Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 82/244 | < Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89  | Next Page >

  • Problem with user login validation by authlogic

    - by Andrei
    Hi, I want to use email for signing in, and to allow users to have similar names. One way to do this is to rename login/username field to something different. However, I want to do it just by setting up authlogic. I tried the following acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field true end but it still complains that the login already exists. What must be done to avoid username validation without renaming the field?

    Read the article

  • Does mcrypt support asymmetric encryption?

    - by bryanagee
    I want to use asymmetric encryption of headers in RESTful requests to verify the identity of the system sending the request: i e System A encrypts it's name, timestamp, and the service name using it's public key in a request to System B. System B then uses the public key of System A to decrypt, proving the authenticity of the request. 1) Does php-mcrypt support this? 2) Has anyone benchmarked this type of operation?

    Read the article

  • how to allow unamed user in svn authz file?

    - by dtrosset
    I have a subversion server running with apache. It authenticates users using LDAP in apache configuration and uses SVN authorizations to limit user access to certain repositories. This works perfectly. Apache DAV svn SVNParentPath /srv/svn SVNListParentPath Off SVNPathAuthz Off AuthType Basic AuthName "Subversion Repository" AuthBasicProvider ldap AuthLDAPBindDN # private stuff AuthLDAPBindPassword # private stuff AuthLDAPURL # private stuff Require valid-user AuthzSVNAccessFile /etc/apache2/dav_svn.authz Subversion [groups] soft = me, and, all, other, developpers Adding anonymous access from one machine Now, I have a service I want to setup (rietveld, for code reviews) that needs to have an anonymous access to the repository. As this is a web service, accesses are always done from the same server. Thus I added apache configuration to allow all accesses from this machine. This did not work until I add an additional line in the authorization file to allow read access to user -. Apache <Limit GET PROPFIND OPTIONS REPORT> Order allow,deny Allow from # private IP address Satisfy Any </Limit> Subversion [Software:/] @soft = rw - = r # <-- This is the added line For instance, before I add this, all users were authenticated, and thus had a name. Now, some accesses are done without a user name! I found this - user name in the apache log files. But does this line equals to * = r that I absolutely do not want to enable, or does it only allows the anonymous unnamed user (that is allowed access only from the rietveld server)?

    Read the article

  • How does java LoginContext.login() work?

    - by tangens
    I have this code to create a configuration of a java client to connect to a JBoss application server: System.setProperty( "java.security.auth.login.config", "auth.conf" ); LoginContext auth = new LoginContext( "myAuth", new LoginCallbackHandler( username, password ) ); auth.login(); The file auth.conf contains the following lines: myAuth { org.jboss.security.ClientLoginModule required; }; Now, somewhere else in the code (the LoginContext auth isn't known there) I have an EJB that does a initialContext.lookup( jndiName ) and a narrow() to access a Bean on the JBoss application server. This narrow only succeeds if the login information of the first step was correct. Question How does the login information propagate from the LoginContext to the narrow()? I don't see any connection between these two places. And further, how could I do two or more different logins inside of one client?

    Read the article

  • Django design question: extending User to make users that can't log in

    - by jobrahms
    The site I'm working on involves teachers creating student objects. The teacher can choose to make it possible for a student to log into the site (to check calendars, etc) OR the teacher can choose to use the student object only for record keeping and not allow the student to log in. In the student creation form, if the teacher supplies a username and a password, it should create an object of the first kind - one that can log in, i.e. a regular User object. If the teacher does not supply a username/password, it should create the second type. The other requirement is that the teacher should be able to go in later and change a non-logging-in student to the other kind. What's the best way to design for this scenario? Subclass User and make username and password not required? What else would this affect?

    Read the article

  • Restricting access to records. Is claim-based permissions a good idea.

    - by Vitalik
    in .net Claim-based identity framework If i wanted to restrict users to do an operation (view or edit) on let's say an account, a particular account #123456.(i am talking about business entity, like a bank account.) Is it a good idea to create a claim for each account they can view or edit? Any disadvantages of having a lot of claims in a set? a system admin might have access to all accounts in the system thus creating hundreds of claims (maybe more than one for each account)

    Read the article

  • Is it immoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • minLength data validation is not working with Auth component for CakePHP

    - by grokker
    Let's say I have a user registration and I'm using the Auth component (/user/register is allowed of course). The problem is if I need to set a minLength validation rule in the model, it doesn't work since the Auth component hashes the password therefore it's always more than my minlength password and it passes even if it's blank. How do I fix this issue? Thanks in advance!

    Read the article

  • i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i

    - by keisimone
    I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • Rails Authlogic Prevent User from Changing their Login/Username

    - by bob
    Hello, I have implemented Authlogic. I believe that this isn't an authlogic specific quesetion. Assume that I have a User model and each User has a column in the database called "login". Upon creating a user, the login column is populated. However, I don't want the user to be able to change their login once they set it. Currently, I have removed the text field in the _form.html.erb file in my views for users. However, it can probably still be accessed through the url right? How can I make it so that once a login is set, it can not be changed at all?

    Read the article

  • How to authenticate users against a Windows AD?

    - by Potinos
    I've a JSF-Hibernate web application. I need to authenticate users against a Windows AD and the web application should only allow logins from members of group X, otherwise it should redirect to an error page. How can I configure this? Also, I would like to display the name of the logged-in user on all pages, not the name of the Windows user of the server machine. I have tried the System.property("user.name") for this, but this only returns the name of the Windows user of the server name.

    Read the article

  • Form submit in javascript

    - by zac
    Hi been wrestling this form and the last step (actually submitting) has me scratching my head. What I have so far is the form: <form id="theForm" method='post' name="emailForm"> <table border="0" cellspacing="2"> <td>Email <span class="red">*</span></td><td><input type='text'class="validate[required,custom[email]]" size="30"></td></tr> <td>First Name:</td><td><input type='text' name='email[first]' id='first_name' size=30></td></tr> <tr height="30"> <td cellpadding="4">Last Name:</td><td><input type='text' name='email[last]' id='e_last_name' size=30> <td>Birthday</td> <td><select name='month' style='width:70px; margin-right: 10px'> <option value=''>Month</option> <option value="1">Jan</option> <option value="2">Feb</option> .... </select><select name='day' style='width:55px; margin-right: 10px'> <option value=''>Day</option> <option value="1">1</option> <option value="2">2</option> ... <option value="31">31</option> </select><select name='year' style='width:60px;' > <option value=''>Year</option> <option value="2007">2007</option> <option value="2006">2006</option> <option value="2005">2005</option> ... </select> <input type='image' src='{{skin url=""}}images/email/signUpButt.gif' value='Submit' onClick="return checkAge()" /> <input type="hidden" id= "under13" name="under13" value="No"> and a script that checks the age and sets a cookie/changes display function checkAge() { var min_age = 13; var year = parseInt(document.forms["emailForm"]["year"].value); var month = parseInt(document.forms["emailForm"]["month"].value) - 1; var day = parseInt(document.forms["emailForm"]["day"].value); var theirDate = new Date((year + min_age), month, day); var today = new Date; if ( (today.getTime() - theirDate.getTime()) < 0) { var el = document.getElementById('emailBox'); if(el){ el.className += el.className ? ' youngOne' : 'youngOne'; } document.getElementById('emailBox').innerHTML = "<style type=\"text/css\">.formError {display:none}</style><p>Good Bye</p><p>You must be 13 years of age to sign up.</p>"; createCookie('age','not13',0) return false; } else { createCookie('age','over13',0) return true; }} that all seems to be working well.. just missing kind of a crucial step of actually submitting the form if it validates (if they pass the age question). So I am thinking that this will be wrapped in that script.. something in here : else { createCookie('age','over13',0) return true; } Can someone please help me figure out how I could handle this submit?

    Read the article

  • Ruby on Rails: How can I authenticate different user types from one place?

    - by sscirrus
    Hi everyone! This is my first post on Stack Overflow. I am trying to build a system that authenticates three types of user with completely different site experiences: Customers, Employers, and Vendors. I'm thinking of using a polymorphic 'User' table (using AuthLogic) with username, password, and user_type (+ AuthLogic's other required fields). If this is a good way to go, how do I set this up so after authenticating an user_id with a user_type the standard way, I can direct the user to the page that's right for them? Thanks.

    Read the article

  • How can I make CAPTCHA work across multiple pages?

    - by jm04469
    Ever visit a website such as myspace where they leverage CAPTCHA to prevent spam? The typical pattern is to present a challenge to each URL that is opened, yet the challenge doesn't actually belong to the page itself which causes additional bandwidth usage. So, if I open up six pages at the same time and want to present a challenge on each page. I want the challenge to be tied to the page and not to the session. How can I make this work with Spring and/or Struts.

    Read the article

  • Ruby on Rails login using legacy user database

    - by ricsmania
    Hello, I have a Rails application that connects to a legacy database (Oracle) and displays some information from a particular user. Right now the user is passed as a URL parameter, but this has obvious security issues because users should only be able to see their own data. To solve that, I want to implement a user login, and I did some research and came across 2 components for that, restful_authentication and authlogic. The problem is that I need to use an existing user/password database instead of creating a new one, which is the common way to use those components. The password is encrypted by a custom Oracle package, but let's assume it is stored as plain text to make things simpler. I only need very basic functionality, which is login a user and keep them logged in forever until logout. No changes to the database will be made by this application, so there's no need for sign up, e-mail activation, reset password, etc. Can someone point me in the right direction on how to do that? Is any of those 2 components a good solution? If not, what would be recommended? Thanks!

    Read the article

  • How to set the ReturnUrl for the Login link in MVC 3 app?

    - by user762196
    using System; using Microsoft.Practices.Unity; namespace <MyNameSpace> { public class UrlFactory { public static UrlFactory Current { get { return HttpApplicationUnityContext.Current.Resolve<UrlFactory>(); } } public string GetLoginUrl() { return String.Format("{0}/login?ReturnUrl={1}", MyConfig.BaseHttpUrl, <GET_PAGE_URL>); } } The user can be on any page on the site and click the Login link. But the ReturnUrl must always point to the exact page where he clicked it. I must take the user back to the page he clicked the login link. In my code above, how do I get the page url in <GET_PAGE_URL>? Thanks

    Read the article

  • How do you handle ajax requests when user is not authenticated?

    - by LukLed
    How do you handle ajax requests when user is not authenticated? Someone enters the page, leaves room for an hour, returns, adds comment on the page that goes throuh ajax using jQuery ($.post). Since he is not authenticated, method return RedirectToRoute result (redirects to login page). What do you do with it? How do you handle it on client side and how do you handle it in controller?

    Read the article

  • CouchDB read authorization

    - by mdikici
    In couchdb website - technical overview - security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To protect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protected documents are only viewable by listed users." I searched about how to use it but i found nothing. So is it actually used and if it is how? Thanks. -- Mustafa

    Read the article

  • can bind successfully to the ldap server, but needs to know how to find user w/i AD

    - by Brad
    I create a login form to bind to the ldap server, if successful, it creates a session (which the user's username is stored within), then I go to another page that has session_start(); and it works fine. What I want to do now, is add code to test if that user is a member of a specific group. So in theory, this is what I want to do if(username session is valid) { search ldap for user -> get list of groups user is member of foreach(group they are member of) { switch(group) { case STAFF: print 'they are member of staff group'; $access = true; break; default: print 'not a member of STAFF group'; $access = false; break; } if(group == STAFF) { break; } } if($access == TRUE) { // you have access to the content on this page } else { // you do not have access to this page } } How do I do a ldap_search w/o binding? I don't want to keep asking for their password on each page, and I can't pass their password thru a session. Any help is appreciated.

    Read the article

  • global variables doesn't change value in Javascript

    - by user1856906
    My project is composed by 2 html pages: 1)index.html, wich contains the login and the registration form. 2)user_logged.html, wich contains all the features of a logged user. Now, what I want to do is a control if the user is really logged, to avoid the case where a user paste a url in the browser and can see the pages of another user. hours as now, if a user paste this url in the browser: www.user_loggato.html?user=x#profile is as if logged in as user x and this is not nice. My html pages both use js files that contains scripts. I decided to create a global variable called logged inizialized to false and change the variable to true when the login is succesfull. The problem is that the variable, remains false. here is the code: var logged=false; (write in the file a.js) while in the file b.js I have: function login() { //if succesfull logged=true; window.location.href = "user_loggato.html?user="+ JSON.parse(str).username + #profilo"; Now with some alerts I found that my variable logged is always false. Why? if I have not explained well or if there is not some information in order to respond to my question let me know.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89  | Next Page >