security,curl,ssl-certificate,facebook-oauth,facebook-authenticationRelated issues-Collection of common programming errors
skaffman
security java-ee glassfish-embedded jboss-arquillian
I want to test my EJBs on an embedded Glassfish using Arquillian. The important thing is that I have to have security up because my bean logic does some programmatic security checking (sessionContext.isCallerInRole(role)).Is it possible to simulate a login with Arquillian on an Embedded Glassfish?How do I setup the Embedded Glassfish to use user and role property files?[EDIT]I found a post who’s directions I decided to follow (http://community.jboss.org/message/580290) but I still got issues.1 m
shennan
node.js security mongodb passwords
New to Node, new to Mongo. Etc Etc…I’m itching to get started on a project with these two technologies but one of the concerns is security. It seems more terrifying with Node because the server logic is so close to the application, and MongoDB comes with flood-gates open right out of the box.My question is, am I right in assuming that the only real use for MongoDB’s native authentication support (i.e the system.users database) is in the event of needing to screen external connections from outs
Paul Erric
java security
I am trying understand the basics of java security and AccessController.doPrivileged() usage i started with a sample programimport java.security.AccessController; import java.security.PrivilegedAction; public class AccessSystemProperty {public static void main(String[] args) {System.out.println(System.getSecurityManager());AccessController.doPrivileged(new PrivilegedAction<Boolean>(){public Boolean run(){System.out.println(System.getProperty(“java.home”));return Boolean.TRUE;}});} }if i tr
Ian Boyd
windows security winapi authentication active-directory
It has been asked, and answered for .NET, but now it’s time to get an answer for native Win32 code:How do i validate a Windows username and password?i asked this question before for managed code. Now it’s time for the native solution.It needs to be pointed the pitfalls with some of the more commonly proposed solutions:Invalid Method 1. Query Active Directory with ImpersonationA lot of people suggest querying the Active Directory for something. If an exception is thrown, then you know the credent
14 revs, 3 users 93%UpTheCreek
security authentication
I’d like to know what people consider best practice for securing the Admin sections of websites, specifically from an authentication/access point of view.Of course there are obvious things, such as using SSL and logging all access, but I’m wondering just where above these basic steps people consider the bar to be set.For example:Are you just relying on the same authentication mechanism that you use for normal users? If not, what? Are you running the Admin section in the same ‘application domain
OPcorki
c# wcf security
My setup is a little complicated so let me go over that first. We have a WCF web service that gets data from various sources through several different API’s and returns that data to the client. The requested security is that it be done over HTTPS(working) The IIS standard is that the app pool must be set to use the basic IIS network service account and that .net impersonation should be used.My problem is that the web service should always run under an AD process ID regardless of who calls it,
user257257
.net security hash passwords
I seen this question http://stackoverflow.com/questions/287517/encrypting-hashing-plain-text-passwords-in-databaseand i am aware i shouldnt do md5(“salt” + password); and i see an implementation in python for a solution.Is there a .NET built in function with params i can use instead of writing my own?
Terry Gardner
java security active-directory kerberos
I’m trying to get a TGT for authentication from the Active Directory using JAVA.This is my code:try {URL localURL = super.getClass().getResource(“jaas_ntlm_configuration.txt”);System.setProperty(“java.security.auth.login.config”, localURL.toString());LoginContext localLoginContext = new LoginContext(“GetLoginNameKerberos”, new SampleCallbackHandler());localLoginContext.login();Subject localSubject = localLoginContext.getSubject();….. } catch (LoginException localLoginException) {localLoginExce
rickygrimes
java security
I see errors when I run the test code from ESAPI documentation.import org.owasp.esapi.ESAPI;public class EsapiTest {public static void main(String[] args){System.out.println(“ESAPI.accessController found: ” + ESAPI.accessController());} }This is the error I get -Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundExceptionAttempting to load ESAPI.properties via the classpath.ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgu
Luke A. Leber
java security
This issue has had me scratching my head for a few days now. For sites on a certain network (which happens to be a DDOS migitation provider), security management checkConnect calls seem to be taking a very, very long time in comparison to other sites.Is there any way that sites on this network can be thrawting the security manager’s access checks? Is there a configuration that I am not aware of? Am I going (more) insane?Here is a test case that demonstrates…package com.test;import java.net.
Hitham S. AlQadheeb
ruby-on-rails ruby curl
I have facing some problem with curl and curb on windows.working on following environment : ruby 1.9.3 rails 4.0.3and added ‘elance’ gem with gemfile but after added this gem got following error. i need a solution for window environment.Error details :Gem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extensionc:/Ruby193/bin/ruby.exe extconf.rbchecking for curl-config… nochecking for main() in -lcurl… no*** extconf.rb failed ***Could not create Makefile due to some reason
Harry
ruby-on-rails curl libcurl
I’ve been trying to do some simple “rails server” on my “Ruby on Rails” application, however I’m working with a friend of mine who is using linux, I’m sitting on windows xp (32 bit) everything is going smooth and all, he implement the gem called “curl” and “typhoeus”, so in order for me to view it on my localhost:3000 I must install the gems aswell. So this is what I wrote:D:\>gem install typhoeus Building native extensions. This could take a while… ERROR: Error installing typhoeus:ERROR:
Matt Wolfe
ruby curl libcurl windows-xp
I’m trying to do file uploads with ruby 1.8 and it seems like there are no good out-of-the-box solutions. They all seem to need some 3rd party patch or fork of a project to work. I would use mechanize but I actually need to interface with an xml api and mechanize seems to be made specifically for dealing directly with webpages. I’ve tried RestClient but it doesn’t have that functionality for multipart forms out of the box, you have to use a fork of the project to get it to work. Similar situatio
user3205094
ruby windows curl path libcurl
I am running windows 8 and have been getting the error below.c:\Ruby200-x64>gem install curb — –with-curl-dir=c:\curbTemporarily enhancing PATH to include DevKit…Building native extensions with: ‘–with-curl-dir=c:\curb’This could take a while… ERROR: Error installing curb:ERROR: Failed to build gem native extension.C:/Ruby200-x64/bin/ruby.exe extconf.rb –with-curl-dir=c:\curbchecking for curl-config… no checking for main() in -lcurl… no * extconf.rb failed * Could not create Makefil
Korebian
android c++ curl android-ndk
I’m working on an Android project, where we have made all the server calls in C++ code, because it is to work on both iOS and Android. The iOS app has cURL functioning in it’s native enviorment, but our Android app can’t even get the proper includes to work. It’s both in our C++ file, where it can’t resolve things like std::string, and in the cURL library, where it can’t resolve size_t and so on.I’ve looked at various other posts, and tried a bunch of things, the only thing to seems to help is i
Marius Kavansky
ruby ubuntu curl gem ubuntu-12.10
It gives me the error ofgem install curb Building native extensions. This could take a while… ERROR: Error installing curb:ERROR: Failed to build gem native extension./usr/bin/ruby1.9.1 extconf.rb /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require’: cannot load such file — mkmf (LoadError)from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require’from extconf.rb:1:in `<main>’Gem files will remain installed in /home/user1/.rvm/gems/ruby-1.9.3-p392/gems/curb-0.8.3 for
ekad
curl ruby-on-rails-4 gem install curb
when i run bundle install, i receive this errorGem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extension .C:/Rails/Ruby1.9.3/bin/ruby.exe extconf.rbchecking for curl-config… no checking for main() in -lcurl… no * extconf.rb failed * Could not create Makefile due to some reason, probably lack of necessary libraries and/or headers. Check the mkmf.log file for more details. You may need configuration options.I have also tried this and it is still not workingC:\Workspace
Andrew WC Brown
ruby curl rvm curb
I’m trying to install the curb gem on my Debian machine but I’m having a hard time building the gem with native extensions. I’m using RVM.Just a list of things I’m using:debian bundler rvm ruby-1.9.2-p180 curb I’m told I have to install the following packages and I’ve done so:sudo apt-get install libcurl3 libcurl3-gnutls libcurl4-openssl-devWhen I go ahead and do as such:gem install curbBuilding native extensions. This could take a while… ERROR: Error installing curb:ERROR: Failed to build g
AlexSanchez
java json google-app-engine curl jdo
I’m using Goole App Engine to Build my REST API, I’ve already marked my class as PersistenceCapable and also i got defined my @PrimaryKey and also marked as @Persistent(valueStrategy = IdGeneratorStrategy.IDENTITY), also i’ve already EndPoints generated. but when i type in the terminal window a curl command to insert a new entity or registry it doesn’t work. this is the code:@PersistenceCapable(identityType = IdentityType.APPLICATION)class Student{@PrimaryKey@Persistent(valueStrategy = IdGenerat
Steve
ruby-on-rails curl stripe-payments
I am trying to set up Stripe Connect for a rails 3.2.13 app. I have directed the user to Stripe and received back the authorization code from Stripe:HTTP/1.1 302 Found Location: http://localhost:3000/yourshop/stripe?scope=read_write&state=1234&code=AUTHORIZATION_CODEThe next step involves making a POST request to receive the access_token via the access_token_url, per Stripe documentation:curl -X POST https://connect.stripe.com/oauth/token \-d client_secret=sk_test_code \-d code=AUTHORIZA
Pentium10
apache testing ssl ssl-certificate stunnel
For some of my site visitors, the SSL certificate is failing. Whatever tests I do on various browsers for me the SSL certificate is valid.I can’t think of how to test this on client side, and to identify the problem. How would you do this?One client gets: fatal certificate unknown
Sk Shoaib
java rest ssl-certificate webservice-client
My application calls a web service in order to authenticate a specific user in that web service. That web service has their own self-signed CA certificate. I am using POST REST call to that service to authenticate a user by passing users ‘username’ and ‘password’ but then I am getting this error..javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
Nicholas Piasecki
sql-server-2008 ssl-certificate wildcard-ssl
Wildcard certificates (for example, *.example.com) simply did not work in SQL Server 2008 or lower. But Encrypting Connections to SQL Server on MSDN states, plain as day, thatSQL Server 2008 R2 supports wildcards certificates.Excellent. So I set up SQL Server 2008 R2 Express on a machine, and I configure the HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Certificate entry to the thumbprint of my wildcard SSL certificate (because in five years of
Frankidoze
wcf https ssl-certificate custom-binding
I have some self-hosted WCF services using CustomBinding for HTTP protocol on a specific port. I use BinaryMessageEncodingBindingElement and HttpTransportBindingElement so far without problem.Now I need to secure a bit more by using HTTPS but with NO cert. I switched to HttpsTransportBindingElement and set RequireClientCertificate to false.I have no cert installed on that port. I checked by running “netsh http show sslcert”.And I get follow error when I try to add my service to a WPF app (browsi
wizardyk
https webview applet javafx ssl-certificate
I have developed a small web browser which is part of my project. It’s okay when I load normal web page. But when I try to access to HTTPS page, SSLProtolException is occured. I found question which is similar problem in Android. But my environment is Windows.Here is similar case. JavaFX WebView Not Loading HTTPS PageBut I’m faced with different Exception, and it also couldn’t run in IDE(Eclipse). Here are the contents of error message.WARNING: Unexpected error javax.net.ssl.SSLProtocolException
Nakilon
windows ssl-certificate man-in-the-middle mitmproxy
I want to programmatically install certificate into Windows for localhost MITM SSL sniffing.>certutil -addstore “TrustedPublisher” mitmproxy-ca-cert.p12 TrustedPublisher CertUtil: -addstore ??????? ?? ?????????: 0x80093102 (ASN: 258) CertUtil: ? ASN1 ???????? ??????????? ????? ??????.means in English the Unexpected end of data While this command:>certutil -asn \Users\Nakilon\.mitmproxy\mitmproxy-ca-cert.p12 CertUtil: -asn – ??????? ??????? ?????????.doesn’t see any issue.
thelsdj
ssl-certificate dell-poweredge idrac
I’ve got some servers with iDRAC7 Enterprise and I want to add my existing wildcard SSL certificate for my domain so that when I load the iDRAC webpage I get a valid certificate.I’ve tried the “Upload Server Certificate” option but I can’t seem to find the required format. If this was possible I would assume the format would be PEM or PKCS12, something that included the key as well as the certificate. And allowed intermediate certificates as well, but I can’t seem to figure it out.The other opti
Steve
postfix ssl-certificate dovecot openssl
I’ve been trying to get Postfix and Dovecot set up for days and I think I have resolved all problems except for one that just came up. When I try to restart Dovecot I get the following error message:doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set [….] Restarting IMAP/POP3 mail server: dovecotdoveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not setWhen I check dovecot.conf, there is not
Brandon
ssl ssl-certificate tls
I apologize in advance if this question is a little confusing, my knowledge of SSL certificates is limited.Basically there are 2 third party servers that I would make a call to over TLS. This worked fine until the servers had their certificates changed. I was assured the servers were setup identically and the certificates were exactly the same, however the calls to the first server still worked while the second server would not. The second server would timeout with the .NET exception{System.Net.
aghaux
c# ssl windows-server-2008 ssl-certificate
I am trying to connect to a SSL Secured Webservice with my ASP.NET (C#) application. On my local machine everything works well, but on my server the folling error appears.**System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. —> System.IO.IOException: The decryption operation failed, see inner exception. —> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted**— End of inner exception stack trace –
tyler
facebook facebook-graph-api oauth facebook-oauth
We’ve run into a very strange case in which a particular Facebook account fails on a request to ‘https://graph.facebook.com/me/friends?access_token=XXX’ after successful login. After discovering this case in our app I verified that the exact same exception occurs when using the Facebook SDK sample – SessionLoginSample. After successfully logging into this particular account and granting privileges I return to the sample app and click the test link. This is the response:{“error”: {“message”: “
ios developer
iphone facebook-graph-api facebook-oauth
I’m currently integrating this API https://github.com/reallylongaddress…book-Graph-APIThe integration all works fine and i’m using the “post” method to post things to peoples walls, all works fine. The code from the original API does the same, but below is my modified version…NSMutableDictionary *variables = [NSMutableDictionary dictionaryWithCapacity:6]; [variables setObject:strMessageFb forKey:@”message”]; [variables setObject:@”http://fundaciomiro-bcn.org” forKey:@”link”]; [variables set
Gates
facebook facebook-javascript-sdk facebook-php-sdk facebook-oauth
Like many people I’ve found across stack overflow I’ve been experiencing an issue where after about 10-15 mins of time the users get randomly logged out and brought back to the “Login with Facebook” page where the button does not work without a press and a manual refresh.I setup the try { } of the getUser() to log any eception and what I found was the general error:OAuthException: An active access token must be used to query information about the current user.I quickly searched the net trying fi
vijay
facebook-php-sdk facebook-oauth
I m developed a app for a photo contest.steps: the user authorize the app where i get the permission to get the photos and email. Intro page and choose from facebook link Photo’s page where all of the users facebook photos are shown to choose. the user select one photo and click next form to fill in and submit. thankyou page with the photo selected.In this app, my canvas url is “http://mysite.com/index.php?” where i authorize the app.so when the user click “choose from facebook” link it redirect
Adrian Muscat
php facebook-graph-api facebook-oauth facebook-wall
I created a Facebook App using PHP on my website. To use this application on my website the user must login using Facebook authentication.This app basically lets the user post a default comment on his wall. It works fine using my facebook profile account, but when I asked my friend to use my site he gets the following error – ‘Uncaught OAuthException: (#200) The user hasn’t authorized the application to perform this action thrown in’The only solution to my problem i found till now is by entering
Jared Mark
php oauth facebook-php-sdk facebook-oauth facebook-canvas
I am doing a Canvas app inside the facebook page.My very simple question is this: With the newest facebook SDK (just downloaded today), if a user has not yet granted access permission to your app, will the facebook class within the SDK automatically determine that and attempt to get authorization?I can manually get auth for my app by going here:https://graph.facebook.com/oauth/authorize?client_id=<myClientID>&redirect_uri=<myRedirectURL>&type=user_agent&display=page&
Foxish
facebook-graph-api oauth facebook-fql facebook-php-sdk facebook-oauth
I recently discovered that one of our production servers is giving a fatal error when we try to issue an FQL query via the Graph API. The exact same code on other servers works perfectly. The servers are behind a load balancer with a single IP address.The error is:PHP Fatal error: Uncaught OAuthException: (#5) Unauthorized source IP addressthrown in /usr/local/home/faniq/php-lib/facebook/base_facebook.php on line 1039I have tried adding the IP address to my FB app’s server whitelist (which wa
fmendez
facebook-graph-api facebook-php-sdk access-token facebook-oauth
I am getting this error when i open my app canvas. I already found out in which line the error comes up.User is logged in <-(echo by php) Short Token is: XXXTOKENXXX <-(echo by php) Fatal error: Uncaught OAuthException: An active access token must be used to query information about the current user. thrown in /var/www/vhosts/xxx.de/httpdocs/src/base_facebook.php on line 1254 It occurs when i request the following:$permissions = $facebook->api(“/me/permissions?access_token=” . $params[‘a
Shayan Husaini
php facebook facebook-graph-api facebook-oauth
I am creating an application where user can install different application on their facebook page everything works fine but problem occurs when i install the application using graph api method it returns the application access token onwards so when i tried to access any users information it throws the exception that says:Fatal error: Uncaught OAuthException: A user access token is requiredto request this resourceCalling again and again getAccessToken method returns application access token. I jus
Zachary Lassiter
php facebook oauth facebook-php-sdk facebook-oauth
I get the Uncaught OAuthException: (#200) The user hasn’t authorized the application to perform this action\ error on occassion when a user changes their password, and I want to continue the crontab script, not causing it to end in a fatal error so I can handle the other users….Is this possible?
ns-keip
database facebook authentication facebook-authentication
Users of my application can authenticate via Facebook, so I store facebook uids in my database and when user logs in I need to query my database like this:SELECT * FROM users WHERE uid = _SOME_UID_;Now uid column is VARCHAR, but I think that I need to convert it to some numeric type BIGINT.Why I think I need to do this:processor time: in general operations with a numeric (filtering/indexing) are always faster than same operations with string storage: numeric is smaller than corresponding string
friism
php .net codeigniter facebook-authentication appharbor
The PHP application uses codeigniter framwork 2.2. How can we convert it so that it can be hosted in .net cloud hosting platform like AppHarbor which supports Phalanger converted PHP code.The PHP application also uses Facebook api for facebook-authentication which is not working. Not sure if this is the issue? $facebook->getUser() returns 0.We are not sure which assembly reference is missing?
Michal W
android facebook facebook-graph-api facebook-android-sdk facebook-authentication
Sometimes (not very frequently) my android app crashes after first logging to facebook using Facebook Login (Facebook SDK version 3.5). I’m getting exception: java.lang.RuntimeException: Unable to resume activity {my.app.package/com.facebook.LoginActivity}: java.lang.RuntimeException: Failure delivering result ResultInfo{who=null, request=64206, result=0, data=null} to activity {my.app.package/com.facebook.LoginActivity}: java.lang.NullPointerExceptionwith 2 different root exceptions:Sometimes w
Jimmy Sawczuk
c# .net facebook facebook-authentication
I’m writing a .NET app that runs on a Windows computer. It is not accessible through the browser. The problem is, I can’t authenticate like I should. I’m currently coding in C# .NET, more specific in C#.I have a webbrowser control on my form. The user logs on to facebook through this webbrowser control. After the logon, I start the authentication procedure. I then retreive a code.Here’s where it goes wrong. With this code I want to obtain an access token. The generated request URL looks like: ht
Marco W.
android facebook facebook-graph-api facebook-authentication facebook-android-sdk
I’m using Facebook’s SDK for Android (latest version as of today). The code that is for authentication is the following:prefs = PreferenceManager.getDefaultSharedPreferences(this); facebook = new Facebook(FACEBOOK_APP_ID); String fbAccessToken = prefs.getString(“fb_access_token”, null); long fbAccessExpires = prefs.getLong(“fb_access_expires”, 0); if (fbAccessToken != null) {facebook.setAccessToken(fbAccessToken); } if (fbAccessExpires != 0) {facebook.setAccessExpires(fbAccessExpires); } if (!fa
digster
facebook facebook-graph-api facebook-php-sdk facebook-apps facebook-authentication
I am using the following code to get permissions for my app(the code is in index.php)- <?phprequire_once “sdk/facebook.php”;$fbconfig[‘appid’] = “333446170045623”;$fbconfig[‘secret’] = “9ea7b92bc7eac852a3900e1d7931c34d”;$facebook = new Facebook(array(‘appId’ => $fbconfig[‘appid’],’secret’ => $fbconfig[‘secret’],’cookie’ => true,));$user = $facebook->getUser();if (!$user) { /* If user not found, authenticate */ $loginUrl = $facebook->getLoginUrl(array(‘scope’ => ‘publish_stre
Jeevan Dongre
javascript facebook facebook-graph-api oauth-2.0 facebook-authentication
I am trying out this example http://thinkdiff.net/facebook/new-javascript-sdk-oauth-2-0-based-fbconnect-tutorial/But I am getting xml error which says permission denied.I have changed the application ID also. I am bit confused about the new UI of developers.facebook.com I was comfortable with the old UI. I am not sure where I dont mention my call back url.Kindly help me out.<div id=”fb-root”></div><script type=”text/javascript”>var button;var userInfo;window.fbAsyncInit = funct
Thuglife
javascript facebook facebook-graph-api facebook-authentication
I have been working on integrating Facebook Login with my website, and so far I’ve been succeeding for the most part; however, I still have few doubts.On my homepage; I have a button an a href that will trigger a Javascript function that will prompt the user with a pop-up window to login to Facebook; if it’s the first time, the user will be prompted with another pop-up window that asks for permissions!After the user logs in (and accepts permission); (s)he will be redirected to another page using
user1072337
properties laravel-4 facebook-authentication
I have an authentication system for Facebook login in Laravel that works fine when a user with all of the properties logs in, but when a user doesn’t have one of the properties filled out, it throws an error (for example):Undefined property: stdClass::$bio Here is the relevant code:Facebook.php:public function get_user_info(Token_Access $token){$url = ‘https://graph.facebook.com/me?’.http_build_query(array(‘access_token’ => $token->access_token,));$user = json_decode(file_get_contents($url
Rucha Heda
android eclipse facebook facebook-android-sdk facebook-authentication
I followed the login authentication tutorial on Facebook and have copied the following code into my android applicationprivate Session.StatusCallback callback = new Session.StatusCallback() {@Overridepublic void call(Session session, SessionState state, Exception exception) {onSessionStateChange(session, state, exception);} };However, it is giving me the following errors:Session.StatusCallback cannot be resolved to a typeWhich is leading to the following errors:callback cannot be resolved to a v
Web site is in building