How to ensure strong password in tank_auth? - codeigniter-2

I Completed registration in Tank_auth for my Project.But I need strong password ensure facility.Will you please help me.

are you thinking of using some 3rd party lib?? if you are then you might look at this one.

Related

Override default username validation of MembershipReboot

I'm using Thinktecture IdentityServer with MembershipReboot and i'm trying to find a way to override the default username validation of username.
my case is that I want to allow username to be email or not and not the same as the user email.
The username validation is configured in UserAccountService, I can add validation but I Don't know how to remove them.
I'd simply like to remove the validatior UsernameDoesNotContainAtSign and UsernameOnlyContainsLettersAndDigits, and do that without any modification of MembershipReboot, through configuration or ?
Edit:
Related GitHub issues:
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/331
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/339
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/370
Some of these validation rules are hard coded. If you have a use case for changing them, I'd suggest opening an issue on the github issue tracker so we can discuss.

'Log as' with devise gem

So in my ruby app I'm using devise and I'd like to have for the admins the ability to log as another user to assist them when they call for support.
But I've no idea how I should do it.
what u are trying to do is to impersonate another user. i havent used this but u can check it out https://github.com/engineyard/user_impersonate
You can try using the Pretender gem.
Pretender is flexible and lightweight - less than 60 lines of code.
Works with many authentication systems including Devise, Authlogic, and Sorcery.
devise_masquerade is well worth a look if you're using Devise.
It does everything you might expect and is quite customizable. It even handles having different model classes for users and admins (e.g. User and AdminUser).

When would I register a crm 2011 online plugin for pre-validation stage?

I understand that a plugin registered for pre-validation executes outside of the database transaction but I'm not sure I can think of a scenario when this would be preferable to pre-operation. Can someone give me an example of where pre-validation registration might be useful?
We have a few plugins registered on the 'PreValidation' event although this is on premise, not online.
I did not write these specific plugins myself but I can describe one and give the justification for using 'PreValidation' rather than 'PreOperation'.
Entity: Account
Event: Delete
Logic: Plugin runs pre validation. Checks that there are no contacts referencing any of the account's addresses. If any are found, stop execution. If not, delete account.
e.g.
Account 'Stackoverflow' has address 'Jeff Attwood's House' and Contact 'glosrob'. 'glosrob' is referencing 'Jeff Attwood's House' through a customisation. If a user selects to delete 'StackOverflow', we should detect 'glosrob' is referencing an address and prevent the delete.
The reasoning behind this was the developer found that at the PreOperation stage, some aspects of the delete had already happened, namely the cascade deletes. The logic of the plugin requires us to check all contacts - by registering at PreOperation, contacts under the account had already been deleted, rendering the check obsolete.
In our previous scenario, when the user selected to delete 'StackOverflow' Account, the Contact 'glosrob' would be deleted before the plugin runs. Therefore when the plugin did run afterwards, it would allow the delete.
As with most things in CRM, it all comes down to requirements and solutions, but I think that gives you an idea of why/when you might use a PreValidation stage. We have a few others with similar reasoning that run on the 'Delete' event.
I know its very old post, came here while digging for an answer for the same question...
Later I found one key point from MSDN on the same topic and i thought it would be helpful If I post the infromation over here for all..
The Prevalidation plugin would happen prior to the security checks. For ex: If an account is "VIP" account and you dont want this account record to be deleted (no matter even he is a super user/admin), then this better can happen in pre validation. Because at that time you are not really bothered about who the user is and what sort of permissions he has (even he may not have any permissions to delete any records in the system), CRM will go and check the database for the user's security roles during the pre operation and that is where the first database hit would happen.. before that it self, we can stop the exucution of the plugin based on our validation rules..
I hope that make sense...
Thank you
Regards
Srikanth

Linkedin+Codeigniter : linkedin status update using codeigniter

could any one guide me on how can I update status on linkedin using codeigniter?
Any help appreciated thanks!
I implemented this library into CI to make sure a user could log in with his LinkedIn profile. Maybe you can also update the status of a user.
http://code.google.com/p/simple-linkedinphp/
Implementing it in CI is pretty easy if you know your way around in CI.
I really like it when people write libraries for others to use and the code is commented/well thought out/well structured and is easy to follow.
I tried the other examples, but settled on this one.
http://blog.justni.com/posting-to-linkedin-from-php-and-codeigniter/
Edit:
Having banged my head for a long time on the POS code of Sudhir and the code above. Yes I can change my opinion, because when I started to work on it, it just doesn't work!.
Although I am new to CI, I managed to do the same as P.T and implemented the lib into CI.
The simple-linkedinphp class works like a charm.
I can now authorise an app, authenticate, get profile details and even post to linkedin.
I even posted a comment on Sundir's blog that it doesn't work and he deleted the comment! Stay away, well away if you don't want any headaches!

File based Spring Security

I'm working on a Web Service project to provide data to a partner. Our app is really light weight and has only a handful of APIs. Because of time constraint and in-house pre-existing knowledge we went the Spring MVC / Spring Security path to serve those restful APIs.
At any rate this is a B2B project where we are expecting only that partner to hit our servers. So it seems a little over kill to modify are very small db schemas to add tables that would contain only 1 user access record for that partner...
Heard someone say though that it's possible to use an encrypted file, or at least a file where the password information is encrypted, instead of the database to hold the Spring Security user access information... Is that true? If it is can anyone point me to some references? I couldn't find anything relevant on Google at first glance... :(
Thanks.
http://www.mularien.com/blog/2008/07/07/5-minute-guide-to-spring-security/
See the '' under the authentication-provider; this allows you to use encrypted passwords (use sha). If you only have a single user and you wanted the information in an external file, then you could use a property file configuration placeholder to simply specify
${user.1.id} ${user.1.passwordenc},etc... kinda hacky, but it would work.
It's VERY possible. In fact, you can do it without coding; it's pretty simple to include the credentials directly in the XML defining the Spring Security stuff. You usually see this in examples, followed by warnings to "DON'T DO IT LIKE THIS!"
If in-house security is no big deal and you're not worried that your developers can see your password (as if they needed it, heh!) and no one else is likely to access your configuration files, then this is a quick and easy yet workable solution.
I'm going to post this, but I'm off to go dig in the Spring Security documentation for the example I was talking about I'll be back!
Update
Trever Schick was a bit faster with the example. I had a different example in mind but his code shows exactly what I was talking about. You define your security provider in the XML and provide user ID/password right there. There are a number of utilities available on the 'net for you to MD5 or SHA encode your password for you so you can cut and paste it into the file.
You need to implement a new org.springframework.security.core.userdetails.UserDetailsService that reads the user's information (username, password, enabled flag, and authorities) from a file. I don't know if someone already implemented it.

Resources