Blog Spot!

Simple File Encryption with OpenSSL

Linux has plenty of powerful encryption software, but what can you use if you just want to secure a couple files quickly? The OpenSSL toolkit works well for this. It comes installed with Ubuntu and can provide stronger encryption than you would ever need.

This is the basic command to encrypt a file:

openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc

How does this work?

  • openssl is the command for the OpenSSL toolkit.
  • aes-256-cbc is the encryption cipher to be used. (256bit AES is what the United States government uses to encrypt information at the Top Secret level.)
  • -a means that the encrypted output will be base64 encoded, this allows you to view it in a text editor or paste it in an email. This is optional.
  • -salt adds strength to the encryption and should always be used.
  • -in secrets.txt specifies the input file.
  • -out secrets.txt.enc specifies the output file.
  • You will be prompted for a password.

It’s not much use unless you can decrypted it:

openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new
  • -d decrypts data.
  • -a tells OpenSSL that the encrypted data is in base64.
  • -in secrets.txt.enc specifies the data to decrypt.
  • -out secrets.txt.new specifies the file to put the decrypted data in.

But this does not make use of the public key infrastructure at all, so a bit like hammering in a nail with a screwdriver :-)

Added on 17.Mar.2015
Tags: openssl encryption aes-256 aes

How to Set Different Session Lifetimes on Your Site

I recently decided that I wanted to lengthen the session lifetime on one of my web applications so that my users wouldn’t need to log in as frequently. However, I wanted to keep a shorter session time for the administration part of my site to keep it more secure.

Setting custom cookie lifetime:

ini_set('session.cookie_lifetime', 86400);
ini_set('session.gc_maxlifetime', 86400);
session_start();

params explanation

Defining the duration of your user’s session is something that you definitely want to consider from the outset of your development. It can affect key aspects of your application’s success, like usability and security. For example, a long browser session may increase usability, but it also means that if your user does not explicitly log out to clear the cookie for your site, then another user could come along and access the first user’s data. One way to avoid this would be to design your application so that users may access some basic features for a long time, but must re-authenticate to access more secure features like account settings. Another strategy could be to set individual session lifetimes for different areas on your site.

Setting custom cookie directory:

ini_set('session.save_path', '/admin/data/tmp/session');
ini_set('session.cookie_lifetime', 1200);
ini_set('session.gc_maxlifetime', 1200);
session_start();

Simple Explanation

  • session.gc_maxlifetime - max timeout value for user inactivity, each time the user clicks a link he restarts the timeout.
  • session.cookie_lifetime - the absolute maximum a session will live, if set to 0 we add a session in the users browser, if set to a different value we set a cookie to the users browser.

read more

stackoverflow
stackexchange
debian/ubuntu

Added on 13.Mar.2015
Tags: php session php.ini

SSH Tunneling Made Easy

Using OpenSSH on a Linux/Unix system you can tunnel all of the traffic from your local box to a remote box that you have an account on.

ssh user@personal-server.com -L 2000:personal-server.com:25

ssh-tunnel

Added on 04.Mar.2015
Tags: ssh tunnel linux

A good way to do optional function parameters in Java Script

Wrong way:

function myFunc(requiredArg, optionalArg){
    optionalArg = optionalArg || 'defaultValue';
    //do stuff
}

the logic fails if optionalArg is passed, but evaluates as false - use this as an alternative:

optionalArg = (typeof optionalArg === "undefined") ? "defaultValue" : optionalArg;

stackoverflow

Added on 26.Feb.2015
Tags: js function parametur optional

Vanilla JavaScript AJAX Class

VanillaAjax v0.01 Alpha

source

Works on almost all browsers. Implemented getJSON and postJSON methods. For everything else use make();

Example:

var ajax = new MY.VanillaAjax();

ajax.getJSON("http://httpbin.org/get?hello=world", function(data) {
    console.log(data);
});

var data = JSON.stringify({
    name: "tommy",
    pass: "qwerty"
});

ajax.postJSON("http://httpbin.org/post", data, function(data) {
    console.log(data);
});

Issues:

  • some problems sending POST data!

Added on 20.Feb.2015
Tags: js ajax vanilla class

Search

PHP Libraries

Carbon lib / docs
Idiorm lib / docs
Image Workshop lib / docs
lorenzos/Minixed lib / docs
Parsedown lib / docs
PHP Paginator lib / docs
PHP Redis lib / docs
QrCode lib / docs
Requests lib / docs
Slim lib / docs
Spyc lib / docs
TWIG lib / docs
Upload lib / docs
Validation lib / docs
Zebra Image lib / docs

JS Libraries

AJV lib / docs
BackboneJS lib / docs
Bootstrap Notify lib / docs
C3.js lib / docs
ChartJS lib / docs
FastMD5 lib / docs
HighlightJS lib / docs
jQuery-Storage lib / docs
JS-Cookie lib / docs
Leaflet JS lib / docs
LowDB lib / docs
Marked lib / docs
NeedlyJS lib / docs
ParcelJS lib / docs
RequireJS lib / docs
Swig lib / docs
Toastr lib / docs
Underscore lib / docs
ValidateJS lib / docs
top