Logging In: Background Details
What happens when you log into a website? I know cookies are stored and some info (what info?) gets sent to the server...but maybe some more detail? ...
authentication
HTTP authentication logout via PHP
What is the correct way to log out of HTTP authentication protected folder? There are workarounds that can achieve this, but they are potentially dangerous because they can be buggy or don't work in certain situations / browsers. That is why I am looking for correct and clean solution. ...
Conceptual overview of WCF security model?
I'm working with WCF at the moment and attempting to implement a custom security model based around an API key and signature (similar to how Facebook/Flickr/OAuth etc. work). There are a while bunch of classes like ServiceAuthorizationManager, SecurityToken, SecurityTokenValidator, IAuthorizationPolicy and so on, but I can't seem to fin...
How can I pass a password to the "su" command?
I have a program that is going to take a password as input and then do a shell execute to perform a "su" (switch user) command in UNIX. However, I don't know how to pass the password variable to the UNIX su command. The language I have to use for this is pretty limited (UniBasic). Any ideas? ...
Tomcat: setup realm for authentication to use Windows users
I'd like to setup Tomcat on Windows and have authentication in my web application be done against the Windows users (or a subset of those users). I read that if you have users setup on Active Directory, you can use the JNDI realm. What if you don't have Active Directory, but just have "simple Windows users" setup on the server? Is it po...
handling the connection string with SQL Authentication
Hello, I am deploying a Windows Application that uses SQL Server 2005. The program will use SQL Authentication. My question is, how do you handle the connection string when you don't know what the username/password will be? Do you load this from an encrypted file? Or are there provisions for handling this already? ...
Is this a reasonable approach for HTTP BASIC authentication with an API key?
I have just begun adding a REST API on a rails app, and since I only wanted to expose a couple controller/actions, I added a method to ApplicationController: def http_basic_authentication if request.format == Mime::XML authenticate_or_request_with_http_basic do |username, api_key| self.current_user = User.find(:first...
Security of REST authentication schemes
Background: I'm designing the authentication scheme for a REST web service. This doesn't "really" need to be secure (it's more of a personal project) but I want to make it as secure as possible as an exercise/learning experience. I don't want to use SSL since I don't want the hassle and, mostly, the expense of setting it up. These SO q...
Keystroke dynamics in Linux
I'm thinking of implementing a keystroke dynamics (authenticating people based on their typing patterns) application for Linux. As I see it, I have two alternatives: Extend the Linux logon to support keystroke dynamics Create a desktop-locker program which "locks" the screen and can only be unlocked by a typist with a particular typing...
asp.net cookies, authentication and session timeouts
I have an asp.net website that uses forms authentication. There are a few things I keep in sessions like username, userID, email, etc. I allow the user to stay logged into the website by setting a long expiration date on the authentication cookie. So it's very common for the session to expire while the user is still authenticated. The ...
REST and authentication variants
I am currently working on a REST library for .net, and I would like to hear some opinions about an open point I have: REST and authentication. Here is an example of an RESTful interface used with the library: [RestRoot("/user")] public interface IUserInterface { [RestPut("/")] void Add(User user); [RestGet("/")] int[] List();...
AuthSub/OAuth, ASP.NET and Google API
I have an Idea for a simple webApp that would cross-link information from Evernote to Google Calendar. I was able to find a good Evernote Quickstart project but I am now searching for something to start with to begins accessing Calendar. Please advise if you know any good resources with code samples that would show me how to do the dirty...
J2EE Authentication Error Handling
We are currently trying to implement a web application which is using the J2EE authentication mechanism with a FORM-based login, inside the Websphere 6.1 web container. If the authentication is successful, we have everything working; the LDAP membership groups are being retrieved, the group to role mapping is being performed, and the ro...
Zend Auth and ACL
Hi there, I am hoping some can help me a little bit, I am currently developing my first site using a PHP framework, part of the site is spilt into a members area, this is where my confusion begins to surface, withing the members area I want normal members to be able to add new comments and edit there own comments, simple enough that I ...
Why won't my Gmail login work using PHP and CURL?
I'm implementing one project using PHP, in that I want to login into a page automatically . The code is below. $ch = curl_init(); $postdata="Email=$username&Passwd=$password&continue=https://www.mail.google.com"; curl_setopt ($ch, CURLOPT_URL,"https://www.google.com"); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch,...
Connecting to SSAS 2005 from Excel 2007 over http: how to make it ask for username and password?
I'm trying to let my users connect to OLAP cube in SSAS 2005 using Excel 2007 over the Internet. I've set up dynamic security using fact table in cube. It uses UserName function, so users should authenticate to SSAS using windows accounts. I've set up msmdpump.dll component on IIS, allowing windows authentication, but not anonimous one....
JSTL and authenticated web services
Can I access an authenticated web service using JSTL? (Form-based authentication) If I can't do it using JSTL, is there any other way I do it from a JSP? Maybe I need to give a little more information. I'm using the core library: <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> and the import tag, as in: <c:import ...
Typical SQL Server authentication approach for Internet-facing app server
I work on an Internet-facing, ASP.NET-based product that uses SQL Server 2005. Most customers deploy our software using the traditional approach with the app server (IIS) located in a DMZ, and SQL Server behind a secondary firewall. We would like to pick one type of SQL Server authentication. From a security perspective and/or a custome...
X.509 v3 certificate with non-repudiation and/or digital signature? Where can I get one?
Hi, To get things working as they should with AS2 protocol signatures, I need a digital certificate with keyUsage extensions 0 and/or 1 (nonRepudiation and/or digitalSignature). It's not a problem to generate it and self-sign it, but since it will be used for some serious stuff like e-invoices, I need it to be issued by a trusted third...
Best way for authentication in PHP
Hi Folks, What's the best and most secure way to go when writing an authentication library in a model-view-controller way? The things that give me a hard time are keeping track of the users activity and remembering users via a cookie or storing sessions in the database? Thanks in advance :). ...