I created a GWT project which requires authentication. Initially, the users' passwords were in plain text, but now I would like to hash them with BCrypt. I searched but I cannot find a place describing how to make Jetty authenticate against a BCrypt hashed password. I'm sending the password to the server using a FORM in plain text and...
Hey, I am currently writing an application which I plan to sell as SaaS. Without giving away "secrets," I can say that it is basically a "document editing system" in which many users will be submitting documents. The basic heirarchy is this: Institution Individual Document Sub-document So each Individual should be able to BROWSE al...
My team and I are implementing a centralized API authentication system so that one set of API credentials can be shared among several different API-publishing services. These are all Rails apps. Long explanation For any given API transaction, there will typically be 3 apps involved: End-user-facing app that consumes API X. Has API ...
Initially I had the issue reported in this question. Now, what I noticed is that there are some browsers that accept the password, and there are some which don't. Difference? For some reason the cookie is generated when I log in into the Administration module, but it isn't when I write down the password to access the page, forcing it to...
I have a main controller to handle the very front-end of my authentication system, it handles login, logout, update user info, etc. functions that I anticipate calling by POST'ing from views/forms. What about something like a "delete_user" function though? My thoughts are a button in someones admin panel would say "Delete Account" and it...
I'm a Django beginner. My site - let's call it abc.com - works fine, letting users log in and out (having originally registered via Django registratiaon). If it's relevant, my virtuahosts file has ServerName abc.com and ServerAlias www.abc.com directives. I don't want my visitors to sense that both abc.com and www.abc.com exist, and s...
This has been asked many times, but none of the answers are satisfying, I looked online for secure tutorials but I have not found something good enough you would want to use in an important website. It just seems like there are so many ways to get around security. Does anyone know of a GOOD one? What do you guys do when you build a webs...
I've been using Restlets "ChallengeResponse" mechanism to authenticate users on the server side. ChallengeResponse challengeResponse = getRequest().getChallengeResponse(); if( challengeResponse == null ){ throw new RuntimeException("not authenticated"); } String login = challengeResponse.getIdentifier(); String password = new Strin...
I would like to create a repoze custom predicate checker that is capable to access url parameters and validate something. But I would like to use allow_only to set this permission checker in all the controller's scope. Something like: class MyController(BaseController): allow_only = All(not_anonymous(msg=l_(u'You must be logged on'...
Hi, Is it possible to use Live ID for authentication in a Silverlight 4 Out of Browser App. If it is do you know of any sample code. Thanks ...
I've been asked to create a stand-alone webapp using "straight" HTML and Javascript that does user authentication against an existing PHP app (backend is MySQL). Unfortunately, I really don't have a firm grasp on how PHP authentication works, and I'd rather not invest a lot of time in learning PHP just for this particular case. I can se...
Hi All I have an ASP.NET website set up using Windows authentication. Each time I open IE and try to access the webpage I get a windows authentication screen. Once I have logged in I can see the website fine. My problem is that every time I open a new IE browser I have to re-enter my username and password. I have heard about thew dou...
Our website has been working and still works if we are connected to the LAN but now if someone is elsewhere and tries to connect, they are presented with the screen called "User Authentification" asking for a username and password. What would have changed? The website is http://pc.bartselectric.com Any help is greatly appreciated. Th...
I'm accustomed to *nix servers and if we wanted a completely secure sign in screen, we (as far as I am aware) are to use SSL via HTTPS. Our overseeing organization at work use Windows Servers for serving web pages. On one such page they are authenticating network credentials. This page is using HTTP, and what appears to be Basic Auth (a ...
I've got an android app that authenticates to an appengine app. I've had it working for a little while, until the authToken supplied to me (by android's AccountManager) expired, causing a 500 error when I tried to use it to get a session cookie. I have now invalidated the authToken, but after that I still cannot authenticate. However, i...
I have some SSIS packages deployed on server with windows authentication (my user account) using protection level as ServerStorage. Also SQL admin has created jobs to run these packages, admin account is the owner of all the jobs. The jobs are running fine till date but now since my work is over my account will be deleted from AD and I a...
Hi, I need to be able to login to a site via Forms Authentication using a HttpWebRequest. Currently, when I provide NetworkCreditials to the request, it just redirects me to the Login page, which makes sense...but how do I go about ensuring that the request correctly authenticates without redirecting? Thanks, Kieron ...
From page 5 of Bernstein's paper, it says to do a simple summation equation of c_q * r ^(q-x+1) from 1 to q and mod the entire thing by 2^130-5, add it to an AES output and mod it by 2^128. However, I cannot seem to get his test vectors. one of them is: c1 124bcb676f4f39395d883fb0f19ea3c66 c2 13...
I'm contemplating how I should implement authorization and authentication with ASP.NET and MVC2. Lets refer to this as a user system. I have seen three types of solutions in the wild: Use the built-in ASP.NET Membership system (NerdDinner) Roll your own (Shrinkr) Create an abstraction layer for the ASP.NET membership (Tekpub's mvcstar...
I came across this statement Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identi...