LINUX

SQL Injection: Whitelist validation vs. blacklist validation

Whitelist validation refers to data validation techniques such as checking the data type, data length, input range, nature of data by its format (for e.g. phone number will be ten digits separated by hyphens satisfying the format nnn-nnn-nnnn). Regular expressions may be used for format validation in inputs.

Blacklist validation refers to rejecting data based on a know bad list filter. This is not a powerful solution as the list of possible exclusions will be many and it is difficult to implement all possible scenarios. Blacklist validation should be used in conjunction with whitelist validation but in cases where whitelist validation cannot be applied at least blacklist validation should be implemented.

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

SQL Injection: Database Code Security in Programming

Dynamic SQL (concatenated sql string) is a coding practice where by the queries are built in the program and sent to SQL Server for execution. This can allow the code to be injected into the dynamic queries causing a damage to the database.

A good alternative is to use parameterised queries where placeholders are set for the variables. The possibility of queries getting infected with injected code is completely removed with parameterized queries.

In addition to parameterized queries, it is alway a best practice to sanitize the input parameters before using them in queries.

Also the data input should be encoded appropriately especially in case of dynamic sql usage and to apply appropriate encoding when extracted from the database to avoid cross-site script execution.

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

How to configure Zend Framework on an Apache server in a PLESK environment?

First, download the Zend framework and unzip the file contents to a location. At the time of the writing ZendFramework-1.11.12 was in use and we have used that version in this example. Key content of the download is the /library folder which has Zend libraries in it.

Then, go to the “conf” folder that was created when the site was created.

Inside the conf folder, create a new file and name it vhost.conf

Add the below contents to vhost.conf and save it. Continue Reading…

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

How to Send Emails from your local WAMP XAMPP server in windows?

… a question that raises in the mind of programmers developing applications in their local development environments.

This can be achieved by making the following modifications.

Step (i) Install the WAMP / XAMPP server in your windows machine. After this install you will be able to access sites created on the localhost with URL http://localhost

Step (ii) Download and extract the send mail application for Windows from http://glob.com.au/sendmail/. Remember the path where you have extracted sendmail. For e.g. c:\wamp\sendmail

Step (iii) Edit sendmail.ini within c:\wamp\sendmail. This ini file has enough documentation explaining how the configuration changes should happen on the file.
Continue Reading…

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

How to check if linux server can send out email via command line?

Method 1:

$ mail -s “Subject: Test email from linux server” info@test.com

Press the “Return” key

Enter the body part of the email

Press ctrl + D

Enter a CC email if you would like (e.g. info2@test.com)

Press ctrl + D again

Then check the mail box to see if the mail has arrived.

Continue Reading…

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Reverse DNS and Junk Email

Many email servers depend on Reverse DNS in order to identify if the mail is legit or spam. For the Reverse DNS to work correctly, two points need to be addressed
a) Look for IP address of the mail server should return its name. PTR record should be set for this
b) Reverse look on the name should return back the IP address

For example,

$ dig -x 217.83.122.34

;; ANSWER SECTION:

34.122.83.217.in-addr.arpa. 66372 IN PTR mail.example.com.

$ dig mail.example.com

;; ANSWER SECTION:

mail.example.com. 900 IN A 217.83.122.34

Check the IP address that is getting resolved matches the name that is getting returned back.

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Linux: How to upgrade PHP from 5.1 to 5.2 in CentOS5?

First Check PHP version that is currently installed

$ php -version

Check Linux Version

$ cat /etc/*-release (or redhat-release)

Create a repo file with the content given below. As you can note, we are looking for package upgrade related to php only.
Continue Reading…

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Linux: How to list or allow access to ports ?

SELinux is a feature that may be turned on certain servers and it can restrict access to certain ports. In order to gain access and make the ports work, you need to open those ports.

To see if SELinux is set, type

$ sestatus

To list all port, try the semanage command

$ semanage port -l

To check for a specific port that is opened

$ semanage port -l | grep 8085

To allow access to a specific port

$ semanage port -a -t http_port_t -p tcp 8085

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

MySQL: How to stop, start or restart mysql?

In linux, following commands are used to start/stop/restart mysql

$/etc/init.d/mysqld start
$/etc/init.d/mysqld restart
$/etc/init.d/mysqld stop

In windows, mysql runs as a service.
C:> net stop mysql
C:> net start mysql

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Linux: Case sensitive MySQL table names

When transitioning MySQL database from Windows to Linux, users often encounter issues related to case-sensitiveness. Windows is case-insensitive and Linux is case-sensitive.

In such scenarios when a database call is made after the application migration happens, users often run into errors which can send them in circles between the migration servers.

Solution to this problem is to add a single line of text under my.cnf (MySQL configuration file) under [mysqld] Continue Reading…

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Kurinchi Calendar
September 2017
M T W T F S S
« Jul    
 123
45678910
11121314151617
18192021222324
252627282930