Our setup is like this: we use a coldfusion 10 server, and files are on a local intranet. Users use a domain login to access any files over https. I'm interested in using html5 websockets, but the first attempt gave me an error because no credentials were supplied. Is there a way around this? If not, is there a recommended technology for this scenario?
The user does log in on the client side. If it's possible, what I'd really like to do here is pass those credentials when making the connection to the server.
you should be able to supply the authentication header to your web socket server before the elevation to web socket read that and send it back in the headers for the elevation (first frame) then when the browser connects it should have the authentication it needs.
if your using a custom authentication E.G in page not authentication header you can also do this by passing any custom header to your server.
Or mandate that the first thing your web client sends is the authentication details this could be something like {username_hash}.{password_hash} if they don't close the socket to them.
Do not do this.
You're now responsible for sending and encrypting the authentication credentials yourself, bypassing something that already works and is tested.
Anyone can snoop on an unencrypted websocket port. Use HTTPs for an intranet, use stable solutions, don't reinvent this wheel because it tickles your fancy.
In a couple of years some colleague will have to maintain this and will have to figure out how your homebrew version works versus something that's solid like plain browser authentication.
My advice: Leave this to the browser and to well-tested coldfusion libraries.
Related
I'd like to implement kind of SSO for openshift, what I mean: from my webapp a user can open openshift console in a new window without giving his credentials. I've configured Basic Authentication Remote and it's working, can open new window and post username/password but it's looks that openshift is protected with crsf token. Thus not sure if it's possible at all. It seems that developing custom identity provider is not supported either. Any idea ?
PS I'm aware of Request Header Identity Provider but that solution requires my webapp to provide idp functionality (not even sure if it's feasible), also apache (we use nginx), a lot of issues for dev to install it all on a single computer due to port conflicts, valid ssl etc etc
Best option will be to use oauth proxy. See if this helps in your case.
https://github.com/openshift/oauth-proxy
Finally I've implemented SSO using js postMessage to send user/token data and Basic Authentication Remote.
I have created an application from Box developer account, but I couldn't able to set the redirect url as http. I have seen that Box API supports only https. As I hosted my web application as a module of another web application, I cannot change it's protocol to https. So is there any way to set the redirect url to http?
Please find me a solution for this.
Thanks in Advance.
Since the redirect URL is used to send you your application OAuth2 tokens, You are essentially asking Box to send you confidential information in the clear. It's just not a good idea, since anyone that installs a network sniffer anywhere between you and Box can just sniff those tokens and start using them.
If you don't have the ability to ask your server hardware or hosting web application for an encrypted connection, it's probably time to upgrade your service provider or web app.
I've been reading abit about html5, websockets and http. I made some simple tests but let's say I want to do this:
Browser makes an http connection to a web server
Browser then negotiates a web socket connection to the same web server
At some point browser wants to talk http again with the web server in the same session
Points 1 and 2 are straightforward. Coming to point 3, is there a standard solution available? I'm guessing that closing a web socket by either side terminates the existing connection right? Can there be a way to perform a "downgrade" from websockets back to http?
I guess what I'm looking for is a standards-based solution but if one doesnt exist, do any frameworks exist that can do the job?
Thanks :o)
Nina
How can I create a webserver from my Obj-C app, and post custom HTML to it?
Thanks!
Check:
SimpleHTTPServer
CocoaHTTPServer
To embed a lightweight HTTP server in iOS or Mac apps, check out GCDWebServer which has a modern and clean architecture designed on top of Grand Central Dispatch.
It would most likely be easier and far more secure to use something like FastCGI and then use an existing HTTP server such as Nginx to serve the HTML that your app passes along rather than trying to embed an HTTP server directly in your application. Plus Nginx is extremely fast and can handle huge server traffic without really breaking a sweat which not all other HTTP servers can say.
Plus using an embedded server means that your app and your HTTP server must run under the same UID which is bad from a security perspective as anyone compromising the HTTP server gains access to all your website files as well.
1) How would I connect through a proxy if I am using the Socket class to connect to a server?
2) If I am running my Flex application through Flash Player in a webbrowser and my webbrowser is configured to use a proxy, does the socket connection go through the proxy automatically?
Ideally, I would like to not have to depend on the web browser's settings, and be able to programmatically proxy the connection from my own code. By supporting proxies directly, I can compile it as a desktop AIR application and still support proxying the connection. Additionally, there may be cases where more than one socket connection will need to be created to different proxies.
Using Action Script 3 in Flex Builder 3.
Thanks.
You may not be able to do this with the vanilla Socket class, but check out this post by Christian Cantrell of Adobe (Google cache version) about a specialized socket class he wrote to allow "TCP socket connections through HTTP proxies in accordance with RFC 2817". His class, the winningly-named RFC2817Socket.as (github), is used by Open Flash Chart. As Christian notes in his post, there are some caveats and it may not work for you if your server doesn't support RFC 2817, or if there are certain other conditions which aren't met.
Note that on Windows, the Flash Player uses IE's proxy settings and ignores the settings of the actual browser you're using.
I've had a look and it doesn't seem possible to do exactly what you want to do. If you have control of a server you can route requests through a server yourself ... and Adobe has examples of this using their Flex Data Access services (BlazeDS and LiveCycle) to go through a proxy. Then again if you control your own server you can get it to proxy anyway you like ...
But I'm afraid there doesn't seem to be anyway to directly set a proxy on the client side using ActionScript.
As for Flash respecting the browsers proxy, I can't say I know from first-hand experience but the evidence from searching isn't good. Here is an article that claims flash won't use your browsers proxy setting for SOCKS on Linux and suggests you need to alter your iptables. There is also this adobe bug report suggesting it doesn't work for rtmp connections at least. Other anecdotal evidence suggests that it works sometimes (for HTTP requests) for some browsers.
So if you need to guarantee that a connection goes through a proxy it looks like you'll need to route your requests through a server and proxy from there.
You can't do that with a regular HTTP or SOCKS proxy. Flex shares browser's connection settings.
But you still can bypass that by using what they call PHP Proxy, basically a website which downloads another websites and forwards the result to you.