|
As Richard wrote, this is very risky. Are you 100% certain that the partner site is dogged about security?
You may want to consult a IT Security Pro that has a lot of internet communication experience. The specifics of two sites sharing a common login is not good to have in a public forum.
Chris J
www.redash.org
|
|
|
|
|
Already two expert says it vulnerable and it is 100% true, But Yet here is a solution:
1. When User send a request first verify the user and confirm that the user is valid.
2. if valid then create a socket communication to the other server in port 80 or whatever you have chosen, then create the proper header for the other Server and send a login request to that server.
3. The other server will validate the request and send the data as usual. if success you will get a reply through the socket. Receive all data including the cookies.
4. Extract the session parameter from the cookie. save the cookie in your current server.
5. When user would click any link that forward to the other server then do not create direct link.
first send it to any local php file. In that file first set header value with cookie and then using herader location redirect it to the other server.
Perhaps you can save the retrieved session in uri of the forwarded link and then you would have to add a small process to restore session from external variable which I described in this link[^].
Even though two of the commentator demanded that its a violation of security. But the fact they missed is that to retrieve a session id you don't need to be a hacker. all you need is to learn how http behave. If you want to see what session ID now you are using then all you need to do is install live http with firefox and enjoy the act of firefox with header
|
|
|
|
|
Thanks for the solution. ok I understand that it is vulnerable to security. So may be we can follow different approach or at least I can put forward different approach. Instead of auto login - we can say, all the members from xyz site can log in to abc site with their xyz username and password.
Solution to this -
1.) Every time, we ask the partner site to provide us the data with username and encrypted passwords and we match it when user tries to log in but this isn't a good solution. We want the process to be automated.
2.) May be they create a web service and we communicate via that web service to let user log in etc.
How do other sites like spotify works? You can login to spotify using facebook login details?
Is there any better way to do this.
Thanks a lot.
|
|
|
|
|
|
If you are gonna do it, then to answer your question...and this is just "off the cuff", I would most likey set up a seperate server to act as a central store of user logins. All sites must have a registration themselves to access the server and share data. I would then develop a series of scripts with a few interfaces to do...
1) share registered user logins, I would plan on the partner sites maintaining their own and current signup data store, but just have the data sent to a script on this server to process for a shared login. Be certain to scrub the hell out of this regardless of of transport (i.e. - never trust user input, no matter who the user is)
2) a script would be needed to dump the current user logins to the shared login db too.
3) a script to alter a status of a user, ie users baned on one site must not be able to login at yours and vise versa.
4) You will also need a message scheme to notify the target site that site abc has a user that wants login access. I would imagine that this should be managed with a direct server to server communication. This should be like setting a flag for the user. So when the user goes to the new site the login is already done and waiting for them.
5) since logins are handled via session, I imagine a custom session handler is in order as I doubt the default one in php would work. You can google for code to act as a base for your code, or at least for ideas for making your own design.
In a sense this reminds me of have a single login for sites with multiple subdomains and different servers. Here are a few bookmarks of mine that may help shed some light on the session issues related to this and may be an issue to consider as you go forward.
http://shiflett.org/articles/the-truth-about-sessions[^]
http://www.josephcrawford.com/php-articles/going-deep-inside-php-sessions/[^]
I will say again, I have a number of security issues with this. Your going to have a lot of trust in your partners to pull this off and I suspect if your group takes off in popularity the security issues will become even more profound.
You can of course implement a google, or facebook, or some other 3rd party login system. But I can not comment on the pros and cons of them. Maybe someone in the CP forums can?
Chris J
www.redash.org
|
|
|
|
|
|
I dislike the new gnome. I only tried it a little, and it was just too alien. However, a coworker said something I couldn't let go. "You are too young to resist change" and it struck me that computer scientists should probably not resist change.
With this in mind, I went to upgrade my gentoo box to the new gnome. I was determined to try it until I got used to it to give it a fully educated review.
I went to the gentoo upgrade guide , and quickly changed my mind. I left out the default options being wierd. That was a given. The things that bothered me beyond that are quickly adding up. The eselects are long and cryptic, the gs configs are overly complicated, I no longer have a choice for audio and have to use pulse audio, there is no compiz support at all, many of the gnome2 apps have not been ported so they won't work, nvidia cards are pretty well not working and cause several errors, and there are many work arounds for things that don't work already.
I don't think it's a good time to change. What bothers me most about that is now I have to mask it to do a system update, and in a couple months they say they will no longer support the old gnome. If I don't mask it, I have to add lots of ~arch stuff in my update file, meaning it's not ezackery stable yet (though they say it's stable). Why do they make it stop my update?
I think I will keep it masked for now, and wait for it to actually become stable.
Anyone have thoughts on this?
|
|
|
|
|
It's a big change for gnome... every time a product makes a big evolutionary change, you can expect growing pains as well as people that are unhappy about where it's going. For now, I think you can safely continue to use the older versions of gnome, if you simply can't adjust to the new gnome in the future (once they stop supporting gnome 2), there's always kde.
|
|
|
|
|
I'd be more likely to switch to xfce or lxde.
I was prepared for the growing pains. It's just that it pretty well seems like nothing will work on my machine yet. I have a new nvidia graphics card, which pretty well shoots the new gnome in the foot.
|
|
|
|
|
I don't have an nvidia card... so can't comment on that specifically... but at least in Linux there's alternatives... with gnome being the most popular desktop environment, I'm sure the support for a large number of video cards will only continue to improve with time. Unless of course, too many users decide they don't like the new interface and decide to opt for something else, but I honestly don't see that as happening. Hopefully gnome will learn from their mistakes and try to please a wide user base.
|
|
|
|
|
I haven't switched to xfce yet. My decision was to wait until the new gnome and nvidia get along and try it again. I'm determined to give it a good shot before leaving. If dropping support for the old gnome causes problems before the new one is up and running on my machine, then I may switch to something else.
Hopefully it won't be long. With people out there using it now, I'm sure it will move swiftly. All they need is users able/willing to submit reports and useage information and I'm confident they will iron out the wrinkles. After it works with nvidia then I'll make the switch.
|
|
|
|
|
Good luck!
|
|
|
|
|
I too have an NVIDIA on my dell so gnome 3 does not work - Literally. I've switche to XFCE on my mac and am using unity and lxde on my dell.
|
|
|
|
|
I went looking tonight to see how close we were to having nvidia running on gnome 3.2. Either it is fixed now, or I did not read closely enough the first time. My version of nvidia drivers works in both of the noted bugs (or it's supposed to).
I've found the gentoo install/upgrade wiki and am upgrading now. I hope the curve for learning this is not too steap for me. Either way, it's compiling now.
-- Edit --
Well, the desktop booted up. It took a very long time, but to be fair I have not updated my system yet and I need to run etc-update still... And sometimes new stuff just opens slow the first time It does not seem too clunky just now. If I figure out how to organize the applications menu so I can get to my stuff quickly then I think it will go ok. I got an application added to my favorites already.
I don't think learning to navigate in general will be terrible. If someone has links to some information on using some of the features, that would save me some time.
-- End Edit --
modified 15-Jan-12 23:39pm.
|
|
|
|
|
It's not so bad once you get used to it...
|
|
|
|
|
Yeah, I can navigate now. I found where the applications are stored in the menu, and how to put them on my favorites. I even changed my wallpaper. I still prefer the old gnome, but it's not been very long so I suppose that will change in time.
It makes me want to hook a graphics tablet to it instead of a mouse.
|
|
|
|
|
loctrice wrote: It makes me want to hook a graphics tablet to it instead of a mouse.
I think that's what they're striving for... being able to have a "common" environment that will support touch screens and mouse clicks. That way it doesn't matter where you go (tablet or desktop or laptop), you'll be familiar with the interface and be able to work as usual.
|
|
|
|
|
as long as you can support 3d
|
|
|
|
|
It took me forever to figure out how to get my browser to open in a new window instead of just take focus. I use multiple browser instances, as well as tabs. I couldn't find anything on google at all! I felt - insert choice here - when I finally realized you could right click the icon >,<
I like the alt tab thingy though. I can't say I like it more than standard alt tab, but having a sub menu under the "group" looks pretty snazzy.
|
|
|
|
|
Hey, at least discovering new features is always neat.
|
|
|
|
|
Well, I couldn't really get used to it. As a general user it was fine. Was a little different, but not really a big deal. It looked nice.
However, when I was trying to work it was ... well, it was costing me too much time to continue. I could still work, and even kept trying. I just was not efficient. I didn't try it for very long I know, but I was starting to lose some valuable time on some projects.
I installed xfce today. I might try gnome again this summer when we have a slow season at work.
|
|
|
|
|
Every time there's a major change like this, it's going to be hard to get used to it. Plus, the dev team has to learn what's working and what's not working.
There was actually a small study done somewhere (can't remember the source now) that found the very same exact thing you're experiencing, that even though people generally liked the experience, productivity actually went down because it took longer to find things you were looking for. I'm sure GNOME will learn from this and make changes accordingly.
|
|
|
|
|
Dear All member code project
I wanna to know, how to create translater like google translate.
please help/tell me about it.
Thanks b4
|
|
|
|
|
Well you could always include the google translate script somewhere in the page. That way users can change the language of the contents with just one click, as described at Google translate tools[^].
As to creating your custom translate engine, that would be a lot of work including:
- scraping or buying multiple dictonaries for every language
- linking words in dictionaries accross the various languages
- finding a way to stem words to the basics
- building a correct matching algorithm to match one word or group of words to another
And even if you do all that (which is a lot of work) it will still probably work crappy. Though google translate is nice to sorta now what a page tells me (if it is in a foreign language) it is far from perfect. In fact most of the time the translations are more likely to be funny and wrong then right.
|
|
|
|
|