I’m passing through guided programming courses on Codility these weekends, as much as time allows me.
Couple of notes connected to that experience…
First, the practices are excellent. They start off gently and then get to really interesting problems. I am writing this under the influence of unexpected solution to the one of them which I didn’t see coming for a while as I was banging my head on the desk. :-) That’s the good part.
The bad part? Continue reading “Codility actually rocks…”
And now something completely different and as unexpected as the Spanish inquisition! Another release of Python module to PyPi and GitHub.
This time it’s a SAR (sysstat service) log file parser. If you are a UNIX/linux sysadmin and not sure what SAR is, head on here, and here for introduction on the subject. Continue reading “Python SAR (sysstat) parsing module (pre) released”
I am very pleased to announce that Python packages Axigen-API and software_versions are now available through PyPi. They should have been from the start but… :-)
Of course, Github repositories are at the same place (Axigen-API @ github, software_versions @ github), with the reorganized codebase so now you can pull them and do usual python setup procedure.
Quickie: Added ISC DHCP support to software_versions Python module.
You can check out my latest talk at FSEC, regional security conference (held at FOI university in Varaždin, Croatia) here at SlideShare.
Please leave a comment if you are interested in seeing the slides and SlideShare is not good enough for you, for any reason. :-)
Holding a talk at FSEC conference was a pleasant experience. Great talks, excellent crew, even better audience, extremely pretty town. I hope I see you all next year.
Obligatory credit: the talk was co-authored by my young colleague Ivan Špoljarić.
Woo-hoo! It’s that time of the year when heat is wearing off, people get back to work and programmers do new weekend projects. :-)
It is also made to show off how I’m more cool than you, hence what I read is way more cool than your recently-read library. :-)
It’s not a big thing, but it took me 2 weekends to write it and start filling up its databases with entries.
Oh yes, it’s open source also!
https://github.com/casastorta/software_versions project has been updated with more detailed unit testing.
10 months ago, in the company I work for, we have started (as a part of some process automation) working on the software_versions python module. To make a slightly long story very short: it’s a module which is meant to be used for checking the current stable versions of various open source vendors software. Right from the start it we’ve released it as open source project.
To make short story bit longer: Continue reading “software_versions python module “stable” release”
Second “word of advice” for PHP programmers is kind of related (and also referenced in) to the previous post in the series.
We are going to cover escaping of LDAP values in LDAP queries initiated from PHP.
Introduction to the problem
Honestly, often it seems that LDAP support in PHP alone is a second class citizen. Sure, things seem to be much better in its semi-official Zend Framework. But as it goes in PHP world, a lot of developers don’t use Zend Framework, and way too many don’t use any framework since the platform lacked proper official or semi-official one for more than a decade.
Even now in the days when the biggest PHP developer’s dilemma is which application framework to use for their projects, most of the 3rd party frameworks lack any level of advanced LDAP support. Developers are then still forced to cope with (for the PHP developers’ standards) low-level LDAP support if they need LDAP functionality in their apps.
That being said, I have to mention that you shouldn’t have to worry about anything on this issue if you’re using Zend Framework properly. Zend_Ldap_Filter_Abstract class engages escapeValue() method, which is used exactly for this – escaping of values used in LDAP queries.
Although basically a database, LDAP really is, and you realize it first time you have to connect to it, whole different story from your usual relational or noSQL databases you’re used to work with. That being said, even the most basic PHP LDAP API separates modification from read-only function to access it. It means that if you use LDAP only to authenticate your users and read their data (meaning: you don’t update anything intentionally through ldap_modify or some other such function) you shouldn’t face the worse result of “LDAP injection”. Worse case scenario in such environment would be attacker’s succesful logins which usually wouldn’t succeed. Bad enough, but no damage to your data.
That doesn’t mean you should approach issue of LDAP queries with unconsciousness. Hence this article. :-) Continue reading “Word of advice: Escaping LDAP filter values in PHP”
I see this problem a lot in various PHP scripts which are connecting to LDAP service.. Problem is not isolated to PHP environment only, but for some odd reason, PHP developers in majority end in this pitfall, while developers on using other popular programming languages usually handle this issue better.
Introduction to the problem
LDAP service authentication often poses a challenge to the developers who are engaging in LDAP-dependent services development for the first time. In general, your input data will be username and password, while for the succesful authentication against LDAP you need different info: DN (distinguished name) and a password.
So, in order to be able to authenticate user credentials against LDAP service, you have to make a relation between username as input variable and DN as a parameter LDAP service expects.
Again, LDAP service is very specific with its approach towards users, passwords and authentication. You might be able to retrieve DN using query such as
…even when your server bind is anonymous. Of course, that depends on the configuration of your LDAP service, but it’s not so rare occurrence that LDAP service allows such basic info as DN to be read through anonymous connections. Should it be allowed is a discussion for some completely another occasion.
But the problem starts just here. Continue reading “Word of advice: PHP authentication against LDAP service”