Saturday, September 19, 2009

Browser ID String - User Agent

Links:
User Agent Switcher

Superficial entry here. I'm a Yahoo! Premium User but, even if I weren't, I believe I'm supposed to have access to their News videos. I don't, using Firefox, currently version 3. I sent them an email some months back and they assured me that their videos are tested and viewable on Firefox. Um... no. Or maybe "yes" on some version on some system they created. Anyway, eventually I had little choice but to pursue the annoyance of a User Agent spoofer.

USER AGENT SWITCHER ("UAS")
I went ahead with the popular User-Agent Switcher developed by Chris Pederick. It installs easily and then ones simply restarts Firefox.

ADDITIONAL INFO
This is a good piece of software, but doesn't have the three or four strings I wanted to use. I wanted to save the large file that comes with UAS, but also to make my own short list so that I would only need to select from three options, and the menu would therefore be much smaller and more useful.

1) Backed up the ID files that came with UAS. This is in

/home/$USER/.mozilla/firefox/[random].default/useragentswitcher/useragents.xml

I backed it up: $ cp useragents.xml useragents.bak, and then opened the original useragents.xml file and added the strings I wanted from various GIS's. The one which allowed me to view content in Yahoo was:

Wednesday, September 16, 2009

layman data III

Helpful links:
**Google MySQL Primer
CERT Bulletins
Webmaster World Forum
Simulate foreign keys - MyISAM
Cascading and key constraints - MyISAM, InnoDB, NDB
Create tables using PHP script

This is the third in the series, though not meant as a coherent progression. A random collection of tidbits or crumbs to follow. Recently:

* Cascading and foreign key constraints with different engines. My webhoster provides only the MyISAM engine, so no foreign keys. Foreign keys are the "relation" in an RDBMS, auto-updating child relations when a parent is updated, cascading inserts and deletes, and so on. This apparently can be approximated in a number of ways in MyISAM. TRIGGERs can be created, loops which do multiple inserts, etc. The InnoDB engine makes this process native from the time of creating the tables. Much easier. To switch between engines in existing tables, we use:
ALTER TABLE tablename TYPE = MyISAM;
* Added CERT link above. The CERT bulletin link above quickly reveals the many injection threats arising each week. It appears one has to lock-down the code of a production server which, in turn, apparently requires time and patience to learn and implement.
* Scripts to install tables. Appear to format as .sql dump files but without the data inside.
* Proper documentation, once this is more focused and defined. So far, a simple RTF file using underline for primary, and italic for foreign key, has been helpfully direct. Seen it elsewhere too, but read it in Welling, L., Thomson, L. (2008). PHP and MySQL® Web Development, Fourth Edition. Addison-Wesley Professional. pg 208-209 informit link ~$50.


REFERENTIAL INTEGRITY

Friday, September 4, 2009

layman data II

related links
Apache   PHP   PostgreSQl
security modifications to avoid root
LAPP on Redhat (very helpful)
clear PHP/Apache compile notes


A difficult intercomplexity, combined with an annoying resource drain of running Apache, PostgreSQL (or MySQL), PHP, and a browser (taken together, a LAMP) are required these days. If one has photos or a lot of other files, something besides file folders are needed and they cannot be managed without a LAMP unless one has a CS degree or can afford Oracle. I run a LAMP on my website to make files accessible, but the provider where I park the site has older versions of all this software. This makes the LAMP vanilla and slower (eg., no InnoDB). Additionally, there are no options for PostgreSQL.

Since I prefer PostgreSQL, for the LAMP on my local drive, I created a LAPP, substituting Postgres for MySQL. Even on a local drive, security issues arise. Apache, Postgresql, PHP, and some browsers require ports. I want to be sure no ports are open to the outside. Learning how to lock-down Apache, PostgreSQL, and PHP to make them only localhost accessible is a work in progress. Configuration files need to be altered for localhost only, but it appears there is more to it than this, if one is simultaneously connected on the Web.

On this local drive, running hybridized Slackware (Zenwalk), a reliable LAMP exists out of the box, but morphing it to a PostgreSQL LAPP required compiling PostgreSQL and PHP (see "Notes" below). The kernel didn't require alteration and a recompile, thankfully.

Notes

Install PostgreSQL(source, don't use netpkg) and MySQL(netpkg) first. In Zenwalk, PHP is precompiled without PostgreSQL support. PHP must therefor be recompiled with it: "--with-pgsql=/usr/local".

Default Users, Ports, Home

Postgresql - user:postgres, port 5432, /usr/local/pgsql. Apache - user:root, port 80, /etc/httpd.conf. PHP - /usr/local/lib/php. MySQL - user?, port 3306, usr/share/mysql. I compile Postgresql instead of netpkging it because of a Catch-22 that occurs after installation. One would have to log in and out every time they wanted to use the database or create group permission trees. On a standalone, it's easier to compile Postgresql and initialize with the user as the owner instead of "postgres". Create databases using

PostgreSQL

FIRSTRUN DBMS - Compiling is easier downstream than Zenwalk. When compiling, simply supply one's username during initdb, eg. if one's username were "foo": $ initdb foo --encoding=utf8 --locale=POSIX .Then just make some directory in /home like "/home/pgsql" and # chown -R 1000:100 /home/pgsql so "foo" can use it at will. If using Zenwalk, postgresql.conf and pg_hba.conf must be configured prior to first run. Zenwalk also makes the default user postgres, so its password needs to be created: # passwd postgres, and enter a simple password. A note of confusion for Zenwalk is that "postgres" is both the god user of the DBMS, but also a command to start the DBMS ("postmaster" is deprecated).
START/STOP DBMS - # service start/stop postgresql (Zenwalk), or # postgres -D /var/lib/pgsql/data/ -r logname.txt. This second command starts the database at its default location and provides a logname of choice.
DATABASE FILES Zenwalk installs a PostgreSQL tablespace at /var/lib/pgsql/data, but if installing from source they go to /usr/lib/pgsql. # createdb -U postgres -W -D /var/lib/pgsql/data/sub01 -E utf8 -e employees.

Apache

SECURITY Once it's running, if Apache's listening for connections, it's a significant security problem. Set it to only listen on port 80, so it only listens to localhost. Skype also uses Port 80, but you can reset Skype to, say, Port 81, in its advanced settings. Meanwhile, to change Apache:
# nano /etc/apache2/ports.conf
Listen 127.0.0.1:80
START/STOP - # service start/stop httpd (Zenwalk), or # apachectl start/stop (any distro). Checkit by pointing browser to "http://localhost".
CONFIG FILES - Netpkg handles it, but following PHP recompile, Apache configuration tweaks are necessary for PHP serving. A short list is here. Additionally, one must open /etc/apache/mod_php.conf and provide the complete path to libphp5.so, typically /usr/libexec/apache/libphp5.so, if it's not in there. Following changes, restart httpd, which should initialize PHP.
HTML FILES - (Zenwalk) We can serve files from anywhere on our hardisk through the browser, but it's easiest to put them in /var/www/htdocs/, because this is the default. To write to here from logs or anything, it can't be done easily since /var/www/ is owned by root. A solution is to create a new group.

PHP

START/STOP - # php -v. This command checks for the version. PHP loads as an Apache module, not as a separate program. I used #netpkg remove php to remove the Zenwalk version of PHP. I did this because the netpkg (Zenwalk) version fails to support PostgreSQL.

COMPILE - necessary for PostgreSQL; netpkg PHP does not support Postgres. The configuration phase, prior to "make", is critical. The correct syntax for the PostgreSQL functionality is --with-pgsql=/usr/local. However other options, can be useful. Taking most situations into account, a reasonable configure string might be:
$ ./configure --with-apxs2=/usr/sbin/apxs \
--with-pgsql=/usr/local \
--with-mysql=/usr/share \
--with-libxml-dir=/usr/lib \
--with-curl=/usr/bin/curl \
--with-zlib \
--with-gettext \
--with-gdbm \
--enable-inline-optimization \
--enable-track-vars

"Make", then root "make install"; it installs to /usr/local/lib/php. Copy the ini files to there: # cp php.ini* /usr/local/lib/php/. Pick one of the two to be the ini file, eg # cp php.ini-development /etc/apache/php.ini. It can be tweaked later.



Other