Jump to content

Darghon

Members
  • Content Count

    83
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Darghon

  • Rank
    Regular Member

Profile Information

  • Gender
    Not Telling
  1. Hi all, I've currently been using a cookie as a "remind me" value for keeping users logged in for an entire day. Now, after googling about cookie security it all comes down to the same underlying statements. Cookies are not secure, and any data it contains is by extension, also not secure. Now, due to the fact that I need the "remind me" functionality, I was wondering what the best practice for this is. All my users have a UUID assigned to them, which is a 36-char long random string (in a specific pattern). At the moment, I store that UUID in the cookie, and if the system finds it, it checks if the user exists, and re-assigns the session if it expired, within the valid period of the cookie. Now, what should I do to make this better? Any suggestions are welcome. Thanks
  2. Well, since no one was able to help me, and I've eventually managed to fix this, I'll add my solution (and problems) in this post. So, I needed to connect to a Soap Service using WSSE. Not with a user/pass auth in it, but with a client certificate, a binary security token and such wonderful things. First, I needed to make a p12 certificate file, using my client certificate (with the cert chain) and my private key (used to request the client certificate). Next, I needed to convert the p12 file to a BASE64 encoded pem file. Finally, in the soap_client constructor, you need to add "local_cert" and "passphrase" in the options part with the full path of the pem file, and your used password (if any). Next, and this one was my biggest issue, make sure your server can resolve the host address of the webservice. Ping it first, and if needed, add it to your host file *facepalm* Finally, construct your soap envelop (I've used a public PHP WSSE library for mine), and execute the request. Feel free to ask more details if need be.
  3. The above is still an issue, anyone?
  4. Hi all, I've been struggling for months with a connection to a DataPower webservice using PHP. In SoapUI I've managed to get a response (an error message, but a response non the less) but in php, Soap always returns a NULL value. The service in question requires me to use a client certificate. Creating a p12 keystore with my private key (used to request the certificate) and the complete certificate chain provided by the service host, I'm able to get a connection using SoapUI (by using ssl for each request with the formentioned p12 file) Now, I want to accomplisch the same thing in php, so, I did the following: - I installed the root and CA2 certificate from the service provider on my php server - I construct a soap_client using the received wsdl file (same one as I use in SoapUi) and add the below listed options to the constructor $options = [ 'trace' => 1, 'exceptions' => 1, 'local_cert' => $this->_getCertificateLocation('P12_KEYFILE'), 'passphrase' => $keyfile_passphrase ]; The _getCertificateLocation returns the absolute path of the cert file, which is correct and accessable. Alternatively I've also tried to convert the P12 file to a PEM file using the below command, but results in thee same effect. openssl pkcs12 -in discimus_keystore.p12 -out discimus.pem -clcerts Anything I need to add/reconsider? or any advice on this matter? Thanks for any help. Darghon
  5. Hi all I have about 150 virtual hosts configured in nginx. these hosts all have the same configuration with exception of the domain name, and the paths for said domain. each time I need to change a setting on one of the hosts, I need to replicate the change on ALL the domains. is there a way to "include" these configurations into the server block, to prevent me from changing each block? It needs to be includable cause there are other virtual hosts that deviate from the normal. and do not need those configurations. Thanks for any advice
  6. I've asked them if their product can supply what I need, but the pricing might be an issue, as my application is very cheap. For instance, about 500€ annually / client. Any other more "custom" solutions? I'm a senior developer myself (close to 10 years and counting) so I'm not afraid to code it myself, I just need to know what to code... Thx again
  7. Hello all. I am maintaining a php application which manages and creates contracts for internship jobs. (well that's part of it anyway) More and more of my clients start asking if there is any way they can digitally sign the contracts, to avoid printing everything out. So I've been doing some google work, been reading up on as much information as I can find, and have to conclude I have no idea how to get started on this. Hence this topic. To put everything in perspective. A student has to perform an internship at some company. Legally, we need a contract that's signed by the student (or their parent(s)), the school and the company. This document needs to be digitally available (in the application) and it needs to be visible and legally binding to all 3 parties. preferably visible that it's signed, and by whom. (~3 signatures) Right now this document is printed, and given to each of the parties. Once it's returned, it gets filed in a "binder" with all other physical documents of that student. (which the clients want to avoid) Is there any step-by-step guide for this? Correct me if I'm wrong, but I think I need to get a certificate for my application (a general one for the application itself, because each client has their own instance of this application (subdomain of the application: http://<clienttag>.applicationname.com)). Then I need to encrypt a signature of the user using this public key of the certificate, and sign the document (with PHPDocx for example). In the documents overview of this students file, it needs to list all attached and signed documents, which all parties that signed it. (with maybe the contracts converted to PDF's.) Any help for getting started with this is welcome. Thx in advance
  8. Hi all, I've been creating a somewhat responsive layout for an existing application. Some of the pages contains sets of data that have been grouped. I've added styles to show them as blocks next to each other as long as enough space is available. so full screen is shows 3 blocks next to eachother, on a smaller 2 blocks, or 1 block depending on the available width. If the content of one block exceeds the length allocated, I have an additional class "clipped" that turns the overflow hidden, and adds ellipses to the text. But as the title suggests, doing this pushes the next div down which looks ugly. Removing the overflow:hidden style fixes the issue, but makes the text run out of bounds. Listed below are the html uses, and the css related. Can anyone help me resolve this issue? (The additional style code in the full line value is to ensure that multi line texts are still positioned next to the label and not under it) Css: #wrapper label { float:left; font-weight:bold; text-align: right; width:200px; margin-right:10px; } #main #main_wrapper .group_content { display: block; } #main #main_wrapper .group_content .attribute_block { display: inline-block; min-width: 400px; margin-right: 20px; } #main #main_wrapper .group_content .attribute_block.full_line { display: block; min-width: 100%; } #main #main_wrapper .group_content .attribute_block input, #main #main_wrapper .group_content .attribute_block textarea { max-width: 300px; } #main #main_wrapper .group_content .attribute_block select { max-width: 322px; } .clipped { overflow:hidden;text-overflow:ellipsis;white-space:nowrap; } Html: <div class="group_content clearfix"> <div class="attribute_block full_line clearfix"> <div class="label"><label>Beschrijving</label></div> <div style="float: right; width: calc(100% - 210px);" class="value">Addendun voor een raamovereenkomst.</div> </div> <div class="attribute_block"> <div class="label"><label>Auteur</label></div> <div class="value clipped">Quickstage Support</div> </div> <div class="attribute_block"> <div class="label"><label>Aangemaakt op</label></div> <div class="value clipped">19/12/2012 10:14:54</div> </div> <div class="attribute_block"> <div class="label"><label>Laatste aanpassing op</label></div> <div class="value clipped">19/12/2012 10:14:54</div> </div> <div class="attribute_block"> <div class="label"><label>Gegevensbron</label></div> <div class="value clipped">Schooljaar - Klas - Leerling - Stageperiode</div> </div> <div class="attribute_block"> <div class="label"><label>Bestandsnaam</label></div> <div class="value clipped">Aanvullendbijraamovereenkomst.docx</div> </div> </div>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.