I have an account that has been blocked on a website,so for me to re-open another account with the website i suggested to obtain a new phone with a different ip address and open another account with another Gmail,but my concern is that i could see my saved cookies in the interface of the website of which my first account have recorded maybe because i logged in to my chrome browser with
the gmail account that im using with chrome,i want to asked that,hope the saved preferences of my blocked account will not affect my new account ?
Related
I'm creating a book library app, where people buy an account and become able to read all the books...
In the past, we were able to get the UDID of the iOS device and the login only works from this specific UDID.. now apple prevents this, another solutions were there like OPEN-UDID but now doesn't work...
Are there any other means to prevent the user from giving the credentials to another people??
The only solution on top of my head now is this :-
When a user login, a flag on the server becomes true, and when another account try to login using the same credentials, it will show an error message "you are already logged in on another device".. when the original user logs out, the flag becomes false.. this will prevent the account from being used on multiple devices at the same time.. but the drawback is, what if the user unInstalls the app without logging out?
Is there a research on this topic that covers all these scenarios?
Is there a way to use apple keychain or iCloud or any other solution ?
What you can do is on new login invalidate api request(and send them to login screen) of previous login you can use device token with each api to check if you want to send data to device or it's a old login token and needs redirect to login. you have to just store a device token for each account login if it matches then send data else redirect to login
Edit 1:
if you uninstall the app then you have to login again from other device to access the books(data) and in each login you'll replace the old token with new one. Now only device which has this new token can access books. All other device if there are any login left in any device then they will get message from API that token not matched and you have to redirect them to login page again
I'm relatively new to Rails and would like to place a button on the admin-only part of my website that will open my company gmail account with the addresses of all of the registered users pre-populated in the 'bcc' field.
I almost have the mail_to helper working for this purpose except the mail_to link opens my personal gmail account instead of my company account.
Is there a way to use rails to trigger the log in to a specific gmail account and to pre-populate the "to" field as well?
I think, the link opens your personal gmail account just because you have it open in another browser window or tab.
AFAIK, Gmail does not allow to open different accounts in different windows at the same time. (Probably I miss something.)
Therefore, to make link open your corp account regardless of everything, the link handler should forcibly log out the current Gmail session and start a new one.
I don't think that you really want this behaviour (I mean closing the current session in such a rude way).
I want to save authentication of my hotspot in my user preferences. Ex: I sign into my wifi using an app with my username and password, then unblock my network, so next time I'm go in this LAN, it should use the credentials I've put in app. So app has to save the wifi auth in user profile. I'm using NSUserDefaults to store my user and keychain for password. Is this the correct way?
As far as I know, there isn't a way for the app to directly setup an access point in the iOS system; I can not see a reason to save wifi authentication credentials in your app if the system will do this already (probably in a more secure manner)? If you simply save this in your user's preferences, then you will get into security issues if you want to change this password later.
However, yes you can distribute a provisioning profile which contains the credentials to your access point so that the user doesn't need to type it in. You could for example, from the app, open an URL pointing to a server web address that will serve the profile for your users. But then you don't even need an app just for that.. you could generate a QR code pointing to that URL and use one of the existing QRCode decoding apps for example.
I have recently implemented login to my via facebook connect. So now users have 2 ways of logging in to the site. The old way of registering an account and the new way (facebook connect).
One thing I would like to do is link a new facebook connect user account to existing accounts if they logged in the old way.
Has anyone had any success doing this?
Very good question I think and lots of people will benefit from an answer.
What you need to remember is that accounts are only linked so long as they are authorised to be linked through Facebook. What you should do is maintain a second table of linked accounts in your database so that you know who is who and if they are linked with Facebook.
You should read this integration comment, it provides a lot of useful information.
http://crazyviraj.blogspot.com/2010/01/test-cases-for-basic-facebook-connect.html
It doesn't really say how to do things, but it makes sure you tick all the boxes of what you should be doing.
ie:
Sign Up should fail if the user denies
permission to the app (category: sign
up)
Since we need access to an email
address, Sign Up should fail if the
user provides publish permission but
denies email permission (category:
sign up)
If the user provides an email address
that already exists in your system,
fail Sign Up. Make sure no YouFace
backend tables are modified (category:
sign up, 1:1 mapping) PS - when this
happens, I didn't find a way for you
to de-authorize YouFace on the
Facebook user's behalf. The user must
manually do this if they wish you use
the same account but provide a
different email address.
Accounts created using Facebook
Connect should not be able to login
using YouFace's default email/password
login system (category: sign in,
account security). PS: Since YouFace
accounts require a password and those
created using Facebook Connect don't,
make sure to insert a random password
hash into your table to avoid silly
errors
Accounts created using YouFace should
be able to sign in without requiring
to be signed into Facebook, even if
when a link to a Facebook accounts
exists (category: sign in)
Any many more
You should be asking for permanent access through fb connect authentication. Once you've done that, you'll get a token which gives your permission to access someone's Facebook information, and that token will not expire unless the user explicitly removes you from the permission list or changes his/her password.
Once you have the token, associate that token with the user / create a new field in your user table to store it.
To associate the user with a Facebook account without the user logging in, you can try to match by email. It's not 100% accurate but it's pretty good. Facebook doesn't give you email addresses in text form but you can get email hashes from FQL. Since you already know user email addresses, you can calculate the hash for all of your user emails and search through your user base for matches every time a new Facebook Connect user signs up.
I have a facebook fbml app and a web application. I want my web application users to be able to add my facebook app. Seems simple, right?
Currently, I am making the connection by adding a param to the canvas page link in my site. For example, I have a link that says "add our fbook application" which links to http://apps.facebook.com/our_fbook_application?suid=786432878923
suid is the logged in user's uid on my site. Adding this to the canvas link params allows me to connect their site uid to their fbook uid on my site. This way when requests come in from facebook, I can authenticate them based on solely the fbook uid after the connection is made.
This seems like a security issue. I think an attacker could log into their facebook account and guess user id's by calling http://apps.facebook.com/our_fbook_application?suid=x and when x corresponded to a suid on my site, he would be authenticated to see that user's data.
This connecting of a facebook app user to a website user seems like it should be really common practice, but all I can find these days is facebook connect examples which I am not supporting yet.
Can someone walk me through the steps to connect a facebook app user to my website user? Major bonus points if someone can do it in Rails with the facebooker gem.
Thanks!
don't pass the suid as a variable.
Instead, on your backend, associate the FB uid with the suid.
When the user accesses the app via website, he/she will have to log in (maybe through fb connect?).
When the user accesses the app via FB, your page should be able to determine the fbuid of the user and map that to the correct suid and log the user into your site.