I am building a website with nuxtjs and was wondering if I could password protect only one webpage with vuejs and not vanilla javascript.
Is this possible? if so! how?
The goal is to show the webpage to only those that i granted the password to, but the rest of the website is public to all, I am not really looking for a user authentication system, just a password protected one page!
Why not make an ajax call to a server ? a simple php function would return true or false if the password you had defined is correct.
Related
How to login one time and access in all domain using next.js?
example: Login using accounts.example.com and then use it on something.example.com, www.example.com
How to do that using next.js and firebase-auth?
If more information needed let me know.
Edit: 1
Some links to make question better:
Firebase sign in in accounts.example.com and access in something.example.com using react or next
I am not much aware of firebase-auth details but what is the issue here ? You can just set a cookie after user logs into "accounts.example.com" with domain as "example.com" in cookie, so that this cookie will be sent by client to all the subdomains as well and you can use that cookie to validate the user session.
How can I extract data from a website that is protected with a login and password via mql4?
I have the login credentials so this is not about hacking. I can get the html for any website but if a website has a login I can't get passed it.
I don't even know if login to a website is possible with mql4.
Anyone knows how to do this (if possible) ?
Many thanks
I work under Odoo11 with the Python3 language.
When the person goes to a web page, I want them to automatically connect without going through an authentication page. Is that possible? And if so, by what means? Controllers, url to change?
I don't have any code to suggest, because I don't know where to start.
Thanks for your understanding and thanks for your help!
EDIT :
I have a list on the Odoo website visible to only one user.
If I sign in with another internal user, I don't see this list.
There are several people who need to access this list. The url in question will be given only to these people.
I just want to avoid them an authentication page. It is a request made by our hierarchy.
My idea was to call a function "to disconnect" from Odoo (in case they have an open session) then pass the connection parameters (hard for example) with the username and password but only for a url.
My use_case I will say,
Url access -> Disconnect Session -> Connect Odoo session with username and password with parameters in my controller -> redirection to this url
Thank you
So let's say we have a web app with a front end build in a Vue framework with some stuff like authentication being handled by Nuxt, or anything similar. Let's say we use some kind of bearer token for authentication.
I understand that somewhat secure comunication with back end is handled by these tokens that are being send with every request and the BE then determines that a user is allowed to get a response - that all happens server side.
But when we have a code like this (in Vue.js):
<div v-if="!$auth.loggedIn">Log in first!</div>
<div v-else>Super secret information</div>
The "secret information" is not displayed (or rendered) unless the user is signed in. But all the data is already fetched to the browser, right? There is no need for talking to a back end server once the user is authenticated to resolve the if condition. Can I somehow extract the "secret information" in the built javascript that's sent to my browser even if I'm not authenticated? If I really wanted to and dug really deep into the code? It's all already in there but just rerendered when the condition is met.
The front end framworks have their own routing system with pages only accessible to authenticated users (behind auth middleware). Is this just how it works? Am i just supposed to fetch the "secret information" from the server too and know that anyone can display anything that's "hard coded" behind any front end auth middleware if they wanted to?
Can I somehow extract the "secret information" in the built javascript that's sent to my browser even if I'm not authenticated? If I really wanted to and dug really deep into the code?
Yes. You could if you wanted to. Please don't ever store critical data in the frontend. Your built files are just obfuscated but not unreadable.
i'm implementing a form based authentication for my web application.
i created some users in the JDBCrealm on TomEE server and allow only particular users to access the protected jsf pages.
Now authentication works perfectly and if there is a username password mismatch it is redirected to the error page.
the problem i'm facing here is, if i try to login with the user already available in the JDBCrealm who is not authorised to access the protected the page im getting 403 error.
When I come back and try again get to protected pages i can't again login. Is it because information about my login is remembered in session and I have to invalidate session?
Even if I don't login ?
EDIT:
i ask about at forum: http://openejb.979440.n4.nabble.com/Bug-in-security-TomEE-td4665009.html
and i think its the best answer for my question
instead of trying to implement this yourself take a look to something like spring security, it provides most of the options you will need and if you need to extend it is easy as well