We're looking for a FTP solution with native support for a decent hashing algo, (bcrypt or such). Solutions such as vsftpd, proftpd and pureftpd all support basic crypt(), md5, and password() functions. However we're wondering if there may be a better solution out there?
We're aware of Pure-ftpd having scrypt support, however we're unable to get this to work for some reason.
We had the same problem, and ended up shipping a pure-ftpd authentication module that implemented the authentication logic in Python. We were even able to integrate with our public API for single sign-on. You could use this method to use the password hashing algorithm of your choice, or to integrate with third-party authentication solutions like Facebook or Github. For more information, check out https://download.pureftpd.org/pub/pure-ftpd/doc/README.Authentication-Modules
Related
I have existing website with Registration & Login functionality. I want to make this process FIDO Compliant with implementation of UAF / U2F and later FIDO2. Unfortunately couldn't find step by step series of tutorials.I want to implement this using PHP.
Good starting point for WebAuthn is mdn, you get the basic idea of how it works
https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
and then you can just follow webAuthn specification to implement relying party operations (7) on a server.
https://www.w3.org/TR/webauthn/
and use the APIs on a client described in 5.1.3 registration and 5.1.4 authentication
and also there is an example RP implementation provided by google, thought its in java
https://github.com/google/webauthndemo
other great source of information for FIDO protocols generally is the yubico website, they even have a php library which might simplify things for you
https://developers.yubico.com/U2F/Libraries/List_of_libraries.html
I'd like to implement an application with Scala and HTML5. My idea was to create a "local" client-server architecture: Scala handles the calculations and generates HTML5 as a GUI.
To my mind there are two possibilities
Use a Java/Scala framework that allows embedded HTML5. SWT for example has a browser widget. JavaFX seems good, too.
Distribute the program with a server and run it in a browser on localhost.
It would probably be most convenient to require an internet connection and forget about the localhost. Unfortunately an offline mode is necessary.
Now I would like to know how to get this right:
The first option seems easier to implement but I wonder: How can I communicate with Javascript without the HTTP protocol ?
The second approach was just an idea. Have you ever done something like this ?
If you've got advice or know a good framework please go ahead.
UPDATE :
I've just had an interesting idea: Could I use nodejs to create something like a server-server architecture ?
Right now the communication between Scala and Coffescript seems like the most problematic part. I still wonder how I could initiate an update from the Scala side of the application. A HTTP Request is a nice way to exchange data. Sadly to my knowledge in "standard" Coffeescript there would be no event hook to listen to server-side HTTP messages.
I've thought about using nodejs to listen to the server-sent data. Is this a good idea ?
With regards to the second option, you may wish to investigate the Play! Framework or Lift. They automate a lot of the work required to make a web application in Scala, including handling AJAX requests.
Although I haven't tried packaging either for local use, there was an earlier Stack Exchange question about packaging Lift which might be relevant. It should be possible with Play! as well.
I came across this problem,I have got an algorithm that I need to implement on websites.
The server side scripts may differ and it can be PHP,ASP.NET etc.
All I need to do to is to deliver the binary(I need it as I dont want this security algorithm to be open and viewable) that can comply by every type.As per me solution can be (Please correct me if I am wrong):-
Implementing binary according to OS.
Implementing Algo as per every type of script.(Tough and less portable)
Please suggest if there is other way round or please close this question and redirect me to any earlier question asked for this situation.I am new for this.
Thanks
I would suggest you to use Java Server-side technologies to implement your algorithm. You can write your algorithm as a java class, which can be called from a Servlet or a JSP or even any other technologies over http protocol. The main reason why I suggest using java is:
1) it is platform independent, so your 1st point:
Implementing binary according to OS.
You dont have to worry which OS the client would use.and it can be ported to other OS very easily.
and
2) it will be very secure, once you compile, a class file will be generated, which can be delivered. it cant be opened and viewable.
I am looking to start a HTML5 WebSockets project and I was just wondering what you think the best back-end would be for that sort of thing? So far in my research I've stumbled across the following:
PHP Back-end (apparently a "Hack" and only compatible with Chrome and webkit nightlies)
Java Back-end (Seems well documented and cross-browser compatible)
Ruby Back-end (Don't know much about ruby, any opinions?)
JavaScript Library (Seems like it would be a nightmare, any opinions?)
Does anyone know of any other options or have an opinion on the above? My only requirements are ease of set-up and easy back end programmibility for bidirectional communication. I would essentially like to access a database through WebSockets and am looking for the easiest way to do this. Any feedback would be appreciated.
Ease of setup would have to be a hosted solution which uses WebSockets, HTTP Streaming or HTTP Long-Polling (one of which I work for). They're the easiest option because you don't need to spend time installing your solution, configuring it and working out how to use in when developing and in production.
If you are looking for a self hosted solution then it really depends on what technology you'd prefer to use and what the community for that technology is like.
Node.js and socket.io has a big community following at the moment so it wouldn't be a bad choice.
PHP - I'm afraid that PHP isn't really build with long-held persistent connections in mind. So, although there are options it's probably best to either use a hosted service or steer clear.
Ruby - check out Faye (also has node.js option), Juggernaut or Cramp
Java: As you say, jwebsocket or WaterSpout Server
Hope this helps.
I 'd recommend websocketd
http://websocketd.com/
It 's a thin layer you can wrap around any program that reads from stdin and writes to stdout and transform it to a websocket server.
So you can write in any language you like. Afterwards just
$ websocketd --port=8080 my-program
and you have your server.
I have implemented a simple login system in javascript where an user has to input the correct username and password.
If correct, he is redirected to log1.html. There, the user can reach several subpages like log1-sub.html.
Now, I haven't found a good solution to prevent a user to just type the url in the address bar of the browser to reach the log1.html page.
Can anyone of you give me a short hint please?
Thanks much!
Regards,
enne
Javascript is a poor solution for this since someone can just turn it off and foil your entire system.
If your server is Apache you can use .htaccess for simple authentication. For IIS see this resource Anything more fancy and you will have to handle it with a server-side language as mentioned in the comments.
It's not easily possible without having a "real" web application, using some kind of server-side language (Ruby, Python, PHP, Java, .NET languages...). All these languages have their own sets of frameworks for web development.
Probably the only thing you could do is to configure authentication in your web server (for example Apache supports some 'HTTP BASIC' authentication). But this is really very basic authentication mechanism.