We're building a GWT+hibernate+spring web app that's deployed to tomcat and postgres. Looking at http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ and http://www.owasp.org/index.php/Hashing_Java#Complete_Java_Sample, We have a User table and a Role table(4-5 roles, to start with). Various layers of the app need...
I have the following simple Python code that makes a simple post request to a REST service - params= { "param1" : param1, "param2" : param2, "param3" : param3 } xmlResults = urllib.urlopen(MY_APP_PATH, urllib.urlencode(params)).read() results = MyResponseParser.parse(xmlResults) The problem is that the url used to ...
I have an existing Java web application running through IBM WebSphere (I'm unsure of the version, but could find out if it helps) that I am looking to implement two factor authentication with. The system has a decent user base, and I wanted to distribute hardware tokens to the admin users of the system to ensure strong authentication. ...
I'm just starting to sketch up the base of a web-based system, and I would like the admin to have the possibility to limit access either by Controller or by Model. My problem is, I can't decide which one (or both?) of them I should go with. Any ideas? Pros/Cons? First I was leaning towards doing it in the Controllers, seeing as they "co...
I'm looking for a bulletin-board software that will integrate with wordpress so that I can get peer-review on draft pages, powerpoints, other files ...
I'm updating my dad's old website. 99% complete. He has an online learning course that was done using frames and 1500+ images/pages. I created a cookie based login script that uses mysql to track users and the validity of the cookie. On each "protected" page my script appears, the cookie is rewritten with a special "code" and the code is...
I'm looking to build an application that handles authentication and authorization for a variety of smaller apps that may or may not be rails applications (e.g. some with sinatra, some with non-ruby frameworks, etc). These applications will be on separate domains. Can I do this with Authlogic? I do not want to setup a rails application f...
I have a ControllerBase class in an ASP.NET MVC Application. The other controllers inherit from ControllerBase. I want to access HttpContext.User.Identity.Name, but HttpContext is null. What's the matter? public ControllerBase() { var dataManager=new DataManager(); if (HttpContext.User.Identity.IsAuthent...
EDIT: After a complaint about assigning myself the answer, I want to update that the answers provided were not satisfactory. No one came out and explicitly said this is your problem, do this and you will have a resolution. Mere suggestions are not sufficient to merit a bounty award. Lastly, the problem was with server settings and aft...
In a situation, where the user is authenticated on another application (like oAuth or a custom security implementation), how can we simulate login? What we intend to achieve is: - use the user identifier key to check if the user exists - if the user exists, set-up the session for the user - basically, setup the attribute holder - assign...
I'm using FormsAuthentication (with cookies) for users authentication, with the default cookie name (".ASPXAUTH"). What I need is a different login system for the "/Admin/" virtual directory (backed by an ASP.NET MVC controller, "AdminController")... as if the "/Admin/" directory was another web application, but without creating another...
Hi, I'm working on custom WCF authentication and authorization and found some articles about UserNamePasswordValidator and ServiceAuthorizationManager. I also found clues about using a custom System.ServiceModel.ServiceAuthenticationManager ( http://www.netframeworkdev.com/windows-communication-foundation/custom-serviceauthenticationma...
Hello All, I am concerned on how to implement security measures may it be Authentication or Authorization.. How can these be implemented.. if you have any thoughts or links that you can share with regards to WCF REST 4.0 Security and if you've implemented it also the better. because ive been trying to find out on this topic all i find i...
Hello, this question should be fairly basic. I want to control the flow of an ASP.NET page -- if a certain condition is met, I want to write out an error message and stop drawing the page. However, I also want ASP.NET to output correct HTML (i.e. not cut off in the middle). Right now I am doing this: if (condition != what-i-want) { ...
I hope this is clear enough: I have an Authentication service which queries my aspnet role provider database. Authentication service passes the role details back to the client inside the User object. Using the role, I query my web.config to determine values that a user can see. Security team has done a review, and they can see the Role...
Can someone show me a very simple example on implementing LDAP security on Tomcat 6, please? I know not much beyond deploying a war file and bouncing Tomcat server. Thanks in advance! ...
Hello, I'm pulling my hair out on this one having been round and round on the JS, ActionScript and REST documentation/forums with no joy, hopefully someone can help me out. Scenario: The application has an event which it has created (has permissions for). According to the facebook documentation for events.invite (old rest api): Th...
Is there a way to move a saved login/password for TortoiseSVN to a network repository from machine to machine? Just got a new machine, know my username but don't recall my login to the repository. I know TortoiseSVN saves some auth info on the directories at %appdata%\Subversion\auth Moved over the file I found at svn.simple; I see my...
I would like to provide extended RSS content (extended with unmoderated comments, for example) to premium users (moderators). Would it be possible to somehow authenticate readers of feeds other than attaching a personal token string to the RSS URL? Granted, this way a curious person only needs to steal an RSS link like this (much like ...
I'm working on a solution to part of my companys site that is done in 2 different languages. My part of the project is in ASP.NET, and the login portal is in a different language. We pass authentication credentials by storing login information in the database on the portal page and then sending a corresponding token to the URL in the ...