I want to implement an efficient mechanism to throttle login attemps in my Java web application, to prevent brute-force attacks on user accounts.
Jeff explained the why, but not the how.
Simon Willison showed an implementation in Python for Django:
That doesn't really help me along as I can't use memcached nor Django.
Porting his ide...
I am designing a Service to run under LocalSystem account on Win2000, XP and Vista. It will need access to users registry hives, sometimes for extended periods of time, both when the users are logged-in, and also, when they are not logged-in (IF the profile is local. If the profile is Roaming and not loaded, I will not attempt to load it...
Hi there,
I am hoping some can help me a little bit, I am currently developing my first site using a PHP framework, part of the site is spilt into a members area, this is where my confusion begins to surface, withing the members area I want normal members to be able to add new comments and edit there own comments, simple enough that I ...
I've developed my website that checks if the user is registered and creates a session variable with the username. It's all that is stored as a session variable. If I want to protect my pages (so that only registered users may see them), I check if the session variable is set.
Is this secure?
Or can you give a more secure method?
...
<?php
session_start();
include("connect.php");
$timeout = 60 * 30;
$fingerprint = md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']);
if(isset($_POST['userName']))
{
$user = mysql_real_escape_string($_POST['userName']);
$password = mysql_real_escape_string($_POST['password']);
$matchingUser = mysql_query("SELECT * ...
I just saw http://uservoice.com/login
It uses google accounts, myspace, yahoo, openid and all to sign in customers into its site? Can I do that?
I mean, customers need not register to my site. They can just sign in with their accounts on the above sites.
If you've a solution, I'd prefer a PHP and MySQL based one.
...
Hello all,
Simple way i am able to authenticate login page. How can i do that authentication in 3 tier architecture? please somebody send me the code that what should be in DAL,BAL,and GUI layers? Here is my simple code:
Web.config:
<authentication mode="form">
<form loginurl="Login.aspx">
<credential password Format="clea...
How does one check to see if a user has typed in the right password to log in?
This is what (out of a bunch of combinations...) I am doing:
<?
$login = $_POST['login'];
$password = $_POST['password'];
mysql_connect('localhost', 'root', 'abc123');
mysql_select_db('aun_vox') or die(mysql_error());
$q = mysql_query("SELECT password FR...
Hello all,
I have problem with Login page.If i dont enter the Username or password it should say that"please enter a Username or password" instead its going to destination page i mean without entering anything in Login field if i hit submit button its going to welcome page actually which should not happen.
Here is my code please somebod...
Please could somebody point me out what is the error here? Using javascript i am validating the user input. When i click the login button without checking the javascript function, it goes to the welcome page. Here is my code:
<script type="text/javascript">
function validLogin()
{
if(document.getElementById("txtUserName").valu...
I have an intranet server on a Windows domain (server is Windows 2003, IIS6, NTFS permissions). It is on the domain Domain01. I have users from two domains in the same forest that access this intranet: Domain01 and Domain02 (DCs also running Windows 2003). Currently, the users are required to login by entering either:
Domain01\username o...
I'm creating an ASP.NET MVC site and I need to implement login and membership functionality.
Is this something where I roll my own? I already have a members table in my database, should I create a username and password hash field and just check against it? What about keeping the user logged in with a cookie that expires?
Is this a...
Hi All,
I know it's not easy to find a master in GINA, but my question is most near to Interprocess Communication(IPC), I wrote my custom GINA in unmanaged c++, I included it a method that checks for validity of a fingerprint for the user try to login, this function will call some method in a running system windows service written in c#...
DUPLICATE:http://stackoverflow.com/questions/523912/login-method-customization-using-gina
Hi All,
I know it's not easy to find a master in GINA, but my question is most near to Interprocess Communication(IPC), I wrote my custom GINA in unmanaged c++, I included it a method that checks for validity of a fingerprint for the user try to...
I just installed Oracle Express edition. During the installation it asked me to set a password but not a username. After the installation completed, it directed me to a browser window and asked me to login with a username and password. The password I know but the username I don't know. Is this an IQ test? Did I fail it?
...
Redirect user to Login Page dependent on the Folder they are in. I have a web application with the root directory which is used by all users and the admin site.
For people that would require the authenticated functionality of the site, they would require to login and be redirected to root/login.aspx. However, when an Admin needs to logi...
I have recently had some problems that I think might be helped by debugging my ASP.NET MVC application in IIS instead of with the default ASP.NET Development Server. However, when I try this the application can't access the database server (MS SQL Server 2008 Express) - it works fine on the Development Server though.
The error I get is
...
Hello all,
Somebody please help me by modifying this code.In my login page i have three column Login,UserName,Password.In Login i have kept dropdownlist with two list item Admin and User.So when i Select Admin,UserName,Password it should go to desired destination page and when i select User,UserName,Password it should go to another des...
I've inherited an ASP.NET application that contains a login screen. When you first start up, or you haven't done anything for a while, it comes up. It turns out we don't need this extra layer of security, and I'm trying to remove it. I thought I removed the code that was doing the redirecting, but it's still going to the login page, even...
I am creating a user login system similar to a client intranat. And when I try to access the main page I get a redirect loop in FF.
I am checking to see if a user is logged in with this:
if(($_SERVER['PHP_SELF'] != '/webmaster/index.php') && ($_SESSION['loggedin'] != '1234')){
header("Location: ".$domain."index.php?l=no");
exit();
...