I'm trying to hide the input of a password from the user. On the official website there is an example, which doesn't work as expected on my machine. The password is always echoed to the user.
See: https://picocli.info/#_interactive_password_options (Chapter 3.2. Interactive (Password) Options)
There seems to be no other way described in the documentation.
I'm running the example on Windows 10, Java17 (In Java) and Picocli 4.7.0.
The same example doesn't work either on my MacBook Pro.
Any Ideas?
Thanks for your help.
Related
I am writing an application that when is running should modify SystemConfiguration to set system wide proxy.
I know it is possible to do that using "Authorization Services" framework provided by Apple, however I see that it keeps asking for a user password to allow changes.
On the other hand I have 3rd party application (not the one I am writing) that does the same, but does not require user password. The application is not even written in Objective-C, but written in FreePascal (FPC) instead. Unfortunately I have no source code for this application to see how it does this trick.
I know I should be able to achieve the same (system config changes without sudo password) by either having Privileged Helper Tool supplied with the application (and perhaps install it on first run) or by going even nastier and loading a kext.
However I see that this application does neither of above. It only performs system calls and no password asked! I am completely puzzled how did they achieve that and would like to find a way to do the same.
So the question is - how to achieve complete "no password asked" for changing System Configuration on Mac OS X with an application?
PS: Application I have at hand runs as user, not root. And there is no modifications to sudoers neither.
This is silly, but after 2 days straight of searching for a solution I found that there is no special code nor any tricks required.
This is easily done via setting setuid bit to binary that requires escalated privilege and calling setuid(0) in the code before doing operations that require privilege (not sure if second part is necessary).
Relevant links:
Apple documentation
Related question on SO
PS: This works basically on any Unix-like system (BSD, Linux Solaris etc) with one details - this does not work on scripts (the ones that require hash-bang #! in order to execute interpreter) with exception of Solaris, where it seems to work just fine.
I have recently started working with Apple Configurator to use features meant for Supervised devices.
In the Restrictions payload there's a key called autonomousSingleAppModePermittedAppIDs with the description below
Optional. Supervised only. If present, allows apps identified by the bundle IDs listed in the array to autonomously enter Single App Mode.
Availability: Available only in iOS 7.0 and later.
I tried sending this key in the restrictions payload with a couple of app identifiers, but could not find any change in the behaviour of the OS. The Guided Access allowed all apps to enter into the SingleApp mode.
What I understand (and expect) from this is we can allow a list of apps to enter Guided Access (Single App) mode and no other app except the allowed ones will be visible on the device. Can you help me understand the things I'm missing or misunderstanding.
I believe the idea of this key that application itself can request a guided mode (vs guided mode triggered by a user or AppLock profile).
I believe application should use following API to request a guided mode:
void UIAccessibilityRequestGuidedAccessSession(BOOL enable, void(^completionHandler)(BOOL didSucceed));
In the case, if it's not on this list, this request will be rejected.
P.S. A device needs to be supervised.
Apple Configurator doesn't have the settings to manage "autonomousSingleAppModePermittedAppIDs"
Instead I decided to manually edit a profile and include the appropriate XML with the above key (referenced from here).
Upon trying to install the modified profile, Configurator explicitly says "The profile must be installed by a Mobile Device Management server."
The profile will install fine if this key/value pair is removed.
It looks like you MUST use an MDM to install a profile for use with Autonomous Single App Mode.
I was not able to find autonomousSingleAppModePermittedAppIDs in Apple Configurator. Looks like need to buy Apple Profile Manager (OS X Server in the App Store) for this which costs about $20.
When I browse the web with IE10 in win8's Metro part there is no problem but when I try to view page that is located on server in my local network(the same subnet) it displays this message:
This page can't be displayed
•Make sure the web address http://192.168.1.100 is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.
If following these suggestions didn't work, resetting your connection might help.
Reset connection [<-a button here]
Get more help with connection problems
Now the funny part is that there is an option in metro version of ie10 to open page on desktop (in regular IE10) and than it works with no problem.
I can't find or think of any security setting that would restrict browsing websites inside your own local network.
(this is Windows 8 32Bit Release Preview build 8400)
Any ideas?
This is related to EPM (Enhanced Protected Mode) in IE10. It's hard to summarize in an answer here, but Eric Lawrence (a PM on the IE team) has an excellent post detailing everything about EPM:
http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx
In particular, read the "Loopback-blocked" and "Private Network resources" sections.
In your case, you might try one of these approaches:
Try aliasing the dotted hostname (http://192.168.1.100) via a custom DNS entry (e.g. http://myservice)
Change the Trusted Zones settings
See if your network connection was established as sharing or non-sharing, which would trigger private vs. public mode.
Again, see Eric's post for the details of each of these.
I have an asp.net 2.0 application running on IIS 6.0. I am using Integrated Windows Authentication. Some users have two network accounts, a personal account and an administrative account. The problem I am facing is that sometimes when they are logged in on the client side using their personal accounts, the logged in user appears at the server side as the admin account. I am retrieving the logged in user network id using System.Security.Principal.WindowsIdentity.GetCurrent().Name.
I suspect that their admin credentials are being cached somewhere and passed instead.
I had exactly this same problem. The web site was seeing me authenticate as my admin account even though I was logged in as my personal account.
It turns out that in Windows you can associate specific user names and passwords with particular sites. Once that is done, the integrated authentication through IE (and Chrome!) always uses those credentials. And, to make things easy, there is no obvious way to get to those settings through Internet Explorer's settings or options.
To fix your issue on Windows XP:
Click Start, Settings, Control Panel, User Accounts.
Click the Advanced tab.
Click Manage Passwords.
Find the entry in the list the corresponds to the site(s) where you're seeing this behavior. Remove it.
Credit where credit is due: This answer was taken almost word-for-word from an unnamed "Junior Member" at ObjectMix.
For Windows 7, use "Control Panel/Credential Manager" (also available via "Control Panel/User Accounts/Manage Your Credentials"). This lists all cached credentials, and lets you easily delete the ones which are causing problems.
When you use Remote Desktop to connect to a server and save your login credentials, it doesn't only save them for remote desktop, it also uses them for connecting through IE and, apparently, Chrome.
This is an old issue, and still valid. I just found if you save credentials while using mstsc (Remote Desktop), and try to use Integrated Windows Auth against any site that is CNAMEd to that server, it will use the saved credentials. Those will be the ones you need to delete.
My PC is locked down at work and IT have removed Credential Manager from the menu in Control Panel.
I was able to get around this by running cmdkey /list from the command line. In the list of "Currently stored credentials" I located the offending hostname and ran cmdkey /delete:[hostname] (no sq. brackets and replace hostname with your host), which fixed the issue for me.
According to this site, rundll32.exe keymgr.dll, KRShowKeyMgr will bring up the dialog to do this as well.
Some background info: http://windows.microsoft.com/en-gb/windows7/what-is-credential-manager
I want to keep a log with the attempted log-in to a machine. The OS is Windows Embbeded Standard. Is it possible to make Windows execute an application or a script after every login attempt to enable me to save that information in my database?
EDIT:
Extract from Superuser:
"Here, you can set auditing to all types of events. I believe the one you want is "Audit logon events", Set it to Failure (or Success as well if you want).
All events will now get sent to Event Viewer. ..."
Is it possible to access the Event Viewer info via WMI?
From a security viewpoint, I would assume this would not be possible. But it is possible to write your specialized GINA library which would replace the standard login system of Windows. This was done to support fingerprint readers and smart card readers, and many other alternative login methods.
But out of curiosity, what kind of problem are you trying to solve here? Windows already has plenty of build-in functionality which can be analysed by anyone who can log in.
Follow this link to see how it's done in Windows 2003. I've checked with Windows XP on a virtual machine and it works exactly the same there. So I assume it also works in embedded XP versions.For reading the event log, this link from MSDN will be practical too. This will require .NET though, which is optional on Windows XP.
WMI might be a good place to start. You could use WMI (or another method) to query the security event log for sucessful/failed logon events, too.
http://www.computerperformance.co.uk/vbscript/wmi_event_log_administrator.htm