Hi, I have inherited some code in which I now have to add CSRF prevention and am trying to use the struts2 tokenSession interceptor to do this. I am adding a token to my form using the struts2 token tag like so: <form id="updateObject" name="updateObject" action="<%=request.getContextPath()%>/prv/updateObject.action" method="POST"> ...
Hi, got a reall head scratcher. Im trying to make a PHP obfuscator ( http://www.actwebdesigns.co.uk/web-design-blog/actobfuscator-free-open-source-php-obfuscator/ ) I've hit a little problem tho. I cant find a guaranteed way of finding a user defined constant. some of my the token_name()'s return as T_STRING and others as T_CONSTANT_E...
I'm considering securing a whole JEE software platform with OpenAM (prev. Sun OpenSSO). Applications - running on WebLogic AS - would be secured by a JEE Policy Agent and web services with WS-Security SAML Token Profile. As of my understanding, the SSOTokenManager enables application code to retrieve OpenAM's SSO token. But in order to ...
I want to ask a very basic question about token, while reading about regex,the book tag caret(^) as a zero width token, can you please tell me what actually it means by zero width? ...
I'm using Lemon as a parser generator, its error handling is the same as yacc's and bison's if you don't know Lemon. Lemon has an option to define the error token in a set of rules in order to catch parsing errors. The default behavior of the generated parser is to destroy the token causing the error; is there any way to override this b...
I am trying to validate using this parameters: "openid.mode=check_authentication" + "&openid.assoc_handle=" + txtAssocHandle.Text + "&openid.response_nonce=" + HttpUtility.UrlEncode(txtNonce.Text) + "&openid.op_endpoint=" + txtEndpoint.Text + "&openid.sig=" + txtSignature.Text + "&openid.signed=mode,identity,return_to"; and it returns ...
I'm working on a completely ajax-driven application where all requests pass through what basically amounts to a main controller which, at its bare bones, looks something like this: if(strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { fetch($page); } Is this generally sufficient to protect against cross-site requ...
Hi, I would like to develop a token based authentication like live.com has. Can anybody suggest, how to proceed? Basically I will be having 1 website for authentication and create token to access other websites. ...
Hi, I am new to oAuth and looking to build a web application using Twitter (oAuth) to authenticate. There will be no other login method other than via Twitters oAuth. I am looking for advise on best practice to secure the site based on tokens. Here is my plan: User is taken from my site to authenticate via Twitters site Generate Ac...
hi, how and with which python library is it possible to make an httprequest (https) with a user:password or a token? basically the equivalent to curl -u user:pwd https://www.mysite.com/ thank you ...
I have implemented the following code below according to the documentation and can get it to connect and display user id... <?php define('FACEBOOK_APP_ID', '87939462878'); define('FACEBOOK_SECRET', '1ab6346bc51329831998985aba200935'); function get_facebook_cookie($app_id, $application_secret) { $args = array(); parse_str(trim($_CO...
The Problem Funny problem. Funny because it looks casual until you start thinking about it. Let's say I allow people to create items based on other items. You can open /items/new?id=3 and unlike your regular new action, instead of seeing an empty form, you will be seeing a form pre-populated with values from item-3. So unlike your avera...
Hi, I'm having some problems setting up a tokenized email to use the tokens I've created in my module. I am using this in a tokenized email [example-contact]. I've implemented the example_token_values() and example_token_list() in my module and I've also created a trigger in my module. My module has a form, created with the form API, th...
good morning, I have created a new content type - petition, a last step has to be verification of their mail address by sending them a link to prove or to delete them from the petition. I need to get some sort of unique link which then I send as tokenized action mail to the mail account provided in the form. the tokenized link should th...
This is a style question: Because Apple reserves the "_" privatization for its keywords, I was thinking of something along the lines of the following: #import <Cocoa/Cocoa.h> #define _(name) pvt_##name @interface SFMeasureViewController : NSViewController { @private NSTextField *_(label); } @property (retain) IBOutlet NSTex...
Im trying to design a login system, which when the user is logged will provide a token at the end of each URL, this will have to match the token stored in the cookie, once this is matched the value of the cookie is changed to the value of the current session. if (isset($_COOKIE['user_token']) && $_SESSION['user_token']) { if (isset(...
Hi, I use Zend Oauth to connect my app to Twitter as described here: http://framework.zend.com/manual/en/zend.oauth.introduction.html It works perfectly saving the Twitter Request Token and the Twitter Access Token in the session using serialize and unserialize like this (abbreviated): 1: $consumer = new Zend_Oauth_Consumer($config); ...
In the OAuth protocol, a service consumer will ask a user to authorize a request token in the service provider domain, then exchanges the request token for a access token from the service provider. I'm wondering why OAuth is designed to have two tokens in the protocol. Why not just use one single token in this process? That is, the use...
For some reason, I'm getting this error message: Uncaught SyntaxError: Unexpected token < For this line of code: title: '<img src="/images/text/text_mario_planet_jukebox.png" id="text_mario_planet_jukebox"/>', In this context: $(document).ready(function() { $('#infobutton').click(function() { $('#music_descrip').dialog...
Hello, I'm trying to define a macro to generate a token name, containing a variable. Basically, what I'm trying is this: #define GLUER(x,y,z) x##y##z #define PxDIR(x) GLUER(P,x,DIR) int main() { int port; port = 2; PxDIR(port) |= 0x01; } I'm hoping to generate the token P2DIR in the above statement, but according to my compile...