Password hashing on client side
Hi. I would like my users to have their passwords hashed in SHA1 at the client side when they login so that when the html form comes to the server, the password is hashed and in case if the form is being eavesdropped on , I do not need to worry about the passwords in plain since it's hashed.
I am not using SSL because there isn't much things to encrypt or hide secret other than just for the login passwords or users changing their user profile like updating their passwords. And SSL can add quite abit of cost to my client's web hosting budget.
So simply, is there anyway to hash passwords in client side using JSP before it is sent to the server ?
Not using jsp no, because JSP stands for Java SERVER Pages. Meaning that java/jsp only runs on the server.
You can do it in javascript client-side: http://www.movable-type.co.uk/scripts/sha1.html
But whats the point?
Now instead of sending what they user typed in, you send the hash of it.
If anyone is monitoring the line, they can just send the hash of it as well.
No protection is afforded you by doing this.
Hashing the password doesn't stop someone stealing it by tapping into the line.
What is DOES stop is somebody querying your database and saying "give me a list of username/passwords"
Similar Messages
-
How to encrypt username and password before transmit on client side
I want to encrypt the username and password at client side when user login to my page first and then send to server.
Could anybody tell me how to do it?
Thanks a lot.Yup , What suggested is true...
The HTTPs authentication type is mainly for encrypting..
This is an extract from the book i have which states how you can do that...
UNDERSTANDING AUTHENTICATION MECHANISMS
HTTPS Client authentication :
HTTPS is HTTP over SSL (Secure Socket Layer). SSL is a protocol developed by
Netscape to ensure the privacy of sensitive data transmitted over the Internet. In this
mechanism, authentication is performed when the SSL connection is established
between the browser and the server. All the data is transmitted in the encrypted form
using public-key cryptography, which is handled by the browser and the servlet container
in a manner that is transparent to the servlet developers. The exam doesn�t
require you to know the details of this mechanism.
Advantages
The advantages of HTTPS Client authentication are
� It is the most secure of the four types.
� All the commonly used browsers support it.
1 Actually, instead of the password, an MD5 digest of the password is sent. Please refer to RFC 1321 for
more information.
Disadvantages
The disadvantages of HTTPS Client authentication are
� It requires a certificate from a certification authority, such as VeriSign.
� It is costly to implement and maintain. -
Hello,
I try to get the client side result set cache working, but i have no luck :-(
I'm using Oracle Enterprise Edition 11.2.0.1.0 and as client diver 11.2.0.2.0.
Executing the query select /*+ result_cache*/ * from p_item via sql plus or toad will generate an nice execution plan with an RESULT CACHE node and the v$result_cache_objects contains some rows.
After I've check the server side cache works. I want to cache the client side
My simple Java Application looks like
private static final String ID = UUID.randomUUID().toString();
private static final String JDBC_URL = "jdbc:oracle:oci:@server:1521:ORCL";
private static final String USER = "user";
private static final String PASSWORD = "password";
public static void main(String[] args) throws SQLException {
OracleDataSource ds = new OracleDataSource();
ds.setImplicitCachingEnabled(true);
ds.setURL( JDBC_URL );
ds.setUser( USER );
ds.setPassword( PASSWORD );
String sql = "select /*+ result_cache */ /* " + ID + " */ * from p_item d " +
"where d.i_size = :1";
for( int i=0; i<100; i++ ) {
OracleConnection connection = (OracleConnection) ds.getConnection();
connection.setImplicitCachingEnabled(true);
connection.setStatementCacheSize(10);
OraclePreparedStatement stmt = (OraclePreparedStatement) connection.prepareStatement( sql );
stmt.setLong( 1, 176 );
ResultSet rs = stmt.executeQuery();
int count = 0;
for(; rs.next(); count++ );
rs.close();
stmt.close();
System.out.println( "Execution: " + getExecutions(connection) + " Fetched: " + count );
connection.close();
private static int getExecutions( Connection connection ) throws SQLException {
String sql = "select executions from v$sqlarea where sql_text like ?";
PreparedStatement stmt = connection.prepareStatement(sql);
stmt.setString(1, "%" + ID + "%" );
ResultSet rs = stmt.executeQuery();
if( rs.next() == false )
return 0;
int result = rs.getInt(1);
if( rs.next() )
throw new IllegalArgumentException("not unique");
rs.close();
stmt.close();
return result;
100 times the same query is executed and the statement exection count is incemented every time. I expect just 1 statement execution ( client database roundtrip ) and 99 hits in client result set cache. The view CLIENT_RESULT_CACHE_STATS$ is empty :-(
I'm using the oracle documentation at http://download.oracle.com/docs/cd/E14072_01/java.112/e10589/instclnt.htm#BABEDHFF and I don't kown why it does't work :-(
I'm thankful for every tip,
André KullmannI wanted to post a follow-up to (hopefully) clear up a point of potential confusion. That is, with the OCI Client Result Cache, the results are indeed cached on the client in memory managed by OCI.
As I mentioned in my previous reply, I am not a JDBC (or Java) expert so there is likely a great deal of improvement that can be made to my little test program. However, it is not intended to be exemplary, didactic code - rather, it's hopefully just enough to illustrate that the caching happens on the client (when things are configured correctly, etc).
My environment for this exercise is Windows 7 64-bit, Java SE 1.6.0_27 32-bit, Oracle Instant Client 11.2.0.2 32-bit, and Oracle Database 11.2.0.2 64-bit.
Apologies if this is a messy post, but I wanted to make it as close to copy/paste/verify as possible.
Here's the test code I used:
import java.sql.ResultSet;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import oracle.jdbc.pool.OracleDataSource;
import oracle.jdbc.OracleConnection;
class OCIResultCache
public static void main(String args []) throws SQLException
OracleDataSource ods = null;
OracleConnection conn = null;
PreparedStatement stmt = null;
ResultSet rset = null;
String sql1 = "select /*+ no_result_cache */ first_name, last_name " +
"from hr.employees";
String sql2 = "select /*+ result_cache */ first_name, last_name " +
"from hr.employees";
int fetchSize = 128;
long start, end;
try
ods = new OracleDataSource();
ods.setURL("jdbc:oracle:oci:@liverpool:1521:V112");
ods.setUser("orademo");
ods.setPassword("orademo");
conn = (OracleConnection) ods.getConnection();
conn.setImplicitCachingEnabled(true);
conn.setStatementCacheSize(20);
stmt = conn.prepareStatement(sql1);
stmt.setFetchSize(fetchSize);
start = System.currentTimeMillis();
for (int i=0; i < 10000; i++)
rset = stmt.executeQuery();
while (rset.next())
if (rset != null) rset.close();
end = System.currentTimeMillis();
if (stmt != null) stmt.close();
System.out.println();
System.out.println("Execution time [sql1] = " + (end-start) + " ms.");
stmt = conn.prepareStatement(sql2);
stmt.setFetchSize(fetchSize);
start = System.currentTimeMillis();
for (int i=0; i < 10000; i++)
rset = stmt.executeQuery();
while (rset.next())
if (rset != null) rset.close();
end = System.currentTimeMillis();
if (stmt != null) stmt.close();
System.out.println();
System.out.println("Execution time [sql2] = " + (end-start) + " ms.");
System.out.println();
System.out.print("Enter to continue...");
System.console().readLine();
finally
if (rset != null) rset.close();
if (stmt != null) stmt.close();
if (conn != null) conn.close();
}In order to show that the results are cached on the client and thus server round-trips are avoided, I generated a 10046 level 12 trace from the database for this session. This was done using the following database logon trigger:
create or replace trigger logon_trigger
after logon on database
begin
if (user = 'ORADEMO') then
execute immediate
'alter session set events ''10046 trace name context forever, level 12''';
end if;
end;
/With that in place I then did some environmental setup and executed the test:
C:\Projects\Test\Java\OCIResultCache>set ORACLE_HOME=C:\Oracle\instantclient_11_2
C:\Projects\Test\Java\OCIResultCache>set CLASSPATH=.;%ORACLE_HOME%\ojdbc6.jar
C:\Projects\Test\Java\OCIResultCache>set PATH=%ORACLE_HOME%\;%PATH%
C:\Projects\Test\Java\OCIResultCache>java OCIResultCache
Execution time [sql1] = 1654 ms.
Execution time [sql2] = 686 ms.
Enter to continue...This is all on my laptop, so results are not stellar in terms of performance; however, you can see that the portion of the test that uses the OCI client result cache did execute in approximately half of the time as the non-cached portion.
But, the more compelling data is in the resulting trace file which I ran through the tkprof utility to make it nicely formatted and summarized:
SQL ID: cqx6mdvs7mqud Plan Hash: 2228653197
select /*+ no_result_cache */ first_name, last_name
from
hr.employees
call count cpu elapsed disk query current rows
Parse 1 0.00 0.00 0 0 0 0
Execute 10000 0.10 0.10 0 0 0 0
Fetch 10001 0.49 0.54 0 10001 0 1070000
total 20002 0.60 0.65 0 10001 0 1070000
Misses in library cache during parse: 1
Optimizer mode: ALL_ROWS
Parsing user id: 94
Number of plan statistics captured: 1
Rows (1st) Rows (avg) Rows (max) Row Source Operation
107 107 107 INDEX FULL SCAN EMP_NAME_IX (cr=2 pr=0 pw=0 time=21 us cost=1 size=1605 card=107)(object id 75241)
Elapsed times include waiting on following events:
Event waited on Times Max. Wait Total Waited
---------------------------------------- Waited ---------- ------------
SQL*Net message to client 10001 0.00 0.00
SQL*Net message from client 10001 0.00 1.10
SQL ID: frzmxy93n71ss Plan Hash: 2228653197
select /*+ result_cache */ first_name, last_name
from
hr.employees
call count cpu elapsed disk query current rows
Parse 1 0.00 0.00 0 0 0 0
Execute 1 0.00 0.01 0 11 22 0
Fetch 2 0.00 0.00 0 0 0 107
total 4 0.00 0.01 0 11 22 107
Misses in library cache during parse: 1
Optimizer mode: ALL_ROWS
Parsing user id: 94
Number of plan statistics captured: 1
Rows (1st) Rows (avg) Rows (max) Row Source Operation
107 107 107 RESULT CACHE 0rdkpjr5p74cf0n0cs95ntguh7 (cr=0 pr=0 pw=0 time=12 us)
0 0 0 INDEX FULL SCAN EMP_NAME_IX (cr=0 pr=0 pw=0 time=0 us cost=1 size=1605 card=107)(object id 75241)
Elapsed times include waiting on following events:
Event waited on Times Max. Wait Total Waited
---------------------------------------- Waited ---------- ------------
SQL*Net message to client 2 0.00 0.00
log file sync 1 0.00 0.00
SQL*Net message from client 2 1.13 1.13The key differences here are the execute, fetch, and SQL*Net message values. Using the client-side cache, the values drop dramatically due to getting the results from client memory rather than round-trips to the server.
Of course, corrections, clarifications, etc. welcome and so on...
Regards,
Mark -
Hello,
I have a asp.net mvc 5 web application running on .net 4.5 hosted on my local windows 8 machine on macbook pro using parallels. I'm running Internet Explorer 8 Version: 8.0.6001.18702 running on XP and Version: 8.0.7601.17514 running on Windows 7 Enterprise.
I've got both of the virtual machine source from www.modern.ie
My web application is attempting to provide single page user experience by having some client-side routing by using '#!/xxx' hashbangs in the url so that I can get and post via ajax and change the hash in the url without causing the page to reload. My
code works fine in IE9+ and other modern browsers.
However, I'm facing this strange issue in both of the IE8 versions. When running my demo app in IE8, I can login, view home page and can navigate from this home page to many details page. From the very first login page, all the pages are the result
of form's post action via ajax which then expects html from server and loads in the DOM. The page structure of my app is like summary form => Details page (can also contain summary forms) => Details...so on.
The above process works fine for few of the navigation steps. If I keep navigating from one page to another & go back, I have observed that the browser back button is removing the history items slowly. And a time comes when it totally forgets about
all the history pages that I visited to reach this current page I'm viewing!! It treats like I have just started my browsing session and this current page is the first page I've landed on with no back option. Now if I again try to navigate, I have encountered
problems like both the back and forward buttons gets disabled.
Hope, my words above is clear enough to explain this problem. The same application works fine in IE9+ and other browsers.
Till now, I have tried following steps on both VMs:
Resetting IE8.
Increasing disk space to 1024mb for temporary internet files storage.
Setting 'Never' for Check for newer versions of stored pages.
Disabling the automatic crash recovery feature didn't helped in this case. Found this on support website.
Deleted temporary files, history, cache, etc many a times.
Search many forums, posted question on StackOverflow, ASP.NET
Forums - but didn't helped.
Tried 'beforeunload' event of browser to see if any of the page is reloading because of submit or any other reason. But the page doesn't reload at all.
The issue is browser forgets about the browsing history while I'm still browsing the same site.
Is there any possible fix for the issue above? Does IE8 have any issues as many ajax form post is happening on every page?I have really tried many things to identify any possible reason of the issue above. Even rewrote all my javascript navigation code and checked server-side code.
But the only place where I got the solution is at site: http://www.enhanceie.com/ie/bugs.asp which states that there is a bug in IE8 which reads like:
IE0012: IE Travellog broken when navigating back/away from a page with
a large POST form If there is a form input field with a value longer
than 523,659 characters, when you navigate away from the page, IE may
clear the current session's travellog (similar to history), disabling
the back and forward buttons. Repros in IE6 & IE7.
There are following solutions that you can go for:
- Check for the input field that has lots of characters as mentioned above and solve your problem.
- If you have control over the system where IE8 will be used, you can add the following registry key on that machine. There is no existing key, so, you need to add a new one:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog] "MaxSize"=dword:ffffffff
I am really relaxed to find this information as I spent really long time to solve this issue. Hope this will help someone. -
Client system: iPad 4 running iOS 8.1.1
Client language/locale: US English
Client app: MRD 8.1.5
Server system: 64-bit Windows 8.1 Pro
Server language/locale: US English
Problem: client-side keyboard in MRD 8.1.5 does not work properly within VMware Player 6 console only
When interacting with VMs through the VMware Player 6 console app on the remote Windows 8.1 host, the client-side iPad keyboard for MRD 8.1.5 is not properly mapped. Letter keys and the top-row number keys send function keys or non-standard key scan codes
that aren't used by traditional PC keyboards. The spacebar sends the D key, and some keys send nothing at all. Many other keys work properly, including the client-side numeric keypad, and uppercase letters sent by using the Shift key (but not the iPad up-arrow
shift key). The only way to send the proper keystrokes to VMware Player from MRD 8.1.5 is to not use the client-side iPad keyboard and instead switch to the on-screen keyboard provided by the remote Windows server.
This problem only occurs within the VMware Player console app, and only with RDP connections that use the MRD 8.1.5 client on iOS. I do not encounter the problem with other iOS RD clients such as iFreeRDP by Thinstuff or Pocket Cloud Remote Desktop by Wyse.
Steps to reproduce:
Connect to Windows 8.1 Pro system from the MRD 8.1.5 client for iOS 8.1.1
Using the client-side iPad keyboard within MRD 8.1.5, bring up the Run dialog by typing Windows-R
Launch Notepad by typing notepad.exe in the Run dialog and pressing Enter on the client-side iPad keyboard
Type some sample text in Notepad until you're confident that the client-side iPad keyboard is functioning properly
Launch VMware Player 6 and start up a VM (mine was Windows Server 2008)
Open the sign-on prompt in the VM by sending Ctrl-Alt-Ins from the client-side keyboard or by pressing the Ctrl-Alt-Del icon in VMware Player
Touch or click in the password field in the VM to ensure it has keyboard focus
Using the client-side keyboard, try to type letters or numbers in the password field, and notice that dots generally do not appear for most keypresses
Switch to the server-side on-screen keyboard and delete the contents of the password field if it is not already empty
Use the server-side on-screen keyboard to sign on to the VM
Inside the VM, open Notepad or some other text editor
Enter text into the editor from both the client-side and server-side keyboards to verify that only the server-side keyboard is functioning properly within the VM
This issue is the only problem I'm having with MRD for iOS, and I hope it is resolved soon.
Thanks,
FredClient system: iPad 4 running iOS 8.1.1
Client language/locale: US English
Client app: MRD 8.1.5
Server system: 64-bit Windows 8.1 Pro
Server language/locale: US English
Problem: client-side keyboard in MRD 8.1.5 does not work properly within VMware Player 6 console only
When interacting with VMs through the VMware Player 6 console app on the remote Windows 8.1 host, the client-side iPad keyboard for MRD 8.1.5 is not properly mapped. Letter keys and the top-row number keys send function keys or non-standard key scan codes
that aren't used by traditional PC keyboards. The spacebar sends the D key, and some keys send nothing at all. Many other keys work properly, including the client-side numeric keypad, and uppercase letters sent by using the Shift key (but not the iPad up-arrow
shift key). The only way to send the proper keystrokes to VMware Player from MRD 8.1.5 is to not use the client-side iPad keyboard and instead switch to the on-screen keyboard provided by the remote Windows server.
This problem only occurs within the VMware Player console app, and only with RDP connections that use the MRD 8.1.5 client on iOS. I do not encounter the problem with other iOS RD clients such as iFreeRDP by Thinstuff or Pocket Cloud Remote Desktop by Wyse.
Steps to reproduce:
Connect to Windows 8.1 Pro system from the MRD 8.1.5 client for iOS 8.1.1
Using the client-side iPad keyboard within MRD 8.1.5, bring up the Run dialog by typing Windows-R
Launch Notepad by typing notepad.exe in the Run dialog and pressing Enter on the client-side iPad keyboard
Type some sample text in Notepad until you're confident that the client-side iPad keyboard is functioning properly
Launch VMware Player 6 and start up a VM (mine was Windows Server 2008)
Open the sign-on prompt in the VM by sending Ctrl-Alt-Ins from the client-side keyboard or by pressing the Ctrl-Alt-Del icon in VMware Player
Touch or click in the password field in the VM to ensure it has keyboard focus
Using the client-side keyboard, try to type letters or numbers in the password field, and notice that dots generally do not appear for most keypresses
Switch to the server-side on-screen keyboard and delete the contents of the password field if it is not already empty
Use the server-side on-screen keyboard to sign on to the VM
Inside the VM, open Notepad or some other text editor
Enter text into the editor from both the client-side and server-side keyboards to verify that only the server-side keyboard is functioning properly within the VM
This issue is the only problem I'm having with MRD for iOS, and I hope it is resolved soon.
Thanks,
Fred
I'm experiencing exactly the same problem. Is there a solution yet? -
I need user management system in PHP recommendations to work with Flex client side
Hi All,
I have a very big project that involves PHP server side (That i have to develop) and Flex client side. I was wondering it there is a ready made PHP user management system that i can use to provide me:
- user login/logout
- forgot my password functionality
- register (better with captcha)
Does someone can recommend this kind of php system?Hi, guys
Free and open source PHP User Management Scripts. These scripts provide a solution of creating a membership system of a website.
Some PHP user management scripts listed on PHPKode.com. which you can choose the right php user management to meet your demands!
Hopefully can help you!
Best regards!
Anny -
Java Stored Procedure / connection JDBC / Server Side / Client Side
Hi,
I would like to know if we can know at the runtime with a JDBC api if the stored procedure is running in client side or in server side ?
THANKSYou wrote
"Java stored procedures -- by definition - are stored in the 8i rdbms. !!"
From the Oracle8i Java Stored Procedures Developer's Guide
Release 8.1.5
A64686-01
"If you create Java class files on the client side, you can use loadjava to upload them into the RDBMS. Alternatively, you can upload Java source files and let the Aurora JVM compile them. In most cases, it is best to compile and debug programs on the client side, then upload the class files for final testing within the RDBMS"
This means that you can create shared classes that are used on both the client and server side. The source does not need to reside within the server (according to their documentation). Please also note the following from the Oracle8i JDBC Developer's Guide and Reference Release 8.1.5 A64685-01 for using the getConnection() method on the server:
"If you connect to the database with the DriverManager.getConnection() method, then use the connect string jdbc:oracle:kprb:. For example:
DriverManager.getConnection("jdbc:oracle:kprb:");
Note that you could include a user name and password in the string, but because you are connecting from the server, they would be ignored."
So if you're coding a shared class that is to run on both the client and server side, you might do something like this:
Connection conn =
DriverManager.getConnection(
System.getProperty("oracle.server.version") == null
? "jdbc:oracle:thin:@hostname:1521:ORCL"
: "jdbc:oracle:kprb:"),
"youruserid","yourpassword");
As stated earlier, the userid and password are supposedly ignored for server connections retrieved in this manner. I haven't tried this yet, but it is documented by Oracle.
Regards,
Steve
null -
Java Stored Procedure / Server Side / Client Side / connection
Hi,
I would like to know if we can know at the runtime with a JDBC api if the stored procedure is running in client side or in server side ?
THANKSYou wrote
"Java stored procedures -- by definition - are stored in the 8i rdbms. !!"
From the Oracle8i Java Stored Procedures Developer's Guide
Release 8.1.5
A64686-01
"If you create Java class files on the client side, you can use loadjava to upload them into the RDBMS. Alternatively, you can upload Java source files and let the Aurora JVM compile them. In most cases, it is best to compile and debug programs on the client side, then upload the class files for final testing within the RDBMS"
This means that you can create shared classes that are used on both the client and server side. The source does not need to reside within the server (according to their documentation). Please also note the following from the Oracle8i JDBC Developer's Guide and Reference Release 8.1.5 A64685-01 for using the getConnection() method on the server:
"If you connect to the database with the DriverManager.getConnection() method, then use the connect string jdbc:oracle:kprb:. For example:
DriverManager.getConnection("jdbc:oracle:kprb:");
Note that you could include a user name and password in the string, but because you are connecting from the server, they would be ignored."
So if you're coding a shared class that is to run on both the client and server side, you might do something like this:
Connection conn =
DriverManager.getConnection(
System.getProperty("oracle.server.version") == null
? "jdbc:oracle:thin:@hostname:1521:ORCL"
: "jdbc:oracle:kprb:"),
"youruserid","yourpassword");
As stated earlier, the userid and password are supposedly ignored for server connections retrieved in this manner. I haven't tried this yet, but it is documented by Oracle.
Regards,
Steve
null -
ACE30 - PING to VIP and Client side SVI not working
Hi Guys,
Having setup the ACE30 based on the configuration guides, I've been able to get basic load balancing working, probes, stickness etc. However in testing connectivty, I've noticed that from the real server on the backend I cannot seem to PING:
1. The VIP for the web service that the server is a part of
2. The Client side SVI
I'd like this to work to ensure full connectivity.
I've applied ACLs to the Client side SVI (on the ACE) to allow this in both directions, and also removed any ACLs attached to the client side SVI on the MSFC where the subnet is actually homed. However I just cannot seem to PING the Client side SVI on the ACE, or the VIP. Trying to understand if this is normal behavior.
Have inserted my config below for completeness.
ACE30 Config
login timeout 60
hostname ACE1
boot system image:c6ace-t1k9-mz.A90_6_3_5.bin
boot system image:c6ace-t1k9-mz.A4_1_0.bin
resource-class RC_1
limit-resource all minimum 10.00 maximum unlimited
access-list all line 8 extended permit ip any any
access-list v6-any line 8 extended permit ip anyv6 anyv6
class-map type management match-any REMOTE_ACCESS
description Remote access traffic match
2 match protocol telnet any
3 match protocol ssh any
4 match protocol icmp any
5 match protocol https any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
interface vlan 768
description Management connectivity
ip address 10.20.40.72 255.255.255.0
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 10.20.40.254
context VC_1
allocate-interface vlan 11
allocate-interface vlan 186
member RC_1
username admin password 5 $1$STizNv5q$i96.Qrt4C4SfHkbLyVT74. role Admin domain default-domain
username www password 5 $1$ZAn8bOtv$xmmNlH8akF6iYfXdQCKMo1 role Admin domain default-domain
ssh key rsa1 1024 force
! VC_1
ACE1/VC_1# sh run
probe http HTTP_PROBE1
interval 15
passdetect interval 60
expect status 200 200
open 1
rserver host RS_MONASH_WEB1
description Test Monash Web Server 1
ip address 10.194.27.177
inservice
serverfarm host SF_MONASH_WEB
probe HTTP_PROBE1
rserver RS_MONASH_WEB1 80
inservice
sticky ip-netmask 255.255.255.255 address source STICKY_MONASH_WEB
timeout 3600
serverfarm SF_MONASH_WEB
class-map type management match-any REMOTE_ACCESS
description Remote access traffic match
2 match protocol ssh any
3 match protocol telnet any
4 match protocol icmp any
5 match protocol https any
class-map match-all VS_MONASH_WEB
2 match virtual-address 10.194.11.1 tcp eq www
access-list ALLOW_TRAFFIC_TOWARDS_ACE extended permit ip any any
access-list ALLOW_TRAFFIC_TOWARDS_ACE extended permit icmp any any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
policy-map type loadbalance first-match PM_MONASH_WEB_LB
class class-default
sticky-serverfarm STICKY_MONASH_WEB
policy-map multi-match PM_MULTI_MATCH_CLIENT_VIP
class VS_MONASH_WEB
loadbalance vip inservice
loadbalance policy PM_MONASH_WEB_LB
service-policy input REMOTE_MGMT_ALLOW_POLICY
interface vlan 11
description Client connectivity on Vlan 11
ip address 10.194.11.250 255.255.255.0
access-group input ALLOW_TRAFFIC_TOWARDS_ACE
access-group out ALLOW_TRAFFIC_TOWARDS_ACE ! not sure if this is required as well?
service-policy input PM_MULTI_MATCH_CLIENT_VIP
no shutdown
interface vlan 186
description CSM www monash
ip address 10.194.27.189 255.255.255.240
access-group input ALLOW_TRAFFIC_TOWARDS_ACE ! not sure if this is required?
access-group out ALLOW_TRAFFIC_TOWARDS_ACE ! not sure if this is required?
ip dhcp relay server 130.194.15.17
ip dhcp relay server 130.194.15.1
ip dhcp relay enable
no shutdown
ip route 0.0.0.0 0.0.0.0 10.194.11.254
6500s
! test-clay1-gw - ACE connects to this 6500
svclc multiple-vlan-interfaces
svclc module 2 vlan-group 2
svclc vlan-group 2 11,171-499,768
! test-clay0-gw - Where Client side subnet, VLAN11 is homed
interface Vlan11
description Testlab server subnet
ip address 10.194.11.253 255.255.255.0
no shut
ip route 10.194.27.176 255.255.255.240 10.194.11.250
thanks
SheldonTo ping your VIP of the webserver, you should apple the service-policy input command on VLAN 186 too. Currently the VIP only listens on VLAN 11. For the SVI i think that was forbidden by security reason, but i cant remember anymore. Maybe you just need to put the management policy on the interface VLAN 186. If it dont work, then my first guess was right
-
Struts client side validation....
Hello all,
I am using struts client and server validation but only the server validation works. I tired looking around the forum but wouldnt find any similar problem.
I am getting value from the previous action class and i am able to successfully retrieve and display the value. I inserted the value in a object and pass over to my jsp. When i try inserting the validation, the server side works fine but i get nth on the client side. I viewed the source code of my jsp and the JAVASCRIPT is successfully inserted but no pop up when i leave the fill blank. Please advise mi..
1)update.jsp will retrieve data from a object and display them in text box
struts config file**
<form-bean name="UpdateMarks" type="fypms.form.UpdateMarksForm" />
<action name="UpdateMarks"
path="/updateMarks"
type="fypms.action.UpdateStudentMarks"
scope="request"
validate="true"
input="/pages/UpdateStudentMarks.jsp" >
<forward name="successfulUpdate" path="/pages/successfulUpdate.jsp" />
<forward name="wrongHelloId" path="/pages/wrongHelloWorld.jsp" />
</action>
<message-resources parameter="MessageResources"/>
<plug-in className="org.apache.struts.validator.ValidatorPlugIn">
<set-property
property="pathnames"
value="/WEB-INF/validator-rules.xml,/WEB-INF/validation.xml"/>
</plug-in>
validation.xml**
<!-- javascript validation for Update Presentation marks page -->
<form name="UpdateMarks">
<field property="first_Present"
depends="creditCard">
<arg key="prompt.firstPresent" />
</field>
<field property="final_Present"
depends="creditCard">
<arg key="prompt.finalPresent" />
</field>
</form>
updatemarksform.java**
private String adminNo[];
private String first_Present[];
private String final_Present[];
private String batchNumber;
//private String batchNumber;
public ActionErrors validate( ActionMapping mapping, HttpServletRequest request)
ActionErrors errors = new ActionErrors();
List testing = new ArrayList();
System.out.println("out");
for(int x=0; x < first_Present.length;x++)
System.out.println("firsT" + first_Present[x].length());
if (first_Present[x].length()<1)
System.out.println("a");
//userId not entered
errors.add("marks.firstPresentation", new ActionMessage("marks.firstPresentation"));
if (final_Present[x].length()<1)
//password not entered
errors.add("marks.finalPresentation", new ActionMessage("marks.finalPresentation"));
request.setAttribute("StudentList", testing);
return errors;
update.jsp**
<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
<%@ taglib uri="/WEB-INF/struts-logic.tld" prefix="logic" %>
<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
<%@ page import="fypms.model.*" %>
<link href="/FYPMS/css/style.css" rel="stylesheet" type="text/css">
<!--Can contains: JSP -->
<html:html locale="true">
<html:form action="/updateMarks" method="post" onsubmit="return validateUpdateMarks(this);">
<html:errors/>
<table>
<tr>
<td>Name</td>
<td>Admin Number</td>
<td>First Presentation</td>
<td>Final Presentation</td>
</tr>
<logic:iterate id="myCollectionElement" name="StudentList">
<tr>
<td> <bean:write name="myCollectionElement" property="name"/><html:hidden name="hiddenBatch" property="batchNumber"/></td>
<td> <bean:write name="myCollectionElement" property="adminNo"/><html:hidden name="myCollectionElement" property="adminNo"/></td>
<td> <html:text name="myCollectionElement" property="first_Present" /></td>
<td> <html:text name="myCollectionElement" property="final_Present" /> </td>
</tr>
</logic:iterate>
>
<tr><td colspan="4"><html:submit value="enter"/></td></tr>
</table>
<!-- Begin Validator Javascript Function-->
<html:javascript formName="UpdateMarks" staticJavascript="true" />
<!-- End of Validator Javascript Function-->
</html:form>
</html:html>
thank in advance# -- validation text(display text) for login page --
valid.title=Simple Validation Test Form
prompt.username=Username
prompt.password=Password
prompt.phone=Phone Number
prompt.email=E-Mail Address
prompt.url=URL (Website Address)
login.userid = Username is required
login.password = Password is required
#-- validation text(display text) for Update presentation marks page --
prompt.firstPresent=first_Present
prompt.finalPresent=final_Present
marks.firstPresentation=First Presentation marks is required
marks.finalPresentation=Final Presentation marks is required
thx for ur help ^^
Message was edited by:
fatmond -
Having problem with client side Authentication.
Hi,
I am haveing a problem enabling client side authentication with SSL on
weblogic 5.1.
I have set up the .properties files as explained, however it appears
my client is not sending a certificate back to the server. The same
client however works perfectly (using the same keystore file) with a
sample ClassFileSErver webserver from the jsse distribution. (the
client is a very slightly modified version of
SSLSocketClientWithClientAuth sample that comes with Jsse)
Below I've included a section of the debug dump from the interactions.
The only other difference I can see is the cipher suites offered by
the servers.
Weblogic offers type 0 or 9, and agrees on type 9
(SSL_RSA_WITH_DES_CBC_SHA), whereas ClassFileServer offer type 0 or 5
and settles on type 5 (SSL_RSA_WITH_RC4_128_SHA).
I am using the same keystore for both examples. Both servers request
an RSA client cert.... I'm out of ideas.
Any help would be greatfully received.
Cheers,
Keith
Debug dump information
=====================================
1/Weblogic server.
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<CN=K H, OU=itsmobile, O=itsmobile, L=Dublin, ST=Dublin, C=ie>
<[email protected], CN=Demo Certificate Authority,
OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US>
<CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
ST=FOR TESTING PURPOSES ONLY, C=ZA>
[read] MD5 and SHA1 hashes: len = 427
0000: 0D 00 01 A7 01 01 01 A3 00 67 30 65 31 0B 30 09
.........g0e1.0.
0010: 06 03 55 04 06 13 02 69 65 31 0F 30 0D 06 03 55
..U....ie1.0...U
0020: 04 08 13 06 44 75 62 6C 69 6E 31 0F 30 0D 06 03
....Dublin1.0...
0030: 55 04 07 13 06 44 75 62 6C 69 6E 31 12 30 10 06
U....Dublin1.0..
0040: 03 55 04 0A 13 09 69 74 73 6D 6F 62 69 6C 65 31
.U....itsmobile1
0050: 12 30 10 06 03 55 04 0B 13 09 69 74 73 6D 6F 62
.0...U....itsmob
0060: 69 6C 65 31 0C 30 0A 06 03 55 04 03 13 03 4B 20
ile1.0...U....K
0070: 48 00 AC 30 81 A9 31 0B 30 09 06 03 55 04 06 13
H..0..1.0...U...
0080: 02 55 53 31 13 30 11 06 03 55 04 08 13 0A 43 61
.US1.0...U....Ca
0090: 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04
lifornia1.0...U.
00A0: 07 13 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F ...San
Francisco
00B0: 31 15 30 13 06 03 55 04 0A 13 0C 42 45 41 20 57
1.0...U....BEA W
00C0: 65 62 4C 6F 67 69 63 31 11 30 0F 06 03 55 04 0B
ebLogic1.0...U..
00D0: 13 08 53 65 63 75 72 69 74 79 31 23 30 21 06 03
..Security1#0!..
00E0: 55 04 03 13 1A 44 65 6D 6F 20 43 65 72 74 69 66 U....Demo
Certif
00F0: 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 31 icate
Authority1
0100: 1E 30 1C 06 09 2A 86 48 86 F7 0D 01 09 01 16 0F
.0...*.H........
0110: 73 75 70 70 6F 72 74 40 62 65 61 2E 63 6F 6D 00
[email protected].
0120: 8A 30 81 87 31 0B 30 09 06 03 55 04 06 13 02 5A
.0..1.0...U....Z
0130: 41 31 22 30 20 06 03 55 04 08 13 19 46 4F 52 20 A1"0
..U....FOR
0140: 54 45 53 54 49 4E 47 20 50 55 52 50 4F 53 45 53 TESTING
PURPOSES
0150: 20 4F 4E 4C 59 31 1D 30 1B 06 03 55 04 0A 13 14
ONLY1.0...U....
0160: 54 68 61 77 74 65 20 43 65 72 74 69 66 69 63 61 Thawte
Certifica
0170: 74 69 6F 6E 31 17 30 15 06 03 55 04 0B 13 0E 54
tion1.0...U....T
0180: 45 53 54 20 54 45 53 54 20 54 45 53 54 31 1C 30 EST TEST
TEST1.0
0190: 1A 06 03 55 04 03 13 13 54 68 61 77 74 65 20 54
...U....Thawte T
01A0: 65 73 74 20 43 41 20 52 6F 6F 74 est CA Root
main, READ: SSL v3.0 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2
And below is a sample when I used the ClassFileServer.
This time the client (same src) returned a certificate.
2/ClassFileSErver (from Sun Jsse distribution)
*** CertificateRequest
Cert Types: DSS, RSA,
Cert Authorities:
<CN=K H, OU=itsmobile, O=itsmobile, L=Dublin, ST=Dublin, C=ie>
[read] MD5 and SHA1 hashes: len = 114
0000: 0D 00 00 6E 02 02 01 00 69 00 67 30 65 31 0B 30
...n....i.g0e1.0
0010: 09 06 03 55 04 06 13 02 69 65 31 0F 30 0D 06 03
...U....ie1.0...
0020: 55 04 08 13 06 44 75 62 6C 69 6E 31 0F 30 0D 06
U....Dublin1.0..
0030: 03 55 04 07 13 06 44 75 62 6C 69 6E 31 12 30 10
.U....Dublin1.0.
0040: 06 03 55 04 0A 13 09 69 74 73 6D 6F 62 69 6C 65
..U....itsmobile
0050: 31 12 30 10 06 03 55 04 0B 13 09 69 74 73 6D 6F
1.0...U....itsmo
0060: 62 69 6C 65 31 0C 30 0A 06 03 55 04 03 13 03 4B
bile1.0...U....K
0070: 20 48 H
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
matching client alias : rsakey
*** Certificate chainMatt,
Did you read this article:
https://wiki.sdn.sap.com/wiki/display/BSP/Using%20Proxies
This explains how to properly setup the HTTPURLLOC table.
In your case you should have entries that look something like this:
40 HTTP * <internal host name> <https port>
50 HTTPS * <external host name> <https port>
In addition you need to run the report to determine if the proxy configuration is setup properly. The URL should be run with the
https://<externalhostname>/sap/bc/bsp/sap/system_test/test_proxy.htm
Take care,
Stephen -
Issue in opening reports in Disconnected Analytics at Client side.
Hi Gurus,
I have successfully configured the disconnected analytics.
The repository name = disconnected.rpd
In the Connection Pool tab, below information is given :
User name = Disconnected
Username/password = dba/dba
Call interface =Default(ODBC 3.5)
In the Database tab, below information is given:
Database : SQL Anywhere 9
On the client side, when I open the report "channel_report" in answers, it is giving me below error :
Odbc driver returned an error (SQLExecDirectW).
Error Details
Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 16001] ODBC error state: 28000 code: -103 message: [Sybase][ODBC Driver][Adaptive Server Anywhere]Invalid user ID or password. (HY000)
SQL Issued: SELECT Channels."Channel Class" saw_0, Channels."Channel Desc" saw_1 FROM SH ORDER BY saw_0, saw_1
Can anyone know how to resolve it?
~ John
Edited by: user541642 on Sep 16, 2011 4:40 AMHi Gurus,
I have successfully configured the disconnected analytics.
The repository name = disconnected.rpd
In the Connection Pool tab, below information is given :
User name = Disconnected
Username/password = dba/dba
Call interface =Default(ODBC 3.5)
In the Database tab, below information is given:
Database : SQL Anywhere 9
On the client side, when I open the report "channel_report" in answers, it is giving me below error :
Odbc driver returned an error (SQLExecDirectW).
Error Details
Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 16001] ODBC error state: 28000 code: -103 message: [Sybase][ODBC Driver][Adaptive Server Anywhere]Invalid user ID or password. (HY000)
SQL Issued: SELECT Channels."Channel Class" saw_0, Channels."Channel Desc" saw_1 FROM SH ORDER BY saw_0, saw_1
Can anyone know how to resolve it?
~ John
Edited by: user541642 on Sep 16, 2011 4:40 AM -
Configuring AD LDS Password Hash Algorithm
Hello,
I have a client which has a requirement that the passwords in Active Directory should be stored using the Secure Hash Standard (SHS) standard. This could be SHA-1 or SHA-2.
Could you please tell me where can I check the current hashing algorithm and configure the new one?
Windows Server 2008 R2 Enterprise
Forest & Domain functional level: Windows Server 2008 R2
Thanks!Hi Levente,
I don’t think it is possible to specify algorithm to encrypt AD passwords. The password is computed by RSA MD-4 and MD-5 algorithm.
More information for you:
Help: How to configure encryption/hashing policies on Active Directory 2008 LDS
http://social.technet.microsoft.com/Forums/windowsserver/en-US/04591e6e-22d3-4251-ab55-b778a479465e/help-how-to-configure-encryptionhashing-policies-on-active-directory-2008-lds?forum=winserverDS
View Password hash in Active Directory
http://social.technet.microsoft.com/Forums/windowsserver/en-US/63e3cf2d-f186-418e-bc85-58bdc1861aae/view-password-hash-in-active-directory?forum=winserverfiles
Active Directory hashing algorithms used?
http://social.technet.microsoft.com/forums/windowsserver/en-US/7fbc0669-2ccb-4c24-9f08-24241e30d72b/active-directory-hashing-algorithms-used
Md5 passwords in Active Directory
http://social.technet.microsoft.com/Forums/windowsserver/en-US/5bed809e-3e04-4917-b940-47d3c758987f/md5-passwords-in-active-directory
Best Regards,
Amy -
Client side authentication, 2 sided SSL
Hi,
Is using client side SSL auth. effective when working (via webservice) with a load balancer (SSL termination) that passes requests to a server connected to it?
Is this ok? considered a best practice? does the client side certificate add any security?
THANKS!I agree with you sabre150. However, I was restricting my comments to the authentication part of Access Control (which I once defined in a book as being a three-part protocol dance, where every part is related, but independent):
i) Identification - where someone claims to be somebody who needs access to a resource;
2) Authentication - where that someone has to prove they are who they claim to be; and
3) Authorization - where the system determines if that authenticated entity is authorized to access the resource.
Sending the Client SSL certificate is Identification (anyone can do this so it doesn't prove anything). Digitally signing the nonce sent by the server is the proof (and the Authentication part of the dance). Verifying authorization is completely separate from the authentication part of the decision (which is what you referred to).
Many people confuse all three steps as "authentication" because it happens seamlessly on most systems; but in reality, they are distinct parts that can be interchanged - you can use a username-string as an identifier, a password as an authenticator and a UNIX group membership for authorization. You can also use an LDAP DN as an identifier, a digital signature as an authenticator and a XACML rule-set for authorization - and so on.
In the end, a system must do all three parts of the dance to provide access to protected resources; SSL ClientAuth focuses on only the authentication part of the dance; and for SSL ClientAuth to be considered secure, the protection of the Private Key becomes the single most important determinant. Everything after the verification of the digital signature is an authorization decision (which you pointed out).
(Sorry for the long answer, but I often make mistaken assumptions that cause me to write more cryptically than I should).
Arshad Noor
StrongAuth, Inc. -
Hi
I have been trying to read my mails from Microsoft Exchange Server by using java library developed by Various Software Products like Javamail,Mousetrap,Icemail,Jscape,JavaMail, and IPWorks.
On our server side we are having "Secure Password Authentication"(NTLM) in order to encode and decode mails, So we need to use the same Authorisation Mechanism on Client Side so that we can read mails from the Exchange Server.
( As Server Side Autherisation Mechanism should match with Client Side Autherisation Mechansim to read mails from Exchange Server)
On Client Side, I have tried using the software products that i specified above. All the above listed products are supporting CRAMMD5,PLAIN,LOGIN,DIGEST-MD5 Autherisation Mechanisms But, No one are supporting NTLM Autherisation.
As we have NTLM autherisation mechanism set on the server side, so i need to use the same Autherisation mechanism on client side too.
The current Exchange server version we are using is " 5.5.2654.50". I have also tried installing the Evaluation version of Microsoft Exchange server 2003 and checked whether it supports any other authentication other than NTLM. I found that, it is allowing me to use either "Clear Text" or "NTLM".
could anyone help me in providing any Software Product (Java Library) that supports "NTLM Autherisation" to read mails from Exchange Server.
Protocol that we are using - IMAP
I will be greatful if anyone can help me in this
thanks
Srinivasa Kanchiraju
Dynalivery Corporation
Saint Louis MO - 63043
Tel - 314 205 8995 ext 21The problem is that NTLM is a Microsoft proprietary authentication mechanism.
I believe there are some products in the JavaMail Third Party Products page
that support NTLM.
http://java.sun.com/products/javamail/Third_Party.html
Maybe you are looking for
-
Login Error SQL Plus in Oracle9i
I installed completely Oracle9i on my system. I have to make databases, make forms and generate reports for my scool project. I cannot login to sql Plus using scott tiger . I think the problem is with HOST STRING. Can anyone help please. Thank you Sh
-
I accidently got something in the headphone jack,does anyone have any suggestions?
Me and my friends were prank calling with my iPod touch, when her mom was coming down the stairs. We were WAY up past the time we were so post to go to bed, so I quickly ended the call, grabbed my headphones, and shoved the headphones into the headph
-
Screen cannot be activated properly, only getting a frame around each app
The screen cannot be shifted at all; I can only activate individual elements Each time it looks like screen is in freeze Soft and hard reset (done a couple of times) don't help
-
I can't find the audio books transferred using OverDrive Media Console
I have downloaded audiobooks using OverDrive Media. They are transferred to my Ipod nano but don't show up in "Audiobooks" .or anywhere else.
-
How can you download a HTTP file into a directory on your computer? The file type of the file is .mp4 so I can't read the data then save to my computer.