We have a customer that said their contributors are rate-limited by ReCaptcha. We currently don't have error tracking on front-end, so we don't have more details at this moment
They use static IP and this only happens when there are multiple contributors trying to login to our system simultaneously
Is there somewhere in the ReCaptcha Console where we can check for more details or any setting to enable an IP Safelist?
Our ReCaptcha configuration has no WAF enabled. We've already checked metrics and logs, but we don't find anything useful for this scenario.
For now we are bypassing the backend validation for this customer.
Related
I'm currently building a web application that works with the Gmail API. I'm waiting for approval from Google's security team to have a proper OAuth connection, but I noticed that users can pre-approve your application by searching within the API Controls settings by your App ID.
This setting is located in the Google Account via: Admin Panel > Security > API Controls > App Access Control.
I noticed that if a user does this before they try to connect your app it doesn't go against your 100 account limit within Google Developer Console while in beta.
My question is, could you have this as permanent solution to get around the Google OAuth application if Google never approves you? Of course, through this method the user is still giving permission, just curious if this has been done by anyone before.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Help
I have installed WSO2 IS (5.10) and Analytics (5.8), on separate servers, following the WSO2 IS documentation. I am successfully getting authentication events received into Analytics and can view them (after many headaches with IS insisting on using ports and SSL that I never told it to use - another story).
Now I can log into the dashboard, (/portal, admin/admin), and I see the IS events. Where do I manage portal users, permissions, and authentication? I want to add additional viewers (via LDAP) but can't even find a place to change the admin password, never mind manage additional users.
Nor can I find any documentation on how to manager users in Analytics. Any help is appreciated.
I have several Django websites and I want to create a centralized auth provider. The auth provider site would contain the user accounts and be the only repository for user details and passwords. Users would log into the auth provider site and when they visit each satellite website for the first time, an account is created on that site. Subsequent visits to the satellite site would result in them being sent to the auth provider site to login first. On returning they are automatically logged in to the satellite site. My only difficulty is that the auth provider site would be on the internet and the satellite sites are in DMZs on private networks with access to the internet. So the satellite sites cannot establish any outgoing connections to the auth provider.
I still need the ability to log into the satellite sites using the locally configured admin user.
I looked at OAuth2 but I don't think that fits my needs. I'm currently reading about OpenID but I noticed a comment that the satellite server contacts the OpenID server, which cannot happen in my configuration. When I say OpenID I mean that I would have to run my own server as I need 100% control over the users. Are there any other solutions I've not mentioned yet that meet my requirements?
Thanks
What you're looking for is essentially SAML.
Unfortunately, I'm not aware of any good off-the-shelf open source solutions for this.
If you're looking for a service solution, the company I work at (Stormpath) provides a library that does this. It's free to use. https://github.com/stormpath/stormpath-django
I have various sites (on their own domain) with their own authentication systems. What I'm trying to do is combine all the authentication into Google's authentication so the users will only have to log in with their Google credentials. What I'm thinking of is that they would log in with their Google credentials and be redirected to a dashboard which has image links to the other sites. The user should be able to go to any of the sites and be automatically logged in since they were already authenticated. I saw that there's an authentication for Google Apps but is this the same thing for my websites?
What I'm not sure about is how does this happen cross domain? How do the other domains know that the user is already authenticated?
Also, if the user logs out, they should not be able to access any of the sites anymore.
Anyone have any experience implementing something like this? Any resources are much appreciated. I will be implementing this in Coldfusion so Coldfusion resources are a bonus.
Your talking about using Google to login/signup i.e. Using OAuth 2.0.
You will need to register each of your app domains with Google. The user will need to confirm each application to allow access (in your case for signup/login).
Resource on Google Login with ColdFusion by Raymond Camden
The point is you need to establish a certain protocol to build a trust.
Other options are:
Google oauth javascript cross domain
I'm reading the Terms of use which can be found here: http://code.google.com/apis/visualization/terms.html
But I do not see anything telling how Google use the data provided to generate the charts. Can someone be kind and enlighten me?
The Privacy Policy is likely to apply here. The relevant part should be:
Log information – When you access
Google services via a browser,
application or other client our
servers automatically record certain
information. These server logs may
include information such as your web
request, your interaction with a
service, Internet Protocol address,
browser type, browser language, the
date and time of your request and one
or more cookies that may uniquely
identify your browser or your account.
In combination with
Affiliated Google Services on other
sites – We offer some of our services
on or through other web sites.
Personal information that you provide
to those sites may be sent to Google
in order to deliver the service. We
process such information under this
Privacy Policy
Because you send the chart information with the URI and thus they will at least log it.