Jump to content

Darghon

Members
  • Posts

    83
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

Darghon's Achievements

Member

Member (2/5)

0

Reputation

1

Community Answers

  1. Hi all, I've currently been using a cookie as a "remind me" value for keeping users logged in for an entire day. Now, after googling about cookie security it all comes down to the same underlying statements. Cookies are not secure, and any data it contains is by extension, also not secure. Now, due to the fact that I need the "remind me" functionality, I was wondering what the best practice for this is. All my users have a UUID assigned to them, which is a 36-char long random string (in a specific pattern). At the moment, I store that UUID in the cookie, and if the system finds it, it checks if the user exists, and re-assigns the session if it expired, within the valid period of the cookie. Now, what should I do to make this better? Any suggestions are welcome. Thanks
  2. Well, since no one was able to help me, and I've eventually managed to fix this, I'll add my solution (and problems) in this post. So, I needed to connect to a Soap Service using WSSE. Not with a user/pass auth in it, but with a client certificate, a binary security token and such wonderful things. First, I needed to make a p12 certificate file, using my client certificate (with the cert chain) and my private key (used to request the client certificate). Next, I needed to convert the p12 file to a BASE64 encoded pem file. Finally, in the soap_client constructor, you need to add "local_cert" and "passphrase" in the options part with the full path of the pem file, and your used password (if any). Next, and this one was my biggest issue, make sure your server can resolve the host address of the webservice. Ping it first, and if needed, add it to your host file *facepalm* Finally, construct your soap envelop (I've used a public PHP WSSE library for mine), and execute the request. Feel free to ask more details if need be.
  3. The above is still an issue, anyone?
  4. Hi all, I've been struggling for months with a connection to a DataPower webservice using PHP. In SoapUI I've managed to get a response (an error message, but a response non the less) but in php, Soap always returns a NULL value. The service in question requires me to use a client certificate. Creating a p12 keystore with my private key (used to request the certificate) and the complete certificate chain provided by the service host, I'm able to get a connection using SoapUI (by using ssl for each request with the formentioned p12 file) Now, I want to accomplisch the same thing in php, so, I did the following: - I installed the root and CA2 certificate from the service provider on my php server - I construct a soap_client using the received wsdl file (same one as I use in SoapUi) and add the below listed options to the constructor $options = [ 'trace' => 1, 'exceptions' => 1, 'local_cert' => $this->_getCertificateLocation('P12_KEYFILE'), 'passphrase' => $keyfile_passphrase ]; The _getCertificateLocation returns the absolute path of the cert file, which is correct and accessable. Alternatively I've also tried to convert the P12 file to a PEM file using the below command, but results in thee same effect. openssl pkcs12 -in discimus_keystore.p12 -out discimus.pem -clcerts Anything I need to add/reconsider? or any advice on this matter? Thanks for any help. Darghon
  5. Hi all I have about 150 virtual hosts configured in nginx. these hosts all have the same configuration with exception of the domain name, and the paths for said domain. each time I need to change a setting on one of the hosts, I need to replicate the change on ALL the domains. is there a way to "include" these configurations into the server block, to prevent me from changing each block? It needs to be includable cause there are other virtual hosts that deviate from the normal. and do not need those configurations. Thanks for any advice
  6. I've asked them if their product can supply what I need, but the pricing might be an issue, as my application is very cheap. For instance, about 500€ annually / client. Any other more "custom" solutions? I'm a senior developer myself (close to 10 years and counting) so I'm not afraid to code it myself, I just need to know what to code... Thx again
  7. Hello all. I am maintaining a php application which manages and creates contracts for internship jobs. (well that's part of it anyway) More and more of my clients start asking if there is any way they can digitally sign the contracts, to avoid printing everything out. So I've been doing some google work, been reading up on as much information as I can find, and have to conclude I have no idea how to get started on this. Hence this topic. To put everything in perspective. A student has to perform an internship at some company. Legally, we need a contract that's signed by the student (or their parent(s)), the school and the company. This document needs to be digitally available (in the application) and it needs to be visible and legally binding to all 3 parties. preferably visible that it's signed, and by whom. (~3 signatures) Right now this document is printed, and given to each of the parties. Once it's returned, it gets filed in a "binder" with all other physical documents of that student. (which the clients want to avoid) Is there any step-by-step guide for this? Correct me if I'm wrong, but I think I need to get a certificate for my application (a general one for the application itself, because each client has their own instance of this application (subdomain of the application: http://<clienttag>.applicationname.com)). Then I need to encrypt a signature of the user using this public key of the certificate, and sign the document (with PHPDocx for example). In the documents overview of this students file, it needs to list all attached and signed documents, which all parties that signed it. (with maybe the contracts converted to PDF's.) Any help for getting started with this is welcome. Thx in advance
  8. Hi all, I've been creating a somewhat responsive layout for an existing application. Some of the pages contains sets of data that have been grouped. I've added styles to show them as blocks next to each other as long as enough space is available. so full screen is shows 3 blocks next to eachother, on a smaller 2 blocks, or 1 block depending on the available width. If the content of one block exceeds the length allocated, I have an additional class "clipped" that turns the overflow hidden, and adds ellipses to the text. But as the title suggests, doing this pushes the next div down which looks ugly. Removing the overflow:hidden style fixes the issue, but makes the text run out of bounds. Listed below are the html uses, and the css related. Can anyone help me resolve this issue? (The additional style code in the full line value is to ensure that multi line texts are still positioned next to the label and not under it) Css: #wrapper label { float:left; font-weight:bold; text-align: right; width:200px; margin-right:10px; } #main #main_wrapper .group_content { display: block; } #main #main_wrapper .group_content .attribute_block { display: inline-block; min-width: 400px; margin-right: 20px; } #main #main_wrapper .group_content .attribute_block.full_line { display: block; min-width: 100%; } #main #main_wrapper .group_content .attribute_block input, #main #main_wrapper .group_content .attribute_block textarea { max-width: 300px; } #main #main_wrapper .group_content .attribute_block select { max-width: 322px; } .clipped { overflow:hidden;text-overflow:ellipsis;white-space:nowrap; } Html: <div class="group_content clearfix"> <div class="attribute_block full_line clearfix"> <div class="label"><label>Beschrijving</label></div> <div style="float: right; width: calc(100% - 210px);" class="value">Addendun voor een raamovereenkomst.</div> </div> <div class="attribute_block"> <div class="label"><label>Auteur</label></div> <div class="value clipped">Quickstage Support</div> </div> <div class="attribute_block"> <div class="label"><label>Aangemaakt op</label></div> <div class="value clipped">19/12/2012 10:14:54</div> </div> <div class="attribute_block"> <div class="label"><label>Laatste aanpassing op</label></div> <div class="value clipped">19/12/2012 10:14:54</div> </div> <div class="attribute_block"> <div class="label"><label>Gegevensbron</label></div> <div class="value clipped">Schooljaar - Klas - Leerling - Stageperiode</div> </div> <div class="attribute_block"> <div class="label"><label>Bestandsnaam</label></div> <div class="value clipped">Aanvullendbijraamovereenkomst.docx</div> </div> </div>
  9. There are a lot of topics that explain how to change the session lifetime for a application but for some reason I'm to stupid to make it work, and can't for the life of me figure out why... I want to extend the lifetime of a session with 2 hours of inactivity. So that the session remains active upto 2 hours after the last action of the user. I've tried this with .htaccess setting the lifetime and maxlifetime to 7200 which killed the session after exactly 2 hours (Not what I wanted) Removing the maxlifetime setting results in the same effect. I've added the ini_set params for lifetime to the same, also without effect. I've added a setcookie function to each request to reset the lifetime of the session, with no success... what am I doing wrong? and are there any other ways to resolve this? Thanks to anyone for advice on this matter.
  10. Hello all, I have a production server with 40+ virtual hosts on it (all part of a single application) and we've added a automatic generation script to that server to create new domains when a new request is registered. Now After adding the new db, virtual host and uploads folder (it all works on the same sourcecode) the server needs to do a graceful restart, because we don't want to kick any open connections. The system pops the command, and we send a email to the requester confirming that his/her application has been created. But for some reason the graceful restart does not always work. resulting in a "page not found" when the requester clicks on their received url. (happens about 10% of the time) Is there any way to confirm that the graceful restart was succesful? Or if anyone has any other idea's solutions for this problem? Thx
  11. Hi all, I'm developing a application with the Yii framework, and implemented a record security by adding 3 functions to all models (canIView, canIEdit and canIDelete). All models extend the same basemodel class, and all crud interfaces are simular. For some reason whenever I try to view the cruds of the models "Product" or "Order" I get a white page, and no logs anywhere... Debugging some I can echo lines upto the following line in code echo "before"; $model = Product::model(); echo "after"; Before is shown, but not after. The same code on a different model like "Division" does work... Both models extend the same class (AuditModel) which implements several security functions and populates audit fields etc... Can anyone help me debug this... or give an indication where I can find anything to point me towards any error in the code... Yii application log is empty Apache log is empty Thx
  12. I'm using netbeans, And a little insight on my class structure A object/model has 3 layers (mapped to a database record) a business layer with all functions to work with this object a datalayer with all raw variables mapped to the record in the database (with input validation etc) a finderlayer with statements that retrieve records from the database, and return initialised business objects to the requester. so the user table for instance has: a User class which extends globale business function from the businesslayer a DUser class which extends globale data functions from the datalayer, and is added as a protected variable in the business model a FUser class which extends globale finder functions from the finderlayer so lets say I add a method to find a user by email address (byEmail($email)) to the FUser I'll be able to retrieve all users with that email address by the following statement: $users = User::Find()->byEmail($email);
  13. Hello all, My question isn't about php, but the php docs. I have several php classes that extend a base class. This class has a static method that returns a object based on the extending class that calls this method How can I add php docs that my editor knows that when I call this function on 1 class, that I get a object of a specific class in return? Right now I'm passing the "super" class of that object, but it would to great to be more accurate. If the above explenation isn't clear, this is a example of what I want to do php class User extends BusinessClass php class FUser extends FinderClass when I call User::Find() => autocomplete shows info of FinderClass I want it to show info of FUser. current code: /** * Static function that creates a "Find" static function to each business object, which in turn is basicly a shortkey to get The Findertype, or when an ID is passed, to get the object by that ID * @return BusinessClass|FinderClass */ final public static function & Find($id = null) { Adding the following line above my User class result in the correct object types, but the function is no longer detected as available in autocomplete /** * @method User|FUser Find(Integer $id) Find a object by ID, or return the object finder. */ Autocomplete on "User::" no longer shows Find as a available function Thx for any help
  14. Well the 2 points in the end are basicly the things I've checked so... and I indeed have nested statements etc, but I have to. otherwise I won't be able to process my business rules that I have specified for each table/object. anyway, I managed to solve the issue. The cachegrind result was wrong basicly, and the request was taking 4x longer than reported. I tinkered somewhat with the loaded statements, and cached them inside the objects that called them, resulting in a speed gain. request now takes 3 seconds to load into the browser, and I'm happy with the results.
  15. Hi all, Not sure where to post my problem, so I hope I'll get some answers here. I have a basic LAMP setup. All works fine have APC installed tweaked somewhat with mysql cache sizes etc now I have 1 pageload in my application that takes +- 10 seconds to complete, and I can't seem to find out why... What I checked: I used firebug net view to see howlong the request takes, and it takes an average of 10 seconds, and is 25kb large (the response) xdebug on the server tells me that the request start to finish takes 2442ms (2.4s) (the request load is measured with xdebug off, if it's turned on the request takes 24+ seconds to complete...) what am I missing? why is that specific page request taking 10 seconds while the server sais it's done in 2.4. The page doesn't contain a lot of javascript, so that's ruled out... any other areas I can check? or does anyone else have an idea where the delay is located?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.