In couchdb website -> technical overview -> security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To protect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protect...
Context Context first - issues I'm trying to resolve are below. [EDIT] The application in questions is built against .NET 3.5 SP1. One of our clients has asked as to quote how long it would take for us to improve one of our applications. This application currently provides basic user authentication in the form of username/password com...
I have a table "users" and I want to enable my visitors to login with their openID Account. For this I use the OpenId Component for Cakephp and it works fine (When I login with the Google URL I receive the "successfully authenticated!" notification). But now I'm kind of stuck because I don't know how to go on from there. Do I have to...
Working from the Bugzilla API, I've written a quick Perl script to clone a Bugzilla Product (recreating all the Components under their new Product). The Bugzilla Perl API is quite easy to use from the command line. I could have just worked on the database directly, but I wanted a longer-term solution. Another option was the webservice, b...
I'm building a simple WCF service, probably exposed via HTTPS, using NTLM security. Since not all users are going to be capable of using the service directly, we're writing a simple web front-end for the service. Users will auth with HTML to the web front-end. What we want is a way to delegate the user of the web site all the way to th...
I found some nice hints on how to write a custom realm and loginModule. I'm wondering though if it is possible to access a remote EJB within the custom loginModule. In my case, I have remote EJBs that provide access to user-entities (via JPA) -- can I use them (e.g. via @EJB annotation)? ...
I have been tasked with creating a SharePoint 2007 webpart that logs the user directly into our website (which uses forms authentication). Most likely the username and password will be same in the SharePoint account as in our website. Ideally we would like it to be fully integrated in that the webpart looks up the SP login & password, s...
My web app (asp VB 2005) uses Windows authentication. If the user isn't part of a specific AD security group they don't get to edit the data; instead I redirect the user to a read-only page. The program works fine in the IDE. I published the web app to my laptop and Disabled anonymous access. When I ran the program I got redirected to ...
I want to learn the whole details of web application authentication. So, I decided to write a CodeIgniter authentication library from scratch. Now, I have to make design decision about how to determine whether one user is login. Basically, after user input username & password pair. A cookie is set for this session, following navigations...
Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for se...
For starters, here's my code: // Create a request using a URL that can receive a post. WebRequest request = WebRequest.Create("http://mydomain.com/cms/csharptest.php"); request.Credentials = new NetworkCredential("myUser", "myPass"); // Set the Method property of the request to POST. request.Method = "POST"; // Create POST da...
Scenario: Server is glassfish with jax-ws web services and clients is php based What type of authentication for web services is more computable with php based clients ? HTTP Basic Authentication HTTPS Client Authentication Mutual Authentication (is it supported ?) Digest Authentication (is it supported ?) Description : Specifying ...
I have several web applications developed using PHP and would like to set these up to allow user authentication through active directory (specifically so that users can authenticate using their domain credentials). I am able to use LDAP to authenticate the user to a group that I have created, but am unsure how I can assign user permissi...
Hi all, Somebody knows how to change the user account and authentication method sharepoint uses to connect to its content database? It is now setup to connect using Windows Integrated Authentication but I want to change that to a local user account. Is it even possible to do this? Thanks in advance ...
I happens to find this nice article explaining how OpenID works. Clearly, OpenID consumer and OpenID server transfer information through URL query string. I'm wondering how Live ID accomplish similar functionality. It seems the info is not exchanged through query string in URL. And, since Live ID login server have different domain name...
Hello, I have a Rails application that connects to a legacy database (Oracle) and displays some information from a particular user. Right now the user is passed as a URL parameter, but this has obvious security issues because users should only be able to see their own data. To solve that, I want to implement a user login, and I did som...
I want to display photo of employee who is login but our company doesn't want to expose the photos of all employees publically that is why we put that employees photos on a server that is not live but connected with the live server. Now problem it that when I run my website on localhost the photos of employees display but as soon as I p...
I have a "Posts" and a "Users" controller. I use the Auth Component and I want that all users can visit "Post.index" but only logged in users can visit "User.index". In my app_controller.php I have this $this->Auth->allow('signup', 'confirm', 'index'); but with that all users can visit post.index and user.index. How can I specify a ...
I need to choose an authentication method for an application installed and integrated in customers environment. There are two types of environments - windows and linux/unix. Application is user based, no web stuff, pure Java. The requirement is to authenticate users which will use my application against customer provided user base. Meani...
Preferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples. I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotati...