Looks like BerkeleyDB is not installed which is required to configured openLDAP.
Follow the below steps to install BerkeleyDB.
Downloading Berkeley DB
wget http://download.oracle.com/berkeley-db/db-5.2.28.tar.gz
Extracting files from the downloaded package:
tar zxvf db-5.2.28.tar.gz cd db-5.2.28/build_unix
Create installation path
mkdir /etc/berkeleydb
Configuring Berkeley DB
../dist/configure --prefix=/etc/berkeleydb
Compile and install the code
make make install
OpenLDAP is an open source implementation of LDAP or Lightweight Directory Access Protocol . OpenLDAP allows to store and organize user related data centrally. OpenLDAP functions like a relational database & can store any data but its normally used as a address book. Its used for authenticating and authorizing of the users. Information stored in OpenLDAP is in hierarchical manner & We can group the users into a single or multiple groups based on necessity.
• Secure Socket Layer (ssl) encryption protects data as it is transmitted between client and server
• SSH (secure shell protocol) encrypts the network connection between the client and the database server
• Augment data encryption as ciphertext using openssl_encrypt() and openssl_decrypt()
• Encrypt data before insertion and decrypt with retrieval
• Store sensitive data as a hashed value
The standalone declaration is a way of telling the parser to ignore any markup declarations in the DTD. The DTD is thereafter used for validation only.
A race condition or race hazard is the behavior of a software where the output is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended.
Race conditions can occur especially in multithreaded or distributed software programs.
XML stands for eXtensible Markup Language.
XML was designed to store and transport data.
XML was designed to be both human- and machine-readable.
Data format (“UNIVERSAL”) used for structured document exchange.
XML plays an important role in many different IT systems.
XML is often used for distributing data over the Internet.
It is important (for all types of software developers!) to have a good understanding of XML
Example
<?xml version="1.0" encoding="UTF-8"?> <site> <name>PHPCodez</name> <url>phpcodez.com</url> </site>
Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim’s browser use it.
The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim’s browser, so the attack starts before the user logs in.
There are several techniques to execute the attack; it depends on how the Web application deals with session tokens. Below are some of the most common techniques:
• Session token in the URL argument: The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL.
• Session token in a hidden form field: In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server or directly in html formatted e-mail.
• Session ID in a cookie:
The following helps to protect against session hijacking and fixation attacks.
Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute
Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute
The following helps to protect against session hijacking and fixation attacks.
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. Continue reading Cross Site Scripting