Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

Page 192/244 | < Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >

Rails, different routes for production app.

- by Joseph Silvashy

Well, maybe not just different routes. Here is the issue at hand, we have an app that we want to present the users with a "beta sign-up" form when the app is running in production, but we still want to be able to login, however in development the app should function normally. For example in development the app's root path would be the page that show's all the products (using a store as an example) but in production we want the app to present the user with a beta page that just has a form for leaving an email, but also be able to sign-in for users that have accounts. We don't need any help with authentication, that's all sorted out more just the setup of redirecting users to the beta page in production so they can't explore the site unless they are logged in. We are using Devise so I thought maybe we could put something in our application controller that's like: before_filter :authenticate_user! if ENV['RAILS_ENV'] == 'production' But that doesn't seem like it works.

Read the article
Cannot start jboss remotely in ruby (Net::SSH)

- by Jared

I am trying to start/stop jboss remotely with ruby Net::SSH library. I am able to stop jboss with the following code: require 'net/ssh' Net::SSH.start('xx.xx.xx.xx', 'jboss', :password => "jboss") do |session| session.open_channel do |channel| channel.request_pty(:term => 'xterm') do |ch, success| raise "could not request pty!" unless success channel.exec "/etc/init.d/jboss_new stop\n" end puts "shell opened" channel.on_data do |channel, data| puts data sleep 1 if data =~ /Password: / sleep 2 channel.send_data("jboss\n") end end end end But when I substitute stop with start I get nothing in return, jboss is not started. I changed password to invalid and get a response su: Authentication failure Is there any gimmick here? Can you please advise what is wrong?

Read the article
PHP: Safe way to store decryptable passwords

- by Jammer

I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

Read the article
Cheapest ways to expose internet services

- by tmow

Hi all, we have developed/customized an internet site that provides functionalities like sharing, swap/barter, selling and rent any object/services trough public or private galleries and/or clubs. We'd like now to expose all or some of the services to the public, so that anybody can take advantage of our engine, but without spending too much as we rae running low on budget. At the moment we have developed some RSS interfaces for the public catalogs and is possible to use JQuery to query the engine. Do you have any advices on how to proceed here? We were thinking about something simple like framset, using openID like authentication, or similar technologies. Even if can be the coolest solution, we a would like to avoid the develop soap, rest or xmlrpc APIs as it takes a lot of time ( =money ) Do you have any super smart ideas?

Read the article
Android and PHP - Do I need to use sessions?

- by jtnire

I have created an Android App that communicates with a PHP web server. They both send JSON to each other. My App is almost finished, however there is one thing left to do: authentication. Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request? Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different everytime. The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID. If there are some serious cons to using my method above, then I'm more than happy to use sessions, however all advice is appreciated. Thanks

Read the article
Client / Server application for Video BroadCasting on LAN

- by jbl

I m much of a newbie to client/server applications and networking.I am currently starting up a project in which we are planning to create an application or something like a website accessible only to clients in that LAN network.We want the server to upload videos so that the clients can view them whenever they want.Also the clients can upload videos.Also we want some kind of registration to provide authentication to avoid bogus videos.Also additional features that can be added on later like comment section,ratings,Groups etc. Basically what we want is to build mini-youtube but with one major difference , we want the application to be LAN based. This is the idea behind the project.But we dont know where to start from as we are new to this stuff and also we have like 1 year to work on the project.Please guide me as to what all softwares i'll be needing to get this working !

Read the article
acl.allow not working in mercurial

- by sagar

When I am trying to apply some authentication in .hg/hgrc file on Ubuntu machine its not working. I have added below code to hgrc file on Ubuntu [web] allow_push=* allow_read=* push_ssl =false [hooks] pretxnchangegroup.acl=python:hgext.acl.hook [acl.allow] /home/test/testrepository/*=myid When I am pushing some data from my Windows repository to testrepository on Ubuntu giving below message pushing to http://ubantuip:8000 searching for changes remote: adding changesets remote: adding manifests remote: adding file changes remote: added 1 changesets with 1 changes to 1 files remote: error: pretxnchangegroup.acl hook failed: acl: access denied for changes et 69f00e372c67 remote: transaction abort! remote: rollback completed remote: abort: acl: access denied for changeset 69f00e372c67 why I am not able to push the changes?

Read the article
Web based interface for open SSL client certificates

- by Felix

Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

Read the article
Problem with Wicket and SignInExample in IE8

- by KJQ

I have an interesting problem with Wicket. I'm basically duplicating the 'authentication' example from the v1.4.x in SVN. It works fine in FireFox and Chrome but not in IE8. When in IE8, after I click the submit button it returns with a 404 error but i can manually paste the "destination" url in and it goes there fine (as an authenticated user). Another scenario is, I try to login, it gives me a 404, I hit refresh (looking at the html source I see the page version incremented), relogin and it works fine. So to summarize: I login the first time in IE8 and it returns a 404 error, hit refresh and ogin again and it works fine. I login the first time in IE8 and it returns a 404 error, manually paste the destination url in the browser and it goes there fine as if im logged in. I've compared everything between IE8 and FireFox from the rendered source and the code is not doing anything special but I cannot figure out what the differences are? Thanks. KJQ

Read the article
Expiring an IE session using WatiN

- by Steve Wilkes

I'm trying to write an acceptance test using WatiN which checks that a user is redirected to the login page if they navigate to a page after their session times out. I'm using WatiN's IE class for the browser, and trying the following: // 1. Login // 2. Do this: Browser.ClearCookies(); Browser.ClearCache(); // 3. Navigate to a different page But the user is always still logged in. Other info: I'm running the test through the NUnit GUI running as an administrator It's an ASP.NET MVC 3 site, using forms authentication and in-process session state I'm using IE9. If I manually clear all cookies in Chrome, the user is logged out If I manually clear all cookies in IE the user stays logged in If I call Browser.Eval("alert(document.cookie)"); in IE it alerts an empty string Given the above, I'm assuming this is a quirk with IE; any ideas how I can work around it?

Read the article
C# Threading and Sql Connections

- by Jonathan M

I have a method that attempts to update a sql server database in an ASP.NET application. If the update fails, it catches the exception and then queues the update in MSMQ, and then spins up a new thread that will later de-queue the pending update and try again. When the thread starts, it fails to open a database connection because it is attempting to connect using Network Service as the login. The sql connection is using Windows Authentication, and will work outside of the thread. If I put a breakpoint in the code that executes inside the new thread and check the Thread.CurrentPrincipal, it shows the Identity as being the correct user. Why is the sql connection attempting to be opened by the Network Service account? I can elaborate further is necessary. Thanks.

Read the article
Secure password transmission over unencrypted tcp/ip

- by academicRobot

I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

Read the article
Django: query spanning multiple many-to-many relationships

- by Brant

I've got some models set up like this: class AppGroup(models.Model): users = models.ManyToManyField(User) class Notification(models.Model): groups_to_notify = models.ManyToManyField(AppGroup) The User objects come from django's authentication system. Now, I am trying to get all the notifications pertaining to the groups that the current user is a part of. I have tried.. notifications = Notification.objects.filter(groups_to_notify=AppGroup.objects.filter(users=request.user)) But that gives an error: more than one row returned by a subquery used as an expression Which I suppose is because the groups_to_notify is checking against several groups. How can I grab all the notifications meant for the user based on the groups he is a part of?

Read the article
How do I prevent an https response from throwing an AuthenticationException with Fiddler running?

- by Ichabod Clay

Relative newbie to C# here :) I'm currently creating a web link scraper and having issues with the responses I'm getting when trying to login to the website via my program. I'm trying to use Fiddler to see if my program is sending the proper data, but my program is throwing an AuthenticationException when trying to get a response from the site with Fiddler running. The requests are being sent over HTTPS and Fiddler's certificate is the cause of the excepting being thrown. My question is, what can I implement into my program to have it disregard the certificate authentication? As far as my program goes, the requests and responses are being handled by HttpWebRequest and HttpWebResponse classes.

Read the article
Django i18n: makemessages only on site level possible?

- by AndiDog

I have several strings in my site that don't belong to any app, for example {% block title %}{% trans "Login" %}{% endblock %} or a modified authentication form used to set the locale cookie class AuthenticationFormWithLocaleOption(AuthenticationForm): locale = forms.ChoiceField(choices = settings.LANGUAGES, required = False, initial = preselectedLocale, label = _("Locale/language")) Now when I execute django-admin.py makemessages --all -e .html,.template in the site directory, it extracts the strings from all Python, .html and .template files, including those in my apps. That is because I develop my apps inside that directory: Directory structure: sitename myapp1 myapp2 Is there any way to extract all strings that are not in my apps? The only solution I found is to move the app directories outside the site directory structure, but I'm using bzr-externals (similar to git submodules or svn externals) so that doesn't make sense in my case. Moving stuff that needs translation into a new app is also possible but I don't know if that is the only reasonable solution.

Read the article
Setting custom HTTP request headers in an URL object doesn't work.

- by Blagovest Buyukliev

I am trying to fetch an image from an IP camera using HTTP. The camera requires HTTP basic authentication, so I have to add the corresponding request header: URL url = new URL("http://myipcam/snapshot.jpg"); URLConnection uc = url.openConnection(); uc.setRequestProperty("Authorization", "Basic " + new String(Base64.encode("user:pass".getBytes()))); // outputs "null" System.out.println(uc.getRequestProperty("Authorization")); I am later passing the url object to ImageIO.read(), and, as you can guess, I am getting an HTTP 401 Unauthorized, although user and pass are correct. What am I doing wrong? I've also tried new URL("http://user:pass@myipcam/snapshot.jpg"), but that doesn't work either.

Read the article
What is the best way to secure a shared git repo for a small distributed team ?

- by ashy_32bit

We have a Scala project and we decided to use git. The problem is we are a very small distributed team and we want nobody outside of the team to have even the read only access to our git server (which has a valid IP and is world-accessible in the IP level). I have heard the git-daemon has no authentication mechanism by itself and you should somehow integrate it with ssh or something. What is the best (and easiest) way to make the git server respond only to authorized users ? Or perhaps git-daemon is not for this task ? I may add that I am looking for a simple and straightforward approach. I don't want to compete with github ;-)

Read the article
505 (HTTP version not supported) sent to client when ASP.NET application attempts to access WCF service

- by Aaron J Spetner

We have created a DLL to facilitate access of a 3rd-party WCF Service. This DLL works fine in a Windows Application on our test machines, but when we try to use it in an ASP.NET application on our web server, our web server returns a 505 HTTP version not supported error to the client. To clarify, the setup is Client-Server-WCF Service. Using Fiddler, I can tell that our server is not making requests to the WCF Service. The calls are wrapped in a try/catch block, but no Exception occurs. Instead, as soon as the call to the service is attempted, our server returns a 505 error to the client and terminates execution. We are using clientCertificate authentication over HTTPS with serviceCertificate certificateValidationMode set to "None". Thanks

Read the article
Does GAE/OpenID/OAuth support xmlhttp proxy?

- by h2g2java

Currently, my code would construct the GWT form, which user would submit directly to openId (or any authenticaiton service). Such a method works fine. However, what if I had the gwt page server access the OpenID provider, is there a way/strategy for the server to mediate authentication between its client and the auth provider? I wish to know the answers with respect to GAE as the proxy and, regardless if GAE or Tomcat is the intended proxy, answers wrt Google Accounts OpenID OAuth If so, it would be wonderful if someone could describe the installation strategy.

Read the article
Simple rails routing / url question

- by justinbach

I'm using Ryan Bates' nifty authentication in my application for user signup and login. Each user has_many :widgets, but I'd like to allow users to browse other users' widgets. I'm thinking that a url scheme like /username/widgets/widget_id would make a lot of sense--it would keep all widget-related code in the same place (the widgets controller). However, I'm not sure how to use this style of URL in my app. Right now my codebase is such that it permits logged-in users to browse only their own widgets, which live at /widgets/widget_id. What changes would I need to make to routes.rb, my models classes, and any place where links to a given widget are needed? I've done Rails work before but am a newb when it comes to more complicated routing, etc, so I'd appreciate any feedback. Thanks for your consideration!

Read the article
.NET on Windows to Mono on Ubuntu

- by Srikanth

I am looking at a possibility to change my ASP.NET 2.0 application to the Mono framework. I have used the Mono Migration Analyzer tool and it does detect some P/Invoke and interop dependencies. For example: 1) We use Excel interops and on Linux we are looking to use StarOffice/OpenOffice instead. Is there an easy way of substituting Excel with StarOffice? (I know it sounds bizarre, but I just don't want to miss out in case anyone has done it already.) 2) LDAP authentication: What could be the best alternative in Ubuntu (or an other flavour of Linux)? 3) Is there an Ajax framework for Mono? Preferably with similar controls as Atlas? I hope I am not too ambitious here..

Read the article
Membership systems for MVC4 that support RavenDB

- by brad oyler

I create a lot of quick "proof of concept" MVC apps and I actually found the SimpleMembership provider that shipped with the MVC4 templates to be very handy since it gets me up and running with user registration & OAuth in a matter of minutes. But...I've started to use RavenDb (on RavenHQ for a lot for my projects). So, I starting trying to implement my own "custom membership provider" based on the ExtendedMembershipProvider and while doing that I realized that didn't make much sense. I later stumbled upon 2 interesting projects that try to solve this exact problem: WorldDomination.Web.Auth: https://github.com/PureKrome/WorldDomination.Web.Authentication MemFlex: https://github.com/OdeToCode/Memflex Both are pretty interesting recent efforts and was wondering if these are the only ones being built right now. I'm essentially looking for nuget pkg that I can drop into a MVC4 app, connect to my RavenDb and be done. I'm willing to build this thing but don't want to duplicate any efforts that are already in motion. Thx!

Read the article
please recommend a rails based CMS

- by paul

Hello, I am searching for a rails-based CMS that provide rich text editing feature (e.g. I need an interface very similar to that of Wordpress where you can easily style up your static pages and upload pictures without knowing any css or html) AND easy to be dropped into an existing rails application. Camtose, RadiantCMS and few other ones did not seem to offer the rich interface I was looking for. RefineryCMS had conflict with my existing user authentication and I did not really find a solution to it. I am just wondering if there are any rails based cms that can meet my needs. Please advise if you know of any such rails-based CMS. Thank you for your help!

Read the article
Get a list of events owned by a facebook page

- by Tom Wright

Does anyone know how I can get a list of events owned (created) by a Facebook page? I seem to be able to use the "graph api" to generate a list of the events an entity is attending. I also looked at FQL, but it seems to require that the 'where' clause is an indexable field (and, naturally, the id is the only indexable field). For bonus points, we'd be able to do this without any authentication. (Though I'm resigned to the fact that I'm likely going to need at least a permanent access_token.) If anyone know how to do this I'd be eternally grateful.

Read the article
Safari - showing expired .NET Page

- by Hidayath

We have a strange problem in Safari. When the user logs out of our Web Application we expire the forms authentication with the following FormsAuthentication.SignOut(); Session.Abandon(); This works fine in IE and Firefox (when the user hits the back button they are presented with a page expired message and are forced to login) but in Safari the last page the user was working on shows up. I tried many of the suggested thinks like setting the Response.Expires but nothing helps , Has anyone faced this problem ? Do u have any suggestion / workarounds ? Thanks

Read the article

< Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >