ACCESS CONTROL IN APACHE HTTPD 2.4
|
|
- Esmond Harvey
- 6 years ago
- Views:
Transcription
1 ACCESS CONTROL IN APACHE HTTPD 2.4 Rich Slides at: tm3.org/acin24
2 INTRO Before: Hard and limited Now: Easy and very flexible
3 BEFORE (IE, 2.2 AND EARLIER) Order Allow Deny Satisfy
4 ORDER allow,deny Apply all allow rules, then all deny rules Default behavior is to deny everything (ie, "allow from all" followed by "deny from all") deny,allow Reverse that
5 ORDER People always got that wrong Merging sections confused people
6 ALLOW AND DENY Allow/Deny from all Allow/Deny from [address] Allow/Deny from env=[something] "Satisfy All" requires that all restrictions are met, while "Satisfy Any" requires that only one (or more) is met
7 <Directory /dashboard> Order deny,allow Deny from all Allow from 10.1 Require group admins Satisfy any </Dashboard>
8 DENYING BY AN ENVIRONMENT VARIABLE SetEnvIf User-Agent BadBot GoAway=1 Order allow,deny Allow from all Deny from env=goaway
9 REQUIRE Require valid-user Require user rbowen Require group sales Can be used in conjunction with Allow/Deny, with whatever rules Satisfy imposes
10 COMPLEX CONTROL Combining multiple requirements was difficult and error-prone Some combinations just weren't possible
11 NOW (2.4) Require <RequireAny> <RequireAll> <RequireNone>
12 MOD_AUTHZ_CORE New module that handles basic authz stuff Other modules may extend it
13 REQUIRE Syntax: Require [not] entity [value...]
14 ALL (OR NOTHING) Require all granted Require all denied
15 ENV Require Env something SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in Require env let_me_in
16 COMPARE SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in Order deny,allow Deny from all Allow from env=let_me_in SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in Require env let_me_in
17 REQUIRE IP - MOD_AUTHZ_HOST Require ip Require ip /16 Require ip Require ip 2001:db8::a00:20ff:fea7:ccea Require ip 2001:db8::a00:20ff:fea7:ccea/10
18 REQUIRE HOST - MOD_AUTHZ_HOST Require host example.org Require not host.ru
19 LOCAL Require local ie, /8 or ::1 Or the client and server address are the same Beware of proxied connections
20 REQUIRE USER - MOD_AUTHZ_USER In conjunction wth authentication Require user rbowen cmaria Require valid-user Require not user badguy
21 REQUIRE USER - MOD_AUTHZ_USER <Location /secure> AuthType basic AuthName "private area" AuthBasicProvider dbm AuthDBMType AuthDBMUserFile SDBM /www/etc/dbmpasswd Require valid-user </Location>
22 REQUIRE GROUP sales: rbowen cmaria iwinter sarahrhi blacklist: rbowen Require group sales Require not group blacklist
23 REQUIRE METHOD Permit only certain HTTP methods Require method GET POST OPTIONS
24 REQUIRE EXPR Require expr \ "%{TIME_HOUR} -ge 9 && %{TIME_HOUR} -le 17" Arbitrary complex expressions using any available environment variables
25 COMPARE SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in Order deny,allow Deny from all Allow from env=let_me_in SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in Require env let_me_in Require expr "${USER_AGENT} ^KnockKnock/2\.0"
26 <REQUIREALL> Enforce multiple requirements
27 <REQUIREALL> Must be on our network AND an admin Like the old "Satisfy All" <RequireAll> Require ip 10.2 Require group admins </RequireAll>
28 <REQUIREANY> Any one (or more) is sufficient
29 REQUIREANY May be on our network OR an Like the old "Satisfy Any" <RequireAny> Require ip 10.2 Require group admins </RequireAny>
30 REQUIREANY <Directory /uploads> <RequireAny> Require method GET OPTIONS Require valid-user </RequireAny> </Directory>
31 COMPARE <Directory /dashboard> Order deny,allow Deny from all Allow from 10.1 Require group admins Satisfy any </Dashboard> <Directory /dashboard> <RequireAny> Require ip 10.1 Require group admins </RequireAny> </Dashboard>
32 <REQUIRENONE> Ensure that *none* are true
33 REQUIRENONE <RequireNone> Require group temps Require ldap-group cn=temporary Employees,o=Airius </RequireNone> No temporary employees may access this content Could do this with 'Deny from' and 'Satisfy all', but you'd lose some flexibility
34 NESTING Allows you to combine requirements in a way that was not possible before
35 <Directory /www/mydocs> <RequireAll> <RequireAny> Require user superadmin <RequireAll> Require group admins Require ldap-group cn=administrators,o=airius <RequireAny> Require group sales Require ldap-attribute dept="sales" </RequireAny> </RequireAll> </RequireAny> <RequireNone> Require group temps Require ldap-group cn=temporary Employees,o=Airius </RequireNone> </RequireAll> </Directory>
36 <Directory /www/mydocs> <RequireAll> <RequireAny> Require user superadmin <RequireAll> Require group admins Require ldap-group cn=administrators,o=airius <RequireAny> Require group sales Require ldap-attribute dept="sales" </RequireAny> </RequireAll> </RequireAny> <RequireNone> Require group temps Require ldap-group cn=temporary Employees,o=Airius </RequireNone> </RequireAll> </Directory>
37 LDAP Which brings me to LDAP...
38 LDAP <Directory /www/docs/private> AuthName "Private" AuthType Basic AuthBasicProvider ldap AuthLDAPURL ldap://ldaphost/o=yourorg Require valid-user </Directory>
39 LDAP-USER Require ldap-user "Barbara Jenson" Require ldap-user "Fred User" Require ldap-user "Joe Manager"
40 LDAP-GROUP Given the LDAP entry... dn: cn=administrators, o=example objectclass: groupofuniquenames uniquemember: cn=barbara Jenson, o=example uniquemember: cn=fred User, o=example You can... Require ldap-group cn=administrators, o=example
41 LDAP-DN Based on an LDAP distinguished name Require ldap-dn cn=barbara Jenson, o=example
42 LDAP-ATTRIBUTE Based on an LDAP attribute Require ldap-attribute employeetype=active
43 LDAP-FILTER Based on an LDAP filter "Anybody in marketing that has a cell phone number on file" Require ldap-filter &(cell=*)(department=marketing)
44 VALID-USER Any valid user, by uid AuthLDAPURL "ldap://ldap1.example.com:389/ou=people, o=example?uid?sub?(objectclass=*)" Require valid-user
45 VALID-USER Any valid user, by Common Name Beware of collisions AuthLDAPURL "ldap://ldap.example.com/ou=people, o=example?cn" Require valid-user
46 VALID-USER Anybody who carries a pager AuthLDAPURL ldap://ldap.example.com/o=example?uid??(qpagepagerid=*) Require valid-user
47 ACTIVE DIRECTORY userprincipalname AuthLDAPBindDN AuthLDAPBindPassword password AuthLDAPURL ldap:// :3268/?userprincipalname?sub
48 AUTHZ_DBD Authentication against RDBMS
49 DBD CONFIG # mod_dbd configuration DBDriver pgsql DBDParams "dbname=apacheauth user=apache pass=xxxxxx" DBDMin 4 DBDKeep 8 DBDMax 20 DBDExptime 300
50 <Directory /usr/www/my.site/team-private/> # mod_authn_core and mod_auth_basic configuration # for mod_authn_dbd AuthType Basic AuthName Team AuthBasicProvider dbd DBD CONFIG # mod_authn_dbd SQL query to authenticate a logged-in user AuthDBDUserPWQuery \ "SELECT password FROM authn WHERE user = %s AND login = 'true'" # mod_authz_core configuration for mod_authz_dbd Require dbd-group team # mod_authz_dbd configuration AuthzDBDQuery "SELECT group FROM authz WHERE user = %s" # when a user fails to be authenticated or authorized, # invite them to login; this page should provide a link # to /team-private/login.html ErrorDocument 401 /login-info.html #...
51 #... DBD CONFIG <Files login.html> # don't require user to already be logged in! AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s" # dbd-login action executes a statement to log user in Require dbd-login AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s" # return user to referring page (if any) after # successful login AuthzDBDLoginToReferer On </Files> <Files logout.html> # dbd-logout action executes a statement to log user out Require dbd-logout AuthzDBDQuery "UPDATE authn SET login = 'false' WHERE user = %s" </Files> </Directory>
52 SESSION AUTH (MOD_SESSIONS) Cookie-based, form-based authentication
53 Because you're already doing your authentication this way anyways...
54 TURN ON SESSIONS Session On SessionCookieName session path=/ SessionHeader X-Replace-Session Name the cookie Define which part of the site it's valid for Defines the header that will be used to replace/ update session data
55 #!/usr/bin/perl WRITE TO A SESSION print "Content-Type: text/plain\n" print "X-Replace-Session: key1=foo&key2=&key3=bar\n" print "\n" #... Your CGI (or php or whatever) can replace/update the session data
56 READ FROM A SESSION Session On SessionEnv On SessionCookieName session path=/ SessionHeader X-Replace-Session SessionEnv On causes the environment variable HTTP_SESSION to be populated with the session data
57 THEN, MOD_AUTH_FORM AuthFormProvider file AuthUserFile conf/passwd AuthType form AuthName realm AuthFormLoginRequiredLocation Session On SessionCookieName session path=/ SessionCryptoPassphrase secret
58 THE FORM... <form method="post" action="/dologin.html"> Username: <input type="text" name="httpd_username" value="" /> Password: <input type="password" name="httpd_password" value="" /> <input type="submit" name="login" value="login" /> </form> <Location /dologin.html> SetHandler form-login-handler AuthFormLoginRequiredLocation AuthFormLoginSuccessLocation AuthFormProvider file AuthUserFile conf/passwd AuthType form AuthName realm Session On SessionCookieName session path=/ SessionCryptoPassphrase secret </Location>
59 THE FORM, WITH SUCCESS REDIRECT LOCATION <form method="post" action="/dologin.html"> Username: <input type="text" name="httpd_username" value="" /> Password: <input type="password" name="httpd_password" value="" /> <input type="submit" name="login" value="login" /> <input type="hidden" name="httpd_location" value=" success.html" /> </form>
60 LOGGING OUT Use the form-logout-handler handler <Location /logout> SetHandler form-logout-handler AuthFormLogoutLocation Session On # Expire the session SessionMaxAge 1 SessionCookieName session path=/ SessionCryptoPassphrase secret </Location>
61 USING <IF> FOR ACCESS CONTROL <RequireAny> Require expr %{TIME_HOUR} -ge 9 && %{TIME_HOUR} -le 17 Require group admins </RequireAny> Could also say this as <If expr "%{TIME_HOUR} -le 9 %{TIME_HOUR} -ge 17" > Require group admins </If>
62 MOD_ACCESS_COMPAT You can still use the old syntax if you really want to Important for upgrading from 2.2 to 2.4 LoadModule access_compat_module modules/mod_access_compat.so
63 OTHER STUFF AuthzSendForbiddenOnFailure On In the event that a user authentications, but is not authorized (ie, password was right, but you're not permitted here) send a 403 Unauthorized rather than a 401 Auth Required. May reveal to an attacker that they guessed a password correctly
64 ACCESS CONTROL WITH MOD_REWRITE Can now use expr in RewriteCond directives RewriteCon expr \ "%{TIME_HOUR} -le 9 %{TIME_HOUR} -ge 17" RewriteRule ^ - [F]
65 Rich Slides at: tm3.org/acin24
User authentication, passwords
User authentication, passwords User Authentication Nowadays most internet applications are available only for registered (paying) users How do we restrict access to our website only to privileged users?
More informationAuthentication for Web Services. Ray Miller Systems Development and Support Computing Services, University of Oxford
Authentication for Web Services Ray Miller Systems Development and Support Computing Services, University of Oxford Overview Password-based authentication Cookie-based authentication
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationApache authentication and authorisation against edir and AD using LDAP for Neanderthals
Managing an Enterprise Series Apache authentication and authorisation against edir and AD using LDAP for Neanderthals Lawrence Kearney Enterprise and Workgroup Service Analyst Georgia Regents University
More informationWWPass External Authentication Solution for IBM Security Access Manager 8.0
WWPass External Authentication Solution for IBM Security Access Manager 8.0 Setup guide Enhance your IBM Security Access Manager for Web with the WWPass hardware authentication IBM Security Access Manager
More informationStorageGRID Webscale 11.0 Tenant Administrator Guide
StorageGRID Webscale 11.0 Tenant Administrator Guide January 2018 215-12403_B0 doccomments@netapp.com Table of Contents 3 Contents Administering a StorageGRID Webscale tenant account... 5 Understanding
More informationTwo factor authentication for Apache using mod_auth_xradius
Two factor authentication for Apache using mod_auth_xradius sandbox-logintc.com/docs/connectors/apache_alt.html Introduction LoginTC makes it easy for administrators to add multi-factor to Apache. This
More informationKerberos and Single Sign On with HTTP
Kerberos and Single Sign On with HTTP Joe Orton Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor support for authentication
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationUsing an LDAP With ActiveWorkflow
Table of contents 1 Groups...2 2 People...2 3 Authentication...3 4 Directory Service... 4 4.1 Connection Properties... 5 4.2 User Retrieval Properties...6 4.3 User Attribute Properties...7 4.4 Group Retrieval
More informationAuthentication via Active Directory and LDAP
Authentication via Active Directory and LDAP Overview The LDAP and Active Directory authenticators available in Datameer provide remote authentication services for Datameer users. Administrators can configure
More informationBarracuda Web Application Firewall Foundation - WAF01. Lab Guide
Barracuda Web Application Firewall Foundation - WAF01 Lab Guide Official training material for Barracuda certified trainings and Autorized Training Centers. Edition 2018 Revision 1.0 campus.barracuda.com
More informationTwo factor authentication for Apache using mod_auth_radius
Two factor authentication for Apache using mod_auth_radius sandbox-logintc.com/docs/connectors/apache.html Introduction LoginTC makes it easy for administrators to add multi-factor to Apache. This document
More informationEntrust GetAccess 7.0 Technical Integration Brief for IBM WebSphere Portal 5.0
Entrust GetAccess 7.0 Technical Integration Brief for IBM WebSphere Portal 5.0 November 2004 www.entrust.com 1-888-690-2424 Entrust is a registered trademark of Entrust, Inc. in the United States and certain
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 14 Create an Identity Rule, page 15 Manage a Realm, page 17 Manage an Identity
More informationIBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC. 13 Dec 2017
IBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC 13 Dec 2017 IBM Security Learning Academy www.securitylearningacademy.com New content published
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 15 Create an Identity Rule, page 15 Manage a Realm, page 20 Manage an Identity
More informationConfiguring Authorization
The AAA authorization feature is used to determine what a user can and cannot do. When AAA authorization is enabled, the network access server uses information retrieved from the user s profile, which
More informationIdentity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationTWO-FACTOR AUTHENTICATION Version 1.1.0
TWO-FACTOR AUTHENTICATION Version 1.1.0 User Guide for Magento 1.9 Table of Contents 1..................... The MIT License 2.................... About JetRails 2FA 4................. Installing JetRails
More information.htaccess. What is it and what can it do?
.htaccess What is it and what can it do? What is it? An.htaccess file is a simple ASCII file It lives on the server and affects the directories/subdirectories/files It is an Apache thing.. Not NT Make
More informationManaging Authentication and Identity Services
You can create access policies based on user identity rather than IP addresses. To enable identity-based services, you configure policies and options to obtain user identity, and then use identity objects
More informationHighwinds CDN Content Protection Products. August 2009
Highwinds CDN Content Protection Products August 2009 1 Highwinds CDN Content Protection Products August 2009 Table of Contents CDN SECURITY INTRO... 3 CONTENT PROTECTION BY CDN DELIVERY PRODUCT... 3 HTTP
More informationLecture 5 Security and User Input. INLS 760 Web Databases Spring 2013 Rob Capra
Lecture 5 Security and User Input INLS 760 Web Databases Spring 2013 Rob Capra Security What data should be stored on a web server? HTTP logs? Users account information? Passwords? Possible harms Exposure
More informationContents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 5. Specifying Home Folders 6
Contents Before You Start 2 Configuring Rumpus 3 Testing Accessible Directory Service Access 5 Specifying Home Folders 6 Active Directory Groups 7 Specifying An Alternate Users Container 8 Maxum Development
More informationSystem Administration. NFS & Web Servers
System Administration NFS & Web Servers NFS SERVER File System Operations Create file / directory Remove file / directory List directory Open file Read from file Write to file NFS Network file system File
More informationInstallation & Configuration Guide Version 3.1
ARPMiner Installation & Configuration Guide Version 3.1 Document Revision 2.2 https://www.kaplansoft.com/ ARPMiner is built by Yasin KAPLAN Read Readme.txt for last minute changes and updates which can
More informationHow to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00
Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Overview This short document describes the basic setup for social login using Aruba ClearPass and Aruba wireless LAN controller. Aruba ClearPass, version
More informationQUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because
1 RSA - 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because A. a token periodically calculates a new
More informationRTC 502 and its Git adapter, Git and its prerequisite
RTC 502 and its Git adapter, Git and its prerequisite software installation and setup guide In this doc, OS is RedHat Enterprise Server 6.4. Note: Why? Because open source software installation sometimes
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationApache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess. 31 st Oct - 4 th Nov Blantyre, Malawi. Dorcas Muthoni.
Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG Chix 2011 Blantyre, Malawi 31 st Oct - 4 th Nov 2011 Dorcas Muthoni Courtesy: Hervey Allen Very good overview here: What is Apache?
More informationIBM WebSphere Developer Technical Journal: Expand your user registry options with a federated repository in WebSphere Application Server V6.
IBM WebSphere Developer Technical Journal: Expand your user registry options with a federated repository in WebSphere Application Server V6.1 Using the Virtual Member Manager Skill Level: Intermediate
More informationAdministrator Accounts
Administrator Accounts Contents Overview... 2 ACL Permissions Overview... 3 Changing the Default Admin Password... 3 ACL Permission Levels... 4 Creating an Adminstrator Class... 4 Administrator Class Examples...
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationBefore you can configure TURNOVER for SVN v100, you must plan your implementation.
84 Elm Street Peterborough, NH 03458 USA TEL (010)1-603-924-8818 FAX (010)1-603-924-6348 Website: http://www.softlanding.com Email: techsupport@softlanding.com Supplement #66 PLANNING FOR AND IMPLEMENTING
More informationConfiguring Request Authentication and Authorization
CHAPTER 15 Configuring Request Authentication and Authorization Request authentication and authorization is a means to manage employee use of the Internet and restrict access to online content. This chapter
More informationUsing.htaccess to Restrict OU Directory by Usernames and Passwords in an.htpasswd File
Using.htaccess to Restrict OU Directory by Usernames and Passwords in an.htpasswd File (Last updated on 9/3/2015 by lucero@uark.edu) This method requires the management of three files,.htaccess,.htpasswd,
More informationObtaining the LDAP Search string (Distinguished Name)?
How to Configure LDAP Sync with the Altium Vault Old Content - see latest equivalent Modified by Jason Howie on 31-May-2017 An LDAP Sync allows the administrator of an Altium Vault to leverage the network
More informationConfiguring Authorization
Configuring Authorization AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user
More informationBLUEPRINT REQUIREMENTS CENTER 2010 BLUEPRINT TEAM REPOSITORY VERSION 2. Administrator s Guide
BLUEPRINT REQUIREMENTS CENTER 2010 BLUEPRINT TEAM REPOSITORY VERSION 2 September 2010 Contents Introduction... 2 Repository Configuration Files... 3 User Administration... 5 Appendix A. Instructions for
More informationIPV4.
IPV4 www.ashiyane.org www.site.com/news.php?id=2 Order By 5 Microsoft OLE DB Provider for ODBC Drivers error 80040e14 [Microsoft][ODBC SQL Server Driver][SQL Select Table_Name From Information_Schema.Tables
More informationHow to Set Up a Custom Challenge Page for Authentication
How to Set Up a Custom Challenge Page for Authentication Setting up a custom challenge page is a three step process: 1. Create a custom challenge page. Deploy the created custom challenge page on your
More informationIdentity Firewall. About the Identity Firewall
This chapter describes how to configure the ASA for the. About the, on page 1 Guidelines for the, on page 7 Prerequisites for the, on page 9 Configure the, on page 10 Monitoring the, on page 16 History
More informationSecurity Guide. Configuration of Permissions
Guide Configuration of Permissions 1 Content... 2 2 Concepts of the Report Permissions... 3 2.1 Security Mechanisms... 3 2.1.1 Report Locations... 3 2.1.2 Report Permissions... 3 2.2 System Requirements...
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationTM-800/1000 and TS-700/900 Administrator Manual
TM-800/1000 and TS-700/900 Administrator Manual Version 4.0 The RHUB web conferencing and remote support appliance RHUB Communications, Inc. 4340 Stevens Creek Blvd. Suite 282 San Jose, CA 95129 support@rhubcom.com
More informationIdentity-Based Networking Services Command Reference, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Identity-Based Networking Services Command Reference, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) First Published: January 29, 2013 Last Modified: January 29, 2013 Americas Headquarters Cisco Systems,
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationClojure Web Security. FrOSCon Joy Clark & Simon Kölsch
Clojure Web Security FrOSCon 2016 Joy Clark & Simon Kölsch Clojure Crash Course (println "Hello Sankt Augustin!") Lisp + JVM Functional programming language Simple programming model Immutable Data Structures
More informationF5 BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.1
F5 BIG-IQ Centralized Management: Licensing and Initial Setup Version 5.1 Table of Contents Table of Contents BIG-IQ System Introduction...5 About BIG-IQ System Management...5 About secure communication
More informationEnabling Cloud-Native Applications with Application Credentials in Keystone
Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud Developer at SUSE cmurphy @_colleenm Overview Why we needed application credentials What are application
More informationAppSpider Enterprise. Getting Started Guide
AppSpider Enterprise Getting Started Guide Contents Contents 2 About AppSpider Enterprise 4 Getting Started (System Administrator) 5 Login 5 Client 6 Add Client 7 Cloud Engines 8 Scanner Groups 8 Account
More informationUsing.htaccess to Restrict Access to OU Directories
Using.htaccess to Restrict Access to OU Directories Last Updated: 7/8/15/ by lucero@uark.edu Webmasters can place.htaccess files in any directory in OU or on Cavern to restrict access. The two examples
More informationClearPass. ClearPass Extension Universal Authentication Proxy. ClearPass Extension Universal Authentication Proxy TechNote
ClearPass Extension Universal Authentication Proxy TechNote ClearPass Extension Universal Authentication Proxy ClearPass TechNote ClearPass Extension Universal Authentication Proxy - TechNote 1 ClearPass
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationColdFusion Application Security: The Next Step - Handout
ColdFusion Application Security: The Next Step - Handout Jason Dean http://www.12robots.com Boston CFUG September 16 th, 2009 REQUEST FORGERIES A request forgery, also sometimes called a Cross-Site (or
More informationAD Sync Client Install Guide. Contents
AD Sync Client Install Guide Contents AD Sync Client Install Guide... 1 Introduction... 2 Deployment Prerequisites... 2 Configure SQL Prerequisites... 3 Switch SQL to Mixed Mode authentication... 3 Create
More informationSecuring ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
More informationEnhanced OpenID Protocol in Identity Management
Enhanced OpenID Protocol in Identity Management Ronak R. Patel 1, Bhavesh Oza 2 1 PG Student, Department of Computer Engg, L.D.College of Engineering, Gujarat Technological University, Ahmedabad 2 Associate
More informationSmart Bulk SMS & Voice SMS Marketing Script with 2-Way Messaging. Quick-Start Manual
Mobiketa Smart Bulk SMS & Voice SMS Marketing Script with 2-Way Messaging Quick-Start Manual Overview Mobiketa Is a full-featured Bulk SMS and Voice SMS marketing script that gives you control over your
More informationIntegration of VT ETD-db with Banner
Integration of VT ETD-db with Banner James Volpe, Edward A. Fox Digital Library Research Laboratory Virginia Tech Blacksburg, VA 24061, USA {jvolpe, fox}@vt.edu Gail McMillan Digital Library and Archives
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationTuesday, July 2, 13. intentionally left blank
intentionally left blank getting django to play with old friends getting django to play with old friends or foes Lynn Root River Bar, 2013 Red Hat @ roguelynn roguelynn.com Lynn Root freeipa.org Lynn Root
More informationAdministration Guide. Lavastorm Analytics Engine 6.1.1
Administration Guide Lavastorm Analytics Engine 6.1.1 Lavastorm Analytics Engine 6.1.1: Administration Guide Legal notice Copyright THE CONTENTS OF THIS DOCUMENT ARE THE COPYRIGHT OF LIMITED. ALL RIGHTS
More informationovirt SSO Specification
ovirt SSO Specification Behavior Changes End user visible changes The password delegation checkbox at user portal login is now a profile setting. Sysadmin visible changes Apache negotiation URL change
More informationWhat Is Wireless Setup
What Is Wireless Setup Wireless Setup provides an easy way to set up wireless flows for 802.1x, guest, and BYOD. It also provides workflows to configure and customize each portal for guest and BYOD, where
More informationHow to create a secure WordPress install v1.1
Table of Contents: Table of Contents:... 1 Introduction... 2 Installing WordPress... 2 Accessing your WordPress tables... 2 Changing your WordPress Table Prefix... 3 Before Installation... 3 Manually Change...
More informationInstall Apache, PHP And MySQL On CentOS 7 (LAMP)
Install Apache, PHP And MySQL On CentOS 7 (LAMP) Version 1.0 Authors: Till Brehm , Falko Timme Updates: Srijan Kishore Follow Howtoforge
More informationWireless LAN Controller Web Authentication Configuration Example
Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process
More informationSecurity Guide. Configuration of Report and System Permissions
Guide Configuration of Report and System Permissions 1 Content... 2 2 Concepts of the Report Permissions... 2 2.1 Mechanisms... 3 2.1.1 Report Locations... 3 2.1.2 Report Permissions... 3 2.2 System Requirements...
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationSystem Administrator s Guide Login. Updated: May 2018 Version: 2.4
System Administrator s Guide Login Updated: May 2018 Version: 2.4 Contents CONTENTS... 2 WHAT S NEW IN THIS VERSION 2018R1 RELEASE... 4 Password Retrieval via Email (GDPR Alignment)... 4 Self-Registration
More informationHost Access Management and Security Server Administrative Console Users Guide. August 2016
Host Access Management and Security Server Administrative Console Users Guide August 2016 2016 Attachmate Corporation, a Micro Focus company. All rights reserved. No part of the documentation materials
More informationITS331 IT Laboratory I: (Laboratory #11) Session Handling
School of Information and Computer Technology Sirindhorn International Institute of Technology Thammasat University ITS331 Information Technology Laboratory I Laboratory #11: Session Handling Creating
More informationHypertext Transport Protocol
Hypertext Transport Protocol HTTP Hypertext Transport Protocol Language of the Web protocol used for communication between web browsers and web servers TCP port 80 HTTP - URLs URL Uniform Resource Locator
More informationCNIT 129S: Securing Web Applications. Ch 8: Attacking Access Controls
CNIT 129S: Securing Web Applications Ch 8: Attacking Access Controls Access Control Authentication and session management Ensure that you know who is using the application Access Controls Limit what actions
More informationOracle Access Manager Integration Oracle FLEXCUBE Payments Release [Feb] [2018]
Oracle Access Manager Integration Oracle FLEXCUBE Payments Release 14.0.0.0.0 [Feb] [2018] Table of Contents Oracle Access Manager Integration 1. PREFACE... 1-1 1.1 INTRODUCTION... 1-1 1.2 AUDIENCE...
More informationGETTING STARTED WITH MARKETPLACE PORTAL
What is Two-Factor Authentication? Systems Using Two-Factor Marketplace Portal What Do I Need to Login? Digital Certificate Credit Stacking Markets Login ID Ratings Submission Tool Scheduling Data API
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More information8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6
for Office Contents 2 Contents 8.0 Help for Community Managers... 3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6
More informationTable of Contents. I. How do I register for a new account? II. How do I log in? (I already have a MyJohnDeere.com account.)
Quick Start Guide If you are an App Developer, you can get started by adding a new app and configuring it to consume Deere APIs on developer.deere.com. Use this Quick Start Guide to find and try our APIs.
More informationZENworks Mobile Workspace. Integration Overview. Version June 2018 Copyright Micro Focus Software Inc. All rights reserved.
ZENworks Mobile Workspace Integration Overview Version 3.17.1 - June 2018 Copyright Micro Focus Software Inc. All rights reserved. Table of Contents Foreword..................................................................................
More informationCloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6
for Office Contents 2 Contents Cloud Help for Community Managers...3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6
More informationChoic Small Business Web Administration Guide DigiPortal Software, Inc.
ChoiceMail Small Business Web Administration Guide I ChoiceMail Small Business Web Administration Guide Table of Contents Foreword 0 Part I Introduction 2 Part II ChoiceMail Administrative Login 2 Part
More informationChoic Enterprise Administration Guide DigiPortal Software, Inc.
I Table of Contents Foreword 0 Part I Introduction 3 Part II ChoiceMail Administrative Login 3 Part III Accessing the administration section 4 Part IV ChoiceMail's Administrative Login Screen Part V The
More informationWishlist 1-Click Registration Manual
Wishlist 1-Click Registration Manual Table of Contents Use the quick navigation links below to navigate through the manual: Introduction to Wishlist 1-Click Registration Complete Activation Process Summary
More informationBambu API Documentation
Bambu API Documentation Release 2.0.1 Steadman Sep 27, 2017 Contents 1 About Bambu API 3 2 About Bambu Tools 2.0 5 3 Installation 7 4 Basic usage 9 5 Questions or suggestions? 11 6 Contents 13 6.1 Defining
More informationCN Assignment I. 1. With an example explain how cookies are used in e-commerce application to improve the performance.
CN Assignment I 1. With an example explain how cookies are used in e-commerce application to improve the performance. In an e-commerce application, when the user sends a login form to the server, the server
More informationSophos Mobile. Network Access Control interface guide. Product Version: 8.1
Network Access Control interface guide Product Version: 8.1 Contents About this guide... 1 Sophos Mobile NAC support... 2 Prerequisites...3 Configure NAC support...4 NAC web service interface... 5 API
More informationAuthenticating Web Users via HTACCESS. Mu Beta Psi, National Honorary Musical Fraternity. Webmaster Resources Series
Authenticating Web Users via HTACCESS Mu Beta Psi, National Honorary Musical Fraternity Webmaster Resources Series FIRST RELEASE OCTOBER 11, 2005 TABLE OF CONTENTS Introduction to User Authentication...1
More informationTable of Contents (7 Dec 2017) Archive/Non-authoritative version 3
OMS Essentials 17.3.2.0 Getting Started Guide 7 Dec 2017 Table of Contents Chapter 1: Understanding OMS architecture...4 Chapter 2: Understanding user accounts...6 Chapter 3: Understanding user groups...8
More informationOracle Access Manager Oracle FLEXCUBE Universal Banking Release [May] [2017]
Oracle Access Manager Oracle FLEXCUBE Universal Banking Release 12.4.0.0.0 [May] [2017] Table of Contents 1. INTRODUCTION... 1-1 2. BACKGROUND AND PREREQUISITES... 2-1 2.1 PRE-REQUISITES... 2-1 2.1.1 Software
More informationCA SiteMinder Federation
CA SiteMinder Federation Legacy Federation Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationPSUMAC101: Intro to Auth
PSUMAC101: Intro to Auth We Are... Jeremy Hill Systems Design Specialist, Applied Information Technology Ryan Coleman Systems Administrator, Applied Information Technology Overview Why, What and When of
More informationSecurity System Guide
FUJITSU Software Interstage Application Server Security System Guide Windows/Solaris/Linux B1WS-1088-03ENZ0(00) August 2014 Preface Purpose of this Document This manual provides information on how to set
More informationTwiki Installation Notes. Ned Brush 4/13/06. Everything is left as is (default settings) unless specified below. Distribution: RHEL 4
Twiki Installation Notes Ned Brush 4/13/06 Everything is left as is (default settings) unless specified below. Distribution: RHEL 4 1) Here are some good references to follow during the installation: a.
More informationArchitecture. Steven M. Bellovin October 27,
Architecture Steven M. Bellovin October 27, 2015 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationPhpmyadmin Error In Processing Request Error Code 200
Phpmyadmin Error In Processing Request Error Code 200 Error in Processing Request Error code: 200. Error text: OK. Yes..the JSON will be generated, but there will be also inserted a part for "phpmyadmin".
More information