Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 83/244 | < Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >

  • Webservice for uploading data: security considerations

    - by Philip Daubmeier
    Hi everyone! Im not sure about what authentification method I should use for my webservice. I've searched on SO, and found nothing that helped me. Preliminary Im building an application that uploads data from a local database to a server (running my webservice), where all records are merged and stored in a central database. I am currently binary serializing a DataTable, that holds a small fragment of the local database, where all uninteresting stuff is already filtered out. The byte[] (serialized DataTable), together with the userid and a hash of the users password is then uploaded to the webservice via SOAP. The application together with the webservice already work exactly like intended. The Problem The issue I am thinking about is now: What is if someone just sniffs the network traffic, 'steals' the users id and password hash to send his own SOAP message with modified data that corrupts my database? Options The approaches to solving that problem, I already thought of, are: Using ssl + certificates for establishing the connection: I dont really want to use ssl, I would prefer a simpler solution. After all, every information that is transfered to the webservice can be seen on the website later on. What I want to say is: there is no secret/financial/business-critical information, that has to be hidden. I think ssl would be sort of an overkill for that task. Encrypting the byte[]: I think that would be a performance killer, considering that the goal of the excercise was simply to authenticate the user. Hashing the users password together with the data: I kind of like the idea: Creating a checksum from the data, concatenating that checksum with the password-hash and hashing this whole thing again. That would assure the data was sent from this specific user, and the data wasnt modified. The actual question So, what do you think is the best approach in terms of meeting the following requirements? Rather simple solution (As it doesnt have to be super secure; no secret/business-critical information transfered) Easily implementable retrospectively (Dont want to write it all again :) ) Doesnt impact to much on performance What do you think of my prefered solution, the last one in the list above? Is there any alternative solution I didnt mention, that would fit better? You dont have to answer every question in detail. Just push me in the right direction. I very much appreciate every well-grounded opinion. Thanks in advance!

    Read the article

  • cakephp isAuthorized() not being called

    - by Jack B Nimble
    I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called. Do I need to do something more than setting $this-Auth-authorize = 'controller' ? from /app/app_controller.php class AppController extends Controller { var $components = array('Auth'); function beforeFilter() { $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); $this->Auth->loginRedirect = array('controller' => 'pages', 'display' => 'home'); $this->Auth->logoutRedirect = '/'; $this->Auth->authorize = 'controller'; $this->Auth->userScope = array('User.active' => 1); } function isAuthorized() { if (strpos($this->action, "admin_") != false) { if ($this->Auth->user('isAdmin') == '0') { return false; } } return true; } }

    Read the article

  • Saving form values to database after a user logs in

    - by redfalcon
    Hi. We have a form with ratings to submit for a certain restaurant. After the user has entered some values and wants to submit them, we check whether the user is logged in or not. If not, we display a login form and let the user put in his account data and redirect him to the restaurant he wanted to submit a rating for. The problem is, that after he successfully logged in himself, the submitted values are not saved to the database (which works fine if the user is already logged in). So I wondered if it is possible, to somehow save the data although the user is not logged in. I thought of maybe saving the filled values in a variable and have then automatically re-entered after we redirected the user. But I guess this wont work because we use before_filter :login_required, :only => [ :create ] So we couldnt even access the filled in values, since we display the login-form before the method has processed the values in the form, right? Any idea how we can make rails to save the values or at least have them automatically re-entered to the form? Thanks!

    Read the article

  • Access denied for user 'root@localhost' (using password:NO)

    - by Nasser Hajloo
    I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and how to change it? I try mysql -u root password '123' but it show me Access denied for user 'root@localhost' (using password:NO) after this I try mysql -u root -p but it ask for a password which I don't have Thank you in advance

    Read the article

  • Require User to be Logged in to Download ZIP Files

    - by Jonathan Wood
    Is it possible to require the user be authenticated (logged in) when downloading ZIP files from my site? Note that I don't have direct control of IIS7. (I'm on a shared hosting account.) I can't simply alter the access for a particular directory because many directories are involved and most contain other files that can be accessed freely. I've Googled this a bit and found similar questions. But I've been unable to find this exact question.

    Read the article

  • Logging out of Facebook invalidates offline_access token

    - by Mike Pateras
    I'm getting an offline access token like this: https://graph.facebook.com/oauth/access_token?scope=offline_access&client_id=MYCLIENTID&redirect_uri=MYREDIRECTURI&client_secret=MYSECRET&code=MYCODE obviously the MYCLIENTID and stuff have been changed for the sake of this post. Anyway, as soon as the user logs out of facebook, the key seems to no longer be valid. Am I not requesting offline_access properly (there's still an "expires" value on it, should there be if it is actually getting offline access), or is that just how it works? If it's the latter, how can I get a key that will persist, regardless of if the user logs out of facebook? I'm sure this is possible, because Tweetdeck can still write to Facebook, even though I'm currently logged out.

    Read the article

  • Ruby on Rails login using legacy user database

    - by ricsmania
    Hello, I have a Rails application that connects to a legacy database (Oracle) and displays some information from a particular user. Right now the user is passed as a URL parameter, but this has obvious security issues because users should only be able to see their own data. To solve that, I want to implement a user login, and I did some research and came across 2 components for that, restful_authentication and authlogic. The problem is that I need to use an existing user/password database instead of creating a new one, which is the common way to use those components. The password is encrypted by a custom Oracle package, but let's assume it is stored as plain text to make things simpler. I only need very basic functionality, which is login a user and keep them logged in forever until logout. No changes to the database will be made by this application, so there's no need for sign up, e-mail activation, reset password, etc. Can someone point me in the right direction on how to do that? Is any of those 2 components a good solution? If not, what would be recommended? Thanks!

    Read the article

  • CakePHP Auth how to allow specific controller and actions

    - by nolandark
    I have a "Posts" and a "Users" controller. I use the Auth Component and I want that all users can visit "Post.index" but only logged in users can visit "User.index". In my app_controller.php I have this $this->Auth->allow('signup', 'confirm', 'index'); but with that all users can visit post.index and user.index. How can I specify a Controller in the allow-method? This didn't work for me: $this->Auth->allow('signup', 'confirm', 'Post.index');

    Read the article

  • Symfony: Routing 'secure' and 'login' actions to another application

    - by Darmen
    Hello, Suppose we have 3 apps - appMain, app1 and app2. Applications 1 and 2 are protected, they have is_secure: true and everything works fine with sfDoctrineGuard plugin. A behavior I want to achieve is when a user is not authenticated, current application to forward him to another one, say appMain with defined module and action. Is that possible? Or can someone tell me where to dig about security mechanisms in symfony?

    Read the article

  • How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

    - by Matt
    I'm used to doing basic password protection for Apache w/ the following method in Apache config files: AuthType Basic AuthName "By Invitation Only" AuthUserFile /path/to/.htpasswd Require valid-user However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

    Read the article

  • Drupal OAuth Service Module

    - by user470714
    I am trying to do some research into potentially setting up an existing Drupal site with user accounts/login page to also be an OAuth service provider, basically authenticating users to make calls with a web service. I am looking for a Drupal module which will give this functionality. Most of what I run into are OAuth consumer modules, which is not what I want in this case. I've found a few modules which I think might do this for me, but the module descriptions are generally pretty vague and don't have much of a user base which doesn't inspire much confidence. Has anyone else done this before? What are the best modules available for doing this?

    Read the article

  • How to authenticate users against a Windows AD?

    - by Potinos
    I've a JSF-Hibernate web application. I need to authenticate users against a Windows AD and the web application should only allow logins from members of group X, otherwise it should redirect to an error page. How can I configure this? Also, I would like to display the name of the logged-in user on all pages, not the name of the Windows user of the server machine. I have tried the System.property("user.name") for this, but this only returns the name of the Windows user of the server name.

    Read the article

  • on facebook, how do i authenticate an application, using JavaScript?

    - by GilShalit
    I can only find samples using php or curl. I want to do something like https://graph.facebook.com/<app_id>/accounts/test-users? installed=true&permissions=read_stream and the response is: { "error": { "type": "OAuthException", "message": "An access token is required to request this resource." } } as well is should... so how do i get the access token in JavaScript (using the JavaScript SDK obviously). thanks!

    Read the article

  • Understanding Security Certificates (and thier pricing)

    - by John Robertson
    I work at a very small company so certificate costs need to be absolutely minimal. However for some applications we do Need to have our customers get that warm fuzzy not-using-a-self-signed certificate feeling. Since creating a "certificate authority" with makecert really just means creating a public/private key pair, it seems pretty clear that creating a public/private key pair FROM such a "certificate authority" really just means generating a second public/private key pair and signing both with the private key that belongs to the "certificate authority". Since the keys are signed anyone can verify they came from the certificate authority I created, or if verisign gave me the pair they sign it with one of their own private keys, and anyone can use verisigns corresponding public key to confirm verisign as the source of the keys. Given this I don't understand when I go to verisign or godaddy why they have rates only for yearly plans, when all I really want from them is a single public/private key pair signed with one of their private keys (so that anyone else can use their public keys to confirm that, yes, they gave me that public/private key pair and they confirmed I was who I said I was so you can trust my public/private key pair as belonging to a legitimate third party). Clearly I am misunderstanding something, what is it? Does verisign retire their public/private key pairs periodically so that my verisign signed key pair "expires" and I need new ones?

    Read the article

  • Devise role based routing

    - by teknull
    I have an app with multiple users. Each user as a theoretical role (user, client, etc). I've designed a view/controller for each user type. I want to be able to login each type of user do a different root url and lock them to it. Originally I was going to add a column to Users in Devise called role and so I can differentiate the users. The problem I'm having is how to say in routes.rb if current_user.role == "client" root :to = 'controller#index' Once they are logged in to the page I also want to keep them from being able to visit any of my other paths ie: domain.com/calls domain.com/units I've been looking into cancan to run alongside Devise but I'm not sure if this is the answer.

    Read the article

  • Codeigniter: validation problem

    - by krike
    For some reason a user can login with any password, first I thought I forgot to check for the password but I didn't... and I just cant find the problem here is the model: /*#######################################################*/ function validate() /*#######################################################*/ { $this->db->where('username', $this->input->post('username')); $this->db->where('password', md5($this->input->post('password'))); $q = $this->db->get('user_extra'); if($q->num_rows() == 1): return true; else: return false; endif; }//end of function validate() The controller /*#######################################################*/ function validate_credentials() /*#######################################################*/ { $this->load->model('membership_model'); $this->load->library('form_validation'); $this->form_validation->set_rules('username', 'Name', 'trim|required'); $this->form_validation->set_rules('password', 'password', 'trim|required'); if(!$this->membership_model->validate()): $this->form_validation->set_message('check_login', 'Login not correct, please try again.'); endif; if($this->form_validation->run() == FALSE): $this->index(); else: $this->membership_model->userinfo($this->input->post('username')); //should redirect to last view redirect($this->session->flashdata('redirect_url')); endif; }// end of validate_credentials()

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >