Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 441/1734 | < Previous Page | 437 438 439 440 441 442 443 444 445 446 447 448  | Next Page >

  • JWT Token Security with Fusion Sales Cloud

    - by asantaga
    When integrating SalesCloud with a 3rd party application you often need to pass the users identity to the 3rd party application so that  The 3rd party application knows who the user is The 3rd party application needs to be able to do WebService callbacks to Sales Cloud as that user.  Until recently without using SAML, this wasn't easily possible and one workaround was to pass the username, potentially even the password, from Sales Cloud to the 3rd party application using URL parameters.. With Oracle Fusion R8 we now have a proper solution and that is called "JWT Token support". This is based on the industry JSON Web Token standard , for more information see here JWT Works by allowing the user the ability to generate a token (lasts a short period of time) for a specific application. This token is then passed to the 3rd party application as a GET parameter.  The 3rd party application can then call into SalesCloud and use this token for all webservice calls, the calls will be executed as the user who generated the token in the first place, or they can call a special HR WebService (UserService-findSelfUserDetails() ) with the token and Fusion will respond with the users details. Some more details  The following will go through the scenario that you want to embed a 3rd party application within a WebContent frame (iFrame) within the opportunity screen.  1. Define your application using the topology manager in setup and maintenance  See this documentation link on topology manager 2. From within your groovy script which defines the iFrame you wish to embed, write some code which looks like this : def thirdpartyapplicationurl = oracle.topologyManager.client.deployedInfo.DeployedInfoProvider.getEndPoint("My3rdPartyApplication" )def crmkey= (new oracle.apps.fnd.applcore.common.SecuredTokenBean().getTrustToken())def url = thirdpartyapplicationurl +"param1="+OptyId+"&jwt ="+crmkeyreturn (url)  This snippet generates a URL which contains The Hostname/endpoint of the 3rd party application Two Parameters The opportunityId stored in parameter "param1" The JWT Token store in  parameter "jwt" 3. From your 3rd Party Application you now have two options Execute a webservice call by first setting the header parameter "Authentication" to the JWT token. The webservice call will be executed against Fusion Applications "As" the user who execute the process To find out "Who you are" , set the header parameter to "Authentication" and execute the special webservice call findSelfUserDetails(), in the UserDetailsService For more information  Oracle Sales Cloud Documentation , specific chapter on JWT Token OTN samples, specifically the Rich UI With JWT Token Sample Oracle Fusion Applications General Documentation

    Read the article

  • Git Project Dependencies on GitHub

    - by VirtuosiMedia
    I've written a PHP framework and a CMS on top of the framework. The CMS is dependent on the framework, but the framework exists as a self-contained folder within the CMS files. I'd like to maintain them as separate projects on GitHub, but I don't want to have the mess of updating the CMS project every time I update the framework. Ideally, I'd like to have the CMS somehow pull the framework files for inclusion into a predefined sub-directory rather than physically committing those files. Is this possible with Git/GitHub? If so, what do I need to know to make it work? Keep in mind that I'm at a very, very basic level of experience with Git - I can make repositories and commit using the Git plugin for Eclipse, connect to GitHub, and that's about it. I'm currently working solo on the projects, so I haven't had to learn much more about Git so far, but I'd like to open it up to others in the future and I want to make sure I have it right. Also, what should my ideal workflow be for projects with dependencies? Any tips on that subject would also greatly appreciated. If you need more info on my setup, just ask in the comments.

    Read the article

  • Why does my allow_url_include not work?

    - by autthapone
    Server Information: CentOS 5.7 (Final), PHP Version 5.2.6, Apache/2.2.3 I edit in /etc/php.ini change to allow_url_include = On. Then restart apache. I see configuration on phpinfo() file, but allow_url_include not changed. It's Off yet. Help me, please. My Setting. - http://postimage.org/image/aliuyb9a3/ My phpinfo - http://postimage.org/image/tlsu18b1h/ I can't find other php.ini file. upload_max_filesize also not changed :-( but max_execution_time and memory_limit is changed. Everyone, if issue can't solving now, please guide me about repair/re-install PHP on CentOS.

    Read the article

  • MySQLi Extension with phpMyAdmin

    - by user1062058
    I just unpacked the latest phpMyAdmin into /var/www/html/phpMyAdmin and it is giving me "The mysqli extension is missing." - how do I install this? I'm on Centos. I checked php.ini and it seems to be "unlocked". when I type in php -i |grep -i mysqli ... it looks to be enabled. Also this is PHP Version 5.3.8 php -m apc ctype curl date dom filter ftp gd hash iconv json libxml mcrypt memcache mysql mysqli openssl pcre PDO pdo_sqlite posix REflection session SimpleXML soap SPL SQLite standard tokenizer xml xmlreader xmlwriter zlib Thanks.

    Read the article

  • ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios

    - by Your DisplayName here!
    The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. All the clients follow a basic pattern: Acquire client credential (a single token, multiple tokens, username/password). Call Service. The service simply enumerates the claims it finds on the request and returns them to the client. I won’t show that part of the code, but rather focus on the step 1 and 2. Basic Authentication This is the most basic (pun inteneded) scenario. My library contains a class that can create the Basic Authentication header value. Simply set username and password and you are good to go. var client = new HttpClient { BaseAddress = _baseAddress }; client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("alice", "alice"); var response = client.GetAsync("identity").Result; response.EnsureSuccessStatusCode();   SAML Authentication To integrate a Web API with an existing enterprise identity provider like ADFS, you can use SAML tokens. This is certainly not the most efficient way of calling a “lightweight service” ;) But very useful if that’s what it takes to get the job done. private static string GetIdentityToken() {     var factory = new WSTrustChannelFactory(         new WindowsWSTrustBinding(SecurityMode.Transport),         _idpEndpoint);     factory.TrustVersion = TrustVersion.WSTrust13;     var rst = new RequestSecurityToken     {         RequestType = RequestTypes.Issue,         KeyType = KeyTypes.Bearer,         AppliesTo = new EndpointAddress(Constants.Realm)     };     var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;     return token.TokenXml.OuterXml; } private static Identity CallService(string saml) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("SAML", saml);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   SAML to SWT conversion using the Azure Access Control Service Another possible options for integrating SAML based identity providers is to use an intermediary service that allows converting the SAML token to the more compact SWT (Simple Web Token) format. This way you only need to roundtrip the SAML once and can use the SWT afterwards. The code for the conversion uses the ACS OAuth2 endpoint. The OAuth2Client class is part of my library. private static string GetServiceTokenOAuth2(string samlToken) {     var client = new OAuth2Client(_acsOAuth2Endpoint);     return client.RequestAccessTokenAssertion(         samlToken,         SecurityTokenTypes.Saml2TokenProfile11,         Constants.Realm).AccessToken; }   SWT Authentication When you have an identity provider that directly supports a (simple) web token, you can acquire the token directly without the conversion step. Thinktecture.IdentityServer e.g. supports the OAuth2 resource owner credential profile to issue SWT tokens. private static string GetIdentityToken() {     var client = new OAuth2Client(_oauth2Address);     var response = client.RequestAccessTokenUserName("bob", "abc!123", Constants.Realm);     return response.AccessToken; } private static Identity CallService(string swt) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", swt);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   So you can see that it’s pretty straightforward to implement various authentication scenarios using WebAPI and my authentication library. Stay tuned for more client samples!

    Read the article

  • apache 2.4, mod_proxy_fcgi not honouring .htaccess, work around needed

    - by user229874
    I am using apache 2.4.7 with mod_proxy_fcgi for purpose of passing through php to php-fpm (this will be used for shared hosting environment). The htaccess works fine for non php files, but once it hit rewrite rule that proxies through the php requests, the htaccess is ignored. I know why it is happening. The question is: how do I work around it? The question how do I force apache to treat the request to php file as a request to local file, and then proxy it through? I have spent substantial time in researching on this problem, and following "answers" were given as solution: 1) "use apache configuration instead of .htaccess" it is valid solution, but not for shared hosting environment (I am not going to give access to apache configuration to shared hosting customers ;)). 2) "don't use .htaccess, as it has performance/security/other issues", well how else would shared hosting customers control access/url rewriting on their site? Besides if the .htaccess was not a requirement I would simply use nginx. 3) "put rewrite rule for proxy inside of " - this is incorrect, and it does not work. This behaviour appears to be not a bug but a "feature" as per https://issues.apache.org/bugzilla/show_bug.cgi?id=54887

    Read the article

  • Mysteriously empty $_POST array

    - by Lex
    Hi all! I have the following HTML/PHP page: <?php if(empty($_SERVER['CONTENT_TYPE'])) { $type = "application/x-www-form-urlencoded"; $_SERVER['CONTENT_TYPE'] = $type; } echo "<pre>"; var_dump($_POST); var_dump(file_get_contents("php://input")); echo "</pre>"; ?> <form method="post" action="test.php"> <input type="text" name="test[1]" /> <input type="text" name="test[2]" /> <input type="text" name="test[3]" /> <input type="submit" name="action" value="Go" /> </form> As you can see, the form will submit and the expected output is a POST array with one array in it containing the filled in values and one entry "action" with the value "Go" (the button). However, no matter what values I enter in the fields; the result is always: array(2) { ["test"]=> string(0) "" ["action"]=> string(2) "Go" } string(16) "test=&action=Go&" Somehow, the array named test is emptied, the "action" variable does make it through. I've used the Live HTTP Headers extension for Firefox to check whether the POST fields get submitted, and they do. The relevant information from Live HTTP Headers (with a, b and c filled in as values in the textboxes): Content-Type: application/x-www-form-urlencoded Content-Length: 51 test%5B1%5D=a&test%5B2%5D=b&test%5B3%5D=c&action=Go Does anybody have any idea as to why this is happening? I'm freaking out on this one, it has cost me so much time already... EDIT: We've tried this on different servers, on Windows boxes it does work, on the Ubuntu server with PHP version 5.2.4 (with Suhosin), it doesn't. It even works on a different server, also with Ubuntu and the same PHP version, also with Suhosin installed.

    Read the article

  • How to upgrade libxml on CentOS

    - by Radek Simko
    I have a following version of CentOS: $ cat /etc/issue CentOS release 5.5 (Final) Kernel \r on an \m and following version of libxml: $ php -i | grep libxml libxml Version => 2.6.26 libxml libxml2 Version => 2.6.26 libxslt compiled against libxml Version => 2.6.26 and need to have newer version of libxml (primarly for usage in PHP, but obviously, it doesn't matter). If I even install the newer version of libxml somehow: wget ftp://xmlsoft.org/libxml2/libxml2-2.7.2.tar.gz tar -xvf libxml2-2.7.2.tar.gz cd libxml2-2.7.2 ./configure make sudo make install then I am unable to get it to work in PHP - there is still old version: libxml Version => 2.6.26 libxml libxml2 Version => 2.6.26 libxslt compiled against libxml Version => 2.6.26 What else do I need to do to make the new version to work with PHP?

    Read the article

  • Apache2 slow serving static while healthy

    - by user45339
    My Apache status looks like; 201 requests/sec - 98.8 kB/second - 504 B/request 85 requests currently being processed, 345 idle workers _____CCW_C_____C__C__C_R____C_WC_________C__C____CW__C__CCC_____ __C____W______C___C___CW__C_C______C__W_C__C_____CCC____C______R CC_C_______C___C____C______________C______C__C________________C_ ___________________C______________________C_______C___C_____C___ CC____C__C___R_____C_C_CC__________C___C___________R____C_C_C___ ______C______W_W__W___C____________________C__WCC__R__R_C_______ R__RC________________________C___R____W__C____.................. .................................................... Server load is average 2 on a 4 core machine. IO utilization is 10-15% and doesn't have many jumps over 70%. Machine has almost 4 gb free and uses 0 swap. The site on the machine is a PHP site. All PHP code is optimized and fast mostly when it gets accessed, however sometimes requests get stuck. Stuck meaning; no response for at least 10 sec. We debugged the PHP code, but it is quite optimal and fast. We spend a lot of time on it until we decided to test the requesting of: <html><body>test</body></html> test.html page. This static resource also gets 'stuck' in the same manner the php pages get 'stuck'. How is the possible given the health of the system? I tested the network, but, when the PHP shows 'slowness' in the site monitoring, the html test files also take (far longer) than 10 sec to load using; time lynx -dump http://127.0.0.1/test.html We are kind of desperate to solve this problem, but we cannot seem to tackle it.

    Read the article

  • "Don't do programming after a few years of starting career". Is this a fair advice?

    - by Muhammad Yasir
    I am a little experienced developer having approximately 5 years experience in PHP and somewhat less in Java, C# and trying to learn some Python nowadays. Since the start of my career as a programmer I have been told every now and then by fellow programmers that programming is suitable for a few early years of a career (most of them take it as 5 years) and that one must change the direction after it. The reason they present include headaches and pressures associated with programming. They also say that programmers are less social and don't usually like to give time to their families, etc. and especially "Oh come on, you can not do programming your entire life!" I am somewhat confused here and need to ask others about it. If I leave programming then what do I do?! I guess teaching may be a good option in this case, but it will require to first earn a PhD degree perhaps. It may also be noteworthy that in my country (Pakistan) the life of a programmer is not very good in that normally they must give 2-3 extra hours in the office to accomplish urgent programming tasks. I have a sense that situation is somewhat similar in other countries and regions as well. Do you think it is fair advice to change career from programming to something else after spending 5 years in this field? UPDATE Oh wow... I never knew people can have 40+ years of experience in this field. I am both excited and amazed seeing that people are doing it since 1971... That means 15 years before my birth! It is nice to be able to talk to such experienced people, we don't get such a chance here in Pakistan.

    Read the article

  • Good Freelance models for web developers

    - by Matthew Underwood
    I am a web developer with four years of experience in PHP, MYSQL and experience in Javascript etc. One day I hope to develop a freelance career in web development. Areas of freelance that I am thinking of going towards includes Wordpress, Magento development along with bespoke applications. I am also thinking of doing some consultancy work for clients and businesses when I build up some more experience and technical knowledge. I want to offer a web development service to potential clients that plays on my strengths in what I know but most importantly has a market. Web development can cover so many subjects that its difficult to pick out the areas that have demand. I am also curious to find out if web developers offer services that bring in a monthly income e.g application maintenance or database maintenance? Is there a market for certain areas like WordPress plugins or bespoke applications? Are there certain things to avoid because of work duration, unrealistic client expectations or the fact that its impossible to find a market for it? As professional and experienced freelance web developers have you learned some important do's and don'ts? Is there certain services that the majority of web developers offer because its in high demand? This is the one area of web development freelancing that I cant get my head around. I know there is never a definitive answer but there must be some good practises and general consensus on this subject. Web designers design websites they offer a lump sum and get paid monthly sometimes to add new content, PPC and SEO consultants market sites to the top this will involve monthly payments, web development doesn’t seem so clear cut.

    Read the article

  • Alias using Nginx causing phpMyAdmin login endless loop

    - by Seb Dangerfield
    Recently I've been trying to set up a web server using Nginx (I normally use Apache). However I've ran into a problem trying to set phpMyAdmin up on an alias. The alias correctly takes you too the phpMyAdmin login screen, however when you enter valid credentials and hit go you end up back on the login screen with no errors. Sounded like a cookie or session problem to me... but if I symlink the phpMyAdmin directory and try logging in through the symlinked version it works fine! Both the symlink and the alias one set the same number of cookies and both set seem to set the cookies for the correct domain and path. My Nginx config for the php alias is as follows: location ~ ^/phpmyadmin/(.*\.php)$ { alias /usr/share/phpMyAdmin/$1; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; } I'm running Nginx 0.8.53 PHP 5.3.3 MySQL 5.1.47 phpMyAdmin 3.3.9 - self install And php-mcrypt is installed. Has anyone else experienced this behaviour before? Anyone have any ideas about how to fix it?

    Read the article

  • Changing frontend cache

    - by Utsav
    Our architecture consists of a front-end cache that most read only users obtain their data from directly. The front-end cache sits in front of a farm of webservers that serve pages written in PHP. We need to be able to detect certain conditions at the front-end cache level and pass those values through to the back-end via HTTP headers. For example we would like to manually tag the carrier network based on the IP address. So, for incoming traffic if the user is say coming from an IP address in the range of "41.202.192.0"/19 we would tag them as being a Orange Cameroon user by setting the appropriate HTTP request header, e.g., X-Carrier = "Orange Cameroon". Based on the setting of this header we would like to vary the cache and serve a different banner to the end user. How would you go about doing this? Keep in mind that we don't want to pollute the cache and we also don't want to create too many small cache segments. Assumptions: You can assume that the X-Carrier has already been detected in our cache. So, for the purposes of your test you can just set this value manually in your example script.

    Read the article

  • "Don't do programming after a few years of starting career" Is this a fair advice?

    - by Muhammad Yasir
    I am a little experienced developer having around 5 years experience in PHP and somewhat less in Java, C# and trying to learn some Python now a days. Since the start of my career as a programmer I have been told every now and then by fellow programmers that programming is suitable for a few early years of carrier (most of them take it as 5 years) and that one must change the direction after it. The reason they present is that headaches and pressures associated with programming. They also say that programmers are less social and don't usually like to give time to their families etc. and specially "Oh come on, you can not do programming in your entire life!" I am somewhat confused here and need to ask others about it. If I leave programming then what do I do?! I guess teaching may be a good option in this case but it will require to first earn a PhD degree perhaps. It may also be noteworthy that in my country (Pakistan) the life of a programmer is not very good in that normally they must give 2-3 extra hours in office to accomplish urgent programming tasks. I have a sense that situation is somewhat similar in other countries and regions as well. So the question is, do you think it is a fair advice to change career from programming to something else after spending 5 years in this field? Thanks for sharing thoughts!

    Read the article

  • How to setup AD group to work with SharePoint group security

    - by ybbest
    Issue: Recently, I am having issues with the permission setup at client side. The way we setup permission is we create AD Group and add the add AD Group to the proper SharePoint Group. If we need to grant permission to a user, we then add the user to the correct AD group. But end user reports that by adding a user to an AD group, this user does not have any access to the SharePoint site. Solution: Change the AD Group scope from Global to Universal fix the problem. From To References: AD Group Scopes from Paul Stork http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/79d2af40-3daa-4f61-86e5-5bb54086147f

    Read the article

  • Virtual Hosting in RHEL 5

    - by Kumar P
    We have a RHEL 5 Linux server with a few Windows XP clients. We provide web development in PHP. Now my developers as for common local PHP server for keep their projects in same place. Currently the proxy server and Samba sharing are running on the RHEL 5 server. I installed httpd, PHP and MySQL in the server. And I would like to configure virtual hosting too for LAN. What I want do for it? We have 2 Ethernet ports in the server, 1 for local connections and another one for Internet. Internet is provided by an ADSL provider. (192.168.0.0 series for ADSL modem connection and 10.1.1.0 for the LAN connection. If I want to use virtual hosting, do I need to setup local DNS server? My requirements are: setup PHP with MySQL server for local clients with multiple hosting, without disturbing proxy and Samba.

    Read the article

  • unit/integration testing web service proxy client

    - by cori
    I'm rewriting a PHP client/proxy library that provides an interface to a SOAP-based .Net webservice, and in the process I want to add some unit and integration tests so future modifications are less risky. The work the library I'm working on performs is to marshall the calls to the web service and do a little reorganizing of the responses to present a slightly more -object-oriented interface to the underlying service. Since this library is little else than a thin layer on top of web service calls, my basic assumption is that I'll really be writing integration tests more than unit tests - for example, I don't see any reason to mock away the web service - the work that's performed by the code I'm working on is very light; it's almost passing the response from the service right back to its consumer. Most of the calls are basic CRUD operations: CreateRole(), CreateUser(), DeleteUser(), FindUser(), &ct. I'll be starting from a known database state - the system I'm using for these tests is isolated for testing purposes, so the results will be more or less predictable. My question is this: is it natural to use web service calls to confirm the results of operations within the tests and to reset the state of the application within the scope of each test? Here's an example: One test might be createUserReturnsValidUserId() and might go like this: public function createUserReturnsValidUserId() { // we're assuming a global connection to the service $newUserId = $client->CreateUser("user1"); assertNotNull($newUserId); assertNotNull($client->FindUser($newUserId); $client->deleteUser($newUserId); } So I'm creating a user, making sure I get an ID back and that it represents a user in the system, and then cleaning up after myself (so that later tests don't rely on the success or failure of this test w/r/t the number of users in the system, for example). However this still seems pretty fragile - lots of dependencies and opportunities for tests to fail and effect the results of later tests, which I definitely want to avoid. Am I missing some options of ways to decouple these tests from the system under test, or is this really the best I can do? I think this is a fairly general unit/integration testing question, but if it matters I'm using PHPUnit for the testing framework.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 437 438 439 440 441 442 443 444 445 446 447 448  | Next Page >