Search Results

Search found 21071 results on 843 pages for 'account security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 179/843 | < Previous Page | 175 176 177 178 179 180 181 182 183 184 185 186  | Next Page >

  • Simple App Engine Sessions Implementation

    - by raz0r
    Here is a very basic class for handling sessions on App Engine: """Lightweight implementation of cookie-based sessions for Google App Engine. Classes: Session """ import os import random import Cookie from google.appengine.api import memcache _COOKIE_NAME = 'app-sid' _COOKIE_PATH = '/' _SESSION_EXPIRE_TIME = 180 * 60 class Session(object): """Cookie-based session implementation using Memcached.""" def __init__(self): self.sid = None self.key = None self.session = None cookie_str = os.environ.get('HTTP_COOKIE', '') self.cookie = Cookie.SimpleCookie() self.cookie.load(cookie_str) if self.cookie.get(_COOKIE_NAME): self.sid = self.cookie[_COOKIE_NAME].value self.key = 'session-' + self.sid self.session = memcache.get(self.key) if self.session: self._update_memcache() else: self.sid = str(random.random())[5:] + str(random.random())[5:] self.key = 'session-' + self.sid self.session = dict() memcache.add(self.key, self.session, _SESSION_EXPIRE_TIME) self.cookie[_COOKIE_NAME] = self.sid self.cookie[_COOKIE_NAME]['path'] = _COOKIE_PATH print self.cookie def __len__(self): return len(self.session) def __getitem__(self, key): if key in self.session: return self.session[key] raise KeyError(str(key)) def __setitem__(self, key, value): self.session[key] = value self._update_memcache() def __delitem__(self, key): if key in self.session: del self.session[key] self._update_memcache() return None raise KeyError(str(key)) def __contains__(self, item): try: i = self.__getitem__(item) except KeyError: return False return True def _update_memcache(self): memcache.replace(self.key, self.session, _SESSION_EXPIRE_TIME) I would like some advices on how to improve the code for better security. Note: In the production version it will also save a copy of the session in the datastore. Note': I know there are much more complete implementations available online though I would like to learn more about this subject so please don't answer the question with "use that" or "use the other" library.

    Read the article

  • GetAccessControl error with NTAccount

    - by Adam Witko
    private bool HasRights(FileSystemRights fileSystemRights_, string fileName_, bool isFile_) { bool hasRights = false; WindowsIdentity WinIdentity = System.Security.Principal.WindowsIdentity.GetCurrent(); WindowsPrincipal WinPrincipal = new WindowsPrincipal(WinIdentity); AuthorizationRuleCollection arc = null; if (isFile_) { FileInfo fi = new FileInfo(@fileName_); arc = fi.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)); } else { DirectoryInfo di = new DirectoryInfo(@fileName_); arc = di.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)); } foreach (FileSystemAccessRule rule in arc) { if (WinPrincipal.IsInRole(rule.IdentityReference.Value)) { if (((int)rule.FileSystemRights & (int)fileSystemRights_) > 0) { if (rule.AccessControlType == AccessControlType.Allow) hasRights = true; else if (rule.AccessControlType == AccessControlType.Deny) { hasRights = false; break; } } } } return hasRights; } The above code block is causing me problems. When the WinPrincipal.IsInRole(rule.IdentityReference.Value) is executed the following exception occurs: "The trust relationship between the primary domain and the trusted domain failed.". I'm very new to using identities, principles and such so I don't know what's the problem. I'm assuming it's with the use of NTAccount? Thanks

    Read the article

  • Open-sourcing a web site with active users?

    - by Lars Yencken
    I currently run several research-related web-sites with active users, and these sites use some personally identifying information about these users (their email address, IP address, and query history). Ideally I'd release the code to these sites as open source, so that other people could easily run similar sites, and more importantly scrutinise and replicate my work, but I haven't been comfortable doing so, since I'm unsure of the security implications. For example, I wouldn't want my users' details to be accessed or distributed by a third party who found some flaw in my site, something which might be easy to do with full source access. I've tried going half-way by refactoring the (Django) site into more independent modules, and releasing those, but this is very time consuming, and in practice I've never gotten around to releasing enough that a third party can replicate the site(s) easily. I also feel that maybe I'm kidding myself, and that this process is really no different to releasing the full source. What would you recommend in cases like this? Would you open-source the site and take the risk? As an alternative, would you advertise the source as "available upon request" to other researchers, so that you at least know who has the code? Or would you just apologise to them and keep it closed in order to protect users?

    Read the article

  • Building a system that allows users to see a video only once

    - by Bart van Heukelom
    My client wants to distribute a video to some people, specifically car dealers, but he doesn't want the video to end up on Youtube or something like that. Therefore he wants the recipients of the video to be able to see it only once. My idea to implement this is: Generate a unique key per viewer Send each viewer a link to a page with a Flash based video player, with their key in the URL Have Flash get the video from the server. On the server the key is checked and the file sent (using php's readfile or something equivalent). Then the key is invalidated. I was thinking this wouldn't take more than a day to build. I know that if you want somebody to be able to play something, you implicitly give them the power to record it as well, but the client just wants me to make it as hard as possible. Do you think this is secure enough for the intended audience? Anything else I can do to add some security without exceeding the development time of 1 day? I'm also interested in ready made solutions, if they exist.

    Read the article

  • Is it possible to spoof or reuse VIEWSTATE or detect if it is protected from modification?

    - by Peter Jaric
    Question ASP and ASP.NET web applications use a value called VIEWSTATE in forms. From what I understand, this is used to persist some kind of state on the client between requests to the web server. I have never worked with ASP or ASP.NET and need some help with two questions (and some sub-questions): 1) Is it possible to programmatically spoof/construct a VIEWSTATE for a form? Clarification: can a program look at a form and from that construct the contents of the base64-encoded VIEWSTATE value? 1 a) Or can it always just be left out? 1 b) Can an old VIEWSTATE for a particular form be reused in a later invocation of the same form, or would it just be luck if that worked? 2) I gather from http://msdn.microsoft.com/en-us/library/ms972976.aspx#viewstate_topic12 that it is possible to turn on security so that the VIEWSTATE becomes secure from spoofing. Is it possible for a program to detect that a VIEWSTATE is safeguarded in such a way? 2 a) Is there a one-to-one mapping between the occurrence of EVENTVALIDATION values and secure VIEWSTATEs? Regarding 1) and 2), if yes, can I have a hint about how I would do that? For 2) I am thinking I could base64-decode the value and search for a string that always is found in unencrypted VIEWSTATEs. "First:"? Something else? Background I have made a small tool for detecting and exploiting so called CSRF vulnerabilities. I use it to quickly make proof of concepts of such vulnerabilities that I send to the affected site owners. Quite often I encounter these forms with a VIEWSTATE, and these I don't know if they are secure or not. Edit 1: Clarified question 1 somewhat. Edit 2: Added text in italics.

    Read the article

  • How to avoid hard coding credentials into Sharepoint webpart?

    - by SeeBees
    I am building a Sharepoint web part that will be used by all users. The web part connects to a web service which needs credentials with higher privileges than common users. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the web service class This may not be a good approach. In regard with security, source code of the web apart is available to people who are not allowed to see the credential. This is bad enough, But is there any other drawback of this approach? A web part doesn't have a .config file associated. The .config file is in application-level of the sharepoint site, and I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve this problem? Say provide a WebBrowsable property to an admin so that he/she can set credentials. Is this possible? Thanks

    Read the article

  • How would a user stay logged in to a REST-based website?

    - by unforgiven3
    A year or so ago I asked this question: Can you help me understand this? “Common REST Mistakes: Sessions are irrelevant”. My question was essentially this: Okay, I get that HTTP authentication is done automatically on every message - but how? Is the username/password sent with every request? Doesn't that just increase attack surface area? I feel like I'm missing part of the puzzle. The answers I received made perfect sense in the context of a mobile (iPhone, Android, WP7) app - when talking to a REST service, the app would just send user credentials along with each request. That worked great for me. But now, I would like to better understand how one would secure a REST-like website, like StackOverflow itself or something like Reddit. How would things work if it was a user logged in via a web browser instead of logged in via an iPhone app? What happens when a user logs in? Are the credentials saved in the browser somehow? How would the browser know what credentials to send with subsequent REST requests? What if it's a JavaScript call to a webservice? How would the JavaScript call include user credentials? I'll be quite frank: my understanding of security when it comes to websites is pretty limited. I enjoyed working with REST services from an app perspective, but now I want to try and build a website that is based on REST principles, and I'm finding myself to be pretty lost. If there is anything in the above question that is unclear that you'd like me to clarify, please leave a comment and I'll address it.

    Read the article

  • Injecting the application TransactionManager into a JPA EntityListener

    - by nodje
    I want to use the JPA EntityListener to support spring security ACLs. On @PostPersist events, I create a permission corresponding to the persisted entity. I need this operation to participate to the current Transaction. For this to happen I need to have a reference to the application TransactionManager in the EntityListener. The problem is, Spring can't manage the EntityListener as it is created automatically when EntityManagerFactory is instantiated. And in a classic Spring app, the EntityManagerFactory is itself created during the TransactioManager instantiation. <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="entityManagerFactory" /> </bean> So I have no way to inject the TransactionManager with the constructor, as it is not yet instantiated. Making the EntityManager a @Component create another instance of the EntityManager. Implementing InitiliazingBean and using afterPropertySet() doesn't work as it's not a Spring managed bean. Any idea would be helpful as I'm stuck and out of ideas.

    Read the article

  • How to control access to third party HTML pages

    - by Wylie
    Hello, We have a Learning Management System (LMS) that runs on its own server (IIS/Server 2003). Students must login with Forms authentication to gain access to the content. We want to offer access to third party flash and audio that is embedded in HTML pages hosted on the third party server (IIS/Server 2003). Currently we use a frame in a pop-up window that is populated via a simple URL to the third party HTML pages. How can the third party control access to their content, so that only students who launch the pop-up windows from our site can access their content? Since the content is mostly video and flash, we would prefer not to stream all of their content through our server to the Student. We have a programming staff, so we could maybe... - either post or get for our HTTP request to the third party server - we could use SSL - we could programmatically assign a global NT user account to all of our users and then do some kind of Active Directory login from the LMS server to the third party server - could the third party content be hosted at Amazon S3? Would this allow for secure access/download? These are just ideas. We really have no idea. Any suggestions would be greatly appreciated. TIA, Wylie

    Read the article

  • Exploiting Path Traversal Vulnerability

    - by Maputo
    I have a Java Web App running on Tomcat on which I'm supposed to exploit Path traversal vulnerability. There is a section (in the App) at which I can upload a .zip file, which gets extracted in the server's /tmp directory. The content of the .zip file is not being checked, so basically I could put anything in it. I tried putting a .jsp file in it and it extracts perfectly. My problem is that I don't know how to reach this file as a "normal" user from browser. I tried entering ../../../tmp/somepage.jsp in the address bar, but Tomcat just strips the ../ and gives me http://localhost:8080/tmp/ resource not available. Ideal would be if I could somehow rename the somepage.jsp so that it gets extracted in the web directory of the Web App. But then, the Linux filesystem disallows slashes in filenames (e.g. ../../home/webapp/somepage.jsp). Are there maybe any escape sequences that would translate to / after extracting? Any ideas would be highly appreciated. Note: This is a school project in a Security course where I'm supposed to locate vulnerabilities and correct them. Not trying to harm anyone...

    Read the article

  • Storing an encrypted cookie with Rails

    - by J. Pablo Fernández
    I need to store a small piece of data (less than 10 characters) in a cookie in Rails and I need it to be secure. I don't want anybody being able to read that piece of data or injecting their own piece of data (as that would open up the app to many kinds of attacks). I think encrypting the contents of the cookie is the way to go (should I also sign it?). What is the best way to do it? Right now I'm doing this, which looks secure, but many things looked secure to people that knew much more than I about security and then it was discovered it wasn't really secure. I'm saving the secret in this way: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) cookies[:secret] = { :value => encryptor.encrypt(secret), :domain => "example.com", :secure => !(Rails.env.test? || Rails.env.development?) } and then I'm reading it like this: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) secret = encryptor.decrypt(cookies[:secret]) Is that secure? Any better ways of doing it? Update: I know about Rails' session and how it is secure, both by signing the cookie and by optionally storing the contents of the session server side and I do use the session for what it is for. But my question here is about storing a cookie, a piece of information I do not want in the session but I still need it to be secure.

    Read the article

  • PHP Mailer Class - Securing Email Credentials

    - by Alan A
    I am using the php mailer class to send email via my scripts. The structure is as follows: $mail = new PHPMailer; $mail->IsSMTP(); // Set mailer to use SMTP $mail->Host = 'myserver.com'; // Specify main and backup server $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = '[email protected]'; // SMTP username $mail->Password = 'user123'; // SMTP password $mail->SMTPSecure = 'pass123'; It seems to me to be a bit of a security hole having the mailbox credentials in plain view. So I thought I might put these in an external file outside of the web root. My question is how would I then assign the $mail object these values. I of course no how to use include and/or requires... would it simple be a case of.... $mail->IsSMTP(); // Set mailer to use SMTP $mail->Host = 'myserver.com'; // Specify main and backup server $mail->SMTPAuth = true; // Enable SMTP authentication includes '../locationOutsideWebroot/emailCredntials.php'; $mail->SMTPSecure = 'pass123'; Then emailCredentails.php: <?php $mail->Username = '[email protected]'; $mail->Password = 'user123'; ?> Would this be sufficient and secure enough? Thanks, Alan.

    Read the article

  • Is this a safe PHP mail function?

    - by Eystein
    I've finally got this PHP email script working (didn't work on localhost…), but my concern is that it's not safe. So - is this safe for spamming and any other security pitfalls I'm not aware of? <?php $email = '[email protected]'; $subject = 'Notify about stuff'; $notify = $_REQUEST['email']; if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $notify)) { echo "<h4>Your email address doesn't validate, please check that you typed it correct.</h4>"; echo "<a href='javascript:history.back(1);'>Back</a>"; } elseif(mail($email, $subject, $notify)) { echo "<h4>Thank you, you will be notified.</h4>"; } else { echo "<h4>Sorry, your email didn't get registered.</h4>"; } ?> Unrelated: is there a PHP function I can use instead of javascript:history.back(1) ?

    Read the article

  • j_security_check to SSO in different module under Oracle App Server?

    - by thebearinboulder
    I have an existing j2ee application running on Oracle App Server. It is targeted towards paying customers so the content is secured and a SSO module properly intercepts all requests for secured content. Now the company is adding a unbranded public-facing module with a number of unsecured pages. At one point the user is expected to register for a free account and log in to proceed further. Think doctors adding a public-facing site with information for potential patients, or lawyers adding a public-facing site with information for potential clients. There's some information on the session and the usual approach would be to authenticate the user, persist the session information using the now-known user id, invalidate the existing session (to prevent certain types of attacks), the reload the session information before returning to the user. I can't just persist it under the session id since that's about to change. The glitch is that the existing application already has an SSO module and I get a 404 error every time I try to direct to j_security_check. I've tried that, /sso/j_security_check, even http://localhost/sso/j_security_check, all without success. I noticed that an earlier question said that tomcat requires access to a secured page before j_security_check is even visible. I don't know if that's the case with Oracle AS. Ideas? Or is the best approach to continue arguing that we have a different user base so it would be better to handle authentication in our own module anyway?

    Read the article

  • Replacing mysql user authentication with openid

    - by David
    So, I'm working with a really old system which uses a person's mysql database credentials to authenticate to a web site (the database was originally only accessed from the command line, but is now accessed from a php frontend). Because of some internal reasons (and to preserve the user's history), I have to leave the old authentication intact. I've been charged with adding openid authentication to this system. Somehow I need to be able to retrieve a users mysql username and password upon logging into the site through openid (using the Zend framework, by the way). I've thought of simply requiring registration at the first login, where the user must provide their mysql credentials, but I'd rather not store the password plain text. I've also considered blanking everyone's mysql passwords, and just setting the user's mysql username manually (rather than having the user provide this, since they could provide any username). This is turning into a security nightmare. Does anyone have any suggestions for alternatives? This is running on a Linux server, by the way. Also, I can't use mysql pluggable authentication because the mysql version is 5.0 (pluggable authentication requires mysql 5.5), and no, I can't update it.

    Read the article

  • SBS2003 to SBS2011 Migration - Installation Error

    - by Shawn Gradwell
    Microsoft Small Business Server 2003 to 2011 Migration. I followed the Migration Guide from Microsoft and the source server had no errors when running the various tests prior to the migration. I have completed the destination server setup using the Answer File and the server is up and running. It all looks good, I can access Exchange and AD and the only problem is the error message when you log in stating that the setup did not complete and to check the logs. Because all looks good I am continuing the migration to the destination server. I also have to state that this client does not use Sharepoint at all. Do I have to redo everything? Herewith the logs: [4992] 121016.225454.5905: Task: Starting Add User or Group access VSS registry. [4992] 121016.225454.7645: TaskManagement: In TaskScheduler.RunTasks(): The "ConfigureSharePointVSSRegistryTask" Task threw an Exception during the Run() call:System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.AddUsersToAccessRegistry(List`1 names) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.Run(ITaskDataLink dl) at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink) at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName) [4992] 121016.225454.7655: Setup: An error was encountered on the TME thread: System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.AddUsersToAccessRegistry(List`1 names) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.Run(ITaskDataLink dl) at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink) at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName) at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter._RunTasks(Object sender, DoWorkEventArgs e) [4956] 121016.225455.0685: Setup: _UnhandledExceptionHandler: Setup encountered an error: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: The TME thread failed (see the inner exception). ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.AddUsersToAccessRegistry(List`1 names) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.Run(ITaskDataLink dl) at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink) at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName) at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter._RunTasks(Object sender, DoWorkEventArgs e) at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument) --- End of inner exception stack trace --- at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter.TasksCompleted(Object sender, RunWorkerCompletedEventArgs e) --- End of inner exception stack trace --- at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Forms.Control.InvokeMarshaledCallbackDo(ThreadMethodEntry tme) at System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Object obj) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Windows.Forms.Control.InvokeMarshaledCallback(ThreadMethodEntry tme) at System.Windows.Forms.Control.InvokeMarshaledCallbacks() at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg) at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData) at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context) at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context) at Microsoft.WindowsServerSolutions.Common.Wizards.Framework.WizardChainEngine.Launch() at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass._LaunchWizard() at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass.RealMain(String[] args) at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass.Main(String[] args) [4956] 121016.225455.0865: Setup: Removed the password. [4956] 121016.225455.0905: Setup: Deleting scheduled task at path Microsoft\Windows\Windows Small Business Server 2011 Standard with name Setup [4956] 121016.225455.8055: Setup: Removed SBSSetup from the RunOnce.

    Read the article

  • Remote Desktop (Vino-Server) connects but display doesn't work?

    - by kmassada
    Ubuntu comes default with vino-server, I can remote into my machine, and connect to it, however, the display inside my remote client, is a mirror of my own desktop. I tried using one monitor, thinking that's what is the issue but still won't work. (vino-server:3608): EggSMClient-CRITICAL **: egg_sm_client_set_mode: assertion `global_client == NULL || global_client_mode == EGG_SM_CLIENT_MODE_DISABLED' failed 25/07/2012 12:23:58 PM Autoprobing TCP port in (all) network interface 25/07/2012 12:23:58 PM Listening IPv6://[::]:5900 25/07/2012 12:23:58 PM Listening IPv4://0.0.0.0:5900 25/07/2012 12:23:58 PM Autoprobing selected port 5900 25/07/2012 12:23:58 PM Advertising security type: 'TLS' (18) 25/07/2012 12:23:58 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface 25/07/2012 12:23:58 PM Listening IPv6://[::]:5900 25/07/2012 12:23:58 PM Listening IPv4://0.0.0.0:5900 25/07/2012 12:23:58 PM Clearing securityTypes 25/07/2012 12:23:58 PM Advertising security type: 'TLS' (18) 25/07/2012 12:23:58 PM Clearing securityTypes 25/07/2012 12:23:58 PM Advertising security type: 'TLS' (18) 25/07/2012 12:23:58 PM Advertising authentication type: 'No Authentication' (1) 25/07/2012 12:23:58 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface 25/07/2012 12:23:58 PM Listening IPv6://[::]:5900 25/07/2012 12:23:58 PM Listening IPv4://0.0.0.0:5900 25/07/2012 12:23:58 PM Clearing securityTypes 25/07/2012 12:23:58 PM Clearing authTypes 25/07/2012 12:23:58 PM Advertising security type: 'TLS' (18) 25/07/2012 12:23:58 PM Advertising authentication type: 'VNC Authentication' (2) 25/07/2012 12:23:58 PM Clearing securityTypes 25/07/2012 12:23:58 PM Clearing authTypes 25/07/2012 12:23:58 PM Advertising security type: 'TLS' (18) 25/07/2012 12:23:58 PM Advertising authentication type: 'VNC Authentication' (2) 25/07/2012 12:23:58 PM Advertising security type: 'VNC Authentication' (2) (vino-server:3608): LIBDBUSMENU-GLIB-WARNING **: Trying to remove a child that doesn't believe we're it's parent. (vino-server:3608): LIBDBUSMENU-GLIB-WARNING **: Trying to remove a child that doesn't believe we're it's parent. 25/07/2012 12:24:16 PM [IPv4] Got connection from client static-XXXX.bltmmd.fios.verizon.net 25/07/2012 12:24:16 PM other clients: 25/07/2012 12:24:29 PM Client Protocol Version 3.7 25/07/2012 12:24:29 PM Advertising security type 18 25/07/2012 12:24:29 PM Advertising security type 2 25/07/2012 12:24:30 PM Client returned security type 18 25/07/2012 12:24:30 PM Advertising authentication type 2 25/07/2012 12:24:30 PM Client returned authentication type 2 25/07/2012 12:24:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -258 25/07/2012 12:24:37 PM Enabling NewFBSize protocol extension for client static-XXXX.bltmmd.fios.verizon.net 25/07/2012 12:24:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 1464686185 25/07/2012 12:24:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -259 25/07/2012 12:24:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -257 (vino-server:3608): LIBDBUSMENU-GLIB-WARNING **: Trying to remove a child that doesn't believe we're it's parent. 25/07/2012 12:24:55 PM Client static-XXXX.bltmmd.fios.verizon.net gone 25/07/2012 12:24:55 PM Statistics: 25/07/2012 12:24:55 PM key events received 0, pointer events 80 25/07/2012 12:24:55 PM framebuffer updates 43, rectangles 152, bytes 292401 25/07/2012 12:24:55 PM tight rectangles 152, bytes 292401 25/07/2012 12:24:55 PM raw bytes equivalent 11621332, compression ratio 39.744502 25/07/2012 12:25:21 PM [IPv4] Got connection from client static-XXXX.bltmmd.fios.verizon.net 25/07/2012 12:25:21 PM other clients: 25/07/2012 12:25:28 PM Client Protocol Version 3.7 25/07/2012 12:25:28 PM Advertising security type 18 25/07/2012 12:25:28 PM Advertising security type 2 25/07/2012 12:25:28 PM Client returned security type 18 25/07/2012 12:25:29 PM Advertising authentication type 2 25/07/2012 12:25:29 PM Client returned authentication type 2 25/07/2012 12:25:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -258 25/07/2012 12:25:37 PM Enabling NewFBSize protocol extension for client static-XXXX.bltmmd.fios.verizon.net 25/07/2012 12:25:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 1464686185 25/07/2012 12:25:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -259 25/07/2012 12:25:37 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -257 (vino-server:3608): LIBDBUSMENU-GLIB-WARNING **: Trying to remove a child that doesn't believe we're it's parent. 25/07/2012 12:25:47 PM Client static-XXXX.bltmmd.fios.verizon.net gone 25/07/2012 12:25:47 PM Statistics: 25/07/2012 12:25:47 PM key events received 0, pointer events 7283 25/07/2012 12:25:47 PM framebuffer updates 27, rectangles 82, bytes 113354 25/07/2012 12:25:47 PM tight rectangles 82, bytes 113354 25/07/2012 12:25:47 PM raw bytes equivalent 5831432, compression ratio 51.444431 couple of things I notice, the following error occurs over and over again. the menu error seems to be caused by ubuntu, similar problems occur http://trac.wxwidgets.org/ticket/14292, (vino-server:3608): LIBDBUSMENU-GLIB-WARNING **: Trying to remove a child that doesn't believe we're it's parent. the second one also seem to be a display related issue, can't seem to figure out a solution. I really rather try to fix this issue than have to use the other vnc clients most suggest. (vino-server:3608): EggSMClient-CRITICAL **: egg_sm_client_set_mode: assertion `global_client == NULL || global_client_mode == EGG_SM_CLIENT_MODE_DISABLED' failed

    Read the article

  • Scripting Windows Shares - VBS

    - by Calvin Piche
    So i am totally new to VBS, never used it. I am trying to create multiple shares and i found a Microsoft VBS script that can do this(http://gallery.technet.microsoft.com/scriptcenter/6309d93b-fcc3-4586-b102-a71415244712) My question is, this script only allows for one domain group or user to be added for permissions where i am needing to add a couple with different permissions(got that figured out) Below is the script that i have modified for my needs but just need to add in the second group with the other permissions. If there is an easier way to do this please let me know. 'ShareSetup.vbs '========================================================================== Option Explicit Const FILE_SHARE = 0 Const MAXIMUM_CONNECTIONS = 25 Dim strComputer Dim objWMIService Dim objNewShare strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set objNewShare = objWMIService.Get("Win32_Share") Call sharesec ("C:\Published Apps\Logs01", "Logs01", "Log01", "Support") Call sharesec2 ("C:\Published Apps\Logs01", "Logs01", "Log01", "Domain Admins") Sub sharesec(Fname,shr,info,account) 'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to Dim FSO Dim Services Dim SecDescClass Dim SecDesc Dim Trustee Dim ACE Dim Share Dim InParam Dim Network Dim FolderName Dim AdminServer Dim ShareName FolderName = Fname AdminServer = "\\" & strComputer ShareName = shr Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2") Set SecDescClass = Services.Get("Win32_SecurityDescriptor") Set SecDesc = SecDescClass.SpawnInstance_() 'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 'Trustee.Domain = Null 'Trustee.Name = "EVERYONE" 'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name. 'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee Set ACE = Services.Get("Win32_Ace").SpawnInstance_ ACE.Properties_.Item("AccessMask") = 1179817 ACE.Properties_.Item("AceFlags") = 3 ACE.Properties_.Item("AceType") = 0 ACE.Properties_.Item("Trustee") = Trustee SecDesc.Properties_.Item("DACL") = Array(ACE) Set Share = Services.Get("Win32_Share") Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_() InParam.Properties_.Item("Access") = SecDesc InParam.Properties_.Item("Description") = "Public Share" InParam.Properties_.Item("Name") = ShareName InParam.Properties_.Item("Path") = FolderName InParam.Properties_.Item("Type") = 0 Share.ExecMethod_ "Create", InParam End Sub Sub sharesec2(Fname,shr,info,account) 'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to Dim FSO Dim Services Dim SecDescClass Dim SecDesc Dim Trustee Dim ACE2 Dim Share Dim InParam Dim Network Dim FolderName Dim AdminServer Dim ShareName FolderName = Fname AdminServer = "\\" & strComputer ShareName = shr Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2") Set SecDescClass = Services.Get("Win32_SecurityDescriptor") Set SecDesc = SecDescClass.SpawnInstance_() 'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 'Trustee.Domain = Null 'Trustee.Name = "EVERYONE" 'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) Set Trustee = SetGroupTrustee("domain", account) 'Replace ACME with your domain name. 'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee Set ACE2 = Services.Get("Win32_Ace").SpawnInstance_ ACE2.Properties_.Item("AccessMask") = 1179817 ACE2.Properties_.Item("AceFlags") = 3 ACE2.Properties_.Item("AceType") = 0 ACE2.Properties_.Item("Trustee") = Trustee SecDesc.Properties_.Item("DACL") = Array(ACE2) End Sub Function SetAccountTrustee(strDomain, strName) set objTrustee = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_ set account = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='" & strDomain &"'") set accountSID = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'") objTrustee.Domain = strDomain objTrustee.Name = strName objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation set accountSID = nothing set account = nothing set SetAccountTrustee = objTrustee End Function Function SetGroupTrustee(strDomain, strName) Dim objTrustee Dim account Dim accountSID set objTrustee = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_ set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Group.Name='" & strName & "',Domain='" & strDomain &"'") set accountSID = getObject("Winmgmts: {impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'") objTrustee.Domain = strDomain objTrustee.Name = strName objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation set accountSID = nothing set account = nothing set SetGroupTrustee = objTrustee End Function

    Read the article

  • How to account for speed of the vehicle when shooting shells from it?

    - by John Murdoch
    I'm developing a simple 3D ship game using libgdx and bullet. When a user taps the mouse I create a new shell object and send it in the direction of the mouse click. However, if the user has tapped the mouse in the direction where the ship is currently moving, the ship catches up to the shells very quickly and can sometimes even get hit by them - simply because the speed of shells and the ship are quite comparable. I think I need to account for ship speed when generating the initial impulse for the shells, and I tried doing that (see "new line added"), but I cannot figure out if what I'm doing is the proper way and if yes, how to calculate the correct coefficient. public void createShell(Vector3 origin, Vector3 direction, Vector3 platformVelocity, float velocity) { long shellId = System.currentTimeMillis(); // hack ShellState state = getState().createShellState(shellId, origin.x, origin.y, origin.z); ShellEntity entity = EntityFactory.getInstance().createShellEntity(shellId, state); add(entity); entity.getBody().applyCentralImpulse(platformVelocity.mul(velocity * 0.02f)); // new line added, to compensate for the moving platform, no idea how to calculate proper coefficient entity.getBody().applyCentralImpulse(direction.nor().mul(velocity)); } private final Vector3 v3 = new Vector3(); public void shootGun(Vector3 direction) { Vector3 shipVelocity = world.getShipEntities().get(id).getBody().getLinearVelocity(); world.getState().getShipStates().get(id).transform.getTranslation(v3); // current location of our ship v3.add(direction.nor().mul(10.0f)); // hack; this is to avoid shell immediately impacting the ship that it got shot out from world.createShell(v3, direction, shipVelocity, 500); }

    Read the article

  • How do I account for changed or forgotten tasks in an estimate?

    - by Andrew
    To handle task-level estimates and time reporting, I have been using (roughly) the technique that Steve McConnell describes in Chapter 10 of Software Estimation. Specifically, when the time comes for me to create task-level estimates (right before coding begins on a project), I determine the tasks at a fairly granular level so that, whenever possible, I have no tasks with a single-point, 50%-confidence estimate greater than four hours. That way, the task estimation process helps with constructing the software while helping me not to forget tasks during estimation. I come up with a range of hours possible for each task also, and using the statistical calculations that McConnell describes along with my historical accuracy data, I can generate estimates at other confidence levels when desired. I feel like this method has been working fairly well for me. We are required to put tasks and their estimates into TFS for tracking, so I use the estimates at the percentage of confidence I am told to use. I am unsure, however, what to do when I do forget a task, or I end up needing to do work that does not neatly fall within one of the tasks I estimated. Of course, trying to avoid this situation is best, but how do I account for forgotten/changed tasks? I want to have the best historical data I can to help me with future estimates, but right now, I basically am just calculating whether I made the 50%-confidence estimate and whether I made it inside the ranged estimate. I'll be happy to clarify what I'm asking if needed -- let me know what is unclear.

    Read the article

  • How do I have to take into account the direction in which the camera is facing when creating a first person strafe (left/right) movement

    - by Chris
    This is the code I am currently using, and it works great, except for the strafe always causes the camera to move along the X axis which is not relative to the direction in which the camera is actually facing. As you can see currently only the x location is updated: [delta * -1, 0, 0] How should I take into account the direction in which the camera is facing (I have the camera's target x,y,z) when creating a first person strafe (left/right) movement? case 'a': var eyeOriginal = g_eye; var targetOriginal = g_target; var viewEye = g_math.subVector(g_eye, g_target); var viewTarget = g_math.subVector(g_target, g_eye); viewEye = g_math.addVector([delta * -1, 0, 0], viewEye); viewTarget = g_math.addVector([delta * -1, 0, 0], viewTarget); g_eye = g_math.addVector(viewEye, targetOriginal); g_target = g_math.addVector(viewTarget, eyeOriginal); break; case 'd': var eyeOriginal = g_eye; var targetOriginal = g_target; var viewEye = g_math.subVector(g_eye, g_target); var viewTarget = g_math.subVector(g_target, g_eye); viewEye = g_math.addVector([delta, 0, 0], viewEye); viewTarget = g_math.addVector([delta, 0, 0], viewTarget); g_eye = g_math.addVector(viewEye, targetOriginal); g_target = g_math.addVector(viewTarget, eyeOriginal); break;

    Read the article

  • InteropServices COMException when executing a .net app from a web CGI script on Windows Server 2003

    - by Kurt W. Leucht
    Disclaimer: I'm completely clueless about .net and COM. I have a vendor's application that appears to be written in .net and I'm trying to wrap it with a web form (a cgi-bin Perl script) so I can eventually launch this vendor's app from a separate computer. I'm on a Windows Server 2003 R2 SE SP1 system and I'm using Apache 2.2 for the web server and ActivePerl 5.10.0.1004 for the cgi script. My cgi script calls the vendor's app that resides on the same machine using the Perl backtick operator. ... $result = "Result: " . `$vendorsPath/$vendorsExecutable $arg1 $arg2`; ... Right now I'm just running IE web browser locally on the server machine and accessing "http://localhost/cgi-bin/myPerlScript.pl". The vendor's app fails and logs a debug message that includes the following stack trace (I changed a couple names so as to not give away the vendor's identity): ... System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException (0x80043A1D): 0x80040154 - Class not registered --- End of inner exception stack trace --- at System.RuntimeType.InvokeDispMethod(String name, BindingFlags invokeAttr, Object target, Object[] args, Boolean[] byrefModifiers, Int32 culture, String[] namedParameters) at System.RuntimeType.InvokeMember(String name, BindingFlags invokeAttr, Binder binder, Object target, Object[] args, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParameters) at VendorsTool.Engine.Core.VendorsEngine.LoadVendorsServices(String fileName, String& projectCommPath) ... When I run the vendors app from the Windows command line on the server machine with the exact same arguments that the cgi script is passing it runs just fine, so there's something about invoking their app via the web script that is causing a problem. This problem is likely security related because the whole thing runs just fine on a Windows XP Pro machine (both command line and web invocation). I actually developed my web script there and got it completely working there before I tried moving it to the Windows Server 2003 machine. So what's different about the Windows Server 2003 machine that would keep the vendor's .net app from being executed successfully by a web cgi script? Can I fix this problem somehow to make it work on my server or will the vendor have to make a change to their .net app and ship out a new version? I'm probably the only person in the world who is trying to execute this vendor's app from a separate program, so I hate to bother the vendor with the issue if there's a workaround that I can implement myself here on my server machine. Plus, I'm in kind of a hurry and I don't want to wait 4 or 6 months for the vendor to put in a fix and deploy a new version. Thanks for any advise you can give.

    Read the article

  • Which functions in the C standard library commonly encourage bad practice?

    - by Ninefingers
    Hello all, This is inspired by this question and the comments on one particular answer in that I learnt that strncpy is not a very safe string handling function in C and that it pads zeros, until it reaches n, something I was unaware of. Specifically, to quote R.. strncpy does not null-terminate, and does null-pad the whole remainder of the destination buffer, which is a huge waste of time. You can work around the former by adding your own null padding, but not the latter. It was never intended for use as a "safe string handling" function, but for working with fixed-size fields in Unix directory tables and database files. snprintf(dest, n, "%s", src) is the only correct "safe strcpy" in standard C, but it's likely to be a lot slower. By the way, truncation in itself can be a major bug and in some cases might lead to privilege elevation or DoS, so throwing "safe" string functions that truncate their output at a problem is not a way to make it "safe" or "secure". Instead, you should ensure that the destination buffer is the right size and simply use strcpy (or better yet, memcpy if you already know the source string length). And from Jonathan Leffler Note that strncat() is even more confusing in its interface than strncpy() - what exactly is that length argument, again? It isn't what you'd expect based on what you supply strncpy() etc - so it is more error prone even than strncpy(). For copying strings around, I'm increasingly of the opinion that there is a strong argument that you only need memmove() because you always know all the sizes ahead of time and make sure there's enough space ahead of time. Use memmove() in preference to any of strcpy(), strcat(), strncpy(), strncat(), memcpy(). So, I'm clearly a little rusty on the C standard library. Therefore, I'd like to pose the question: What C standard library functions are used inappropriately/in ways that may cause/lead to security problems/code defects/inefficiencies? In the interests of objectivity, I have a number of criteria for an answer: Please, if you can, cite design reasons behind the function in question i.e. its intended purpose. Please highlight the misuse to which the code is currently put. Please state why that misuse may lead towards a problem. I know that should be obvious but it prevents soft answers. Please avoid: Debates over naming conventions of functions (except where this unequivocably causes confusion). "I prefer x over y" - preference is ok, we all have them but I'm interested in actual unexpected side effects and how to guard against them. As this is likely to be considered subjective and has no definite answer I'm flagging for community wiki straight away. I am also working as per C99.

    Read the article

  • CDI SessionScoped Bean instance remains unchanged when login with different user

    - by Jason Yang
    I've been looking for the workaround of this problem for rather plenty of time and no result, so I ask question here. Simply speaking, I'm using a CDI SessionScoped Bean User in my project to manage user information and display them on jsf pages. Also container-managed j_security_check is used to resolve authentication issue. Everything is fine if first logout with session.invalidate() and then login in the same browser tab with a different user. But when I tried to directly login (through login.jsf) with a new user without logout beforehand, I found the user information remaining unchanged. I debugged and found the User bean, as well as the HttpSession instance, always remaining the same if login with different users in the same browser, as long as session.invalidate() not invoked. But oddly, the session id did modified, and I've both checked in Java code and Firebug. org.apache.catalina.session.StandardSessionFacade@5d7b4092 StandardSession[c69a71d19f369d08b5dddbea2ef0] attrName = org.jboss.weld.context.conversation.ConversationIdGenerator : attrValue=org.jboss.weld.context.conversation.ConversationIdGenerator@583c9dd8 attrName = org.jboss.weld.context.ConversationContext.conversations : attrValue = {} attrName = org.jboss.weld.context.http.HttpSessionContext#org.jboss.weld.bean-Discipline-ManagedBean-class com.netease.qa.discipline.profile.User : attrValue = Bean: Managed Bean [class com.netease.qa.discipline.profile.User] with qualifiers [@Any @Default @Named]; Instance: com.netease.qa.discipline.profile.User@c497c7c; CreationalContext: org.jboss.weld.context.CreationalContextImpl@739efd29 attrName = javax.faces.request.charset : attrValue = UTF-8 org.apache.catalina.session.StandardSessionFacade@5d7b4092 StandardSession[c6ab4b0c51ee0a649ef696faef75] attrName = org.jboss.weld.context.conversation.ConversationIdGenerator : attrValue = org.jboss.weld.context.conversation.ConversationIdGenerator@583c9dd8 attrName = com.sun.faces.renderkit.ServerSideStateHelper.LogicalViewMap : attrValue = {-4968076393130137442={-7694826198761889564=[Ljava.lang.Object;@43ff5d6c}} attrName = org.jboss.weld.context.ConversationContext.conversations : attrValue = {} attrName = org.jboss.weld.context.http.HttpSessionContext#org.jboss.weld.bean-Discipline-ManagedBean-class com.netease.qa.discipline.profile.User : attrValue = Bean: Managed Bean [class com.netease.qa.discipline.profile.User] with qualifiers [@Any @Default @Named]; Instance: com.netease.qa.discipline.profile.User@c497c7c; CreationalContext: org.jboss.weld.context.CreationalContextImpl@739efd29 attrName = javax.faces.request.charset : attrValue = UTF-8 Above block contains two successive logins and their Session info. We can see that the instance(1st row) the same while session id(2nd row) different. Seems that session object is reused to contain different session id and CDI framework manages session bean life cycle in accordance with the session object only(?). I'm wondering whether there could be only one server-side session object within the same browser unless invalidated? Since I'm adopting j_security_check I fancy intercepting it and invalidating old session is not so easy. So is it possible to accomplish the goal without altering the CDI+JSF+j_security_check design that one can relogin with different account in the same or different tab within the same browser? Really look forward for your response. More info: Glassfish v3.1 is my appserver.

    Read the article

  • Help choosing authentication method

    - by Dima
    I need to choose an authentication method for an application installed and integrated in customers environment. There are two types of environments - windows and linux/unix. Application is user based, no web stuff, pure Java. The requirement is to authenticate users which will use my application against customer provided user base. Meaning, customer installs my app, but uses his own users to grant or deny access to my app. Typical, right? I have three options to consider and I need to pick up the one which would be a) the most flexible to cover most common modern environments and b) would take least effort while stay robust and standard. Option (1) - Authenticate locally managing user credentials in some local storage, e.g. file. Customer would then add his users to my application and it will then check the passwords. Simple, clumsy but would work. Customers would have to punch every user they want to grant access to my app using some UI we will have to provide. Lots of work for me, headache to the customer. Option (2) - Use LDAP authentication. Customers would tell my app where to look for users and I will walk their directory resolving names into user names and trying to bind with found password. This is better approach IMO, but more fragile because I will have to walk an unknown directory structure and who knows if this will be permitted everywhere. Would be harder to test since there are many LDAP implementation out there, last thing I want is drowning in this voodoo. Option(3) - Use plain Kerberos authentication. Customers would tell my app what realm (domain) and which KDC (key distribution center) to use. In ideal world these two parameters would be all I need to set while customers could use their own administration tools to configure domain and kdc. My application would simply delegate user credentials to this third party (using JAAS or Spring security) and consider success when third party is happy with them. I personally prefer #3, but not sure what surprises I might face. Would this cover windows and *nix systems entirely? Is there another option to consider?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 175 176 177 178 179 180 181 182 183 184 185 186  | Next Page >