BbshopWebGuild : Messages : 889-894 of 912

Summarize Messages

Sort by Date

#889

From: "Eric Matz" <eric@...>
Date: Thu Feb 14, 2008 1:40 am
Subject: Society Login Web Service

ericmatz99

Online Now

Send Email

Yep, that's what I ended up doing as well.  Not a huge deal.  I'm

sure there are more high priority items that need tended to.  Thanks

for the quick response!



--- In BbshopWebGuild@yahoogroups.com, Phil Richards <pcr@...> wrote:

>

> You have it right.  Any members joining after fall of last year are

not

> included.  I finally got an answer from KeNashville, not the IT

folks,

> but the membership folks: the IT folks are working flat out on a

number

> of problems, and the sign-in verification procedure is toward the

bottom

> of their list.  I made a temporary work around for the new guys by

> giving them a fixed ID and Password.

>

> Phil Richards

> Westchester Chordsmen

>

> Eric Matz wrote:

> > Hey All,

> >

> > Anyone out there still using the society web service that lets you

> > authenticate users?  It had been working like a champ for us for

years,

> > until recently it was rejecting the logins of our newer members.

Sounds

> > to me like they changed the back-end user store, but didn't fix

the

> > service.  It's documented here

> > <https://secure.spebsqsa.org/xmlrpc/SPEBSQSA_XML.htm>  for those

who are

> > curious.  I emailed the BHS webmaster, but got no response.

> >

> > Thanks,

> > Eric Matz

> > Alliance Chorus Webmaster

> > http://www.alliancechorus.org <http://www.alliancechorus.org>

> >

> >

> >

> > [Non-text portions of this message have been removed]

> >

> >

> >

> >

> > Yahoo! Groups Links

> >

> >

> >

> >

> >

>

Reply | Forward

#893

From: "Mike Kelly" <mikekelly@...>
Date: Fri Feb 15, 2008 5:45 pm
Subject: RE: Re: Society Login Web Service

mikekelly_97

Offline

Send Email

I talked to their IT guy over a year ago, and they said that they would be

discontinuing the XMLRPC authentication service at some point.

This would be a permanent change, as the security risks are too great.

They are worried about District web sites being compromised.



We were supposed to receive a notice when it was to be turned 'off', but I

never got that notice, and one day it stopped working.

I'm not holding my breath for the service to come back up, and in the mean

time, I'm just resetting members passwords on demand.



Mike Kelly

MAD Webmaster



   _____



From: BbshopWebGuild@yahoogroups.com [mailto:BbshopWebGuild@yahoogroups.com]

On Behalf Of Eric Matz

Sent: Wednesday, February 13, 2008 9:01 PM

To: BbshopWebGuild@yahoogroups.com

Subject: [BbshopWebGuild] Re: Society Login Web Service







Yep, that's what I ended up doing as well. Not a huge deal. I'm

sure there are more high priority items that need tended to. Thanks

for the quick response!



--- In BbshopWebGuild@ <mailto:BbshopWebGuild%40yahoogroups.com>

yahoogroups.com, Phil Richards <pcr@...> wrote:

>

> You have it right. Any members joining after fall of last year are

not

> included. I finally got an answer from KeNashville, not the IT

folks,

> but the membership folks: the IT folks are working flat out on a

number

> of problems, and the sign-in verification procedure is toward the

bottom

> of their list. I made a temporary work around for the new guys by

> giving them a fixed ID and Password.

>

> Phil Richards

> Westchester Chordsmen

>

> Eric Matz wrote:

> > Hey All,

> >

> > Anyone out there still using the society web service that lets you

> > authenticate users? It had been working like a champ for us for

years,

> > until recently it was rejecting the logins of our newer members.

Sounds

> > to me like they changed the back-end user store, but didn't fix

the

> > service. It's documented here

> > <https://secure. <https://secure.spebsqsa.org/xmlrpc/SPEBSQSA_XML.htm>

spebsqsa.org/xmlrpc/SPEBSQSA_XML.htm> for those

who are

> > curious. I emailed the BHS webmaster, but got no response.

> >

> > Thanks,

> > Eric Matz

> > Alliance Chorus Webmaster

> > http://www.alliance <http://www.alliancechorus.org> chorus.org

<http://www.alliance <http://www.alliancechorus.org> chorus.org>

> >

> >

> >

> > [Non-text portions of this message have been removed]

> >

> >

> >

> >

> > Yahoo! Groups Links

> >

> >

> >

> >

> >

>













[Non-text portions of this message have been removed]

Reply | Forward

#894

From: Joel Rea <joelrea@...>
Date: Fri Feb 15, 2008 7:46 pm
Subject: Re: Re: Society Login Web Service

swd_web

Offline

Send Email

What we did about two years ago, when the XMLRPC went down hard right in

the middle of a major registration cycle (I think for District

Convention), was to set up our login screen to first check to see if we

had a salted hash of their password stored in our database, and to use

that instead and not even query the XMLRPC if it matched the hash of

what they typed in. This not only made logins for such people work even

if the XMLRPC was down, but it was faster for them, too, since no query

to a remote server was even performed nor requested in such cases.



If they had no hash, or if they did but the hash that was stored did not

match the hash of what they typed in, we queried the BHS XMLRPC Web

Service as before, but then we stored a salted hash of the password that

the user typed in once the XMLRPC authenticated it as valid.



We then asked all of our members to log in at least once. Unfortunately,

not all complied, but many did, and for them the system has worked

smoothly ever since.



We then later set up a way that users with no passwords could set a

password given information found on the Membership ID card (Member ID#,

Expiration Date, etc. [used to verify the bona-fides]), so that new

people and those who did not comply with our request to log in at least

once could still get in.



Basic algorithm of our login system during that transition period:



1. User submits Member ID# and Password (via form submission).

2. Query OUR Database for password hash and salt for that Member ID#.

3. Is either or both value(s) NULL? If so, go to 7.

4. Use Database salt value to generate hash from FORM-SUBMITTED password.

5. Compare newly-generated salted hash with that stored in the Database.

Do they match? If NOT, go to 7.

6. Log user in, and we�re done!



7. Is XMLRPC down? If so, inform user and exit without login.

8. Query XMLRPC with FORM-SUBMITTED Member ID# and password and our

District code.

9. Does XMLRPC say that everything is okay? If not, inform user

accordingly and exit without login.



10. Generate new random salt value and use it to generate a salted hash

of FORM-SUBMITTED password.

11. Store both salted hash and salt value into OUR Database for that

Member ID#. This is for future use, and will cause future login attempts

with the same Member ID# and password to pass Steps 3 and 5 above, and

thus be able to log in quickly in the future without need of XMLRPC, but

using the same password they had with XMLRPC!

12. Proceed with login as usual.



This way, the users got to keep their BHS passwords, and even change

them at BHS Members-Only and then use EITHER their old password OR new

one on our site! The first time they used a new one, it would pass step

3 but fail step 5 and so proceed with step 7, at which point (assuming

XMLRPC was up) it would pass step 9, and be stored by steps 10 & 11 for

future use (deactivating the old password in the process)!



Each user who logged in with a given BHS Members-Only / XMLRPC-known

Member ID# and password combination would thus require only ONE query to

XMLRPC, at which point all subsequent logins would be handled totally by

OUR database!



Mike Kelly wrote:

> I talked to their IT guy over a year ago, and they said that they would be

> discontinuing the XMLRPC authentication service at some point.

> This would be a permanent change, as the security risks are too great.

> They are worried about District web sites being compromised.

>

> We were supposed to receive a notice when it was to be turned 'off', but I

> never got that notice, and one day it stopped working.

> I'm not holding my breath for the service to come back up, and in the mean

> time, I'm just resetting members passwords on demand.

>

> Mike Kelly

> MAD Webmaster

>

>   _____

>

> From: BbshopWebGuild@yahoogroups.com [mailto:BbshopWebGuild@yahoogroups.com]

> On Behalf Of Eric Matz

> Sent: Wednesday, February 13, 2008 9:01 PM

> To: BbshopWebGuild@yahoogroups.com

> Subject: [BbshopWebGuild] Re: Society Login Web Service

>

>

>

> Yep, that's what I ended up doing as well. Not a huge deal. I'm

> sure there are more high priority items that need tended to. Thanks

> for the quick response!

>

> --- In BbshopWebGuild@ <mailto:BbshopWebGuild%40yahoogroups.com>

> yahoogroups.com, Phil Richards <pcr@...> wrote:

>

>> You have it right. Any members joining after fall of last year are

>>

> not

>

>> included. I finally got an answer from KeNashville, not the IT

>>

> folks,

>

>> but the membership folks: the IT folks are working flat out on a

>>

> number

>

>> of problems, and the sign-in verification procedure is toward the

>>

> bottom

>

>> of their list. I made a temporary work around for the new guys by

>> giving them a fixed ID and Password.

>>

>> Phil Richards

>> Westchester Chordsmen

>>

>> Eric Matz wrote:

>>

>>> Hey All,

>>>

>>> Anyone out there still using the society web service that lets you

>>> authenticate users? It had been working like a champ for us for

>>>

> years,

>

>>> until recently it was rejecting the logins of our newer members.

>>>

> Sounds

>

>>> to me like they changed the back-end user store, but didn't fix

>>>

> the

>

>>> service. It's documented here

>>> <https://secure. <https://secure.spebsqsa.org/xmlrpc/SPEBSQSA_XML.htm>

>>>

> spebsqsa.org/xmlrpc/SPEBSQSA_XML.htm> for those

> who are

>

>>> curious. I emailed the BHS webmaster, but got no response.

>>>

>>> Thanks,

>>> Eric Matz

>>> Alliance Chorus Webmaster

>>> http://www.alliance <http://www.alliancechorus.org> chorus.org

>>>

> <http://www.alliance <http://www.alliancechorus.org> chorus.org>

>

>>>

>>> [Non-text portions of this message have been removed]

>>>

>>>

>>>

>>>

>>> Yahoo! Groups Links

>>>

>>>

>>>

>>>

>>>

>>>

Reply | Forward

#892

From: Christopher Baker <cbaker84@...>
Date: Thu Feb 14, 2008 1:54 am
Subject: Re: Society Login Web Service

cbaker84

Offline

Send Email

At 20:40 2/13/2008, Eric Matz wrote:

>Anyone out there still using the society web service that lets you

>authenticate users?  It had been working like a champ for us for years,

>until recently it was rejecting the logins of our newer members.  Sounds

>to me like they changed the back-end user store, but didn't fix the

>service.



it's no longer available there. it's on the back burner in the new

system rebuild.



Happy Valentine's Day!

Christopher



Valentine Central

FUN-290-3452



http://www.surfsidechorus.org/valentines.htm



Barbershop Harmony Society



Don't live in the Daytona Beach area? Get a Singing Valentine

anywhere in North America:



http://www.singingvalentines.com



Join the Singing Valentines email list:



http://launch.groups.yahoo.com/group/SingingValentines/



Barbershop Harmony is an authentic and original American musical art form



Surfside Chorus is a 501(c)(3) non-profit organization

Reply | Forward

< Prev Topic | Next Topic >

Yahoo! Groups Tips

Did you know...

Messages

Yahoo! My Yahoo! Mail
	Sign In New User? Sign Up
		LAUNCH - Groups - Help

Yahoo! Groups Tips

Did you know...

Best of Y! Groups

Messages