Setting session timestamp limited to script scope in PHP

Lets start with analyzing a use case. Well at Saturn we required to run a cron
job which was written in php, with a lot of use for date functions, every day
starting Jan 1 2001 to Dec 31 2012. I did not dig much into override_function
to change the behavior of the date function, instead a small class was written
to handle the ticks, but the loop was run using a history table in mysql.

Continue reading “Setting session timestamp limited to script scope in PHP”

RSA encryption in PHP decryption in .NET

If the subject is searched on the net, the basic issue that pops up would be “bad key” exception or decryption issue. If you have access to the original code with which the implementation is done, then you should be able to identify the mismatch. But for the time, quoting root.org for RSA padding , RSA requires the plaintext to be armored during encryption/signing and the result to be verified during decryption/verification. Unfortunately, this armoring is commonly called “padding”, which means some implementers think it functions like ordinary protocol padding. The interoperability principle (“be strict in what you send and lenient in what you accept”) is exactly opposite how public key crypto must be implemented. Padding cannot be ignored and if even one bit is out of place, the message is invalid. Failure to implement all the steps correctly could allow attackers to forge signatures, decrypt ciphertext, or even recover the private key. Continue reading “RSA encryption in PHP decryption in .NET”

Securing Web Applications – Best Practices

Finding your web site hacked and defaced one fine moring would be a nightmare for any web application developer. For securing from the same there are some recommendations. Through out the past years, we have summarized our strategy on the expectation that this would help others to build applications that are difficult to penetrate. Mostly the content of the article would be refering to PHP scripting language, and most others should not be any different.

Continue reading “Securing Web Applications – Best Practices”

MsSQL Export to CSV

In the near past I got frustrated searching for a tool to export from MsSQL express to proper CSV. As always the frustration lead me to google, and found the post on stackoverflow and to digital point forums and a lot of other places. All these had some or the other issues with us. One being the MsSQL not hosted on our servers and we dont have access to the GUI tools, the second is that I am a bit towards the fag end when Microsoft Technologies are in the anvil. Finally there was no other way and what I did was to migrate our PHP MySQL wrapper to support MsSQL.

Continue reading “MsSQL Export to CSV”

PHP MyProfiler as a WordPress Plugin

The profiler and sampler has been bundled into a single download, but is now two wordpress plugins. Though this has issues that this will be plugged into the wordpress flow after init and that logging is done on shutdown hook, some of the database calls are never logged. Still that is not an issue as mostly slowness would be caused by database calls from the theme and plugins. Note that logging may make system more slow and this is for identifying the bottlenecks and should never be left on for long times. Features like Log requests from IP, Log requests from IP to specific URL, Enable/Disable, Log Frequency are in the wishlist. Currently when you enable, the profiler starts logging, and creates new file for every hour. This is stored into the UPLOAD_DIR/wp_php_my_profiler with <Year-month-date-hour>.log as filename, and posted into the $wpdb-posts table with post_status = private, and post_type = profiler_log, Once logging is done, and before going for analysis, better deactivate the Profiler. Log Analyzer creates a menu entry in the admin side, and shows the logs from the $wpdb->posts table with the above properties in a tabular form, with actions ‘Analyze’ and ‘Delete’. The plugin is provided for advanced users and debuggers to find issues and bottlenecks in their plugins or themes. Download the plugin Download

bz2url – a very simple url compressor for wordpress

Its been over a year since we started bz2.in url compression for inhouse projects at Saturn and is being in use for Asianet India and this blog. Recently for a new project we absolutely needed an integrated url shortner, which finally gave shape to the initial version.
Continue reading “bz2url – a very simple url compressor for wordpress”

Class DumpIO – Inspired by Apache mod_dumpio but reluctant to restart webserver

Though there are far and wide systems for live debugging, and the sort, for forensic or load analysis, our php-extjs framework did not have anything pre planned, other than some query loggers, and background processing systems to log into db etc. While recently the Master MySQL server started showing variations in the cacti patterns (normal was about 4 to 20 in working window, but was steady between 35 and 40 in the tantrum period), we started to worry and could not identify the situation. Also restarting all application servers and clearing the session store would immediately drop the MySQL fsync graph to a standard pattern. This is the time when I looked for a input logger for Apache, and found about the dumpio, but needed the webserver to be restarted. Actually the time was ripe that the application was in a tantrum, and the MySQL graphs showing about 35 fsyncs average.

Revisiting Importance of event logging in server side scripting and other articles on the net, the out come was a class with a single static method. This was designed to pick and log any input. This was later moved as the lite version, and a full version capable of capturing the output also was built.
Continue reading “Class DumpIO – Inspired by Apache mod_dumpio but reluctant to restart webserver”

Linux CPU usage and montioring using shell memcache and jquery

Recently in a project where the application was deployed across multiple servers, the Client QA as well as Support Team wanted a better monitoring of all the servers in the production. It was too much to provide everybody with shell access and ask them to monitor using top. Well after a lot of digging through the wonderful search index of Google. And with insights from Paul Colby vide his article Calculating CPU Usage from /proc/stat, and various comments of Memcache usage through telnet along with the /dev/tcp socket connections it was just a matter of using some nifty shell processing before I could store each machine cpu values, loadavg, and running tasks as a json encoded string into memcache on one of the hosts with hostname as the key.
Continue reading “Linux CPU usage and montioring using shell memcache and jquery”