Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting

phpmyadmin disable root login

2014
Sep 20

phpMyAdmin or MySQL WorkBench is the common tools to access MySQL.

To improve security, usually we may put the below line to disable root access (config.inc.php): $cfg['Servers'][$i]['AllowRoot'] = false;

For MySQL WorkBench, we may use SSH tunnel to access the database without need to open port 3306 to public.

common error for mysql replication (master-slave mode)

2014
Jun 28

We tried mysql replication (master-slave mode) and we could share how to handle:

When the slave shutdown abnormally, there are few errors would be occurred:

Check the error using “show slave status\G”

Error1: The master DB keep inserting data but the slave DB is down


Error ‘Duplicate entry ’123′ for key ‘PRIMARY” on query. Default database: ‘DB’. Query: ‘insert into TABLE (name) values (’1111111′)’

Solution:
Step1: could be fixed by adding a line to /etc/my.cnf
slave-skip-errors = 1062

Step2: restart the database
# /etc/init.d/mysqld restart

p.s. Only could skip duplicate entry, but may have data lost (assume your slave is readonly, it would be safe)

Error2: Table in slave database is corrupted


Error ‘Incorrect key file for table ‘./DB/TABLE.MYI’; try to repair it’ on query. Default database: ‘DB’. Query: ‘insert into TABLE(c1,c2) values (UUID(),’b')’

Solution:
# repair table TABLE;
# show slave status\G;

Error3: The log file is corrupted


Last_SQL_Error: Relay log read failure: Could not parse relay log event entry.
The possible reasons are: the master’s binary log is corrupted (you can check this by running ‘mysqlbinlog’ on the binary log), the slave’s relay log is corrupted (you can check this by running ‘mysqlbinlog’ on the relay log), a network problem, or a bug in the master’s or slave’s MySQL code.

Solution:
Step1: run “show slave status\G”
Find the line below:
Relay_Master_Log_File: binlog.000004

Exec_Master_Log_Pos: 13823

Step2: reset the log position and rerun the slave
# stop slave;
# change master to master_log_file=’binlog.000004‘, master_log_pos=13823
# start slave;
# show slave status\G;

vulnerability on openSSL – heartbleed

2014
Apr 14

There is a vulnerability in OpenSSL version 1.0.1 and it was fixed on version 1.0.1g.
http://www.openssl.org/news/vulnerabilities.html

For older version of OpenSSL, it does not have the effect.

it has a wide range of affect because all service through TLS protocol would be affected. The most common use is https, ftp through TLS, email through TLS, etc.

To test whether your server hit the vulnerability, you could go to the below site to test:
https://www.ssllabs.com/ssltest/

2 common password methodology for login system

2014
Feb 12

MD5 encryption

MD5 is very common and popular in the old days, some system may still use it.
MD5 is a one-way hash of the password and it has already been brute force attacked. Some websites provide you the way to reverse lookup and get back the original password from the hash.
if the password hashing use pure md5, it is regarded as not safe.

salt password

This is the most popular we found nowadays in most open source software. This is the enhanced version of one-way hashing to prevent brute force attack.
this is the most simple example of salt:
password = md5(password+salt)
p.s. some may use sha instead of md5 to improve the security

the trend of CDN

2013
Nov 19

in the past, you had to upload the static content like image or static page to the CDN provider manually in order to enjoy the benefit of performance improvement for your site. Nowadays, you no longer need to do so.
What you have to do is to change your DNS setting, pointing your domain to CDN provider and then set the origin server on the CDN provider. So the flow look like this:
YOURDOMAIN.com —-> SUBDOMAIN.CDNDOMAIN.com —-> YOURSUBDOMAIN.com

so the CDN provider could help you to cache your server content and response to the public user directly. Amazon is one of the provider, for detail, you could look through the below link:
Amazon Cloudfront

However, Amazon does not have any detail document about the security protection, but you could look through another provider – cloudflare which could provide some kind of protection to your website.

However, you may need to understand the HTTP header, for example the cache control header: max-age, s-maxage
this could affect your cached content on the CDN provider.

new extension on DNS – DNSSEC

2013
Oct 13

DNS – Domain Name System is a very old system which does not have any security protection. For example, all your DNS record is disclosed to the public.

To increase the security, now is new extension called DNSSEC is ready for some top-level domains (like .com, .net, .org), it helps to prevent malicious activities like cache poisoning, pharming and man-in-the-middle attacks.

A digital signature is used to enhance the data integrity. The common type of digital signature is SHA.

When a request send to the DNS resolver, the DNS resolver would verify and check for the authorization of the DNS record, if it is valid, then it would return. Otherwise, it would discard the response.

You may need to check whether your hosting provider provide such kind of feature to you. Some of the providers does not provide free service on DNSSEC.

generate HTML email, exclamation mark “!” issue in outlook

2013
Aug 10

when you use program (sendmail or phpmailer) to generate HTML email, you may notice one strange experience, why you see some exclamation marks in the email through outlook?

the main issue is: your HTML content does not have line-break character “\r\n”. You may need to do line-break because if the HTML content mix into one line, the line is too long and it would cause issue in outlook parser.

so do line-break on the HTML is one of the way to solve the “!” issue on outlook when viewing the email

php output excel, is it possible??

2013
Aug 10

is it possible to output excel through php. the answer is yes.

We did try to use PHP Excel few years before, however the performance is not quiet well. however, when we try to current version 1.7.9, the performance improved a lot.

we could now generate 4 tabs, set cell color, set font size and excel formula in just few seconds. To generate the spreadsheet, we no longer need to use .Net program to do so.

mysql fail to connect remotely, mysql process: unauthorized user

2013
Jun 23

There is an unusual case that we connect the mysql through remote connection.

the username, password and host is correct but we can never connect and in mysql process, it shows “unauthorized user”.

 

we tried a few time changing password, checking permission and everything is fine.

finally we find that the root cause is caused by nameserver.

 

if you confirmed everything is correct but fail to connect mysql database remotely, try to check the nameserver as well.