Found an interesting article: About Secure Password Hashing.
About Secure Password Hashing
Reply
Monthly Archives: April 2014
Converting Putty PPK files for Debian SSH
Today I read Debian: convert ppk key for linux ssh which explained how to convert PuTTY *.ppk files to *.pem files for Linux:
sudo apt-get install putty-tools puttygen mykey.ppk -O private-openssh -o mykey.pem
Exclude .svn directories from grep
Today I learned how to Exclude .svn directories from grep:
grep -R --exclude-dir=".svn" search .
OWASP ESAPI PHP tests: Security configuration file does not exist
To get the source for OWASP ESAPI PHP:
svn checkout http://owasp-esapi-php.googlecode.com/svn/trunk/ owasp-esapi-php-read-only
Make sure phpunit is installed with PEAR. To run the unit tests:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test Security configuration file does not exist.PHP Fatal error: Call to a member function xpath() on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
To get a better error message:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R 'Security conf' .
./src/reference/DefaultSecurityConfiguration.php: throw new Exception("Security configuration file does not exist.");
Edit ‘src/refererence/DefaultSecurityConfiguration.php’ and replace “Security configuration file does not exist.” with “Security configuration file ‘$path’ does not exist.”
Try again:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test Security configuration file '/home/jj5/Desktop/owasp-esapi-php-read-only/test/filters/../../testresources/ESAPI.xml' does not exist.PHP Fatal error: Call to a member function xpath() on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
So the problem is a misconfigured path to the ESAPI.xml file,
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R \\.\\.\\/testres . ./test/filters/SafeRequestTest.php: $ESAPI = new ESAPI(dirname(__FILE__) . '/../../testresources/ESAPI.xml'); ...
Edit the SafeRequestTest.php file:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# vim test/filters/SafeRequestTest.php
On line 58 change “/../../testresources” to “/../testresources”.
Now our tests will run:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test
Installing PHPUnit on Debian with PEAR
To install PHPUnit on Debian with PEAR:
sudo pear channel-discover pear.phpunit.de sudo pear install --alldeps phpunit/PHPUnit
To see which path the command-line utility ‘phpunit’ was installed:
sudo pear config-get bin_dir which phpunit
Salted Password Hashing – Doing it Right
Today I read Salted Password Hashing – Doing it Right which was a good run-down on how to do password hashing. The article linked to phpass: Portable PHP password hashing framework which is a library for hashing passwords.
jj5@mercy:~$ pair list-all -c pecl
I was trying to run ‘pear’ but I accidentally typed ‘pair’ and got command not found even though I knew ‘php-pear’ was installed. Traps for young players! I bet I’m not the last person to make that mistake…
What is PEAR?
Today I read What is PEAR? — it talks about PEAR (PHP Extension and Application Repository) and its relationship to PECL (PHP Extension Community Library).
Pretty printing C# files with extension cs-script in ViewVC
The pretty printing for my *.cs-script files (which are C# files) in ViewVC was really ugly and wrong. I needed to configure the MIME type for *.cs-script files. I edited the mimetypes.conf file and added:
text/x-csharp cs-script