Search This Blog
Monday, May 26, 2008
To Create a Database in MySQL and few commanfs to refer
mysql> create database newonw;
Query OK, 1 row affected (0.00 sec)
Basic CREATE TABLE statement
A very basic CREATE TABLE statement which should work in any SQL database:
mysql> CREATE TABLE example (
id INT,
data VARCHAR(100)
);
Query OK, 0 rows affected (0.03 sec)
Creating a table with a particular storage engine
MySQL provides a variety of different table types with differing levels of functionality. The usual default, and most widely used, is MyISAM. Other storage types must be explicitly defined:
mysql> CREATE TABLE example_innodb (
id INT,
data VARCHAR(100)
) TYPE=innodb;
Query OK, 0 rows affected (0.03 sec)
Note that beginning with MySQL 4.1 ENGINE=innodb is the preferred method of defining the storage type.
Use SHOW CREATE TABLE (see below) to check that MySQL has created the table as you defined it.
Creating a table with auto_increment
Often you'll want to be able to automatically assign a sequential value to a column:
mysql> CREATE TABLE example_autoincrement (
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
data VARCHAR(100)
);
Query OK, 0 rows affected (0.01 sec)
mysql> INSERT INTO example_autoincrement (data)
-> VALUES ('Hello world');
Query OK, 1 row affected (0.01 sec)
mysql> SELECT * FROM example_autoincrement;
+----+-------------+
| id | data |
+----+-------------+
| 1 | Hello world |
+----+-------------+
1 row in set (0.01 sec)
Creating a table with the current timestamp
Often it's useful to have an automatic timestamp on each record. The MySQL special datatype TIMESTAMP enables you to keep track of changes to a record:
mysql> CREATE TABLE example_timestamp (
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
data VARCHAR(100),
cur_timestamp TIMESTAMP(8)
);
Query OK, 0 rows affected (0.00 sec)
mysql> INSERT INTO example_timestamp (data)
VALUES ('The time of creation is:');
Query OK, 1 row affected (0.00 sec)
mysql> SELECT * FROM example_timestamp;
+----+--------------------------+---------------------+
| id | data | cur_timestamp |
+----+--------------------------+---------------------+
| 1 | The time of creation is: | 2004-12-01 20:37:22 |
+----+--------------------------+---------------------+
1 row in set (0.00 sec)
mysql> UPDATE example_timestamp
SET data='The current timestamp is: '
WHERE id=1;
Query OK, 1 row affected (0.03 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> SELECT * FROM example_timestamp;
+----+---------------------------+---------------------+
| id | data | cur_timestamp |
+----+---------------------------+---------------------+
| 1 | The current timestamp is: | 2004-12-01 20:38:55 |
+----+---------------------------+---------------------+
1 row in set (0.01 sec)
The column cur_timestamp is automagically updated every time the record is changed.
Creating a table with TIMESTAMP DEFAULT NOW()
MySQL supports the construct TIMESTAMP DEFAULT NOW() only from verson 4.1:
CREATE TABLE example_default_now (
id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
data VARCHAR(100),
created TIMESTAMP DEFAULT NOW()
);
In this case the column created retains its initial value and is not changed during subsequent updates.
For versions prior to 4.1, the only workaround is to create two timestamp columns in a table, and explicitly set the second one when inserting the record. Remember: the first TIMESTAMP will be automagically updated on each record update.
Viewing a table definition
For basic information on table columns, use DESC tablename:
mysql> DESC example;
+-------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+-------+
| id | int(11) | YES | | NULL | |
| data | varchar(100) | YES | | NULL | |
+-------+--------------+------+-----+---------+-------+
2 rows in set (0.00 sec)
Exact definition of the table:
mysql> SHOW CREATE TABLE example;
+---------+------------------------------------------------+
| Table | Create Table |
+---------+------------------------------------------------+
| example | CREATE TABLE `example` (
`id` int(11) default NULL,
`data` varchar(100) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 |
+---------+------------------------------------------------+
1 row in set (0.00 sec)
Sunday, May 25, 2008
How do I Be More Productive In Vim?
Q. I'm just starting in vim text editor but I'm annoying typing and retyping similar statements. Can you address me about it?
A. Yes. Vim offer several functionalities that improve your editing. Here are some of them.
1. Copying a whole line
yy or shift y or :ny
where n is the number of line if n is not specified then copy the current line
2. Copying from current position to end of line.
y$
3. Copying 3 lines after the current position
3yy
4. Copying a range of line
:1,5y or :1y 5
The above example copy 5 lines, from 1 to 5
5. Deleting a whole line (Deleted line is copy to the registers)
dd or :nd
Where n is the number of line if n is not specified then delete the current line
6. Deleting from current position to end of line (Deleted text is copied to the registers)
d$ or shift d
7. Deleting a range of line
:1,5d or :1d 5
The above example remove 5 lines, from 1 to 5 and copy them to a register
8. Put n times a text, previously copied, after the cursor:
np
9. Put n times a text, previously copied, before the cursor
n Shift p
10. Word completion, works in insert mode
1. Ctrl n search forward for next matching
2. Ctrl p search backward for previous matching
Very useful in programming (perl, bash, java, other)
11. Put vim in replace mode
Shift r
12. Undo
u
13. Redo
Ctrl r
14. Repeating last change
.
Prevent the browser from Caching a page
This page is an explanation of using the Meta tag to prevent caching, by browser or proxy, of an individual page wherein the page in question has data that may be of a sensitive nature as in a "form page for submittal" and the creator of the page wants to make sure that the page does not get submitted twice.
HTTP is a data access protocol currently run over TCP and is the basis of the World Wide Web.
cache:
A program's local store of response messages and the subsystem
that controls its message storage, retrieval, and deletion. A
cache stores cachable responses in order to reduce the response
time and network bandwidth consumption on future, equivalent
requests. Any client or server may include a cache, though a cache
cannot be used by a server that is acting as a tunnel.
Update on this, M.S. just had to do things differently.
Just put the following between the <head> and </head>
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
that will do it.. IE needs the expires. View source of this page for example.
Click Here for more info.
Wednesday, May 14, 2008
Javascript Redirect Scripts
Redirecting a visitor with javascript is pretty straightforward. The simplest way is to use one of the methods below.Note that in some cases a server-side redirect (i.e. one using a language such as PHP, ASP or Perl) is a better choice, since not all users will have javascript enabled. Search engine spiders are unlikely to follow javascript based redirects. <span style="font-weight:bold;">Location.href Method</span> <script type="text/javascript"> window.location.href="http://www.example.com/"; </script> Including this script on a page will immediately redirect visitors to the URL entered. Location.replace Method The difference between location.href and location.replace is that the former will create a new history entry on the visitors computer. This means that if they hit the back button, they can get stuck in a 'redirection loop'. This is usually undesirable and may have unwanted side effects - most pay per click search engines will not allow the submission of URLs that 'break' the back button. The solution is to use location.replace instead: <script type="text/javascript"> location.replace('http://www.example.com/'); </script> Conditional Redirects with Javascript Once you know how to redirect visitors, you can send them to different pages based on a variety of criteria. The example script below will redirect visitors with a resolution of 1024x768 or higher to a different page. Of course, there shouldn't be any reason to do so for most websites, which should work at any screen resolution ;) <script language="JavaScript" type="text/javascript"> if ((screen.width>=1024) && (screen.height>=768)) { window.location.replace('example.html'); } </script> <script language="JavaScript" type="text/javascript"><br />if ((screen.width>=1024) && (screen.height>=768))<br />{<br /> window.location.replace('example.html');<br />}<br /><br /></script>
Monday, May 12, 2008
CHAP, SPAP, and PAP authentication methods
CHAP
The Challenge Handshake Authentication Protocol (CHAP) is a challenge/response authentication protocol that uses the industry-standard Message Digest 5 (MD5) hashing scheme to encrypt the response. CHAP is used by various vendors of network access servers and clients. A server running Routing and Remote Access supports CHAP so that remote access clients that require CHAP are authenticated. Because CHAP requires the use of a reversibly encrypted password, you should consider using another authentication protocol such as Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 2.
Note
• If your password expires, CHAP cannot change passwords during the authentication process.
• You cannot use Microsoft Point-to-Point Encryption (MPPE) with CHAP.
SPAP
The Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva. When a computer running Windows XP Professional connects to a Shiva LAN Rover, it uses SPAP, as does a Shiva client that connects to a server running Routing and Remote Access. This form of authentication is more secure than plaintext but less secure than CHAP or MS-CHAP.
Important•
When you enable SPAP as an authentication protocol, the same user password is always sent in the same reversibly encrypted form. This makes SPAP authentication susceptible to replay attacks, where an attacker captures the packets of the authentication process and replays the responses to gain authenticated access to your intranet. The use of SPAP is discouraged, especially for virtual private network connections.
Note
• If your password expires, SPAP cannot change passwords during the authentication process.
• Make sure your network access server (NAS) supports SPAP before you enable it on a remote access policy on an Internet Authentication Service (IAS) server.
• You cannot use Microsoft Point-to-Point Encryption (MPPE) with SPAP.
PAP
Password Authentication Protocol (PAP) uses plaintext passwords and is the least secure authentication protocol. It is typically negotiated if the remote access client and remote access server cannot negotiate a more secure form of validation.
To enable PAP-based authentication, you must do the following:
1. Enable PAP as an authentication protocol on the remote access server. PAP is disabled by default.
2. Enable PAP on the appropriate remote access policy. PAP is disabled by default.
3. Enable PAP on the remote access client.
Note
• By disabling PAP on ISA Server, plaintext passwords are never sent by the dial-up client. Disabling support for PAP increases authentication security, but remote VPN clients who only support PAP cannot connect.
• If your password expires, PAP cannot change passwords during the authentication process.
• You cannot use Microsoft Point-to-Point Encryption (MPPE) with PAP.
Saturday, May 10, 2008
RADIUS
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that uses access servers to provide centralized management of access to large networks. RADIUS is commonly used by ISPs and corporations managing access to the internet or internal networks employing a variety of networking technologies, including modems, DSL, wireless and VPNs.
AAA
RADIUS servers use the AAA concept to manage network access in the following two-step process, also known as an "AAA transaction".
Authentication & Authorization
Authentication & Authorization are described in RFC 2865.
The user or machine sends a Network Access Server (NAS) a request for access to a particular network resource using access credentials. The credentials are passed to the NAS device via the link-layer protocol - for example, Point-to-Point Protocol (PPP) in the case of many dialup or DSL providers.
In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via the RADIUS protocol.
This request includes access credentials, typically in the form of username and password or security certificate provided by the user. Additionally, the request contains information which the NAS knows about the user, such as its network address or phone number, and information regarding the user's physical point of attachment to the NAS.
The RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP. The user's proof of identification is verified, along with, optionally, other information related to the request, such as the user's network address or phone number, account status and specific network service access privileges. Historically, RADIUS servers checked the user's information against a locally stored flat file database. Modern RADIUS servers can do this, or can refer to external sources - commonly SQL, Kerberos, LDAP, or Active Directory servers - to verify the user's credentials.
The RADIUS server then returns one of three responses to the NAS; a "Nay" (Access Reject), "Challenge" (Access Challenge) or "Yea" (Access Accept).
Access Reject - The user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account.
Access Challenge - Requests additional information from the user such as a secondary password, PIN, token or card. Access Challenge is also used in more complex authentication dialogs where a secure tunnel is established between the user machine and the Radius Server in a way that the access credentials are hidden from the NAS.
Access Accept - The user is granted access. Once the user is authenticated, the RADIUS server will often check that the user is authorized to use the network service requested. A given user may be allowed to use a company's wireless network, but not its VPN service, for example. Again, this information may be stored locally on the RADIUS server, or may be looked up in an external source like LDAP or Active Directory.
Authorization attributes are conveyed to the NAS stipulating terms of access to be granted. For example: the following authorisation attributes may be included in an Access-Accept.
The specific IP address to be assigned to the user
The address pool from which the user's IP should be chosen
The maximum length that the user may remain connected
An access list, priority queue or other restrictions on a user's access
L2TP parameters
VLAN parameters
Quality of Service (QoS) parameters
Accounting
Accounting is described in RFC 2866.
When network access is granted to the user by the NAS, an Accounting Start request is sent by the NAS to the RADIUS server to signal the start of the user's network access. "Start" records typically contain the user's identification, network address, point of attachment and a unique session identifier.
Periodically, Interim Accounting records may be sent by the NAS to the RADIUS server, to update it on the status of an active session. "Interim" records typically convey the current session duration and information on current data usage.
Finally, when the user's network access is closed, the NAS issues a final Accounting Stop record to the RADIUS server, providing information on the final usage in terms of time, packets transferred, data transferred, reason for disconnect and other information related to the user's network access.
The primary purpose of this data is that the user can be billed accordingly; the data is also commonly used for statistical purposes and for general network monitoring.
Properties of RADIUS
The RADIUS protocol does not transmit passwords in cleartext between the NAS and RADIUS server (not even with PAP protocol). Rather, a shared secret is used along with the MD5 hashing algorithm to obfuscate passwords. NOTE: This is not considered to be very strong protection of the user's credentials. If possible, additional protection - such as IPSEC tunnels - should be used to further encrypt the RADIUS traffic, especially considering that the user's credentials are the ONLY part protected by RADIUS itself, even though other user-specific attributes passed by RADIUS may be considered sensitive or private information. Please refer to the references for more details on this subject.
RADIUS is a common authentication protocol utilized by the IEEE 802.1X security standard (often used in wireless networks). Although RADIUS was not initially intended to be a wireless security authentication method, it improves the WEP encryption key standard, in conjunction with other security methods such as EAP-PEAP.
RADIUS is extensible; many vendors of RADIUS hardware and software implement their own variants using Vendor-Specific Attributes (VSAs).
RADIUS has been officially assigned UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting by the Internet Assigned Number Authority (IANA) however before IANA allocation ports 1645 - Authentication and 1646 - Accounting were used unofficially and became the default ports assigned by many RADIUS Client/Server implementations of the time. The tradition of using 1645 and 1646 for backwards compatibility continues to this day. For this reason many RADIUS Server implementations monitor both sets of UDP ports for RADIUS requests. Microsoft RADIUS servers default to 1812 and 1813 but Cisco devices default to the traditional 1645 and 1646 ports. Juniper Networks' RADIUS servers also defaults to 1645 and 1646.
RADIUS is used by RSA SecurID to enable strong authentication for access control; products such as PhoneFactor add two-factor authentication to legacy RADIUS applications that typically only support username and password authentication.
RADIUS is widely used by VoIP service providers. It is used to pass login credentials of a SIP end point (like a broadband phone) to a SIP Registrar using digest authentication, and then to RADIUS server using RADIUS. Sometimes it is also used to collect call detail records (CDRs) later used, for instance, to bill customers for international long distance.
RADIUS was originally specified in an RFI by Merit Network in 1991 to control dial-in access to NSFnet. Livingston Enterprises responded to the RFI with a description of a RADIUS server. Merit Network awarded the contract to Livingston Enterprises that delivered their PortMaster series of Network Access Servers and the initial RADIUS server to Merit. RADIUS was later (1997) published as RFC 2058 and RFC 2059 (current versions are RFC 2865 and RFC 2866). Now, several commercial and open-source RADIUS servers exist. Features can vary, but most can look up the users in text files, LDAP servers, various databases, etc. Accounting records can be written to text files, various databases, forwarded to external servers, etc. SNMP is often used for remote monitoring. RADIUS proxy servers are used for centralized administration and can rewrite RADIUS packets on the fly (for security reasons, or to convert between vendor dialects).
The Diameter protocol is the planned replacement for RADIUS. Diameter uses SCTP or TCP while RADIUS uses UDP as the transport layer.
Roaming
RADIUS is commonly used to facilitate roaming between ISPs, for example by companies which provide a single global set of credentials that are usable on many public networks. RADIUS facilitates this by the use of realms, which identify where the RADIUS server should forward the AAA requests for processing.
Realms
A realm is commonly appended to a user's username and delimited with an '@' sign, resembling an email address domain name. This is known a postfix notation for the realm. Another common usage is prefix notation, which involves prepending the realm to the username and using '\' as a delimiter.
Modern RADIUS servers allow any character to be used as a realm delimiter, although in practice '@' and '\' are usually used.
Realms can also be compounded using both prefix and postfix notation, to allow for complicated roaming scenarios; for example, somedomain.com\username@anotherdomain.com could be a valid username with two realms.
Although realms often resemble email domains, it is important to note that realms are in fact arbitrary text and need not contain real domain names.
Proxy operations
When a RADIUS server receives an AAA request for a username containing a realm, the server will reference a table of configured realms. If the realm is known, the server will then proxy the request to the configured home server for that domain. The behaviour of the proxying server regarding the removal of the realm from the request ("stripping") is configuration-dependent on most servers. In addition, the proxying server can be configured to add, remove or rewrite AAA requests when they are proxied.
Tuesday, May 6, 2008
iso write in DVD (linux)
[root@vinoj vinoj]# dvdrecord speed=1 -dao dev=1,0,0 /home/vinoj/Desktop/Fedora7-i386-DVD.iso
dvdrecord: No such file or directory.
Cannot open SCSI driver!
For possible targets try 'wodim --devices' or 'wodim -scanbus'.
For possible transport specifiers try 'wodim dev=help'.
For IDE/ATAPI devices configuration, see the file README.ATAPI.setup from
the wodim documentation.
[root@vinoj vinoj]# wodim --devices
Beginning native device scan. This may take a while if devices are busy...
wodim: Overview of accessible drives (0 found) :
----------------------------------------------------------------------
----------------------------------------------------------------------
[root@vinoj vinoj]# wodim -scanbus
scsibus0:
0,0,0 0) 'ATA ' 'ST380011A ' '8.01' Disk
0,1,0 1) 'SONY ' 'DVD RW DRU-190A ' '1.61' Removable CD-ROM
0,2,0 2) *
0,3,0 3) *
0,4,0 4) *
0,5,0 5) *
0,6,0 6) *
0,7,0 7) *
[root@vinoj vinoj]# dvdrecord speed=1 -dao dev=0,1,0 /home/vinoj/Desktop/Fedora7-i386-DVD.iso
Device type : Removable CD-ROM
Version : 5
Response Format: 2
Capabilities :
Vendor_info : 'SONY '
Identification : 'DVD RW DRU-190A '
Revision : '1.61'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Using generic SCSI-3/mmc DVD-R(W) driver (mmc_mdvd).
Driver flags : SWABAUDIO BURNFREE
Supported modes: PACKET SAO
Speed set to 5540 KB/s
Starting to write CD/DVD at speed 4.0 in real SAO mode for single session.
Last chance to quit, starting real write 0 seconds. Operation starts.
Track 01: Total bytes read/written: 2900602880/2900602880 (1416310 sectors).
Ajax login
function MakeCursorHourglass()
{
document.body.style.cursor = "wait";
}
function MakeCursorNormal()
{
document.body.style.cursor = "default";
}
function GetXmlHttpObject()
{
var xmlHttp = null;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp = new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
function login()
{
xmlHttp = GetXmlHttpObject();
var field_info = new Array();
if (xmlHttp == null)
{
alert ("Your browser does not support AJAX!");
return;
}
url = "/btree-bin/login.py"
field_info[0] = document.getElementById("user").value;
field_info[1] = document.getElementById("passwd").value;
if (checklogin_validation(field_info[0],field_info[1])==true)
{
xmlHttp.open("POST",url,true);
xmlHttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
xmlHttp.send("user" + field_info[0] + "&passwd=" + field_info[1]);
MakeCursorHourglass()
xmlHttp.onreadystatechange = function()
{
if (xmlHttp.readyState == 4)
{
userid = xmlHttp.responseText;
MakeCursorNormal()
if (userid == 0)
{
var div = document.getElementById("div");
div.innerHTML = 'Invalid Email Address or Password';
}
else if (userid == -1)
{
var div = document.getElementById("div");
div.innerHTML = 'User already Logged In';
}
else if (userid == -2)
{
var div = document.getElementById("div");
div.innerHTML = 'DATABASE ERROR';
}
else
{
//var myHiddenfield = document.getElementById('v');
//myHiddenfield.value = userid;
// alert(myHiddenfield.value)
window.location.replace("/lic-bin/updateService.py?v=" + userid + "");
//url = "../../../cgi-bin/user/updateService.py"
//xmlHttp.open("POST",url,true);
//xmlHttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
//xmlHttp.send("userid=" + userid);
}
}
}
}
}
sql injection validation by myself
The following function returns true if any unwanted character is found in the field.function check_field(field) { if(field == '') return field; field = field.ltrim(); field = field.rtrim(); var reg = /["';\&^*@!%+=$~\\|/`]/; /* // var reg = /"^A-Za-z0-9" + "_" + "-" + "." + '"' + "'" + "@"+ "(" + ")" ; // var reg = /"^A-Za-z0-9" + "_" + "-" + "." + '"' + "'" + "@"+ "(" + ")" ; // alert(reg.test(" A-2,anir rere,bahandu)w(s,mubai-2323\\")); // var reg = /["';^*@!%+=$~\\|/`]/ var reg = /\w[_,-,',@,{,}] /;*/ //alert(field.search(reg)) ; //alert(reg) field=reg.test(field); return field; }
Monday, May 5, 2008
how to add a route to a host
i was not getting ssh to one of the machines because there was no route from that host to my machine, i just added a route with the following command. Then i was able to ssh to that host machine.[root@arjun ~]# #route add default gw 192.168.2.11 [root@arjun ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.2.10 0.0.0.0 UG 0 0 0 eth0 [root@arjun ~]# route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.2.200 [root@arjun ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.20.0 192.168.2.200 255.255.255.0 UG 0 0 0 eth0 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.2.10 0.0.0.0 UG 0 0 0 eth0 [root@arjun ~]#
Subscribe to:
Posts (Atom)