Category Archives: General

Rename Branch Git

1. Rename your local branch.

If you are on the branch you want to rename:

git branch -m NEWNAME

If you are on a different branch:

git branch -m OLDNAME NEWNAME

2. Delete the old-name remote branch and push the NEWNAME local branch.

git push origin :OLDNAME NEWNAME

3. Reset the upstream branch for the NEWNAME local branch.

Switch to the branch and then:

git push origin -u NEWNAME
Share

configure: error: BDB/HDB: BerkeleyDB not available

Looks like BerkeleyDB is not installed which is required to configured openLDAP.

Follow the below steps to install BerkeleyDB.

Downloading Berkeley DB

wget http://download.oracle.com/berkeley-db/db-5.2.28.tar.gz

Extracting files from the downloaded package:

tar zxvf db-5.2.28.tar.gz

cd db-5.2.28/build_unix

Create installation path

mkdir /etc/berkeleydb

Configuring Berkeley DB

../dist/configure --prefix=/etc/berkeleydb

Compile and install the code

make

make install
Share

OpenLDAP

OpenLDAP is an open source implementation of LDAP or Lightweight Directory Access Protocol . OpenLDAP allows to store and organize user related data centrally. OpenLDAP functions like a relational database & can store any data but its normally used as a address book. Its used for authenticating and authorizing of the users. Information stored in OpenLDAP is in hierarchical manner & We can group the users into a single or multiple groups based on necessity.

Share

SSL

• Secure Socket Layer (ssl) encryption protects data as it is transmitted between client and server

• SSH (secure shell protocol) encrypts the network connection between the client and the database server

• Augment data encryption as ciphertext using openssl_encrypt() and openssl_decrypt()

• Encrypt data before insertion and decrypt with retrieval

• Store sensitive data as a hashed value

Share

Standalone

The standalone declaration is a way of telling the parser to ignore any markup declarations in the DTD. The DTD is thereafter used for validation only.

  • The standalone directive is an optional attribute on the XML declaration.
  • Valid values are yes and no, where no is the default value.
  • The attribute is only relevant when a DTD is used. (The attribute is irrelevant when using a schema instead of a DTD.)
  • standalone=”yes” means that the XML processor must use the DTD for validation only. In that case it will not be used for default values for attributes , entity declarations and normalization
  • Note that standalone=”yes” may add validity constraints if the document uses an external DTD. When the document contains things that would require modification of the XML, such as default values for attributes, and standalone=”yes” is used then the document is invalid.
  • Standalone=”yes” may help to optimize performance of document processing.
Share

Race Condition

A race condition or race hazard is the behavior of a software where the output is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended.

Race conditions can occur especially in multithreaded or distributed software programs.

Share

XML

XML stands for eXtensible Markup Language.

XML was designed to store and transport data.

XML was designed to be both human- and machine-readable.

Data format (“UNIVERSAL”) used for structured document exchange.

XML plays an important role in many different IT systems.

XML is often used for distributing data over the Internet.

It is important (for all types of software developers!) to have a good understanding of XML

Example

<?xml version="1.0" encoding="UTF-8"?>
<site>
 <name>PHPCodez</name>
 <url>phpcodez.com</url>
</site>
Share

Session Fixation

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim’s browser use it.

The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim’s browser, so the attack starts before the user logs in.

There are several techniques to execute the attack; it depends on how the Web application deals with session tokens. Below are some of the most common techniques:

• Session token in the URL argument: The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL.

• Session token in a hidden form field: In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server or directly in html formatted e-mail.

• Session ID in a cookie:

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()
Share

Cookie Hijacking

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

Share

Session Hijacking

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()
Share