I'm upgrading an application from an old ejb2 setup to use ejb3's using the ejb3 feature pack on websphere 6.1 I've got a ServletContextListener which does some initialisation when the servlet context starts, part of this initialisation involves calling ejb's. The server is set up to use FileRegistrySample for its custom user registry,...
The subject of how to store web site users passwords in tables has come up several times on SO and the general advice is to store a hash of the password, eventually an HMAC hash. This works fine for Basic authentication or for forms based authentication (really the same thing). My problem is that I must provide also Digest authentication...
I'm developing a site for a client who already have the photos of his products on Facebook, and he wants the same albums to be replicated over his site. I was already using Facebook Connect, so I dropped a combination of photos.getAlbums and photos.get to dynamically make the galleries. So far so good, but then I realized that if there'...
We have an internal web app running on IIS6 and we use the integrated windows authentication for domain users to login to the app before they can use it. What we would like to do is redirect the user to an error page if they fail to login to the domain 3 times. Where should i be looking to configure this? My first thought was in IIS, ...
I'm making a gallery website. Photos and albums should be hidden from the public by default, but the owner can share a public URL if he wants. I also want to use short URLs for this. I'm trying to figure out the best way to do this. At first I thought I could have a MySQL table with the short URL code (something like Zneg8rjK), and the...
Note: This question has broadened in scope from previous revisions. I have tried to simplify the issue so it can be easily reproduced by anyone. Using Fiddler, I can replay an arbitrary request to my default page after erasing my Authorization header from the HTTP request, and I am able to get a response of 200 OK with valid data. ...
I am trying to remove the windows logon screen (winlogon) from an executable launched from a service. The service would start automatically with windows and wait for commands from another computer. When it receives a command, it will launch an exe which will start cmd.exe under a particular username. The service is already present. I ha...
I thought that I should use JSON for ID/pass storing format once, but I reserched about it, then I finally found that JSON is too difiicult to me, so now I am considering to use CSV. The CSV file would be like this. File name is id.csv. aaa_id,aaa_pass bbb_id,bbb_pass ccc_id,ccc_pass Left colum is id, and right colum is password an...
Hi, I'm trying to post with JQuery like this: $.post("NiceController/Create/", { field1: data1, field2: data2 }, function(data, textStatus) { if (data.Status) //Do something }, "json"); The problem is, that when I'm not authenticated I don't get redirected, to log-on page, because it's not a full form submit. Question is:...
I'm developing custom client/server application that requires client to log in with their username and password. The user accounts are not related to Windows/AD accounts in any way. After login, client application will request other services from server system. My question is what is the best way to implement this? What kind of archite...
Company I work for wants to publish an internal website to the outside world, but also wants to identify the visitors in some easy way. Some functionality will be visible for all visitors but most must be visible for authenticated visitors. (And some functionality is restricted to admin-visitors.) While management is considering to imple...
I have an ASP.NET 3.5 application (on IIS 6.0) which uses ASP.NET forms authentication. In my IIS logs, I have extended logging turned on including the cs-username field. Even after a user has logged in to my site, the cs-username still displays '-'. Is there a way to get the authenticated ASP.NET user's name to appear in the username f...
How can I have different users for different sites with django. My application should look like this: a.mydomain.com b.otherdomain.com Users should be bound to the domain, so that a.mydomain.com and b.otherdomain.com have different users. ...
Hi guys, does anyone know how Pandora saves user profiles/accounts after a user registers? How does it remember the user - even after the user has cleared cookies and cache. I also found today that if you register with one browser and visit Pandora.com with another browser you are recognized as the registered user. Awesome functiona...
This is something that's been bugging me for many years: why most online services highly value the entropy of a password, citing it as a security measure, and enforcing it when users select a password? I decided to come out with this question after reading the paper "Do Strong Web Passwords Accomplish Anything?" (and, of course, classic...
Does anyone know or know of somewhere I can learn how to create a custom authentication process using python and google app engine? I don't want to use google accounts for authentication and want to be able to create my own users. If not specifically for google app engine, any resource on how to implement authentication using python an...
So I've been reading a lot about encryption in PHP. So much that I am not sure exactly what's a really good method to securely store login information. However, the following function is what I came up with: function loginHash($username, $password){ $salt = str_split($password,(strlen($password)/2)+1); $hash = hash('whirlpool',...
Here's my situation: I want stuff under mysite/customer/* to require form-based authentication before access (login via mysite/customer/login.jsp, with its own user_password table and role. ) BUT I want stuff under mysite/admin/* to require another form-based authentication before access (login via mysite/admin/login.jsp, with ano...
Sorry if the spelling is completely wrong. What the heck is one? Why is it preventing me from authenticating via Mozilla? Why would someone force me to use one to authenticate from a command line tool? How is it tied to the back end being implemented in Silverlight? ...
I am using FORM authentication, together with Realm. I would like to know how can I log out. The only solution so far is to close browser, but that's not acceptable from the usability standpoint. SOLUTION As pointed by the accepted answer ((HttpServletRequest) request).getSession().invalidate(); ...