aspose file tools*
The moose likes JForum and the fly likes need help on hsqldb Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "need help on hsqldb" Watch "need help on hsqldb" New topic
Author

need help on hsqldb

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
i'm using hsqldb for my sso forum ,i want to enter as admin login i have to give admin permission to particular user ,
so how to vew data and change permission

help me

ashok
[originally posted on jforum.net by Ashok]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
One way that might work without doing any DB work is to do the following:

With SSO enabled, log into jForum with the id you want to be the new admin. This will create the jForum user entry.

Turn off SSO by editing the config file and then restart jForum.

Log in as the default admin user, go to the admin screens and add the new SSO user to that administrors group.

Turn SSO back on/restart jForum.

The SSO user should now have admin rights.
[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
thanks for your answer , i have one more doubt ,is sso cookie based login is safe ?
if not means how to make safest sso login


[originally posted on jforum.net by Ashok]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Well, "safe" is a very relative term and has to be balanced between what you're trying to protect and the convenience your users might demand.

That said, if you're looking for a more secure SSO than Cookies, a lot depends on your method of authenticating users for your main application. E.g., if it's done at the Web server level, then you might want to look at using the Remote_User environmental variable. (FWIW, I use Tomcat's built in SSO functionality and this for my SSO)

Or, some commercial SSO apps will defined specific additional HTTP header tags that define who the authenticated user is.

If it's done via another Java web app, you can look at cross context functions to pass this information from Webapp to webapp and not deal with passing info back to the client (other than session id information).

If you need to use cookies, I'd suggest only using session cookies that get deleted after the browser closes. In the past, I've used the following method to create a fairly secure cookie:

Have the basic information that will be passed to the SSO application be something like:

userid;ip;time-issued;md5 security key

Where: userid is the validated user id info.
ip is the remote client ip
time-issued is the time the cookie was created
md5 security key is a hash of all the previous info plus a shared salt key(and if possible, the user's MD5 password hash)

The authenticating application should create a cookie with a key based encryption of this information. E.g.:

MySSOCookie: <hex string>

The receive SSO agent should decrypt the information, then validate it against the MD5 hash, verify that the remote client IP is the same (note that Proxy servers can play heck with this part), and the timestamp is not too old. It should then issue an new MySSOCookie of the same format with a new timestamp back to the client.

Note that this will add to the processing time needed to deal with each request.




[originally posted on jforum.net by monroe]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: need help on hsqldb
 
Similar Threads
Issues in Portlet and Page permission
SSO IMPLEMENTATION
third party jar files?
admin login in sso
Problems Starting HSQLDB server