I have a list of sites running on the same server, so they all share the same IP address. a facebook app was created in order to have login functionality on the sites, but as I see, the app needs one and only domain (for security reasons...) that is enabled to use the login process.
Is there a way to identify remote sites with IP instead of one domain name?
Thanks!
No, you must use a domain name, you can enter multiple domain names though, or run the logins through login.yoursites.com or something like that
Related
When i log in to CPanel the main domain it shows on the first page and even when creating email accounts is different from the actual website domain.
The domain cpanel is showing is actually an older domain i created earlier but due to a mistake in the name, I registered another domain and moved all the content of the older site to the newer one. The newer site works perfectly but the issue i face now is that within cpanel i'm not able to do some things like create emails because it is showing a different domain name.
Actual domain is hanjakprofessionals.com
My web host claims he never did anything other than create for me a new domain account.
i assume that the problem could be in the way i migrated from the older site, however, i can't undo because I've made many changes in the newer site.
I noticed that some folders in cpanel like in mail folder and etc, their name is the older domain name which i edited to the newer but still no difference.
Is there anywhere i can change within cpanel to enable it reflect the current domain name? I welcome all ideas. thanks
on further checking i found that the cpanel user account i was using was of the older domain account so cpanel was actually loading the older account. I now logged in using the user account for that particular domain and it shows the actual domain in cpanel.
This is now resolved however i notice that cpanel allows one to login to another domain account yet the domain/url that was accessed was a different one.
I'm trying to set a web service that needs the user's Google Latitude info, so I'm using Google OAuth to get the user authorization stuff.
However, when trying to set the redirection URI in the Google APIs Console for a web application client ID I get a message error if I try to set it to 'http://PUBLIC_IP/'.
I need to test it with non local users (thus localhost can't be used), so I would like to know if having a web domain is mandatory in order to use Google's OAuth. If not, how can I solve this issue?
This is not currently supported. I filed a feature request and will update on progress.
Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can use xip.io to work around it.
For example: '192.168.0.50.xip.io:3000' will resolve to '192.168.0.50:3000'
I ran into this issue too and so I entered a URL with a .com extension and also entered it into my /etc/hosts file. Works like a charm.
It totally sucks that my entire app now has to be developed on an apparently 'live' domain though.
I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.
P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au
You can use a dynamic DNS. I used ddns.net which offers a free solution. Basically, you enter your FQDN as this: yourcompany.ddns.net as your domain. When looked up for an IP address, the .net domain points to ddns; when ddns.net is looked up, it looks up in its database for your company, returns the IP. So mine looks like this: https://wigwam.ddns.net and everything works fine. You don't need to buy a domain, you can substitute your known IP, and Google is happy with that.
Your IP must be static, of course.
Yes, as of now you still need to have a domain name to use Google OAuth in your application. If you have a static public IP and don't want to buy a domain name, you could use a free subdomain from FreeDNS to link to your public IP. Seemed to work well enough for me with a Django app.
Echoing what Breno said in response to his earlier comment:
Apologies for the lack of updates here. Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can read more about Google's app verification requirements [1] and Google's policies requiring secure handling of data [2].
[1] https://support.google.com/cloud/answer/9110914?hl=en
[2] https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling.
xip.io is not working anymore as an alternative you can use nip.io the same way for example:
10.0.0.1.nip.io:8000 will resolve to 10.0.0.1:8000
It seems like xip.io is down, but there are alternatives such as sslip.io and nip.io. However, I couldn't get either of these to work.
I ended up hosting the main file server on the main machine, and ran said server on a 192.168.1.xx IP address. I then ran servers on each of the test machines (including a second server on the main machine), all of which were on the localhost address. Any requests that the localhost servers received were then passed off to the 192.168.1.xx server, which allowed testing on all of the devices.
This should also work with public facing IP addresses.
I'm developing a Windows application, using Eclipse, Tomcat server and Struts2.
I am using LDAP verification to log in.
I only want to allow specific people to view my application, i.e person with IP 173.12.12.12 can view it, while 173.12.12.72 should not.
How should i do this?
Also if someone enters an ID which is disabled, the application should not work on his terminal anymore. How should i do this?
If you want to handle your IP address Whitelist within your web-application (eg. on a database), you can detect user's IP address server-side by reading the X-Forwarded-For HTTP Header from the Request.
If you want to handle your IP address Whitelist within your application server, (in this case, Tomcat), you must put a RemoteAddrValve in your context.xml (source).
Both this methods work, but both fail at detecting real IPs in case of IP spoofing. It's naive for a malicious user to spoof their own IP address, for example with CURL, or with a Firefox AddOn like anonymoX.
You shouldn't rely on IP address to protect your system. But you can use them to enhance the user experience to your authenticated, trusted users... once they're in, you can assume they're not malicious and start profiling their devices by IP to provide targeted functionalities.
if it is a range of IP, fetch the IP value from a property file and verify against it.
if it is a single value, fetch the value from the database assigned to users and verify against it.
I'm trying to set a web service that needs the user's Google Latitude info, so I'm using Google OAuth to get the user authorization stuff.
However, when trying to set the redirection URI in the Google APIs Console for a web application client ID I get a message error if I try to set it to 'http://PUBLIC_IP/'.
I need to test it with non local users (thus localhost can't be used), so I would like to know if having a web domain is mandatory in order to use Google's OAuth. If not, how can I solve this issue?
This is not currently supported. I filed a feature request and will update on progress.
Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can use xip.io to work around it.
For example: '192.168.0.50.xip.io:3000' will resolve to '192.168.0.50:3000'
I ran into this issue too and so I entered a URL with a .com extension and also entered it into my /etc/hosts file. Works like a charm.
It totally sucks that my entire app now has to be developed on an apparently 'live' domain though.
I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.
P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au
You can use a dynamic DNS. I used ddns.net which offers a free solution. Basically, you enter your FQDN as this: yourcompany.ddns.net as your domain. When looked up for an IP address, the .net domain points to ddns; when ddns.net is looked up, it looks up in its database for your company, returns the IP. So mine looks like this: https://wigwam.ddns.net and everything works fine. You don't need to buy a domain, you can substitute your known IP, and Google is happy with that.
Your IP must be static, of course.
Yes, as of now you still need to have a domain name to use Google OAuth in your application. If you have a static public IP and don't want to buy a domain name, you could use a free subdomain from FreeDNS to link to your public IP. Seemed to work well enough for me with a Django app.
Echoing what Breno said in response to his earlier comment:
Apologies for the lack of updates here. Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can read more about Google's app verification requirements [1] and Google's policies requiring secure handling of data [2].
[1] https://support.google.com/cloud/answer/9110914?hl=en
[2] https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling.
xip.io is not working anymore as an alternative you can use nip.io the same way for example:
10.0.0.1.nip.io:8000 will resolve to 10.0.0.1:8000
It seems like xip.io is down, but there are alternatives such as sslip.io and nip.io. However, I couldn't get either of these to work.
I ended up hosting the main file server on the main machine, and ran said server on a 192.168.1.xx IP address. I then ran servers on each of the test machines (including a second server on the main machine), all of which were on the localhost address. Any requests that the localhost servers received were then passed off to the 192.168.1.xx server, which allowed testing on all of the devices.
This should also work with public facing IP addresses.
For example: Once a user logged in, server side then needs to route the http traffics to a certain tomcat instance because all his/her files(not in DBMS but in local HD) stored on that machine and there will be interactions between the web app and underlying FS. Anyway to do this?
Thanks!
This is often done by redirecting to a server specific URL at or following login. The users session then continues with that URL. I frequently find www replaced with www1, www2, etc, after login on sites I use.