Search Results

Search found 17767 results on 711 pages for 'authentication json apps'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 182/711 | < Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >

  • Security review of an authenticated Diffie Hellman variant

    - by mtraut
    EDIT I'm still hoping for some advice on this, i tried to clarify my intentions... When i came upon device pairing in my mobile communication framework i studied a lot of papers on this topic and and also got some input from previous questions here. But, i didn't find a ready to implement protocol solution - so i invented a derivate and as i'm no crypto geek i'm not sure about the security caveats of the final solution: The main questions are Is SHA256 sufficient as a commit function? Is the addition of the shared secret as an authentication info in the commit string safe? What is the overall security of the 1024 bit group DH I assume at most 2^-24 bit probability of succesful MITM attack (because of 24 bit challenge). Is this plausible? What may be the most promising attack (besides ripping the device out off my numb, cold hands) This is the algorithm sketch For first time pairing, a solution proposed in "Key agreement in peer-to-peer wireless networks" (DH-SC) is implemented. I based it on a commitment derived from: A fix "UUID" for the communicating entity/role (128 bit, sent at protocol start, before commitment) The public DH key (192 bit private key, based on the 1024 bit Oakley group) A 24 bit random challenge Commit is computed using SHA256 c = sha256( UUID || DH pub || Chall) Both parties exchange this commitment, open and transfer the plain content of the above values. The 24 bit random is displayed to the user for manual authentication DH session key (128 bytes, see above) is computed When the user opts for persistent pairing, the session key is stored with the remote UUID as a shared secret Next time devices connect, commit is computed by additionally hashing the previous DH session key before the random challenge. For sure it is not transfered when opening. c = sha256( UUID || DH pub || DH sess || Chall) Now the user is not bothered authenticating when the local party can derive the same commitment using his own, stored previous DH session key. After succesful connection the new DH session key becomes the new shared secret. As this does not exactly fit the protocols i found so far (and as such their security proofs), i'd be very interested to get an opinion from some more crypto enabled guys here. BTW. i did read about the "EKE" protocol, but i'm not sure what the extra security level is.

    Read the article

  • OpenID Attribute Exchange - should I use it?

    - by Josh
    My website will be using only OpenID for authentication. I'd like to pull user details down via attribute exchange, but attribute exchange seems to have caused a lot of grief for StackOverflow. What is the current state of play in the industry? Does any OpenID provider do a decent job of attribute exchange? Should I just steer away from OpenID attribute exchange altogether? How can I deal with inconsistent support for functionality?

    Read the article

  • rpxnow - How to promote users to sign in

    - by Harry
    Since adding rpxnow to our website, less users are signing in. Are these readers worried about giving their (eg hotmail) password to a third party site? Has anyone found a good way to promote use of rpxnow (or other openid managers) as a secure method of authentication to non tech savvy readers?

    Read the article

  • Twitter rss feed 401 - unauthorisation

    - by RenegadeAndy
    Hey. I have a public twitter account and this is the rss feed for it: http://twitter.com/statuses/friends_timeline/150784631.rss The problem is, im getting an http 401 whenever im trying to access it. Can anybody explain how to stop this - and get it to work either with authentication or without! Cheers

    Read the article

  • Selectively turning off Devise's flash notices in Rails 3

    - by Sim
    The Devise authentication framework uses flash notices everywhere. This makes it easy to integrate with apps but it leads to poor user experience sometimes. I am wondering what's an easy way to selectively turn off some of the Devise flash notices in my Rails 3 app. In particular, I'd like to get rid of the blatantly obvious signed_in and signed_out flashes. Some searching suggested subclassing the session controller or use something like this but I haven't been able to find any simple solutions to this problem.

    Read the article

  • Session handling in python / django

    - by Gaurav
    I am creating an application that lets users login using Google, Facebook and the website's native login. The site is being built in Python / Django. What would be the best way to handle login, session management and user authentication? I do not want to use the in-built Django user management. I am using Django very sparingly(URLs, templates)

    Read the article

  • Authenticating users in iPhone app

    - by Myron
    I'm developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we're developing, but I'm designing this with future uses in mind (such as mobile apps for other platforms). I'm trying to decide on the best way to authenticate users so they can access their accounts from the iPhone. I've got a design that I think works well, but I'm no security expert, so I figured it would be good to ask for feedback here. The design of the user authentication has 3 primary goals: Good user experience: We want to allow users to enter their credentials once, and remain logged in indefinitely, until they explicitly log out. I would have considered OAuth if not for the fact that the experience from an iPhone app is pretty awful, from what I've heard (i.e. it launches the login form in Safari, then tells the user to return to the app when authentication succeeds). No need to store the user creds with the app: I always hate the idea of having the user's password stored in either plain text or symmetrically encrypted anywhere, so I don't want the app to have to store the password to pass it to the API for future API requests. Security: We definitely don't need the intense security of a banking app, but I'd obviously like this to be secure. Overall, the API is REST-inspired (i.e. treating URLs as resources, and using the HTTP methods and status codes semantically). Each request to the API must include two custom HTTP headers: an API Key (unique to each client app) and a unique device ID. The API requires all requests to be made using HTTPS, so that the headers and body are encrypted. My plan is to have an api_sessions table in my database. It has a unique constraint on the API key and unique device ID (so that a device may only be logged into a single user account through a given app) as well as a foreign key to the users table. The API will have a login endpoint, which receives the username/password and, if they match an account, logs the user in, creating an api_sessions record for the given API key and device id. Future API requests will look up the api_session using the API key and device id, and, if a record is found, treat the request as being logged in under the user account referenced by the api_session record. There will also be a logout API endpoint, which deletes the record from the api_sessions table. Does anyone see any obvious security holes in this?

    Read the article

  • LDAP user data caching on local database

    - by Eduardo
    I am integrating LDAP authentication in my web enterprise application. I would like to show listing of people name and email. Instead of querying the LDAP server for the name and email each time a listing containing several users I thought about caching the data locally in the database. Do you guys know about caching LDAP data best practices? Should I cache LDAP user data? When should I insert and refresh the data?

    Read the article

  • Knowing the user name in a Page

    - by ctacke
    Let's assume the following: I have an IIS web site set up IIS is configured to use Digest authentication I'm running an ASP.NET page The page has a code-behing assembly that overrides Page_Load When a user navigates to that page, I get a security prompt for the username and password. If the username and password are invalid (i.e. incorrect password) is there a way for the called page, in Page_Load to know, or does IIS handle this and return the 401 before the ASP.NET engine ever gets around to resolving the actual Page class that will get executed?

    Read the article

  • How can I configure Devise for Ruby on Rails to store the emails and passwords somewhere other than in the user model?

    - by TLK
    I'd like to store emails in a separate table and allow users to save multiple emails and log in with any of them. I'd also like to store passwords in a different table. How can I configure Devise to store authentication info elsewhere? Worst case scenario, if I just have to hack into it, is there a generator to just port everything over to the app? I noticed there was a generator for the views. Thanks.

    Read the article

  • Pros & Cons of separating the controllers using subfolders on an ruby on rails app based?

    - by user293179
    Hi, Need some help gathering thoughts on this issue. Our team is moving ahead with the idea that separating the authenticated and public sections of our app in two separate folders will allow us to be more organized and secured. I have seen this approach for Admin apps within the site but never for authentication. We are currently using Authlogic. What would be the disadvantage of this? Thanks for your help.

    Read the article

  • Credentials - Can I do this?

    - by zburns
    I've got an ASP.NET website that I use forms authentication using the default provider you can setup. This works just fine for the site. The question is can I pass the credentials from the web site to a web app on the same server?

    Read the article

  • Django app that can provide user friendly, multiple / mass file upload functionality to other apps

    - by hopla
    Hi, I'm going to be honest: this is a question I asked on the Django-Users mailinglist last week. Since I didn't get any replies there yet, I'm reposting it on Stack Overflow in the hope that it gets more attention here. I want to create an app that makes it easy to do user friendly, multiple / mass file upload in your own apps. With user friendly I mean upload like Gmail, Flickr, ... where the user can select multiple files at once in the browse file dialog. The files are then uploaded sequentially or in parallel and a nice overview of the selected files is shown on the page with a progress bar next to them. A 'Cancel' upload button is also a possible option. All that niceness is usually solved by using a Flash object. Complete solutions are out there for the client side, like: SWFUpload http://swfupload.org/ , FancyUpload http://digitarald.de/project/fancyupload/ , YUI 2 Uploader http://developer.yahoo.com/yui/uploader/ and probably many more. Ofcourse the trick is getting those solutions integrated in your project. Especially in a framework like Django, double so if you want it to be reusable. So, I have a few ideas, but I'm neither an expert on Django nor on Flash based upload solutions. I'll share my ideas here in the hope of getting some feedback from more knowledgeable and experienced people. (Or even just some 'I want this too!' replies :) ) You will notice that I make a few assumptions: this is to keep the (initial) scope of the application under control. These assumptions are of course debatable: All right, my idea's so far: If you want to mass upload multiple files, you are going to have a model to contain each file in. I.e. the model will contain one FileField or one ImageField. Models with multiple (but ofcourse finite) amount of FileFields/ ImageFields are not in need of easy mass uploading imho: if you have a model with 100 FileFields you are doing something wrong :) Examples where you would want my envisioned kind of mass upload: An app that has just one model 'Brochure' with a file field, a title field (dynamically created from the filename) and a date_added field. A photo gallery app with models 'Gallery' and 'Photo'. You pick a Gallery to add pictures to, upload the pictures and new Photo objects are created and foreign keys set to the chosen Gallery. It would be nice to be able to configure or extend the app for your favorite Flash upload solution. We can pick one of the three above as a default, but implement the app so that people can easily add additional implementations (kinda like Django can use multiple databases). Let it be agnostic to any particular client side solution. If we need to pick one to start with, maybe pick the one with the smallest footprint? (smallest download of client side stuff) The Flash based solutions asynchronously (and either sequentially or in parallel) POST the files to a url. I suggest that url to be local to our generic app (so it's the same for every app where you use our app in). That url will go to a view provided by our generic app. The view will do the following: create a new model instance, add the file, OPTIONALLY DO EXTRA STUFF and save the instance. DO EXTRA STUFF is code that the app that uses our app wants to run. It doesn't have to provide any extra code, if the model has just a FileField/ImageField the standard view code will do the job. But most app will want to do extra stuff I think, like filling in the other fields: title, date_added, foreignkeys, manytomany, ... I have not yet thought about a mechanism for DO EXTRA STUFF. Just wrapping the generic app view came to mind, but that is not developer friendly, since you would have to write your own url pattern and your own view. Then you have to tell the Flash solutions to use a new url etc... I think something like signals could be used here? Forms/Admin: I'm still very sketchy on how all this could best be integrated in the Admin or generic Django forms/widgets/... (and this is were my lack of Django experience shows): In the case of the Gallery/Photo app: You could provide a mass Photo upload widget on the Gallery detail form. But what if the Gallery instance is not saved yet? The file upload view won't be able to set the foreignkeys on the Photo instances. I see that the auth app, when you create a user, first asks for username and password and only then provides you with a bigger form to fill in emailadres, pick roles etc. We could do something like that. In the case of an app with just one model: How do you provide a form in the Django admin to do your mass upload? You can't do it with the detail form of your model, that's just for one model instance. There's probably dozens more questions that need to be answered before I can even start on this app. So please tell me what you think! Give me input! What do you like? What not? What would you do different? Is this idea solid? Where is it not? Thank you!

    Read the article

  • Is there a way to get an ASMX Web Service created in VS 2005 to receive and return JSON?

    - by Ben McCormack
    I'm using .NET 2.0 and Visual Studio 2005 to try to create a web service that can be consumed both as SOAP/XML and JSON. I read Dave Ward's Answer to the question How to return JSON from a 2.0 asmx web service (in addition to reading other articles at Encosia.com), but I can't figure out how I need to set up the code of my asmx file in order to work with JSON using jQuery. Two Questions: How do I enable JSON in my .NET 2.0 ASMX file? What's a simple jQuery call that could consume the service using JSON? Also, I notice that since I'm using .NET 2.0, I i'm not able to implement using System.Web.Script.Services.ScriptService. Here's my C# code for the demo ASMX service: using System; using System.Web; using System.Collections; using System.Web.Services; using System.Web.Services.Protocols; /// <summary> /// Summary description for StockQuote /// </summary> [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class StockQuote : System.Web.Services.WebService { public StockQuote () { //Uncomment the following line if using designed components //InitializeComponent(); } [WebMethod] public decimal GetStockQuote(string ticker) { //perform database lookup here return 8; } [WebMethod] public string HelloWorld() { return "Hello World"; } } Here's a snippet of jQuery I found on the internet and tried to modify: $(document).ready(function(){ $("#btnSubmit").click(function(event){ $.ajax({ type: "POST", contentType: "application/json; charset=utf-8", url: "http://bmccorm-xp/WebServices/HelloWorld.asmx", data: "", dataType: "json" }) event.preventDefault(); }); });

    Read the article

  • How to output JSON from within Django and call it with jQuery from a cross domain?

    - by Emre Sevinç
    For a bookmarklet project I'm trying to get JSON data using jQuery from my server (which is naturally on a different domain) running a Django powered system. According to jQuery docs: "As of jQuery 1.2, you can load JSON data located on another domain if you specify a JSONP callback, which can be done like so: "myurl?callback=?". jQuery automatically replaces the ? with the correct method name to call, calling your specified callback." And for example I can test it successfully in my Firebug console using the following snippet: $.getJSON("http://api.flickr.com/services/feeds/photos_public.gne?tags=cat&tagmode=any& format=json&jsoncallback=?", function(data){ alert(data.title); }); It prints the returned data in an alert window, e.g. 'Recent uploads tagged cat'. However when I try the similar code with my server I don't get anything at all: $.getJSON("http://mydjango.yafz.org/randomTest?jsoncallback=?", function(data){ alert(data.title); }); There are no alert windows and the Firebug status bar says "Transferring data from mydjango.yafz.org..." and keeps on waiting. On the server side I have this: def randomTest(request): somelist = ['title', 'This is a constant result'] encoded = json.dumps(somelist) response = HttpResponse(encoded, mimetype = "application/json") return response I also tried this without any success: def randomTest(request): if request.is_ajax() == True: req = {} req ['title'] = 'This is a constant result.' response = json.dumps(req) return HttpResponse(response, mimetype = "application/json") So to cut a long story short: what is the suggested method of returning a piece of data from within a Django view and retrieve it using jQuery in a cross domain fashion? What are my mistakes above?

    Read the article

  • Post data to MVC3 controller without pagerefresh

    - by Smooth
    I have this script that basically has 4 select boxes, what I want is that for the 2 top select boxes, he submits the optionvalue that is selected to an action (which can be found at "ProductKoppeling/ProductKoppelingPartial"), I want to let him submit this data when I click on an option but without page refresh. I tried JSON and I tried Ajax, but I didn't get it working.. How should i do this? <script language="javascript" type="text/javascript"> function delete_1() { var answer = confirm("U staat op het punt dit product te verwijderen, wilt u doorgaan?") if (answer) { document.getElementById('Actie_1').value = '5'; document.getElementById('hpg_submit').submit(); } } function delete_2() { var answer = confirm("U staat op het punt dit product te verwijderen, wilt u doorgaan?") if (answer) { document.getElementById('Actie_2').value = '6'; document.getElementById('pg_submit').submit(); } } function delete_3() { var answer = confirm("U staat op het punt dit product te verwijderen, wilt u doorgaan?") if (answer) { document.getElementById('Actie_3').value = '6'; document.getElementById('p_submit').submit(); } } </script> <div style="width: 500px; float: left;"> @using (Html.BeginForm("ProductKoppelingPartial", "ProductKoppeling", FormMethod.Post, new { id = "onload_submit" })) { @Html.DropDownList("Klant.Id", (ViewBag.Klant as SelectList), new { onchange = "document.getElementById('onload_submit').submit()" }) } <div style="clear: both"></div> <div style="float: left;"> <b>Hoofdgroepen</b><br /> @using (Html.BeginForm("ProductKoppelingPartial", "ProductKoppeling", FormMethod.Post, new { id = "hpg_submit" })) { if (ViewBag.SelectedKlant != null) { <input type="hidden" name="Klant.Id" value="@ViewBag.SelectedKlant.Id" /> } <select style="width: 200px;" size="6" id="HoofdProductGroep" name="HoofdProductGroep.Id" onchange="document.getElementById('hpg_submit').submit();"> @foreach (var hpg in ViewBag.HoofdProductGroep) { if (ViewBag.SelectedHPG != null) { if (hpg.Id == ViewBag.SelectedHPG.Id) { <option value="@hpg.Id" selected="selected">@hpg.Naam</option> } else { <option value="@hpg.Id">@hpg.Naam</option> } } else { <option value="@hpg.Id">@hpg.Naam</option> } } </select> <input type="hidden" name="Actie" id="Actie_1" value="0" /> <br /> <img src="../../Content/toevoegen.png" style="cursor: pointer; width: 30px;" onclick="document.getElementById('Actie_1').value='1';document.getElementById('hpg_submit').submit();" /> <img src="../../Content/bewerken.png" style="cursor: pointer; float: none; width: 30px;" onclick="document.getElementById('Actie_1').value='2';document.getElementById('hpg_submit').submit();" /> <img src="../../Content/verwijderen.png" style="cursor: pointer; float: none; width: 30px;" onclick="delete_1()" /> } </div> <div style="float: right;"> <b>Groepen</b><br /> @using (Html.BeginForm("ProductKoppelingPartial", "ProductKoppeling", FormMethod.Post, new { id = "pg_submit" })) { if (ViewBag.SelectedHPG != null) { <input type="hidden" name="HoofdProductGroep.Id" value="@ViewBag.SelectedHPG.Id" /> } if (ViewBag.SelectedKlant != null) { <input type="hidden" name="Klant.Id" value="@ViewBag.SelectedKlant.Id" /> } <select size="6" style="width: 200px;" id="ProductGroep_Id" name="ProductGroep.Id" onchange="document.getElementById('pg_submit').submit();"> @foreach (var pg in ViewBag.ProductGroep) { if (ViewBag.SelectedPG != null) { if (pg.Id == ViewBag.SelectedPG.Id) { <option value="@pg.Id" selected="selected">@pg.Naam</option> } else { <option value="@pg.Id">@pg.Naam</option> } } else { <option value="@pg.Id">@pg.Naam</option> } } </select> <input type="hidden" name="Actie" id="Actie_2" value="0" /> <br /> <img src="../../Content/toevoegen.png" style="cursor: pointer; width: 30px;" onclick="document.getElementById('Actie_2').value='3';document.getElementById('pg_submit').submit();" /> <img src="../../Content/bewerken.png" style="cursor: pointer; float: none; width: 30px;" onclick="document.getElementById('Actie_2').value='4';document.getElementById('pg_submit').submit();" /> <img src="../../Content/verwijderen.png" style="cursor: pointer; float: none; width: 30px;" onclick="delete_2()" /> } </div> <div style="clear: both; height: 25px;"></div> @using (Html.BeginForm("Save", "ProductKoppeling", FormMethod.Post, new { id = "p_submit" })) { <div style="float: left"> <b>Producten</b><br /> <select size="18" style="width: 200px;" name="Product.Id"> @foreach (var p in ViewBag.Product) { <option value="@p.Id">@p.Naam</option> } </select> @if (ViewBag.SelectedPG != null) { if (ViewBag.SelectedPG.Id != null) { <input type="hidden" name="ProductGroep.Id" value="@ViewBag.SelectedPG.Id" /> } } <input type="hidden" name="Actie" id="Actie_3" value="0" /> <br /> <img src="../../Content/toevoegen.png" style="cursor: pointer; width: 30px;" onclick="document.getElementById('Actie_3').value='1';document.getElementById('p_submit').submit();" /> <img src="../../Content/bewerken.png" style="cursor: pointer; float: none; width: 30px;" onclick="document.getElementById('Actie_3').value='2';document.getElementById('p_submit').submit();" /> <img src="../../Content/verwijderen.png" style="cursor: pointer; float: none; width: 30px;" onclick="delete_3()" /> <br /> </div> <div style="float: left; width: 100px;"> <center> <br /><br /><br /><br /> <a style="cursor: pointer; float: none; color: blue; font-size: 30px;" onclick="document.getElementById('p_submit').submit();">»</a> <br /><br /><br /><br /><br /><br /><br /><br /><br /> <a style="cursor: pointer; float: none; color: blue; font-size: 30px;" onclick="document.getElementById('pgp_submit').submit();">«</a> </center> </div> } <div style="float: right;"> <b>Producten in groepen</b><br /> @using (Html.BeginForm("Delete", "ProductKoppeling", FormMethod.Post, new { id = "pgp_submit" })) { <select size="18" style="width: 200px;" name="ProductGroepProduct.Id"> @foreach (var pgp in ViewBag.ProductGroepProduct) { if (pgp != null) { if (pgp.Product != null) { <option value="@pgp.Id">@pgp.Product.Naam</option> } } } </select> } </div>

    Read the article

  • Google+ Platform Office Hours: A Movember of Metro-style Apps!

    Google+ Platform Office Hours: A Movember of Metro-style Apps! This week join Google+ Developer Relations team members Joanna Smith, Jonathan Beri, Silvano Luciani, and Gus Class for a special Movember GDL. We'll share updates for Google+, demonstrate Google+ Metro style apps integration in C#, and answer any questions you ask in the event and live YouTube comments. From: GoogleDevelopers Views: 0 0 ratings Time: 30:00 More in Science & Technology

    Read the article

  • How to download apps from different OS to USB and then transfer to Ubuntu?

    - by kb67
    I just installed Ubuntu on my old desktop computer, and I have to say—I freaking love it! Except at the moment I do not have internet connection (i'm using a unsecured connection) and i'm using my Windows 7 Laptop to get a connection to the web. I would love to install some useful apps on the desktop, but I can't figure out how to do this, is there any way to download Ubuntu/Linux apps on my windows computer and put them into a USB then transfer to the desktop?

    Read the article

  • Google Apps Marketplace, les applications les plus téléchargées sont de plus en plus complexes : gestion de projet, CRM, ERP, finances

    Google Apps Marketplace, les applications les plus téléchargées Elles sont de plus en plus complexes : gestion de projet, CRM, ERP, finances Le dernier Marketplace en date de Google, la galerie d'applications professionnelles complémentaires des Google Apps (Google Docs, Google Site, Blogger, Gmail, Agenda, etc), est un succès. C'est en tout cas l'avis de Google qui communique aujourd'hui les premiers résultats significatifs depuis le lancement officiel de cette galerie. ...

    Read the article

  • A new free book from Microsoft - Programming Windows 8 Apps with HTML, CSS, and JavaScript (Second Preview)

    - by TATWORTH
    At  http://borntolearn.mslearn.net/btl/b/weblog/archive/2012/09/12/turn-your-bright-ideas-into-applications-with-the-new-mcsd.aspx there is mention of a new free book from Microsoft Press - Programming Windows 8 Apps with HTML, CSS, and JavaScript (Second Preview)The actual download page is http://blogs.msdn.com/b/microsoft_press/archive/2012/08/20/free-ebook-programming-windows-8-apps-with-html-css-and-javascript-second-preview.aspx

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >