auth

Tomcat URL Authentication e.g: https://user:[email protected]

I am writing a tomcat app, and have a need to do authentication within the URL like this: https://user:[email protected] Except for the life of me i'm not sure how to set it up or able to find the docs to read up on it, clearly my google skills need work. Can anyone tell me where i should be looking for this kind of info or whe...

Kohana 3 auth module problems

Hey there, I am having an issue with the Kohana 3 Auth module. Both the Auth and ORM modules are enabled in the bootstrap.php , the sql tables are installed and the DB connection is fine. I have put in application/config/database.php and sessions.php as well as auth.php. When I try to create new users doing this - $user = ORM::fac...

How to config Apache to use NTLM auth for local users and Basic Auth for external?

We have an internal web site. And we have 2 goups of employees. 1. Central office they will be using NTLM auth 2. External users who don't have active directory accounts, they will use Basic Auth Can you help me find out how to config apache. ...

Login Form For Http Basic Auth

Hello everyone, I am running a Perl application named bitlfu.For login it is using something like Apache HTTP Basic Auth but not a form.I want to make form for the login with username and password filed. I have tried JavaScript and PHP with no results till now. So I need help! PS: this kind of url works http://user:[email protected] ...

How to build an app whose main page shows data and login form with cakephp?

I'm developing a basic application with Cakephp. It´s a FAQs page with login for an administrator that can edit the FAQs. The problem is that I want to show the FAQs in the main page as well as a form that allows admins to login. I've seen examples but I don't know how to follow correctly the MVC. How should the Faq, User and (possibly) ...

end Auth Adapter Ldap in 1.10.6 is not backward compatible

Zend Auth Adapter Ldap in 1.10.6 fails when using the same options ldap.server1.baseDn = "CN=Users,DC=webex,DC=local" (this is just one option) the exact same option works in the previous 1.5 or 1.6 versions if i change the above option to ldap.server1.baseDn = "DC=webex,DC=local" then it works but would always return Invalid Credent...

How can I get hg to prompt for my HTTP auth username / password on cygwin / windows?

At home, this works perfectly. I'm on another computer now (using cygwin) and hg push will not prompt for a username / password: user@localhost /cygdrive/d/repos/upthescala/viewprotect $ hg push https://viewprotect.googlecode.com/hg/ pushing to https://viewprotect.googlecode.com/hg/ searching for changes abort: http authorization requir...

Store users hashed PW in localstorage?

I'm writing a web app for 100 users where I work. It is accessible on the internet, not just our intranet. Many users are unskilled users, though most use Chrome as that's the browser that's default on their laptops. To auth with the web app this is a potential plan: User enters password Password is sent to server Password is hashed a...

C# Pinging particular ports and proxy credentials

Heya guys I have 2 questions for you. Im creating an Application for Chat that relies on Jabber, witch is my server is port 5222 for the server side of things. Port Ping How can I ping a server via Port 5222 and check to see if its open and responding. Something like Ping.Once(Settings.Defualt.ChatServerDomain,Settings.Defualt.Chat...

Building a simple RESTful api

I'm wanting to make an API quickly, following REST principles - for a simple web application I've built. The first place the API will be used is to interface with an iPhone app. The API only needs handle a few basic calls, but all require authentication, nothing is public data. login/authenticate user get list of records in users group...

php's Header equivalent in JSP

in php i used to authenticate whether a user was logged in or not by checking the session for a member id, if set ok, else the page would be redirected via Header to the login page. this auth script was in auth.php and i used to include it in any page that required login. simple. however i cannot do the same in jsp. because the rest of t...

Cake's ACL component and the concept of "ownership"

Hello, I have been futzing around with Cake's Auth/ACL components. I've read the docs and I've done the tutorial, but I am still not satisfied with what I can actually accomplish with it. I've seen a couple of other approaches, but I can't say as I really have a straight winner with either. In any tutorial/blog post/doc I read, the u...

Showing auth_message's

After installing django_message I noticed django has a nice little notification system build-in (Being: Auth_message). I was wondering how can I show them to users? They only appear in the admin panel as for now. Which template tag can I use to integrate them into the site? How can I add notifications? ...

In CakePHP Auth - is there a way to force https on all actions requiring Authentication (but not others)

Using CakePHP Auth, I want to have all actions that require being logged in to also be forced to use https. Is this possible via a Callback somehow? Further info: I have Admin routing in use as well as certain "member-only" actions. Using cakePHP 1.2 also. many thanks for any pointers on this. boobyW. ...

CakePHP Auth Component Check User Before Login

I want to prevent banned users from logging in to the site and give them a message that they are banned. I tried to use isAuthorized() for this but it allows the user to login and only after that denies him permission to the unauthorized actions. So, basically I want to know where to put the condition that would check if the user table ...

Using email instead of username in CakePHP's Auth Component

CakePHP's Auth component requires the username field to be present in order to convert the password field into a hash upon save. Apparently, even if I put this in the beforeFilter() - "$this->Auth->fields = array('username' => 'email', 'password' => 'password');" - it doesn't encrypt the password before inserting it into the database. S...

CPanel PHP_AUTH_USER behaving unexpectedly.

Hello, I am ruining the following code: <?php if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered {$_...

Is this login system secure enough?

After looking into our login system to add some new features, I found out that it isn't very secure. The auth cookie was the encryption of user id, stamp, version, PASSWORD IN THE RAW, and a cookie id At least I can say I am not the one who did it like that, a previous developer did. (Yes, I know that password should be saved as a hash i...

CakePHP auth session vs. cookie not updating

Hello, I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this: I set up manually expiration time to 1 minute (Security.level low (...

Is this a good security strategy?

I'm trying to make a web service secure. It's not for a bank or anything of that sort, but the organization using it may lose some money if the service will be used by someone not authorized (it's hard to tell exactly how much..). The purpose is not to allow unauthorized applications to use any method (other than "GetChallenge". for u...