I am studying LDAP server(ADLDS)
I figured out that extended operation is implemented in ldap server.
For example, oid(1.3.6.1.4.1.4203.1.11.3) stands for whoami command.
If I give 1.3.6.1.4.1.4203.1.11.3 to ldap server, server would respond who the user is.
In this situation, I hope to make my own command with new oid.
How can I make this possible?
Thank you.
Some LDAP directory servers will allow you to extend them and define your own extended operation. This needs code and some expertise in the internals of the server.
I would strongly recommend that you consider open source directory servers, if you want to pursue that route, as getting full access to the code will make things easier.
This message appears every time I try to save the data to the DB.
Failed to update database because the database is read only
Note: This error comes only when the application is installed to C drive.
Front End: VB.NET
Back End:SQL Server
Is there any way to overcome this issue?
Or any way to restrict the user from installing the application on C drive?
I would check the file system privileges. I suppose you talk about an SQL server file database. You receive the message because the account trying to access your file database does not have the file system permissions to do so.
In order to confirm my suggestion, you allow everyone to access the specific directory with full permissions.
Then, you have to check what is the account trying to do the actual access. Probably it's a system account (user ASPNET or NETWORK SERVICE). You have to give the respective permissions to the specific account.
Then, restart IIS.
If you want to do this for a distributed stand-alone application. Then these permissions would have to change on each machine where the program would be installed. In order to avoid putting users in such a fuss, the setup program should do it. I am not an expert on setup programs, but even the simplest ones would give you the option to do it, after asking the system adminstrator's approval. I suppose you could build a custom action during the setup program which would change the specific folder's permissions, perhaps by using xcacls.exe.
Hope I helped!
I have a file (or set of files under a directory) published on my web server. Each of this resource needs to be access-protected based on the user's credentials and authority.
The authorization details are stored in a DB, so I need to make a call to the Java code in application server to determine the access.
Everytime the user hits this particular path in the webserver, I need to ensure s/he has access to the requested resource by, ensuring he is logged in and has the necessary priveleges to access this resource.
The webserver is apache - Can you please point me to the settings in apache that allows me to secure resource access using the above logic?
Thanks for the suggestions to correct the Tag and the Question!:
My Web Server is Apache HTTPD
Agree that this is not a Java Question: The only reason why I am bringing the Java perspective, is that I am most likely going to use some Java POJOs to go and check for user authorization for a particular directory that is stored in the DB - That is unless there is a trick in the apache httpd configuration that goes and checks the DB automatically - something similar to the one that is pointed out here...At the end of the it, I need to check if a particular user (authenticated previously by the Single Sign On Server (Sun access manager)) has access to a particular directory (user mapping to directory stored in the DB) and protect the resources under the directory accordingly.
Please let me know if that clarifies.
i am not sure why this is tagged with java - unless your db structure is VERY sepcific, you might able to get it done with apache authz and authn:
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html
or, for an ovierview:
http://httpd.apache.org/docs/2.2/howto/auth.html
Gudeve,
Can you recommend me a directory in my web server where I should put sensitive files?
My htdocs is arranged like this:
XAMPP/htdocs/NewsFeed
The NewsFeed directory have index.php. The index.php file's function is to connect to a database. Now, should I put the database file inside htdocs? Will it be safe?
If you have a chance to keep it outside then I suggest you to keep outside. If it is protected, a vulnerability may be exploited even at a later time causing some intrusions. So please try to keep it "away"
I am guessing you are using a SQLite database. I do not think putting it in htdocs is a safe, unless you safeguard it (maybe with .htaccess / chmod) in such a way that the database cannot be accessed by others/world.
Database and database connection details (login, password etc.) should be kept outside htdocs directory.
For editing purposes only you can obfuscate the password, have a look at this post: Don’t let them see your MySQL password
Don't put a database file anywhere it can be web accessible. One should not be able to download your database over HTTP, and if it's web accessible, anyone will be able to do this.
This ought not be confused with connecting to your database. That's something your script will do.
Place the database in some server directory that is only accessible locally (to the webserver), by your script. ie. XAMPP/db
Where would you write an error log file, say ErrorLog.txt, in Windows? Keep in mind the path would need to be open to basic users for file write permissions.
I know the eventlog is a possible location for writing errors, but does it work for "user" level permissions?
EDIT: I am targeting Windows 2003, but I was posing the question in such a way as to have a "General Guideline" for where to write error logs.
As for the EventLog, I have had issues before in an ASP.NET application where I wanted to log to the Windows event log, but I had security issues causing me heartache. (I do not recall the issues I had, but remember having them.)
Have you considered logging the event viewer instead? If you want to write your own log, I suggest the users local app setting directory. Make a product directory under there. It's different on different version of Windows.
On Vista, you cannot put files like this under c:\program files. You will run into a lot of problems with it.
In .NET, you can find out this folder with this:
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
And the Event Log is fairly simple to use too:
http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog.aspx
Text files are great for a server application (you did say Windows 2003). You should have a separate log file for each server application, the location is really a matter of convention to agree with administrators. E.g. for ASP.NET apps I've often seen them placed on a separate disk from the application under a folder structure that mimics the virtual directory structure.
For client apps, one disadvantage of text files is that a user may start multiple copies of your application (unless you've taken specific steps to prevent this). So you have the problem of contention if multiple instances attempt to write to the same log file. For this reason I would always prefer the Windows Event Log for client apps. One caveat is that you need to be an administrator to create an event log - this can be done e.g. by the setup package.
If you do use a file, I'd suggest using the folder Environment.SpecialFolder.LocalApplicationData rather than SpecialFolder.ApplicationData as suggested by others. LocalApplicationData is on the local disk: you don't want network problems to stop you from logging when the user has a roaming profile. For a WinForms application, use Application.LocalUserAppDataPath.
In either case, I would use a configuration file to decide where to log, so that you can easily change it. E.g. if you use Log4Net or a similar framework, you can easily configure whether to log to a text file, event log, both or elsewhere (e.g. a database) without changing your app.
The standard location(s) are:
C:\Documents and Settings\All Users\Application Data\MyApp
or
C:\Documents and Settings\%Username%\Application Data\MyApp
(aka %UserProfile%\Application Data\MyApp) which would match your user level permission requirement. It also separates logs created by different users.
Using .NET runtime, these can be built as:
AppDir=
System.Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)
or
AppDir=
System.Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
followed by:
MyAppDir = IO.Path.Combine(AppDir,'MyApp')
(Which, hopefully, maps Vista profiles too).
Personally, I would suggest using the Windows event log, it's great. If you can't, then write the file to the ApplicationData directory or the ProgramData (Application Data for all users on Windows XP) directory.
The Windows event log is definitely the way to go for logging of errors. You're not limited to the "Application" log as it's possible to create a new log target (e.g. "My Application"). That may need to be done as part of setup as I'm not sure if it requires administrative privileges or not. There's a Microsoft example in C# at http://support.microsoft.com/kb/307024.
Windows 2008 also has Event Log Forwarding which can be quite handy with server applications.
I agree with Lou on this, but I prefer to set this up in a configuration file like Joe said. You can use
file value="${APPDATA}/Test/log-file.txt"
("Test" could be whatever you want, or removed entirely) in the configuration file, which causes the log file to be written to "/Documents and Settings/LoginUser/Application
Data/Test" on Windows XP and to "/Users/LoginUser/AppData/Roaming/Test on Windows Vista.
I am just adding this as I just spent way too much time figuring how to make this work on Windows Vista...
This works as-is with Windows applications. To use logging in web applications, I found Phil Haack's blog entry on this to be a great resource:
http://haacked.com/archive/2005/03/07/ConfiguringLog4NetForWebApplications.aspx
%TEMP% is always a good location for logs I find.
Going against the grain here - it depends on what you need to do. Sometimes you need to manipulate the results, so log.txt is the way to go. It's simple, mutable, and easy to search.
Take an example from Joel. Fogbugz will send a log / dump of error messages via http to their server. You could do the same and not have to worry about the user's access rights on their drive.
I personally don't like to use the Windows Event Log where I am right now because we do not have access to the production servers, so that would mean that we would need to request access every time we wanted to look at the errors. It is not a speedy process unfortunately, so your troubleshooting is completely haulted by waiting for someone else. I also don't like that they kind of get lost within the ones from other applications. Sure you can sort, but it's just a bit of a nucance scrolling down. What you use will end up being a combination of personal preference coupled along with limitations of the enviroment you are working in. (log file, event log, or database)
Put it in the directory of the application. The users will need access to the folder to run and execute the application, and you can check write access on application startup.
The event log is a pain to use for troubleshooting, but you should still post significant errors there.
EDIT - You should look into the MS Application Blocks for logging if you are using .NET. They really make life easy.
Jeez Karma-killers. Next time I won't even offer a suggestion when the poster puts up an incomplete post.