As seen here http://tools.ietf.org/html/rfc1929 , I would assume that it is either 255, or unlimited in length. What is the longest possible username and/or password you can use for authenticating a SOCKS 5 proxy? ...
Hello All I am using MVC and Nhibernate in my application. How can i improve security of my application using proper authentication and authorization? Right now i am using asp.net mvc authentication. ...
I'm just fleshing out some ideas for an iphone web app and it's going to be (in essence) a CRUD interface to a Rails web backend. Ultimately that backend will be a full blown website too. My question is: what's the best way to handle "logging in" on the iPhone app? How should it authenticate to allow the user to see their data and add n...
The docs are very clear on how to authenticate against open LDAP with ZF. But, I failed to find the docs on how to register new users, delete users and update users (change password) using ZF on Open LDAP. Any good docs out there? ...
Im trying to build and automated log in using Googles authSub, but I need to store data for the users the log in. ... and basically I don't get it. Should the token from Google change the 2nd time a user logs in, that user looses his / her info and you don't get any info like a userId that you can use to store information against it. U...
I need to authenticate securely to a third party site for a SSL REST api call. I have the API call part working but I want to save the third party credentials in my app engine datastore, or maybe somewhere else? I have no idea how im supposed to do this. The SSL call looks like: credentials = base64.encodestring('%s:%s' % (username, pa...
Im looking for a step by step tutorial that covers Google's Federated Login process using php and cURL. All needs to get dumped into codeIgnitor so it really needs to be easy to follow. ...
I am trying to make a simple commandline client for accessing shares via the python bindings of gio (yes, the main requirement is to use gio). I can see that comparing with it's predecessor genome-vfs, it provides some means to do authentication stuff (subclassing MountOperation), and even some methods which are quite specific to samba ...
I have a problem I am trying to solve as smooth as possible, and also keep it as safe and flexible as possible! I have a web app where I have 2 kinds of users; Back end users (trusted users; Admins!), and Customers (Front end users; not trusted in the same way)! They do work on some of the same data in the database, but the Customers ca...
Ok Im having more luck with G'oogle's federated log in, I'm at the point where you get the following params back from Google. [openid_ns] => http://specs.openid.net/auth/2.0 [openid_mode] => id_res [openid_op_endpoint] => https://www.google.com/accounts/o8/ud [openid_response_nonce] => 2010-01-02T14:58:22ZvP-t8tJXqGWaPw [openid_return_t...
I have this code sample: <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" %> <% if (Request.IsAuthenticated) { %> Welcome <b><%= Html.Encode(Page.User.Identity.Name) %></b>! The catch is I am putting the user's id and not name into the 'username' field: User user = _userRepository.Get(...); FormsAuthent...
My app must read an SSL url from a third party. How do I best store the third party credentials in my own database, which protects the third party credentials from being compromised? Consider both absolute security and practicality. One-way hashing the credentials is not useful as I must restore credentials to plaintext for the SSL call....
Until now, I've been the only person who has had access to the editing tools/forms for my sites content, so using http authentication in an SSL protected directory has worked for me. About to add someone to the content entering team so I'm wondering what PHP libraries you'd recommend for authentication and permission/access control to t...
I'm pretty exasperated. I'm attempting to build a turn-based multiplayer online game for Android using Google App Engine in Java as the server. They seem like a perfect fit. Android requires a Google account, and GAE uses a Google account for authentication, while being free and scalable. So before the holidays I was able to get authen...
Using ASP.NET 2.0. I'm using Forms Authentication on two sites. The two sites have the same machine key and thus it is possible to log into one site and go directly to a URL on the other site without the need to log in again. However, I now wish to call a web service on the other site from the code behind on the current site. I need ...
Hello, I am trying to run a script in several machines I have at work, to gather some information about them, such as which OS they're running, what services run on them, some configurations, etc. I have a machine on which I log before ssh-ing to any of the other machines, because of the public key setup it has. From there, I can ssh in...
hi. i have a form which allows the user to upload some files to a folder. i've edit the .htaccess file in that directory to protect this folder from allowing the unwanted visitors to download the contents manually by typing the full url ex: http://www.bkabkabka.com/a/b/c/document.pdf and this is the .htaccess data Options All -Indexe...
Creating simple php login scripts is easy, with simple one table mysql integration. I was wondering how i could you the rather snazzy HTTP Authentication that is available in HT Access and PHP, but the users are checked against a mysql database? I am sure this is possible, but i have no idea how :/ ...
I have an ASP.NET 3.5 web service (old school SOAP, not WCF) running on two servers set up identically in IIS 6.0. The Authentication/Access control is set up as follows: Enable Anonymous Access = False Integrated Windows authentication = True Digest authentication for Windows domain servers = False Basic authentication = False .NET ...
I have an ASP Menu object that's pulling data from a SiteMap XML file. On that menu, I have a link to my login page. When I click the link and login (which fires on a button event), the Menu does not exposed the protected links. I suspect it has to do with the security context not being updated in time for the render, but I don't know...