I have a NPAPI Plugin (Windows/Win32) that downloads a zip file from the server.
It does not work if the client in behind a proxy.
How would I get the proxy credentials from the user through my NPAPI Plugin?
I used HttpQueryInfo to detect presence of proxy by querying its status. If "407" is returned i use InternetErrorDlg to get credentials from the user but Chrome(29.0.1547.66 m) crashes on encountering the line. FF(19.0.2) works good.
Are there any more ways to do this ? Prompt the user to enter proxy credentials?
Any help in this regard will greatly be appreciated.
With Lots of Thanks,
LazyCoder7.
If you use the browser APIs to download then the proxy should Just Work(tm). The way you're doing it you can probably use NPN_GetValueForURL to get proxy information on newer browsers; barring that you need to remember that you aren't allowed to block the main thread, which is probably what you're doing that causes it to crash. Get the credentials using HTML or something and then pass them in; it is possible to use windows dialogs to do it as long as you use another thread and are careful, but it's much easier to handle it in javascript/html.
Related
Literally, I do not know what module is to get values from http, https.
I'm trying to bring tracking numbers from kind of BANC, UPS, FedEx...
My purpose is this reference specific values from other site and bring back to Netsuite.
1 What modules do I use for that?
2 If there is a login session, is it possible to access using suitescript?
your answer will be great help to me.
Accessing that information is usually done via API with credentials rather than a login session. For that you normally use N/https.
I understand that Watir and Selenium have issues with NTLM auth when trying to login to web pages for testing. My research indicated that there are two normal work around. 1. add the credentials into the URL 2. use an auto auth plugin/extension. I currently don't have the option of using an extension in my environment, though I'm working on that. So, I'm left with passing credentials.
The problem I have is as follows.
Chrome:
In Chrome I pass the credentials manually (as in I type it into the browser directly) as http://password:user#example.com/ and it opens the page, but does not populate the popup. If I try to manually pass it as http://example.com?username=usr&password=password, it populates the auth pop up but does not proceed.
If I try to automate with ruby using the following code all I get is unknown user name and password. I have confrimed that the usr and pwd are correct.
browser.goto("http://example.com?login=usr&password=password")
browser.goto("http://password:usr#example.com/")
IE
IE behaves a bit differently.
In IE I pass the credentials manually as http://password:user#example.com/ and it returns an error that it can't find the page. If I try to manually pass it as http://example.com?username=usr&password=password, it logs in correctly.
If I try to automate with ruby using the following code the first example throws an page can't be found error. The second example opens the page, but does not populate the popup. I have confirmed that the usr and pwd are correct.
browser.goto("http://example.com?login=usr&password=password")
browser.goto("http://password:usr#example.com/")
What am I doing wrong?
My environment is Windows 7 Pro, IE 11 and Chrome 60.
Found an article that indicates MS removed auth in URL. So it makes sense that pwd:usr# doesn't work. Article ID: 834489
Ok, I have found the answer. After discussing it with my company's senior architect, there is no way to access an NTLM Windows authentication form by design. It's literally designed so that it can't be automated that way as a security measure.
The one workaround that he did suggest as a way to deal with the authentication issue is to use something like C# (our standard) and open the browser with the assumption that the user is already logged in. This will completely bypass the authorization pop up rendering the issue null. I'm unclear exactly how to do this, but I hope this provides a useful direction for others.
I have a webpage that which need to access some user data on his windows PC.
Ex.Read Outlook Email , due to security restrictions browsers wont allow this.
What is the best way to achieve this ?
Write an ActiveX control ? [what about FF,Chrome]
I need this work with Firefox,IE,Chrome.
Thanks.
You can't do this - it would be a huge security/privacy issue if a browser could access information on the user's machine. The only way to get Outlook emails would be to tell the user to export their emails from Outlook and have them upload the exported emails to your website.
You will need to write a tool like Google Calendar Sync that your users would download and install.
They would have to input their website credentials or a token that you generate for them and your app would do whatever needs to be done on the local PC. You may also have a trust issue as well. Will your users trust running your app to read their emails? Depends on the situation I guess, but a totally browser based solution probably won't work if it needs to be cross-browser compliant.
Does anyone knows?
My web server requiring auth, while uploading a file i've got window with auth. Even if I'll put username and pass application is crashed.
This is due to a known bug in Flash that sends IE cookies regardless of the browser that is hosting the plugin, thus borking your authentication/authorization scheme.
Here is an asp.net based workaround. It is plainly written and can easily be ported to your environment.
I am looking to protect the code of my Firefox extension because it has server calls in it that no would be a security risk if someone could make them outside of the extension. Any suggestions on how to encrypt it?
This is basically impossible. You want to give executable code to an untrusted client that has "secret" calls in it, yet not let the client know the secrets? How, then, is it going to execute the code?
At some point, it must be decrypted. Which means the client has everything it needs to perform the decryption, which means a user can do it, and build a malicious version of your extension.
The only choice you have is to redesign such that vulnerable services are not publically exposed.
If it's going to be executed on the client side, with no reliable secret, then basically you've definitely got a security vulnerability.
It's hard to suggest ways round this without knowing a bit more about your extension. An obvious suggestion would be to request a username/password, authenticate (over HTTPS) with the server and receive a time-limited token, and then present that token with the "dodgy" request. That won't stop anyone with the right username and password though...
You could use xauth, which is a variant of OAuth designed to solve this type of problem. Twitter uses xauth: http://dev.twitter.com/pages/xauth
Additionally, you could obfuscate your Javascript code, or even write it in C (as a NPAPI plugin).