Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 82/244 | < Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89  | Next Page >

  • How can I make CAPTCHA work across multiple pages?

    - by jm04469
    Ever visit a website such as myspace where they leverage CAPTCHA to prevent spam? The typical pattern is to present a challenge to each URL that is opened, yet the challenge doesn't actually belong to the page itself which causes additional bandwidth usage. So, if I open up six pages at the same time and want to present a challenge on each page. I want the challenge to be tied to the page and not to the session. How can I make this work with Spring and/or Struts.

    Read the article

  • Kohana Auth Library Deployment

    - by Steve
    My Kohana app runs perfectly on my local machine. When I deployed my app to a server (and adjust the config files appropriately), I can no longer log into the app. I've traced through the app login routine on both my local version and the server version and they both agree with each other all the way through until you get to the auth.php controller logged_in() routine where suddenly, at line 140 - the is_object($this-user) test - the $user object no longer exists!?!?!? The login() function call that calls the logged_in() function successfully passes the following test, which causes a redirect to the logged_in() function. if(Auth::instance()->login($user, $post['password'])) Yes, the password and hash, etc all work perfectly. Here is the offending code: public function logged_in() { if ( ! is_object($this->user)) { // No user is currently logged in url::redirect('auth/login'); } etc... } As the code is the same between my local installation and the server, I reckon it must be some server setting that is messing with me. FYI: All the rest of the code works because I have a temporary backdoor available that allows me to use the application (view pages of tables, etc) without being logged in. Any ideas?

    Read the article

  • Django design question: extending User to make users that can't log in

    - by jobrahms
    The site I'm working on involves teachers creating student objects. The teacher can choose to make it possible for a student to log into the site (to check calendars, etc) OR the teacher can choose to use the student object only for record keeping and not allow the student to log in. In the student creation form, if the teacher supplies a username and a password, it should create an object of the first kind - one that can log in, i.e. a regular User object. If the teacher does not supply a username/password, it should create the second type. The other requirement is that the teacher should be able to go in later and change a non-logging-in student to the other kind. What's the best way to design for this scenario? Subclass User and make username and password not required? What else would this affect?

    Read the article

  • Problem with user login validation by authlogic

    - by Andrei
    Hi, I want to use email for signing in, and to allow users to have similar names. One way to do this is to rename login/username field to something different. However, I want to do it just by setting up authlogic. I tried the following acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field true end but it still complains that the login already exists. What must be done to avoid username validation without renaming the field?

    Read the article

  • How does java LoginContext.login() work?

    - by tangens
    I have this code to create a configuration of a java client to connect to a JBoss application server: System.setProperty( "java.security.auth.login.config", "auth.conf" ); LoginContext auth = new LoginContext( "myAuth", new LoginCallbackHandler( username, password ) ); auth.login(); The file auth.conf contains the following lines: myAuth { org.jboss.security.ClientLoginModule required; }; Now, somewhere else in the code (the LoginContext auth isn't known there) I have an EJB that does a initialContext.lookup( jndiName ) and a narrow() to access a Bean on the JBoss application server. This narrow only succeeds if the login information of the first step was correct. Question How does the login information propagate from the LoginContext to the narrow()? I don't see any connection between these two places. And further, how could I do two or more different logins inside of one client?

    Read the article

  • i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i

    - by keisimone
    I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • CouchDB read authorization

    - by mdikici
    In couchdb website - technical overview - security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To protect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protected documents are only viewable by listed users." I searched about how to use it but i found nothing. So is it actually used and if it is how? Thanks. -- Mustafa

    Read the article

  • minLength data validation is not working with Auth component for CakePHP

    - by grokker
    Let's say I have a user registration and I'm using the Auth component (/user/register is allowed of course). The problem is if I need to set a minLength validation rule in the model, it doesn't work since the Auth component hashes the password therefore it's always more than my minlength password and it passes even if it's blank. How do I fix this issue? Thanks in advance!

    Read the article

  • Is it immoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • Comparing Page.User.Identity.Name to value in sql Table

    - by Peggy Fusselman
    First, I am SO sorry if the answer is out there. I've looked and looked and feel this is such a simple thing that it should be obvious. I'm wanting to make sure only the person who added an event can modify it. Simple! I already have a datasource that has event_added_by as a data point. It is populating a FormView. SelectCommand="SELECT * FROM [tbl_events] WHERE ([event_ID] = @event_ID)" And I have Page.User.Identity.Name. How do I compare the two? I can't pull the value from the label in the FormView so I need to find another way. if (!IsPostBack) { string uname = Page.User.Identity.Name; string owner = ""// this is where I need to grab the value from dsEvents; if (uname != owner) { //Send them somewhere saying they're not allowed to be here } } TIA for any help!

    Read the article

  • Accessing SVN repository from CCNet (CruiseControl.net) using an Active Directory user

    - by Tr1stan
    I have CCNet setup to talk to our SVN repository, which has it's ACLs setup using Active Directory groups. This is working fine, except I'm not happy with having the user name and password of the AD user stored in plain text on the CCNet instance. Is there a way to either encrypt the AD username/password, or get the CCNet service (I've tried running the service as the user and removing the the username/password section of the CCNet/SVN config) to use a domain account outside of the standard config?

    Read the article

  • Ruby on Rails: How can I authenticate different user types from one place?

    - by sscirrus
    Hi everyone! This is my first post on Stack Overflow. I am trying to build a system that authenticates three types of user with completely different site experiences: Customers, Employers, and Vendors. I'm thinking of using a polymorphic 'User' table (using AuthLogic) with username, password, and user_type (+ AuthLogic's other required fields). If this is a good way to go, how do I set this up so after authenticating an user_id with a user_type the standard way, I can direct the user to the page that's right for them? Thanks.

    Read the article

  • Form submit in javascript

    - by zac
    Hi been wrestling this form and the last step (actually submitting) has me scratching my head. What I have so far is the form: <form id="theForm" method='post' name="emailForm"> <table border="0" cellspacing="2"> <td>Email <span class="red">*</span></td><td><input type='text'class="validate[required,custom[email]]" size="30"></td></tr> <td>First Name:</td><td><input type='text' name='email[first]' id='first_name' size=30></td></tr> <tr height="30"> <td cellpadding="4">Last Name:</td><td><input type='text' name='email[last]' id='e_last_name' size=30> <td>Birthday</td> <td><select name='month' style='width:70px; margin-right: 10px'> <option value=''>Month</option> <option value="1">Jan</option> <option value="2">Feb</option> .... </select><select name='day' style='width:55px; margin-right: 10px'> <option value=''>Day</option> <option value="1">1</option> <option value="2">2</option> ... <option value="31">31</option> </select><select name='year' style='width:60px;' > <option value=''>Year</option> <option value="2007">2007</option> <option value="2006">2006</option> <option value="2005">2005</option> ... </select> <input type='image' src='{{skin url=""}}images/email/signUpButt.gif' value='Submit' onClick="return checkAge()" /> <input type="hidden" id= "under13" name="under13" value="No"> and a script that checks the age and sets a cookie/changes display function checkAge() { var min_age = 13; var year = parseInt(document.forms["emailForm"]["year"].value); var month = parseInt(document.forms["emailForm"]["month"].value) - 1; var day = parseInt(document.forms["emailForm"]["day"].value); var theirDate = new Date((year + min_age), month, day); var today = new Date; if ( (today.getTime() - theirDate.getTime()) < 0) { var el = document.getElementById('emailBox'); if(el){ el.className += el.className ? ' youngOne' : 'youngOne'; } document.getElementById('emailBox').innerHTML = "<style type=\"text/css\">.formError {display:none}</style><p>Good Bye</p><p>You must be 13 years of age to sign up.</p>"; createCookie('age','not13',0) return false; } else { createCookie('age','over13',0) return true; }} that all seems to be working well.. just missing kind of a crucial step of actually submitting the form if it validates (if they pass the age question). So I am thinking that this will be wrapped in that script.. something in here : else { createCookie('age','over13',0) return true; } Can someone please help me figure out how I could handle this submit?

    Read the article

  • Call REST service while impersonating a user that is already authorized to the glasfish server

    - by user1894489
    There are two web-applications deployed on a glassfish server. Both web applications provide a REST web service. the access to both web-services is secured via glassfish security constraints (at the moment BASIC Auth and file-realm). Let's say a user is accessing the service of web application A. After he is authorized, service A wants to call service B via REST client. Is there a way for a service to impersonate a user that is already authorized to the glasfish server? Maybe something like forwarding the security context or editing the headers? Is there another Filter? @Context private SecurityContext securityContext; username = securityContext.getUserPrincipal().getName(); password = ??? client.addFilter(new com.sun.jersey.api.client.filter.HTTPBasicAuthFilter(username, password)); Thanks!

    Read the article

  • Rails Authlogic Prevent User from Changing their Login/Username

    - by bob
    Hello, I have implemented Authlogic. I believe that this isn't an authlogic specific quesetion. Assume that I have a User model and each User has a column in the database called "login". Upon creating a user, the login column is populated. However, I don't want the user to be able to change their login once they set it. Currently, I have removed the text field in the _form.html.erb file in my views for users. However, it can probably still be accessed through the url right? How can I make it so that once a login is set, it can not be changed at all?

    Read the article

  • When using the Auth component with CakePHP, I keep ketting this error. Why?

    - by Josh Brown
    Warning (2): Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/iframeworking/iframe/app/models/frame.php:7) [COREcake/libs/controller/controller.php, line 647] here is the code from frame.php: <?php class Frame extends AppModel { var $name = 'Frame'; var $belongsTo = array('User' => array('className' => 'User', 'dependent' => true)); } ?>

    Read the article

  • can bind successfully to the ldap server, but needs to know how to find user w/i AD

    - by Brad
    I create a login form to bind to the ldap server, if successful, it creates a session (which the user's username is stored within), then I go to another page that has session_start(); and it works fine. What I want to do now, is add code to test if that user is a member of a specific group. So in theory, this is what I want to do if(username session is valid) { search ldap for user -> get list of groups user is member of foreach(group they are member of) { switch(group) { case STAFF: print 'they are member of staff group'; $access = true; break; default: print 'not a member of STAFF group'; $access = false; break; } if(group == STAFF) { break; } } if($access == TRUE) { // you have access to the content on this page } else { // you do not have access to this page } } How do I do a ldap_search w/o binding? I don't want to keep asking for their password on each page, and I can't pass their password thru a session. Any help is appreciated.

    Read the article

  • Can a MAC address be used as a reliable part of a rights management (DRM) scheme?

    - by Jarrod Mosen
    We're currently writing some software that we want to protect. We thought that registering a user's MAC address in a database upon activation of the software seemed viable; we can profile and grab that with a Java applet, (is there a better way?) so getting it isn't too much of a problem. However, we want their computer to only run the application, and download application files/updates from the server when their MAC address has been verified with their one on-file. We understand that this means a lockdown to one computer, but special changes can be made on request. What would be the best way to verify their MAC address, to see if it exists in the database, and then serve them the files to run the application? (And to simply run it on subsequent requests, to prevent re-downloading.)

    Read the article

  • Webservice for uploading data: security considerations

    - by Philip Daubmeier
    Hi everyone! Im not sure about what authentification method I should use for my webservice. I've searched on SO, and found nothing that helped me. Preliminary Im building an application that uploads data from a local database to a server (running my webservice), where all records are merged and stored in a central database. I am currently binary serializing a DataTable, that holds a small fragment of the local database, where all uninteresting stuff is already filtered out. The byte[] (serialized DataTable), together with the userid and a hash of the users password is then uploaded to the webservice via SOAP. The application together with the webservice already work exactly like intended. The Problem The issue I am thinking about is now: What is if someone just sniffs the network traffic, 'steals' the users id and password hash to send his own SOAP message with modified data that corrupts my database? Options The approaches to solving that problem, I already thought of, are: Using ssl + certificates for establishing the connection: I dont really want to use ssl, I would prefer a simpler solution. After all, every information that is transfered to the webservice can be seen on the website later on. What I want to say is: there is no secret/financial/business-critical information, that has to be hidden. I think ssl would be sort of an overkill for that task. Encrypting the byte[]: I think that would be a performance killer, considering that the goal of the excercise was simply to authenticate the user. Hashing the users password together with the data: I kind of like the idea: Creating a checksum from the data, concatenating that checksum with the password-hash and hashing this whole thing again. That would assure the data was sent from this specific user, and the data wasnt modified. The actual question So, what do you think is the best approach in terms of meeting the following requirements? Rather simple solution (As it doesnt have to be super secure; no secret/business-critical information transfered) Easily implementable retrospectively (Dont want to write it all again :) ) Doesnt impact to much on performance What do you think of my prefered solution, the last one in the list above? Is there any alternative solution I didnt mention, that would fit better? You dont have to answer every question in detail. Just push me in the right direction. I very much appreciate every well-grounded opinion. Thanks in advance!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89  | Next Page >