This might sound a little complicated, but as I'm often working on my local databases in Lotus Notes I got the problem, that I can not authenticate. So I'm always working as Anonymous on my database.
The Problem is, that I can not test all functions, because for that I would need a valid Notesname.
How can I authenticate on localhost to work with my name/account and not as Anonymous?
You can not authenticate XPages/web applicatons using the local HTTP preview. You need to install a local server to do that (which is a good thing anyway for XPages development).
Try connecting to your machine using the fully qualified domain name, e.g. ^http://mymachine.mydomain.com instead of localhost
You can add yourself to your local address-book. And have it added to Database Security as Manager or whatever you want. That will help you to login using HTTP for local database.
I am looking to also do this, and I recalled a tip from searchdomino.com, the poster is Shawn Dezego
http://searchdomino.techtarget.com/tip/Testing-Authentication-Authorization-in-a-Web-App-Locally-WIthout-Running-a-Domino-Server
Here's the gist:
Just create any groups in your local address book and add your name to
the proper groups, roles etc. Then go to your Domains public address
book (Domino Directory), copy your person doc and paste it in your
local NAB. That's it.
This is the same basic tip as offered by the adjacent commenter. However, I think this may not work for Xpages apps, so I am loading a local server anyway.
Just create a person document in local NAB (names.nsf) and add HTTPpassword field with your password (hash it using #password("mypassword") formula) as text.
Make sure the person document contains the Fullname field, where you can put as test list your aliases. But Notes will use the first field entry as your name.
And remeber to set the first entry in canonical way (cn=user/ou=organization/o=domain)
Now you are ready to use this name in ACLs and names' (nested) groups.
I suggest to use hosts file to remap localhost with your site domain.
Enjoy!
(P.S. : You need to add anonymous entry in your db's ACL, and set it to editor access level. Once opened the application with browser, use the url command "&login" to force Notes to authenticate you)
Related
I have a category that I want to protect using a password. I googled and found out some solutions to protect the whole site, but that's not what I want. I was wondering if there is a way to do that. Appreciate any suggestion.
One of the scenarios is, the category, say called personal, is located in the navigation bar, when people click this button, they are asked to enter password to visit.
You can use http://cloudcannon.com/ and create private content that is password protect.
If you are using regular hosting you can use a .htaccess file. If you host on github you can create a form that redirects to a filename that equals your password. Make sure your repo is private and you block search engines.
Our product (Yoke.io) integrates Evernote through REST API. We need to generate direct URL link to a specific notebook, note or tag so that user can click the link to access them.
However, current URL format contains parameters named "ses", "sh" and "sds" in addition to the ids for notebook/note/tag. I have no idea what these parameters mean and if they are different for different users, platforms, etc.
For example, if I want to access a notebook with id "3ec5f3c1-bd4d-4f94-b924-367b13eaf3bc", and generate the following links:
https://www.evernote.com/Home.action#b=3ec5f3c1-bd4d-4f94-b924-367b13eaf3bc
https://www.evernote.com/Home.action#b=3ec5f3c1-bd4d-4f94-b924-367b13eaf3bc&ses=4&sh=1&sds=5&
The first link (#1) won't work but the second link (#2) works.
I could hard-code "ses", "sh" and "sds" parameters in the URL but my feelings is that these parameters will change for different users.
Could anyone explain more on what are these parameters for and how I can generate a direct URL link to a specific Evernote notebook/note/tag?
Thanks a lot for your help.
Regards,
Tao
ses, sh and sds are hash parameters we use when serializing the state of the web client. If you try manipulating the hash parameters to get the web client into a certain state, note that these are undocumented APIs and are subject to change at any time. That said, they won't change super often.
None of those three parameters will change on a per-user basis, they represent the "view" of the client you're in at the time. The simplest way to get a url in the format you like is to navigate to that view in the web client, copy the hash, and replace note and/or notebook guids in the url (b for the notebook guid and n for the note guid).
I'm running rpcapd on a Raspberry which serves as a WiFi access point to trace/sniff network traffic by WiFi users.
I can run rpcapd in null authentication mode and access the interfaces from my windows machine using wireshark and it works perfect.
However, I'd like to expose these capture interfaces to multiple users and i thought it might be good to not use null authentication but have at least a little barrier for unwanted users.
If i don't use the "-n" argument, what is the user/pass? I searched Google but i can not really find a source which leads me to the answer.
I tried creating a second user which has a password and ran rpcapd from this users but still if i use these users Linux credentials, wireshark tells me it can not find any interfaces. When i re-run rpcapd with the -n argument everything works.
So... i must have overseen something!? What is the username and password for non null authentication operation or where can i specify one?
Thanks a lot!
Let me know if you need further info to help. Thanks!
When not using RPCAP_RMTAUTH_NULL authentication it will instead use the other type, RPCAP_RMTAUTH_PWD : https://www.winpcap.org/docs/docs_412/html/group__remote__auth__methods.html
And according to some old copy of the manual I found (ftp://ftp.tuwien.ac.at/.vhost/winpcap.polito.it/301a/docs/group__remote__auth__methods.html) which helpfully listed code references : "Referenced by daemon_checkauth(), and rpcap_sendauth()."
..which leads us to to the code that does the authentication : ftp://ftp.tuwien.ac.at/.vhost/winpcap.polito.it/301a/docs/daemon_8c-source.html#l00626
I downloaded the source (http://www.winpcap.org/install/bin/WpcapSrc_4_1_3.zip) to check it was still current and found in file "wpcap\libpcap\rpcapd\daemon.c" the current information for "daemon_AuthUserPwd" which shows not much has changed.
Hope this helps :-)
I want to allow anonymous users view access to a private folder & it's contents, only after they have submitted a valid email address through a form. I thought of emailing them a link to the folder, perhaps with a token that gives them access or logs them in, but I'm not quite sure how to do that.
I'm currently looking at collective.powertoken.core & collective.powertoken.view, but it seems that these products cover access to a single content item, rather than a whole folder.
I'm wondering if it's better just to add low priviledged users to the system & log them in without passwords.
Thanks
as suggested by #keul, you can use redomino.tokenrole.
If you want to integrate the tokenrole feature with a PloneFormGen you might consider to have a look at redomino.tokenroleform (https://pypi.python.org/pypi/redomino.tokenroleform): It is a custom plone form gen adapter that let you share a private object via token.
I don't know if redomino.tokenroleform fits your use case.
But you can browse the code in order to understand how to add a tokenrole programmatically.
Both products are for very low level usage.
Try redomino.tokenrole: https://pypi.python.org/pypi/redomino.tokenrole
I need to track visitors.
I have a script (http://example.com/something.aspx) that saves all the visitor data (like browser, referrer, etc.) into a DB and insert a flash-cookie in the visitor machine for further tracking.
Right now I insert that script using an iframe in each page I want it to work.
The script need to be in the same domain of the page for it to work.
I use this script in a number of domains, so for each domain I have the same script installed in each domain.
I want to provide some kind of javascript API to be able to use only one script for all the domains. "One Script to Rule them All".
Its important to know that I own all the domains.
It is possible? How to achieve cross-domain?
Thanks.
I would try the following approach, but have not tested the whole thing.
insert into the page.
The record-and-set-cookie.aspx page will record agent info into a database (this part I am sure will work), and then return javascript that will set a cookie (this part can work, but needs confirmation).