There are two ways to log any password - I do not see any problem with either of them. 1. Not log any password, just log the user. 2. Log '******' against the password. logger.info("User=" + user + "logged with Password=******"); Do we have any best practices for these situations? ...
So I want users to be able to login from different computers simultaneously. So that means I should allow the user to have multiple tokens. And then I also want the user to be able to login from different browsers on the same computer. So that means I should allow the user to have multiple tokens for same IP. However, it's gonna get m...
I'm doing some simple HTTP authentication and am getting a java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic OGU0ZTc5ODBk(...trimmed from 76 chars...) (...more password data...) which I think is due to me having a really long username and password and the encoder wraps it with a \n at 76 chars. I...
I already have a User table in my primary application database with an email address (which will act as the user name) and a password. I would like to authenticate using my database instead of the default authentication database (ASPNETDB). Questions: Is this a bad idea? Is it a huge can of worms to use my own DB for authentication? H...
Does anybody know some simple authentication and data transfer protocol based on symmetric keys only? Due to memory constraints (kilobytes RAM and ROM) we cant afford asymmetric cryptography and due to closed environment asymmetric cryptography does not increase security of any way. I am looking for simple symmetric cryptography protoc...
I have secured my Grails app using the ACEGI plugin and am using annotations on my controller methods to prompt the user to login. My app has a static HTML front page with a login link on it which redirects to the login/auth page. On a successful login I want to load my own custom page for the authenticated user, called person/mainpa...
Hi, i have a custom SiteMapProvider which I populate from a database. I also have a custom SiteMapNode which has to be constructed with a custom Page argument. The implementation of SiteMapProvider.IsAccessibleToUser(context, node) is now: Public Overrides Function IsAccessibleToUser(context, node) As Boolean Return CType(node, Cu...
Hello, for an online bug report web application, I need to find a way how any user can submit a bug report (using HTTP POST) to a Servlet in a Google App Engine application, while all other Servlets (the application admin interface) are protected so that they grant access only to users which have logged in with their Google account. The...
I am trying to make a program that logs into a site and performs some automated activities. I have been using HttpClient 4.0.1, and using this to get started: http://hc.apache.org/httpcomponents-client/primer.html. On this particular site, the cookies are not set through a "set-cookie" header, but in javascript. So far, I am unable to...
I'm using restful_authentication plugin for Ruby on Rails. All seems fine except that it seems the user session is not getting created at all. I have the create method below. It appears that the self.current_user is being set but that the actual session is never created. When and how is the current_user_session supposed to be defined...
Maybe I'm approaching this the wrong way and should be doing everything in action filters, in which case please point me in the right direction! I'm setting up my ASP.NET MVC application so that the one HomeController Index action delivers two different types of content, like so: if(Request.IsAuthenticated) return View("IndexRegister...
I'm asked to write a Web API for an application (pc executable, not web-app) that will allow sending emails. A user clicks something, the app communicates with the API which generates an email and sends it out. I have to make sure noone unauthorised will have access to the API, so I need to make some kind of authentication and I haven't...
I'd like to access the cookies from an external app from merb but use the cookies to verify the user who sends the request to the external app. The example code is here: http://pastie.org/778601 This looks fairly straightforward to me so I'm not quite sure why it isn't working. Obviously you'll need to replace the session_secret_key an...
I'm building a new ASP.NET MVC application (in C#) and one of the requirements is to create a new database of members. For this, we'd need roles to manage the different types of members and profiles to manage the additional metadata attached to each member. So far so good, just use the standard MembershipProvider, RoleProvider and Profil...
I have set up SSRS on my localhost, and used BIDS to create a couple of reports on them. They access data from the same SQL Server where the SSRS is deployed, and when I preview them they run fine. Then I deployed them to my localhost SSRS and accessed them via the ReportManager web interface, again they ran just fine. Finally I deplo...
I've setup forms authentication in my Google Search Appliance. Is there a way to have the title and a summary come back for protected pages? Currently, since they are all redirected to the login page, all search results are titled as "Login." I'm using asp.net with the .net framework 3.5. ...
Hey guys, I'm new to Ruby and I've been playing around with making some webapps with it and I find it totally awesome. I just recently configured Authlogic to perform authentication within my app and next I would like to create a table that stores user profile information such as address, zip, phone, etc. and then later display some of...
I am building a CakePHP app that requires admins, users, and merchants. Merchants will need to have a profile. Users will need to provide different info for their profile. I currently have a user model handling login with ACL enabled. That is all working fine. What I cannot wrap my head around is how do I handle having a different...
Hi, We have created a custom membership provider that we are using in one of our applications and now I would like to use the same provider for all our applications so that you only have to login once and stay logged in when you switch between applications. Just by using the same provider in web.config for different applications doesnt...
the problem is that if the auth cookie has expired and the user clicks on a link that should open a popup using $.get than i get the login screen in the popup (same masterpage in another masterpage) instead of redirecting the whole page to the login screen anybody knows how to fix this ? ...