Search Results

Search found 5866 results on 235 pages for 'authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 81/235 | < Previous Page | 77 78 79 80 81 82 83 84 85 86 87 88  | Next Page >

  • minLength data validation is not working with Auth component for CakePHP

    - by grokker
    Let's say I have a user registration and I'm using the Auth component (/user/register is allowed of course). The problem is if I need to set a minLength validation rule in the model, it doesn't work since the Auth component hashes the password therefore it's always more than my minlength password and it passes even if it's blank. How do I fix this issue? Thanks in advance!

    Read the article

  • Is it immoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • Comparing Page.User.Identity.Name to value in sql Table

    - by Peggy Fusselman
    First, I am SO sorry if the answer is out there. I've looked and looked and feel this is such a simple thing that it should be obvious. I'm wanting to make sure only the person who added an event can modify it. Simple! I already have a datasource that has event_added_by as a data point. It is populating a FormView. SelectCommand="SELECT * FROM [tbl_events] WHERE ([event_ID] = @event_ID)" And I have Page.User.Identity.Name. How do I compare the two? I can't pull the value from the label in the FormView so I need to find another way. if (!IsPostBack) { string uname = Page.User.Identity.Name; string owner = ""// this is where I need to grab the value from dsEvents; if (uname != owner) { //Send them somewhere saying they're not allowed to be here } } TIA for any help!

    Read the article

  • Accessing SVN repository from CCNet (CruiseControl.net) using an Active Directory user

    - by Tr1stan
    I have CCNet setup to talk to our SVN repository, which has it's ACLs setup using Active Directory groups. This is working fine, except I'm not happy with having the user name and password of the AD user stored in plain text on the CCNet instance. Is there a way to either encrypt the AD username/password, or get the CCNet service (I've tried running the service as the user and removing the the username/password section of the CCNet/SVN config) to use a domain account outside of the standard config?

    Read the article

  • Ruby on Rails: How can I authenticate different user types from one place?

    - by sscirrus
    Hi everyone! This is my first post on Stack Overflow. I am trying to build a system that authenticates three types of user with completely different site experiences: Customers, Employers, and Vendors. I'm thinking of using a polymorphic 'User' table (using AuthLogic) with username, password, and user_type (+ AuthLogic's other required fields). If this is a good way to go, how do I set this up so after authenticating an user_id with a user_type the standard way, I can direct the user to the page that's right for them? Thanks.

    Read the article

  • Form submit in javascript

    - by zac
    Hi been wrestling this form and the last step (actually submitting) has me scratching my head. What I have so far is the form: <form id="theForm" method='post' name="emailForm"> <table border="0" cellspacing="2"> <td>Email <span class="red">*</span></td><td><input type='text'class="validate[required,custom[email]]" size="30"></td></tr> <td>First Name:</td><td><input type='text' name='email[first]' id='first_name' size=30></td></tr> <tr height="30"> <td cellpadding="4">Last Name:</td><td><input type='text' name='email[last]' id='e_last_name' size=30> <td>Birthday</td> <td><select name='month' style='width:70px; margin-right: 10px'> <option value=''>Month</option> <option value="1">Jan</option> <option value="2">Feb</option> .... </select><select name='day' style='width:55px; margin-right: 10px'> <option value=''>Day</option> <option value="1">1</option> <option value="2">2</option> ... <option value="31">31</option> </select><select name='year' style='width:60px;' > <option value=''>Year</option> <option value="2007">2007</option> <option value="2006">2006</option> <option value="2005">2005</option> ... </select> <input type='image' src='{{skin url=""}}images/email/signUpButt.gif' value='Submit' onClick="return checkAge()" /> <input type="hidden" id= "under13" name="under13" value="No"> and a script that checks the age and sets a cookie/changes display function checkAge() { var min_age = 13; var year = parseInt(document.forms["emailForm"]["year"].value); var month = parseInt(document.forms["emailForm"]["month"].value) - 1; var day = parseInt(document.forms["emailForm"]["day"].value); var theirDate = new Date((year + min_age), month, day); var today = new Date; if ( (today.getTime() - theirDate.getTime()) < 0) { var el = document.getElementById('emailBox'); if(el){ el.className += el.className ? ' youngOne' : 'youngOne'; } document.getElementById('emailBox').innerHTML = "<style type=\"text/css\">.formError {display:none}</style><p>Good Bye</p><p>You must be 13 years of age to sign up.</p>"; createCookie('age','not13',0) return false; } else { createCookie('age','over13',0) return true; }} that all seems to be working well.. just missing kind of a crucial step of actually submitting the form if it validates (if they pass the age question). So I am thinking that this will be wrapped in that script.. something in here : else { createCookie('age','over13',0) return true; } Can someone please help me figure out how I could handle this submit?

    Read the article

  • Rails Authlogic Prevent User from Changing their Login/Username

    - by bob
    Hello, I have implemented Authlogic. I believe that this isn't an authlogic specific quesetion. Assume that I have a User model and each User has a column in the database called "login". Upon creating a user, the login column is populated. However, I don't want the user to be able to change their login once they set it. Currently, I have removed the text field in the _form.html.erb file in my views for users. However, it can probably still be accessed through the url right? How can I make it so that once a login is set, it can not be changed at all?

    Read the article

  • Call REST service while impersonating a user that is already authorized to the glasfish server

    - by user1894489
    There are two web-applications deployed on a glassfish server. Both web applications provide a REST web service. the access to both web-services is secured via glassfish security constraints (at the moment BASIC Auth and file-realm). Let's say a user is accessing the service of web application A. After he is authorized, service A wants to call service B via REST client. Is there a way for a service to impersonate a user that is already authorized to the glasfish server? Maybe something like forwarding the security context or editing the headers? Is there another Filter? @Context private SecurityContext securityContext; username = securityContext.getUserPrincipal().getName(); password = ??? client.addFilter(new com.sun.jersey.api.client.filter.HTTPBasicAuthFilter(username, password)); Thanks!

    Read the article

  • When using the Auth component with CakePHP, I keep ketting this error. Why?

    - by Josh Brown
    Warning (2): Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/iframeworking/iframe/app/models/frame.php:7) [COREcake/libs/controller/controller.php, line 647] here is the code from frame.php: <?php class Frame extends AppModel { var $name = 'Frame'; var $belongsTo = array('User' => array('className' => 'User', 'dependent' => true)); } ?>

    Read the article

  • can bind successfully to the ldap server, but needs to know how to find user w/i AD

    - by Brad
    I create a login form to bind to the ldap server, if successful, it creates a session (which the user's username is stored within), then I go to another page that has session_start(); and it works fine. What I want to do now, is add code to test if that user is a member of a specific group. So in theory, this is what I want to do if(username session is valid) { search ldap for user -> get list of groups user is member of foreach(group they are member of) { switch(group) { case STAFF: print 'they are member of staff group'; $access = true; break; default: print 'not a member of STAFF group'; $access = false; break; } if(group == STAFF) { break; } } if($access == TRUE) { // you have access to the content on this page } else { // you do not have access to this page } } How do I do a ldap_search w/o binding? I don't want to keep asking for their password on each page, and I can't pass their password thru a session. Any help is appreciated.

    Read the article

  • Can a MAC address be used as a reliable part of a rights management (DRM) scheme?

    - by Jarrod Mosen
    We're currently writing some software that we want to protect. We thought that registering a user's MAC address in a database upon activation of the software seemed viable; we can profile and grab that with a Java applet, (is there a better way?) so getting it isn't too much of a problem. However, we want their computer to only run the application, and download application files/updates from the server when their MAC address has been verified with their one on-file. We understand that this means a lockdown to one computer, but special changes can be made on request. What would be the best way to verify their MAC address, to see if it exists in the database, and then serve them the files to run the application? (And to simply run it on subsequent requests, to prevent re-downloading.)

    Read the article

  • Webservice for uploading data: security considerations

    - by Philip Daubmeier
    Hi everyone! Im not sure about what authentification method I should use for my webservice. I've searched on SO, and found nothing that helped me. Preliminary Im building an application that uploads data from a local database to a server (running my webservice), where all records are merged and stored in a central database. I am currently binary serializing a DataTable, that holds a small fragment of the local database, where all uninteresting stuff is already filtered out. The byte[] (serialized DataTable), together with the userid and a hash of the users password is then uploaded to the webservice via SOAP. The application together with the webservice already work exactly like intended. The Problem The issue I am thinking about is now: What is if someone just sniffs the network traffic, 'steals' the users id and password hash to send his own SOAP message with modified data that corrupts my database? Options The approaches to solving that problem, I already thought of, are: Using ssl + certificates for establishing the connection: I dont really want to use ssl, I would prefer a simpler solution. After all, every information that is transfered to the webservice can be seen on the website later on. What I want to say is: there is no secret/financial/business-critical information, that has to be hidden. I think ssl would be sort of an overkill for that task. Encrypting the byte[]: I think that would be a performance killer, considering that the goal of the excercise was simply to authenticate the user. Hashing the users password together with the data: I kind of like the idea: Creating a checksum from the data, concatenating that checksum with the password-hash and hashing this whole thing again. That would assure the data was sent from this specific user, and the data wasnt modified. The actual question So, what do you think is the best approach in terms of meeting the following requirements? Rather simple solution (As it doesnt have to be super secure; no secret/business-critical information transfered) Easily implementable retrospectively (Dont want to write it all again :) ) Doesnt impact to much on performance What do you think of my prefered solution, the last one in the list above? Is there any alternative solution I didnt mention, that would fit better? You dont have to answer every question in detail. Just push me in the right direction. I very much appreciate every well-grounded opinion. Thanks in advance!

    Read the article

  • How do you handle ajax requests when user is not authenticated?

    - by LukLed
    How do you handle ajax requests when user is not authenticated? Someone enters the page, leaves room for an hour, returns, adds comment on the page that goes throuh ajax using jQuery ($.post). Since he is not authenticated, method return RedirectToRoute result (redirects to login page). What do you do with it? How do you handle it on client side and how do you handle it in controller?

    Read the article

  • cakephp isAuthorized() not being called

    - by Jack B Nimble
    I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called. Do I need to do something more than setting $this-Auth-authorize = 'controller' ? from /app/app_controller.php class AppController extends Controller { var $components = array('Auth'); function beforeFilter() { $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); $this->Auth->loginRedirect = array('controller' => 'pages', 'display' => 'home'); $this->Auth->logoutRedirect = '/'; $this->Auth->authorize = 'controller'; $this->Auth->userScope = array('User.active' => 1); } function isAuthorized() { if (strpos($this->action, "admin_") != false) { if ($this->Auth->user('isAdmin') == '0') { return false; } } return true; } }

    Read the article

  • Saving form values to database after a user logs in

    - by redfalcon
    Hi. We have a form with ratings to submit for a certain restaurant. After the user has entered some values and wants to submit them, we check whether the user is logged in or not. If not, we display a login form and let the user put in his account data and redirect him to the restaurant he wanted to submit a rating for. The problem is, that after he successfully logged in himself, the submitted values are not saved to the database (which works fine if the user is already logged in). So I wondered if it is possible, to somehow save the data although the user is not logged in. I thought of maybe saving the filled values in a variable and have then automatically re-entered after we redirected the user. But I guess this wont work because we use before_filter :login_required, :only => [ :create ] So we couldnt even access the filled in values, since we display the login-form before the method has processed the values in the form, right? Any idea how we can make rails to save the values or at least have them automatically re-entered to the form? Thanks!

    Read the article

  • Access denied for user 'root@localhost' (using password:NO)

    - by Nasser Hajloo
    I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and how to change it? I try mysql -u root password '123' but it show me Access denied for user 'root@localhost' (using password:NO) after this I try mysql -u root -p but it ask for a password which I don't have Thank you in advance

    Read the article

  • Logging out of Facebook invalidates offline_access token

    - by Mike Pateras
    I'm getting an offline access token like this: https://graph.facebook.com/oauth/access_token?scope=offline_access&client_id=MYCLIENTID&redirect_uri=MYREDIRECTURI&client_secret=MYSECRET&code=MYCODE obviously the MYCLIENTID and stuff have been changed for the sake of this post. Anyway, as soon as the user logs out of facebook, the key seems to no longer be valid. Am I not requesting offline_access properly (there's still an "expires" value on it, should there be if it is actually getting offline access), or is that just how it works? If it's the latter, how can I get a key that will persist, regardless of if the user logs out of facebook? I'm sure this is possible, because Tweetdeck can still write to Facebook, even though I'm currently logged out.

    Read the article

  • Ruby on Rails login using legacy user database

    - by ricsmania
    Hello, I have a Rails application that connects to a legacy database (Oracle) and displays some information from a particular user. Right now the user is passed as a URL parameter, but this has obvious security issues because users should only be able to see their own data. To solve that, I want to implement a user login, and I did some research and came across 2 components for that, restful_authentication and authlogic. The problem is that I need to use an existing user/password database instead of creating a new one, which is the common way to use those components. The password is encrypted by a custom Oracle package, but let's assume it is stored as plain text to make things simpler. I only need very basic functionality, which is login a user and keep them logged in forever until logout. No changes to the database will be made by this application, so there's no need for sign up, e-mail activation, reset password, etc. Can someone point me in the right direction on how to do that? Is any of those 2 components a good solution? If not, what would be recommended? Thanks!

    Read the article

  • Require User to be Logged in to Download ZIP Files

    - by Jonathan Wood
    Is it possible to require the user be authenticated (logged in) when downloading ZIP files from my site? Note that I don't have direct control of IIS7. (I'm on a shared hosting account.) I can't simply alter the access for a particular directory because many directories are involved and most contain other files that can be accessed freely. I've Googled this a bit and found similar questions. But I've been unable to find this exact question.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 77 78 79 80 81 82 83 84 85 86 87 88  | Next Page >