Build Path issue - unbound Wonder frameworks

2015-11-04 Thread Klaus Berkling 
I’m warming up my WO development environment after a year or so. I still have a 
working Eclipse 3.8/Java 1.6 installation.
I’m using Mars release of Eclipse
WOLips 4.4
Wonder 7 frameworks are installed 

 in /Library/Frameworks
Java 1.8

It seems I can build & run WebObjects applications but not Wonder applications. 
I created the wo apps using the templates.

I haven’t see the unbound issue before in the Build Path window:



I’m missing something, but I don’t see it (Ich muß Tomaten of the Augen haben). 
Any ideas?

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Secure storage of passwords or credit card data

2015-11-04 Thread Ray Kiddy 
On Wed, 04 Nov 2015 10:40:49 +0100
Markus Ruggiero  wrote:

> Folks,
> 
> another quick question: what are you using for secure storage of
> passowords and credit card data in a Wonder app? Is there anything in
> Wonder (probably there is, but it is not always easy to find things),
> or are you using other things/libs/code? Any code examples?
> 
> Thanks for any hint / pointer /example
> ---markus---
> 

This is a good source of info on how to do some of these things:

https://www.owasp.org/index.php/Cheat_Sheets

See the cheat sheets on password storage, authentication, "forgot
password", and many, many others. The ones that I have read tend to come
with both a good explanation and code examples.

cheers - ray
 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Secure storage of passwords or credit card data

2015-11-04 Thread Dennis Bliefernicht 
Hi,

> On 04 Nov 2015, at 10:40, Markus Ruggiero  wrote:
> 
> another quick question: what are you using for secure storage of passowords 
> and credit card data in a Wonder app? Is there anything in Wonder (probably 
> there is, but it is not always easy to find things), or are you using other 
> things/libs/code? Any code examples?

For passwords: don't store them :-) We employ bcrypt to hash passwords and 
verify them later-on (which has actually an implementation in Wonder present 
somewhere in er.extensions but there are some common Java implementations as 
well) and never store any cleartext passwords; today password storage should 
never use anything but schemes that are specially crafted or recommended for 
password hashing (please don't go and just sha256-hash passwords). Be aware 
though that these are computationally more intense than "normal" hash functions 
(which is actually the whole point to avoid brute-forcing or precomputation). 
This basically comes down to:

final String cryptedPassword = BCrypt.hashpw(password, 
BCrypt.gensalt(BCRYPT_DIFFICULTY));

and

return BCrypt.checkpw(enteredPassword, cryptedPassword);

where cryptedPassword is everything you ever store. BCRYPT_DIFFICULTY is the 
difficulty factor which determines how hard the bcrypt function will be to 
calculate; you might have to run some benchmarks based on your hardware and 
workload, but common values are around 10-12. This way automatically includes 
some random salt, which ensures that the same password never looks the same 
when hashed (this ensures that knowing one password does not automatically mean 
that you know all other accounts that are the same, see the Adobe password 
leak).

scrypt and pbkdf2 are other common alternative that many people use. But never 
ever store cleartext passwords or simple hashes of cleartext password 
(especially unsalted). And never underestimate the attractiveness of someone 
breaching your database (even if it is an "unimportant" service, many users 
will use the same password for email and more important stuff) or the fallout 
from you being the service that leaked passwords.

Greetings
Dennis

--





-
Dennis Bliefernicht • Backend Development
T +49 40 357 3001 62
dennis.blieferni...@xyrality.com

XYRALITY GmbH • Friedensallee 290 • 22763 Hamburg
www.xyrality.com 
Registergericht: Hamburg HRB 115332
Geschäftsführer: Sven Ossenbrüggen
-

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Secure storage of passwords or credit card data

2015-11-04 Thread Fabian Peters 
Hi Markus,

To generate password hashes, there's er.extensions.crypting.Bcrypt. IMHO you 
shouldn't have to store credit card data these days, unless you work on a 
payment service provider system. Seamless integration is possible and payment 
service providers can also store customers' card data for you.

Fabian

> Am 04.11.2015 um 10:40 schrieb Markus Ruggiero :
> 
> Folks,
> 
> another quick question: what are you using for secure storage of passowords 
> and credit card data in a Wonder app? Is there anything in Wonder (probably 
> there is, but it is not always easy to find things), or are you using other 
> things/libs/code? Any code examples?
> 
> Thanks for any hint / pointer /example
> ---markus---
> 
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/lists.fabian%40e-lumo.com
> 
> This email sent to lists.fab...@e-lumo.com


 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Secure storage of passwords or credit card data

2015-11-04 Thread Markus Ruggiero 
Folks,

another quick question: what are you using for secure storage of passowords and 
credit card data in a Wonder app? Is there anything in Wonder (probably there 
is, but it is not always easy to find things), or are you using other 
things/libs/code? Any code examples?

Thanks for any hint / pointer /example
---markus---

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com