I am building an application in which front end is iPhone and I am using ROR as my backend with mongoDB as my database. It is a kind of chatting application for which I am using jabber protocol and XMPP server. Now I want that when a user is created in my rails app, the same user should be created on the XMPP server. Any help would be much appreciated.
The ideal situation is to have only a single source for users and configure your XMPP server to use that same service.
For example it is common to have an XMPP server authenticate against LDAP, then all user management is delegated to the LDAP server. The XMPP server doesn't handle user management at all, but defers any user related queries to LDAP.
This would ultimately be more reliable than trying to keep two separate systems in synch. If the user management in your case is custom (which it appears to be), it might mean you will also have to add a custom module/plugin to your XMPP server (you haven't mentioned which one you are using) to use that service.
Related
I developed chat application for mobile platform which uses eJabberd xmpp chat server configured in my public Ubuntu machine.
To make the server connection i used https://mydomainname.com:5280/http-bind so how to protect this to access only by my client application not others.
Now my serverĀ is accessible by any client like pidgin, adium etc How to block this.
You can modify ejabberd to have a custom authentication that integrate a variation from the specification and implement that in your client. That way, unmodified standard client will not be able to read it.
However, as your client is Javascript and code is visible, it will still be possible to patch existing client to implement your variation, but there is not way around this. The approach of "shared secret" means that if the secret is found, other clients could find a way to connect. The secret is even less difficult to find when your code is public (even if obfuscated).
I have tried Google with queries similar to the title of this question, but haven't found anything useful.
Background: I am building a web app and would like to add a user authentication level to it. I cannot imagine anything worse than building a user authentication system from the ground up, so I want a quick solution.
I'm looking for open source software I can host on my server that provides an auth layer I can connect to, with multiple user accounts
Criteria:
I want to host the software on my own server
Provide a log in screen that works with multiple sign in strategies - twitter, facebook, vanilla email, etc.
Persists users to a database (preferably postgres) and persists session data
Preferably lets me store a minimal amount of data per user, like key value store
Has a client-side (Javascript) API, like Facebook's JS, so I can use this auth service on multiple sites. Namely, I want to use it on localhost or my own file system (when allowing file cookies). Client side JS API exposes methods like log in / log out
Has a server side API (such as exposes local RESTful endpoints) so that when I do build out my server side app for other data storage outside of the user, my app can query the auth service for log in status.
I want to run this stack completely independently of my own app - in fact I want to run this auth service and purely communicate to it from my local dev environment without building any server side app of my own.
I have used Firebase and they do many of the things that I want, including log in strategies and the client / server side APIs, but I want to be able to host my own version of this.
I can't imagine anyone takes pleasure out of building user authentication of any kind, so I'm surprised I haven't found anything in research.
I also know this is an open-ended question, but as far as I can tell I haven't found anything satisfying my requirements.
I like Devise (https://github.com/plataformatec/devise), which is for Rails. It has an active community with a boatloads of plugins available that can fulfill many of your requirements.
I didn't see a language specified; most languages and frameworks have their own implementations. Can you provide more information?
Example: I use the Flask framework on python. In addition, I use the Authomatic library which provides Oauth access for twitter, google, facebook, etc.
What I was looking for is something called a Single Sign On solution. According to this list there is nothing currently that meets my criteria.
Instead I have chosen to just run a local webserver and implement a regular auth flow.
I'm building a mobile front-end for my customer's CRM system. CRM data is stored in a SQL Server database in their local network. What will be the best practice to make this data available to mobile app users. Mobile app will be distributed using Enterprise key, not via App Store.
I'm thinking about making a WCF service running on a local server and having access to the SQL server via ethernet. This service will provide basic authentication. But I'm not sure if it's the best way in terms of security.
How to provide access to SQL server data?
A WCF web service can definitely be used as a SQL front end. Windows or JavaScript-based client applications running on hand-held devices have no trouble accessing WCF applications, and there's plenty of sample code out there about using a WCF app as a front-end to databases. Here's a sample project from CodeProject.
Security wise, there are several options: you could create a Login(ID, PWD) function that all non-authenticated user requests would have to pass through before getting to your SQL server. Once the user authenticates, you can create a persistant session or send back to the client a SessionID he/she can use to re-authenticate on subsequent requests. You can also use more exotic and complex methods for authentication/authorization like client certificates and Forms, though on a iOS or Android device that will certainly take some extra work.
Since a public web service, accessing company core data, is a hacker's dream, you can always set up your web service so that it can only be accessed from inside the company firewalls via VPN. If not that, then you can use SSL or message-level encryption.
I want to write own XMPP client. I have jabber server. Is it real use XMPP library only register on server programaticaly?
I want to generate login, password prog-ly, then register prog-ly on server and start to chat. Or XMPP protocol doesn't allow have registering operation?
Registering an account via the XMPP protocol is known as in-band registration, defined in XEP-0077.
However, not all servers support this, or they have it disabled, or impose time/IP limits, as this makes it easy for people writing spambots (which hopefully you are not doing) to easily create multiple accounts automatically.
Like with most XMPP extensions, you can use Service Discovery to determine whether a server supports in-band registration.
I have a web application using XMPP for chatting. The only real problem is that users have to create their own XMPP account on the right server. I'd like to automate this process.
How do I automatically create a new XMPP account for a new user ? How do I know what address can be used or not for the account ?
There are a few different approaches:
Have the client register in-band. They can then choose their username themselves.
Connect to an existing user database, or interface with it directly.
The server might have some CLI or Web-based management tool that can be used.
As ggozad wrote, use the Add user command defined by Service Administration.
You need to implement (and your server to support) XEP-0133 Service Administration and in particular the add user command. You can create random user ids or generate them with some logic and store them somehow to check for uniqueness. The get-registered-users command might also be of help.