• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

need help on hsqldb

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i'm using hsqldb for my sso forum ,i want to enter as admin login i have to give admin permission to particular user ,
so how to vew data and change permission

help me

ashok
[originally posted on jforum.net by Ashok]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One way that might work without doing any DB work is to do the following:

With SSO enabled, log into jForum with the id you want to be the new admin. This will create the jForum user entry.

Turn off SSO by editing the config file and then restart jForum.

Log in as the default admin user, go to the admin screens and add the new SSO user to that administrors group.

Turn SSO back on/restart jForum.

The SSO user should now have admin rights.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for your answer , i have one more doubt ,is sso cookie based login is safe ?
if not means how to make safest sso login


[originally posted on jforum.net by Ashok]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, "safe" is a very relative term and has to be balanced between what you're trying to protect and the convenience your users might demand.

That said, if you're looking for a more secure SSO than Cookies, a lot depends on your method of authenticating users for your main application. E.g., if it's done at the Web server level, then you might want to look at using the Remote_User environmental variable. (FWIW, I use Tomcat's built in SSO functionality and this for my SSO)

Or, some commercial SSO apps will defined specific additional HTTP header tags that define who the authenticated user is.

If it's done via another Java web app, you can look at cross context functions to pass this information from Webapp to webapp and not deal with passing info back to the client (other than session id information).

If you need to use cookies, I'd suggest only using session cookies that get deleted after the browser closes. In the past, I've used the following method to create a fairly secure cookie:

Have the basic information that will be passed to the SSO application be something like:

userid;ip;time-issued;md5 security key

Where: userid is the validated user id info.
ip is the remote client ip
time-issued is the time the cookie was created
md5 security key is a hash of all the previous info plus a shared salt key(and if possible, the user's MD5 password hash)

The authenticating application should create a cookie with a key based encryption of this information. E.g.:

MySSOCookie: <hex string>

The receive SSO agent should decrypt the information, then validate it against the MD5 hash, verify that the remote client IP is the same (note that Proxy servers can play heck with this part), and the timestamp is not too old. It should then issue an new MySSOCookie of the same format with a new timestamp back to the client.

Note that this will add to the processing time needed to deal with each request.




[originally posted on jforum.net by monroe]
 
Don't listen to Steve. Just read this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic