i would like to implement a parmanent hangout room (creating a repeated day event on google calendar)where some user (only invited people to that calendar event) in different places/room can join that hangout at any time. I can create a shortcut from chrome in the dekstop (whose link is aplayws the same) but the problem is how i can handle session/cookie authetication so stat a user does not have periodically to re-enter username and password? I want that users don't know username and password and just log in to the hangout from the desktop shortcut. How i can implement this?Is it possible?
Thank you
Google has a lot of security measures to prevent automated means of creating sessions. It's recommended that users sign into their own Google accounts manually.
Related
We have an app that allows us to signup using one email id and can add/ link another email id. When we enter the home page after signup, it should show the teams/challenges created using the first email id on the top and the teams created using the second email id on the bottom. We are thinking of using firebase for backend. Is it possible to have two email ids active at the same time?
No. You must go outside BaaS, particularly Firebase, as you have mentioned. You can consider making your own backend server for that feature.
What Firebase can provide you is the ability to have a single email address connected to different sign-in methods.
ref: https://support.google.com/firebase/answer/9134820?hl=en&ref_topic=6386702
If you're using Firebase Authentication to sign in users, then no, it's not possible to have two accounts signed in to a single device at a time. If you sign in a second account, then the first one will be automatically signed out.
If you want to "link" two accounts in such a way that they can query each others' data, you're going to have to establish that relationship in your database or custom claims, and use that in security rules to allow shared access to data.
I'm started developing apps for iOS 4 months ago, and I'm getting the hang of it. Now I want the take it to the next level with login and register options in my new app. But I don't really know the right approach for this.
When using the social media api's (Facebook/Twitter) and the user uses this to register and login. Do I need to save this register in my own sql database? So I can hook data to the user like, how many clicks did the user do on stuff? Or how is this handled?
Can this be the database where I can store my own register/login options for users that don't have social media or does not want to use it for my app.
All requests from and to my server, are they fully secured when using https? Or how do I need to secure this so user can not sniff the network for the information (hackers and stuff, you'll never know lol)
I did some research but I can not find stuff about this, probably because I'm dutch, and do not really know how to formulate my questions in google about this stuff. If anyone can pass me some tutorials and information about this topic, this would be really helpful!
Thanks in advance!
1) Facebook lets you get user's email, username, photos etc. But they won't give you the user's password. So what I suggest is you should make the user sign up with face book's username and email, but make user set up a password as well then save all that in your own sql database.
2) Save Facebook login users and normal login users in the same table. Media login or not your sql database should have at least email, username, password from every user.
3) Are you using PHP to connect to you sql database? If so, to prevent hackers you should use PDO or MySQLi. Read this question to understand more about how to prevent MySQL injection: How can I prevent SQL injection in PHP?
Hope this helps :)
I'm relatively new to Rails and would like to place a button on the admin-only part of my website that will open my company gmail account with the addresses of all of the registered users pre-populated in the 'bcc' field.
I almost have the mail_to helper working for this purpose except the mail_to link opens my personal gmail account instead of my company account.
Is there a way to use rails to trigger the log in to a specific gmail account and to pre-populate the "to" field as well?
I think, the link opens your personal gmail account just because you have it open in another browser window or tab.
AFAIK, Gmail does not allow to open different accounts in different windows at the same time. (Probably I miss something.)
Therefore, to make link open your corp account regardless of everything, the link handler should forcibly log out the current Gmail session and start a new one.
I don't think that you really want this behaviour (I mean closing the current session in such a rude way).
I've got a Rails App that uses Facebook for user accounts, and as of this evening, someone in Vietname has decided to (for whatever reason) use a bot to create fake accounts on my site using fake Facebook accounts. I'm getting about 2 new fake accounts / minute.
I've temporarily disabled registration, but I don't want to leave it that way, so I'm not sure what to do.
A couple things to note:
All the accounts use #yahoo.com or #ymail.com addresses
A lot of the accounts are registered by the same IP, but not all of them. It seems like he switches up the IP every 15 minutes or so.
I'm really at a loss, and I want to go to bed, but I can't until I find a solution to this. Help!
Make a capcha in registration form. If you already have a capcha in it then change the capcha generation mechanics. Also I think that your oponent made a script which is automaticly adds new user accounts to you web page, so as a temporary desicion you can change the url of registration handler.
You can use some techniques like limiting access to the application using something like a smart algo to block the IP it is requesting numerous account or limiting the account creation no more than a user from an IP.
And as specified if you know the pattern you can filter the request based on the pattern and deny any access.
I have a website with it's own login/registration mechanism (PHP, session, user and user_profile DB tables with username and password, etc). Let's call this the ABC account.
I just finished integrating Twitter's sign-on using Oauth, available as a "sign-on using twitter" button above my normal login form.
So now I have this scenario:
A user logs on via Twitter. Because Twitter, unlike Facebook, does not proivde access to a user's email address, I don't know if this person who logged in via Twitter is an existing user (in my user table) or not. So I create a new account for them (let's call this the "Twitter" account) and prompt them to merge with an existing "ABC" account by entering their "ABC" credentials. If they do so and everything matches, I store their twitter username, id and token in the DB record for their ABC account. Next time they login via Twitter I know who they are in terms of the ABC account (ie, the accounts are "merged") and all is good!
Except, I'd like to have the ability to have my site send tweets on their behalf, which basically means I need an authorized Twitter connection, which I only have if they logon via the Twitter button, not through the ABC account. The reason is with the latter I have their token_secret, received from the Twitter API callback after signing, but with the former I don't. My first thought of course was to save the token_secret in my DB (with the ABC account record) to remove this restriction, however it seems like this is the equivalent of a password and storing it could be secruity hole?
To boil this down to a question: is it "standard" practice to store the oauth token secret in the DB to achieve what I'm trying to do (which itself seems like a pretty standard function for a modern site)? . If not, what's an alternative implementation?
Update: looking at: Best practices - store Twitter credentials or not? it seems this is definitely not a 'best practice'. But it seems like what I'm trying to accomplish is...not sure how to implement? Maybe some kind of cookie-based solution??
Peter
ps -- BTW, if anyone has a better way to do the account "merge" I described I'd be open hearing about that as well. I did some google searching but really couldn't find anything too useful, although this problem must have been solved many times I imagine??? My understanding is that in the Facebook case the email can be used to "uniqely" identify a user (ie, match them to an ABC account), and do the merge without prompting (although I'm not even sure this is totally secure?).
Storing the tokens that Twitter gives you during the OAuth process is -exactly- how you should be doing it. Shove them in the DB.