My client needs a simple database CMS faster than I can tackle the ins and outs and security flaws of register globals, sql injection, and cookie filtering. I installed phpMyEdit and secured the edit page with .htaccess. For the security experts, does this provide at least a moderate level of security? ...
I have a requirement to perform HTTP authentication logic within a servlet application, rather than delegating this task to the container. Specifically, I need a way of taking the headers of an HttpServletRequest which contains HTTP auth headers, and having them decoded into a data structure representing the supplied credentials, which ...
I am trying to write a small webapp that pulls data from Yammer. I have to go through Yammer's OAuth bridge to access their data. I tried using the Oauth php library and do the 3 way handshake. But at the last step, I get an error stating I have an invalid OAuth Signature. Here are the series of steps: The first part involves getting...
I am developing an application which need to handle a massive amount of REST requests. Using basic auth will save a lot of computing resources since I don't have to compute the signatures. Also, the documentation will be a lot simpler. What are your thoughts? ...
Is there a way for a java web app to get information on the security certificates installed on one's machine via a http request and selectively grant access if a particular certifiicate is installed on the machine. Basically the requirement is, the web application should entertain request only from a company laptop else must deny acces...
Hello, every one. I am developing an asp.net web site & I am not using inbuilt authentication controls of asp.net. I have created manually tables for users for site. What I want is as follows After logging in user can access the pages ( that is already done ) When user press sign out. ( user goes to specific page - example - default...
I am checking out the class org.apache.http.auth. Any more reference or example if anyone has? ...
Hi, So we know how to do http get and post connections. http://exampledepot.com/egs/java.net/pkg.html And we want to pass credentials(uname,passwd) to any web server to access the url or get the response. And we can't pass it as post parameters. So have a look @ this very simple code which does it all. ...
I'm using HttpClient 4.0 to get some XML from the remote host. When I use URL such as https://user:[email protected] it works fine in the browser but fails in the HttpClient with this stacktrace (follows). Any suggestions? I'm using SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER while setting ThreadSafeClientConnManager to handle HTTPS ...
I found your article using Apache Auth with gitweb, gitosis. I was wondering if there was a way to do this if I wasn't using LDAP for authentication. We currently have a very large NIS domain which we use for authentication on all unix servers. We use this for SVN repositories through a UI, but for this case I am trying to meet a requir...
I'm doing some simple HTTP authentication and am getting a java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic OGU0ZTc5ODBk(...trimmed from 76 chars...) (...more password data...) which I think is due to me having a really long username and password and the encoder wraps it with a \n at 76 chars. I...
I'm building a webservice that needs to be accessible to a variety of potential platforms, including a number of older ASP and ASP .NET applications. After some research, I settled on a WCF service with both a REST (webHttpBinding) and SOAP (wsHttpBinding) endpoint (that way, I can support a wide range of platforms and still make the .NE...
Hi everyone, In my Ruby on Rails application, I am trying to protect part of the public folder using apache .htaccess feature to prevent access from files to non-authentified people. So I have place a .htpasswd file to protect this folder and set up apache accordingly and this work... prompting me for login/password to access the files....
I have a domain, mattpotts.com and have set up a sub-domain dev.mattpotts.com for me to develop on and will then copy the files to the normal domain when they're ready to go. My directory structure is as follows and dev.mattpotts.com points to dev/ +-public_html/ +-project1/ +-project2/ +-project3/ +-dev/ +-project1 +-p...
I am trying to protect the ~/public_html/dev directory using http auth basic, but to make that secure I want to run it over ssl. The middle section of the below .htaccess file switches to https if the request URI begins with /dev and works. The last section of the file works as well but does not work properly with the https redirect. ...
I'm building a basic API where user information can be retrieved after that user's login and password are correctly sent. Right now I'm using something like this: http://foo:[email protected]/api/user.xml So, what I need to do is access the user/password sent in the request (the foo and bar) but am not sure how to access that info in a ...
Hello Is it possible to use salted password along with standard HTTP authentication schemes ( FORM or DIGEST ) ? I am using GlassFish, and when I request a protected page, the form or the answer with the nonce are sent back directly by the server. I can't see any obvious way to hook into the server mechanism to insert the salt in the 3...
I am using the Zend library's XML RPC Client in a PHP application to pull data from another server over XML RPC. However the other server is using HTTP basic authentication. How can I tell the XMLRPC client to use authentication for the requests? ...
Hi guys, Sorry that I haven't done much of my own research but I do not know how to set up basic authentication, nevermind removing it! Thanks. EDIT: Sorry, what was I thinking, its in httpd.conf or includes! ...
So we have three FLEX controls hosted within a JBOSS server instance, and an IIS (MVC) application which has pages that have the object (and embed) tags to render the controls. We are wanting to setup HTTP basic authentication on the jboss server which is hosting other services (Solr, some custom webservices, and tika) and have figured ...