Things I’ve dealt with this week:
- Apache 2.4.6/2.4.7 Authn Issues
- Writing ‘proper’ SQL for PHP.
- GovDeals Auctions
Apache 2.4.6 and Apache 2.4.7 have not-completely-functional versions of Authn. That is to say if I define an AuthnProviderAlias like the following:
<AuthnProviderAlias file [alias here]>
AuthUserFile “/[some folder]/[some htpasswd file]”
</AuthnProviderAlias>
or
<AuthnProviderAlias ldap [alias here]>
AuthLDAPBindDN “[CN of Some Domain User For Binding]”
AuthLDAPBindPassword “[Password for CN of Username Above]”
AuthLDAPURL “ldap://[DC IP Address]:[389 for Non-SSL|636 for SSL]/[Some User OU]?sAMAccountName”
</AuthnProviderAlias>
I should then be able to define a directory (or a virtualhost) as such:
Alias /testing “/var/www/testing”
<Directory “/var/www/testing”>
AuthType Basic
AuthName “[A Description]”
AuthBasicProvider [the previously defined alias]
require valid-user
Order deny,allow
Deny from all
Allow from [some IP addresses]
Satisfy any
</Directory>
Apache should then look at the alias and use it for authentication. In 2.4.6 and 2.4.7 it just doesn’t work. It never contacts LDAP servers and never attempts to access the AuthUserFile. It’s weird. I only noticed it when I got it working on a Development box (running Ubuntu 16.04 with Apache version 2.4.20) and then copied the lines to a Production box (running Ubuntu 14.04 with Apache version 2.4.7 at the time). Lo and behold: it did not work. At all. Frustrating.
I did eventually find an Apache Bug (55622) which outlines the issue. The solution is to update to a higher version of Apache. Easy, right? a simple apt-get update should solve it.
So I ran apt-get update. No updates found. Wat.
Turns out the highest level of Apache available for Ubuntu 14.04 (through the standard repository) is 2.4.7. Argh.
Thankfully Ondřej Surý has a supplemental repository that has updated versions of Apache for Ubuntu 14.04. Yay! 😀
The repository information is available here.
To get access to the repository:
- sudo nano /etc/apt/sources.list
- Add two lines to sources.list (For 14.04 [your distro] will be “trusty”.):
- deb http://ppa.launchpad.net/ondrej/apache2/ubuntu [your distro] main
- deb-src http://ppa.launchpad.net/ondrej/apache2/ubuntu [your distro] main
- sudo apt-get update
- sudo apt-get upgrade
Victory!
Next bit:
So I wrote a quick PHP applet at work (per my previous post) and wrote it quick and dirty. Once I configured it and got it working properly we had to use it. It was dirty code, bad code, and what not.
So on Friday I had some down time and spent time cleaning it up. The clean up included making functions out of commonly used code (like querying a database table that will only have one row returned and taking that data and assigning it to a variable or generating a table of output), using MySQL real_escape_string functions, and parameterizing the queries. It took a few hours to get everything to cooperate with the changes. I haven’t written in PHP with MySQL since… 2011. It’s a bit different now (since MySQL references are now objects). It used to be things like:
$someVariable = mysql_real_escape_string($someVariable);
It’s now:
$someVariable = $someMySQLReferenceObject->real_escape_string($someVariable);
That’s a simple change, for sure.
Another change I implemented was not writing queries like this:
$query = “SELECT Count(‘ServiceTag’) AS SesScans FROM TagList WHERE FoundInSession='”.$sessionId.””;”;
Instead the query is written as:
$query = sprintf(“SELECT Count(‘ServiceTag’) AS SesScans FROM TagList WHERE FoundInSession=’%s’;”,$sessionId);
I’m not 100% sure how this makes things more secure (except for the fact that you can typecast the sprintf fields so strings can’t go into fields you’ve setup as integers and the like) but I am pretty sure that people have said it’s the preferred method of writing queries and it was a simple enough change.
It was more an exercise in best practices than anything else, and I’m glad I went through the process.
Next bit: GovDeals
I’ve finished preparing a bunch of auctions from the district. These will include:
- Cisco 3560 Switches (all but 1 switch are Gigabit; about half are POE)
- Aruba AP-125 Access Points
- Aruba 6000 Controller
- APC Battery Backups (Lots of different models)
- Scanners (Lots of different models)
- An OLD Dell PowerEdge Server.
You can keep an eye on the auctions here. They should be posted by the end of next week. Go get some!
That’s all for this week.
zzz.
-M
