Found an interesting article: About Secure Password Hashing.
About Secure Password Hashing
Reply
Category Archives: Programming
Exclude .svn directories from grep
Today I learned how to Exclude .svn directories from grep:
grep -R --exclude-dir=".svn" search .
OWASP ESAPI PHP tests: Security configuration file does not exist
To get the source for OWASP ESAPI PHP:
svn checkout http://owasp-esapi-php.googlecode.com/svn/trunk/ owasp-esapi-php-read-only
Make sure phpunit is installed with PEAR. To run the unit tests:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test Security configuration file does not exist.PHP Fatal error: Call to a member function xpath() on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
To get a better error message:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R 'Security conf' .
./src/reference/DefaultSecurityConfiguration.php: throw new Exception("Security configuration file does not exist.");
Edit ‘src/refererence/DefaultSecurityConfiguration.php’ and replace “Security configuration file does not exist.” with “Security configuration file ‘$path’ does not exist.”
Try again:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test Security configuration file '/home/jj5/Desktop/owasp-esapi-php-read-only/test/filters/../../testresources/ESAPI.xml' does not exist.PHP Fatal error: Call to a member function xpath() on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
So the problem is a misconfigured path to the ESAPI.xml file,
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R \\.\\.\\/testres . ./test/filters/SafeRequestTest.php: $ESAPI = new ESAPI(dirname(__FILE__) . '/../../testresources/ESAPI.xml'); ...
Edit the SafeRequestTest.php file:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# vim test/filters/SafeRequestTest.php
On line 58 change “/../../testresources” to “/../testresources”.
Now our tests will run:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test
Salted Password Hashing – Doing it Right
Today I read Salted Password Hashing – Doing it Right which was a good run-down on how to do password hashing. The article linked to phpass: Portable PHP password hashing framework which is a library for hashing passwords.
jj5@mercy:~$ pair list-all -c pecl
I was trying to run ‘pear’ but I accidentally typed ‘pair’ and got command not found even though I knew ‘php-pear’ was installed. Traps for young players! I bet I’m not the last person to make that mistake…
What is PEAR?
Today I read What is PEAR? — it talks about PEAR (PHP Extension and Application Repository) and its relationship to PECL (PHP Extension Community Library).
Pretty printing C# files with extension cs-script in ViewVC
The pretty printing for my *.cs-script files (which are C# files) in ViewVC was really ugly and wrong. I needed to configure the MIME type for *.cs-script files. I edited the mimetypes.conf file and added:
text/x-csharp cs-script
C Pointers Fundamentals Explained with Examples
Read C Pointers Fundamentals Explained with Examples today to brush up on my rusty C skills.
QuirkTools Screenfly
Found out about this handy utility the other day: ScreenFly.
It allows you to test your website on various device form-factors. Handy!
Round corners with CSS
Today I had to look up the CSS syntax for curved corners and I found this article which suggested:
#example1 {
-moz-border-radius: 15px;
border-radius: 15px;
}