Search Results

Search found 5144 results on 206 pages for 'mod auth ldap'.

Page 174/206 | < Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181 | Next Page >

Sinatra: How do I provide access to a login form while preventing access to the rest of my Sinatra a

- by Brandon Toone

I recently created a Sinatra app with a login form (no basic auth). To prevent access to the app unless the user logged in I put a before block in place before do unless request.path_info == '/login' authenticated? end end I quickly realized that this prevented me from accessing resources in the public directory like my style sheet and logo unless authenticated first as well. To get around that I changed my filter to the following: before do unless request.path_info == '/login' || request.path_info == "/stylesheets/master.css" || request.path_info == "/images/logo.png" authenticated? end end If there were lots of resources I needed to provide exceptions to this way of making them would quickly become overwhelming. What is a better way to code this so I can make exceptions for the public directory or even its specific sub-directories and files like /stylesheets, /images, /images/bg.png but not /secret or /secret/eyes-only.pdf? Or ... Is there a completely different best-practice to handle this situation of locking down everything except the stuff related to logging in (handlers, views, resources)?

Read the article
MongoDB db.serverStatus() gives error when running using tunnel that is targetted to api.cloudfoundry.com

- by Ajay

Following is the console session... C:\Users\xxx>vmc tunnel myMongoDB Getting tunnel connection info: OK Service connection info: username : uuuu password : pppp name : db url : mongodb://uuuu:[email protected]:25200/db Starting tunnel to myMongoDB on port 10000. 1: none 2: mongo 3: mongodump 4: mongorestore Which client would you like to start?: 2 Launching 'mongo --host localhost --port 10000 -u uuuu -p pppp db' MongoDB shell version: 2.0.6 connecting to: localhost:10000/db > db.serverStatus() { "errmsg" : "need to login", "ok" : 0 } > Which credentials should I use to login (assuming should use db.auth) to get rid of the error "{ "errmsg" : "need to login", "ok" : 0 }". When I run the same in micro CF on my machine it works ok and gives me the expected output. P.S. I'm trying this to get to know the current connections on my application, written in node.js. Trying to debug some issues with connections to the DB. If there is any other alternative that I can use please suggest that as well.

Read the article
Can I make TCP/IP session to run less than 60 seconds?

- by Pavel

Our server is overloaded with TCP/IP sessions, we have 1200 - 1500 of them. Most of them are hanging in TIME_OUT state. It turns out that a connection in TIME_OUT state occupies a socket until 60 second time-out is elapsed. The problem is that the server gets unresponsive and many clients are not getting served. I have made a simple test: download an XML file from the server with Internet Explorer 8.0 The download finishes in a fraction of second. But then I see that the TCP/IP connection is hanging in TIME_OUT state for 60 seconds. Is there any way to get rid of TIME_OUT waiting or make it less to free the socket for new connections? I understand why TCP/IP connection enters TIME_OUT state, but I don't understand why Internet Explorer does not close the connection after the XML file download is over. The details. Our server runs web service written in Perl (mod-perl). The service provides weather data to clients. Client is a Flash appication (actually Flash ActiveX control embedded in Windows application). Apache "Keep Alive" option is set to 0

Read the article
Process for beginning a Ruby on Rails project

- by Daniel Beardsley

I'm about to begin a Ruby on Rails project and I'd love to hear how others go through the process of starting an application design. I have quite a bit of experience with RoR, but don't have that many starting from scratch with only a vision experiences and would appreciate the wisdom of others who've been there. I'm looking for an order of events, reasons for the order, and maybe why each part is important. I can think of a few starting points, but I'm not sure where it's best to begin Model design and relationships (entities, how they relate, and their attributes) Think of user use-cases (or story-boards) and implement the minimum to get these done Create Model unit-tests then create the necessary migrations and AR models to get the tests to pass Hack out the most basic version of the simplest part of your application and go from there Start with a template for a rails app (like http://github.com/thoughtbot/suspenders) Do the boring gruntwork first (User auth, session management, ...) ...

Read the article
Core jQuery event modification problem

- by DSKVR

I am attempting to overwrite a core jQuery event, in this case the keydown event. My intention is to preventDefault() functionality of Left(37), Up(38), Right(39) and Down(40) to maintain the consistency of hot keys in my web application. I am using the solution provided here for the conditional charCode preventDefault problem. For some reason, my function overwrite is simply not firing, and I cannot put my finger on the problem. I am afraid that over the past 30 minutes this issue has resulted in some hair loss. Anybody have the remedy? /* Modify Keydown Event to prevent default PageDown and PageUp functionality */ (function(){ var charCodes = new Array(37,38,39,40); var original = jQuery.fn.keydown; jQuery.fn.keydown = function(e){ var key=e.charCode ? e.charCode : e.keyCode ? e.keyCode : 0; alert('now why is my keydown mod not firing?'); if($.inArray(key,charCodes)) { alert('is one of them, do not scroll page'); e.preventDefault(); return false; } original.apply( this, arguments ); } })();

Read the article
Best way to send mass email to my subscribers ( BCC or PEAR mail queue ? )

- by xRobot

I need to send email to my 5000 subscribers. What is the best way to do this ? 1) By using BCC ?: $from_addr = '[email protected]'; $mailing_list = '[email protected]', '[email protected]', '[email protected]; $message_subject = 'this is a test'; `$headers = array ("From" => $from_addr, "Bcc" => $mailing_list, "Subject" => $message_subject); $smtp = Mail::factory("smtp", array ('host' => "smtp.example.com", 'auth' => true, 'username' => "xxx", 'password' => "xxx")); $mail = $smtp->send($email, $headers, $message_body);` . 2) by using PEAR mail queue ?

Read the article
Database Error django

- by Megan

DatabaseError at /admin/delmarva/event/ no such column: delmarva_event.eventdate I created a class in my models.py file: from django.db import models from django.contrib.auth.models import User class Event(models.Model): eventname = models.CharField(max_length = 100) eventdate = models.DateField() eventtime = models.TimeField() address = models.CharField(max_length = 200) user = models.ForeignKey(User) def __unicode__(self): return self.eventname and now when i try to view my events in my admin or my main_page it gives me the error that there is no eventdate. I tried syncing the db again but nothing changed. Also, I hashtagged eventdate out to see if I get a different error and then it states that delmarva_event.eventtime does not exist as well. I It is weird because it does not have a problem with eventname. Any suggestions would be greatly appreciated!

Read the article
Debugging a Browser Redirect Loop

- by just_wes

Hi all, I am using CakePHP with the Auth and ACL components. My page loads fine for non-registered users, but if I try to log in as a registered user I get an infinite redirect loop in the browser. I am sure that this is some sort of permissions problem, but the problem exists even for users who have permissions for everything. The only way to prevent this behavior is to allow '*' in my AppController's beforeFilter method. What is the best way to debug this sort of problem? Thanks!

Read the article
PHP How to access constant defined outside class?

- by Ashley Ward

I have defined some constants eg: define('DB_HOSTNAME', 'localhost', true); define('DB_USERNAME', 'root', true); define('DB_PASSWORD', 'root', true); define('DB_DATABASE', 'authtest', true); now when I try to do this: class Auth{ function AuthClass() { $this->db_link = mysql_connect(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD) or die(mysql_error()); } } I get an error. Why is this and what do I need to do? See, I've tried using (for example) global DB_HOSTNAME but this fails with an error.

Read the article
How can I login to a website with Python?

- by Shady

How can I do it? I was trying to enter some specified link (with urllib), but to do it, I need to log in. I have this source from the site: <form id="login-form" action="auth/login" method="post"> <div>  <label for="email" id="email-label" class="no-js">Email</label> <input id="email-email" type="text" name="handle" value="" autocomplete="off" /> <label for="combination" id="combo-label" class="no-js">Combination</label> <input id="password-clear" type="text" value="Combination" autocomplete="off" /> <input id="password-password" type="password" name="password" value="" autocomplete="off" /> <input id="sumbitLogin" class="signin" type="submit" value="Sign In" /> Is this possible?

Read the article
Backup Google Calendar programmatically: https://www.google.com/calendar/exporticalzip

- by Michael

I'm struggling with writing a python script that automatically grabs the zip fail containing all my google calendars and stores it (as a backup) on my harddisk. I'm using ClientLogin to get an authentication token (and successfully can obtain the token). Unfortunately, i'm unable to retrieve the file at https://www.google.com/calendar/exporticalzip It always asks me for the login credentials again by returning a login page as html (instead of the zip). Here's the critical code: post_data = post_data = urllib.urlencode({ 'auth': token, 'continue': zip_url}) request = urllib2.Request('https://www.google.com/calendar', post_data, header) try: f = urllib2.urlopen(request) result = f.read() except: print "Error" Anyone any ideas or done that before? Or an alternative idea how to backup all my calendars (automatically!)

Read the article
Membership systems for MVC4 that support RavenDB

- by brad oyler

I create a lot of quick "proof of concept" MVC apps and I actually found the SimpleMembership provider that shipped with the MVC4 templates to be very handy since it gets me up and running with user registration & OAuth in a matter of minutes. But...I've started to use RavenDb (on RavenHQ for a lot for my projects). So, I starting trying to implement my own "custom membership provider" based on the ExtendedMembershipProvider and while doing that I realized that didn't make much sense. I later stumbled upon 2 interesting projects that try to solve this exact problem: WorldDomination.Web.Auth: https://github.com/PureKrome/WorldDomination.Web.Authentication MemFlex: https://github.com/OdeToCode/Memflex Both are pretty interesting recent efforts and was wondering if these are the only ones being built right now. I'm essentially looking for nuget pkg that I can drop into a MVC4 app, connect to my RavenDb and be done. I'm willing to build this thing but don't want to duplicate any efforts that are already in motion. Thx!

Read the article
credit or minclass does not work well with pam_cracklib.so in common-password (opeSuSe 11.3)

- by Mario

I'm trying to implement password complexities on my pdc. It's a samba PDC with openLDAP backend. I tried cracklib-check but it looks like that I should have a decent and localize version of password library since the library out there usually comes in english. I also have another consideration that we will allow users to use any kind of password - even though it's dictionary based - as long as their passwords integrated with low/upper alphabet, digits, and other characters such as '$' or '_' (pam_cracklib.so calls them as classes). So here is my /etc/pam.d/common-password: #password requisite pam_pwcheck.so nullok cracklib password requisite pam_cracklib.so minclass=4 reject_username ##password requisite pam_cracklib.so \ ## dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 reject_username password optional pam_gnome_keyring.so use_autht_ok password required pam_unix2.so use_authtok nullok The first commented line (with #) was the default configuration of openSuse 11.3. The 2nd/3rd (with leading ##) is another configuration I use when minclass=4 line is commented out. By the way, I have 'check password script' = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict and passdb backend = ldapsam:ldap://127.0.0.1 parameters in smb.conf and cracklib-check works fine too. So here is the test I conduct. I logon to windows and then change my password. Sometimes it works fine that it trows error message - which what I wanted, but simple password with only lower alphabets can pass windows change password. Maybe I should make a new library which incorporates local vocabularies, but a guy out there (raise your hand please if you read this :) ) also experienced the same trouble with english word. Besides, what we really want is to let user to choose 2 or 3 format password out of 4 classes. Is there a bug or something with pam module in openSuse 11.3? Thank you in advance. Regards, Mario

Read the article
Looking for a way to get HTTP Digest Authentication headers from incoming http requests

- by duncancarroll

I've been working on a REST implementation with my existing Cake install, and it's looking great except that I want to use HTTP Digest Authentication for all requests (Basic Auth won't cut it). So great, I'll generate a header in the client app (which is not cake) and send it to my cake install. Only problem is, I can't find a method for extracting that Digest from the request... I've looked through the Cake API for something that I can use to get the Digest Header. You'd think that Request Handler would be able to grab it, but I can't find anything resembling that. There must be another method of getting the digest that I am overlooking? In the meantime I'm writing my own regex to parse it out of the Request... once I'm done I'll post it here so no one has to waste as much time as I did hunting for it.

Read the article
troubleshooting postifx -> exchange connection issues

- by Systemspoet

I have three linux-based mail routers that run postfix and relay mail to our on-premise exchange server as well as to outlook.com, splitting the mail based on ldap atttributes. What I've observed sporadically since upgrading this spring from Exchange 2007 to 2010 is that all three of the mail relays will, for about 20 minutes, fail to connect to exchange. Postfix logs it as "lost connection with exchange.contosso.edu" ; this problem almost always occurs to all three mail relays at the same time, and lasts for slightly under 20 minutes. If I can catch it while it's occuring, and I manually do "telnet exchange.contosso.edu 25" from one mail relay and force a message through (helo, mail from, rcpt to, data, etc), then it clears that relay up. The exchange "server" is actually two machines with the HT role on them, load balanced via windows NLB. I've worked pretty hard to figure out what's happening from the postfix side and I can't see any evidence of any misbehavior. My question is, how do I attack the problem from the exchange side? Is there a connection log, or a debug setting, or something I can do to log all of the inbound connections and tell me what's causing exchange to drop them?

Read the article
Where to place the login/authentication related actions in MVC

- by rogeriopvl

I've searched around and found that when implementing an authentication module in MVC architecture some people opt to place the login related actions in the User controller while others place it in a controller dedicated to authentication only. In pseudo-java-like code: class UserController extends Controller { public login() { //... } } Accessed with http://mydomain.com/user/login. vs. class AuthController extends Controller { public login() { //... } } Accessed with http://mydomain.com/auth/login. I would like to know which approach is better, and why. That is, if there's really any difference at all. Thanks in advance.

Read the article
Determine what account IIS 7 is using to access folders (and other resources)

- by Andrew

Often, out of sheer desperation I will end up enabling "Everyone" access on a folder that a web app is accessing (perhaps for file creation, reading, etc) because I can't figure which user account to enable access on. Obviously, this is a very bad thing to do. Is there a way to determine what account IIS is using at that exact moment to access folders (and perhaps other resources like SQL Server, etc)? Are there logs I can look at that will tell me? Or perhaps some other way? I usually use Windows Auth without impersonation. Not sure if that information is relevant.

Read the article
postfix email gateway

- by k-h

I am setting up a postfix email gateway. It will not hold any mail but will accept email for my domain and forward it to another internal mailserver and relay mail out from the internal server. One of the main problems is that I am working on a live running system and this will be an upgrade so I am using a test domain which I will change at some point to the real domain. I tried various methods but found the simplest way (that worked) was to use a script to create an aliases file (from ldap entries). There are various problems with this method. The main one being that the entries can't be of the simple form [email protected] because the gateway doesn't know where to send them. They have to be of the form: [email protected]. What I would like doesn't seem hard but I can't get my head around the postfix documentation. There seem to be various ways but none of them seem to work. Most of the examples I have found on the web assume the mail is going to end up on the server. I want a list of users somewhere, preferably of the form: user1, user2, etc rather than [email protected] (I can easily generate this list) and I would like postfix to forward all email to example.com to a particular server: ie realmailserver.example.com. Can anyone suggest clues as to how I might do this?

Read the article
Django - Empty session data in ajax requests

- by ninja123

Hi guys, I have an ajax view where I want to set a session variable like such: def upload(request, *args, **kwargs): request.session['test'] = 'test' request.session.modified = True print request.session.items() I have another normal view something like this: def advertise(request): print request.session.items() I get these two strings printed to shell: [('test', 'test')] [('_auth_user_backend', 'django.contrib.auth.backends.ModelBackend'), ('_auth_user_id', 26L)] Why is the session data that I set in the ajax view not passing to my regular views? If I set session data in regular view, everything works as fine, but it seems that ajax requests contain empty session data? Anybody dealt with something like this before? Any suggestions are greatly appreciated. Thanks.

Read the article
CVS in cmd/gui works only the third time I run a command.

- by Somebody still uses you MS-DOS

I'm using CVS in the command line. I'm in my repository folder. When I call a CVS command, I get... cvs [log aborted]: unrecognized auth response from localhost: -f [pserver aborted]: /opt/cvs/XXXXXX: no such repository ...2 times. The third time I run the command, it works with no problems. I tried to use a GUI client (CrossVC) and the same problem occurs. I tried inside gVim and Vim using VCSCommand and I'm having the same issues as well. I've tested with different times between each command, but I still have the same problems. I'm using a CVS configuration with stunnel. Why am I having problem with this setup? Why every time just the third time that I try to run the command that actually works?

Read the article
MVC Forms Authentication with custom database

- by AndrewVos

I'm trying to get forms authentication working for an mvc site. I have a custom database with a users table, and I would like to do my own password validation. I am logging in my user like this: if (PasswordHasher.Hash(password) == dataUser.Password) { FormsAuthentication.SetAuthCookie(email, true); return true; } The problem is, when the session expires obviously the user has to login again. I am thinking I should be storing this Auth cookie in my users table? Update: I'm obviously in desperate need of more education in this area. I just noticed that the user stays authenticated even after an iisreset. I guess what I'm asking is how can I get persistent and non persistent authentication working properly. I want a user to not have to login again if they click "remember", and if they don't then their authentication should expire when the forms authentication is set to expire.

Read the article
Out-of-memory algorithms for addressing large arrays

- by reve_etrange

I am trying to deal with a very large dataset. I have k = ~4200 matrices (varying sizes) which must be compared combinatorially, skipping non-unique and self comparisons. Each of k(k-1)/2 comparisons produces a matrix, which must be indexed against its parents (i.e. can find out where it came from). The convenient way to do this is to (triangularly) fill a k-by-k cell array with the result of each comparison. These are ~100 X ~100 matrices, on average. Using single precision floats, it works out to 400 GB overall. I need to 1) generate the cell array or pieces of it without trying to place the whole thing in memory and 2) access its elements (and their elements) in like fashion. My attempts have been inefficient due to reliance on MATLAB's eval() as well as save and clear occurring in loops. for i=1:k [~,m] = size(data{i}); cur_var = ['H' int2str(i)]; %# if i == 1; save('FileName'); end; %# If using a single MAT file and need to create it. eval([cur_var ' = cell(1,k-i);']); for j=i+1:k [~,n] = size(data{j}); eval([cur_var '{i,j} = zeros(m,n,''single'');']); eval([cur_var '{i,j} = compare(data{i},data{j});']); end save(cur_var,cur_var); %# Add '-append' when using a single MAT file. clear(cur_var); end The other thing I have done is to perform the split when mod((i+j-1)/2,max(factor(k(k-1)/2))) == 0. This divides the result into the largest number of same-size pieces, which seems logical. The indexing is a little more complicated, but not too bad because a linear index could be used. Does anyone know/see a better way?

Read the article
How do I handle user authorization the safest way?

- by Irro

I'm developing a small website where I'm going to allow user to create accounts but I'm quite clueless when it comes to safety around authorizations. I have built my project in PHP with codeigniter and found a library (Tank Auth) that could handle authorization for me. It stores password in a safe way but I'm still worried about the part when the user sends their password to my server. One easy way to do it would be to send the password in a post-request but I would guess that it's quite easy to sniff such a password. Should I do something with the password on the client side before sending it to my server? And is there any good javascript libraries for this?

Read the article
Web scrapping from a Google Chrome extension

- by limoragni

I've started to develop a Chrome extension to navigate and prform actions on a website. Until now the extension is able to receive a couple of parameters and check a set of radio-buttons, fill in a few inputs of a form and then submit it. What I want to do now is to repeat the process, but I'm stuck when the page is reloaded. And I don't know how can I do to make the script reacts to the finish of the request. The workflow I want to achieve is the following (is for automaticly copying a certain object): Popup side Enter the number of the Master object to copy Enter the base name of the copies (example Mod, so the I can iterate and add mod1, mod2, modn) Enter the number of copies Background side Select master Select standard options Fill in inputs Submit form Wait for the page to complete the request and continue to the next copy. (here I need help) The problem is on the repetition, the rest is taking care of. I assume that must be a way of dealing with requests. Any ideas? By the way I'm doing it all with the extension and tabs methods of google chrome plus javascript and jquery.

Read the article
Securing a REST API

- by Christopher McCann

I am in the middle of developing a REST API - the first one I ever have. The data being passed through the API is not of such a critical nature that there will be loss of life, economics etc if it was intercepted but at the same time I would like it to be secure. The data being transferred is simply like the data that would be transferred on Twitter or Facebook - not overly confidential but still should be kept private. What is the best way to secure this data? Am I best to use HTTP Basic Auth over SSL or should I be looking into something like OAuth. I have never really used REST much before so bit of a first for me. Thanks

Read the article

< Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181 | Next Page >