Category Archives: General

Zendesk

Zendesk is a customer service platform. It’s designed for companies that want to create customer relationships that are more meaningful, personal, and productive. We start by helping companies provide great support and then mature with self-service and proactive engagement.

Rename Branch Git

1. Rename your local branch.

If you are on the branch you want to rename:

git branch -m NEWNAME

If you are on a different branch:

git branch -m OLDNAME NEWNAME

2. Delete the old-name remote branch and push the NEWNAME local branch.

git push origin :OLDNAME NEWNAME

3. Reset the upstream branch for the NEWNAME local branch.

Switch to the branch and then:

git push origin -u NEWNAME

configure: error: BDB/HDB: BerkeleyDB not available

Looks like BerkeleyDB is not installed which is required to configured openLDAP.

Follow the below steps to install BerkeleyDB.

Downloading Berkeley DB

wget http://download.oracle.com/berkeley-db/db-5.2.28.tar.gz

Extracting files from the downloaded package:

tar zxvf db-5.2.28.tar.gz

cd db-5.2.28/build_unix

Create installation path

mkdir /etc/berkeleydb

Configuring Berkeley DB

../dist/configure --prefix=/etc/berkeleydb

Compile and install the code

make

make install

OpenLDAP

OpenLDAP is an open source implementation of LDAP or Lightweight Directory Access Protocol . OpenLDAP allows to store and organize user related data centrally. OpenLDAP functions like a relational database & can store any data but its normally used as a address book. Its used for authenticating and authorizing of the users. Information stored in OpenLDAP is in hierarchical manner & We can group the users into a single or multiple groups based on necessity.

SSL

• Secure Socket Layer (ssl) encryption protects data as it is transmitted between client and server

• SSH (secure shell protocol) encrypts the network connection between the client and the database server

• Augment data encryption as ciphertext using openssl_encrypt() and openssl_decrypt()

• Encrypt data before insertion and decrypt with retrieval

• Store sensitive data as a hashed value

Standalone

The standalone declaration is a way of telling the parser to ignore any markup declarations in the DTD. The DTD is thereafter used for validation only.

  • The standalone directive is an optional attribute on the XML declaration.
  • Valid values are yes and no, where no is the default value.
  • The attribute is only relevant when a DTD is used. (The attribute is irrelevant when using a schema instead of a DTD.)
  • standalone=”yes” means that the XML processor must use the DTD for validation only. In that case it will not be used for default values for attributes , entity declarations and normalization
  • Note that standalone=”yes” may add validity constraints if the document uses an external DTD. When the document contains things that would require modification of the XML, such as default values for attributes, and standalone=”yes” is used then the document is invalid.
  • Standalone=”yes” may help to optimize performance of document processing.

Race Condition

A race condition or race hazard is the behavior of a software where the output is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended.

Race conditions can occur especially in multithreaded or distributed software programs.

XML

XML stands for eXtensible Markup Language.

XML was designed to store and transport data.

XML was designed to be both human- and machine-readable.

Data format (“UNIVERSAL”) used for structured document exchange.

XML plays an important role in many different IT systems.

XML is often used for distributing data over the Internet.

It is important (for all types of software developers!) to have a good understanding of XML

Example

<?xml version="1.0" encoding="UTF-8"?>
<site>
 <name>PHPCodez</name>
 <url>phpcodez.com</url>
</site>

Session Fixation

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim’s browser use it.

The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim’s browser, so the attack starts before the user logs in.

There are several techniques to execute the attack; it depends on how the Web application deals with session tokens. Below are some of the most common techniques:

• Session token in the URL argument: The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL.

• Session token in a hidden form field: In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server or directly in html formatted e-mail.

• Session ID in a cookie:

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()