There's plenty of discussion on the best algorithm - but what if you're already in production? How do you upgrade without having to reset on the user? EDIT/DISCLAIMER: Although I originally wanted a "quick fix" solution and chose orip's response, I must concede that if security in your application is important enough to be even bothe...
When posting a node from my slavesite.com site to my hostsite.com site, it keeps giving me the error : "1 1 Invalid API key.." I checked the key I set up on the host site and I gave the key a method access of "node.save". I built a simple module I got from this site(http://thejibe.com/blog/10/8/saving-node-remotely-using-services-and-ap...
Hi All, I have this authentication code to parse XML from a site. Got this here - http://stackoverflow.com/questions/3765046/bypass-authenticated-xml-page-to-be-parsed-with-php My problem is that the same authentication code this not work on a server below. It works on my local env and other servers. Please see sample links below an...
We're working on a site that will make use of the OFX standard to provide access to customer financial data. However, for security we make use of secret question/secret answer, machine tagging, etc. Does the OFX standard provide any mechanisms for security beyond just the simple username/password? I've taken a look at the schema and s...
Hello, I am trying to configure Apache2 so I can use MySQL for authenticating users to access certain pages. Also authorization needs to work so different groups can reach differen pages. Now, I have googled a lot but can't find out how to do this. At least not for the configuration I am having. There doesn't seem to be any version of...
I am using a web service that requires authentication from .NET (Visual Studio 2010). According to the documentation, you first request a session identifier from the first web service. I can do that with no problem. Then you are supposed to call the second web service for actually performing your query, passing the session identifier in ...
I have a web service [authorization] [allow users="domain\myaccount, domain\yyy"/] [deny users="*"/] [/authorization] [authentication mode="Windows" /] And I have a web client which calls this web sercice [identity impersonate="true" /] [authentication mode="Windows" /] I use my own domain account (which listed abo...
Overview I'm looking to create a (REST) API for my application. The initial/primary purpose will be for consumption by mobile apps (iPhone, Android, Symbian, etc). I've been looking into different mechanisms for authentication and authorization for web-based APIs (by studying other implementations). I've got my head wrapped around mo...
I'm building a Login Service for an open source MMO game. I do not know much on the side of security/encryption and I am looking for a solution that will provide good protection against hackers and must not be too costly to generate. Our old system used a very simple system of authentication by storing the password as SHA1 in the databa...
I've got Devise working in my Rails app but I can't figure out how to now lock it down so a user can only edit their own record in the users table AND in tables belonging to the user. What am I missing here? Is this done in the controller or the model? ...
Hi All, This should be much simpler than it has proven to be! I have an ASP.Net web app which uses FORMS authentication to secure part of the site (i.e. the member login area). Now I simply want to put a traditional/simple browser password popup (directory security) across the whole site because we are testing it and don't want anyone...
SOAP header: why authenticate in the header and not the body? whats the differences between putting the user's credentials (username/password) in the header vs the user's credentials (username/password) in the body? ...
Got an error while trying to invoke the webservice "System.NullReferenceException: Object reference not set to an instance of an object." Error on this line if (Authentication.Username == "x" && Authentication.Password == "y") what does this mean? [WebService(Namespace = "https://domain.com")] [WebServiceBinding(Confor...
I currently have a Google App Engine app consisting of two parts: A website using old school JSPs A RESTful service implemented in Jersey I've been trying to figure out how to shoehorn authentication into the web service but am rather lost since I've never used Spring before, and it sounds like that's the way to go. Must I use Spring,...
I am currently using this recently written tutorial on authorizing an application with facebook using auth 2.0 and it works. the application authorizes correctly and uses the GraphAPI. http://kartiklad.com/oauth-2-0-and-graph-api-for-facebook-canvas-applications/ But the problem is using the IFrame with a multi page website and this me...
I'm trying to make a stripped-down user sessions system, and tried to model it to be similar to authlogic. class UserSession attr_accessor :username def initialize(params={}) @username = params[:username] end def new_record? true end def self.find return nil if session[:username].nil? UserSession.new sessi...
i want to know if its possible to get the email of the people who are using open id to authenticate to my site [of course with the user knowing that i am getting their email]? this email will be the user id of the user and i want the user to be able to loggin using any provider and then i will set this email as the user identity. i need ...
I want to generate entity classes and Service class of OData secured service. In OData Java extension page it is written that I need to use org.restlet.ext.odata.Generator class that should get uri and output directory parameters. But if my OData service is secured the generator instance is not able to generate service classes without us...
I'm creating a desktop application that requires authorization from a remote server before performing certain actions locally. What's the best way to have my desktop application notified when the server approves the request for authorization? Authorization takes 20 seconds average on, 5 seconds minimum, with a 120 second timeout. I co...
I'd like to place a cookie on the client that holds an authentication token. After they log in with their credentials, they can just send the token instead of credentials until the server determines the token has expired. Below is the constructor for the cookie. I'm using restlets and am unsure about what to set "path" and "domain" to...