Edit Jan 18th 2010, Is there any symbol that should NOT be allowed to use in a password? ========================================= Hi, I am wondering what 'common' policy out there for username/password for creating a new account on a website. This is currently what I have: ===========For username ================== Length between...
Hello, I've got working code that uses the gdata to retrieve feeds from my user's Google Finance portfolios, but I had to use setUserCredentials(username,password). What I'd like to do is avoid asking the user for their username/password since the Android device already has access to their Google account. I believe I should be able to ...
We have a WCF service hosted on IIS behind a SiteMinder proxy (for lack of a better term). In essence, requests enter the SiteMinder at https://public.domain.com/SOA/Service.svc with http basic authentication. SiteMinder verifies the authentication, strips it off and sends a request to http://internal.domain/SOA/Service.svc with no aut...
The Google API (or things like calendar and Docs) has a handy feature where any code can point to a generic URL and get the info for the user currently logged in to that session. I would like something similar, but without relying on OAuth or RESTfulness, or user-approval via token. Essentially a user will log in using the same authent...
My boss has asked me to look into this question but I'm not sure where to begin to research it. Any tips on the types of topics I should be looking into? ...
I'm working on a project in django which calls for having separate groups of users in their own username namespace. So for example, I might have multiple "organizations", and username should only have to be unique within that organization. I know I can do this by using another model that contains a username/organization id, but that ...
Long story short, I'm developing an in-house report engine. It is entirely web based (utilising PHP and various AJAX techniques) and interprets data stored in a MySQL database by our production software. It runs on an Ubuntu 8.04 server, and all employees have a linux user account on that machine. I set up a login system using pam_auth t...
I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup (this is based off of this question): In the security-config.xml file, I have the following configuration: <http> <!-- Restrict URLs based on role --> <intercept-url pattern="/WEB-INF/jsp/login.jsp*" access="ROLE_ANONYMO...
I have a DJANGO application divide in two sites(A middleware called site A and a front end called site B) and I need to share authentication between them. The site A is called by B to send username and password. Then A return an HTTP response to B and use HTTPResponseRedirect('/welcome') to redirect in a local function (protected by @l...
Hi. I'm using Form Authentication in ASP.NET 3.5. I noticed that when my app pool recycles (every 1.5 hour), the users authenticated wuth Forms authentication (that have auth cookie) are logeed off and must re-login. How to avoid that? ...
I am not at all familiar with ASP.NET membership/roles. This is my first time using it, and my first time trying ASP.NET MVC. When I create my first project for MVC, it gives me a lovely template to create an account. I was excited to see that I did not have to do this manually. However, it failed because it cannot connect to SQL Ser...
Using the examples from the CGI::Session::Auth::DBI and CGI::Session::Auth pages, I have attempted to implement the _login function with no success. I'm using Windows 7 and Apache 2. #!/usr/bin/perl -w use strict; use CGI::Carp qw(fatalsToBrowser); use CGI; use CGI::Session; use CGI::Session::Auth::DBI; my $cgi = new CGI; # using '....
How to set the user authentication on my database application in berkeley db java edition. ...
Hi all, I found a form of information leakage when using the @login_required decorator and setting the LOGIN_URL variable. I have a site that requires a mandatory login for all content. The problem is that you get redirected to the login page with the next variable set when it's a existing page. So when not logged in and asking for: ...
I'm fairly new to PHP and am looking for some best practices on how to implement authentication in PHP. I'm an evangelist for Adobe and one of the things that annoys me is when people use Flex/Flash for the login screen. So I want to do a blog post/example on using an HTML/PHP login page and then passing the session information to Flex...
Suppose you have a webapp that gives users their own site on a subdomain (eg: awesome.super-cms.com) and that you let them edit HTML. Further assume that you're setting the SessionID in a wildcard subdomain cookie ("*.super-cms.com") The user who manages evil.super-cms.com could easily write a JavaScript that grabs the SessionID from o...
I am just having a user name and not having any password. I just want to check if this user name exist in Active Directory. How do I go about it? ...
Considering the set up: Ms Access Application split into Front End and Back End = both native MS Access Front End consists of forms only - it will be the only way to access data Front End copy distributed to each user machine (thanks for answers to this question) I need to implement the following scenario: Ms Access application wit...
Is it possible to send both username token and the kerberos token over HTTPs with WCF? We are able to use custom binding with authentication mode set to 'UserNameOverTransport', which will include a username token in the SOAP header as per OASIS web services security standard. Alternatively can set the authentication mode to 'KerberosO...
Most web based user authentication systems don't like usernames that contain characters other than letters, numbers and underscores. Is there any particular reason for that? ...