• TONEY
    了解作者
  • PHP
    开发工具
  • 8.1MB
    文件大小
  • zip
    文件格式
  • 0
    收藏次数
  • 1 积分
    下载积分
  • 3
    下载次数
  • 2017-09-22 15:33
    上传日期
Flarum is a forum class site developed using php+MySQL. Flarum is a new generation of forum software that makes online discussion fun. It's simple, fast, and free of charge. It makes the forum easy. Environmental requirements: Need PHP5.5+ and MySQL5.5+
Flarum.zip
内容介绍
Internet Engineering Task Force (IETF) E. Hammer-Lahav, Ed. Request for Comments: 5849 April 2010 Category: Informational ISSN: 2070-1721 The OAuth 1.0 Protocol Abstract OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end- user). It also provides a process for end-users to authorize third- party access to their server resources without sharing their credentials (typically, a username and password pair), using user- agent redirections. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5849. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Hammer-Lahav Informational [Page 1] RFC 5849 OAuth 1.0 April 2010 Table of Contents 1. Introduction ....................................................3 1.1. Terminology ................................................4 1.2. Example ....................................................5 1.3. Notational Conventions .....................................7 2. Redirection-Based Authorization .................................8 2.1. Temporary Credentials ......................................9 2.2. Resource Owner Authorization ..............................10 2.3. Token Credentials .........................................12 3. Authenticated Requests .........................................14 3.1. Making Requests ...........................................14 3.2. Verifying Requests ........................................16 3.3. Nonce and Timestamp .......................................17 3.4. Signature .................................................18 3.4.1. Signature Base String ..............................18 3.4.2. HMAC-SHA1 ..........................................25 3.4.3. RSA-SHA1 ...........................................25 3.4.4. PLAINTEXT ..........................................26 3.5. Parameter Transmission ....................................26 3.5.1. Authorization Header ...............................27 3.5.2. Form-Encoded Body ..................................28 3.5.3. Request URI Query ..................................28 3.6. Percent Encoding ..........................................29 4. Security Considerations ........................................29 4.1. RSA-SHA1 Signature Method .................................29 4.2. Confidentiality of Requests ...............................30 4.3. Spoofing by Counterfeit Servers ...........................30 4.4. Proxying and Caching of Authenticated Content .............30 4.5. Plaintext Storage of Credentials ..........................30 4.6. Secrecy of the Client Credentials .........................31 4.7. Phishing Attacks ..........................................31 4.8. Scoping of Access Requests ................................31 4.9. Entropy of Secrets ........................................32 4.10. Denial-of-Service / Resource-Exhaustion Attacks ..........32 4.11. SHA-1 Cryptographic Attacks ..............................33 4.12. Signature Base String Limitations ........................33 4.13. Cross-Site Request Forgery (CSRF) ........................33 4.14. User Interface Redress ...................................34 4.15. Automatic Processing of Repeat Authorizations ............34 5. Acknowledgments ................................................35 Appendix A. Differences from the Community Edition ...............36 6. References .....................................................37 6.1. Normative References ......................................37 6.2. Informative References ....................................38 Hammer-Lahav Informational [Page 2] RFC 5849 OAuth 1.0 April 2010 1. Introduction The OAuth protocol was originally created by a small community of web developers from a variety of websites and other Internet services who wanted to solve the common problem of enabling delegated access to protected resources. The resulting OAuth protocol was stabilized at version 1.0 in October 2007, and revised in June 2009 (Revision A) as published at <http://oauth.net/core/1.0a>. This specification provides an informational documentation of OAuth Core 1.0 Revision A, addresses several errata reported since that time, and makes numerous editorial clarifications. While this specification is not an item of the IETF's OAuth Working Group, which at the time of writing is working on an OAuth version that can be appropriate for publication on the standards track, it has been transferred to the IETF for change control by authors of the original work. In the traditional client-server authentication model, the client uses its credentials to access its resources hosted by the server. With the increasing use of distributed web services and cloud computing, third-party applications require access to these server- hosted resources. OAuth introduces a third role to the traditional client-server authentication model: the resource owner. In the OAuth model, the client (which is not the resource owner, but is acting on its behalf) requests access to resources controlled by the resource owner, but hosted by the server. In addition, OAuth allows the server to verify not only the resource owner authorization, but also the identity of the client making the request. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end- user). It also provides a process for end-users to authorize third- party access to their server resources without sharing their credentials (typically, a username and password pair), using user- agent redirections. For example, a web user (resource owner) can grant a printing service (client) access to her private photos stored at a photo sharing service (server), without sharing her username and password with the printing service. Instead, she authenticates directly with the photo sharing service which issues the printing service delegation-specific credentials. Hammer-Lahav Informational [Page 3] RFC 5849
评论
    相关推荐
    • 阿里巴巴Java开发手册v1.2.0.pdf.zip
      阿里JAVA1.2中文开发手册,pdf文档,规范
    • DataGrid增删改查%28EasyUI%29示例源码.zip
      很好的一个例子,学习easyUI 的同学可以看一下
    • 更实用的Java开发的社区(论坛).zip
      更实用的Java开发的社区(论坛).zip,更实用的Java开发的社区(论坛),Better use of Java development community (forum)
    • Hibernate开发指南下载
      NULL 博文链接:https://cczakai.iteye.com/blog/951703
    • Drupal专业开发指南
      Drupal有一个优秀的模块化结构,提供了许多模块,包括短消息、个性化书签、网站管理、Blog、日记、电子商务、电子出版、留言簿、Job、网上电影院、论坛、投票等模块。并且Drupal模块的下载、安装、定制非常方便。
    • XILINX FPGA Verilog编程大全.rar
      一本介绍fpga开发很好的例程书,值得所有开发人员珍藏,绝对物有所值。
    • 很好的编程开发工具,希望大家喜欢
      一个很小但我认为很实用的编程开发工具,希望大家喜欢。我的Java资料很多,如果大家想要,可以联系我,我的QQ:974092121
    • PHP程序开发范例宝典
      《PHP程序开发范例宝典》全面介绍了应用PHP进行网站开发的各种技术和技巧。《PHP程序开发范例宝典》分为20章,内容包括PHP的运行环境配置、表单及表单元素的应用、CSS与JavaScript脚本的应用、验证控件、构建PHP动态...
    • PHP程序开发范例宝典II
      实例238 对联合查询后的结果进行排序 368 实例239 条件联合语句 369 8.14 内连接查询 371 实例240 简单内连接查询 371 实例241 复杂内连接查询 372 8.15 外连接查询 373 实例242 使用外连接进行多表...
    • PHP程序开发范例宝典III
      实例242 使用外连接进行多表联合查询 373 实例243 left outer join查询 375 实例244 right outer join查询 376 8.16 IN子查询 377 实例245 利用in或notin语句限定范围 377 实例246 用IN查询表中的记录...