User management plugin/framework for Grails? - security

Is there a user-management plugin for grails?
Nearly every website requires things like:
Users Login/Authentication
Registration (w/ email verification)
Forgotten email reminders User
User Profiles
Are there any Grails plugins/frameworks/whatever that provide things like this as a base to build upon?
I know how to build these things, so I'm not looking for that type of answer. It just seems silly for every person out there to re-implement this type of basic functionality.
A similar example in Java would be AppFuse, but that is far more involved than what I'm looking for here.

Anyone looking at this question today in 2010 would do well to look at the Nimble plugin: http://www.grails.org/plugin/nimble

There are a couple I know of,
http://www.grails.org/AcegiSecurity+Plugin
based on the popular Acegi Security (now called Spring Security), possibly a little heavyweight for what you want.
and secondly
http://www.grails.org/Authentication+Plugin
which is a far lighter weight implementation.
Others can be found at http://www.grails.org/Plugins, under 'Security Plugins'

Here are a few new additions: Spring Security UI and Grum. Both have recent (2012) activity unlike Stark and Nimble which seem to have stopped development (last updates were from 2 years ago).

If you're interested in a Spring-security based solution you could look at Stark:
http://www.grails.org/Stark+Security+Plugin

Related

Missing projects information from the OWASP Secure Coding Practices

When I found the OWASP Secure Coding Practices Guide, I felt like I had found a hidden gem. The information in the checklist format is great. Although I was disappointed to see that links pointed to multiple other external projects is not found and the artifacts for them just do not exist. So pointing it here hoping anyone has more information on them.
Implement a secure software development lifecycle - OWASP CLASP Project: Returns page has been deleted
ESAPI for Php link on OWASP Enterprise Security API project returns nothing
I am unsure how to find or access these.
After digging around I did find ESAPI Python Readme.
As for the OWASP CLASP Project, it looks like that project has been removed due to inactivity (these projects are maintained by volunteers) and now outdate/wrong information.
Depending on what you are looking for, I suggest look at the OWASP Project Inventory. This lists out all of OWASP's projects.
The CLASP project is no longer supported. It has been supersed by the OpenSAMM (http://www.opensamm.org) project who can give you all the things to setup a good and efficent SSDLC (Secure Software Development Live Cycle).
Anyways, as the OWASP projects are movings, i suggest you to point all the time to the home page to have a good and updated view

How best to deal with ExpressionEngine registration spam?

I've got a whole load of EE sites under my belt and generally don't have much of a problem with spam. However, one site that I look after is getting bombarded by registration spam lately. It is an extremely low traffic site and was a bit neglected which meant it was running an old version of EE.
I've now updated the site to the latest EE version and gone through double checking that everything was locked down. I've even tried installing Low NoSpam but I'm still getting the attempted registrations.
My initial thoughts were that there was some security hole in this old version of EE. But since I have now updated everything I'm not so sure.
What is the best way to deal with this other than turning registrations off?
I personally find that RECAPTCHA is the best captcha system out there:
http://devot-ee.com/add-ons/recaptcha
It's ADA compliant, your visitors help translate books and its probably the most popular. Snaptcha would do the trick as well, but I personally think that if you need a captcha (which I hate :)) then go with RECAPTCHA :)
Oh and it's completely FREE too!!
Have you changed the Profile Member trigger word to something other than 'member'?
I had excellent results with Snaptcha for comment spam - it works for registration spam too. Worth a look.

Getting started with Gmail Plugin development

I would like to get into Plugin development using the Gmail API and as such I would like to ask those who already have experience in it a few questions.
What language / languages should I be familiar with? I'm not familiar with Python, PHP, or JavaScript. Will I need to pick up on these?
What level of control do I have on what my plugin can do? Can I for example change the interface or add shortcuts or RSS feeds as a sidebar?
I know a lot of the examples mentioned already exist but I would like to try my own hand at it.
Peter posted a solid list of the official Gmail APIs.
On the other hand, most of the major plugins that you may have heard about are browser plugins that just modify the page source directly, even though there's no official API for it. There used to be a GreaseMonkey API that was a good starting point, but that wasn't supported and no longer works. Best place to start is with a copy of Chrome, creating a content-injection plugin that works on the Gmail page.
Happy to provide some further details if you can clarify what you're going for since I went through this myself a few months back.

Does anyone know of a feature filled forum package for Umbraco 4.03?

I was wondering if anyone has built or know of a decent forum package for Umbraco 4.03??
I've had a little play with this but its a bit basic
http://our.umbraco.org/projects/umbraco-forum-package
and
http://our.umbraco.org/projects/uforum-basics
I've found this article on how to integrate YAF forum but would rather have one which fits a bit better..
http://dawoe.blogspot.com/2009/02/intergrate-yet-another-forum-193rc2.html
Of course I know one answer, write or extend one of the above :) Any help would be gratefully received.
uForum is used to power the Our Umbraco community - so that's the current recommended forum package.
YAF is a fully-featured forum/bulletin-board web-application, which can be integrated with Umbraco (using an ASP.NET Membership Provider). Aside from that YAF is standalone.
Update: There is a new package called nForum.
I guess it depends on your requirements.
What features are lacking, clearly you know what you want so any guidance on what the forum should include will help.
Pretty much any asp.net based forum software would work with Umbraco. I guess the main thing would be the integration with the Membership provider in Umbraco. In this case Any forum software that could use a custom ASP.NET membership provider would integrate pretty much seamlessly.
There are plenty of opensource and commercial forum packages available for ASP.NET, just find one that matches your requirements and look at integrating it or running it alongside Umbraco.

No-code or little-code website

What is a (free) technology which requires the least amount of code for creating a website with the following requirements:
Sign-up/login
Form for adding your personal info. which gets databased
Each person can view and edit their own info
Admin can view and edit any
The form needs to be easily customizable and extensible (by the website's owner, not during run-time)
Is there a beginner tutorial for such a thing?
(For me, this question is about a friend who wants me to do this, but I want him to do it himself so I don't have to get roped into maintenance. I also want to keep it more general for the sake of Stack Overflow and future readers.)
Edit: I thought I remembered some ASP.NET tutorials that were mostly drag/drop or things where it was all but made for you from the database schema (which can be made with SSMS's GUI) but I can't seem to find them now.
Responding to posts below requesting specifics: this site will be for potential clients to sign-up and enter their company's info and fill out a form about their advertising needs.
I thought about putting this on SU instead, but since there was likely going to be some coding involved (I assumed no-code was an unreachable goal) SO seemed more appropriate.
Your friend can consider a framework like drupal. It has a bit of a learning code but, you can create a website with everything you ask for without code. You may want to modify it to change the look but there are themes for that.
Also, some hosts like godaddy.com have this installed and you do not have to worry about the complex installation procedures. Just start modifying the content of the site, select a built in template and go...
PhpBB? I think you need to specify what the website is going to be used for before you can get better/more specific answers.
... have a look at Drupal or Joomla, expect a learning curve nevertheless.
Is this friend a programmer as well? If so, I'd suggest building such a site using a PHP framework. Deploying an existing forum/wiki is also an option of course, but will probably have much more features than you describe. But if s/he's not a programmer, I don't see how s/he will be able to develop a site like that in a reasonable amount of time.
Why not using a CMS like wordpress, drupal and co. ?

Resources