Search Results

Search found 15558 results on 623 pages for 'basic authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 328/623 | < Previous Page | 324 325 326 327 328 329 330 331 332 333 334 335  | Next Page >

  • Storing Configurations into Active Direcotry Application Mode

    - by Khurram Aziz
    I have a network devices polling and do actions kind of app; currently it keeps the configuration (which devices to poll, what kind of device, ip, login, password etc) in the database. My network administrator wants that this information is stored in some LDAP server so that he maintain single store of configuration which he himself can use in other apps/scripts etc. I am looking for some article that walks me through setting up ADAM/AD LDS for storing configuration by authoring custom schema etc and how to setup some authentication infrastructure to protect the data.

    Read the article

  • Detecting first time login of user into application (Google Appengine)

    - by Jake
    My app requires users to login using their google account. I have this set in my App.yamp file: url: /user/.* script: user.py login: required Now when any user tries to access files under /user/secret.py he will need to authenticate via google, which will redirect the user back to /user/secret.py after successful authentication. Now the problem I am facing is when the user is redirected back to the app, I cannot be sure if this is the first time the user has logged in or is it a regular user to my site who has come back again from just the user object which google passes using users.get_current_user() . I thus need to maintain state in the datastore to check if the user already exists or not everytime. If he does not exist i need to create a new entry with other application specific settings. My question is: Is there some easier way to handle this? without having to query the datastore to figure if this is a first time user or a regular one?

    Read the article

  • Custom realm/starting Tomcat 6.0 from Netbeans 6.8/first HTTP request

    - by Drew
    I'm using NetBeans 6.8 and Tomcat 6.0.xx. I've created a custom realm and updated the NetBeans project build.xml to deploy the realm to Tomcat. When I debug the project, NetBeans starts the Tomcat server and makes an initial HTTP GET request for 'manager/list'. Tomcat graciously hands this request off to my custom realm for authentication. The request gets denied and NetBeans displays the following error in the output window: (note: error is displayed after NetBeans gets access denied) Access to Tomcat server has not been authorized. Set the correct username and password with the "manager" role in the Tomcat customizer in the Server Manager. Do I have something incorrectly configured? How do I prevent NetBeans from issuing this initial request? Thanks, Drew

    Read the article

  • Best Design pattern for social media file transfer

    - by Onema
    Our system would like our clients to link their accounts with different social media sites like youtube, vimeo, facebook, myspace and so on. One of the benefits we would like to give to the user is to transfer, update and delete files they have uploaded to our sites and transfer them to the social media sites mentioned above. this files could be videos, images or audio. We started thinking about using a strategy pattern, as all of these sites share a common process ( authentication, connection, use the API to transfer/edit/delete the file ), but we soon realized that it may not work as me may want to use some of the extended functionality that is specific to each service (eg: associate a youtube video with a channel, or upload images to a specific album on facebook, and much, much more...) My question is, what would be the best Structural Design Patter to use for this scenario?

    Read the article

  • .net open auth?

    - by chobo2
    Hi I know stackoverflow uses open authentication. I want to try and use this as well. I am using asp.net mvc 2.0 with C#. I found this http://www.dotnetopenauth.net/ and I am wondering if this is what was used for stackoverflow. Also any tutorials would be nice as well. Edit I am trying to load up some sample projects but when I build it in VS2010 I get Error 6 'System.Diagnostics.Contracts.ContractInvariantMethodAttribute' is inaccessible due to its protection level C:\Users\chobo2\Downloads\DotNetOpenAuth-3.4.6.10357\DotNetOpenAuth-3.4.6.10357\Samples\OpenIdOfflineProvider\TextBoxTextWriter.cs 73 4 OpenIdOfflineProvider Error 7 The type or namespace name 'ContractInvariantMethod' could not be found (are you missing a using directive or an assembly reference?) C:\Users\chobo2\Downloads\DotNetOpenAuth-3.4.6.10357\DotNetOpenAuth-3.4.6.10357\Samples\OpenIdOfflineProvider\TextBoxTextWriter.cs 73 4 OpenIdOfflineProvider

    Read the article

  • WCF: parameters handled in custom channel not present in generated WSDL.

    - by vfilby
    I have some special parameters to all my wcf service methods that are handled inside a custom channel and are not exposed in the service method parameter list. This works fine for json/xml endpoints, but the I don't know how to use a SOAP endpoint with this setup because the generated WSDL doesn't include fields that are not in the service call parameter list. Is there a way I can centralize the handling of the special parameters that apply to all service methods (authentication, locale and other contextual information) and provide a SOAP endpoint that Just Works (tm)? Hand editing wsdl files is not an option.

    Read the article

  • Unable to use Client Application Services with custom MembershipProvider.

    - by Shimmy
    Hi, I have a Windows-Forms Application that I configured to use with an ASP.NET Service that is an Authentication service using a custom MembershipProvider. When I call Membership.CreateUser in the Windows Application a NotSupportedException is thrown telling: "Specified method is not supported.". I tried creating a web page in the website and test the MembershipProvider, everything works just fine when woeking from within the website. Any ideas or link for how to use custom (not SqlMembershipProvider) MembershipProvider will be really appreciated! Edit: The method ValidateUser does work. The overriden CreateUser doesn't work I tried Override Sub CreateUser(.......) As MembershipUser Return New User() End Sub But I still get the same excetption as before.

    Read the article

  • Difference between URLLIB2 call in IDLE and from Django?

    - by danspants
    The following piece of code works as expected when running in a local install of django apache 2.2 fx = urllib2.Request(f); fx.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19'); url_opened = urllib2.urlopen(fx); However when I enter that code into IDLE on the same machine I get the following error: url_opened = urllib2.urlopen(fx); File "C:\Python25\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data) File "C:\Python25\lib\urllib2.py", line 387, in open response = meth(req, response) File "C:\Python25\lib\urllib2.py", line 498, in http_response 'http', request, response, code, msg, hdrs) File "C:\Python25\lib\urllib2.py", line 425, in error return self._call_chain(*args) File "C:\Python25\lib\urllib2.py", line 360, in _call_chain result = func(*args) File "C:\Python25\lib\urllib2.py", line 506, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) HTTPError: HTTP Error 407: Proxy Authentication Required Any ideas?

    Read the article

  • gdata youtube api 302 'The document has moved'

    - by zalew
    I'm trying to get YouTube feeds with the python gdata library. Authentication features work ok, yt_service.ProgrammaticLogin() works, generating subauth token works, etc., but when I try to get some feeds (GetMostRecentVideoFeed, GetYouTubeVideoEntry, even GetFeed, and any other) I get: RequestError: {'status': 302, 'body': '<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">\n<TITLE>302 Moved</TITLE></HEAD><BODY>\n<H1>302 Moved</H1>\nThe document has moved\n<A HREF="http://www.google.com">here</A>.\r\n</BODY></HTML>\r\n', 'reason': 'Redirect received, but redirects_remaining <= 0'} 302 to 'google.com'??? I've even tried to do something from the google online tutorials and I get the same error. What's going on?

    Read the article

  • php proxy to local mercurial server

    - by naugtur
    I was wondering is it possible to create a php proxy to a server that listens onlu locally so that the php gateway is public and it directs everything to the server listening on localhost. This server would be mercurial's hg serve that listens only on 127.0.0.1 and php will do the authentication. Do You think it's possible to do? Anybody has an idea how to make a general proxy in php so that not only http get works, but also hg push? I know there are ways to host mercurial repo with auth, but it's on a plug computer and I don't have a lot of space for more apps etc.

    Read the article

  • WCF: limit number of calls per hour - per user

    - by Eric Eijkelenboom
    Hi guys, I've got a WCF service (basicHttpBinding, basic authentication, IIS 6.0) on which I want to restrict the number of calls per hour - on user basis. For example, max 1000 calls per user, per hour (a la Google Maps, etc). I also want to implement some sort of subscription mechanism, so that users can upgrade their call-limit across various 'price plans'. I know that I could achieve this with a custom Inspector, backed by a DB containing some sort of 'subscription' table and a counter, but I'd like to avoid reinventing the wheel. Does anyone have experience doing this? Are there 3rd party projects/libraries that support this out of the box? Thanks. Eric

    Read the article

  • Client Web Service call over SSL using Apache Axis

    - by java_pill
    I'm using Apache Axis 1.5.1 to code a web service client connecting to a service over SSL. My application is running in Tomcat with SSL configuration setup in JKS. However, when I connect to the server, the connection is failing because the cert from our client is not being sent to the server. Is this something that has to be set in the client through code? Also note that the server does not need any user name or password authentication. With SSL turned off, everything works fine. Thanks,

    Read the article

  • Cloud e-mail and portal integration: experiences?

    - by Mark McLaren
    I am evaluating cloud e-mail solutions based upon: Google Apps for Education Microsoft Live@edu I work for a University and we currently have an institutional portal (based on uPortal). We currently have our local IMAP server and webmail client fully integrated with the portal. We would like to replicate the current portal e-mail experience with the new e-mail services. At present users can see a snapshot of their inbox in the portal and click through into the appropriate place in the webmail client. We expect that we need to solve similar problems when integrating with the cloud based e-mail solutions. We need to solve the single sign-on (SSO) problem. We need to be able to access the inbox messages on the users behalf. (e.g. proxy authentication) Does anybody have an experience or advice on this? Many thanks, Mark

    Read the article

  • How do I add the Disqus comment system to a Rails application in a similar fashion to Wordpress?

    - by Eric Lubow
    In Wordpress, the Disqus plugin allows you to choose to subscribe to a post via RSS or via email. Is there a pluign similar to the Wordpress plugin for Rails. Norman's Disqus plugin just uses the Disqus site to make it work. I was hoping to have things more stored locally. For an example of what I mean, take a look at this blog entry. I already know that since Rails (this application in particular) is using Authlogic (plus Facebook Connect), that Disqus cannot be too tightly coupled with the Authentication system. Has anyone ever done this or figured out a way to do this?

    Read the article

  • Requires a valid Date or x-amz-date header?

    - by Jordan Messina
    I'm getting the following error when attempting to upload a file to S3: S3StorageError: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>AWS authentication requires a valid Date or x-amz-date header</Message><RequestId>7910FF83F3FE17E2</RequestId><HostId>EjycXTgSwUkx19YNkpAoY2UDDur/0d5SMvGJUicpN6qCZFa2OuqcpibIR3NJ2WKB</HostId></Error> I'm using Django with Django-Storages and Imagekit My S3 settings in my settings.py looks as follows: locale.setlocale(locale.LC_TIME, 'en_US') DEFAULT_FILE_STORAGE = 'backends.s3.S3Storage' AWS_ACCESS_KEY_ID = '************************' AWS_SECRET_ACCESS_KEY = '*****************************' AWS_STORAGE_BUCKET_NAME = 'static.blabla.com' AWS_HEADERS = { 'x-amz-date': datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'), 'Expires': 'Thu, 15 Apr 2200 20:00:00 GMT', } from S3 import CallingFormat AWS_CALLING_FORMAT = CallingFormat.SUBDOMAIN Thanks for any help you can give!

    Read the article

  • Integrate openid4java to GWT Project

    - by Slyker
    Hi, I created an GWT project in eclipse. Now I tried to implement openId with using the openid4java library. I imported the .jar files via properties--java build path: openid4java-0.9.5.jar lib/*.jar In addition I copied the .jar files into the war/WEB-INF/lib directory. The problem at hand comes up when I call the authenticate() method. Then I get a: HTTP ERROR 500 Problem accessing /openid/openid. Reason: access denied (java.lang.RuntimePermission modifyThreadGroup)Caused by:java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkAccess(DevAppServerFactory.java:191) at java.lang.ThreadGroup.checkAccess(Unknown Source) at java.lang.Thread.init(Unknown Source) at java.lang.Thread.<init>(Unknown Source) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ReferenceQueueThread.<init>(MultiThreadedHttpConnectionManager.java:1039) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.storeReferenceToConnection(MultiThreadedHttpConnectionManager.java:164) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.access$900(MultiThreadedHttpConnectionManager.java:64) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ConnectionPool.createConnection(MultiThreadedHttpConnectionManager.java:750) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.doGetConnection(MultiThreadedHttpConnectionManager.java:469) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.getConnectionWithTimeout(MultiThreadedHttpConnectionManager.java:394) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:152) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324) at org.openid4java.util.HttpCache.head(HttpCache.java:296) at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360) at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229) at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221) at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179) at org.openid4java.discovery.Discovery.discover(Discovery.java:134) at org.openid4java.discovery.Discovery.discover(Discovery.java:114) at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:527) at auth.openid.server.OpenIDServlet.authenticate(OpenIDServlet.java:138) at auth.openid.server.OpenIDServlet.doGet(OpenIDServlet.java:101) at javax.servlet.http.HttpServlet.service(HttpServlet.java:693) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166) at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:122) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:349) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Here my servlet source: import com.google.gwt.user.client.rpc.RemoteService; import org.openid4java.OpenIDException; import org.openid4java.consumer.ConsumerException; import org.openid4java.consumer.ConsumerManager; import org.openid4java.consumer.VerificationResult; import org.openid4java.discovery.DiscoveryInformation; import org.openid4java.discovery.Identifier; import org.openid4java.message.AuthRequest; import org.openid4java.message.ParameterList; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.text.MessageFormat; import java.util.List; public final class OpenIDServlet extends HttpServlet implements RemoteService { private final ConsumerManager manager; public OpenIDServlet() { try { manager = new ConsumerManager(); } catch (ConsumerException e) { throw new RuntimeException("Error creating consumer manager", e); } } ... private void authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { final String loginString = request.getParameter(nameParameter); try { // perform discovery on the user-supplied identifier List discoveries = manager.discover(loginString); // attempt to associate with the OpenID provider // and retrieve one service endpoint for authentication DiscoveryInformation discovered = manager.associate(discoveries); // obtain a AuthRequest message to be sent to the OpenID provider AuthRequest authReq = manager.authenticate(discovered, "openid", null); // redirect to OpenID for authentication response.sendRedirect(authReq.getDestinationUrl(true)); } catch (OpenIDException e) { throw new ServletException("Login string probably caused an error. loginString = " + loginString, e); } } My question now is: What could be my fault? Did I make any mistakes in importing the openid4java library? (which?) All other methods in the servlet which do not use the openid4java implementation work fine. Thanks, Andreas

    Read the article

  • IAuthenticationRequest.RedirectToProvider is not supposed to return, yet it does

    - by ripper234
    The method DotNetOpenAuth.OpenId.RelyingParty.IAuthenticationRequest.RedirectToProvider() is documented never to return: Redirects the user agent to the provider for authentication. Execution of the current page terminates after this call. However, it does return under the latest implementation (3.4.3). I'm using the following code: using (var relayingParty = new OpenIdRelyingParty()) { var response = relayingParty.GetResponse(); if (response == null) { // Stage 2: user submitting Identifier var openId = Request.Form["openId"]; relayingParty.CreateRequest(openId).RedirectToProvider(); throw new Exception("Never gets here"); } ... } (The line with "Never gets here" is reached). I need to return an ActionResult from this method ... Is this a known bug? Is there a aorkaround? Should I return EmptyResult? As far as I understand this is a bug - I submitted it in the project issue tracker.

    Read the article

  • Impersonation in asp.net, confused about implmentation when used with Active Directory & Sql Server

    - by AWC
    I have an internal website that is using integrated windows authentication and this website uses sql server & active directory queries via the System.Directory.Services namespace. To use the System.Directory.Services namespace in ASP.NET I have to run IIS under an account that has the correct privileges and importantly have impersonation set to true in the web config. If this is done then when I make a query against AD then the credentials of the wroker process (IIS) are used instead of the ASPNET account and therefore the queries will now succeed. Now if I am also using Sql Server with a connection string configured for integrated security ('Integrated Security=SSPI') then this interprets the ASP.NET impersonation to mean that I want to access the database as the windows credentials of the request no the worker process. I hope I'm wrong and that I've got the config wrong, but I don't think I have and this seems not to be inconsistent? It should be noted I'm using IIS 5.1 for development and obivously this doesn't have the concept of app-pools which I believe would resolve the problem.

    Read the article

  • Key stroke time in Openmoko or any smart phones

    - by Adi
    Dear all, I am doing a project in which I am working on security issues related to smart phones. I want to develop an authentication scheme which is based on biometrics, Every human being have a unique key-hold time,digraph time error rate. Key-Hold Time : Time difference between pressing and releasing a key . Digraph Time : Time difference between releasing one and pressing next one. Error Rate : No of times backspace is pressed. I got these metrics from a paper "Keystroke-based User Identification on Smart Phones" by Saira Zahid1, Muhammad Shahzad1, Syed Ali Khayam1,2, Muddassar Farooq1. I was planning to get the datasets to test my algorithm from openmoko phone, but the phone is mis-behaving and I am finding trouble in generating these time data-sets. If anyone can help me or tell me a good source of data sets for the 3 metrics I defined, it will be a great help. Thanks Aditya

    Read the article

  • creating my own context processor in django

    - by dotty
    Hay, I have come to a point where i need to pass certain variables to all my views (mostly custom authentication type variables). I was told writing my own context processor was the best way to do this, but i am having some issues. My settings file looks like this TEMPLATE_CONTEXT_PROCESSORS = ( "django.contrib.auth.context_processors.auth", "django.core.context_processors.debug", "django.core.context_processors.i18n", "django.core.context_processors.media", "django.contrib.messages.context_processors.messages", "sandbox.context_processors.say_hello", ) As you can see i have a module called 'context_processors' and a function within that called 'say_hello'. This looks like def say_hello(request): return { 'say_hello':"Hello", } Am i right to assume i can now do this within my views {{ say_hello }} because it doesn't return anything.

    Read the article

  • Is there a service for monitoring secured WCF endpoints in the same way that HTTP monitoring service

    - by Ryan ONeill
    Hi all, A service I have in WCF occasionally goes down due a problem with a COM component. While I am troubleshooting I would like to setup another host to make regular calls to this service to monitor availability. It is slightly more complicated that a simple HTTP call though as the service is secured by SSL and WCF authentication (username / password). I'd also like to be able to parse successful calls to see if they return warning / fail states from my code. Would you recommend any monitoring providers for this or is it beyond the simple monitoring they normally provide? Regards Ryan

    Read the article

  • Webdav -- GET on a directory

    - by Joe Cannatti
    I am beginning to build a tool that uses WebDAV. I am having trouble wrapping my head around something here. I think I am missing something conceptual. I can use PUT's to add files to the server. I can use GET's to read files from the server, but when I try to use GET on a directory I get a 403:Forbidden. I am using basic authentication. My code in MacRuby is as follows Net::HTTP.start('localhost') do |http| res = Net::HTTP::Get.new('http://localhost/webdav/') res.basic_auth 'jcannatti', 'webdav' http.request res end this returns <Net::HTTPForbidden 403 Forbidden readbody=true> however this Net::HTTP.start('localhost') do |http| res = Net::HTTP::Put.new('http://localhost/webdav/gorilla.txt') res.body = "testetsetest" res.basic_auth 'jcannatti', 'webdav' http.request res end returns <Net::HTTPCreated 201 Created readbody=true> What should happen when calling a GET on a WebDAV directory when everything is working correctly? thanks

    Read the article

  • PDF permissions management with ASP.NET - Timeout Issue

    - by Ryan Smith
    I have a website that has several PDF files. I need to have quite a few of them locked down with the standard ASP.NET authentication (in a folder with web.config that denies anonymous users). I set PDF files to get handled by the ASP.NET worker process and added: <add type="System.Web.StaticFileHandler" path="*.pdf" verb="*" /> to my web.config, but for some reason they hang when downloading. I've seen this issue before on an old server, and for the live of me I can't remember what I did to solve it. Does anyone have any idea? Thanks.

    Read the article

  • User account design and security...

    - by espinet
    Before I begin, I am using Ruby on Rails and the Devise gem for user authentication. Hi, I was doing some research about account security and I found a blog post about the topic awhile ago but I can no longer find it again. I read something about when making a login system you should have 1 model for User, this contains a user's username, encrypted password, and email. You should also have a model for a user's Account. This contains everything else. A User has an Account. I don't know if I'm explaining this correctly since I haven't seen the blog post for several months and I lost my bookmark. Could someone explain how and why I should or shouldn't do this. My application deals with money so I need to cover my bases with security. Thanks.

    Read the article

  • Should I distinguish OpenIDs based on protocol prefix or not? http vs https

    - by Joannes Vermorel
    I have implemented a straightforward OpenID support for my ASP.NET app with DotNetOpenAuth. Yet I recently realized that the implementation was treating http://johndoe.example.com/ as a distinct user compared to https://johndoe.example.com. This lead to quite a few confused users. I am unsure what to do at this point. Is this a bug or a feature? Indeed, I can consider this behavior as a feature: if the user specifies the HTTPS, the user might not want the system to accept HTTP auth in the first place. On the other hand: if the user specifies HTTPS out of sheer cluelessness (the casual web visitor is clueless concerning the purpose of the "S" part), then rejecting it's authentication attempt is confusing. What is considered as the best practice?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 324 325 326 327 328 329 330 331 332 333 334 335  | Next Page >