Search Results

Search found 62215 results on 2489 pages for 'http basic authentication'.

Page 216/2489 | < Previous Page | 212 213 214 215 216 217 218 219 220 221 222 223  | Next Page >

  • Authorizing a computer to access a web application

    - by HackedByChinese
    I have a web application, and am tasked with adding secure sign-on to bolster security, akin to what Google has added to Google accounts. Use Case Essentially, when a user logs in, we want to detect if the user has previously authorized this computer. If the computer has not been authorized, the user is sent a one-time password (via email, SMS, or phone call) that they must enter, where the user may choose to remember this computer. In the web application, we will track authorized devices, allowing users to see when/where they logged in from that device last, and deauthorize any devices if they so choose. We require a solution that is very light touch (meaning, requiring no client-side software installation), and works with Safari, Chrome, Firefox, and IE 7+ (unfortunately). We will offer x509 security, which provides adequate security, but we still need a solution for customers that can't or won't use x509. My intention is to store authorization information using cookies (or, potentially, using local storage, degrading to flash cookies, and then normal cookies). At First Blush Track two separate values (local data or cookies): a hash representing a secure sign-on token, as well as a device token. Both values are driven (and recorded) by the web application, and dictated to the client. The SSO token is dependent on the device as well as a sequence number. This effectively allows devices to be deauthorized (all SSO tokens become invalid) and mitigates replay (not effectively, though, which is why I'm asking this question) through the use of a sequence number, and uses a nonce. Problem With this solution, it's possible for someone to just copy the SSO and device tokens and use in another request. While the sequence number will help me detect such an abuse and thus deauthorize the device, the detection and response can only happen after the valid device and malicious request both attempt access, which is ample time for damage to be done. I feel like using HMAC would be better. Track the device, the sequence, create a nonce, timestamp, and hash with a private key, then send the hash plus those values as plain text. Server does the same (in addition to validating the device and sequence) and compares. That seems much easier, and much more reliable.... assuming we can securely negotiate, exchange, and store private keys. Question So then, how can I securely negotiate a private key for authorized device, and then securely store that key? Is it more possible, at least, if I settle for storing the private key using local storage or flash cookies and just say it's "good enough"? Or, is there something I can do to my original draft to mitigate the vulnerability I describe?

    Read the article

  • Adding confirmable module to an existing site using Devise

    - by slythic
    Hi all, I'm using devise for a web app and wanted to add the confirmable module to the site. However, since a confirmation_token isn't generated users can't sign in. When clicking the 'Didn't receive confirmation instructions?' link the token still isn't generated. What is the best way to get this to work? Many thanks, Tony

    Read the article

  • RPXNow user mapping

    - by chelfers
    I am looking into solutions for providing multiple login methods to my site. I found rpxnow.com and they map user accounts from all the different networks. My question is how do they know that I am user1 on twitter and bigdude2 on facebook? I'm hoping it goes beyond email lookups. The end result I want is a unique user in my database no matter what account they sign in with, dupes are a no-no, but most likely inevitable I am guessing.

    Read the article

  • Isset and PHP Global Variable

    - by justjoe
    i have doubt on this particular problem : Global variabe initiation. i got this code and has global variable named conditional_random here : function hello_testing() { global $conditional_random; if (isset($conditional_random)) { echo "foo is inside"; } } As it's name, the global variable (conditional_random) can be or not initiate before the hello_testing function been called. So, what happen to my validation via isset() when $conditional_random is not initiate before the hello_testing function ? will it failed to check or it will always be true cause by the 'global' ?

    Read the article

  • MS Access 2003 - VBA for altering a table after a "SELECT * INTO tblTemp FROM tblMain" statement

    - by Justin
    Hi. I use functions like the following to make temporary tables out of crosstabs queries. Function SQL_Tester() Dim sql As String If DCount("*", "MSysObjects", "[Name]='tblTemp'") Then DoCmd.DeleteObject acTable, "tblTemp" End If sql = "SELECT * INTO tblTemp from TblMain;" Debug.Print (sql) Set db = CurrentDb db.Execute (sql) End Function I do this so that I can then use more vba to take the temporary table to excel, use some of excel functionality (formulas and such) and then return the values to the original table (tblMain). Simple spot i am getting tripped up is that after the Select INTO statement I need to add a brand new additional column to that temporary table and I do not know how to do this: sql = "Create Table..." is like the only way i know how to do this and of course this doesn't work to well with the above approach because I can't create a table that has already been created after the fact, and I cannot create it before because the SELECT INTO statement approach will return a "table already exists" message. Any help? thanks guys!

    Read the article

  • Per-User basis security with restful_authentication in Rails ?

    - by benoror
    Hi! I'm using restful_authentication plugin, but I would like to have per-user security, for example: class PostsController < ApplicationController # Login required before_filter :login_required, :except => [ :index, :show ] # Only the same user can create, edit and delete their own posts before_filter :only_by_same_user, :only => [ :create, :update, :destroy ] end Thanks!

    Read the article

  • Pattern for verifying authenticity of a request to WCF service

    - by fung
    I have a client app that makes calls to a WCF service. This app is on a public computer that's easily accessible and anyone can easily copy the .EXE and .CONFIG of my app into another machine and start using it. Is there a pattern where I can check if the request is coming only from an app on a computer I installed it on and not on one it has been copied to? Thanks in advance.

    Read the article

  • 401 Unauthorized in Tomcat

    - by Stardust
    Hello, I'm using Tomcat 6.0 as a webserver, and I'm trying to open tomcat manager page, but whenever I enter the username as specified in tomcat-users.xml file, I'm getting an error as: **401 Unauthorized** Here's my tomcat-users.xml file: <tomcat-users> <role rolename="manager"/> <user name="admin" password="" roles="admin,manager" /> </tomcat-users> I restart the tomcat, but it has not helped me. Could someone please tell me what's going on wrong?

    Read the article

  • Getting a 404 when setting up MVC in IIS 6 and using .NET 4 beta 2

    - by joshcomley
    Hi all, I've completed this set up on a fair few IIS 6 boxes, but one is giving me a tough time. The problem occurs when I add the application extension mapping to: c:\windows\microsoft.net\framework\v4.0.21006\aspnet_isapi.dll When this is in place, I get a 404 error on every request. Even if I remove all files from the application directory apart from a basic test.htm and navigate to that, I still get a 404. I've unchecked the "Verify that file exists" I've set up a .NET 4 application pool and pointed my application to that I've changed the ASP.NET version to 4.0.21006 I've checked the IIS log file, and there's nothing useful in there (it only shows the first bunch of requests after each reboot and then stops logging) I've checked the application event log and nothing gets reported I've installed MVC 2 I've copied the set up onto another box, just to be sure, following all the same steps - and it all works! What else can I look out for?? N.B: If I set .NET to v2 in IIS, then I can successfully navigate to \test.htm

    Read the article

  • Refactoring a custom User model to user UserProfile: Should I create a custom UserManager or add use

    - by BryanWheelock
    I have been refactoring an app that had customized the standard User model from django.contrib.auth.models by creating a UserProfile and defining it with AUTH_PROFILE_MODULE. The problem is the attributes in UserProfile are used throughout the project to determine the User sees. I had been creating tests and putting in this type of statement repeatedly: user = User.objects.get(pk=1) user_profile = user.get_profile() if user_profile.karma > 10: do_some_stuff() This is tedious and I'm now wondering if I'm violating the DRY principle. Would it make more sense to create a custom UserManager that automatically loads the UserProfile data when the user is requested. I could even iterate over the UserProfile attributes and append them to the User model. This would save me having to update all the references to the custom model attributes that litter the code. Of course, I'd have to reverse to process for to allow the User and UserProfile models to be updated correctly. Which approach is more Django-esque?

    Read the article

  • django auth : strange error with authenticate()

    - by Rohit
    I am using authenticate() to authenticating users manually. Using admin interface I can see that there is no 'last_login' attribute for Users Debug traceback is : Environment: Request Method: GET Request URL: https://localhost/login/ Django Version: 1.1.1 Python Version: 2.6.5 Installed Applications: ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'mobius.polls'] Installed Middleware: ('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware') Traceback: File "/usr/lib/pymodules/python2.6/django/core/handlers/base.py" in get_response 92. response = callback(request, *callback_args, **callback_kwargs) File "/usr/lib/pymodules/python2.6/django/contrib/auth/__init__.py" in login 55. user.last_login = datetime.datetime.now() Exception Type: AttributeError at /login/ Exception Value: 'unicode' object has no attribute 'last_login' I cant figure out, why is there this discrepancy. Any kind of help would be appreciated. Thanks in advance!

    Read the article

  • What is best way to update digital certificates from server to many clients when certificate expires

    - by pramodc84
    One of my friend is working on issue related to updating expired digital certificates. He is working on Java application(Swings I guess), which has 4000 clients. All those need a digital certificate to connect to the application and this certificate expires every year. At the end of year he needs to update the certificate credentials for all clients. Currently this is manual process, done by connecting to each of 4000 systems either locally or by remote connection. He is got task to convert this process to be an automated process. Please suggest some solutions.

    Read the article

  • How does Windows LIve ID work?

    - by Morgan Cheng
    I happens to find this nice article explaining how OpenID works. Clearly, OpenID consumer and OpenID server transfer information through URL query string. I'm wondering how Live ID accomplish similar functionality. It seems the info is not exchanged through query string in URL. And, since Live ID login server have different domain name from consumer domain, it is not applicable to transfer info through cookie. I tried to google tutorial of Live ID, but the result is full of jargon and hard to understand. Is there any easy-to-understand tutorial about How Live ID works?

    Read the article

  • Authorizing sections of a view in MVC

    - by Duk
    I was wondering if it's possible to authorize parts of a view inside the view. For example, I understand how to authorize the entire controller in this method <HandleError()> _ Public Class HomeController Inherits System.Web.Mvc.Controller Function Index() Return View() End Function <Authorize(Roles:="Administrators")> _ Function AdministratorSecrets() Return View() End Function End Class But what Id like to do is have it so if the admin is logged in, they can see additional links in my navigation. Something along the lines of <ul id="menu"> <li><%= Html.ActionLink("Home", "Index", "Home")%></li> <li><%= Html.ActionLink("About", "About", "Home")%></li> <Authorize(Roles:="Administrators")> _ <li><%= Html.ActionLink("Admin", "Admin", "Home")%></li> </ul> Obviously that won't work, but it gives an idea of what I'm trying to accomplish. Any ideas?

    Read the article

  • Rails config use input field to change?

    - by Danny McClelland
    Hi Everyone, Following on from a previous question: I have created a config.yml file which is used to generate the content for the following: <%= configatron.site_name % So now, anywhere I have the above code snippet, will display the following: development: &local site_name: Survey Manager site_url: localhost:3000 What I am trying to work out, is how do I have a text field somewhere in the application that will edit the site_name? Thanks, Danny

    Read the article

  • Where is .ASPXAUTH cookie

    - by Costa
    Hi In javascript alert(document.cookie); does not show the .ASPXAUTH Cookie although a sniffer is showing it, I need it because I have an AJAX Request to the server, the request should not take place when the user is already logged in, if I cannot check .ASPXAUTH for security reason, what I should do to check whether the user is already logged in. Thanks

    Read the article

  • Adding dynamic links using NavigateURL on ASP.NET (VB)

    - by AZIRAR
    Hello, I Have this code in my page, and I want that every NavigateUrl display another page like : simple.aspx?id=1, simple.aspx?id=2, ... Where id = c Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Dim c As Integer = 0 While c < 5 Dim Label1 As New Label() Dim ltr As New Literal() Dim link As New HyperLink() link.NavigateUrl = "simple.aspx" link.BackColor = Drawing.Color.Aqua Label1.Text = c.ToString() ltr.Text = "<br/>" PlaceHolder1.Controls.Add(Label1) PlaceHolder1.Controls.Add(link) PlaceHolder1.Controls.Add(ltr) c += 1 End While End Sub Thanks.

    Read the article

  • MS Access 2003 - Unbound Form uses INSERT statement to save to table; what about subforms?

    - by Justin
    So I have an unbound form that I use to save data to a table on button click. Is there a way I can have subforms for entry that will allow me to save data to the table within that same button click? Basically I want to add more entry options for the user, and while I know other ways to do it, I am particularly curious about doing it this way (if it can be done). So lets say the 'parent form' is frmMain. And there are two child forms "sub1" and "sub2". Just for example sake lets say on frmMain there are two text boxes: txtTitle & txtAuthor. sub1 and sub2 both have a text Box on them that represent something like prices. The idea is Title & author of a book, and then a price at each store (simplified). So I tried this (because I thought it was worth a shot): Dim db as DAO.database Dim sql as String sql = "INSERT INTO (Title, Author, PriceA, PriceB) VALUES (" if not isnull(me.txtTitle) then sql = sql & """" & me.txtTitle & """," Else sql = sql & " NULL," End If if not IsNull(me.txtAuthor) then sql = sql & " """ & me.txtAuthor & """," else sql = sql & " NULL," end if if not IsNull (forms!sub1.txtPrice) then sql = sql & " """ & forms!sub1.txtPrice & """," else sql = sql & " NULL," end if without finishing the code, i think you may see the GOTCHA i am headed for. I tried this and got an "Access cannot find the form "" ". I think I can pretty much see why on this approach too, because when I click the button that calls the new sub form into the parent form, the values that were just entered are not held/saved as sub1 closes and sub2 opens. I should mention that the idea above is not intended to be a one or the other approach, rather both sub forms used everytime. so this is an example. i want to use this method (if possible) to have about 7 different sub form choices in one form, and be able to save to a table via a SQL statement. I realize that there may be better ways, but I am just wondering if I can get there with this approach out of curiousity. Thanks as always!

    Read the article

  • What are the pros and cons using javascript in our form?

    - by justjoe
    I got this code in my submit form <form id="myform" action='hello.php' method='GET' <input type="button" name="newWin" onclick="frmSubmitSameWindows();" <input type="button" name="SameWin" onclick="frmSubmitNewWindows();" <form Then use some js functions in the head; function frmSubmitSameWindows() { form.target = ''; form.submit(); } function frmSubmitNewWindows() { form.target = '_blank'; form.submit(); } What is the pro and cons when we use javascript event function such as frmSubmitSameWin() and frmSubmitNewWin() in our form ? as far as i concern, this is the best solution when we need a way to submit things. Is there other preference ? the better way then the way i got now ?

    Read the article

  • setUserCredentials from Google data api is stuck

    - by yogsma
    Well, since I am facing some issues with OAuth implementation, I decided to go back to normal method where users will input their login id and password and I will use them in my code to validate their google account to fetch calendar information. So when user enters login id and password, the page is getting stuck. When I check the code, setUserCredentials is the method where it is getting stuck. But when I enter my login id and password and debug on development site, it works fine. There is no problem when I debug. And importantly , the problem appears for first time only, once I debug the code and next time I try it without breakpoint, it works fine. Does anyone know why setUserCredentials takes time or any way I can track why it is taking so time? I have asked the same question on Google data api forum, but nobody answered it.

    Read the article

< Previous Page | 212 213 214 215 216 217 218 219 220 221 222 223  | Next Page >