security - Web App that Compares User Credentials to /etc/shadow -

-

I secure a web application by checking the user entered with / etc / shadow to verify the user credentials I want to do it (unless there is some other solution). Is there any safe way to do this? It will not be very difficult to get it to run as root and then it will check the file and designated hash algorithm and salt string will be run, but it keeps the salt value in the hashes and reduces security. System Key

So is anybody trying utility or better and web application can be safely verified to access my UNIX credentials or / etc / shadow?

In general, the authentication will be controlled by the web server (Container Managed Authentication). For example, in Tomcat, it will be certified against an Active Directory: 

  & lt; Realm className = "org.apache.catalina.realm.JNDIRealm" debug = "99" connectionName = "CN = Our User, OU = Account, DC = Domain, DC = COM" Connection Password = "S0mePassWord" connectionURL = "ldap: //192.168.1.0: 389 "Optional URL =" ldap: //192.168.1.1: 389 "Referral =" Follow "userbase =" OU = user accounts, DC = DomainAds, DC = com "UserSector =" (SAMACONNIM = "{0})" userbutry = "true" rollback = "ou = user roles, dc = domain ads, dc = com" role-name = "cn" role search = "(member = {0})" role filtration = "true" / & Gt;   
 Whatever you ask is not impossible, but be careful not to give an encrypted password as a parameter because these "ps" commands can appear on some forms Are there.  
 For the script (you probably need more than one) that you ask, it can tell you about security problems, especially if you are not aware of all the complexities of code injection in the script (The same idea is for a SQL injection, except for the script.)

Comments

Post a Comment

Popular posts from this blog

php - PDO bindParam() fatal error -

-
I am trying to learn PDO, now I have written this small code, but it gives me a serious error: < P> Fatal error: Call a member function at a non-object dot () ... $ con = new mysqli ("127.0.0.1", "root", "", "csvdangercheck"); $ Query = $ con- & gt; ("Id,` var1`, `var2`) values ​​(" id,: var1,: var2) ";); $ query- & gt; bypass pattern (': id', $ id); $ query- & gt; BindParam (': var1', $ VAL1); $ Query- & gt; bindParam (': var2', $ val2); $ Query-> Executed (); I Trying to use print_r ($ con-> errorInfo ()) but Fatal error: Undefined method mysqli :: errorInfo ( ) ... can someone tell me what am I missing? Flaffeh said, you have PDO Missing Mysqy, try it: $ con = new PDO ('mysql: host = 127.0.0.1; dbname = csvdangercheck', 'root', '');
Read more

logging - How can I log both the Request.InputStream and Response.OutputStream traffic in my ASP.NET MVC3 Application for specific Actions? -

-
For a specific set of tasks, I need to log in to the incoming request inputstream as well as outgoing response. is. I am using an ActionFilterAttribute for this and overriding the OnActionExecuted and OnResultExecuted methods. So I'm starting with this idea ... Public category ActionLoggerAttribute: ActionFilterArrbit {Public Override Zero On-Offed Execution (ActionActioned Contact Filter Filter) {base.OnActionAxecuted (FilterContext); HttpRequestBase request = filterContext.HttpContext.Request; // TODO: Log the request. InputStream} Public Override Zero OnResultExecuted (ResultExecutedContext FilterContext) {base.OnResultExecuted (filterContext); HTTPRPSPointBase Response = FilterContacts Hpptex response; // TODO: Log on Response.OutputStream}} Ideally I'll hook it up with enterprise library logging because I'm already using it for error logging. Am I reaching the input and output stream at the right time? Can I easily use the Enterprise Library to log i
Read more

java - Why my included JSP file won't get processed correctly? -

-
I am trying to create Java web framework (and learning), and on the basis of 'Code Generator In the process of making the material view of the database in the process of development, I stumbled into a difficulty, which I do not know how to solve it. First of all, I want the following index.jsp : & lt; Body & gt; Use all pages to be created. & Lt;% @ include file = "header.jsp"% & gt; & Lt; Hours / & gt; & Lt;% @ included file = "body.jsp"%> & Lt; Hours / & gt; & Lt;% @ include file = "footer.jsp"% & gt; & Lt; / Body & gt; And, in body.jsp , I should have it like this: & lt; Jsp: include page = "$ {Application_modul}"%> Where application_modul is an attribute defined in its controller: request.setAttribute ("application_modul", "USER_ACCOUNT \\ ' View_user_account.jsp "); This file can be found properly, but the processed JSP does
Read more