Search Results

Search found 10747 results on 430 pages for 'password'.

Page 84/430 | < Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >

  • Should default passwords always be empty?

    - by mafutrct
    I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later. My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I were to use some kind of predefined password instead, admins may think "ah.. nobody would think I've got 'defaultpassword' as my password so it's not very important to change." So the basic thought is to make it so terrible that even the most lazy people are going to do something about it.

    Read the article

  • How can I login to a website with Python?

    - by Shady
    How can I do it? I was trying to enter some specified link (with urllib), but to do it, I need to log in. I have this source from the site: <form id="login-form" action="auth/login" method="post"> <div> <!--label for="rememberme">Remember me</label><input type="checkbox" class="remember" checked="checked" name="remember me" /--> <label for="email" id="email-label" class="no-js">Email</label> <input id="email-email" type="text" name="handle" value="" autocomplete="off" /> <label for="combination" id="combo-label" class="no-js">Combination</label> <input id="password-clear" type="text" value="Combination" autocomplete="off" /> <input id="password-password" type="password" name="password" value="" autocomplete="off" /> <input id="sumbitLogin" class="signin" type="submit" value="Sign In" /> Is this possible?

    Read the article

  • Developed android application cannot connect to phpmyadmin

    - by user1850936
    I am developing an app with eclipse. I tried to store the data that key in by user into database in phpmyadmin. Unfortunately, after the user has clicked on submit button, there is no response and data is not stored in my database. Here is my java file: import java.util.ArrayList; import java.util.List; import org.apache.http.NameValuePair; import org.apache.http.message.BasicNameValuePair; import org.json.JSONObject; import android.app.Activity; import android.app.AlertDialog; import android.content.DialogInterface; import android.content.Intent; import android.os.Bundle; import android.util.Log; import android.view.View; import android.widget.Button; import android.widget.EditText; import android.widget.RadioButton; import android.content.res.Configuration; public class UserRegister extends Activity { JSONParser jsonParser = new JSONParser(); EditText inputName; EditText inputUsername; EditText inputEmail; EditText inputPassword; RadioButton button1; RadioButton button2; Button button3; int success = 0; private static String url_register_user = "http://10.20.92.81/database/add_user.php"; private static final String TAG_SUCCESS = "success"; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_user_register); inputName = (EditText) findViewById(R.id.nameTextBox); inputUsername = (EditText) findViewById(R.id.usernameTextBox); inputEmail = (EditText) findViewById(R.id.emailTextBox); inputPassword = (EditText) findViewById(R.id.pwTextBox); Button button3 = (Button) findViewById(R.id.regSubmitButton); button3.setOnClickListener(new View.OnClickListener() { public void onClick(View view) { String name = inputName.getText().toString(); String username = inputUsername.getText().toString(); String email = inputEmail.getText().toString(); String password = inputPassword.getText().toString(); if (name.contentEquals("")||username.contentEquals("")||email.contentEquals("")||password.contentEquals("")) { AlertDialog.Builder builder = new AlertDialog.Builder(UserRegister.this); builder.setMessage(R.string.nullAlert) .setTitle(R.string.alertTitle); builder.setPositiveButton(R.string.ok, new DialogInterface.OnClickListener() { public void onClick(DialogInterface dialog, int id) { } }); AlertDialog dialog = builder.show(); } // creating new product in background thread RegisterNewUser(); } }); } public void RegisterNewUser() { try { String name = inputName.getText().toString(); String username = inputUsername.getText().toString(); String email = inputEmail.getText().toString(); String password = inputPassword.getText().toString(); // Building Parameters List<NameValuePair> params = new ArrayList<NameValuePair>(); params.add(new BasicNameValuePair("name", name)); params.add(new BasicNameValuePair("username", username)); params.add(new BasicNameValuePair("email", email)); params.add(new BasicNameValuePair("password", password)); // getting JSON Object // Note that create product url accepts POST method JSONObject json = jsonParser.makeHttpRequest(url_register_user, "GET", params); // check log cat for response Log.d("Send Notification", json.toString()); success = json.getInt(TAG_SUCCESS); if (success == 1) { // successfully created product Intent i = new Intent(getApplicationContext(), StudentLogin.class); startActivity(i); finish(); } else { // failed to register } } catch (Exception e) { e.printStackTrace(); } } @Override public void onConfigurationChanged(Configuration newConfig) { super.onConfigurationChanged(newConfig); } } my php file: <?php $response = array(); require_once __DIR__ . '/db_connect.php'; $db = new DB_CONNECT(); if (isset($_GET['name']) && isset($_GET['username']) && isset($_GET['email']) && isset($_GET['password'])) { $name = $_GET['name']; $username = $_GET['username']; $email = $_GET['email']; $password = $_GET['password']; // mysql inserting a new row $result = mysql_query("INSERT INTO register(name, username, email, password) VALUES('$name', '$username', '$email', '$password')"); // check if row inserted or not if ($result) { // successfully inserted into database $response["success"] = 1; $response["message"] = "You are successfully registered to MEMS."; // echoing JSON response echo json_encode($response); } else { // failed to insert row $response["success"] = 0; $response["message"] = "Oops! An error occurred."; // echoing JSON response echo json_encode($response); } } else { // required field is missing $response["success"] = 0; $response["message"] = "Required field(s) is missing"; // echoing JSON response echo json_encode($response); } ?> the log cat is as follows: 11-25 10:37:46.772: I/Choreographer(638): Skipped 30 frames! The application may be doing too much work on its main thread.

    Read the article

  • Check If Stored Procedure Returns Value

    - by Eric
    Hello all, I am using Linq 2 Sql in VS 2010, and I have the following stored procedure to check a username and password ALTER PROCEDURE dbo.CheckUser ( @username varchar(50), @password varchar(50) ) AS SELECT * FROM Users Where UserName=@username AND Password=@password The problem I'm having is that it throws an exception if the username and password are incorrect. I'd like to perform a check to see if there is a return value, rather than using try/catch to determine whether the procedure returned a value. Should I do this check in code (C#)? Or is there a way to do it in SQL? Thanks.

    Read the article

  • can this code be shortened or improved?

    - by user2816683
    Can this be shortened/improved? I'm trying to make a password checker in python. Could the if's be put into a for loop? And if so, how? pw = input("Enter password to test: ") caps = sum(1 for c in pw if c.isupper()) lower = sum(1 for c in pw if c.islower()) nums = sum(1 for c in pw if c.isnumeric()) scr = ['weak', 'medium', 'strong'] r = [caps, lower, nums] if len(pw) < 6: print("too short") elif len(pw) > 12: print("too long") if caps >= 1: if lower >= 1: if nums >= 1: print(scr[2]) elif nums < 1: print("your password is " + scr[1]) elif lower < 1: print("your password strength is " + scr[0]) elif caps < 1: print("your password strength is " + scr[1]) Thanks for any suggestions :D

    Read the article

  • How to Install Oracle Software on Remote Linux Server

    - by James Taylor
    It is becoming more common these days to install Oracle software on remote Linux servers. This issue has always existed but was generally resolved either by silent installs or by someone physically going to the server to install the software. This is becoming more difficult with the popular virtualisation and cloud deployment strategies. This post provides the steps involved to install Oracle Software using the GUI interface on a remote Linux server. There are many ways to achieve this, the way I resolve this issue is via Virtual Network Computing (VNC) as it is shipped with RedHat and OEL out of the box. For this post I’m using OEL 5 deployed on a OVM guest. If not already done so download and install a client version of VNC so you can connect to the server. There are many out there, for the purpose of this post I use UltraVNC. You can download a free version from http://www.uvnc.com/download/index.html By default VNC Server is installed in your RedHat and OEL OS, but it is not configured. The way VNC works is when started it creates a client instance for the user and binds it to a specific port. So if have an account on the Linux box you can setup a VNC Server session for that user, you don’t need to be root. For the purpose of this document I’m going to use oracle as the user to setup a VNC Session as this is the user I want use to install the software. However to start the VNC Service you must be root. As the root user run the following command: service vncserver start Starting VNC server: no displays configured                [  OK  ] Login to the Linux box as the user  you wan to install the Oracle software [oracle@lisa ~]$ Run the command to create a new VNC server instance for the oracle user: vncserver You will be ask to supply password information. This is what you will enter when connecting from your desktop client. This password is also independent of the actual Linux user password. The VNC Server is acting as a proxy to this instance. You will require a password to access your desktops. Password: Verify: xauth:  creating new authority file /home/oracle/.Xauthority New 'lisa.nz.oracle.com:1 (oracle)' desktop is lisa.nz.oracle.com:1 Creating default startup script /home/oracle/.vnc/xstartup Starting applications specified in /home/oracle/.vnc/xstartup Log file is /home/oracle/.vnc/lisa.nz.oracle.com:1.log As you can see a new instance lisa.nz.oracle.com:1 has been created. If you were to run the vncserver command again another instance lisa.nz.oracle.com:2 will be created. If you are going through a firewall you will need to ensure that the port 5901 (port 1) is open between your client desktop and the Linux Server. Depending on the options chosen at install time a firewall could be in place. The simplest way to disable this is using the command. You will need to be root. service iptables stop This will stop the firewall while you install. If you just want to add a port to the accepted lists use the firewall UI. You will need to be root. system-config-security-level Now you are ready to connect to the server via the VNC. Using the software installed in step one start the VNC Client. You should be prompted for the server and port. If connectivity is established, you will be prompted for the password entered in step 5. You should now be presented with a terminal screen ready to install software Go to the location of the oracle install software and start the Oracle Universal Installer

    Read the article

  • Azure Web Sites FTP credentials

    - by Bertrand Le Roy
    A quick tip for all you new enthusiastic users of the amazing new Azure. I struggled for a few minutes finding this, so I thought I’d share. The Azure dashboard doesn’t seem to give easy access to your FTP credentials, and they are not the login and password you use everywhere else. What Azure does give you though is a Publish Profile that you can download: This is a plain XML file that should look something like this: <publishData> <publishProfile profileName="nameofyoursite - Web Deploy" publishMethod="MSDeploy" publishUrl="waws-prod-blu-001.publish.azurewebsites.windows.net:443" msdeploySite="nameofyoursite" userName="$NameOfYourSite" userPWD="sOmeCrYPTicL00kIngStr1nG" destinationAppUrl="http://nameofyoursite.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="http://windows.azure.com"> <databases/> </publishProfile> <publishProfile profileName="nameofyoursite - FTP" publishMethod="FTP" publishUrl="ftp://waws-prod-blu-001.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="nameofyoursite\$nameofyoursite" userPWD="sOmeCrYPTicL00kIngStr1nG" destinationAppUrl="http://nameofyoursite.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="http://windows.azure.com"> <databases/> </publishProfile> </publishData> .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; } I’ve highlighted the FTP server name, user name and password. This is what you need to use in Filezilla or whatever you use to access your site remotely. Notice how the password looks encrypted. Well, it’s not really encrypted in fact. This is your password in clear text. It’s just crypto-random gibberish, which is the best kind of password. UPDATE: About 2 minutes after I posted that, David Ebbo mentioned to me on Twitter that if you've configured publishing credentials (for Git typically) those will work too. Don't forget to include the full user name though, which should be of the form nameofthesite\username. The password is the one you defined. That’s it. Enjoy.

    Read the article

  • Unnecessary Error Message Being Displayed

    - by ThatMacLad
    I've set up a form to update my blog and it was working fine up until about this morning. It keeps on turning up with an Invalid Entry ID error on the edit post page when I click the update button despite the fact that it updates the homepage. All help is seriously appreciated. <html> <head> <title>Ultan's Blog | New Post</title> <link rel="stylesheet" href="css/editpost.css" type="text/css" /> </head> <body> <div class="new-form"> <div class="header"> </div> <div class="form-bg"> <?php mysql_connect ('localhost', 'root', 'root') ; mysql_select_db ('tmlblog'); if (isset($_POST['update'])) { $id = htmlspecialchars(strip_tags($_POST['id'])); $month = htmlspecialchars(strip_tags($_POST['month'])); $date = htmlspecialchars(strip_tags($_POST['date'])); $year = htmlspecialchars(strip_tags($_POST['year'])); $time = htmlspecialchars(strip_tags($_POST['time'])); $entry = $_POST['entry']; $title = htmlspecialchars(strip_tags($_POST['title'])); if (isset($_POST['password'])) $password = htmlspecialchars(strip_tags($_POST['password'])); else $password = ""; $entry = nl2br($entry); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $entry = addslashes($entry); } $timestamp = strtotime ($month . " " . $date . " " . $year . " " . $time); $result = mysql_query("UPDATE php_blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error()); header("Location: post.php?id=" . $id); } if (isset($_POST['delete'])) { $id = (int)$_POST['id']; $result = mysql_query("DELETE FROM php_blog WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error()); if ($result != false) { print "The entry has been successfully deleted from the database."; exit; } } if (!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])) { die("Invalid entry ID."); } else { $id = (int)$_GET['id']; } $result = mysql_query ("SELECT * FROM php_blog WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error()); while ($row = mysql_fetch_array($result)) { $old_timestamp = $row['timestamp']; $old_title = stripslashes($row['title']); $old_entry = stripslashes($row['entry']); $old_password = $row['password']; $old_title = str_replace('"','\'',$old_title); $old_entry = str_replace('<br />', '', $old_entry); $old_month = date("F",$old_timestamp); $old_date = date("d",$old_timestamp); $old_year = date("Y",$old_timestamp); $old_time = date("H:i",$old_timestamp); } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <p><input type="hidden" name="id" value="<?php echo $id; ?>" /> <strong><label for="month">Date (month, day, year):</label></strong> <select name="month" id="month"> <option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option> <option value="January">January</option> <option value="February">February</option> <option value="March">March</option> <option value="April">April</option> <option value="May">May</option> <option value="June">June</option> <option value="July">July</option> <option value="August">August</option> <option value="September">September</option> <option value="October">October</option> <option value="November">November</option> <option value="December">December</option> </select> <input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" /> <select name="year" id="year"> <option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option> <option value="2004">2004</option> <option value="2005">2005</option> <option value="2006">2006</option> <option value="2007">2007</option> <option value="2008">2008</option> <option value="2009">2009</option> <option value="2010">2010</option> </select> <strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p> <p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /> </p> <p><strong><label for="password">Password protect?</label></strong> <input type="checkbox" name="password" id="password" value="1"<?php if($old_password == 1) echo " checked=\"checked\""; ?> /></p> <p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p> <p><input type="submit" name="update" id="update" value="Update"></p> </form> <p><strong>Be absolutely sure that this is the post that you wish to remove from the blog!</strong><br /> </p> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <input type="hidden" name="id" id="id" value="<?php echo $id; ?>" /> <input type="submit" name="delete" id="delete" value="Delete" /> </form> </div> </div> </div> <div class="bottom"></div> </body> </html>

    Read the article

  • Custom header using PHP soap functions

    - by Dees
    Hi, I am having a problem getting a custom soap header to work with PHP5. Can anybody guide me please. What I require is something like this <SOAP-ENV:Header> <USER>myusername</USER> <PASSWORD>mypassword</PASSWORD> </SOAP-ENV:Header> What I get is : <SOAP-ENV:Header> <ns2:null> <USER>myusername</USER> <PASSWORD>mypassword</PASSWORD> </ns2:null> </SOAP-ENV:Header> I would like to remove the namespace tags. The code I use to get this is: class Authstuff { public $USER; public $PASSWORD; public function __construct($user, $pass) { $this->USER = $user; $this->PASSWORD = $pass; } } $auth = new Authstuff('myusername', 'mypassword'); $param = array('Authstuff' => $auth); $authvalues = new SoapVar($auth,SOAP_ENC_OBJECT); $header = new SoapHeader('http://soapinterop.org/echoheader/',"null",$authvalues);

    Read the article

  • How to Store State in Silverlight WCF RIA Services

    - by peter
    Hi All, I am developing a silverlight 3 application using WCF RIA services. I am using the AuthenticationBase class to handle my authentication. As I understand it under the hood this uses the ASP .NET authentication libraries. When I log into the site the authentication service handles login state so that if I close the site and open it straight away I am still logged in according to the server. When the webpage is refreshed or closed and reloaded I can call the method, WebContextBase.Current.Authentication.LoadUser() And it goes back to the authentication service (running on the server) and figures out whether I am still logged into the site. If a timeout has occured the answer will be no. If that is the case I can show a login dialog. The problem I want to solve is that the authentication service consumes the password, and there is no way I can ever retrieve that password again. If the user logs into the site I want to store the password on the server, and return a token to the client side to match up with that password. I have some other services on the server side that need that password. So where should I store that password on the server? How can that be done? How does the WCF authentication store state?

    Read the article

  • Login page shows blank

    - by user481913
    The login page on a project i'm currently fixing up shows blank. i tried echoing some words to find out where the fault lied. I found out that commenting out the below piece of code made it to display. elseif( isset($_POST['do_login'] ) ){//Login user $email = (isset($_POST['login']) && is_string($_POST['login']) && strlen($_POST['login'])<100)?$_POST['login'] : null; $password = (isset($_POST['password']) && is_string($_POST['password']) && strlen($_POST['password'])<100)?$_POST['password'] : null; $remember = isset($_POST['chkremember']) ? true : false; $result = $auth->login($email, $password, $remember); switch($result){ case 1: $msg = 'You have successfully logged in.' break; case 2: $msg = 'Your account has not yet been confirmed. <br/> Please check the e-mail message sent by us and click the confirmation code to validate this account. <a href="user_login.php?view=resend&resend_email='.$email.'">resend activation e-mail</a>'; break; case 3: $msg = 'Your account is not enabled!'; break; case 4: $msg = 'Account with given login credentials does not exist!'; break; } } Can anyone help me figiure out what's wrong with this piece of code?

    Read the article

  • Changing the <input> type in IE with JavaScript

    - by MrEnder
    The line <input type="text" name="passwordLogin" value="Password" onfocus="if(this.value=='Password'){this.value=''; this.type='password'};" onblur="if(this.value==''){this.value='Password'; this.type='text'};" size="25" /> works in all web browsers except IE... How can I fix it for IE? Ok made some changes to still have an error I want it to work like this like here <input type="text" name="usernameLogin" value="Email" onfocus="if(this.value=='Email'){this.value=''};" onblur="if(this.value==''){this.value='Email'};" size="25" /> if I dont enter anything it will put the value back So I tried this <td colspan="2" id="passwordLoginTd"> <input id="passwordLoginInput1" type="text" name="passwordLogin" value="Password" onfocus="passwordFocus()" size="25" /> <input id="passwordLoginInput2" style="display: none;" type="password" name="passwordLogin" value="" onblur="passwordBlur()" size="25" /> </td> <script type="text/javascript"> //<![CDATA[ passwordElement1 = document.getElementById('passwordLoginInput1'); passwordElement2 = document.getElementById('passwordLoginInput2'); function passwordFocus() { passwordElement1.style.display = "none"; passwordElement2.style.display = "inline"; passwordElement2.focus(); } function passwordBlur() { if(passwordElement2.value=='') { passwordElement2.style.display = "none"; passwordElement1.style.display = "inline"; passwordElement1.focus(); } } //]]> </script> as you can see the blur does not work =[ ok finally got it thanks to the help needed to remove passwordElement1.focus();

    Read the article

  • How to call different methods from single webservices class

    - by pointer
    I have a following RESTful webservice, I have two methods for http get. One function signs in and other function signs out a user from an application. Following is the code: import javax.ws.rs.core.Context; import javax.ws.rs.core.UriInfo; import javax.ws.rs.PathParam; import javax.ws.rs.Consumes; import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; /** * REST Web Service * * @author Pointer */ @Path("generic") public class GenericResource { @Context private UriInfo context; /** * Creates a new instance of GenericResource */ public GenericResource() { } /** * Retrieves representation of an instance of * com.ef.apps.xmpp.ws.GenericResource * * @return an instance of java.lang.String */ @GET @Produces("text/html") public String SignIn(@QueryParam("username") String username, @QueryParam("password") String password, @QueryParam("extension") String extension) { //TODO return proper representation object return "Credentials " + username + " : " + password + " : " + extension; } @GET @Produces("text/html") public String SignOut(@QueryParam("username") String username, @QueryParam("password") String password, @QueryParam("extension") String extension) { //TODO return proper representation object return "Credentials " + username + " : " + password + " : " + extension; } } Now, where would I specify that which function I want to call for http get?

    Read the article

  • Zend Framework - counting rows in select clause ?

    - by moogeek
    Hello! I'm investigating Zend Framework and currently stucked in counting resulting rows of sql query... Every method I try (from documentation and some blogposts and tutorials) returns an error (like Call to undefined function) or simply gives the incorrect value. I've tried this: $checkquery = $db->select() ->from('users', 'COUNT(*)') ->where('login = ?', $login) ->where('password = ?', $password) ->query(); $checkrequest=fetchRow($checkquery)->num; ...then this one: $checkquery = $db->select() ->from('users', '*') ->where('login = ?', $login) ->where('password = ?', $password) ->query(); $checkrequest=count($checkquery->fetchAll()); and even: $checkquery = $db->select() ->from('users', '*') ->where('login = ?', $login) ->where('password = ?', $password) ->query(); $checkrequest=$checkquery->fetchAll()->num; Also rowCount() and count(fetchRow()) and count(fetchAll()->toArray()). But always I got an error message or duplicate inserts in db in further insert function. So what is the correct way to do the resulting row calculation in select clause in Zend Framework 1.9 (I use this one) ?

    Read the article

  • Double hashing passwords - client & server

    - by J. Stoever
    Hey, first, let me say, I'm not asking about things like md5(md5(..., there are already topics about it. My question is this: We allow our clients to store their passwords locally. Naturally, we don't want them stored in plan text, so we hmac them locally, before storing and/or sending. Now, this is fine, but if this is all we did, then the server would have the stored hmac, and since the client only needs to send the hmac, not the plain text password, an attacker could use the stored hashes from the server to access anyone's account (in the catastrophic scenario where someone would get such an access to the database, of course). So, our idea was to encode the password on the client once via hmac, send it to the server, and there encode it a second time via hmac and match it against the stored, two times hmac'ed password. This would ensure that: The client can store the password locally without having to store it as plain text The client can send the password without having to worry (too much) about other network parties The server can store the password without having to worry about someone stealing it from the server and using it to log in. Naturally, all the other things (strong passwords, double salt, etc) apply as well, but aren't really relevant to the question. The actual question is: does this sound like a solid security design ? Did we overlook any flaws with doing things this way ? Is there maybe a security pattern for something like this ?

    Read the article

  • http authentication fails in cucumber when adding @javascript tag

    - by JESii
    I have a feature in my Rials app that works just fine with the message "Responds to browser_basic_authorize" from the Background Given step. However, if I add a @javascript tag before the scenario, then my Background Given fails with "I don't know how to login". What's going wrong and how do I go about testing javascrpt interactions on my app? Background: Given I perform HTTP authentication as "<id>/<password>" When I go to the homepage Then I should see "Text-that-you-should-see-on-your-home-page" Scenario: Displaying injury causative factors Given I am on the new_incident_report page When I choose "incident_report_employee_following_procedures_true" Then I should see "Equipment failure?" Then I should not see "Lack of training" When /^I perform HTTP authentication as "([^\"]*)\/([^\"]*)"$/ do |username, password| puts "id/pswd: #{username}/#{password}" ### Following works ONLY if performed first before even going to a page!!! if page.driver.respond_to?(:basic_auth) puts 'Responds to basic_auth' page.driver.basic_auth(username, password) elsif page.driver.respond_to?(:basic_authorize) puts 'Responds to basic_authorize' page.driver.basic_authorize(username, password) elsif page.driver.respond_to?(:browser) && page.driver.browser.respond_to?(:basic_authorize) puts 'Responds to browser_basic_authorize' page.driver.browser.basic_authorize(username, password) else raise "I don't know how to log in!" end end Rails 3.0.9, current gems, other tests passing.

    Read the article

  • After update hook not being called for DataMapper model with dm 1.0.2

    - by Macario
    Hi, I've the following model and I want to execute a method on save and update, problem is that the hook is not being executed on update. class User include DataMapper::Resource include BCrypt property :id, Serial property :email, String, :index => true property :crypted_password, String, :accessor => :private ... attr_accessor :password, :password_confirmation before :save, :encrypt_password! # also tried the following with no success: # before :update, :encrypt_password! # and tried this but hell was never raised # before :update do # raise 'hell' # end def encrypt_password! self.crypted_password = Password.create password end end This spec fails: it 'should call encrypt_password! on update' do subject.save.should be_true subject.should_receive(:encrypt_password!) subject.update(:password => 'other-password', :password_confirmation => 'other-password').should be_true end And this passes: it 'should call encrypt_password! on create' do subject.should_receive(:encrypt_password!) subject.save.should be_true end I've also tried with after :update in addition to after :save with no success. Am I missing something?

    Read the article

  • Leaks in passing the request using URL at NSString, Objective-C.

    - by Madan Mohan
    Hi Guys, I getting the leak in this method even the allocated nsstring is released. -(BOOL)getTicket:(NSString*)userName passWord:(NSString*)aPassword isLogin:(BOOL)isLogin { login =[self getloginList]; username = login.name; password = login.password; NSString* str=@""; if (isLogin == YES) { str = @"https://accounts.=true&LOGIN_ID="; str = [str stringByAppendingString:[self _encodeString:username]]; str = [str stringByAppendingString:@"&PASSWORD="]; str = [str stringByAppendingString:[self _encodeString:password]]; } else if (isLogin == NO) { str = @"https://accounts.=true&LOGIN_ID="; str = [str stringByAppendingString:[self _encodeString:userName]]; str = [str stringByAppendingString:@"&PASSWORD="]; str = [str stringByAppendingString: [self _encodeString:aPassword]]; } NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:str] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:25.0]; [request setHTTPMethod: @"POST"]; NSData *returnData = [NSURLConnection sendSynchronousRequest:request returningResponse:nil error:nil];//****************** i am getting leak here showing as nsstring is leaking NSString *returnString = [[NSString alloc] initWithData:returnData encoding:NSUTF8StringEncoding]; printf("\n returnString in getticket:%s",[returnString UTF8String]); NSRange textRange; textRange =[returnString rangeOfString:@"TICKET"]; if(textRange.location != NSNotFound) { printf("\n **********************"); NSArray* splitValues = [returnString componentsSeparatedByString:@"TICKET="]; NSString* str1 = [splitValues objectAtIndex:1]; NSArray* splitValues1 = [str1 componentsSeparatedByString:@"RESULT"]; NSString* ticket1 = [splitValues1 objectAtIndex:0]; self.ticket = ticket1; self.isCorrectLogin = YES; [returnString release]; return YES; } else { self.isCorrectLogin = NO; [returnString release]; return NO; } return NO; } Please help me out of this problem.

    Read the article

  • HOw can I have a Alert message in a div inside the form

    - by Paromita Poddar
    I have this script and it sends out an alert message. All I want is to put the alert message in a div inside the form. here is the script can you please help asap ` var registered=false function ExamineRegistration() { var email =document.regform.email.value; var emailcheck= email.indexOf("@") var emailcheck2= email.indexOf(".") var password = document.regform.pass.value; var passcheck = password.charAt(0) var message_out = "Errors: " if(email=="" || password==""){ message_out = message_out+"All boxes should be filled in, " } if(emailcheck==-1 || emailcheck2==-1) { message_out = message_out+"email must contain @ and ., " } if(password!=password) { message_out=message_out+"password must match" } if(message_out == "Errors: ") { message_out = "You have successfully been logged in!" registered=true } alert(message_out); } --> This function helps the user first to register and than to enter the site. function Checkreg() { if (registered ==true) { location.replace("http://www.google.com") } else alert("Please Login to proceed") } </script> ` I have a form. I just want the alert message to appear inside the form at the top. I just dont know how to display the alert message inside the form instead of a pop up.

    Read the article

  • NSApp Sheets question in cocoa

    - by califguy
    Hi, Here's what I am trying to do. I need to prompt the user for a password prompt and until he enters the password and hits, say the Enter button on the sheet, I want to prevent the code being parsed in the background. Here's the code to run the sheet and when the user enters the password and hits Enter, endSpeedSheet is run. I am calling all of this from my Main() function. What I am noticing is that the when the main function runs, the sheet shows up, the user is prompted for a password. But in the background, I already see " Code gets here" has been run. This means the code has already run in the background. What I need is the code to wait at the password prompt and then use this password after the Sheet has been dismissed. Any idea's on what I am missing here ? - (IBAction) showSpeedSheet:(id)sender { [NSApp beginSheet:speedSheet modalForWindow:(NSWindow *)window modalDelegate:nil didEndSelector:nil contextInfo:nil]; } -(IBAction)endSpeedSheet:(id)sender { joinPassword = [joinPasswordLabel stringValue]; [NSApp endSheet:speedSheet]; [speedSheet orderOut:sender]; } -(IBAction)main:(id)sender { [self showSpeedSheet:(id)sender]; // More Code here NSLog(@" Code gets here"); }

    Read the article

  • Codeigniter: validation problem

    - by krike
    For some reason a user can login with any password, first I thought I forgot to check for the password but I didn't... and I just cant find the problem here is the model: /*#######################################################*/ function validate() /*#######################################################*/ { $this->db->where('username', $this->input->post('username')); $this->db->where('password', md5($this->input->post('password'))); $q = $this->db->get('user_extra'); if($q->num_rows() == 1): return true; else: return false; endif; }//end of function validate() The controller /*#######################################################*/ function validate_credentials() /*#######################################################*/ { $this->load->model('membership_model'); $this->load->library('form_validation'); $this->form_validation->set_rules('username', 'Name', 'trim|required'); $this->form_validation->set_rules('password', 'password', 'trim|required'); if(!$this->membership_model->validate()): $this->form_validation->set_message('check_login', 'Login not correct, please try again.'); endif; if($this->form_validation->run() == FALSE): $this->index(); else: $this->membership_model->userinfo($this->input->post('username')); //should redirect to last view redirect($this->session->flashdata('redirect_url')); endif; }// end of validate_credentials()

    Read the article

  • How to show alert in a jsp from a servlet and then redirect to another jsp?

    - by Xaul Omar Tobar
    I tried this but does not display the message only redirects login.jsp <form method="post" action="Login_Servlet" > <input name="idUsuario" type="text"/> <input name="password" type="password" /> <button type="submit">Entrar</button> </form> Login_Servlet response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String userid= request.getParameter("idUser"); String password = request.getParameter("password"); Login_Service login_Service = new Login_Service(); boolean result = login_Servicio.aut(userid, password); Usuario user = login_Servicio.getUsuariosByUsuario(userid); if(result == true){ request.getSession().setAttribute("user", user); response.sendRedirect("vistas/Inicio.jsp"); } else{ out.println("<script type=\"text/javascript\">"); out.println("alert('User or password incorrect');"); out.println("</script>"); response.sendRedirect("index.jsp"); } Is it possible to display a message like this? if so I'm doing wrong?

    Read the article

  • wget not completely processing the http call

    - by user578458
    Here is a wget command that executes a HTML / PHP stack report suite that is hosted by a third party - we don't have control over the PHP or HTML page wget --no-check-certificate --http-user=/myacc --http-password=mypass -O /tmp/myoutput.csv "https://myserver.mydomain.com/mymodule.php?myrepcode=9999&action=exportcsv&admin=myappuserid&password=myappuserpass&startdate=2011-01-16&enddate=2011-01-16&reportby=mypreferredview" All the elements are working perfectly: --http-user / --http-pass as offered by a browsers standard popup for username and password prompt -O /tmp/myoutput.csv - the output file of interest https://myserver.mydomain.com/mymodule.php?myrepcode=9999&action=exportcsv&admin=myappuserid&password=myappuserpass&startdate=2011-01-16&enddate=2011-01-16&reportby=mypreferredview" The file generated on the fly by the parameters myrepcode=9999 - a reference to the report in question action=exportcsv internally written in the function admin=myappuserid the third party operats SSL to access the site - then internal username and password stored in a database to access the functions of the site) password=myappuserpass startdate=2011-01-16 this and end data are parameters specific to the report 9999 enddate=2011-01-16 reportby=mypreferredview This is an option in the report that facilitates different levels of detail or aggregation The problem is that the reportby parameter is a radio button selection in a list of 5 selections (sure I enough the default is highest level of aggregation , I want the last one which is the most detailed) Here is a sample of the HTML page code for the options of reportby View by The Default My Least Preferred My Second Least Preferred My Third Least Preferred My Preferred No matter which of the reportby items I select in the wget statement - thedefault is always executed. Questions 1) Has anyone come across this notation in HTML (id=inputname[inputelement]) I spoke to a senior web developer and he has never seen this notation for inputs (id=inputname[inputelement]) - and w3schools do not appear familiar with this either based on an extensive search 2) Can a wget command select a none default radio item when executing the command ? This probably will be initially received with a "Use CURL" response- however the wget approach works very well in the limited environment I am operating in - particularly as I need to download 10000 of these such items. Thanks ahead of response

    Read the article

  • Using Read-Only Fields in a C# WebBrowser

    - by TheDramaLlama
    I'm currently using a WebBrowser control in a C# WinForms application, and attempting to control some variability presented with this control. Basically, my users log in to a separate UI provided by my application, which then displays the WebBrowser control, navigates to a predetermined log-in URL, and then auto-fills the username and password fields on that page. However, in order to prevent unpredictable behavior in this WebBrowser control, I want to make these username and password text boxes read-only after they are auto-populated. Essentially, I want the user to see a browser page that has been filled out for them, and that cannot be edited. (This is so that any authentication errors can be handled by my application as opposed to the browser.) The code I'm currently using to populate the text fields and make them read only is as follows: webBrowser1.Document.GetElementById("username").InnerText = username; webBrowser1.Document.GetElementById("password").InnerText = password; webBrowser1.Document.GetElementById("username").Enabled = false; webBrowser1.Document.GetElementById("password").Enabled = false; Unfortunately, when I try to make the fields read-only, the authentication server acts like the password field was not filled out, and prompts the user to fill it out again after the "Submit" button is clicked. Is this expected behavior, and if so, what other methods can I try to prevent users from changing the credentials that the browser was auto-populated with?

    Read the article

  • PHP Error Form - Leave Contents of Form on Redirect

    - by user1371500
    I have a simple login form in which if an error occurs such as wrong password, I need it to be able to remember the username which was entered. Would I Go about doing this PHP or Javascript as I am not allowed to use JQuery. My current PHP - (Not Including the HTML Form) <?php //MySQl Connection mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("clubresults") or die(mysql_error()); //Initiates New Session - Cookie session_start(); // Start a new session // Get the data passed from the form $username = $_POST['username']; $password = md5($_POST['pass']); // Do some basic sanitizing $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); //Performs SQL Query to retrieve Login Details from DB $sql = "select * from admin_passwords where username = '$username' and password = '$password'"; $result = mysql_query($sql) or die ( mysql_error() ); //Assigns a Variable Count to 0 $count = 0; //Exectues a loop to increment on Successful Login while ($line = mysql_fetch_assoc($result)) { $count++; } //If count is equal to 1 Redirect user to the Members Page and Set Cookie if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: members.php"); // This is wherever you want to redirect the user to } else { //Else Echo that login was a failure. die('Login Failed. <a href=login.php>Click Here to Try Again</a>'); } ?> Any help would be appreciated. Cheers

    Read the article

< Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >