How to make a Secure User Authentication !!!!!!!!

Similar Messages

• How to make adf security?

  Dear all
  How to make adf security?
  I am new adf security.
  I'm facing security issue. Now i need to secure me application (User, Group, Role etc...)
  Oracle recommend me use WebLogic internal LDAP or OID. How to manage User, Group, Role deploy after?
  Thanks Lhagva

  Hi,
  once you deployed an application, users and roles are no longer in the domain of ADF Security. So the administration is
  WLS console - if users and groups are in the WLS LDAP
  Identity Management - if users and roles are in OID, RDBMA, Active Directory etc.
  Enterprise Managers - to manage application roles and granting permissions or application roles to enterprise groups
  Frank

• PHP_MySQL version of a high security user authentication web app.

  Since you folks deal with PHP Application Development, I am posting this here.
  For a demo of the PHP_MySQL version of the UltraSuite High Security User Authentication Web Application, you can sign up at http://bit.ly/hgNjek.
  It  offers a multi-layered approach security approach towards protecting  important information like user authentication credentials.  Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more.
  I hope your feedback will help make the application even more useful and secure.
  Thank you!
  J.S.

  Hi,
  could you or someone tell me if ADDT supports protection against these methods you mention:
  Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more??
  And can this system work alongside ADDT?
  thanks again

• How to configure RSA Based User Authentication on XR?

  Hello,
  I have been reading Cisco docs about how to configure RSA Based User Authentication on a ASR9K.
  http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/security/configuration/guide/b_syssec_cg42asr9k/b_syssec_cg42asr9k_chapter_0110.pdf
  I have problems importing the public key to the router. No matter how i try i always get this output: 
  RP/0/RSP1/CPU0:XXX#crypto key import authentication rsa  tftp://10.232.201.180/id_rsa.pub
  Wed Jul 16 14:00:15.558
  Cannot execute the command : Invalid argument
  I have tried copying the file to Disk0: and using this path but get the same error.
  Could anyone help me explaining step by step how to configure RSA Based User Authentication.
  Thanks

  Hi
  1. Generate a key on your station
   ssh-keygen -t rsa -b 1024
  2. Remove the key type and host, leaving only key and decrypt it using base64:
   cut -f2 -d\  id_rsa.pub | base64 -d > id_rsa2.pub
  3. Import the key to the deivce
   (admin)#crypto key import authentication rsa username USERTEST ftp://xxxr/ak/id_rsa2.pub
  4. Create a username on the device matching the imported key
  username USERTEST
   group root-system
  Regards,
  /A

• How to make none root user to connect to TCP Port  (web ports)

  how to make none root user (any user)
  to connect to TCP Port 80 or port 81 or any port less than 1024
  cause i have web server i want to run and stop service with none root userand on port 80 and port 81
  can you help me and give me steps

  I believe Solaris 9 also has RBAC control. If so then all you need to do is present the uid with the PRIV_NET_PRIVADDR privilege. See the privielegs(5) manpage for more information on the subject.
  This privilege will allow the userid to bind to ports < 1024. You can give a user this privilege either by using usermod (you will probably need the auth_attr(4) manpage as well) after which you need to login again. Or you can try using ppriv to modify the privileges on the users shell.

• How to make the workflow users as active users in SAP R/3

  Hi All,
  We have got an issue in R/3 system where a certain number of users who are created only to approve work flows via Outlook emails.
  They are not required to log in to the system at all. Due to this,the users are getting locked by a Security background job which locks all the inactive users.
  Now My question is how to make these work flow users as active users in R/3 system so that we can avoid locking of these users.
  Awaiting your response.
  Thanks in advance
  Ramkumar C

  Hi All,
  We have got an issue in R/3 system where a certain number of users who are created only to approve work flows via Outlook emails.
  They are not required to log in to the system at all. Due to this,the users are getting locked by a Security background job which locks all the inactive users.
  Now My question is how to make these work flow users as active users in R/3 system so that we can avoid locking of these users.
  Awaiting your response.
  Thanks in advance
  Ramkumar C

• How to make use of Windows authentication from my Java application

  I have a Java application, Instead I design one more login page for my application, I want to make use of Windows Authentication.
  How should I use that windows authentication in my java application
  can any help me in suggesting a solution

  How will they be able to access your application if they aren't users of the system?

• How to Make a field User Entered - Required by javaScript

  Dear all,
  How can I make a field User Entered - Required on some conditions e.g. it is required in the following conditions.
  1)I have a group of radio buttons of Yes and No.I want if the user select yes then a particular text field should Required otherwise it should optional.
  2)In a particular row of a table if user fill the first column then other columns of that row should required otherwise it should optional.
  How can I do it?If any body can please help me.
  Thanks a bunch in advance
  Regards
  Rakesh

  I have the same problem. I need to change all fields to be not required. Adobe doesn't seem to recognize the change.
  var fieldCount = event.target.numFields;
  for ( var i = 0; i < fieldCount; i++)
  var fieldName = event.target.getNthFieldName(i);
  app.alert(fieldName);
  var field = event.target.getField(fieldName);
  if(field.type != "button")
  app.alert(field.required);
  field.required.rawValue = false;

• How to make the JMX custom authentication work ?

  I am using the password and access file based authentication on JMX. When building my JMXConnectorServer, i use the property names and it works fine.
      Map<String, String> env = new HashMap<String, String>();
      env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
      env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
      connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);However, now i want to use a custom authenticator and i implemented my own LoginModule to have a encrypted password in the password file. Thus the ideas is to have an encrypted password and plain text user name in the password file.
      public class ABCDJMXLoginModule implements LoginModule {
          private CallbackHandler callbackHandler;
          private Subject subject;
          private String u_username;
          private String u_password;
          private JMXPrincipal user;
          private Properties userCredentials;
          private String passwordFile;
          private String f_username;
          private String f_password;
          private static final Logger logger = LoggerFactory.getLogger(ABCDJMXLoginModule.class);
          public boolean abort() throws LoginException {
              // TODO Auto-generated method stub
              return false;
          public boolean commit() throws LoginException {
              // TODO Auto-generated method stub
              return true;
          public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
                  Map<String, ?> options) {
              this.subject = subject;
              this.callbackHandler = callbackHandler;
          public boolean login() throws LoginException {
              try {
                  attemptLogin();
                  loadPasswordFile();
              } catch (Exception e) {
                  logger.info("Exception, e");
              if (u_username == null || u_password == null) {
                  throw new LoginException("Either no username or no password specified");
              logger.info("Password from user and file : " + u_password + " :: " + f_password);
              if (u_password.equals(f_password)) {
                  return true;
              return false;
          public boolean logout() throws LoginException {
              // TODO Auto-generated method stub
              return true;
          private void attemptLogin() throws LoginException {
              Callback[] callbacks = new Callback[2];
              callbacks[0] = new NameCallback("u_username");
              callbacks[1] = new PasswordCallback("u_password", false);
              try {
                  callbackHandler.handle(callbacks);
              } catch (IOException e) {
                  logger.error("IOException", e);
              } catch (UnsupportedCallbackException e) {
                  logger.error("UnsupportedCallbackException", e);
              u_username = ((NameCallback) callbacks[0]).getName();
              user = new JMXPrincipal(u_username);
              char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
              u_password = tmpPassword.toString();
              logger.info("UserName : " + u_username);
              logger.info("Password : " + u_password);
              System.arraycopy(tmpPassword, 0, u_password, 0, tmpPassword.length);
              ((PasswordCallback) callbacks[1]).clearPassword();
          private void loadPasswordFile() throws IOException {
              FileInputStream fis = null;
              passwordFile = "c:\\abcd.jmx.enc.password.file";
              try {
                  fis = new FileInputStream(passwordFile);
              } catch (SecurityException e) {
                  logger.error("Security Exception", e);
              BufferedInputStream bis = new BufferedInputStream(fis);
              userCredentials = new Properties();
              userCredentials.load(bis);
              bis.close();
              f_username = u_username;
              f_password = (String) userCredentials.get(f_username);
              logger.info("UserName before Decrypt : " + f_username);
              logger.info("Password from file before Decrypt : " + f_password);
              // decrypt the password from file and later compare it with user password from JConsole
              if (f_password != null) f_password = Cryptography.decrypt(f_password);
              logger.info("Password from file after Decrypt : " + f_password);
      }When i use the following code and try to connect via JConsole nothing happens.
      Map<String, String> env = new HashMap<String, String>();
      env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
      env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
      env.put("jmx.remote.x.login.config", "com.splwg.ejb.service.management.ABCDJMXLoginModule");
      connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);Any ideas on why this happens ? For sure, i am also not coming into the ABCDJMXLoginModule class - I have some print statements there and none of them get printed. Any sort of ideas and solutions are appreciated. I tried with the property "com.sun.management.jmxremote.login.config" too. I was expecting that mentioning the property in the environment and passing it to the JMXCOnnectorServer would do all the trick.
  Am i missing something ?

  Hello dcloko_BR,
  I downloaded and installed Lenovo´s The Lenovo Solution Center and now the solution center starts after pressing the blue button. Perhaps give it a try.
  Edit: Upps sorry, only newer models are supported according to the readme.txt.
  Best regards
  Andreas
  Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
  Please insert your type, model (not S/N) number and used OS in your posts.
  I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
  TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
   English Community       Deutsche Community       Comunidad en Español

• Web Application Security - User authentication and registration

  I am trying to develop a very simple web app with following feature
  1. Users should be able to register (sign-up) with the application, i.e backed code will create new user account when new users sign up.
  2. Once the user account is created, they should be able to log in.
  I was reading Java Security section in Java EE tutorial. To use any of Java EE security, the recommended way is to have security-constraint in web.xml specifying roles that have access to application. The roles are then mapped to the users that are created in the application server. The problem here is that the users cannot be created at deployment time. Users are created at run-time as new people sign up using the registration form. So, how can user be created with the application server before deploying the application?
  It seems very odd to be that application users are defined at the app-server level. Eg, Ebay/Amazon has millions of users. Are all those users defined at the application server where their app is deployed?
  If JavaEE security cannot support this simple usecase, what is the point of having security-constraint and all the other security features?

  As per your comment you want to use J2EE/JAAS security for existing user and want sign in feature. You can do it by providing link on log in screen. Please create sign up page and unprotected resource in web.xml. Once user fill sign in details you can store his detail in your authorization repository ( LDAP / Database ) and then either redirect request to login page or submit to your authorization scheme directly.

• How to make Skype our user for all phones

  Currently we are with TELSTRA.  We wish to use Skype as our landline.  How do we do this?

  Hi, Fountaindale, and welcome to the Community!
  I recommend contacting the Skype Manager customer service team for assistance:
  Using Skype in your business
  Transform the way your business works with cost effective and collaborative tools.
  Contact our solutions team
  Best regards,
  Elaine
  Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
  Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often!

• How to make a secure QT link?

  I wish to post QT movies on my website but do not want them to be DLable via QT Pro or via Safari/whatever browser Activity monitor or a 3rd party DLer.
  How do I achieve this?
  Peter

  I guess you don't want your video to be able to be downloaded. You can use html code...but that can be hatched or bypassed in a few seconds.
  The only way to try to safeguard your on the internet is to put your videos on a streaming server. ( http://www.apple.com/quicktime/player/tutorials.html ) Even on a streaming server one can use a screen capture (video) program like Snapz PRO X to capture your video.
  There really isn't a sure fire way for safeguarding your videos on the internet. You can only make it harder to download your video.

• How to make Forms 9i User Exits run on DB server.

  We have a memory resident C programs developed in Oracle EE 7.3.4 and Dev2K (charecter based) on HP OpenVMS. Since the application is character based forms/reports - all the components are configured in one single server. There was no problem for us to write user exits and run C programs on the DB server.
  Now we want to migrate to Oracle 9i and 9iAS.
  My big question is How can we call memory resident C programs running in database server from 9iAS node. 9iAS node is separate Windows 2003 server in the 9i implementation.
  Any suggestions on how we can implement this. We understand that WebUtil runs userexits on the client PC. We need similar functionality to run on the DB server. Any ideas would be appreciated.
  Thanks in advance.

  Whoops, meant to include this:
  OS: All clients on WinXPPro. Forms are hosted in an simple open-access folder on a server running SqlServer 05 (no SharePoint yet). I'm designing the new form in Adobe Acrobat 9.2 Pro based on a Word 2007 document.
  Thanks again!

• How to make NTLM-secured websites accessible?

  Hello,
  I know that the Portal Server Gateway doesn't support NTLM
  authentication.
  We have some intranet-sites which we try to access via SRA.
  So we enabled both "Basic Authentication" and "NTLM", but the
  gateway gets a "HTTP 401.2" - "not authorized".
  Instead, it should use the "Basic Authentication" method (like browsers does).
  It is not possible to disable the "NTLM"-method on the webserver,
  because it is already used for intranet access.
  Any ideas?
  (I cross-post this in Portal Server 3 and Portal Server 6, because the
  question applies to both versions).
  Thanks,
  Juergen Maihoefner

  Hi,
  Here are the options we tried and succeeded using NTLM protected sites:
  1 - Use Netlet.
  2 - If you want to user the rewriter, then try the follwing:
  Basically, we set up a mirrored web site using the same home directory, and therefore all the same permissions etc. The server was configured identically, with a few exceptions.
  - We added a second IP address to the Intranet Web Server for use by the new Web Site.
  - The host header for the new web site should include the new IP address and the host name that was used to access the server.
  - The new virtual web site was set up to use Basic Authentication rather than Integrated Windows Authentication.
  - We added hosts entries to the Portal/Gateway/Proxy servers association the hostname <web site host> to the new IP address.
  In this configuration, when a request comes through the Portal, it will be the new web site. This site will authenticate properly as it is using Basic Authentication. Any requests origination from the Internal network (not through the Protal) will be handled by the existing server, and authentication will be handled automatically. Please note that any updates to the website will be automatically published to both virtual web servers as they both point to the same physical location.
  Steve

• How? Add 'wiki server' user authentication to top level of site?

  Hi All,
  I would like to move the user login feature found in the Wiki & Blog pages out to the main page.
  It seems to be a CSS/JavaScript function build in the pages, but has anyone managed to make the feature on the main (/) page or the top level Wiki (/groups) pages?

  Hi,
  From your description, I know you want to use calendar overlay with exchange online in SharePoint online.
  I reproduce your issue, and it throws the same exception to yours. I try to find some information for you, I find that the feature is not available from this article:
  http://community.office365.com/en-us/f/148/t/221842.aspx.
  Thanks for your understanding.
  Best Regards
  Vincent Han
  TechNet Community Support