Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 50

Thread: OSDash server authentication is here!

  1. #11
    licensed to kill - FKA kev000
    Auto Apps:loading...
    tripzero's Avatar
    Join Date
    Aug 2006
    Location
    16.40618, 120.61106
    Posts
    2,494
    The forum is create for plotting out direction. However, some things require more direct communication like brainstorming. For that reason, irc and other chatting services are a good idea. mp3car already has an irc channel.

    I do think whatever alternate communication method we use should be able to grab logs from and put them in this forum.

    As for the data standard, I'll start a thread with my thoughts in that subforum.
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

  2. #12
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    831
    Blog Entries
    86
    OFF TOPIC

    anyway.

    Let me try to clear up some auth questions.
    Every developer will need to have an api-key. An api-key is a way we can tell that forum member X is an OS Dash developer.

    Every application needs to have a unique identifier. that uid is the app-key. So as a developer, i have 1 api-key, and 5 app-keys, wherein i have 5 apps.

    The auth works in this way. I've made a file on the mp3car servers that authenticates with an mp3car username and password. However, I'm using cURL to send either client or server side username and password to that remote file. All that server.php file is, is the curl function, and parsing out the return.

    You don't NEED to have the server.php file, you can send data to the remote script however you want, but it has to be sent in the right manner for the auth to work. And then on top of that, i was formatting the object output in a way that you could easily use.

    now i do wanna hear what your suggestions are to make this available to non php applications.

    ill keep checking here to answer more questions.

  3. #13
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    831
    Blog Entries
    86
    -- reading more --

    I could let you pass all the parameters in the URL to the file, but i really don't think that's a secure method. that's why im using cURL and not GET.

  4. #14
    Raw Wave
    Auto Apps:loading...
    justchat_1's Avatar
    Join Date
    Jul 2008
    Location
    Boston, Ma or NY,NY
    Posts
    1,783
    Quote Originally Posted by kev000 View Post
    The forum is create for plotting out direction. However, some things require more direct communication like brainstorming. For that reason, irc and other chatting services are a good idea. mp3car already has an irc channel.

    I do think whatever alternate communication method we use should be able to grab logs from and put them in this forum.

    As for the data standard, I'll start a thread with my thoughts in that subforum.
    Quote Originally Posted by UnusuallyGenius View Post
    +1 for a separate forum
    My google wave suggestion was exactly due to the communication needs of large distributed projects. We need a more instant form of communication (IRC is good but its 30 years old and doesn't keep an easily accessible chat history for everyone). The problem is that most instant communication allows for a single discussion at a time (including forums). Very often half way through a thread, 3 or 4 different ideas are being discussed at once and its quite easy for topics to get lost. Should you split a thread then it becomes very difficult to stay in the loop on it (or continue a discussion in two directions).

    I think the best option would be a google wave plugin for the forums so that its publicly accessible but offers all the advantages of this new form of communication.

  5. #15
    licensed to kill - FKA kev000
    Auto Apps:loading...
    tripzero's Avatar
    Join Date
    Aug 2006
    Location
    16.40618, 120.61106
    Posts
    2,494
    Matt and I had a spare moment we decided to hack out a few services. Can we see the code you use, cUrl, etc for autherizing an app against the server with the user/pass? Also, it seems like the url for the test auth is down: http://12.167.132.206/apps/auth

    thanks,
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

  6. #16
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    831
    Blog Entries
    86
    Hey sorry it took me so long to get back to you. You can use cURL to authenticate
    lets assume your forum username is {user}
    and your password is {pass}

    Code:
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,"http://www.mp3car.com/vbulletin/auth.php" );
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    		
    $nvp .= "&vb_login_md5password={user}";
    $nvp .= "&vb_login_username=".md5({pass});
    		
    curl_setopt($ch, CURLOPT_POSTFIELDS, $nvp);
    		
    $responseObject = json_decode(curl_exec($ch));
    
    var_dump($responseObject);

  7. #17
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    831
    Blog Entries
    86
    Quote Originally Posted by tripzero View Post
    Matt and I had a spare moment we decided to hack out a few services. Can we see the code you use, cUrl, etc for autherizing an app against the server with the user/pass? Also, it seems like the url for the test auth is down: http://12.167.132.206/apps/auth

    thanks,
    I'm able to get a successful test auth on that site. Though its using an older version of the auth service.

  8. #18
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    831
    Blog Entries
    86
    atm, you don't need any app key or api key, this auth service simply returns succes and user data or fail and error message.

  9. #19
    licensed to kill - FKA kev000
    Auto Apps:loading...
    tripzero's Avatar
    Join Date
    Aug 2006
    Location
    16.40618, 120.61106
    Posts
    2,494
    Awesome, thanks! I'll try to convert this code to Qt and put it in my client.

    EDIT:
    Thinking about this more, is there a way to have this return a valid "userid" that can be referenced in the future? We need a way to identify a user for methods without having to pass the username/password around. I know when matt was integrating with the drupal user db, his auth methods returned the "id" associated with that user in the database. Then he was able to use that id in subsequent calls like updateLocation?user=4343&lat=23.433&long, speed) where 4343 was the unique user id.

    is this secure? I'm a little new to user authentication methods. It seems like someone could grab your id from a man-in-the-middle type sniff and then do equally bad things with these web services as if he had your user/pass. IDK, i'm open to ideas from those with more experience than myself.
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

  10. #20
    fka - Nextabyte_Matt ioi8's Avatar
    Join Date
    Apr 2006
    Location
    Cleveland
    Posts
    125
    Ok guys, lets get the ball rolling on this. Ive had alot of time thinking about services and this is what ive come up with.

    There will be a service handling all auths for several different methods. We will call this the auth service. The service will handle the following auth types:
    1. Converting username and password into a key (aka session key)
    2. Converting session key into MP3Car user id (from mp3car DB)
    3. Returning a modified user id from MP3Car id (aka user key)

    Here is how the service should work
    1. User on MP3Car wants to use online services and signs up for it. The website then generates a session key
    2. User takes this session key and puts it into the client or front end software that is MP3Car services aware
    3. Client then connect to the services and auth to the auth service using this session key
    4. Auth service returns a modded user id (user key)
    5. Service uses this user key to store user specific information

    This way, no service or client or anything else other than the auth service stores non-modded user specific information. We do not need api or application security, what we needed/wanted was user security and I think this method does it easily and simply.

    I have this ready to go, but I either need direct access to your forum user DB, or provide a local only service that sends me a straight user ID when I send forum username and password.

Page 2 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. GPSTracker on home server
    By lambosprit in forum GPS
    Replies: 319
    Last Post: 07-12-2012, 05:35 PM
  2. Lilliput screen on Ubuntu
    By yam125 in forum Linux
    Replies: 13
    Last Post: 06-13-2011, 10:19 AM
  3. OSDash Web Interface Definition
    By Bugbyte in forum OSDash - Web Interface
    Replies: 19
    Last Post: 12-31-2009, 01:32 PM
  4. OSDash - Client definition
    By Bugbyte in forum OSDash - Client
    Replies: 9
    Last Post: 12-22-2009, 11:34 PM
  5. Windows Server
    By Quattro in forum Off Topic
    Replies: 11
    Last Post: 04-17-2006, 11:22 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •