/Method2 -- result:200 (1.25 seconds) When Method2 is configured to return the larger resultset we get: Service1/Method1 -- result:401 Service1/Method1 -- result:401 (this time header includes element "Authorization: Negotiate TlRMTV..." Service1/Method1 -- result:200 Service1/Method2 -- result:401.1 (7.5 seconds) Service1/Method2 -- result:401.1 (15ms) Service1/Method2 -- result:401.1 (7.5 seconds)

    Read the article

  • Why is it not good to use $_SESSION in Restful Implementations?

    - by keisimone
    Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i

    - by keisimone
    I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • What are the Open Source alternatives to WPF/XAML?

    - by Evan Plaice
    If we've learned anything from HTML/CSS it's that, declarative languages (like XML) work best to describe User Interfaces because: It's easy to build code preprocessors that can template the code effectively. The code is in a well defined well structured (ideally) format so it's easy to parse. The technology to effectively parse or crawl an XML based source file already exists. The UIs scripted code becomes much simpler and easier to understand. It simple enough that designers are able to design the interface themselves. Programmers suck at creating UIs so it should be made easy enough for designers. I recently took a look at the meat of a WPF application (ie. the XAML) and it looks surprisingly familiar to the declarative language style used in HTML. It's apparent to me that the current state of desktop UI development is largely fractionalized, otherwise there wouldn't be so much duplicated effort in the domain of graphical user interface design (IE. GTK, XUL, Qt, Winforms, WPF, etc). There are 45 GUI platforms for Python alone It's seems reasonable to me that there should be a general purpose, open source, standardized, platform independent, markup language for designing desktop GUIs. Much like what the W3C made HTML/CSS into. WPF, or more specifically XAML seems like a pretty likely step in the right direction. Now that the 'browser wars' are over should we look forward to a future of 'desktop gui wars?' Note: This topic is relatively subjective in the attempt to be 'future-thinking.' I think that desktop GUI development in its current state sucks ((really)hard) and, even though WPF is still in it's infancy, it presents a likely solution to the problem. Update: Thanks a lot for the info, keep it comin'. Here's are the options I've gathered from the comments and answers. GladeXML Editor: Glade Interface Designer OS Platforms: All GUI Platform: GTK+ Languages: C (libglade), C++, C# (Glade#), Python, Ada, Pike, Perl, PHP, Eiffel, Ruby XRC (XML Resource) Editors: wxGlade, XRCed, wxDesigner, DialogBlocks (non-free) OS Platforms: All GUI Platform: wxWidgets Languages: C++, Python (wxPython), Perl (wxPerl), .NET (wx.NET) XML based formats that are either not free, not cross-platform, or language specific XUL Editor: Any basic text editor OS Platforms: Any OS running a browser that supports XUL GUI Platform: Gecko Engine? Languages: C++, Python, Ruby as plugin languages not base languages Note: I'm not sure if XUL deserves mentioning in this list because it's less of a desktop GUI language and more of a make-webapps-run-on-the-desktop language. Plus, it requires a browser to run. IE, it's 'DHTML for the desktop.' CookSwing Editor: Eclipse via WindowBuilder, NetBeans 5.0 (non-free) via Swing GUI Builder aka Matisse OS Platforms: All GUI Platform: Java Languages: Java only XAML (Moonlight) Editor: MonoDevelop OS Platforms: Linux and other Unix/X11 based OSes only GUI Platforms: GTK+ Languages: .NET Note: XAML is not a pure Open Source format because Microsoft controls its terms of use including the right to change the terms at any time. Moonlight can not legally be made to run on Windows or Mac. In addition, the only platform that is exempt from legal action is Novell. See this for a full description of what I mean.

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >