Im trying to create a password protected peer group using JXTA. For that i have used the example code given in the JXTA 2.5 programmers guide. But that code doesn't seems to be working. It has some issues. Does any one have a working example for creating password protected peergroups using JXTA ? Thanks in advance..
In JXTA 2.5, secured peer groups were not tested thoroughly. The password protected peergroup were already more or less abandoned by the community, since they were not protecting anything well anyway. It don't think this code ever worked.
Related
I would like to develop a new web-app in node.js (using express). I am relatively new to node.js world, so I assume there are frameworks that I am not familiar with.
Is there any framework (like Spring for Java) that manages authentication (and save the trouble from the developer)? Or each developer has to write this code over and over again?
Login/Logout is not all. There are other flows:
registration (create account),
forgot-password (and then set new password),
locking/unlocking an account,
change password
and I think I have covered all flows.
I know that each application has its own UI, forms, maybe with its logo, but the flow itself is similar for most applications.
In addition, I know that it is not that hard to implement, but it could be great to have some kind of tool / framework / infrastructure which implements the flows.
Is there such a tool/framework which helps applications' developers and implements these flows?
I've searched this issue but could not find anything.
Thanks!
Long ago I have developed authentication-flows for Java over Spring, and recently I wrote authentication-flows-js.
It is a module that answers most flows - authentication, registration, forgot-password, change password etc., and it is secured enough so applications can use it without the fear that it will be easily hacked.
It is for node.js applications (written in TypeScript) that use express. It is an open source (in GitHub). A release version is on npm, so you can use it as a dependency in your package.json.
In its README (and of course in the npm page) there are detailed explanations for everything and if something is missing - please let me know. An article will be published soon (I will add a link as a comment).
You can find here an example for a hosting application.
NOTE: I have heard comments like "It's not so difficult to implement". True.
But you have to make sure you take care of all cases. For example,
what happens if a user tries to create account that is already exists?
what happens if a user tries to create account that is already exists
but inactive? what about the policy of the password? (too long/too
short/how many capital etc.) what about sending the email with the
activation link to the user? how you create this link? should you
encrypt it? what about the controller that will receive the click on
the link and activate the account? and more...
I'm working for a client on their new website.
It's my last mission, so another developer is going to continue my work after my final delivry.
In order to accelerate the process of "switching developer", my client asks me to give an access of the source code to the next developer.. but as my mission is not finished yet (98% of the website is OK) I risk that the new developer steals the code and the client refuses to pay me.
Is there any tool allowing me to securely give the new developer an access to view my code, ask questions, etc without allowing him to steal it (at least easily) ?
Thank you.
No, this seems more like a legal/contract issue. If the other developer can see the source, he could always duplicate it.
In short, no: If they see they source code, they can duplicate it.
However, if your client simply wants the new developer to have an idea of how your code is structured, you could send them UML diagrams of the Class Hierarchy and the flow of the site.
I hope this helps.
I needed to build an XPages to get the users' calendar entries for both public and private. And I could achieve this enhancement with using sessionAsSignerWithFullAccess in SSJS.
However my code doesn't work in XPiNC in Notes/Domino 9. It seems that sessionAsSignerWithFullAccess doesn't work as I expected and access only public documents.
Are there any way to resolve this issue?
Btw, I've also tried to call the Lotusscript agent in beforePageLoad, which is behalf of administrator and web access user, but no luck. Lotusscript also access only public documents.
Any suggestions would be very much appreciated!
Thank you in advance.
I believe it's the case that the sessionAsSigner sessions run as the current user when using XPiNC, rather than the signer of the XPage. Inconvenient as this is, it makes sense from a security perspective: while a Domino server has free reign to act as any name it likes, a Notes client acts solely as the active ID. Normal XPiNC setups run everything from the local client, so, from a security perspective, it's the same as accessing non-XPage elements.
You could double-check to see if my thinking is accurate by outputting sessionAsSignerWithFullAccess.getEffectiveUserName(). If I'm right, it will be the currently-running user, not the signer.
One way around it would be setting the XPiNC apps to execute on the server (new in 9, I believe). It has some caveats (https://frostillic.us/f.nsf/posts/how-i-got-xpinc-run-on-server-with-sso-working), but it has a lot of advantages both from a performance and a predictability perspective: since the app is actually running on the server in basically the same way as it would in a web browser, it (likely) also supports sessionAsSigner.
Is there a good way to Activate a user (after validating the email for example) or just implement it as a property in ApplicationUser and then do the rest of checking and validating manual?
I found this helpful blog regarding this.
it's a manual process but this worked for me.
http://kevin-junghans.blogspot.ae/2013/10/adding-email-confirmation-to-aspnet.html
Since this article http://symfony.com/doc/2.0/cookbook/security/custom_provider.html has not been written yet, has anyone an idea of how to do that ? (In my case it would be using LDAP authentication).
Thanks for your answers
To help you get started you can check out my blog post which outlines how to create a very basic user provider system:
http://clintberry.com/2011/custom-user-providers-symfony2/
EDIT: This post only covers the custom User Provider. To use LDAP authentication you will need to create your own Authentication Provider as well or use a third party library. http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
This first thing I would suggest you is to do a search for a LDAP bundle on the great website KnpBundles (results here). I saw two results. If you are willing to use an external bundle, you could just use of the two given in the results.
If you prefer to create your own bundle for this task, what I would suggest is to inspire you from these two bundles. Another useful suggestion is to check the FOSFacebookBundle. It is in no mean related to LDAP but, they implements their own provider, so all the glue is there to implement your own.
Just a small notice, if you are developing against Symfony2 master branch, it is good to know that security factory registration has changed a bit. So, be carefull when looking at other bundles to be sure what version they are targeting.
Hope this helps.
Regards,
Matt