From rgerhards at hq.adiscon.com Tue Dec 6 10:15:19 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 10:15:19 +0100 Subject: [Phplogcon-dev] FW: phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E3FF3@grfint2.intern.adiscon.com> Hi all, I am forwarding a very good post from Brian to the list. Now that we have the list, I invite everyone to join the discussion and iron out how it is best to proceed. I think Brian has done some exceptionally good work and I would be glad if we can move toward jointly creating a great app. Brian: sorry for the silence the past days. Now Michael is back from vacation and he has a much better understanding of phpLogCon than I have. I think it'll make sense if you too primarily disucss how to proceed - I will throw in any advise I can offer, but as I've said I am not proficient with php. But sometimes I have good ideas on the "overall picture" ;) Thanks, Rainer > -----Original Message----- > From: Brian Shea [mailto:bgshea at gmail.com] > Sent: Tuesday, December 06, 2005 9:03 AM > To: Rainer Gerhards > Subject: Re: phpLogCon > > This is a work-in-progress, you can view a demo on my site. I > have about 4 more days of work before this will by a 100% > usable version. You can download a snap-shot of the code. I > have not put any copyrigth's on my files yet. So please don't > publish them. > > Link is not on webpage, but file should be there if you paste > the link into a browser. > > http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2 > > Watch out for the new file structure > /sessions/ --- Hold session related code files > /pages/ --- Hold the different view, home, > event, syslogtags, etc. > /pages/forms/ --- was /forms/ > > All pages are access through index.php and the > $_SESSION['pages'] variable and a sub pages by the get data > slt or lid. > This hides much of the information about the web app, so it > will be harder to XSS, but if they have the code ... > > http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2 > > TODO: > 1) Clean up and organization. > 2) Combine like code on different pages into functions > 3) Get filter settings in to stored sessions > 4) You had some comments about user's being able to select > different filters, that needs to be done, should be easy at > this point. > 5) Finish the user-config page. > 6) Consider using Text_CAPTCHA to prevent brute force scripts > of trying to login, this would be optional, cause it can be > annoying/unavailable. > > > On 12/5/05, Brian Shea wrote: > > That could work, but since you i'm 8 hours behind you, > midnight for me is 8am for you and by time i wake up at 8:30 > it's the end of your day. > > Either way will work. > > Reposted the file. phplogcon_1.2.3_bgs.tar.bz2 > > now I'm off to bed ;) > > > > On 12/5/05, Brian Shea wrote: > > I dont mind. 4 to 5am is no problem, besides, > if i get up that eairly i have a good change of making it to > work on time, otherwise i don't roll out of bed till 8:30 ;) > > Also, added session_write_close() on line 117. > You might find an extra 's' on line 118 (typo). I'm going to > re-bzip the files. (keyboard short cut is ALT-F-S, sometimes > i hit the fn key next to alt key) > > Anyway, you should find that adding stored > varibles to phplogcon by $_SESSION is quite easy now. Have fun!! > > Off to sleep. > > > > On 12/5/05, Rainer Gerhards < > rgerhards at hq.adiscon.com > wrote: > > Hi Brian, > > thanks for sticking around ;) I guess > this week will be a much better > one with Michael coming back from > vacation. I think it is not a good > idea to make you get up early just to > talk to us ;) What do you think: I > could set up a developers mailing list > and all discussions could take > place on that. I guess that would be > more convenient for everyone... > > Rainer > > > -----Original Message----- > > From: Brian Shea [mailto: bgshea at gmail.com] > > Sent: Sunday, December 04, 2005 7:03 PM > > To: Andre Lorbach; Rainer Gerhards > > Subject: Re: phpLogCon > > > > Andre, Rainer > > > > I'm going to write php Session > handling functions. This will > > be a separate file that can be > included and used with out any > > changes to your current version. > Since php session handling > > functions can be set from php, so > this file will set them. > > Then all the session data will be > written to (DB, FILE, > > dev/null) what ever. > > > > Also, if you still want to chat on > MSN, maybe we can arrange > > a time this week. I think it would be > better for me to get up > > early (4 or 5am) which would be your > afternoon. Any day but > > my Thursday would work. > > > > I would like to work with you, if you > still want that. This > > is your project, so it is your call. > > > > Regards, > > > > Brian Shea > > > > > > On 12/1/05, Brian Shea > wrote: > > > > My MSN account is > bgshea at gmail.com > > > > > > > > > > On 12/1/05, Brian Shea > wrote: > > > > Okay, I'll setup an > account and we can chat! > > > > Thanks, > > > > Brian Shea > > > > > > > > On 12/1/05, Andre Lorbach < > > alorbach at ro1.adiscon.com > > > wrote: > > > > Hi, > > > > you will > contact me (Andre Lorbach) on > > MSN using: delta_ray at hotmail.com > > Timm Herget has > the following MSN: > > therget at gmx.net > > > > I will be on > MSN again tomorrow, so > > don't wounder when I am offline > > there. > > > > Best regards, > > Andre Lorbach > > > > > -----Original > Message----- > > > From: Brian > Shea [mailto: > > bgshea at gmail.com bgshea at gmail.com > ] > > > Sent: > Wednesday, November 30, 2005 6:35 PM > > > To: Rainer Gerhards > > > Subject: Re: phpLogCon > > > > > > Umm, not > sure, I have Gaim and that > > support a number of > > > protocols. I > don't use chat that > > often so any of them are > > > fine. Just > let me know what you guys > > use (MSN/ICQ/AIM) and > > > I'll sign up > for an account. > > > > > > Yeah, That's > my project i do to get > > away from computers. > > > > > > > > > On 11/30/05, > Rainer Gerhards < > > rgerhards at hq.adiscon.com > wrote: > > > > > > > excellent (and good luck with > > your truck!!!). Any > > > preferrence regarding > > > the messenging? > > > > > > Rainer > > > > > > > > -----Original Message----- > > > > From: > Brian Shea [mailto: > > bgshea at gmail.com bgshea at gmail.com > ] > > > > Sent: > Wednesday, November 30, > > 2005 5:04 PM > > > > To: > Rainer Gerhards > > > > > Subject: Re: phpLogCon > > > > > > > > Okay, > that will work for me > > too cause i need to install the > > > > > engine for my truck this > > weekend and will be tied up with > > > > that > for the rest of the > > week. I'll hold off off on the > > > > > emails till we can all get > > together. Let me know when is good > > > > for > you. Also let me know > > what were are going to use. > > > > > > > > Thanks, > > > > > > > > > > > > On > 11/30/05, Rainer Gerhards < > > > > rgerhards at hq.adiscon.com > > > > rgerhards at hq.adiscon.com > > > wrote: > > > > > > > > Brian, > > > > > > > > > just one further note. > > I think there is lots of room > > > > for > improvements, > > > > > even besides the bug > > fixing. The good thing is that I > > > > am > also in control > > > > > of a back-end, namely > > rsyslog, which definitely > > > helps with the > > > > > integration. > > > > > > > > Rainer > > > > > > > > > > -----Original Message----- > > > > > > From: Brian Shea > > [mailto: bgshea at gmail.com] > > > > > > Sent: Monday, > > November 28, 2005 10:36 PM > > > > > > To: Rainer Gerhards > > > > > > Subject: Re: phpLogCon > > > > > > > > > > > Sure, this will give > > me a chance to really > > > help out on an > > > > > > open source project. > > I use ton of open source > > > software and > > > > > > occasionally buy > > Tee-Shirts or Mugs, but that > > > doesn't really > > > > > > go all that far. I'll > > be glad to help in > > > anyway possible. > > > > > > > > > > > I'm gonna spend more > > time tonight to > > > re-instate > cookies with > > > > > > more protection and > > better cookie expiration. > > > > > > > > > > > I think we should > > look at moving all the auth > > > code to one > > > > > > function or set of > > functions. I was having a > > > bit of trouble > > > > > > last night with > > erroneous valid sessions even > > > when i logged > > > > > > out. No doubt a > > result of my changes. I > > > eventually over came > > > > > > the issue, but it is > > a hack at best. > > > > > > > > > > Brian > > > > > > > > > > > > > > > > On 11/28/05, Rainer Gerhards < > > > > rgerhards at hq.adiscon.com > > > > > > > wrote: > > > > > > > > > > > Brian, > > > > > > > > > > > the office I am > > in has had some ISP > > > troubles today. I > > > > > > am receiving messages > > out of order... > > > Anyhow... I really > > > > > > appreciate your work > > - it is awsome ;) I > > > think we could > > > > > > really do quite a lot > > together and I am > > > excited about that > > > > > > opportunity. The > > primary coder so far - > > > Michael Meckelein - > > > > > > is on vacation since > > friday, he'll be back > > > next monday. I > > > > > > have asked Andre to > > work with you. I think > > > that will be fun > > > > > > ;) I myself have > > mostly worked on the basic > > > concept, and even > > > > > > that not for quite some time. > > > > > > > > > > > I think we are > > on a quite good track now :) > > > > > > > > > > > > > > > > Rainer > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Brian Shea > > > > [mailto:bgshea at gmail.com] > > > > > > Sent: > > Monday, November 28, 2005 4:20 PM > > > > > > To: > > Rainer Gerhards > > > > > > > Subject: phpLogCon > > > > > > > > > > > > > > > > You can > > use this email for > > > coordinating the > > > > > > fixes. I'll be at > > work from 8:00 to 4:30, but > > > after that I'm > > > > > > free to work on phpLogCon. > > > > > > > > > > > BTW: > > > > > > > > > > > The > > code is pretty good, The > > > first thing we > > > > > > need to do is have a > > central authentication > > > point. Move all > > > > > > the valid user checks > > to one function that is > > > called at the > > > > > > start of the scripts, > > and if fails kills the > > > session and > > > > > > sends the user back > > to index.php. > > > > > > > > > > > I > > noticed that you had some of > > > the auth code in > > > > > > index.php, some in > > writestandardhead and more > > > in auth. I > > > > > > moved most of the > > auth code to auth, but > > > there is still a few > > > > > > bits and pieces left over. > > > > > > > > > > > Regrads, > > > > > > Brian > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From bgshea at gmail.com Tue Dec 6 16:18:40 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 08:18:40 -0700 Subject: [Phplogcon-dev] Great, thank you!! Message-ID: <9ef8de70512060718q437b4113ve44acc05d4036179@mail.gmail.com> Okay, great, I will be interested to hear what is on your todo list!!! Thanks, Brian From mmeckelein at hq.adiscon.com Tue Dec 6 16:38:57 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 16:38:57 +0100 Subject: [Phplogcon-dev] Great, thank you!! Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C416@grfint2.intern.adiscon.com> Hello Brian, I am Michael, one of the core developers of phpLogCon. First of all, your enhancements and ideas for phpLogCon are very impressive. I have already taken a look into your code improvements and have installed your phplogcon-1.2.4_bgs branch. After some trouble (I know you wrote that this version will have bugs) it is running in my test environment. Of course I will discuss with you the enhancements and will also provide phpLogCon's todo list. Please bear a little with me. I will prepare some questions / comments and forward it to the list soon. Regards, Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Tuesday, December 06, 2005 4:19 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Great, thank you!! > > Okay, great, > > I will be interested to hear what is on your todo list!!! > > Thanks, > > Brian > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Tue Dec 6 17:05:28 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 17:05:28 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> Hi, I will discuss each topic in a separate email on the list. I think it is easier for tracking. One of the most desired items for phpLogCon is a database abstraction layer. We have already implemented our own db abstraction layer, but it is more or less an 'it does, but it not perfect' one (also it only supports mysql, mssql and access). We had often trouble to get all supported database working. Therefore we have considered to use a third party db abstraction layer like pear:db [1] or adodb for phpLogCon. Brian, as you mentioned, the session handler only works with mysql. If we want support other db we have to write a wrapper. Maybe it is a good time to implement the third party stuff now in order to get rid of all the trouble with different db. Brian, how does it sound? Maybe you have already experience with db:pear or adodb? I have already tested both in smaller projects. I personally prefer db:pear, but both are powerful and easy to use. [1] pear::db http://pear.php.net/package/DB [2] ADOdb http://adodb.sourceforge.net/ Best Regards, Michael From mmeckelein at hq.adiscon.com Tue Dec 6 17:53:07 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 17:53:07 +0100 Subject: [Phplogcon-dev] logged in via cookie Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> Hi Brian, If I understand the concept of your session handling correctly, it is no longer possible to keep the user logged in longer than the browser session. I know it is more insecure remember users via cookie, but this is a feature most of the users like. Actually this was one of the 'have to' features as we introduce the user interface. The user should decide if he wants to use cookies for remembering or not in my opinion. Of course, we should mention in the documentation (and/or provide a link to "read about using cookie" or something similar) that using cookie can be insecure. Best Regards, Michael From mmeckelein at hq.adiscon.com Tue Dec 6 18:19:03 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:19:03 +0100 Subject: [Phplogcon-dev] changing user name / adding user Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C419@grfint2.intern.adiscon.com> Hi, In phplogcon it is possible to add a user with a username (UserIDText) which already exist. Remember unique for users it's by UserID. In version 1.2.3_bgs, Brian has introduced to change the user name. I guess it is possible to change the username to a name already exist. I have not verified this by testing, because this feature does not work in my test lab. Identical usernames are very confusing and a good source for trouble. Therefore, I think we should make the UserIDText in the users table unique and check if UserIDText already exist before adding/changing anything. Comments are highly appreciated. Michael From mmeckelein at hq.adiscon.com Tue Dec 6 18:23:14 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:23:14 +0100 Subject: [Phplogcon-dev] FW: Great, thank you!! Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41A@grfint2.intern.adiscon.com> I will post Brian's post to the list. A setup issue of the mailing list caused that a reply goes to the initiator of the mail instead to the list. This issue is already solved. Michael -----Original Message----- From: Brian Shea [mailto:bgshea at gmail.com] Sent: Tuesday, December 06, 2005 5:56 PM To: Michael Meckelein Subject: Re: [Phplogcon-dev] Great, thank you!! No problem, I have trouble installing the demo myself. I usually try to get the code worked in, then work out the bugs. I will be glad to answer any questions Regards, Brian On 12/6/05, Michael Meckelein wrote: Hello Brian, I am Michael, one of the core developers of phpLogCon. First of all, your enhancements and ideas for phpLogCon are very impressive. I have already taken a look into your code improvements and have installed your phplogcon-1.2.4_bgs branch. After some trouble (I know you wrote that this version will have bugs) it is running in my test environment. Of course I will discuss with you the enhancements and will also provide phpLogCon's todo list. Please bear a little with me. I will prepare some questions / comments and forward it to the list soon. Regards, Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Tuesday, December 06, 2005 4:19 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Great, thank you!! > > Okay, great, > > I will be interested to hear what is on your todo list!!! > > Thanks, > > Brian > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev _______________________________________________ Phplogcon-dev mailing list http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Tue Dec 6 18:37:12 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:37:12 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> Hi Brian, I need your help. Please can you point me to where I can find the following modification? > added php code to not allow certain files to be access by the > URL!!! esp. include.php and config.php Thank you. Best regards, Michael From bgshea at gmail.com Tue Dec 6 18:37:21 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 12:37:21 -0500 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512060937q2c1c9347x19954d8cebb6bb93@mail.gmail.com> The Pear DB sounds good, i have the pear lib installed and have used it before. I can modify the session handlers to include pear support. It would be a good idea to have native support for mssql/mysql for those that can't use pear. I think those two are probably the most widely used DBs. All other's can be supported by pear. That item has been added to the TODO list. On 12/6/05, Michael Meckelein wrote: > > Hi, > > I will discuss each topic in a separate email on the list. I think it is > easier for tracking. > > One of the most desired items for phpLogCon is a database abstraction > layer. We have already implemented our own db abstraction layer, but it > is more or less an 'it does, but it not perfect' one (also it only > supports mysql, mssql and access). > > We had often trouble to get all supported database working. Therefore we > have considered to use a third party db abstraction layer like pear:db > [1] or adodb for phpLogCon. > > Brian, as you mentioned, the session handler only works with mysql. If > we want support other db we have to write a wrapper. Maybe it is a good > time to implement the third party stuff now in order to get rid of all > the trouble with different db. > > Brian, how does it sound? Maybe you have already experience with db:pear > or adodb? I have already tested both in smaller projects. I personally > prefer db:pear, but both are powerful and easy to use. > > [1] pear::db > http://pear.php.net/package/DB > [2] ADOdb > http://adodb.sourceforge.net/ > > Best Regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 18:39:37 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 12:39:37 -0500 Subject: [Phplogcon-dev] logged in via cookie In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512060939r7000d6g2074d10d257c6b65@mail.gmail.com> The timeout can be set for 1 year if they want to stay logged in. If they are offline for more than 1 year, i doubt they would complain to re-login. An option can be added to the page to similar to 'remember me' so the user will stay loged in On 12/6/05, Michael Meckelein wrote: > > Hi Brian, > > If I understand the concept of your session handling correctly, it is no > longer possible to keep the user logged in longer than the browser > session. > > I know it is more insecure remember users via cookie, but this is a > feature most of the users like. Actually this was one of the 'have to' > features as we introduce the user interface. > > The user should decide if he wants to use cookies for remembering or not > in my opinion. Of course, we should mention in the documentation (and/or > provide a link to "read about using cookie" or something similar) that > using cookie can be insecure. > > Best Regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 18:41:14 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 18:41:14 +0100 Subject: [Phplogcon-dev] TodoList and such Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> Hi all, it is nice seeing the discussion to come alive. I have a general suggestion when it comes to todo list, bug trackers and those. Besides the dedicated site, phpLogCon is also hosted on sourceforge.net, where we also use the CVS. Sourceforge offers a lot of trackers. I suggest we use them, this is a nice way to keep everyone informed of whats going on and who is doing what. How does this sound? Rainer From mmeckelein at hq.adiscon.com Tue Dec 6 18:45:18 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:45:18 +0100 Subject: [Phplogcon-dev] enhanced "message must contain" filter Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> Please not in the current CVS version we have already build in support to search a message for multiple words. However we want to enhance the "message must contain" filter further. It would be great it is more useable like google searching, e.g. search for a term enclosed in double quotes like "foo bar" or for and/or conditions (foo OR bar). Best regards, Michael From bgshea at gmail.com Tue Dec 6 19:09:11 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 13:09:11 -0500 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <9ef8de70512061009y1ad1a27bq8c76efc8614a983a@mail.gmail.com> >From what i read so far, it sound like we need to get our systems setup the same. We need to have a common php.ini and mysql table/database setup. and test directories. Thanks, From bgshea at gmail.com Tue Dec 6 20:03:10 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:03:10 -0500 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> The code is just below the GNU license marked with // BGS -- // BGS end the first section is the trailing '/' (slash) removal, the second section is the diss allow. I dont have the code in front of me to look at. On 12/6/05, Michael Meckelein wrote: > > Hi Brian, > > I need your help. Please can you point me to where I can find the > following modification? > > > added php code to not allow certain files to be access by the > > URL!!! esp. include.php and config.php > > Thank you. > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 20:03:49 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:03:49 -0500 Subject: [Phplogcon-dev] TodoList and such In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061103l3063aa64i33d0567065558bd9@mail.gmail.com> Will do!! On 12/6/05, Rainer Gerhards wrote: > > Hi all, > > it is nice seeing the discussion to come alive. I have a general > suggestion when it comes to todo list, bug trackers and those. Besides > the dedicated site, phpLogCon is also hosted on sourceforge.net, where > we also use the CVS. Sourceforge offers a lot of trackers. I suggest we > use them, this is a nice way to keep everyone informed of whats going on > and who is doing what. > > How does this sound? > > Rainer > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 20:10:04 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:10:04 -0500 Subject: [Phplogcon-dev] enhanced "message must contain" filter In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061110s76e73e3bu7d9c26eed57592c3@mail.gmail.com> WOW, that is a big one. Certainly possible, this should be considered for a 2.0 release! Let's concentrate on the DB, security and layout for 1.x.xreleases. We can introduce a new page with this type of search. We should also be able to utilize SQL language for searching and indexing. On 12/6/05, Michael Meckelein wrote: > > Please not in the current CVS version we have already build in support > to search a message for multiple words. > > However we want to enhance the "message must contain" filter further. It > would be great it is more useable like google searching, e.g. search for > a term enclosed in double quotes like "foo bar" or for and/or conditions > (foo OR bar). > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 21:29:08 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 21:29:08 +0100 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> Let me caution on the database schema. We should try NOT to change it, because other products/projects rely on it. For example, rsyslogd supports it be default and it would be bad if it couldn't use the "normal" schema. Also, the (commercial) Windows event reporter use intentionally the same schema. I guess that some others are also building on that schema with add-on scripts. Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 7:09 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > >From what i read so far, it sound like we need to get our > systems setup the > same. > > We need to have a common php.ini and mysql table/database setup. > > and test directories. > > Thanks, > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 21:44:17 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 15:44:17 -0500 Subject: [Phplogcon-dev] Hmm, before we get too far.. In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061244u5d4882k8934a05cc1c471b9@mail.gmail.com> Yeah, i think that is good. There seems to be a difference in our system setups, not so much in the table/column names. For the most part, i want to change my system to match yours as close a possible so that code can be easily transferred in working condition. This might be as simple as an Apache directory, or php.ini config setting, or location to where the code is stored. on my system i use /phplogcon121 as the Apache location to phplogcon. You might have say /phplogcon_test, which could cause some of the config parameter to get mixed up. This will be an issue during install to get all the config setting correct so when user installs phplogcon the proper directory names are set. Brian, On 12/6/05, Rainer Gerhards wrote: > > Let me caution on the database schema. We should try NOT to change it, > because other products/projects rely on it. For example, rsyslogd > supports it be default and it would be bad if it couldn't use the > "normal" schema. Also, the (commercial) Windows event reporter use > intentionally the same schema. I guess that some others are also > building on that schema with add-on scripts. > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 06, 2005 7:09 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > > > >From what i read so far, it sound like we need to get our > > systems setup the > > same. > > > > We need to have a common php.ini and mysql table/database setup. > > > > and test directories. > > > > Thanks, > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 21:50:07 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 21:50:07 +0100 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4007@grfint2.intern.adiscon.com> Brian, I agree it would be advisable to have the same setup. I think once we have made clear what we use, we should document that. Maybe Timm can jump onto that. Please note that phpLogCon shall work both on Linux and Windows (even with IIS). I think we should do the verifcation that everything continues to work with IIS. Or are you up for some Windoze? ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 9:44 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Hmm, before we get too far.. > > Yeah, i think that is good. There seems to be a difference in > our system > setups, not so much in the table/column names. For the most > part, i want to > change my system to match yours as close a possible so that > code can be > easily transferred in working condition. > > This might be as simple as an Apache directory, or php.ini > config setting, > or location to where the code is stored. > > on my system i use /phplogcon121 as the Apache location to > phplogcon. You > might have say /phplogcon_test, which could cause some of the config > parameter to get mixed up. > > This will be an issue during install to get all the config > setting correct > so when user installs phplogcon the proper directory names are set. > > Brian, > > > On 12/6/05, Rainer Gerhards wrote: > > > > Let me caution on the database schema. We should try NOT to > change it, > > because other products/projects rely on it. For example, rsyslogd > > supports it be default and it would be bad if it couldn't use the > > "normal" schema. Also, the (commercial) Windows event reporter use > > intentionally the same schema. I guess that some others are also > > building on that schema with add-on scripts. > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Brian Shea > > > Sent: Tuesday, December 06, 2005 7:09 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > > > > > >From what i read so far, it sound like we need to get our > > > systems setup the > > > same. > > > > > > We need to have a common php.ini and mysql table/database setup. > > > > > > and test directories. > > > > > > Thanks, > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 06:35:50 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 22:35:50 -0700 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> Message-ID: <9ef8de70512062135m61be2987r5fbae426c9d96a7b@mail.gmail.com> Michael, here is the code section that will disallow access to php files from the URL. It basically looks at the file name in the $_SERVER[script_name] to see if it mathces itself. // BGS -- do not allow access from URL $filename = substr(__FILE__, strrpos( __FILE__, "/" )); $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( $_SERVER['SCRIPT_NAME'], "/" )); if( $filename == $requestname ) { session_unset(); header("Location: ../index.php"); exit; } // BGS end On 12/6/05, Brian Shea wrote: > > The code is just below the GNU license marked with > > // BGS -- > > // BGS end > > the first section is the trailing '/' (slash) removal, the second section > is the diss allow. I dont have the code in front of me to look at. > > > On 12/6/05, Michael Meckelein wrote: > > > > Hi Brian, > > > > I need your help. Please can you point me to where I can find the > > following modification? > > > > > added php code to not allow certain files to be access by the > > > URL!!! esp. include.php and config.php > > > > Thank you. > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From rgerhards at hq.adiscon.com Wed Dec 7 09:19:35 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:19:35 +0100 Subject: [Phplogcon-dev] release structure Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E400F@grfint2.intern.adiscon.com> Hi all, a non-technical issue... I think we need to put some thinking into what shall go into which release as soon as we have finished an agreed-upon todo list (but not sooner ;)). Anyhow, we should remember that the whole thing started when Brian detected some security issues. The currently distributed source still contains them. So I think it is definitely time to do something against it. I propose we do the following: #1 document that limitiations of the current "security model", which most importantly means telling people very directly that these are profiles and not actual security-safe accounts. Michael mentioned we had such a document. If so, we should dig it out and publish it, if not, we should create at least a small one ;) #2 fix the most important things without major change (I think about the % userid/password issue). My goal here would be to fix what can be done very quickly and have a better version online. We could then also fork phplogcon into a stable and a development branch, where stable just receives the most important things (but is stable ;)) while development would be the (b)leading edge, at which allmost all further work is conducted. Feedback is highly appreciated. Many thanks, Rainer From rgerhards at hq.adiscon.com Wed Dec 7 09:40:40 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:40:40 +0100 Subject: [Phplogcon-dev] enhanced "message must contain" filter Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4011@grfint2.intern.adiscon.com> I think we should just add it to the todo list as a feature request. I agree that the other topics are more important. From the feedback I received, it might be a less enormous task than it sounds, but that can be seen once we are there ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 8:10 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] enhanced "message must contain" filter > > WOW, that is a big one. Certainly possible, this should be > considered for a > 2.0 release! Let's concentrate on the DB, security and layout for > 1.x.xreleases. > > We can introduce a new page with this type of search. We > should also be able > to utilize SQL language for searching and indexing. > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > Please not in the current CVS version we have already build > in support > > to search a message for multiple words. > > > > However we want to enhance the "message must contain" > filter further. It > > would be great it is more useable like google searching, > e.g. search for > > a term enclosed in double quotes like "foo bar" or for > and/or conditions > > (foo OR bar). > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 09:45:22 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:45:22 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4012@grfint2.intern.adiscon.com> Brian, please let me elaborate why I proposed some time ago to use a different db abstraction layer. Just so that we remember the reasoning. The db abstraction layer we have done works, but is a bit "rough" and also limits the abilities to use SQL to its full extent. At least this is what has been discussed so far. My hopes for a layer like Pear is that it provides a higher-level abstraction with better functionality. So my main objective behind that would not be to support additional databases (although this definitely is a secondary goal) but to have cleaner and more capable code inside phpLogCon. In the light of this, I'd propose to not support MSSQL and MySQL natively, because that would require us to continue to use our own layer, which seems to have some issues. Of course, the question is what implications Pear has - e.g. performance-wise. I hope this clarifies and initiates another round of good discussions ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 6:37 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > The Pear DB sounds good, i have the pear lib installed and > have used it > before. I can modify the session handlers to include pear > support. It would > be a good idea to have native support for mssql/mysql for > those that can't > use pear. I think those two are probably the most widely used DBs. All > other's can be supported by pear. > > That item has been added to the TODO list. > > > On 12/6/05, Michael Meckelein wrote: > > > > Hi, > > > > I will discuss each topic in a separate email on the list. > I think it is > > easier for tracking. > > > > One of the most desired items for phpLogCon is a database > abstraction > > layer. We have already implemented our own db abstraction > layer, but it > > is more or less an 'it does, but it not perfect' one (also it only > > supports mysql, mssql and access). > > > > We had often trouble to get all supported database working. > Therefore we > > have considered to use a third party db abstraction layer > like pear:db > > [1] or adodb for phpLogCon. > > > > Brian, as you mentioned, the session handler only works > with mysql. If > > we want support other db we have to write a wrapper. Maybe > it is a good > > time to implement the third party stuff now in order to get > rid of all > > the trouble with different db. > > > > Brian, how does it sound? Maybe you have already experience > with db:pear > > or adodb? I have already tested both in smaller projects. I > personally > > prefer db:pear, but both are powerful and easy to use. > > > > [1] pear::db > > http://pear.php.net/package/DB > > [2] ADOdb > > http://adodb.sourceforge.net/ > > > > Best Regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 12:39:00 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 12:39:00 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41F@grfint2.intern.adiscon.com> > Of course, the question is what implications Pear has - e.g. > performance-wise. Of course, abstraction layer have naturally impact on performance. I did some research about pear::db performance. I was surprised some say "PEAR::DB code will run at about 3/8 the speed of the equivalent DBMS-specific code" [1]. Also found some benchmark indicating that is true [2][3]. As I already wrote, I have used pear::db in small projects and it works great. The impact of the abstraction layer was hardly noticeable (subjective), but I have not made any performance testing. "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good decision indicates that it worth to use a db abstraction layer. I support this approach since I know about the trouble, testing and time effort for developing your own db wrapper. Michael [1] Impaired performance of pear::db http://www.hudzilla.org/phpbook/read.php/9_6_4 [2] simple benchmark (08/13/02) comparing some db abstraction layer http://freshmeat.net/screenshots/30313/ [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL http://phplens.com/lens/adodb/ [4] Is PEAR DB worth using?" http://groups.google.com/group/comp.lang.php/browse_frm/thread/1d1dca65e 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en From mmeckelein at hq.adiscon.com Wed Dec 7 13:01:53 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 13:01:53 +0100 Subject: [Phplogcon-dev] release structure Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> > Anyhow, we should remember that the whole thing started when Brian > detected some security issues. The currently distributed source still > contains them. So I think it is definitely time to do something against > it. ACK. > I propose we do the following: > > #1 document that limitiations of the current "security model", which > most importantly means telling people very directly that these are > profiles and not actual security-safe accounts. Michael mentioned we had > such a document. If so, we should dig it out and publish it, if not, we > should create at least a small one ;) I didn't find such document. Probably it was discussed by email or chat. I know we have discussed, but obviously missed to document. We should immediately document that out. Beside to mention it in the manual, should we create a faq e.g. telling how to use .htaccess for example? > > #2 fix the most important things without major change (I think about the > % userid/password issue). My goal here would be to fix what can be done > very quickly and have a better version online. Timm, please take the current code from the cvs and merge Brian's bug fixes (http://www.hackthebox.org/) into it as soon as possible. Then we can make a release of this branch. Note that beside the security fixes this release will also include some minor fixes which already made and the Database options page Timm has implemented. > We could then also fork phplogcon into a stable and a development > branch, where stable just receives the most important things (but is > stable ;)) while development would be the (b)leading edge, at which > allmost all further work is conducted. Sounds good. It is the common way for open source development, isn't it? Michael From rgerhards at hq.adiscon.com Wed Dec 7 15:48:09 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 15:48:09 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E401D@grfint2.intern.adiscon.com> Well... I've gone through the references and my guess is that Pear will probably be not that bad in our case (though ADOdb might be something we should look at). My reason is that I think we do relatively simply queries. Anyhow, these simple queries can relate to a lot of i/o at the database itself, which probably turns out to be the botleneck. Of course, nothing of this is verified, but I have the strong impression that performance will not be that much of an issue (well, to be precisely "performance of the abstraction layer" - performance per se *is* an issue, especially with the potentially huge amounts of data we have in syslog... ;)). So my educated (but unverified) opinion is that it would probably be worth looking at Pear. I Am still of the view that native DB support via our own layer is causing more trouble than it is worth. My 2cts... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 12:39 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > Of course, the question is what implications Pear has - e.g. > > performance-wise. > > Of course, abstraction layer have naturally impact on > performance. I did > some research about pear::db performance. I was surprised some say > "PEAR::DB code will run at about 3/8 the speed of the equivalent > DBMS-specific code" [1]. Also found some benchmark indicating that is > true [2][3]. > > As I already wrote, I have used pear::db in small projects > and it works > great. The impact of the abstraction layer was hardly noticeable > (subjective), but I have not made any performance testing. > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > decision indicates that it worth to use a db abstraction layer. I > support this approach since I know about the trouble, testing and time > effort for developing your own db wrapper. > > Michael > > [1] Impaired performance of pear::db > http://www.hudzilla.org/phpbook/read.php/9_6_4 > [2] simple benchmark (08/13/02) comparing some db abstraction layer > http://freshmeat.net/screenshots/30313/ > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL > http://phplens.com/lens/adodb/ > [4] Is PEAR DB worth using?" > http://groups.google.com/group/comp.lang.php/browse_frm/thread > /1d1dca65e > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 15:49:49 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 15:49:49 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> Brian, This approach works only in a linux environment. Note that Windows uses \ instead linux's / for directory browsing. E.g. file in - windows: c:\webserver\phplogcon\config.php - linux: /var/www/phplogcon/config.php Furthermore, I have to admit that I am not aware of an actually security issue by accessing those file directly via url. Of course it is not intended to call files like config.php directly. To prohibit accessing files directly which are not intended to access directly is of course a good security concept. But maybe I oversee a security issue with the current (without your check) approach? Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Wednesday, December 07, 2005 6:36 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > Michael, here is the code section that will disallow access to php files > from the URL. > > It basically looks at the file name in the $_SERVER[script_name] to see if > it mathces itself. > > // BGS -- do not allow access from URL > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > $_SERVER['SCRIPT_NAME'], "/" )); > > if( $filename == $requestname ) > { > session_unset(); > header("Location: ../index.php"); > exit; > } > // BGS end > > > > On 12/6/05, Brian Shea wrote: > > > > The code is just below the GNU license marked with > > > > // BGS -- > > > > // BGS end > > > > the first section is the trailing '/' (slash) removal, the second > section > > is the diss allow. I dont have the code in front of me to look at. > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > Hi Brian, > > > > > > I need your help. Please can you point me to where I can find the > > > following modification? > > > > > > > added php code to not allow certain files to be access by the > > > > URL!!! esp. include.php and config.php > > > > > > Thank you. > > > > > > Best regards, > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Wed Dec 7 16:05:24 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 16:05:24 +0100 Subject: [Phplogcon-dev] duplicated code Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> Hi Brian, I noticed that you use duplicated code in some files. The code snippet below is in e.g. auth.php, config.php, include.php, ... Wouldn't it be better to put it into a function onto the top in include.php? // BGS -- This will remove the trailin / in a uri like .../index.php/ // This causes the directories to get mucked up. // Patch from http://www.php.net/manual/en/ref.apache.php by henk_nicolai at REMOVE-THIS at hotmail dot com $req = $_SERVER['REQUEST_URI']; // Remove rubbish. $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', $_SERVER['SCRIPT_NAME'], $req); if (strlen($newReq) < strlen($req)) { header ('Location: '.$newReq); header ('HTTP/1.0 301 Moved Permanently'); die; // Don't send any more output. } unset($req); unset($newReq); // BGS end // BGS -- do not all access from URI $filename = substr(__FILE__, strrpos( __FILE__, "/" )); $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( $_SERVER['SCRIPT_NAME'], "/" )); if( $filename == $requestname ) { session_unset(); header("Location: ../index.php"); exit; } // BGS end Michael From mmeckelein at hq.adiscon.com Wed Dec 7 16:14:25 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 16:14:25 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> > Well... I've gone through the references and my guess is that Pear will > probably be not that bad in our case (though ADOdb might be something we > should look at). This -> > My reason is that I think we do relatively simply > queries. Anyhow, these simple queries can relate to a lot of i/o at the > database itself, which probably turns out to be the botleneck. is exactly the point. phpLogCon does not bother the database with a high amount of queries. The queries are typical simple as Rainer mentioned. Just using some where clauses and only SystemEvents table have to select if phplogcon works with data. Michael >Of > course, nothing of this is verified, but I have the strong impression > that performance will not be that much of an issue (well, to be > precisely "performance of the abstraction layer" - performance per se > *is* an issue, especially with the potentially huge amounts of data we > have in syslog... ;)). > > So my educated (but unverified) opinion is that it would probably be > worth looking at Pear. I Am still of the view that native DB support via > our own layer is causing more trouble than it is worth. > > My 2cts... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 12:39 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > > > Of course, the question is what implications Pear has - e.g. > > > performance-wise. > > > > Of course, abstraction layer have naturally impact on > > performance. I did > > some research about pear::db performance. I was surprised some say > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > DBMS-specific code" [1]. Also found some benchmark indicating that is > > true [2][3]. > > > > As I already wrote, I have used pear::db in small projects > > and it works > > great. The impact of the abstraction layer was hardly noticeable > > (subjective), but I have not made any performance testing. > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > > decision indicates that it worth to use a db abstraction layer. I > > support this approach since I know about the trouble, testing and time > > effort for developing your own db wrapper. > > > > Michael > > > > [1] Impaired performance of pear::db > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > [2] simple benchmark (08/13/02) comparing some db abstraction layer > > http://freshmeat.net/screenshots/30313/ > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL > > http://phplens.com/lens/adodb/ > > [4] Is PEAR DB worth using?" > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > /1d1dca65e > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From bgshea at gmail.com Wed Dec 7 16:52:32 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 08:52:32 -0700 Subject: [Phplogcon-dev] release structure In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070752n678e178cve529919475811480@mail.gmail.com> Completely agree to to sable and beta versions!! 1.2.1 Can be fixed easily for the % char, but the cookies will need much more work. But if you tell people about the problem, then they can take the proper precautions. This can be found in auth.php for 1.2.4_bgs, it will handle all characters that we might want to limit in the future. // Check for special sql characters function invalid_chars( $string ) { $bad_list = array("'",'"',"%"," "); foreach( $bad_list as $needle ) { if( strpos( $string, $needle ) !== FALSE ) { return TRUE; } } return FALSE; } Example how to use it if( invalid_chars( $user ) || invalid_chars( $pass ) ) {// BAD WriteHead('phpLogCon :: ' , _MSGAccDen, '', '', _MSGAccDen, 0); print '
..:: ' . _MSGNamInvChr . ' ::..
'; echo '
..:: ', _MSGBac2Ind, ' ::..'; WriteFooter(); exit; } else { //GOOD } NOTE TO MYSELF: make gmail insert > for replies to messages. On 12/7/05, Michael Meckelein wrote: > > > Anyhow, we should remember that the whole thing started when Brian > > detected some security issues. The currently distributed source still > > contains them. So I think it is definitely time to do something > against > > it. > > ACK. > > > I propose we do the following: > > > > #1 document that limitiations of the current "security model", which > > most importantly means telling people very directly that these are > > profiles and not actual security-safe accounts. Michael mentioned we > had > > such a document. If so, we should dig it out and publish it, if not, > we > > should create at least a small one ;) > > I didn't find such document. Probably it was discussed by email or chat. > I know we have discussed, but obviously missed to document. We should > immediately document that out. Beside to mention it in the manual, > should we create a faq e.g. telling how to use .htaccess for example? > > > > > #2 fix the most important things without major change (I think about > the > > % userid/password issue). My goal here would be to fix what can be > done > > very quickly and have a better version online. > > Timm, please take the current code from the cvs and merge Brian's bug > fixes (http://www.hackthebox.org/) into it as soon as possible. Then we > can make a release of this branch. Note that beside the security fixes > this release will also include some minor fixes which already made and > the Database options page Timm has implemented. > > > We could then also fork phplogcon into a stable and a development > > branch, where stable just receives the most important things (but is > > stable ;)) while development would be the (b)leading edge, at which > > allmost all further work is conducted. > > Sounds good. It is the common way for open source development, isn't it? > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 16:58:00 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 08:58:00 -0700 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070758m46ea70cavee116c3927a0c344@mail.gmail.com> Ah, that would be a problem. Easily fixed with a config setting or checking the os environment. Nor do i, buy why let someone else find it and exploit it if one does exist!!! This is more for the type of files i use in 1.2.4_bgs where all the Auth is done in index.php and each page is loaded by an include statement. I'm just so use to having them there that i feel better with them. On 12/7/05, Michael Meckelein wrote: > > Brian, > > This approach works only in a linux environment. Note that Windows uses > \ instead linux's / for directory browsing. > > E.g. file in > - windows: c:\webserver\phplogcon\config.php > - linux: /var/www/phplogcon/config.php > > Furthermore, I have to admit that I am not aware of an actually security > issue by accessing those file directly via url. Of course it is not > intended to call files like config.php directly. To prohibit accessing > files directly which are not intended to access directly is of course a > good security concept. But maybe I oversee a security issue with the > current (without your check) approach? > > Michael > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > bounces at lists.adiscon.com] On Behalf Of Brian Shea > > Sent: Wednesday, December 07, 2005 6:36 AM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > > > Michael, here is the code section that will disallow access to php > files > > from the URL. > > > > It basically looks at the file name in the $_SERVER[script_name] to > see if > > it mathces itself. > > > > // BGS -- do not allow access from URL > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > $_SERVER['SCRIPT_NAME'], "/" )); > > > > if( $filename == $requestname ) > > { > > session_unset(); > > header("Location: ../index.php"); > > exit; > > } > > // BGS end > > > > > > > > On 12/6/05, Brian Shea wrote: > > > > > > The code is just below the GNU license marked with > > > > > > // BGS -- > > > > > > // BGS end > > > > > > the first section is the trailing '/' (slash) removal, the second > > section > > > is the diss allow. I dont have the code in front of me to look at. > > > > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > > > Hi Brian, > > > > > > > > I need your help. Please can you point me to where I can find the > > > > following modification? > > > > > > > > > added php code to not allow certain files to be access by the > > > > > URL!!! esp. include.php and config.php > > > > > > > > Thank you. > > > > > > > > Best regards, > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:00:33 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:00:33 -0700 Subject: [Phplogcon-dev] duplicated code In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070800t2ed5eb10l4a58217ca6c248ce@mail.gmail.com> Can't, unless certain varibles are passed becuse the code looks at the file the code is in, and sometimes I need header("Location: ../index.php"); or header("Location: index.php"); Look close, one has ../index.php the other does not. I've always just seen it place at the top of every file as needed. On 12/7/05, Michael Meckelein wrote: > > Hi Brian, > > I noticed that you use duplicated code in some files. The code snippet > below is in e.g. auth.php, config.php, include.php, ... > > Wouldn't it be better to put it into a function onto the top in > include.php? > > // BGS -- This will remove the trailin / in a uri like .../index.php/ > // This causes the directories to get mucked up. > // Patch from http://www.php.net/manual/en/ref.apache.php by > henk_nicolai at REMOVE-THIS at hotmail dot com > $req = $_SERVER['REQUEST_URI']; > // Remove rubbish. > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > $_SERVER['SCRIPT_NAME'], $req); > if (strlen($newReq) < strlen($req)) > { > header ('Location: '.$newReq); > header ('HTTP/1.0 301 Moved Permanently'); > die; // Don't send any more output. > } > unset($req); > unset($newReq); > // BGS end > // BGS -- do not all access from URI > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > $_SERVER['SCRIPT_NAME'], "/" )); > if( $filename == $requestname ) > { > session_unset(); > header("Location: ../index.php"); > exit; > } > // BGS end > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:01:47 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:01:47 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4024@grfint2.intern.adiscon.com> Warning: the php-noob is writing about php ;) Would it be possible in php to set a variable (let's call if "validcall") in the main file and check that in each of the to-be-included files? So if they would be called directly, "validcall" would be unset. I've just similar things in ASP apps in the dark ages ;) It sounds pretty OS-independent but I am probably not aware of the quirks ;) Rainer PS: I think there isn't such thing as "too much security"... > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 4:58 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > Ah, that would be a problem. Easily fixed with a config > setting or checking > the os environment. > > Nor do i, buy why let someone else find it and exploit it if one does > exist!!! > > This is more for the type of files i use in 1.2.4_bgs where > all the Auth is > done in index.php and each page is loaded by an include statement. > > I'm just so use to having them there that i feel better with them. > > > > On 12/7/05, Michael Meckelein wrote: > > > > Brian, > > > > This approach works only in a linux environment. Note that > Windows uses > > \ instead linux's / for directory browsing. > > > > E.g. file in > > - windows: c:\webserver\phplogcon\config.php > > - linux: /var/www/phplogcon/config.php > > > > Furthermore, I have to admit that I am not aware of an > actually security > > issue by accessing those file directly via url. Of course it is not > > intended to call files like config.php directly. To > prohibit accessing > > files directly which are not intended to access directly is > of course a > > good security concept. But maybe I oversee a security issue with the > > current (without your check) approach? > > > > Michael > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev- > > > bounces at lists.adiscon.com] On Behalf Of Brian Shea > > > Sent: Wednesday, December 07, 2005 6:36 AM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > > > > > Michael, here is the code section that will disallow access to php > > files > > > from the URL. > > > > > > It basically looks at the file name in the > $_SERVER[script_name] to > > see if > > > it mathces itself. > > > > > > // BGS -- do not allow access from URL > > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > > $_SERVER['SCRIPT_NAME'], "/" )); > > > > > > if( $filename == $requestname ) > > > { > > > session_unset(); > > > header("Location: ../index.php"); > > > exit; > > > } > > > // BGS end > > > > > > > > > > > > On 12/6/05, Brian Shea wrote: > > > > > > > > The code is just below the GNU license marked with > > > > > > > > // BGS -- > > > > > > > > // BGS end > > > > > > > > the first section is the trailing '/' (slash) removal, > the second > > > section > > > > is the diss allow. I dont have the code in front of me > to look at. > > > > > > > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > > > > > Hi Brian, > > > > > > > > > > I need your help. Please can you point me to where I > can find the > > > > > following modification? > > > > > > > > > > > added php code to not allow certain files to be > access by the > > > > > > URL!!! esp. include.php and config.php > > > > > > > > > > Thank you. > > > > > > > > > > Best regards, > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:05:10 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:05:10 +0100 Subject: [Phplogcon-dev] duplicated code Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> another php-noob suggestion... what if that function would be place in *another* include file that is included in the not-to-be-directly called pages. Then, that function could be passed in the proper redirect location. Let me use a sample, NOT in php (pseudo-php at best ;)) in notToBeCalled.php include check.php call checker("../index.php") in check.php checker(redirect) do checking redirect to "redirect" in case of error I hope this conveys what I intend to say... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 5:01 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] duplicated code > > Can't, unless certain varibles are passed becuse the code > looks at the file > the code is in, and sometimes I need > > header("Location: ../index.php"); > > or > > header("Location: index.php"); > > Look close, one has ../index.php the other does not. > > I've always just seen it place at the top of every file as needed. > > On 12/7/05, Michael Meckelein wrote: > > > > Hi Brian, > > > > I noticed that you use duplicated code in some files. The > code snippet > > below is in e.g. auth.php, config.php, include.php, ... > > > > Wouldn't it be better to put it into a function onto the top in > > include.php? > > > > // BGS -- This will remove the trailin / in a uri like > .../index.php/ > > // This causes the directories to get mucked up. > > // Patch from http://www.php.net/manual/en/ref.apache.php by > > henk_nicolai at REMOVE-THIS at hotmail dot com > > $req = $_SERVER['REQUEST_URI']; > > // Remove rubbish. > > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > > $_SERVER['SCRIPT_NAME'], $req); > > if (strlen($newReq) < strlen($req)) > > { > > header ('Location: '.$newReq); > > header ('HTTP/1.0 301 Moved Permanently'); > > die; // Don't send any more output. > > } > > unset($req); > > unset($newReq); > > // BGS end > > // BGS -- do not all access from URI > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > $_SERVER['SCRIPT_NAME'], "/" )); > > if( $filename == $requestname ) > > { > > session_unset(); > > header("Location: ../index.php"); > > exit; > > } > > // BGS end > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:08:28 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:08:28 -0700 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070808y6a449911g4bce0ad4e59683e6@mail.gmail.com> Agree, we are not a high volume application. Side note: Maybe a good thing to slow it down in the case of brute force password cracking. (Users Table). (scripts can do this, not for us to worry about, yet). On 12/7/05, Michael Meckelein wrote: > > > Well... I've gone through the references and my guess is that Pear > will > > probably be not that bad in our case (though ADOdb might be something > we > > should look at). > > This -> > > > My reason is that I think we do relatively simply > > queries. Anyhow, these simple queries can relate to a lot of i/o at > the > > database itself, which probably turns out to be the botleneck. > > is exactly the point. phpLogCon does not bother the database with a high > amount of queries. The queries are typical simple as Rainer mentioned. > Just using some where clauses and only SystemEvents table have to select > if phplogcon works with data. > > Michael > > >Of > > course, nothing of this is verified, but I have the strong impression > > that performance will not be that much of an issue (well, to be > > precisely "performance of the abstraction layer" - performance per se > > *is* an issue, especially with the potentially huge amounts of data we > > have in syslog... ;)). > > > > So my educated (but unverified) opinion is that it would probably be > > worth looking at Pear. I Am still of the view that native DB support > via > > our own layer is causing more trouble than it is worth. > > > > My 2cts... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > phpLogCon > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > performance-wise. > > > > > > Of course, abstraction layer have naturally impact on > > > performance. I did > > > some research about pear::db performance. I was surprised some say > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > DBMS-specific code" [1]. Also found some benchmark indicating that > is > > > true [2][3]. > > > > > > As I already wrote, I have used pear::db in small projects > > > and it works > > > great. The impact of the abstraction layer was hardly noticeable > > > (subjective), but I have not made any performance testing. > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > > > decision indicates that it worth to use a db abstraction layer. I > > > support this approach since I know about the trouble, testing and > time > > > effort for developing your own db wrapper. > > > > > > Michael > > > > > > [1] Impaired performance of pear::db > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > [2] simple benchmark (08/13/02) comparing some db abstraction layer > > > http://freshmeat.net/screenshots/30313/ > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > MySQL > > > http://phplens.com/lens/adodb/ > > > [4] Is PEAR DB worth using?" > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > /1d1dca65e > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:11:21 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:11:21 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> hehe... another low priority todo list item - tarpiting attacks (after all, such a brute force may case the system to exhaust its ressources...) --Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 5:08 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > Agree, we are not a high volume application. > > Side note: > Maybe a good thing to slow it down in the case of brute > force password > cracking. (Users Table). (scripts can do this, not for us to > worry about, > yet). > > > On 12/7/05, Michael Meckelein wrote: > > > > > Well... I've gone through the references and my guess is that Pear > > will > > > probably be not that bad in our case (though ADOdb might > be something > > we > > > should look at). > > > > This -> > > > > > My reason is that I think we do relatively simply > > > queries. Anyhow, these simple queries can relate to a lot > of i/o at > > the > > > database itself, which probably turns out to be the botleneck. > > > > is exactly the point. phpLogCon does not bother the > database with a high > > amount of queries. The queries are typical simple as Rainer > mentioned. > > Just using some where clauses and only SystemEvents table > have to select > > if phplogcon works with data. > > > > Michael > > > > >Of > > > course, nothing of this is verified, but I have the > strong impression > > > that performance will not be that much of an issue (well, to be > > > precisely "performance of the abstraction layer" - > performance per se > > > *is* an issue, especially with the potentially huge > amounts of data we > > > have in syslog... ;)). > > > > > > So my educated (but unverified) opinion is that it would > probably be > > > worth looking at Pear. I Am still of the view that native > DB support > > via > > > our own layer is causing more trouble than it is worth. > > > > > > My 2cts... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > > phpLogCon > > > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > > performance-wise. > > > > > > > > Of course, abstraction layer have naturally impact on > > > > performance. I did > > > > some research about pear::db performance. I was > surprised some say > > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > > DBMS-specific code" [1]. Also found some benchmark > indicating that > > is > > > > true [2][3]. > > > > > > > > As I already wrote, I have used pear::db in small projects > > > > and it works > > > > great. The impact of the abstraction layer was hardly noticeable > > > > (subjective), but I have not made any performance testing. > > > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. > It's a good > > > > decision indicates that it worth to use a db > abstraction layer. I > > > > support this approach since I know about the trouble, > testing and > > time > > > > effort for developing your own db wrapper. > > > > > > > > Michael > > > > > > > > [1] Impaired performance of pear::db > > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > > [2] simple benchmark (08/13/02) comparing some db > abstraction layer > > > > http://freshmeat.net/screenshots/30313/ > > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > > MySQL > > > > http://phplens.com/lens/adodb/ > > > > [4] Is PEAR DB worth using?" > > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > > /1d1dca65e > > > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:13:36 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:13:36 -0700 Subject: [Phplogcon-dev] duplicated code In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070813g57855463u745b747e667b8d0@mail.gmail.com> Got it,sudo code is fine. Wont work like that with out __FILE__ You need to pass the __FILE__ (special varible in php to give the file name) so checker(__FILE__, $wheretogo); or no functions in notToBeCalled.php and just set $me = __FILE__; $wheretogo="home_sweet_home"; include notToBeCalled.php //will get here if all is good. unset($me); unset($wheretogo); The first trailing '/' can be a function. Nothing special there. On 12/7/05, Rainer Gerhards wrote: > > another php-noob suggestion... > > what if that function would be place in *another* include file that is > included in the not-to-be-directly called pages. Then, that function > could be passed in the proper redirect location. > > Let me use a sample, NOT in php (pseudo-php at best ;)) > > in notToBeCalled.php > include check.php > call checker("../index.php") > > in check.php > checker(redirect) > do checking > redirect to "redirect" in case of error > > I hope this conveys what I intend to say... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Wednesday, December 07, 2005 5:01 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] duplicated code > > > > Can't, unless certain varibles are passed becuse the code > > looks at the file > > the code is in, and sometimes I need > > > > header("Location: ../index.php"); > > > > or > > > > header("Location: index.php"); > > > > Look close, one has ../index.php the other does not. > > > > I've always just seen it place at the top of every file as needed. > > > > On 12/7/05, Michael Meckelein wrote: > > > > > > Hi Brian, > > > > > > I noticed that you use duplicated code in some files. The > > code snippet > > > below is in e.g. auth.php, config.php, include.php, ... > > > > > > Wouldn't it be better to put it into a function onto the top in > > > include.php? > > > > > > // BGS -- This will remove the trailin / in a uri like > > .../index.php/ > > > // This causes the directories to get mucked up. > > > // Patch from http://www.php.net/manual/en/ref.apache.php by > > > henk_nicolai at REMOVE-THIS at hotmail dot com > > > $req = $_SERVER['REQUEST_URI']; > > > // Remove rubbish. > > > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > > > $_SERVER['SCRIPT_NAME'], $req); > > > if (strlen($newReq) < strlen($req)) > > > { > > > header ('Location: '.$newReq); > > > header ('HTTP/1.0 301 Moved Permanently'); > > > die; // Don't send any more output. > > > } > > > unset($req); > > > unset($newReq); > > > // BGS end > > > // BGS -- do not all access from URI > > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > > $_SERVER['SCRIPT_NAME'], "/" )); > > > if( $filename == $requestname ) > > > { > > > session_unset(); > > > header("Location: ../index.php"); > > > exit; > > > } > > > // BGS end > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:18:12 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:18:12 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C425@grfint2.intern.adiscon.com> Brian wrote: > Side note: > Maybe a good thing to slow it down in the case of brute force password > cracking. (Users Table). (scripts can do this, not for us to worry about, > yet). Rainer wrote: > hehe... another low priority todo list item - tarpiting attacks (after > all, such a brute force may case the system to exhaust its > ressources...) As a simply approach we can log failed login attempts. E.g. if there are more than three failed login attempts in a minute, we can disable the login for this user for some minutes. Michael From rgerhards at hq.adiscon.com Wed Dec 7 17:20:28 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:20:28 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4028@grfint2.intern.adiscon.com> Is there something like a sleep() call in php? Sleep(), in most OS, is a way to tell the OS that the callig process has no interest in being executed for the specified amount of time. If such a beast exists, we could sleep() a few ms for each wrong login and maybe up to 30 seconds as the failures increase... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:18 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] brute force password cracking prevention > > Brian wrote: > > Side note: > > Maybe a good thing to slow it down in the case of brute force > password > > cracking. (Users Table). (scripts can do this, not for us to worry > about, > > yet). > > Rainer wrote: > > hehe... another low priority todo list item - tarpiting > attacks (after > > all, such a brute force may case the system to exhaust its > > ressources...) > > As a simply approach we can log failed login attempts. E.g. > if there are > more than three failed login attempts in a minute, we can disable the > login for this user for some minutes. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:23:05 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:23:05 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C427@grfint2.intern.adiscon.com> > Is there something like a sleep() call in php? Of course, it is. http://www.php.net/sleep Michael > Sleep(), in most OS, is a > way to tell the OS that the callig process has no interest in being > executed for the specified amount of time. > > If such a beast exists, we could sleep() a few ms for each wrong login > and maybe up to 30 seconds as the failures increase... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:18 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > Brian wrote: > > > Side note: > > > Maybe a good thing to slow it down in the case of brute force > > password > > > cracking. (Users Table). (scripts can do this, not for us to worry > > about, > > > yet). > > > > Rainer wrote: > > > hehe... another low priority todo list item - tarpiting > > attacks (after > > > all, such a brute force may case the system to exhaust its > > > ressources...) > > > > As a simply approach we can log failed login attempts. E.g. > > if there are > > more than three failed login attempts in a minute, we can disable the > > login for this user for some minutes. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From rgerhards at hq.adiscon.com Wed Dec 7 17:30:11 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:30:11 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402B@grfint2.intern.adiscon.com> OK, I propose to usleep((f/2)*1000000+200000) where f is the number of failed logins. f should not be allowed to grow larger than 60, because I think we will get into trouble with php execution timeout (there is one, isn't it? ;)) at some point. Please note that the +200000 handles the case of just one invalid login. How does this sound? Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:23 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > Is there something like a sleep() call in php? > > Of course, it is. > http://www.php.net/sleep > > Michael > > > > Sleep(), in most OS, is a > > way to tell the OS that the callig process has no interest in being > > executed for the specified amount of time. > > > > If such a beast exists, we could sleep() a few ms for each > wrong login > > and maybe up to 30 seconds as the failures increase... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > Brian wrote: > > > > Side note: > > > > Maybe a good thing to slow it down in the case of brute force > > > password > > > > cracking. (Users Table). (scripts can do this, not for > us to worry > > > about, > > > > yet). > > > > > > Rainer wrote: > > > > hehe... another low priority todo list item - tarpiting > > > attacks (after > > > > all, such a brute force may case the system to exhaust its > > > > ressources...) > > > > > > As a simply approach we can log failed login attempts. E.g. > > > if there are > > > more than three failed login attempts in a minute, we can disable > the > > > login for this user for some minutes. > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From alorbach at ro1.adiscon.com Wed Dec 7 17:31:09 2005 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Wed, 7 Dec 2005 17:31:09 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: Hi, Finally I can also say something here ;) A sleep of 1000 ms "if" the password was wrong would slow down a brute force attack. Sounds like a good idea. Regards, Andre > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:23 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > Is there something like a sleep() call in php? > > Of course, it is. > http://www.php.net/sleep > > Michael > > > > Sleep(), in most OS, is a > > way to tell the OS that the callig process has no interest in being > > executed for the specified amount of time. > > > > If such a beast exists, we could sleep() a few ms for each > wrong login > > and maybe up to 30 seconds as the failures increase... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > Brian wrote: > > > > Side note: > > > > Maybe a good thing to slow it down in the case of brute force > > > password > > > > cracking. (Users Table). (scripts can do this, not for > us to worry > > > about, > > > > yet). > > > > > > Rainer wrote: > > > > hehe... another low priority todo list item - tarpiting > > > attacks (after > > > > all, such a brute force may case the system to exhaust its > > > > ressources...) > > > > > > As a simply approach we can log failed login attempts. E.g. > > > if there are > > > more than three failed login attempts in a minute, we can disable > the > > > login for this user for some minutes. > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:33:15 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:33:15 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402C@grfint2.intern.adiscon.com> oh, and one thing: we would probably need to track failed logins on a per-ip basis (beware of concurrent requests). Now this simple thing begins to become complicated ;) Anyhow, I think we are far enough to create a todo item (but not to solve it). Is there agreement? Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Andre Lorbach > Sent: Wednesday, December 07, 2005 5:31 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > Hi, > > Finally I can also say something here ;) > A sleep of 1000 ms "if" the password was wrong would slow down a brute > force attack. Sounds like a good idea. > > Regards, > Andre > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:23 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > > Is there something like a sleep() call in php? > > > > Of course, it is. > > http://www.php.net/sleep > > > > Michael > > > > > > > Sleep(), in most OS, is a > > > way to tell the OS that the callig process has no > interest in being > > > executed for the specified amount of time. > > > > > > If such a beast exists, we could sleep() a few ms for each > > wrong login > > > and maybe up to 30 seconds as the failures increase... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > > Brian wrote: > > > > > Side note: > > > > > Maybe a good thing to slow it down in the case of brute force > > > > password > > > > > cracking. (Users Table). (scripts can do this, not for > > us to worry > > > > about, > > > > > yet). > > > > > > > > Rainer wrote: > > > > > hehe... another low priority todo list item - tarpiting > > > > attacks (after > > > > > all, such a brute force may case the system to exhaust its > > > > > ressources...) > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > if there are > > > > more than three failed login attempts in a minute, we > can disable > > the > > > > login for this user for some minutes. > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:35:21 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:35:21 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C428@grfint2.intern.adiscon.com> Actually, maximum execution time is 30 seconds by default. Editable in php.ini (max_execution_time). Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > Sent: Wednesday, December 07, 2005 5:30 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > OK, I propose to usleep((f/2)*1000000+200000) where f is the number of > failed logins. f should not be allowed to grow larger than 60, because I > think we will get into trouble with php execution timeout (there is one, > isn't it? ;)) at some point. Please note that the +200000 handles the > case of just one invalid login. > > How does this sound? > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:23 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > > > Is there something like a sleep() call in php? > > > > Of course, it is. > > http://www.php.net/sleep > > > > Michael > > > > > > > Sleep(), in most OS, is a > > > way to tell the OS that the callig process has no interest in being > > > executed for the specified amount of time. > > > > > > If such a beast exists, we could sleep() a few ms for each > > wrong login > > > and maybe up to 30 seconds as the failures increase... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > > > Brian wrote: > > > > > Side note: > > > > > Maybe a good thing to slow it down in the case of brute force > > > > password > > > > > cracking. (Users Table). (scripts can do this, not for > > us to worry > > > > about, > > > > > yet). > > > > > > > > Rainer wrote: > > > > > hehe... another low priority todo list item - tarpiting > > > > attacks (after > > > > > all, such a brute force may case the system to exhaust its > > > > > ressources...) > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > if there are > > > > more than three failed login attempts in a minute, we can disable > > the > > > > login for this user for some minutes. > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From rgerhards at hq.adiscon.com Wed Dec 7 17:36:48 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:36:48 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> ok, so "f" should not grow larger than 50 (25.2 seconds sleep time). --Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:35 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > Actually, maximum execution time is 30 seconds by default. Editable in > php.ini (max_execution_time). > > Michael > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > > Sent: Wednesday, December 07, 2005 5:30 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > OK, I propose to usleep((f/2)*1000000+200000) where f is > the number of > > failed logins. f should not be allowed to grow larger than > 60, because > I > > think we will get into trouble with php execution timeout (there is > one, > > isn't it? ;)) at some point. Please note that the +200000 > handles the > > case of just one invalid login. > > > > How does this sound? > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:23 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > Is there something like a sleep() call in php? > > > > > > Of course, it is. > > > http://www.php.net/sleep > > > > > > Michael > > > > > > > > > > Sleep(), in most OS, is a > > > > way to tell the OS that the callig process has no interest in > being > > > > executed for the specified amount of time. > > > > > > > > If such a beast exists, we could sleep() a few ms for each > > > wrong login > > > > and maybe up to 30 seconds as the failures increase... > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Michael Meckelein > > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > > > > Brian wrote: > > > > > > Side note: > > > > > > Maybe a good thing to slow it down in the case of > brute force > > > > > password > > > > > > cracking. (Users Table). (scripts can do this, not for > > > us to worry > > > > > about, > > > > > > yet). > > > > > > > > > > Rainer wrote: > > > > > > hehe... another low priority todo list item - tarpiting > > > > > attacks (after > > > > > > all, such a brute force may case the system to exhaust its > > > > > > ressources...) > > > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > > if there are > > > > > more than three failed login attempts in a minute, we can > disable > > > the > > > > > login for this user for some minutes. > > > > > > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 18:40:38 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 12:40:38 -0500 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070940j4ff9ea9du5c4a87a2746b5986@mail.gmail.com> text_CAPATCHA, think i spelled it right, look at pear, this could be (required/optional) for login along with passwords Rev 2 issue? Programming 101 More security = harder to use and no one likes it Less security = easy to use, and not enough to keep bad guys out we need to be in between, or let user set the amount of security they want. For me, i would enable it. Then we could log login attempts. and disable account after x attempts, except for 1 account that would be admin account!! Or limit number pre time interval (min/hour/day) On 12/7/05, Rainer Gerhards wrote: > > hehe... another low priority todo list item - tarpiting attacks (after > all, such a brute force may case the system to exhaust its > ressources...) > > --Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Wednesday, December 07, 2005 5:08 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > > Agree, we are not a high volume application. > > > > Side note: > > Maybe a good thing to slow it down in the case of brute > > force password > > cracking. (Users Table). (scripts can do this, not for us to > > worry about, > > yet). > > > > > > On 12/7/05, Michael Meckelein wrote: > > > > > > > Well... I've gone through the references and my guess is that Pear > > > will > > > > probably be not that bad in our case (though ADOdb might > > be something > > > we > > > > should look at). > > > > > > This -> > > > > > > > My reason is that I think we do relatively simply > > > > queries. Anyhow, these simple queries can relate to a lot > > of i/o at > > > the > > > > database itself, which probably turns out to be the botleneck. > > > > > > is exactly the point. phpLogCon does not bother the > > database with a high > > > amount of queries. The queries are typical simple as Rainer > > mentioned. > > > Just using some where clauses and only SystemEvents table > > have to select > > > if phplogcon works with data. > > > > > > Michael > > > > > > >Of > > > > course, nothing of this is verified, but I have the > > strong impression > > > > that performance will not be that much of an issue (well, to be > > > > precisely "performance of the abstraction layer" - > > performance per se > > > > *is* an issue, especially with the potentially huge > > amounts of data we > > > > have in syslog... ;)). > > > > > > > > So my educated (but unverified) opinion is that it would > > probably be > > > > worth looking at Pear. I Am still of the view that native > > DB support > > > via > > > > our own layer is causing more trouble than it is worth. > > > > > > > > My 2cts... > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Michael Meckelein > > > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > > > phpLogCon > > > > > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > > > performance-wise. > > > > > > > > > > Of course, abstraction layer have naturally impact on > > > > > performance. I did > > > > > some research about pear::db performance. I was > > surprised some say > > > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > > > DBMS-specific code" [1]. Also found some benchmark > > indicating that > > > is > > > > > true [2][3]. > > > > > > > > > > As I already wrote, I have used pear::db in small projects > > > > > and it works > > > > > great. The impact of the abstraction layer was hardly noticeable > > > > > (subjective), but I have not made any performance testing. > > > > > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. > > It's a good > > > > > decision indicates that it worth to use a db > > abstraction layer. I > > > > > support this approach since I know about the trouble, > > testing and > > > time > > > > > effort for developing your own db wrapper. > > > > > > > > > > Michael > > > > > > > > > > [1] Impaired performance of pear::db > > > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > > > [2] simple benchmark (08/13/02) comparing some db > > abstraction layer > > > > > http://freshmeat.net/screenshots/30313/ > > > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > > > MySQL > > > > > http://phplens.com/lens/adodb/ > > > > > [4] Is PEAR DB worth using?" > > > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > > > /1d1dca65e > > > > > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 18:45:14 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 12:45:14 -0500 Subject: [Phplogcon-dev] brute force password cracking prevention In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070945v5d905dd0k9a85c7b9a1432b79@mail.gmail.com> Yep, this all sound good, Lets put it on a TODO list. On 12/7/05, Rainer Gerhards wrote: > > ok, so "f" should not grow larger than 50 (25.2 seconds sleep time). > > --Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:35 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > > Actually, maximum execution time is 30 seconds by default. Editable in > > php.ini (max_execution_time). > > > > Michael > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > > > Sent: Wednesday, December 07, 2005 5:30 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > OK, I propose to usleep((f/2)*1000000+200000) where f is > > the number of > > > failed logins. f should not be allowed to grow larger than > > 60, because > > I > > > think we will get into trouble with php execution timeout (there is > > one, > > > isn't it? ;)) at some point. Please note that the +200000 > > handles the > > > case of just one invalid login. > > > > > > How does this sound? > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:23 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > > > > Is there something like a sleep() call in php? > > > > > > > > Of course, it is. > > > > http://www.php.net/sleep > > > > > > > > Michael > > > > > > > > > > > > > Sleep(), in most OS, is a > > > > > way to tell the OS that the callig process has no interest in > > being > > > > > executed for the specified amount of time. > > > > > > > > > > If such a beast exists, we could sleep() a few ms for each > > > > wrong login > > > > > and maybe up to 30 seconds as the failures increase... > > > > > > > > > > Rainer > > > > > > > > > > > -----Original Message----- > > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > > Michael Meckelein > > > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > > Subject: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > > > > > > > Brian wrote: > > > > > > > Side note: > > > > > > > Maybe a good thing to slow it down in the case of > > brute force > > > > > > password > > > > > > > cracking. (Users Table). (scripts can do this, not for > > > > us to worry > > > > > > about, > > > > > > > yet). > > > > > > > > > > > > Rainer wrote: > > > > > > > hehe... another low priority todo list item - tarpiting > > > > > > attacks (after > > > > > > > all, such a brute force may case the system to exhaust its > > > > > > > ressources...) > > > > > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > > > if there are > > > > > > more than three failed login attempts in a minute, we can > > disable > > > > the > > > > > > login for this user for some minutes. > > > > > > > > > > > > Michael > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Thu Dec 8 04:56:14 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 20:56:14 -0700 Subject: [Phplogcon-dev] TODO Taks List Message-ID: <9ef8de70512071956n2b68ee58tf47fb5161481d1de@mail.gmail.com> We have many items to work on now :) !!! I think it is time to organize them in to tasks? 1) Mysql Character flaw. 2) Cookie flaw. 3) PEAR:DB 4) text_CAPATCHA, do we want it ? 5) Logins, user Auth, login attemps and such 6) Parametric searches (AND, OR) search terms 7) phpLogCon Layout Did I miss any? From bgshea at gmail.com Thu Dec 8 15:52:24 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 07:52:24 -0700 Subject: [Phplogcon-dev] Flow Chart for Index.php Message-ID: <9ef8de70512080652u568f88d3v711c233d5a2d8c5a@mail.gmail.com> I'm not sure if i can send pdf files to the mailing list. There is a new page on my site http://www.hackthebox.org/phplogcon/index.php This shows one way to have phplogcon flow. Open to suggestions. Once we agree on a flow, we can then work on each specific box flow. We can add more in/out directions for boxes, but at the top level simple is good. The boxes are color coded, each color represents other php files that have code in them. Same color box means the code is in the same file. This was based on my 1.2.4_bgs that has the common index.php and branches off to each page from a switch statement. The session variable page can be replaced with a cookie, and that cookie has nothing to do with security, since the user has to pass through auth first. Let me know what you think. If you want to stick with the current setup with multiple pages i can draw up more flow charts. Brian From mmeckelein at hq.adiscon.com Thu Dec 8 16:27:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Thu, 8 Dec 2005 16:27:04 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C429@grfint2.intern.adiscon.com> Brian, Please note that some users want not use phplogcon's ability of user management/authentication. In the branch phplogcon-1.2.4_bgs it is not possible to turn off user management/authentication. I think it is a vital point that phplogcon is working without the authentication stuff. Please hold in mind that phplogcon is also running in a windows environment (IIS). Some people prefer to use windows integrated authentication. It is worth to mention, I thought, that it will not be forgotten. Michael From mmeckelein at hq.adiscon.com Thu Dec 8 16:36:42 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Thu, 8 Dec 2005 16:36:42 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> > I think it is a vital point that phplogcon is working without the > authentication stuff. Please hold in mind that phplogcon is also running > in a windows environment (IIS). Some people prefer to use windows > integrated authentication. To be accurate, using windows authentication is only the authentication part to deny access to users who are not authorized (same as using e.g. .htaccess or other file access control mechanism). Of course using only one of these approaches provides not the advantages of phplogcon's user management. Michael From bgshea at gmail.com Fri Dec 9 01:16:55 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 19:16:55 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> So in IIS people have it setup to allows users listed in the windows users to access, such as administrator. In which case, you do not want to verify them against a user in the DB. Okay, that is fine. We just remove the user in DB check from the auth function when server (apache, IIS) auth is turned on. Sessions are sent as a cookie to the browser and stored. So when the server authenticates a user and grants access, the PHP code will pick up the session id and all session value restored. Since sessions are started before auth is run, auth can be removed!! Or return true with server auth is enalbed. I dont see any issues here. Auth was a means for a central authentication so that if a change was required, it would be propagated to all pages that called auth. Since, in 1.2.4_bgs, all page access is done from index.php, we just need to add a define to the config.php called SERVER_AUTH and set it true with the server does the authentication. Auth can still be called, it will just need to check for the define statement and return true. I have to use a vacation day so i will be off friday (Dec 9th), (execpt for one breif meeting) i can work on adding this feature. On 12/8/05, Michael Meckelein wrote: > > > I think it is a vital point that phplogcon is working without the > > authentication stuff. Please hold in mind that phplogcon is also > running > > in a windows environment (IIS). Some people prefer to use windows > > integrated authentication. > > To be accurate, using windows authentication is only the authentication > part to deny access to users who are not authorized (same as using e.g. > .htaccess or other file access control mechanism). Of course using only > one of these approaches provides not the advantages of phplogcon's user > management. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Fri Dec 9 01:21:19 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 19:21:19 -0500 Subject: [Phplogcon-dev] More flow charts Message-ID: <9ef8de70512081621i66446711rde80aa5f9b3717bb@mail.gmail.com> I'm going to go back through all the emails and make of a flow chart for user authentication. Including the server auth as described by Michael. I will post this to my webpage. I will probably also make up a few more for the user config and filter options. These are not set in stone, so please make suggestions/changes so we can all agree on the program flow. Brian From bgshea at gmail.com Fri Dec 9 06:18:40 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 22:18:40 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> Message-ID: <9ef8de70512082118g6de50c3at355bf7aed03deea1@mail.gmail.com> One question? If Apache or IIS is used to authenticate users, how do you know which user got authenticated? Or does phplogcon not care? Single user web app. One addition to the previous email, _SESS_SHARE_TBL will not be compatible with _SERVER_AUTH. _SERVER_AUTH will negate _SESS_SHARE_TBL, so a seperate session table will need to be used. No big deal. In this mode, sessions will only store settings that the user sets. But I suspect that in future version of phpLogCon most of the filter and config setting will be stored into UserPrefs table. Draw backs, if users migrates from PC to Laptop to Home computer to whereever, his settings will be different on each computer. Since the server (IIS or APACHE) does not pass along user info, there is no way for phplogCon to know which settings to load. Options, use sessions only to store things that are required to navigate the pages, preform searchs, and return results. Everything else, predefiined search terms, layout, language, etc, get stored to UserPrefs. UsersPrefs are loaded no matter who view the page. On 12/8/05, Brian Shea wrote: > > So in IIS people have it setup to allows users listed in the windows users > to access, such as administrator. In which case, you do not want to verify > them against a user in the DB. Okay, that is fine. We just remove the user > in DB check from the auth function when server (apache, IIS) auth is turned > on. Sessions are sent as a cookie to the browser and stored. So when the > server authenticates a user and grants access, the PHP code will pick up the > session id and all session value restored. > > Since sessions are started before auth is run, auth can be removed!! Or > return true with server auth is enalbed. > > I dont see any issues here. Auth was a means for a central authentication > so that if a change was required, it would be propagated to all pages that > called auth. > > Since, in 1.2.4_bgs, all page access is done from index.php, we just need > to add a define to the config.php called SERVER_AUTH and set it true with > the server does the authentication. > > Auth can still be called, it will just need to check for the define > statement and return true. > > I have to use a vacation day so i will be off friday (Dec 9th), (execpt > for one breif meeting) i can work on adding this feature. > > > On 12/8/05, Michael Meckelein wrote: > > > > > I think it is a vital point that phplogcon is working without the > > > authentication stuff. Please hold in mind that phplogcon is also > > running > > > in a windows environment (IIS). Some people prefer to use windows > > > integrated authentication. > > > > To be accurate, using windows authentication is only the authentication > > part to deny access to users who are not authorized (same as using e.g. > > .htaccess or other file access control mechanism). Of course using only > > one of these approaches provides not the advantages of phplogcon's user > > management. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From mmeckelein at hq.adiscon.com Fri Dec 9 10:30:17 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Fri, 9 Dec 2005 10:30:17 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42B@grfint2.intern.adiscon.com> Brian, Probably I was too vague. As in phplogcon_1.2.1, if the user leaved the "Install User Interface:" unchecked (or set it manually in config.php, define('_ENABLEUI', 0)) there is NO user management for phplogcon. No user in Users table. So it can only used as a single user application. Using authentication (windows, linux, whatever) together with this configuration is only used to denied access to phplogcon's pages to who are not authorizes to use it. I did not mean to use the OS authentication mechanism to verify against phplogcon's own user management system. Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Friday, December 09, 2005 1:17 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > So in IIS people have it setup to allows users listed in the windows users > to access, such as administrator. In which case, you do not want to verify > them against a user in the DB. Okay, that is fine. We just remove the user > in DB check from the auth function when server (apache, IIS) auth is > turned > on. Sessions are sent as a cookie to the browser and stored. So when the > server authenticates a user and grants access, the PHP code will pick up > the > session id and all session value restored. > > Since sessions are started before auth is run, auth can be removed!! Or > return true with server auth is enalbed. > > I dont see any issues here. Auth was a means for a central authentication > so > that if a change was required, it would be propagated to all pages that > called auth. > > Since, in 1.2.4_bgs, all page access is done from index.php, we just need > to > add a define to the config.php called SERVER_AUTH and set it true with the > server does the authentication. > > Auth can still be called, it will just need to check for the define > statement and return true. > > I have to use a vacation day so i will be off friday (Dec 9th), (execpt > for > one breif meeting) i can work on adding this feature. > > > On 12/8/05, Michael Meckelein wrote: > > > > > I think it is a vital point that phplogcon is working without the > > > authentication stuff. Please hold in mind that phplogcon is also > > running > > > in a windows environment (IIS). Some people prefer to use windows > > > integrated authentication. > > > > To be accurate, using windows authentication is only the authentication > > part to deny access to users who are not authorized (same as using e.g. > > .htaccess or other file access control mechanism). Of course using only > > one of these approaches provides not the advantages of phplogcon's user > > management. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Fri Dec 9 11:36:58 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Fri, 9 Dec 2005 11:36:58 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> > One question? > > If Apache or IIS is used to authenticate users, how do you know which user > got authenticated? > > Or does phplogcon not care? Single user web app. Phplogcon does not care! Yes, some admins want to use it as a single user app. I have a quick discussion with Rainer and he has a good idea, I think. What's about to use a "hidden user" if phplogcon is installed without user management. This means that in spite of user said "NO I want not use phpLogCon's user management", phplogcon creates a user account. Also during the install process phplogcon puts a _AutoLogin_User = Userid var into config.php where the userid is the user account created for this purpose. If a user name is set to _AutoLogin_User, phplogcon automatically logins to this user account without any interaction from the user. [snip] > But I suspect that in future > version of phpLogCon most of the filter and config setting will be stored > into UserPrefs table. Actually this is possible in the current release. In the user-config.php page, the user can set "Save filter settings in database and load them while logging in". But this does not mean that which each page request phplogcon reads the filter options / user options from the database. Let me elaborate a little in which way it works and what was our intension. If you login to phplogcon, it reads the user settings from UserPrefs table and store it into session's variables. Each phplogcon's page you visit, it reads the settings from the session variable pool. About the following three pages in phplogcon and their relation with database/sessions: - User_Options Here a user can set things he prefer like language, stylesheet settings and so on. By "Update Config" the settings are stored into database and into the current session vars. - Filter_Options Here you can alter your default filter settings which are used to display data e.g. in Show_events page. [quote from manual] If User Interface is enabled and the option "Save filter settings in database and load them while logging in" is checked, all filter settings will be saved in database. Otherwise, they only will stay like this in current session! If User Interface is disabled, the settings will only stay like this in the current session. Next time opening phpLogCon, they will be default. [/quote from manual] This means if user management is enabled, clicking "Update Config" stored the filter settings in database and into session vars. You can say that the user can define his default filter settings on the Filter Options page. These filter settings are read during user login. - Show_Events [quote from manual] Here you can see the events; listed in respect to the current filter settings. Also you can use the quick filter, that allows you to override (not overwrite!) temporally your current filter settings. This provides a quick view on different filtered events, without going to the filter options. You can also choose how much event's should be displayed per page, color and search for an expression and search for a Host or IP. [/quote from manual] "override (not overwrite!) temporally your current filter settings" this is the most important point. Clicking "Submit" does not change any values in the database neither it change the filter settings defined on the Filter_Options page. Hold in mind, the form elements you see on Show_Events page are so called "Quick Filters": [quote from manual] They will override the general filters while staying in Events Display. They provide you quick changes for temporally viewing different and little bit fine filtered events, without changing your general filter settings. [/quote from manual] Hope it is clear how it works. If you have any questions or any concern with this approach, don't hesitate to write ;) Best regards, Michael From bgshea at gmail.com Fri Dec 9 16:28:18 2005 From: bgshea at gmail.com (Brian Shea) Date: Fri, 9 Dec 2005 08:28:18 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> Got ya. It was a bit confusing with the excessive use of the session varible in the code. It looked like you were trying to use sessions, but wanted some other method of storage. Okay, the _SERVER_AUTH can be replaced by _ENABLEUI so auth will just return true. No user will be authenticated by phpLogCon. Or Auth is never called, i perfer the other way one central auth method that does not required multiple pages to be updated. I'm going to update my auth flow chart i made last night a post it. This should now show with EnableUI and with EnableUI auth flow. Filter settings will only be written to the DB when Filter Settings are updated from Filter Options page. Quick Filter settings will override the stored filter settings but not overwrite! Brian On 12/9/05, Michael Meckelein wrote: > > > One question? > > > > If Apache or IIS is used to authenticate users, how do you know which > user > > got authenticated? > > > > Or does phplogcon not care? Single user web app. > > Phplogcon does not care! Yes, some admins want to use it as a single > user app. > > I have a quick discussion with Rainer and he has a good idea, I think. > What's about to use a "hidden user" if phplogcon is installed without > user management. This means that in spite of user said "NO I want not > use phpLogCon's user management", phplogcon creates a user account. Also > during the install process phplogcon puts a _AutoLogin_User = Userid var > into config.php where the userid is the user account created for this > purpose. If a user name is set to _AutoLogin_User, phplogcon > automatically logins to this user account without any interaction from > the user. > > [snip] > > But I suspect that in future > > version of phpLogCon most of the filter and config setting will be > stored > > into UserPrefs table. > > Actually this is possible in the current release. In the user-config.php > page, the user can set "Save filter settings in database and load them > while logging in". But this does not mean that which each page request > phplogcon reads the filter options / user options from the database. > > Let me elaborate a little in which way it works and what was our > intension. > > If you login to phplogcon, it reads the user settings from UserPrefs > table and store it into session's variables. Each phplogcon's page you > visit, it reads the settings from the session variable pool. > > About the following three pages in phplogcon and their relation with > database/sessions: > > - User_Options > Here a user can set things he prefer like language, stylesheet settings > and so on. By "Update Config" the settings are stored into database and > into the current session vars. > > - Filter_Options > Here you can alter your default filter settings which are used to > display data e.g. in Show_events page. > [quote from manual] > If User Interface is enabled and the option "Save filter settings in > database and load them while logging in" is checked, all filter settings > will be saved in database. Otherwise, they only will stay like this in > current session! > > If User Interface is disabled, the settings will only stay like this in > the current session. Next time opening phpLogCon, they will be default. > [/quote from manual] > > This means if user management is enabled, clicking "Update Config" > stored the filter settings in database and into session vars. You can > say that the user can define his default filter settings on the Filter > Options page. These filter settings are read during user login. > > - Show_Events > [quote from manual] > Here you can see the events; listed in respect to the current filter > settings. Also you can use the quick filter, that allows you to override > (not overwrite!) temporally your current filter settings. This provides > a quick view on different filtered events, without going to the filter > options. You can also choose how much event's should be displayed per > page, color and search for an expression and search for a Host or IP. > [/quote from manual] > > "override (not overwrite!) temporally your current filter settings" this > is the most important point. Clicking "Submit" does not change any > values in the database neither it change the filter settings defined on > the Filter_Options page. > > Hold in mind, the form elements you see on Show_Events page are so > called "Quick Filters": > [quote from manual] > They will override the general filters while staying in Events Display. > They provide you quick changes for temporally viewing different and > little bit fine filtered events, without changing your general filter > settings. > [/quote from manual] > > Hope it is clear how it works. If you have any questions or any concern > with this approach, don't hesitate to write ;) > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Fri Dec 9 20:06:00 2005 From: bgshea at gmail.com (Brian Shea) Date: Fri, 9 Dec 2005 12:06:00 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> Message-ID: <9ef8de70512091106k147c30dbr7e9c2d5e598749a5@mail.gmail.com> Okay, it should work with _ENABLEUI setting now. Only will authenticate users when _ENABLEUI is set to 1. Michael, were you having trouble with the trailing slash removal? If so what was the problem? we should fix it to work with IIS and Apache. 1.2.5_bgs is posted and can be downloaded. Changes include: Removed redirect to remove ?page from url, was causing trouble posting data. Added User Config settings back in. Tested on Apache. _ENABLEUI for authentication control. I think this covers most of the major issues. User login bypassing, insecure cookies and such. If the trailing slash is causing too much trouble, lets remove it for now. You guys can test on apache, and IIS to find major bugs. I can help correct any that might occure. Installer needs to setup some new config vars. I'll send another email with the vars that need to be setup and how they should be setup. On 12/9/05, Brian Shea wrote: > > Got ya. > > It was a bit confusing with the excessive use of the session varible in > the code. It looked like you were trying to use sessions, but wanted some > other method of storage. Okay, the _SERVER_AUTH can be replaced by _ENABLEUI > so auth will just return true. No user will be authenticated by phpLogCon. > Or Auth is never called, i perfer the other way one central auth method that > does not required multiple pages to be updated. > > I'm going to update my auth flow chart i made last night a post it. This > should now show with EnableUI and with EnableUI auth flow. > > Filter settings will only be written to the DB when Filter Settings are > updated from Filter Options page. > > Quick Filter settings will override the stored filter settings but not > overwrite! > > Brian > > On 12/9/05, Michael Meckelein wrote: > > > > > One question? > > > > > > If Apache or IIS is used to authenticate users, how do you know which > > user > > > got authenticated? > > > > > > Or does phplogcon not care? Single user web app. > > > > Phplogcon does not care! Yes, some admins want to use it as a single > > user app. > > > > I have a quick discussion with Rainer and he has a good idea, I think. > > What's about to use a "hidden user" if phplogcon is installed without > > user management. This means that in spite of user said "NO I want not > > use phpLogCon's user management", phplogcon creates a user account. Also > > during the install process phplogcon puts a _AutoLogin_User = Userid var > > into config.php where the userid is the user account created for this > > purpose. If a user name is set to _AutoLogin_User, phplogcon > > automatically logins to this user account without any interaction from > > the user. > > > > [snip] > > > But I suspect that in future > > > version of phpLogCon most of the filter and config setting will be > > stored > > > into UserPrefs table. > > > > Actually this is possible in the current release. In the user-config.php > > page, the user can set "Save filter settings in database and load them > > while logging in". But this does not mean that which each page request > > phplogcon reads the filter options / user options from the database. > > > > Let me elaborate a little in which way it works and what was our > > intension. > > > > If you login to phplogcon, it reads the user settings from UserPrefs > > table and store it into session's variables. Each phplogcon's page you > > visit, it reads the settings from the session variable pool. > > > > About the following three pages in phplogcon and their relation with > > database/sessions: > > > > - User_Options > > Here a user can set things he prefer like language, stylesheet settings > > and so on. By "Update Config" the settings are stored into database and > > into the current session vars. > > > > - Filter_Options > > Here you can alter your default filter settings which are used to > > display data e.g. in Show_events page. > > [quote from manual] > > If User Interface is enabled and the option "Save filter settings in > > database and load them while logging in" is checked, all filter settings > > will be saved in database. Otherwise, they only will stay like this in > > current session! > > > > If User Interface is disabled, the settings will only stay like this in > > the current session. Next time opening phpLogCon, they will be default. > > [/quote from manual] > > > > This means if user management is enabled, clicking "Update Config" > > stored the filter settings in database and into session vars. You can > > say that the user can define his default filter settings on the Filter > > Options page. These filter settings are read during user login. > > > > - Show_Events > > [quote from manual] > > Here you can see the events; listed in respect to the current filter > > settings. Also you can use the quick filter, that allows you to override > > (not overwrite!) temporally your current filter settings. This provides > > a quick view on different filtered events, without going to the filter > > options. You can also choose how much event's should be displayed per > > page, color and search for an expression and search for a Host or IP. > > [/quote from manual] > > > > "override (not overwrite!) temporally your current filter settings" this > > > > is the most important point. Clicking "Submit" does not change any > > values in the database neither it change the filter settings defined on > > the Filter_Options page. > > > > Hold in mind, the form elements you see on Show_Events page are so > > called "Quick Filters": > > [quote from manual] > > They will override the general filters while staying in Events Display. > > They provide you quick changes for temporally viewing different and > > little bit fine filtered events, without changing your general filter > > settings. > > [/quote from manual] > > > > Hope it is clear how it works. If you have any questions or any concern > > with this approach, don't hesitate to write ;) > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From bgshea at gmail.com Mon Dec 12 16:43:12 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 08:43:12 -0700 Subject: [Phplogcon-dev] What's Next? Message-ID: <9ef8de70512120743i72e055a2ge59c2abddd5424d3@mail.gmail.com> What's the next step for phpLogCon? I think Rainer had ask what was going in to the next release? We have plenty of items to work on, PEAR support, 2 Security issues, Adding custom search phrases, etc. I think it would be a good idea to have the official phplogcon-1.2.2 include just the mysql '%' fix. The other stuff can wait till it's been tested and working. Brian From mmeckelein at hq.adiscon.com Mon Dec 12 16:50:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Mon, 12 Dec 2005 16:50:04 +0100 Subject: [Phplogcon-dev] What's Next? Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> Brian, > I think it would be a good idea to have the official phplogcon-1.2.2 > include > just the mysql '%' fix. The other stuff can wait till it's been tested and > working. I totally agree with that approach. Actually I have already included this fix in the current cvs version. Probably we will release phplogcon-1.2.2 tomorrow. Just want to remark that we should keep the Installer up to date. Or do you prefer make all changes/improvements and finally update the Installer? Michael From mmeckelein at hq.adiscon.com Mon Dec 12 16:58:28 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Mon, 12 Dec 2005 16:58:28 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> > Michael, were you having trouble with the trailing slash removal? If so > what > was the problem? we should fix it to work with IIS and Apache. Just noticed, you have already fixed this issue in phplogcon-1.2.6_bgs :-) Michael From bgshea at gmail.com Tue Dec 13 01:20:19 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:20:19 -0500 Subject: [Phplogcon-dev] What's Next? In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> Umm, Depneds on how much we do. For 1.2.2 I doubt that any chagnes need to be made. Otherwise if we are going to work on lots of features, let's not worry about the installer untill we have a new release then put the feature installer options in. Not to complicate things, but an XML file with all the install options would be good to have, that was php can just parse the XML and create a table. With XML you can specify option types (text, checkbox, enum) There might be something for this already. Other wise for now we can just write the installer by hand. ---- Not sure if you grabbed the 1.2.6 release from my server, but there is a problem with the quick filters. I will fix it tonight. I've been testing that all weekend and the Remember me stuff works well. On 12/12/05, Michael Meckelein wrote: > > Brian, > > > I think it would be a good idea to have the official phplogcon-1.2.2 > > include > > just the mysql '%' fix. The other stuff can wait till it's been tested > and > > working. > > I totally agree with that approach. Actually I have already included > this fix in the current cvs version. Probably we will release > phplogcon-1.2.2 tomorrow. > > Just want to remark that we should keep the Installer up to date. Or do > you prefer make all changes/improvements and finally update the > Installer? > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 13 01:27:07 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:27:07 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512121627x73daf9c1qe7d4595c3c65203c@mail.gmail.com> So what do you think of the 1.2.6_bgs? You can use as much/little as you want and i can help put what you need into 1.2.1/1.2.2. Also, i played with the Auth_PrefManager from PEAR, it works okay maybe that sould be considered for a futur release of phpLogCon along with PEAR:DB which works nicely. PEAR::Auth_PrefManager lacks one function Auth_PrefManager::getUserPrefs( string userId ). Otherwise it would work great for all the Quick filters and definable filters, and maybe even supporting multiple DB's/Tables for log viewing. I'll probably write the function and email it to them. -Brian On 12/12/05, Michael Meckelein wrote: > > > Michael, were you having trouble with the trailing slash removal? If > so > > what > > was the problem? we should fix it to work with IIS and Apache. > > Just noticed, you have already fixed this issue in phplogcon-1.2.6_bgs > :-) > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 13 01:28:39 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:28:39 -0500 Subject: [Phplogcon-dev] What's Next? In-Reply-To: <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> Message-ID: <9ef8de70512121628u56d78e15j9f84e0225c8a54d2@mail.gmail.com> What are some of the features people want to see added or improved? On 12/12/05, Brian Shea wrote: > > Umm, Depneds on how much we do. > > For 1.2.2 I doubt that any chagnes need to be made. Otherwise if we are > going to work on lots of features, let's not worry about the installer > untill we have a new release then put the feature installer options in. > > Not to complicate things, but an XML file with all the install options > would be good to have, that was php can just parse the XML and create a > table. With XML you can specify option types (text, checkbox, enum) > > There might be something for this already. Other wise for now we can just > write the installer by hand. > > ---- > > Not sure if you grabbed the 1.2.6 release from my server, but there is a > problem with the quick filters. I will fix it tonight. I've been testing > that all weekend and the Remember me stuff works well. > > > > > On 12/12/05, Michael Meckelein wrote: > > > > Brian, > > > > > I think it would be a good idea to have the official phplogcon-1.2.2 > > > include > > > just the mysql '%' fix. The other stuff can wait till it's been tested > > and > > > working. > > > > I totally agree with that approach. Actually I have already included > > this fix in the current cvs version. Probably we will release > > phplogcon-1.2.2 tomorrow. > > > > Just want to remark that we should keep the Installer up to date. Or do > > you prefer make all changes/improvements and finally update the > > Installer? > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From bgshea at gmail.com Tue Dec 13 05:23:56 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 21:23:56 -0700 Subject: [Phplogcon-dev] New Configuration varibles Message-ID: <9ef8de70512122023l6214028fye3abfc7a52e5e5a2@mail.gmail.com> Here is a list of configuration varibles that need to be setup during installation for 1.2.6_bgs. Most can be set to defaults the only one that is install dependant is _URI_PATH. Which should be set to the server path where phpLogCon is installed. There is a PDF file on my site with these varible as well. _URI_PATH Set this path to the server path, e.g. for www.example/phplogcon/ use /phplogcon/ _SINGLEUSER User name to use when _ENABLEUI is set to 0 _SESSION_NAME PHP session id defaults to phplogconid _SESS_NOCOOKIES Disable cookies to store session id, not recommended _ENABLE_COOKIES Depreciated, should not be used. _COOKIE_PREFIX Prefix for cookie names _COOKIE_DIR Server path for which cookies are valid, same as _URIPATH _SECURE_COOKIE Only transmit cookies over secure link. _COOKIE_EXPIRE Expiration for cookies defaults to 30days _SESS_HOW Session DB Method, [PHP,DB_PEAR,DB_MYSQL] _DBSESS_TBL_PRE Prefix for table names, use for testing. Defaults to "" _DBSESS_TBL_NAME Table name to store sessions in. Defaults to sess_Users _DBSESS_FILED_PRE Prefix for Field Names. Defaults to "" _DBSESS_FIELD_DATA Session data field name. Defaults to sess_data _DBSESS_FIELD_ID Session ID field name. Defaults to sess_id _DBSESS_FIELD_EXPIRE Session expire field name. Defaults to sess_expire Brian From rgerhards at hq.adiscon.com Tue Dec 13 08:50:33 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 08:50:33 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> That sounds pretty interesting. If we can offload some work to a standard library, that is helpful in many cases (assuming that the library is a good one, of course ;)). Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 13, 2005 1:27 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > So what do you think of the 1.2.6_bgs? > > You can use as much/little as you want and i can help put > what you need into > 1.2.1/1.2.2. > > Also, i played with the Auth_PrefManager from PEAR, it works > okay maybe that > sould be considered for a futur release of phpLogCon along > with PEAR:DB > which works nicely. > > PEAR::Auth_PrefManager lacks one function > Auth_PrefManager::getUserPrefs( > string userId ). Otherwise it would work great for all the > Quick filters > and definable filters, and maybe even supporting multiple > DB's/Tables for > log viewing. > > I'll probably write the function and email it to them. > > -Brian > > On 12/12/05, Michael Meckelein wrote: > > > > > Michael, were you having trouble with the trailing slash > removal? If > > so > > > what > > > was the problem? we should fix it to work with IIS and Apache. > > > > Just noticed, you have already fixed this issue in > phplogcon-1.2.6_bgs > > :-) > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 13 09:25:19 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 09:25:19 +0100 Subject: [Phplogcon-dev] A feature request Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E406B@grfint2.intern.adiscon.com> Hi all, as we have discussed about enhancements, I just thought I bring up this feature request here: http://www.phplogcon.com/index.php?name=PNphpBB2&file=viewtopic&p=49&hig hlight=#49 :) Rainer From mmeckelein at hq.adiscon.com Tue Dec 13 15:59:30 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 15:59:30 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C431@grfint2.intern.adiscon.com> > So what do you think of the 1.2.6_bgs? First I took a look the online demo on your page. Works great. Installing it in my lab caused some trouble :( After adapting config.php I got an "Improper session table formatting" (btw: formating is misspelled in your version) error. I think there is a bug in DB_PEAR_sess_drv.php in line 155. Replaced: switch( $field['name'] ) with: switch( _DBSESS_FILED_PRE.$field['name'] ) After this change it works for me, too. I have to admit that I have taken a quick view only, no testing. However, please let me add some notes here: 1) You use the same error message twice: echo( "Improper session table formating. Please contact administrator.
"); is used for check if( count( $info ) < 3 ) and for if( $fld_cnt < 3 ) in DB_PEAR_sess_drv.php. Probably it would be better to attach a unique error number or something similar to the error messages in order to make trouble shooting easier. 2) scripts/session_table.sql contains no valid sql statement. I guess the following is sufficient CREATE TABLE `sess_Users` ( `sess_id` text NOT NULL, `sess_data` text NOT NULL, `sess_expire` datetime NOT NULL ) > You can use as much/little as you want and i can help put what you need > into > 1.2.1/1.2.2. We will release the current cvs version as 1.2.2. The only fix adapted from you is the '%' security fix. All other should be considered in the next release. > Also, i played with the Auth_PrefManager from PEAR, it works okay maybe > that > sould be considered for a futur release of phpLogCon along with PEAR:DB > which works nicely. > > PEAR::Auth_PrefManager lacks one function Auth_PrefManager::getUserPrefs( > string userId ). Otherwise it would work great for all the Quick filters > and definable filters, and maybe even supporting multiple DB's/Tables for > log viewing. > > I'll probably write the function and email it to them. Sounds really useful. Michael From bgshea at gmail.com Tue Dec 13 16:14:56 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 08:14:56 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512130714y37d600c0xecba960904615c33@mail.gmail.com> Okay, that sounds good, I think we should discuss the syntax: double quote designates the search pattern Message Contains: "apple AND banana" in this search the AND is not a literal and, but a search modifier. Search results will return events with both word: apple, banana Message Contains: "apple 'AND' banana" in this search the AND is a literal and, which will be included in the search. Search results will return messages that contain the entire "apple and banana" Same goes for OR for the above. Now the slightly more complicated part Message Contains: "red apples AND yellow bananas" The search should be preformed as such "red AND apples AND yellow AND bananas" Results will display all event with those words Or could be preformed as such: Message Contains: "red apples AND yellow bananas " The search will be preformed as such " 'red apples' AND 'yellow bananas' " Results will contain all events with 'red apples' AND 'yellow bananas'. But not events like 'red delicious apples' or 'yellow delicious bananas' PLEASE comment on the above. ----- If we try to tackle the first two on the list AND/OR, we can build on it from there, but changing the syntax from release to release might confuse users, so we should figure out how the language is interpreted. Maybe a few google searches to see how google interprets things might be a good place to start. I might be able to hack out a simple searcher tonight, nothing that could be used in phpLogCon, but enought to show how to start processing the search terms. Brian On 12/13/05, Rainer Gerhards wrote: > > That sounds pretty interesting. If we can offload some work to a > standard library, that is helpful in many cases (assuming that the > library is a good one, of course ;)). > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 13, 2005 1:27 AM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > So what do you think of the 1.2.6_bgs? > > > > You can use as much/little as you want and i can help put > > what you need into > > 1.2.1/1.2.2. > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > okay maybe that > > sould be considered for a futur release of phpLogCon along > > with PEAR:DB > > which works nicely. > > > > PEAR::Auth_PrefManager lacks one function > > Auth_PrefManager::getUserPrefs( > > string userId ). Otherwise it would work great for all the > > Quick filters > > and definable filters, and maybe even supporting multiple > > DB's/Tables for > > log viewing. > > > > I'll probably write the function and email it to them. > > > > -Brian > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > Michael, were you having trouble with the trailing slash > > removal? If > > > so > > > > what > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > Just noticed, you have already fixed this issue in > > phplogcon-1.2.6_bgs > > > :-) > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Tue Dec 13 16:47:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 16:47:04 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> Google Help Center -> Advanced Search Made Easy http://www.google.com/help/refinesearch.html Google does not care about "AND" operator. Google include all search terms by default. We should adapt this approach. This means > Okay, that sounds good, I think we should discuss the syntax: > > double quote designates the search pattern > > Message Contains: "apple AND banana" Should be equal with "apple banana", shouldn't be? (just a site note, because it is interesting but has nothing to do with phplogcon: http://www.google.com/search?q=apple+AND+banana and http://www.google.com/search?q=apple+banana have different result pages.) > > in this search the AND is not a literal and, but a search modifier. Search > results will return events with both word: apple, banana > > Message Contains: "apple 'AND' banana" We should use double quotes (") instead of single quote (') like google. http://www.google.com/search?q=apple+%22and%22+banana > > in this search the AND is a literal and, which will be included in the > search. Search results will return messages that contain the entire "apple > and banana" > > Same goes for OR for the above. Ok. > Now the slightly more complicated part > > Message Contains: "red apples AND yellow bananas" > > The search should be preformed as such "red AND apples AND yellow AND > bananas" Results will display all event with those words I would go on with this approach, because it is like Google. > > Or could be preformed as such: > > Message Contains: "red apples AND yellow bananas " > > The search will be preformed as such " 'red apples' AND 'yellow bananas' " > Results will contain all events with 'red apples' AND 'yellow bananas'. > But > not events like 'red delicious apples' or 'yellow delicious bananas' If you want perform such a search you have to enclose with quotes. http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+bananas%22 Michael > PLEASE comment on the above. > ----- > > If we try to tackle the first two on the list AND/OR, we can build on it > from there, but changing the syntax from release to release might confuse > users, so we should figure out how the language is interpreted. Maybe a > few > google searches to see how google interprets things might be a good place > to > start. > > I might be able to hack out a simple searcher tonight, nothing that could > be > used in phpLogCon, but enought to show how to start processing the search > terms. > > Brian > > On 12/13/05, Rainer Gerhards wrote: > > > > That sounds pretty interesting. If we can offload some work to a > > standard library, that is helpful in many cases (assuming that the > > library is a good one, of course ;)). > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Brian Shea > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > You can use as much/little as you want and i can help put > > > what you need into > > > 1.2.1/1.2.2. > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > okay maybe that > > > sould be considered for a futur release of phpLogCon along > > > with PEAR:DB > > > which works nicely. > > > > > > PEAR::Auth_PrefManager lacks one function > > > Auth_PrefManager::getUserPrefs( > > > string userId ). Otherwise it would work great for all the > > > Quick filters > > > and definable filters, and maybe even supporting multiple > > > DB's/Tables for > > > log viewing. > > > > > > I'll probably write the function and email it to them. > > > > > > -Brian > > > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > > > Michael, were you having trouble with the trailing slash > > > removal? If > > > > so > > > > > what > > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > > > Just noticed, you have already fixed this issue in > > > phplogcon-1.2.6_bgs > > > > :-) > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From bgshea at gmail.com Tue Dec 13 17:05:12 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 11:05:12 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512130805o645e0b3k363e7383ba53d09b@mail.gmail.com> Okay, that is something to think about. I'll have to look at the google link after work. Yeah, that was a generic message that should never be displayed. I guess they should have been different, probably just copy/pasted it and forgot to change the text. In DB_PEAR_sess_drv.php in line 155 that should have been taken care of in the config.php file if not, then that's where the fix needs to go, not in the switch statement. And should be done for each of the field constants. define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") Oh, there is a problem when session ids are passed in the URL, the quick filters dont work quite right. I'm not sure why. Thanks, Brian On 12/13/05, Michael Meckelein wrote: > > Google Help Center -> Advanced Search Made Easy > http://www.google.com/help/refinesearch.html > > Google does not care about "AND" operator. Google include all search > terms by default. We should adapt this approach. > > This means > > > Okay, that sounds good, I think we should discuss the syntax: > > > > double quote designates the search pattern > > > > Message Contains: "apple AND banana" > > Should be equal with "apple banana", shouldn't be? > > (just a site note, because it is interesting but has nothing to do with > phplogcon: > http://www.google.com/search?q=apple+AND+banana > and > http://www.google.com/search?q=apple+banana > have different result pages.) > > > > > in this search the AND is not a literal and, but a search modifier. > Search > > results will return events with both word: apple, banana > > > > Message Contains: "apple 'AND' banana" > > We should use double quotes (") instead of single quote (') like google. > http://www.google.com/search?q=apple+%22and%22+banana > > > > > in this search the AND is a literal and, which will be included in the > > search. Search results will return messages that contain the entire > "apple > > and banana" > > > > Same goes for OR for the above. > > Ok. > > > Now the slightly more complicated part > > > > Message Contains: "red apples AND yellow bananas" > > > > The search should be preformed as such "red AND apples AND yellow AND > > bananas" Results will display all event with those words > > I would go on with this approach, because it is like Google. > > > > > Or could be preformed as such: > > > > Message Contains: "red apples AND yellow bananas " > > > > The search will be preformed as such " 'red apples' AND 'yellow > bananas' " > > Results will contain all events with 'red apples' AND 'yellow > bananas'. > > But > > not events like 'red delicious apples' or 'yellow delicious bananas' > > If you want perform such a search you have to enclose with quotes. > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+bananas%22 > > Michael > > > PLEASE comment on the above. > > ----- > > > > If we try to tackle the first two on the list AND/OR, we can build on > it > > from there, but changing the syntax from release to release might > confuse > > users, so we should figure out how the language is interpreted. Maybe > a > > few > > google searches to see how google interprets things might be a good > place > > to > > start. > > > > I might be able to hack out a simple searcher tonight, nothing that > could > > be > > used in phpLogCon, but enought to show how to start processing the > search > > terms. > > > > Brian > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > That sounds pretty interesting. If we can offload some work to a > > > standard library, that is helpful in many cases (assuming that the > > > library is a good one, of course ;)). > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Brian Shea > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > You can use as much/little as you want and i can help put > > > > what you need into > > > > 1.2.1/1.2.2. > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > okay maybe that > > > > sould be considered for a futur release of phpLogCon along > > > > with PEAR:DB > > > > which works nicely. > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > Auth_PrefManager::getUserPrefs( > > > > string userId ). Otherwise it would work great for all the > > > > Quick filters > > > > and definable filters, and maybe even supporting multiple > > > > DB's/Tables for > > > > log viewing. > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > -Brian > > > > > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > removal? If > > > > > so > > > > > > what > > > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > phplogcon-1.2.6_bgs > > > > > :-) > > > > > > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Tue Dec 13 17:06:48 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 17:06:48 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> > > After adapting config.php I got an "Improper session table formatting" > (btw: formating is misspelled in your version) error. > > I think there is a bug in DB_PEAR_sess_drv.php in line 155. Forget about it, it was a config issue in my test lab. Michael From rgerhards at hq.adiscon.com Tue Dec 13 17:37:33 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 17:37:33 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> Not sure about the google link, but "apples AND bananas", in my opinion should search for the literal "apples and bananes" but not "apples bananas". If I want the later, I'd say "apples" and "bananas" The double quotes are actually (in most such search engines) a tool to search for exact phrases. I am pretty sure the same applies to google (at least this is how I use it ;)). Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 13, 2005 5:05 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > Okay, that is something to think about. I'll have to look at > the google link > after work. > > Yeah, that was a generic message that should never be > displayed. I guess > they should have been different, probably just copy/pasted it > and forgot to > change the text. > > In DB_PEAR_sess_drv.php in line 155 that should have been > taken care of in > the config.php file > > if not, then that's where the fix needs to go, not in the > switch statement. > And should be done for each of the field constants. > > define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") > > Oh, there is a problem when session ids are passed in the > URL, the quick > filters dont work quite right. I'm not sure why. > > Thanks, > Brian > > On 12/13/05, Michael Meckelein wrote: > > > > Google Help Center -> Advanced Search Made Easy > > http://www.google.com/help/refinesearch.html > > > > Google does not care about "AND" operator. Google include all search > > terms by default. We should adapt this approach. > > > > This means > > > > > Okay, that sounds good, I think we should discuss the syntax: > > > > > > double quote designates the search pattern > > > > > > Message Contains: "apple AND banana" > > > > Should be equal with "apple banana", shouldn't be? > > > > (just a site note, because it is interesting but has > nothing to do with > > phplogcon: > > http://www.google.com/search?q=apple+AND+banana > > and > > http://www.google.com/search?q=apple+banana > > have different result pages.) > > > > > > > > in this search the AND is not a literal and, but a search > modifier. > > Search > > > results will return events with both word: apple, banana > > > > > > Message Contains: "apple 'AND' banana" > > > > We should use double quotes (") instead of single quote (') > like google. > > http://www.google.com/search?q=apple+%22and%22+banana > > > > > > > > in this search the AND is a literal and, which will be > included in the > > > search. Search results will return messages that contain > the entire > > "apple > > > and banana" > > > > > > Same goes for OR for the above. > > > > Ok. > > > > > Now the slightly more complicated part > > > > > > Message Contains: "red apples AND yellow bananas" > > > > > > The search should be preformed as such "red AND apples > AND yellow AND > > > bananas" Results will display all event with those words > > > > I would go on with this approach, because it is like Google. > > > > > > > > Or could be preformed as such: > > > > > > Message Contains: "red apples AND yellow bananas " > > > > > > The search will be preformed as such " 'red apples' AND 'yellow > > bananas' " > > > Results will contain all events with 'red apples' AND 'yellow > > bananas'. > > > But > > > not events like 'red delicious apples' or 'yellow > delicious bananas' > > > > If you want perform such a search you have to enclose with quotes. > > > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+ > bananas%22 > > > > Michael > > > > > PLEASE comment on the above. > > > ----- > > > > > > If we try to tackle the first two on the list AND/OR, we > can build on > > it > > > from there, but changing the syntax from release to release might > > confuse > > > users, so we should figure out how the language is > interpreted. Maybe > > a > > > few > > > google searches to see how google interprets things might > be a good > > place > > > to > > > start. > > > > > > I might be able to hack out a simple searcher tonight, > nothing that > > could > > > be > > > used in phpLogCon, but enought to show how to start processing the > > search > > > terms. > > > > > > Brian > > > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > > > That sounds pretty interesting. If we can offload some work to a > > > > standard library, that is helpful in many cases > (assuming that the > > > > library is a good one, of course ;)). > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Brian Shea > > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > > > You can use as much/little as you want and i can help put > > > > > what you need into > > > > > 1.2.1/1.2.2. > > > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > > okay maybe that > > > > > sould be considered for a futur release of phpLogCon along > > > > > with PEAR:DB > > > > > which works nicely. > > > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > > Auth_PrefManager::getUserPrefs( > > > > > string userId ). Otherwise it would work great for all the > > > > > Quick filters > > > > > and definable filters, and maybe even supporting multiple > > > > > DB's/Tables for > > > > > log viewing. > > > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > > > -Brian > > > > > > > > > > On 12/12/05, Michael Meckelein > wrote: > > > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > > removal? If > > > > > > so > > > > > > > what > > > > > > > was the problem? we should fix it to work with > IIS and Apache. > > > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > > phplogcon-1.2.6_bgs > > > > > > :-) > > > > > > > > > > > > Michael > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 14 04:07:13 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 20:07:13 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512131907r28942669jbedb22a44ba5adb1@mail.gmail.com> Michael, Please fix this issue in /layout/bgs_theme on line 171 change : echo substr($_SERVER['REQUEST_URI'], $i); to echo preg_replace("/&" . _SESSION_NAME . "=([a-z0-9]*){25,32}/i", "", substr($_SERVER['REQUEST_URI'], $i) ); And also near line 168: if ($_SESSION['refresh'] > 0) echo ''; with if ($_SESSION['refresh'] > 0) if( defined('_SESS_NOCOOKIES') && _SESS_NOCOOKIES ) echo ''; else echo ''; This will fix the double sid in the url when _SESS_NOCOOKIES is set to 1 and if auto refresh is turn on it will pass the sid in the url as required by php. Or just download 1.2.6a_bgs and replace /layout/bgs_theme.php in 1.2.6_bgsfrom 1.2.6a_bgs. Oh, and one last small change, in index.php, move the require_once("/debug/debug.php") to include.php just after the require_once statement for config.php I think that will get the last of the issues. I have not run into any other problems, have you? On 12/13/05, Michael Meckelein wrote: > > > > > After adapting config.php I got an "Improper session table formatting" > > (btw: formating is misspelled in your version) error. > > > > I think there is a bug in DB_PEAR_sess_drv.php in line 155. > > Forget about it, it was a config issue in my test lab. > > Michael > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 14 07:06:46 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 23:06:46 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512132206g33e26aadocdc1cf4016465c32@mail.gmail.com> Rainer, I did some MySQL research on searching DB's. MySQL support Full Text Search (http://dev.mysql.com/doc/refman/5.0/en/fulltext-boolean.html) Which works well, I have not looked at MSSQL, unfortunately i cannot find an MSSQL server to test SQL queries on. Here is a good example SQL search SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE MATCH(`Message`) AGAINST('+proftpd +(LOGIN no such user)' IN BOOLEAN MODE) GROUP BY(`SysLogTag`) This works for my Messages and phpMyAdmin returns Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1011 (I hope you can view that okay, it's html) For some reason the Syslog tag for proftpd is not placed in to the syslogtag field (not too worried about it right now, maybe you could look into it tho) So what that did for me is it found all messages that contained protfpd and with any of the words (LOGIN, no ,such, user) <-- these are ORed This works if you set FullText serach on the message fields. Also table must be MyISAM. Please see ( http://dev.mysql.com/doc/refman/5.0/en/fulltext-restrictions.html) The same query can be accomplished with this SQL statement SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE (`Message` LIKE 'proftpd%') AND (`Message` LIKE '%no%' OR `Message` LIKE '%such%' OR `Message` LIKE '%user%' OR `Message` LIKE '%LOGIN%') GROUP BY(`SysLogTag`) Which return 6 more messages not sure why, it might be picking up single word 'no' or 'such' that the first search would have droped. Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1017 This is probably more portable across SQL's but as you can see tougher to write. Last one, i promis: This SQL Statement returns the same number as the first: SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE (`Message` LIKE 'proftpd%') AND (`Message` LIKE '%no such user%' OR `Message` LIKE '%LOGIN%') GROUP BY(`SysLogTag`) Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1011 This was the intended result, all messages that contained 'proftpd' and the phrase 'no such user' or 'proftpd' and the word 'LOGIN' So, I guess my point is, we need a way to seperate pharses from single words with boolean operators. For a first try!!!! My suggestion, and it is only a suggestion, and i think it follows your same thinking. Searches are entered as such SEARCH: proftpd & ('no such user' | login) SEARCH: proftpd & ("no such user" | login) SEARCH: proftpd & (no such user | login) treat all these the same, only assume ANDing/ORing when user specifies. PLEASE NOTE single or double quotes will do the same thing. PLEASE!! that will make things easier for everyone. Parenthsis are important. They can follow the SQL syntax. Since we read left to right, syntax will follow that thinking: SEARCH: proftpd & no such user | login would be the same as SEARCH: (proftpd & "no such user") | login Because I think that is how SQL will treat the AND OR in the Where clause. -Brian On 12/13/05, Rainer Gerhards wrote: > > Not sure about the google link, but "apples AND bananas", in my opinion > should search for the literal "apples and bananes" but not "apples > bananas". If I want the later, I'd say > > "apples" and "bananas" > > The double quotes are actually (in most such search engines) a tool to > search for exact phrases. I am pretty sure the same applies to google > (at least this is how I use it ;)). > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 13, 2005 5:05 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > Okay, that is something to think about. I'll have to look at > > the google link > > after work. > > > > Yeah, that was a generic message that should never be > > displayed. I guess > > they should have been different, probably just copy/pasted it > > and forgot to > > change the text. > > > > In DB_PEAR_sess_drv.php in line 155 that should have been > > taken care of in > > the config.php file > > > > if not, then that's where the fix needs to go, not in the > > switch statement. > > And should be done for each of the field constants. > > > > define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") > > > > Oh, there is a problem when session ids are passed in the > > URL, the quick > > filters dont work quite right. I'm not sure why. > > > > Thanks, > > Brian > > > > On 12/13/05, Michael Meckelein wrote: > > > > > > Google Help Center -> Advanced Search Made Easy > > > http://www.google.com/help/refinesearch.html > > > > > > Google does not care about "AND" operator. Google include all search > > > terms by default. We should adapt this approach. > > > > > > This means > > > > > > > Okay, that sounds good, I think we should discuss the syntax: > > > > > > > > double quote designates the search pattern > > > > > > > > Message Contains: "apple AND banana" > > > > > > Should be equal with "apple banana", shouldn't be? > > > > > > (just a site note, because it is interesting but has > > nothing to do with > > > phplogcon: > > > http://www.google.com/search?q=apple+AND+banana > > > and > > > http://www.google.com/search?q=apple+banana > > > have different result pages.) > > > > > > > > > > > in this search the AND is not a literal and, but a search > > modifier. > > > Search > > > > results will return events with both word: apple, banana > > > > > > > > Message Contains: "apple 'AND' banana" > > > > > > We should use double quotes (") instead of single quote (') > > like google. > > > http://www.google.com/search?q=apple+%22and%22+banana > > > > > > > > > > > in this search the AND is a literal and, which will be > > included in the > > > > search. Search results will return messages that contain > > the entire > > > "apple > > > > and banana" > > > > > > > > Same goes for OR for the above. > > > > > > Ok. > > > > > > > Now the slightly more complicated part > > > > > > > > Message Contains: "red apples AND yellow bananas" > > > > > > > > The search should be preformed as such "red AND apples > > AND yellow AND > > > > bananas" Results will display all event with those words > > > > > > I would go on with this approach, because it is like Google. > > > > > > > > > > > Or could be preformed as such: > > > > > > > > Message Contains: "red apples AND yellow bananas " > > > > > > > > The search will be preformed as such " 'red apples' AND 'yellow > > > bananas' " > > > > Results will contain all events with 'red apples' AND 'yellow > > > bananas'. > > > > But > > > > not events like 'red delicious apples' or 'yellow > > delicious bananas' > > > > > > If you want perform such a search you have to enclose with quotes. > > > > > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+ > > bananas%22 > > > > > > Michael > > > > > > > PLEASE comment on the above. > > > > ----- > > > > > > > > If we try to tackle the first two on the list AND/OR, we > > can build on > > > it > > > > from there, but changing the syntax from release to release might > > > confuse > > > > users, so we should figure out how the language is > > interpreted. Maybe > > > a > > > > few > > > > google searches to see how google interprets things might > > be a good > > > place > > > > to > > > > start. > > > > > > > > I might be able to hack out a simple searcher tonight, > > nothing that > > > could > > > > be > > > > used in phpLogCon, but enought to show how to start processing the > > > search > > > > terms. > > > > > > > > Brian > > > > > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > > > > > That sounds pretty interesting. If we can offload some work to a > > > > > standard library, that is helpful in many cases > > (assuming that the > > > > > library is a good one, of course ;)). > > > > > > > > > > Rainer > > > > > > > > > > > -----Original Message----- > > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > > Brian Shea > > > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > > > > > You can use as much/little as you want and i can help put > > > > > > what you need into > > > > > > 1.2.1/1.2.2. > > > > > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > > > okay maybe that > > > > > > sould be considered for a futur release of phpLogCon along > > > > > > with PEAR:DB > > > > > > which works nicely. > > > > > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > > > Auth_PrefManager::getUserPrefs( > > > > > > string userId ). Otherwise it would work great for all the > > > > > > Quick filters > > > > > > and definable filters, and maybe even supporting multiple > > > > > > DB's/Tables for > > > > > > log viewing. > > > > > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > > > > > -Brian > > > > > > > > > > > > On 12/12/05, Michael Meckelein > > wrote: > > > > > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > > > removal? If > > > > > > > so > > > > > > > > what > > > > > > > > was the problem? we should fix it to work with > > IIS and Apache. > > > > > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > > > phplogcon-1.2.6_bgs > > > > > > > :-) > > > > > > > > > > > > > > Michael > > > > > > > _______________________________________________ > > > > > > > Phplogcon-dev mailing list > > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 14 17:42:54 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 14 Dec 2005 17:42:54 +0100 Subject: [Phplogcon-dev] trouble with IIS Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> Brian, I just want to test phplogcon_1.2.6a_bgs with IIS. It run into trouble with $_SERVER['REQUEST_URI'], because it is an apache environment variable. I have to add a patch in all the files using $_SERVER['REQUEST_URI']: $_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']); // Append the query string if it exists and isn't null if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) { $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; } It seems to work but I think it is more or less a dirty hack. I haven't tested all out. I will spend some more time tomorrow testing php in a windows/iis environment. Michael From bgshea at gmail.com Wed Dec 14 18:15:35 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 14 Dec 2005 12:15:35 -0500 Subject: [Phplogcon-dev] trouble with IIS In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512140915o5434d56fof2ebb704345905ee@mail.gmail.com> Okay, I was trying to figure out what QUERY_STRING was for because it seemed like PHP was putting ig all into the [REQUEST_URI]. I think we might be able to look at the server type, if IIS do one thing, for APACHE do another. Thanks, I'll fix that up when i get home and post a 1.2.6b. On 12/14/05, Michael Meckelein wrote: > > Brian, > > I just want to test phplogcon_1.2.6a_bgs with IIS. It run into trouble > with $_SERVER['REQUEST_URI'], because it is an apache environment > variable. > > I have to add a patch in all the files using $_SERVER['REQUEST_URI']: > > $_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ? > $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']); > > // Append the query string if it exists and isn't null > if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) > { > $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; > } > > It seems to work but I think it is more or less a dirty hack. I haven't > tested all out. I will spend some more time tomorrow testing php in a > windows/iis environment. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 10:15:19 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 10:15:19 +0100 Subject: [Phplogcon-dev] FW: phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E3FF3@grfint2.intern.adiscon.com> Hi all, I am forwarding a very good post from Brian to the list. Now that we have the list, I invite everyone to join the discussion and iron out how it is best to proceed. I think Brian has done some exceptionally good work and I would be glad if we can move toward jointly creating a great app. Brian: sorry for the silence the past days. Now Michael is back from vacation and he has a much better understanding of phpLogCon than I have. I think it'll make sense if you too primarily disucss how to proceed - I will throw in any advise I can offer, but as I've said I am not proficient with php. But sometimes I have good ideas on the "overall picture" ;) Thanks, Rainer > -----Original Message----- > From: Brian Shea [mailto:bgshea at gmail.com] > Sent: Tuesday, December 06, 2005 9:03 AM > To: Rainer Gerhards > Subject: Re: phpLogCon > > This is a work-in-progress, you can view a demo on my site. I > have about 4 more days of work before this will by a 100% > usable version. You can download a snap-shot of the code. I > have not put any copyrigth's on my files yet. So please don't > publish them. > > Link is not on webpage, but file should be there if you paste > the link into a browser. > > http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2 > > Watch out for the new file structure > /sessions/ --- Hold session related code files > /pages/ --- Hold the different view, home, > event, syslogtags, etc. > /pages/forms/ --- was /forms/ > > All pages are access through index.php and the > $_SESSION['pages'] variable and a sub pages by the get data > slt or lid. > This hides much of the information about the web app, so it > will be harder to XSS, but if they have the code ... > > http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2 > > TODO: > 1) Clean up and organization. > 2) Combine like code on different pages into functions > 3) Get filter settings in to stored sessions > 4) You had some comments about user's being able to select > different filters, that needs to be done, should be easy at > this point. > 5) Finish the user-config page. > 6) Consider using Text_CAPTCHA to prevent brute force scripts > of trying to login, this would be optional, cause it can be > annoying/unavailable. > > > On 12/5/05, Brian Shea wrote: > > That could work, but since you i'm 8 hours behind you, > midnight for me is 8am for you and by time i wake up at 8:30 > it's the end of your day. > > Either way will work. > > Reposted the file. phplogcon_1.2.3_bgs.tar.bz2 > > now I'm off to bed ;) > > > > On 12/5/05, Brian Shea wrote: > > I dont mind. 4 to 5am is no problem, besides, > if i get up that eairly i have a good change of making it to > work on time, otherwise i don't roll out of bed till 8:30 ;) > > Also, added session_write_close() on line 117. > You might find an extra 's' on line 118 (typo). I'm going to > re-bzip the files. (keyboard short cut is ALT-F-S, sometimes > i hit the fn key next to alt key) > > Anyway, you should find that adding stored > varibles to phplogcon by $_SESSION is quite easy now. Have fun!! > > Off to sleep. > > > > On 12/5/05, Rainer Gerhards < > rgerhards at hq.adiscon.com > wrote: > > Hi Brian, > > thanks for sticking around ;) I guess > this week will be a much better > one with Michael coming back from > vacation. I think it is not a good > idea to make you get up early just to > talk to us ;) What do you think: I > could set up a developers mailing list > and all discussions could take > place on that. I guess that would be > more convenient for everyone... > > Rainer > > > -----Original Message----- > > From: Brian Shea [mailto: bgshea at gmail.com] > > Sent: Sunday, December 04, 2005 7:03 PM > > To: Andre Lorbach; Rainer Gerhards > > Subject: Re: phpLogCon > > > > Andre, Rainer > > > > I'm going to write php Session > handling functions. This will > > be a separate file that can be > included and used with out any > > changes to your current version. > Since php session handling > > functions can be set from php, so > this file will set them. > > Then all the session data will be > written to (DB, FILE, > > dev/null) what ever. > > > > Also, if you still want to chat on > MSN, maybe we can arrange > > a time this week. I think it would be > better for me to get up > > early (4 or 5am) which would be your > afternoon. Any day but > > my Thursday would work. > > > > I would like to work with you, if you > still want that. This > > is your project, so it is your call. > > > > Regards, > > > > Brian Shea > > > > > > On 12/1/05, Brian Shea > wrote: > > > > My MSN account is > bgshea at gmail.com > > > > > > > > > > On 12/1/05, Brian Shea > wrote: > > > > Okay, I'll setup an > account and we can chat! > > > > Thanks, > > > > Brian Shea > > > > > > > > On 12/1/05, Andre Lorbach < > > alorbach at ro1.adiscon.com > > > wrote: > > > > Hi, > > > > you will > contact me (Andre Lorbach) on > > MSN using: delta_ray at hotmail.com > > Timm Herget has > the following MSN: > > therget at gmx.net > > > > I will be on > MSN again tomorrow, so > > don't wounder when I am offline > > there. > > > > Best regards, > > Andre Lorbach > > > > > -----Original > Message----- > > > From: Brian > Shea [mailto: > > bgshea at gmail.com bgshea at gmail.com > ] > > > Sent: > Wednesday, November 30, 2005 6:35 PM > > > To: Rainer Gerhards > > > Subject: Re: phpLogCon > > > > > > Umm, not > sure, I have Gaim and that > > support a number of > > > protocols. I > don't use chat that > > often so any of them are > > > fine. Just > let me know what you guys > > use (MSN/ICQ/AIM) and > > > I'll sign up > for an account. > > > > > > Yeah, That's > my project i do to get > > away from computers. > > > > > > > > > On 11/30/05, > Rainer Gerhards < > > rgerhards at hq.adiscon.com > wrote: > > > > > > > excellent (and good luck with > > your truck!!!). Any > > > preferrence regarding > > > the messenging? > > > > > > Rainer > > > > > > > > -----Original Message----- > > > > From: > Brian Shea [mailto: > > bgshea at gmail.com bgshea at gmail.com > ] > > > > Sent: > Wednesday, November 30, > > 2005 5:04 PM > > > > To: > Rainer Gerhards > > > > > Subject: Re: phpLogCon > > > > > > > > Okay, > that will work for me > > too cause i need to install the > > > > > engine for my truck this > > weekend and will be tied up with > > > > that > for the rest of the > > week. I'll hold off off on the > > > > > emails till we can all get > > together. Let me know when is good > > > > for > you. Also let me know > > what were are going to use. > > > > > > > > Thanks, > > > > > > > > > > > > On > 11/30/05, Rainer Gerhards < > > > > rgerhards at hq.adiscon.com > > > > rgerhards at hq.adiscon.com > > > wrote: > > > > > > > > Brian, > > > > > > > > > just one further note. > > I think there is lots of room > > > > for > improvements, > > > > > even besides the bug > > fixing. The good thing is that I > > > > am > also in control > > > > > of a back-end, namely > > rsyslog, which definitely > > > helps with the > > > > > integration. > > > > > > > > Rainer > > > > > > > > > > -----Original Message----- > > > > > > From: Brian Shea > > [mailto: bgshea at gmail.com] > > > > > > Sent: Monday, > > November 28, 2005 10:36 PM > > > > > > To: Rainer Gerhards > > > > > > Subject: Re: phpLogCon > > > > > > > > > > > Sure, this will give > > me a chance to really > > > help out on an > > > > > > open source project. > > I use ton of open source > > > software and > > > > > > occasionally buy > > Tee-Shirts or Mugs, but that > > > doesn't really > > > > > > go all that far. I'll > > be glad to help in > > > anyway possible. > > > > > > > > > > > I'm gonna spend more > > time tonight to > > > re-instate > cookies with > > > > > > more protection and > > better cookie expiration. > > > > > > > > > > > I think we should > > look at moving all the auth > > > code to one > > > > > > function or set of > > functions. I was having a > > > bit of trouble > > > > > > last night with > > erroneous valid sessions even > > > when i logged > > > > > > out. No doubt a > > result of my changes. I > > > eventually over came > > > > > > the issue, but it is > > a hack at best. > > > > > > > > > > Brian > > > > > > > > > > > > > > > > On 11/28/05, Rainer Gerhards < > > > > rgerhards at hq.adiscon.com > > > > > > > wrote: > > > > > > > > > > > Brian, > > > > > > > > > > > the office I am > > in has had some ISP > > > troubles today. I > > > > > > am receiving messages > > out of order... > > > Anyhow... I really > > > > > > appreciate your work > > - it is awsome ;) I > > > think we could > > > > > > really do quite a lot > > together and I am > > > excited about that > > > > > > opportunity. The > > primary coder so far - > > > Michael Meckelein - > > > > > > is on vacation since > > friday, he'll be back > > > next monday. I > > > > > > have asked Andre to > > work with you. I think > > > that will be fun > > > > > > ;) I myself have > > mostly worked on the basic > > > concept, and even > > > > > > that not for quite some time. > > > > > > > > > > > I think we are > > on a quite good track now :) > > > > > > > > > > > > > > > > Rainer > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Brian Shea > > > > [mailto:bgshea at gmail.com] > > > > > > Sent: > > Monday, November 28, 2005 4:20 PM > > > > > > To: > > Rainer Gerhards > > > > > > > Subject: phpLogCon > > > > > > > > > > > > > > > > You can > > use this email for > > > coordinating the > > > > > > fixes. I'll be at > > work from 8:00 to 4:30, but > > > after that I'm > > > > > > free to work on phpLogCon. > > > > > > > > > > > BTW: > > > > > > > > > > > The > > code is pretty good, The > > > first thing we > > > > > > need to do is have a > > central authentication > > > point. Move all > > > > > > the valid user checks > > to one function that is > > > called at the > > > > > > start of the scripts, > > and if fails kills the > > > session and > > > > > > sends the user back > > to index.php. > > > > > > > > > > > I > > noticed that you had some of > > > the auth code in > > > > > > index.php, some in > > writestandardhead and more > > > in auth. I > > > > > > moved most of the > > auth code to auth, but > > > there is still a few > > > > > > bits and pieces left over. > > > > > > > > > > > Regrads, > > > > > > Brian > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From bgshea at gmail.com Tue Dec 6 16:18:40 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 08:18:40 -0700 Subject: [Phplogcon-dev] Great, thank you!! Message-ID: <9ef8de70512060718q437b4113ve44acc05d4036179@mail.gmail.com> Okay, great, I will be interested to hear what is on your todo list!!! Thanks, Brian From mmeckelein at hq.adiscon.com Tue Dec 6 16:38:57 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 16:38:57 +0100 Subject: [Phplogcon-dev] Great, thank you!! Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C416@grfint2.intern.adiscon.com> Hello Brian, I am Michael, one of the core developers of phpLogCon. First of all, your enhancements and ideas for phpLogCon are very impressive. I have already taken a look into your code improvements and have installed your phplogcon-1.2.4_bgs branch. After some trouble (I know you wrote that this version will have bugs) it is running in my test environment. Of course I will discuss with you the enhancements and will also provide phpLogCon's todo list. Please bear a little with me. I will prepare some questions / comments and forward it to the list soon. Regards, Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Tuesday, December 06, 2005 4:19 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Great, thank you!! > > Okay, great, > > I will be interested to hear what is on your todo list!!! > > Thanks, > > Brian > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Tue Dec 6 17:05:28 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 17:05:28 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> Hi, I will discuss each topic in a separate email on the list. I think it is easier for tracking. One of the most desired items for phpLogCon is a database abstraction layer. We have already implemented our own db abstraction layer, but it is more or less an 'it does, but it not perfect' one (also it only supports mysql, mssql and access). We had often trouble to get all supported database working. Therefore we have considered to use a third party db abstraction layer like pear:db [1] or adodb for phpLogCon. Brian, as you mentioned, the session handler only works with mysql. If we want support other db we have to write a wrapper. Maybe it is a good time to implement the third party stuff now in order to get rid of all the trouble with different db. Brian, how does it sound? Maybe you have already experience with db:pear or adodb? I have already tested both in smaller projects. I personally prefer db:pear, but both are powerful and easy to use. [1] pear::db http://pear.php.net/package/DB [2] ADOdb http://adodb.sourceforge.net/ Best Regards, Michael From mmeckelein at hq.adiscon.com Tue Dec 6 17:53:07 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 17:53:07 +0100 Subject: [Phplogcon-dev] logged in via cookie Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> Hi Brian, If I understand the concept of your session handling correctly, it is no longer possible to keep the user logged in longer than the browser session. I know it is more insecure remember users via cookie, but this is a feature most of the users like. Actually this was one of the 'have to' features as we introduce the user interface. The user should decide if he wants to use cookies for remembering or not in my opinion. Of course, we should mention in the documentation (and/or provide a link to "read about using cookie" or something similar) that using cookie can be insecure. Best Regards, Michael From mmeckelein at hq.adiscon.com Tue Dec 6 18:19:03 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:19:03 +0100 Subject: [Phplogcon-dev] changing user name / adding user Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C419@grfint2.intern.adiscon.com> Hi, In phplogcon it is possible to add a user with a username (UserIDText) which already exist. Remember unique for users it's by UserID. In version 1.2.3_bgs, Brian has introduced to change the user name. I guess it is possible to change the username to a name already exist. I have not verified this by testing, because this feature does not work in my test lab. Identical usernames are very confusing and a good source for trouble. Therefore, I think we should make the UserIDText in the users table unique and check if UserIDText already exist before adding/changing anything. Comments are highly appreciated. Michael From mmeckelein at hq.adiscon.com Tue Dec 6 18:23:14 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:23:14 +0100 Subject: [Phplogcon-dev] FW: Great, thank you!! Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41A@grfint2.intern.adiscon.com> I will post Brian's post to the list. A setup issue of the mailing list caused that a reply goes to the initiator of the mail instead to the list. This issue is already solved. Michael -----Original Message----- From: Brian Shea [mailto:bgshea at gmail.com] Sent: Tuesday, December 06, 2005 5:56 PM To: Michael Meckelein Subject: Re: [Phplogcon-dev] Great, thank you!! No problem, I have trouble installing the demo myself. I usually try to get the code worked in, then work out the bugs. I will be glad to answer any questions Regards, Brian On 12/6/05, Michael Meckelein wrote: Hello Brian, I am Michael, one of the core developers of phpLogCon. First of all, your enhancements and ideas for phpLogCon are very impressive. I have already taken a look into your code improvements and have installed your phplogcon-1.2.4_bgs branch. After some trouble (I know you wrote that this version will have bugs) it is running in my test environment. Of course I will discuss with you the enhancements and will also provide phpLogCon's todo list. Please bear a little with me. I will prepare some questions / comments and forward it to the list soon. Regards, Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Tuesday, December 06, 2005 4:19 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Great, thank you!! > > Okay, great, > > I will be interested to hear what is on your todo list!!! > > Thanks, > > Brian > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev _______________________________________________ Phplogcon-dev mailing list http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Tue Dec 6 18:37:12 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:37:12 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> Hi Brian, I need your help. Please can you point me to where I can find the following modification? > added php code to not allow certain files to be access by the > URL!!! esp. include.php and config.php Thank you. Best regards, Michael From bgshea at gmail.com Tue Dec 6 18:37:21 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 12:37:21 -0500 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512060937q2c1c9347x19954d8cebb6bb93@mail.gmail.com> The Pear DB sounds good, i have the pear lib installed and have used it before. I can modify the session handlers to include pear support. It would be a good idea to have native support for mssql/mysql for those that can't use pear. I think those two are probably the most widely used DBs. All other's can be supported by pear. That item has been added to the TODO list. On 12/6/05, Michael Meckelein wrote: > > Hi, > > I will discuss each topic in a separate email on the list. I think it is > easier for tracking. > > One of the most desired items for phpLogCon is a database abstraction > layer. We have already implemented our own db abstraction layer, but it > is more or less an 'it does, but it not perfect' one (also it only > supports mysql, mssql and access). > > We had often trouble to get all supported database working. Therefore we > have considered to use a third party db abstraction layer like pear:db > [1] or adodb for phpLogCon. > > Brian, as you mentioned, the session handler only works with mysql. If > we want support other db we have to write a wrapper. Maybe it is a good > time to implement the third party stuff now in order to get rid of all > the trouble with different db. > > Brian, how does it sound? Maybe you have already experience with db:pear > or adodb? I have already tested both in smaller projects. I personally > prefer db:pear, but both are powerful and easy to use. > > [1] pear::db > http://pear.php.net/package/DB > [2] ADOdb > http://adodb.sourceforge.net/ > > Best Regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 18:39:37 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 12:39:37 -0500 Subject: [Phplogcon-dev] logged in via cookie In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512060939r7000d6g2074d10d257c6b65@mail.gmail.com> The timeout can be set for 1 year if they want to stay logged in. If they are offline for more than 1 year, i doubt they would complain to re-login. An option can be added to the page to similar to 'remember me' so the user will stay loged in On 12/6/05, Michael Meckelein wrote: > > Hi Brian, > > If I understand the concept of your session handling correctly, it is no > longer possible to keep the user logged in longer than the browser > session. > > I know it is more insecure remember users via cookie, but this is a > feature most of the users like. Actually this was one of the 'have to' > features as we introduce the user interface. > > The user should decide if he wants to use cookies for remembering or not > in my opinion. Of course, we should mention in the documentation (and/or > provide a link to "read about using cookie" or something similar) that > using cookie can be insecure. > > Best Regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 18:41:14 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 18:41:14 +0100 Subject: [Phplogcon-dev] TodoList and such Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> Hi all, it is nice seeing the discussion to come alive. I have a general suggestion when it comes to todo list, bug trackers and those. Besides the dedicated site, phpLogCon is also hosted on sourceforge.net, where we also use the CVS. Sourceforge offers a lot of trackers. I suggest we use them, this is a nice way to keep everyone informed of whats going on and who is doing what. How does this sound? Rainer From mmeckelein at hq.adiscon.com Tue Dec 6 18:45:18 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:45:18 +0100 Subject: [Phplogcon-dev] enhanced "message must contain" filter Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> Please not in the current CVS version we have already build in support to search a message for multiple words. However we want to enhance the "message must contain" filter further. It would be great it is more useable like google searching, e.g. search for a term enclosed in double quotes like "foo bar" or for and/or conditions (foo OR bar). Best regards, Michael From bgshea at gmail.com Tue Dec 6 19:09:11 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 13:09:11 -0500 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <9ef8de70512061009y1ad1a27bq8c76efc8614a983a@mail.gmail.com> >From what i read so far, it sound like we need to get our systems setup the same. We need to have a common php.ini and mysql table/database setup. and test directories. Thanks, From bgshea at gmail.com Tue Dec 6 20:03:10 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:03:10 -0500 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> The code is just below the GNU license marked with // BGS -- // BGS end the first section is the trailing '/' (slash) removal, the second section is the diss allow. I dont have the code in front of me to look at. On 12/6/05, Michael Meckelein wrote: > > Hi Brian, > > I need your help. Please can you point me to where I can find the > following modification? > > > added php code to not allow certain files to be access by the > > URL!!! esp. include.php and config.php > > Thank you. > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 20:03:49 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:03:49 -0500 Subject: [Phplogcon-dev] TodoList and such In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061103l3063aa64i33d0567065558bd9@mail.gmail.com> Will do!! On 12/6/05, Rainer Gerhards wrote: > > Hi all, > > it is nice seeing the discussion to come alive. I have a general > suggestion when it comes to todo list, bug trackers and those. Besides > the dedicated site, phpLogCon is also hosted on sourceforge.net, where > we also use the CVS. Sourceforge offers a lot of trackers. I suggest we > use them, this is a nice way to keep everyone informed of whats going on > and who is doing what. > > How does this sound? > > Rainer > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 20:10:04 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:10:04 -0500 Subject: [Phplogcon-dev] enhanced "message must contain" filter In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061110s76e73e3bu7d9c26eed57592c3@mail.gmail.com> WOW, that is a big one. Certainly possible, this should be considered for a 2.0 release! Let's concentrate on the DB, security and layout for 1.x.xreleases. We can introduce a new page with this type of search. We should also be able to utilize SQL language for searching and indexing. On 12/6/05, Michael Meckelein wrote: > > Please not in the current CVS version we have already build in support > to search a message for multiple words. > > However we want to enhance the "message must contain" filter further. It > would be great it is more useable like google searching, e.g. search for > a term enclosed in double quotes like "foo bar" or for and/or conditions > (foo OR bar). > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 21:29:08 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 21:29:08 +0100 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> Let me caution on the database schema. We should try NOT to change it, because other products/projects rely on it. For example, rsyslogd supports it be default and it would be bad if it couldn't use the "normal" schema. Also, the (commercial) Windows event reporter use intentionally the same schema. I guess that some others are also building on that schema with add-on scripts. Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 7:09 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > >From what i read so far, it sound like we need to get our > systems setup the > same. > > We need to have a common php.ini and mysql table/database setup. > > and test directories. > > Thanks, > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 21:44:17 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 15:44:17 -0500 Subject: [Phplogcon-dev] Hmm, before we get too far.. In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061244u5d4882k8934a05cc1c471b9@mail.gmail.com> Yeah, i think that is good. There seems to be a difference in our system setups, not so much in the table/column names. For the most part, i want to change my system to match yours as close a possible so that code can be easily transferred in working condition. This might be as simple as an Apache directory, or php.ini config setting, or location to where the code is stored. on my system i use /phplogcon121 as the Apache location to phplogcon. You might have say /phplogcon_test, which could cause some of the config parameter to get mixed up. This will be an issue during install to get all the config setting correct so when user installs phplogcon the proper directory names are set. Brian, On 12/6/05, Rainer Gerhards wrote: > > Let me caution on the database schema. We should try NOT to change it, > because other products/projects rely on it. For example, rsyslogd > supports it be default and it would be bad if it couldn't use the > "normal" schema. Also, the (commercial) Windows event reporter use > intentionally the same schema. I guess that some others are also > building on that schema with add-on scripts. > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 06, 2005 7:09 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > > > >From what i read so far, it sound like we need to get our > > systems setup the > > same. > > > > We need to have a common php.ini and mysql table/database setup. > > > > and test directories. > > > > Thanks, > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 21:50:07 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 21:50:07 +0100 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4007@grfint2.intern.adiscon.com> Brian, I agree it would be advisable to have the same setup. I think once we have made clear what we use, we should document that. Maybe Timm can jump onto that. Please note that phpLogCon shall work both on Linux and Windows (even with IIS). I think we should do the verifcation that everything continues to work with IIS. Or are you up for some Windoze? ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 9:44 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Hmm, before we get too far.. > > Yeah, i think that is good. There seems to be a difference in > our system > setups, not so much in the table/column names. For the most > part, i want to > change my system to match yours as close a possible so that > code can be > easily transferred in working condition. > > This might be as simple as an Apache directory, or php.ini > config setting, > or location to where the code is stored. > > on my system i use /phplogcon121 as the Apache location to > phplogcon. You > might have say /phplogcon_test, which could cause some of the config > parameter to get mixed up. > > This will be an issue during install to get all the config > setting correct > so when user installs phplogcon the proper directory names are set. > > Brian, > > > On 12/6/05, Rainer Gerhards wrote: > > > > Let me caution on the database schema. We should try NOT to > change it, > > because other products/projects rely on it. For example, rsyslogd > > supports it be default and it would be bad if it couldn't use the > > "normal" schema. Also, the (commercial) Windows event reporter use > > intentionally the same schema. I guess that some others are also > > building on that schema with add-on scripts. > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Brian Shea > > > Sent: Tuesday, December 06, 2005 7:09 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > > > > > >From what i read so far, it sound like we need to get our > > > systems setup the > > > same. > > > > > > We need to have a common php.ini and mysql table/database setup. > > > > > > and test directories. > > > > > > Thanks, > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 06:35:50 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 22:35:50 -0700 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> Message-ID: <9ef8de70512062135m61be2987r5fbae426c9d96a7b@mail.gmail.com> Michael, here is the code section that will disallow access to php files from the URL. It basically looks at the file name in the $_SERVER[script_name] to see if it mathces itself. // BGS -- do not allow access from URL $filename = substr(__FILE__, strrpos( __FILE__, "/" )); $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( $_SERVER['SCRIPT_NAME'], "/" )); if( $filename == $requestname ) { session_unset(); header("Location: ../index.php"); exit; } // BGS end On 12/6/05, Brian Shea wrote: > > The code is just below the GNU license marked with > > // BGS -- > > // BGS end > > the first section is the trailing '/' (slash) removal, the second section > is the diss allow. I dont have the code in front of me to look at. > > > On 12/6/05, Michael Meckelein wrote: > > > > Hi Brian, > > > > I need your help. Please can you point me to where I can find the > > following modification? > > > > > added php code to not allow certain files to be access by the > > > URL!!! esp. include.php and config.php > > > > Thank you. > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From rgerhards at hq.adiscon.com Wed Dec 7 09:19:35 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:19:35 +0100 Subject: [Phplogcon-dev] release structure Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E400F@grfint2.intern.adiscon.com> Hi all, a non-technical issue... I think we need to put some thinking into what shall go into which release as soon as we have finished an agreed-upon todo list (but not sooner ;)). Anyhow, we should remember that the whole thing started when Brian detected some security issues. The currently distributed source still contains them. So I think it is definitely time to do something against it. I propose we do the following: #1 document that limitiations of the current "security model", which most importantly means telling people very directly that these are profiles and not actual security-safe accounts. Michael mentioned we had such a document. If so, we should dig it out and publish it, if not, we should create at least a small one ;) #2 fix the most important things without major change (I think about the % userid/password issue). My goal here would be to fix what can be done very quickly and have a better version online. We could then also fork phplogcon into a stable and a development branch, where stable just receives the most important things (but is stable ;)) while development would be the (b)leading edge, at which allmost all further work is conducted. Feedback is highly appreciated. Many thanks, Rainer From rgerhards at hq.adiscon.com Wed Dec 7 09:40:40 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:40:40 +0100 Subject: [Phplogcon-dev] enhanced "message must contain" filter Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4011@grfint2.intern.adiscon.com> I think we should just add it to the todo list as a feature request. I agree that the other topics are more important. From the feedback I received, it might be a less enormous task than it sounds, but that can be seen once we are there ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 8:10 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] enhanced "message must contain" filter > > WOW, that is a big one. Certainly possible, this should be > considered for a > 2.0 release! Let's concentrate on the DB, security and layout for > 1.x.xreleases. > > We can introduce a new page with this type of search. We > should also be able > to utilize SQL language for searching and indexing. > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > Please not in the current CVS version we have already build > in support > > to search a message for multiple words. > > > > However we want to enhance the "message must contain" > filter further. It > > would be great it is more useable like google searching, > e.g. search for > > a term enclosed in double quotes like "foo bar" or for > and/or conditions > > (foo OR bar). > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 09:45:22 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:45:22 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4012@grfint2.intern.adiscon.com> Brian, please let me elaborate why I proposed some time ago to use a different db abstraction layer. Just so that we remember the reasoning. The db abstraction layer we have done works, but is a bit "rough" and also limits the abilities to use SQL to its full extent. At least this is what has been discussed so far. My hopes for a layer like Pear is that it provides a higher-level abstraction with better functionality. So my main objective behind that would not be to support additional databases (although this definitely is a secondary goal) but to have cleaner and more capable code inside phpLogCon. In the light of this, I'd propose to not support MSSQL and MySQL natively, because that would require us to continue to use our own layer, which seems to have some issues. Of course, the question is what implications Pear has - e.g. performance-wise. I hope this clarifies and initiates another round of good discussions ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 6:37 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > The Pear DB sounds good, i have the pear lib installed and > have used it > before. I can modify the session handlers to include pear > support. It would > be a good idea to have native support for mssql/mysql for > those that can't > use pear. I think those two are probably the most widely used DBs. All > other's can be supported by pear. > > That item has been added to the TODO list. > > > On 12/6/05, Michael Meckelein wrote: > > > > Hi, > > > > I will discuss each topic in a separate email on the list. > I think it is > > easier for tracking. > > > > One of the most desired items for phpLogCon is a database > abstraction > > layer. We have already implemented our own db abstraction > layer, but it > > is more or less an 'it does, but it not perfect' one (also it only > > supports mysql, mssql and access). > > > > We had often trouble to get all supported database working. > Therefore we > > have considered to use a third party db abstraction layer > like pear:db > > [1] or adodb for phpLogCon. > > > > Brian, as you mentioned, the session handler only works > with mysql. If > > we want support other db we have to write a wrapper. Maybe > it is a good > > time to implement the third party stuff now in order to get > rid of all > > the trouble with different db. > > > > Brian, how does it sound? Maybe you have already experience > with db:pear > > or adodb? I have already tested both in smaller projects. I > personally > > prefer db:pear, but both are powerful and easy to use. > > > > [1] pear::db > > http://pear.php.net/package/DB > > [2] ADOdb > > http://adodb.sourceforge.net/ > > > > Best Regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 12:39:00 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 12:39:00 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41F@grfint2.intern.adiscon.com> > Of course, the question is what implications Pear has - e.g. > performance-wise. Of course, abstraction layer have naturally impact on performance. I did some research about pear::db performance. I was surprised some say "PEAR::DB code will run at about 3/8 the speed of the equivalent DBMS-specific code" [1]. Also found some benchmark indicating that is true [2][3]. As I already wrote, I have used pear::db in small projects and it works great. The impact of the abstraction layer was hardly noticeable (subjective), but I have not made any performance testing. "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good decision indicates that it worth to use a db abstraction layer. I support this approach since I know about the trouble, testing and time effort for developing your own db wrapper. Michael [1] Impaired performance of pear::db http://www.hudzilla.org/phpbook/read.php/9_6_4 [2] simple benchmark (08/13/02) comparing some db abstraction layer http://freshmeat.net/screenshots/30313/ [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL http://phplens.com/lens/adodb/ [4] Is PEAR DB worth using?" http://groups.google.com/group/comp.lang.php/browse_frm/thread/1d1dca65e 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en From mmeckelein at hq.adiscon.com Wed Dec 7 13:01:53 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 13:01:53 +0100 Subject: [Phplogcon-dev] release structure Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> > Anyhow, we should remember that the whole thing started when Brian > detected some security issues. The currently distributed source still > contains them. So I think it is definitely time to do something against > it. ACK. > I propose we do the following: > > #1 document that limitiations of the current "security model", which > most importantly means telling people very directly that these are > profiles and not actual security-safe accounts. Michael mentioned we had > such a document. If so, we should dig it out and publish it, if not, we > should create at least a small one ;) I didn't find such document. Probably it was discussed by email or chat. I know we have discussed, but obviously missed to document. We should immediately document that out. Beside to mention it in the manual, should we create a faq e.g. telling how to use .htaccess for example? > > #2 fix the most important things without major change (I think about the > % userid/password issue). My goal here would be to fix what can be done > very quickly and have a better version online. Timm, please take the current code from the cvs and merge Brian's bug fixes (http://www.hackthebox.org/) into it as soon as possible. Then we can make a release of this branch. Note that beside the security fixes this release will also include some minor fixes which already made and the Database options page Timm has implemented. > We could then also fork phplogcon into a stable and a development > branch, where stable just receives the most important things (but is > stable ;)) while development would be the (b)leading edge, at which > allmost all further work is conducted. Sounds good. It is the common way for open source development, isn't it? Michael From rgerhards at hq.adiscon.com Wed Dec 7 15:48:09 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 15:48:09 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E401D@grfint2.intern.adiscon.com> Well... I've gone through the references and my guess is that Pear will probably be not that bad in our case (though ADOdb might be something we should look at). My reason is that I think we do relatively simply queries. Anyhow, these simple queries can relate to a lot of i/o at the database itself, which probably turns out to be the botleneck. Of course, nothing of this is verified, but I have the strong impression that performance will not be that much of an issue (well, to be precisely "performance of the abstraction layer" - performance per se *is* an issue, especially with the potentially huge amounts of data we have in syslog... ;)). So my educated (but unverified) opinion is that it would probably be worth looking at Pear. I Am still of the view that native DB support via our own layer is causing more trouble than it is worth. My 2cts... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 12:39 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > Of course, the question is what implications Pear has - e.g. > > performance-wise. > > Of course, abstraction layer have naturally impact on > performance. I did > some research about pear::db performance. I was surprised some say > "PEAR::DB code will run at about 3/8 the speed of the equivalent > DBMS-specific code" [1]. Also found some benchmark indicating that is > true [2][3]. > > As I already wrote, I have used pear::db in small projects > and it works > great. The impact of the abstraction layer was hardly noticeable > (subjective), but I have not made any performance testing. > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > decision indicates that it worth to use a db abstraction layer. I > support this approach since I know about the trouble, testing and time > effort for developing your own db wrapper. > > Michael > > [1] Impaired performance of pear::db > http://www.hudzilla.org/phpbook/read.php/9_6_4 > [2] simple benchmark (08/13/02) comparing some db abstraction layer > http://freshmeat.net/screenshots/30313/ > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL > http://phplens.com/lens/adodb/ > [4] Is PEAR DB worth using?" > http://groups.google.com/group/comp.lang.php/browse_frm/thread > /1d1dca65e > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 15:49:49 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 15:49:49 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> Brian, This approach works only in a linux environment. Note that Windows uses \ instead linux's / for directory browsing. E.g. file in - windows: c:\webserver\phplogcon\config.php - linux: /var/www/phplogcon/config.php Furthermore, I have to admit that I am not aware of an actually security issue by accessing those file directly via url. Of course it is not intended to call files like config.php directly. To prohibit accessing files directly which are not intended to access directly is of course a good security concept. But maybe I oversee a security issue with the current (without your check) approach? Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Wednesday, December 07, 2005 6:36 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > Michael, here is the code section that will disallow access to php files > from the URL. > > It basically looks at the file name in the $_SERVER[script_name] to see if > it mathces itself. > > // BGS -- do not allow access from URL > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > $_SERVER['SCRIPT_NAME'], "/" )); > > if( $filename == $requestname ) > { > session_unset(); > header("Location: ../index.php"); > exit; > } > // BGS end > > > > On 12/6/05, Brian Shea wrote: > > > > The code is just below the GNU license marked with > > > > // BGS -- > > > > // BGS end > > > > the first section is the trailing '/' (slash) removal, the second > section > > is the diss allow. I dont have the code in front of me to look at. > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > Hi Brian, > > > > > > I need your help. Please can you point me to where I can find the > > > following modification? > > > > > > > added php code to not allow certain files to be access by the > > > > URL!!! esp. include.php and config.php > > > > > > Thank you. > > > > > > Best regards, > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Wed Dec 7 16:05:24 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 16:05:24 +0100 Subject: [Phplogcon-dev] duplicated code Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> Hi Brian, I noticed that you use duplicated code in some files. The code snippet below is in e.g. auth.php, config.php, include.php, ... Wouldn't it be better to put it into a function onto the top in include.php? // BGS -- This will remove the trailin / in a uri like .../index.php/ // This causes the directories to get mucked up. // Patch from http://www.php.net/manual/en/ref.apache.php by henk_nicolai at REMOVE-THIS at hotmail dot com $req = $_SERVER['REQUEST_URI']; // Remove rubbish. $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', $_SERVER['SCRIPT_NAME'], $req); if (strlen($newReq) < strlen($req)) { header ('Location: '.$newReq); header ('HTTP/1.0 301 Moved Permanently'); die; // Don't send any more output. } unset($req); unset($newReq); // BGS end // BGS -- do not all access from URI $filename = substr(__FILE__, strrpos( __FILE__, "/" )); $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( $_SERVER['SCRIPT_NAME'], "/" )); if( $filename == $requestname ) { session_unset(); header("Location: ../index.php"); exit; } // BGS end Michael From mmeckelein at hq.adiscon.com Wed Dec 7 16:14:25 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 16:14:25 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> > Well... I've gone through the references and my guess is that Pear will > probably be not that bad in our case (though ADOdb might be something we > should look at). This -> > My reason is that I think we do relatively simply > queries. Anyhow, these simple queries can relate to a lot of i/o at the > database itself, which probably turns out to be the botleneck. is exactly the point. phpLogCon does not bother the database with a high amount of queries. The queries are typical simple as Rainer mentioned. Just using some where clauses and only SystemEvents table have to select if phplogcon works with data. Michael >Of > course, nothing of this is verified, but I have the strong impression > that performance will not be that much of an issue (well, to be > precisely "performance of the abstraction layer" - performance per se > *is* an issue, especially with the potentially huge amounts of data we > have in syslog... ;)). > > So my educated (but unverified) opinion is that it would probably be > worth looking at Pear. I Am still of the view that native DB support via > our own layer is causing more trouble than it is worth. > > My 2cts... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 12:39 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > > > Of course, the question is what implications Pear has - e.g. > > > performance-wise. > > > > Of course, abstraction layer have naturally impact on > > performance. I did > > some research about pear::db performance. I was surprised some say > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > DBMS-specific code" [1]. Also found some benchmark indicating that is > > true [2][3]. > > > > As I already wrote, I have used pear::db in small projects > > and it works > > great. The impact of the abstraction layer was hardly noticeable > > (subjective), but I have not made any performance testing. > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > > decision indicates that it worth to use a db abstraction layer. I > > support this approach since I know about the trouble, testing and time > > effort for developing your own db wrapper. > > > > Michael > > > > [1] Impaired performance of pear::db > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > [2] simple benchmark (08/13/02) comparing some db abstraction layer > > http://freshmeat.net/screenshots/30313/ > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL > > http://phplens.com/lens/adodb/ > > [4] Is PEAR DB worth using?" > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > /1d1dca65e > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From bgshea at gmail.com Wed Dec 7 16:52:32 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 08:52:32 -0700 Subject: [Phplogcon-dev] release structure In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070752n678e178cve529919475811480@mail.gmail.com> Completely agree to to sable and beta versions!! 1.2.1 Can be fixed easily for the % char, but the cookies will need much more work. But if you tell people about the problem, then they can take the proper precautions. This can be found in auth.php for 1.2.4_bgs, it will handle all characters that we might want to limit in the future. // Check for special sql characters function invalid_chars( $string ) { $bad_list = array("'",'"',"%"," "); foreach( $bad_list as $needle ) { if( strpos( $string, $needle ) !== FALSE ) { return TRUE; } } return FALSE; } Example how to use it if( invalid_chars( $user ) || invalid_chars( $pass ) ) {// BAD WriteHead('phpLogCon :: ' , _MSGAccDen, '', '', _MSGAccDen, 0); print '
..:: ' . _MSGNamInvChr . ' ::..
'; echo '
..:: ', _MSGBac2Ind, ' ::..'; WriteFooter(); exit; } else { //GOOD } NOTE TO MYSELF: make gmail insert > for replies to messages. On 12/7/05, Michael Meckelein wrote: > > > Anyhow, we should remember that the whole thing started when Brian > > detected some security issues. The currently distributed source still > > contains them. So I think it is definitely time to do something > against > > it. > > ACK. > > > I propose we do the following: > > > > #1 document that limitiations of the current "security model", which > > most importantly means telling people very directly that these are > > profiles and not actual security-safe accounts. Michael mentioned we > had > > such a document. If so, we should dig it out and publish it, if not, > we > > should create at least a small one ;) > > I didn't find such document. Probably it was discussed by email or chat. > I know we have discussed, but obviously missed to document. We should > immediately document that out. Beside to mention it in the manual, > should we create a faq e.g. telling how to use .htaccess for example? > > > > > #2 fix the most important things without major change (I think about > the > > % userid/password issue). My goal here would be to fix what can be > done > > very quickly and have a better version online. > > Timm, please take the current code from the cvs and merge Brian's bug > fixes (http://www.hackthebox.org/) into it as soon as possible. Then we > can make a release of this branch. Note that beside the security fixes > this release will also include some minor fixes which already made and > the Database options page Timm has implemented. > > > We could then also fork phplogcon into a stable and a development > > branch, where stable just receives the most important things (but is > > stable ;)) while development would be the (b)leading edge, at which > > allmost all further work is conducted. > > Sounds good. It is the common way for open source development, isn't it? > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 16:58:00 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 08:58:00 -0700 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070758m46ea70cavee116c3927a0c344@mail.gmail.com> Ah, that would be a problem. Easily fixed with a config setting or checking the os environment. Nor do i, buy why let someone else find it and exploit it if one does exist!!! This is more for the type of files i use in 1.2.4_bgs where all the Auth is done in index.php and each page is loaded by an include statement. I'm just so use to having them there that i feel better with them. On 12/7/05, Michael Meckelein wrote: > > Brian, > > This approach works only in a linux environment. Note that Windows uses > \ instead linux's / for directory browsing. > > E.g. file in > - windows: c:\webserver\phplogcon\config.php > - linux: /var/www/phplogcon/config.php > > Furthermore, I have to admit that I am not aware of an actually security > issue by accessing those file directly via url. Of course it is not > intended to call files like config.php directly. To prohibit accessing > files directly which are not intended to access directly is of course a > good security concept. But maybe I oversee a security issue with the > current (without your check) approach? > > Michael > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > bounces at lists.adiscon.com] On Behalf Of Brian Shea > > Sent: Wednesday, December 07, 2005 6:36 AM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > > > Michael, here is the code section that will disallow access to php > files > > from the URL. > > > > It basically looks at the file name in the $_SERVER[script_name] to > see if > > it mathces itself. > > > > // BGS -- do not allow access from URL > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > $_SERVER['SCRIPT_NAME'], "/" )); > > > > if( $filename == $requestname ) > > { > > session_unset(); > > header("Location: ../index.php"); > > exit; > > } > > // BGS end > > > > > > > > On 12/6/05, Brian Shea wrote: > > > > > > The code is just below the GNU license marked with > > > > > > // BGS -- > > > > > > // BGS end > > > > > > the first section is the trailing '/' (slash) removal, the second > > section > > > is the diss allow. I dont have the code in front of me to look at. > > > > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > > > Hi Brian, > > > > > > > > I need your help. Please can you point me to where I can find the > > > > following modification? > > > > > > > > > added php code to not allow certain files to be access by the > > > > > URL!!! esp. include.php and config.php > > > > > > > > Thank you. > > > > > > > > Best regards, > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:00:33 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:00:33 -0700 Subject: [Phplogcon-dev] duplicated code In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070800t2ed5eb10l4a58217ca6c248ce@mail.gmail.com> Can't, unless certain varibles are passed becuse the code looks at the file the code is in, and sometimes I need header("Location: ../index.php"); or header("Location: index.php"); Look close, one has ../index.php the other does not. I've always just seen it place at the top of every file as needed. On 12/7/05, Michael Meckelein wrote: > > Hi Brian, > > I noticed that you use duplicated code in some files. The code snippet > below is in e.g. auth.php, config.php, include.php, ... > > Wouldn't it be better to put it into a function onto the top in > include.php? > > // BGS -- This will remove the trailin / in a uri like .../index.php/ > // This causes the directories to get mucked up. > // Patch from http://www.php.net/manual/en/ref.apache.php by > henk_nicolai at REMOVE-THIS at hotmail dot com > $req = $_SERVER['REQUEST_URI']; > // Remove rubbish. > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > $_SERVER['SCRIPT_NAME'], $req); > if (strlen($newReq) < strlen($req)) > { > header ('Location: '.$newReq); > header ('HTTP/1.0 301 Moved Permanently'); > die; // Don't send any more output. > } > unset($req); > unset($newReq); > // BGS end > // BGS -- do not all access from URI > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > $_SERVER['SCRIPT_NAME'], "/" )); > if( $filename == $requestname ) > { > session_unset(); > header("Location: ../index.php"); > exit; > } > // BGS end > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:01:47 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:01:47 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4024@grfint2.intern.adiscon.com> Warning: the php-noob is writing about php ;) Would it be possible in php to set a variable (let's call if "validcall") in the main file and check that in each of the to-be-included files? So if they would be called directly, "validcall" would be unset. I've just similar things in ASP apps in the dark ages ;) It sounds pretty OS-independent but I am probably not aware of the quirks ;) Rainer PS: I think there isn't such thing as "too much security"... > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 4:58 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > Ah, that would be a problem. Easily fixed with a config > setting or checking > the os environment. > > Nor do i, buy why let someone else find it and exploit it if one does > exist!!! > > This is more for the type of files i use in 1.2.4_bgs where > all the Auth is > done in index.php and each page is loaded by an include statement. > > I'm just so use to having them there that i feel better with them. > > > > On 12/7/05, Michael Meckelein wrote: > > > > Brian, > > > > This approach works only in a linux environment. Note that > Windows uses > > \ instead linux's / for directory browsing. > > > > E.g. file in > > - windows: c:\webserver\phplogcon\config.php > > - linux: /var/www/phplogcon/config.php > > > > Furthermore, I have to admit that I am not aware of an > actually security > > issue by accessing those file directly via url. Of course it is not > > intended to call files like config.php directly. To > prohibit accessing > > files directly which are not intended to access directly is > of course a > > good security concept. But maybe I oversee a security issue with the > > current (without your check) approach? > > > > Michael > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev- > > > bounces at lists.adiscon.com] On Behalf Of Brian Shea > > > Sent: Wednesday, December 07, 2005 6:36 AM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > > > > > Michael, here is the code section that will disallow access to php > > files > > > from the URL. > > > > > > It basically looks at the file name in the > $_SERVER[script_name] to > > see if > > > it mathces itself. > > > > > > // BGS -- do not allow access from URL > > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > > $_SERVER['SCRIPT_NAME'], "/" )); > > > > > > if( $filename == $requestname ) > > > { > > > session_unset(); > > > header("Location: ../index.php"); > > > exit; > > > } > > > // BGS end > > > > > > > > > > > > On 12/6/05, Brian Shea wrote: > > > > > > > > The code is just below the GNU license marked with > > > > > > > > // BGS -- > > > > > > > > // BGS end > > > > > > > > the first section is the trailing '/' (slash) removal, > the second > > > section > > > > is the diss allow. I dont have the code in front of me > to look at. > > > > > > > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > > > > > Hi Brian, > > > > > > > > > > I need your help. Please can you point me to where I > can find the > > > > > following modification? > > > > > > > > > > > added php code to not allow certain files to be > access by the > > > > > > URL!!! esp. include.php and config.php > > > > > > > > > > Thank you. > > > > > > > > > > Best regards, > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:05:10 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:05:10 +0100 Subject: [Phplogcon-dev] duplicated code Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> another php-noob suggestion... what if that function would be place in *another* include file that is included in the not-to-be-directly called pages. Then, that function could be passed in the proper redirect location. Let me use a sample, NOT in php (pseudo-php at best ;)) in notToBeCalled.php include check.php call checker("../index.php") in check.php checker(redirect) do checking redirect to "redirect" in case of error I hope this conveys what I intend to say... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 5:01 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] duplicated code > > Can't, unless certain varibles are passed becuse the code > looks at the file > the code is in, and sometimes I need > > header("Location: ../index.php"); > > or > > header("Location: index.php"); > > Look close, one has ../index.php the other does not. > > I've always just seen it place at the top of every file as needed. > > On 12/7/05, Michael Meckelein wrote: > > > > Hi Brian, > > > > I noticed that you use duplicated code in some files. The > code snippet > > below is in e.g. auth.php, config.php, include.php, ... > > > > Wouldn't it be better to put it into a function onto the top in > > include.php? > > > > // BGS -- This will remove the trailin / in a uri like > .../index.php/ > > // This causes the directories to get mucked up. > > // Patch from http://www.php.net/manual/en/ref.apache.php by > > henk_nicolai at REMOVE-THIS at hotmail dot com > > $req = $_SERVER['REQUEST_URI']; > > // Remove rubbish. > > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > > $_SERVER['SCRIPT_NAME'], $req); > > if (strlen($newReq) < strlen($req)) > > { > > header ('Location: '.$newReq); > > header ('HTTP/1.0 301 Moved Permanently'); > > die; // Don't send any more output. > > } > > unset($req); > > unset($newReq); > > // BGS end > > // BGS -- do not all access from URI > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > $_SERVER['SCRIPT_NAME'], "/" )); > > if( $filename == $requestname ) > > { > > session_unset(); > > header("Location: ../index.php"); > > exit; > > } > > // BGS end > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:08:28 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:08:28 -0700 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070808y6a449911g4bce0ad4e59683e6@mail.gmail.com> Agree, we are not a high volume application. Side note: Maybe a good thing to slow it down in the case of brute force password cracking. (Users Table). (scripts can do this, not for us to worry about, yet). On 12/7/05, Michael Meckelein wrote: > > > Well... I've gone through the references and my guess is that Pear > will > > probably be not that bad in our case (though ADOdb might be something > we > > should look at). > > This -> > > > My reason is that I think we do relatively simply > > queries. Anyhow, these simple queries can relate to a lot of i/o at > the > > database itself, which probably turns out to be the botleneck. > > is exactly the point. phpLogCon does not bother the database with a high > amount of queries. The queries are typical simple as Rainer mentioned. > Just using some where clauses and only SystemEvents table have to select > if phplogcon works with data. > > Michael > > >Of > > course, nothing of this is verified, but I have the strong impression > > that performance will not be that much of an issue (well, to be > > precisely "performance of the abstraction layer" - performance per se > > *is* an issue, especially with the potentially huge amounts of data we > > have in syslog... ;)). > > > > So my educated (but unverified) opinion is that it would probably be > > worth looking at Pear. I Am still of the view that native DB support > via > > our own layer is causing more trouble than it is worth. > > > > My 2cts... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > phpLogCon > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > performance-wise. > > > > > > Of course, abstraction layer have naturally impact on > > > performance. I did > > > some research about pear::db performance. I was surprised some say > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > DBMS-specific code" [1]. Also found some benchmark indicating that > is > > > true [2][3]. > > > > > > As I already wrote, I have used pear::db in small projects > > > and it works > > > great. The impact of the abstraction layer was hardly noticeable > > > (subjective), but I have not made any performance testing. > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > > > decision indicates that it worth to use a db abstraction layer. I > > > support this approach since I know about the trouble, testing and > time > > > effort for developing your own db wrapper. > > > > > > Michael > > > > > > [1] Impaired performance of pear::db > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > [2] simple benchmark (08/13/02) comparing some db abstraction layer > > > http://freshmeat.net/screenshots/30313/ > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > MySQL > > > http://phplens.com/lens/adodb/ > > > [4] Is PEAR DB worth using?" > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > /1d1dca65e > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:11:21 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:11:21 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> hehe... another low priority todo list item - tarpiting attacks (after all, such a brute force may case the system to exhaust its ressources...) --Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 5:08 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > Agree, we are not a high volume application. > > Side note: > Maybe a good thing to slow it down in the case of brute > force password > cracking. (Users Table). (scripts can do this, not for us to > worry about, > yet). > > > On 12/7/05, Michael Meckelein wrote: > > > > > Well... I've gone through the references and my guess is that Pear > > will > > > probably be not that bad in our case (though ADOdb might > be something > > we > > > should look at). > > > > This -> > > > > > My reason is that I think we do relatively simply > > > queries. Anyhow, these simple queries can relate to a lot > of i/o at > > the > > > database itself, which probably turns out to be the botleneck. > > > > is exactly the point. phpLogCon does not bother the > database with a high > > amount of queries. The queries are typical simple as Rainer > mentioned. > > Just using some where clauses and only SystemEvents table > have to select > > if phplogcon works with data. > > > > Michael > > > > >Of > > > course, nothing of this is verified, but I have the > strong impression > > > that performance will not be that much of an issue (well, to be > > > precisely "performance of the abstraction layer" - > performance per se > > > *is* an issue, especially with the potentially huge > amounts of data we > > > have in syslog... ;)). > > > > > > So my educated (but unverified) opinion is that it would > probably be > > > worth looking at Pear. I Am still of the view that native > DB support > > via > > > our own layer is causing more trouble than it is worth. > > > > > > My 2cts... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > > phpLogCon > > > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > > performance-wise. > > > > > > > > Of course, abstraction layer have naturally impact on > > > > performance. I did > > > > some research about pear::db performance. I was > surprised some say > > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > > DBMS-specific code" [1]. Also found some benchmark > indicating that > > is > > > > true [2][3]. > > > > > > > > As I already wrote, I have used pear::db in small projects > > > > and it works > > > > great. The impact of the abstraction layer was hardly noticeable > > > > (subjective), but I have not made any performance testing. > > > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. > It's a good > > > > decision indicates that it worth to use a db > abstraction layer. I > > > > support this approach since I know about the trouble, > testing and > > time > > > > effort for developing your own db wrapper. > > > > > > > > Michael > > > > > > > > [1] Impaired performance of pear::db > > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > > [2] simple benchmark (08/13/02) comparing some db > abstraction layer > > > > http://freshmeat.net/screenshots/30313/ > > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > > MySQL > > > > http://phplens.com/lens/adodb/ > > > > [4] Is PEAR DB worth using?" > > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > > /1d1dca65e > > > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:13:36 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:13:36 -0700 Subject: [Phplogcon-dev] duplicated code In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070813g57855463u745b747e667b8d0@mail.gmail.com> Got it,sudo code is fine. Wont work like that with out __FILE__ You need to pass the __FILE__ (special varible in php to give the file name) so checker(__FILE__, $wheretogo); or no functions in notToBeCalled.php and just set $me = __FILE__; $wheretogo="home_sweet_home"; include notToBeCalled.php //will get here if all is good. unset($me); unset($wheretogo); The first trailing '/' can be a function. Nothing special there. On 12/7/05, Rainer Gerhards wrote: > > another php-noob suggestion... > > what if that function would be place in *another* include file that is > included in the not-to-be-directly called pages. Then, that function > could be passed in the proper redirect location. > > Let me use a sample, NOT in php (pseudo-php at best ;)) > > in notToBeCalled.php > include check.php > call checker("../index.php") > > in check.php > checker(redirect) > do checking > redirect to "redirect" in case of error > > I hope this conveys what I intend to say... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Wednesday, December 07, 2005 5:01 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] duplicated code > > > > Can't, unless certain varibles are passed becuse the code > > looks at the file > > the code is in, and sometimes I need > > > > header("Location: ../index.php"); > > > > or > > > > header("Location: index.php"); > > > > Look close, one has ../index.php the other does not. > > > > I've always just seen it place at the top of every file as needed. > > > > On 12/7/05, Michael Meckelein wrote: > > > > > > Hi Brian, > > > > > > I noticed that you use duplicated code in some files. The > > code snippet > > > below is in e.g. auth.php, config.php, include.php, ... > > > > > > Wouldn't it be better to put it into a function onto the top in > > > include.php? > > > > > > // BGS -- This will remove the trailin / in a uri like > > .../index.php/ > > > // This causes the directories to get mucked up. > > > // Patch from http://www.php.net/manual/en/ref.apache.php by > > > henk_nicolai at REMOVE-THIS at hotmail dot com > > > $req = $_SERVER['REQUEST_URI']; > > > // Remove rubbish. > > > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > > > $_SERVER['SCRIPT_NAME'], $req); > > > if (strlen($newReq) < strlen($req)) > > > { > > > header ('Location: '.$newReq); > > > header ('HTTP/1.0 301 Moved Permanently'); > > > die; // Don't send any more output. > > > } > > > unset($req); > > > unset($newReq); > > > // BGS end > > > // BGS -- do not all access from URI > > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > > $_SERVER['SCRIPT_NAME'], "/" )); > > > if( $filename == $requestname ) > > > { > > > session_unset(); > > > header("Location: ../index.php"); > > > exit; > > > } > > > // BGS end > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:18:12 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:18:12 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C425@grfint2.intern.adiscon.com> Brian wrote: > Side note: > Maybe a good thing to slow it down in the case of brute force password > cracking. (Users Table). (scripts can do this, not for us to worry about, > yet). Rainer wrote: > hehe... another low priority todo list item - tarpiting attacks (after > all, such a brute force may case the system to exhaust its > ressources...) As a simply approach we can log failed login attempts. E.g. if there are more than three failed login attempts in a minute, we can disable the login for this user for some minutes. Michael From rgerhards at hq.adiscon.com Wed Dec 7 17:20:28 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:20:28 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4028@grfint2.intern.adiscon.com> Is there something like a sleep() call in php? Sleep(), in most OS, is a way to tell the OS that the callig process has no interest in being executed for the specified amount of time. If such a beast exists, we could sleep() a few ms for each wrong login and maybe up to 30 seconds as the failures increase... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:18 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] brute force password cracking prevention > > Brian wrote: > > Side note: > > Maybe a good thing to slow it down in the case of brute force > password > > cracking. (Users Table). (scripts can do this, not for us to worry > about, > > yet). > > Rainer wrote: > > hehe... another low priority todo list item - tarpiting > attacks (after > > all, such a brute force may case the system to exhaust its > > ressources...) > > As a simply approach we can log failed login attempts. E.g. > if there are > more than three failed login attempts in a minute, we can disable the > login for this user for some minutes. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:23:05 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:23:05 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C427@grfint2.intern.adiscon.com> > Is there something like a sleep() call in php? Of course, it is. http://www.php.net/sleep Michael > Sleep(), in most OS, is a > way to tell the OS that the callig process has no interest in being > executed for the specified amount of time. > > If such a beast exists, we could sleep() a few ms for each wrong login > and maybe up to 30 seconds as the failures increase... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:18 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > Brian wrote: > > > Side note: > > > Maybe a good thing to slow it down in the case of brute force > > password > > > cracking. (Users Table). (scripts can do this, not for us to worry > > about, > > > yet). > > > > Rainer wrote: > > > hehe... another low priority todo list item - tarpiting > > attacks (after > > > all, such a brute force may case the system to exhaust its > > > ressources...) > > > > As a simply approach we can log failed login attempts. E.g. > > if there are > > more than three failed login attempts in a minute, we can disable the > > login for this user for some minutes. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From rgerhards at hq.adiscon.com Wed Dec 7 17:30:11 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:30:11 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402B@grfint2.intern.adiscon.com> OK, I propose to usleep((f/2)*1000000+200000) where f is the number of failed logins. f should not be allowed to grow larger than 60, because I think we will get into trouble with php execution timeout (there is one, isn't it? ;)) at some point. Please note that the +200000 handles the case of just one invalid login. How does this sound? Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:23 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > Is there something like a sleep() call in php? > > Of course, it is. > http://www.php.net/sleep > > Michael > > > > Sleep(), in most OS, is a > > way to tell the OS that the callig process has no interest in being > > executed for the specified amount of time. > > > > If such a beast exists, we could sleep() a few ms for each > wrong login > > and maybe up to 30 seconds as the failures increase... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > Brian wrote: > > > > Side note: > > > > Maybe a good thing to slow it down in the case of brute force > > > password > > > > cracking. (Users Table). (scripts can do this, not for > us to worry > > > about, > > > > yet). > > > > > > Rainer wrote: > > > > hehe... another low priority todo list item - tarpiting > > > attacks (after > > > > all, such a brute force may case the system to exhaust its > > > > ressources...) > > > > > > As a simply approach we can log failed login attempts. E.g. > > > if there are > > > more than three failed login attempts in a minute, we can disable > the > > > login for this user for some minutes. > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From alorbach at ro1.adiscon.com Wed Dec 7 17:31:09 2005 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Wed, 7 Dec 2005 17:31:09 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: Hi, Finally I can also say something here ;) A sleep of 1000 ms "if" the password was wrong would slow down a brute force attack. Sounds like a good idea. Regards, Andre > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:23 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > Is there something like a sleep() call in php? > > Of course, it is. > http://www.php.net/sleep > > Michael > > > > Sleep(), in most OS, is a > > way to tell the OS that the callig process has no interest in being > > executed for the specified amount of time. > > > > If such a beast exists, we could sleep() a few ms for each > wrong login > > and maybe up to 30 seconds as the failures increase... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > Brian wrote: > > > > Side note: > > > > Maybe a good thing to slow it down in the case of brute force > > > password > > > > cracking. (Users Table). (scripts can do this, not for > us to worry > > > about, > > > > yet). > > > > > > Rainer wrote: > > > > hehe... another low priority todo list item - tarpiting > > > attacks (after > > > > all, such a brute force may case the system to exhaust its > > > > ressources...) > > > > > > As a simply approach we can log failed login attempts. E.g. > > > if there are > > > more than three failed login attempts in a minute, we can disable > the > > > login for this user for some minutes. > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:33:15 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:33:15 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402C@grfint2.intern.adiscon.com> oh, and one thing: we would probably need to track failed logins on a per-ip basis (beware of concurrent requests). Now this simple thing begins to become complicated ;) Anyhow, I think we are far enough to create a todo item (but not to solve it). Is there agreement? Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Andre Lorbach > Sent: Wednesday, December 07, 2005 5:31 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > Hi, > > Finally I can also say something here ;) > A sleep of 1000 ms "if" the password was wrong would slow down a brute > force attack. Sounds like a good idea. > > Regards, > Andre > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:23 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > > Is there something like a sleep() call in php? > > > > Of course, it is. > > http://www.php.net/sleep > > > > Michael > > > > > > > Sleep(), in most OS, is a > > > way to tell the OS that the callig process has no > interest in being > > > executed for the specified amount of time. > > > > > > If such a beast exists, we could sleep() a few ms for each > > wrong login > > > and maybe up to 30 seconds as the failures increase... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > > Brian wrote: > > > > > Side note: > > > > > Maybe a good thing to slow it down in the case of brute force > > > > password > > > > > cracking. (Users Table). (scripts can do this, not for > > us to worry > > > > about, > > > > > yet). > > > > > > > > Rainer wrote: > > > > > hehe... another low priority todo list item - tarpiting > > > > attacks (after > > > > > all, such a brute force may case the system to exhaust its > > > > > ressources...) > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > if there are > > > > more than three failed login attempts in a minute, we > can disable > > the > > > > login for this user for some minutes. > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:35:21 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:35:21 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C428@grfint2.intern.adiscon.com> Actually, maximum execution time is 30 seconds by default. Editable in php.ini (max_execution_time). Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > Sent: Wednesday, December 07, 2005 5:30 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > OK, I propose to usleep((f/2)*1000000+200000) where f is the number of > failed logins. f should not be allowed to grow larger than 60, because I > think we will get into trouble with php execution timeout (there is one, > isn't it? ;)) at some point. Please note that the +200000 handles the > case of just one invalid login. > > How does this sound? > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:23 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > > > Is there something like a sleep() call in php? > > > > Of course, it is. > > http://www.php.net/sleep > > > > Michael > > > > > > > Sleep(), in most OS, is a > > > way to tell the OS that the callig process has no interest in being > > > executed for the specified amount of time. > > > > > > If such a beast exists, we could sleep() a few ms for each > > wrong login > > > and maybe up to 30 seconds as the failures increase... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > > > Brian wrote: > > > > > Side note: > > > > > Maybe a good thing to slow it down in the case of brute force > > > > password > > > > > cracking. (Users Table). (scripts can do this, not for > > us to worry > > > > about, > > > > > yet). > > > > > > > > Rainer wrote: > > > > > hehe... another low priority todo list item - tarpiting > > > > attacks (after > > > > > all, such a brute force may case the system to exhaust its > > > > > ressources...) > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > if there are > > > > more than three failed login attempts in a minute, we can disable > > the > > > > login for this user for some minutes. > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From rgerhards at hq.adiscon.com Wed Dec 7 17:36:48 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:36:48 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> ok, so "f" should not grow larger than 50 (25.2 seconds sleep time). --Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:35 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > Actually, maximum execution time is 30 seconds by default. Editable in > php.ini (max_execution_time). > > Michael > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > > Sent: Wednesday, December 07, 2005 5:30 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > OK, I propose to usleep((f/2)*1000000+200000) where f is > the number of > > failed logins. f should not be allowed to grow larger than > 60, because > I > > think we will get into trouble with php execution timeout (there is > one, > > isn't it? ;)) at some point. Please note that the +200000 > handles the > > case of just one invalid login. > > > > How does this sound? > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:23 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > Is there something like a sleep() call in php? > > > > > > Of course, it is. > > > http://www.php.net/sleep > > > > > > Michael > > > > > > > > > > Sleep(), in most OS, is a > > > > way to tell the OS that the callig process has no interest in > being > > > > executed for the specified amount of time. > > > > > > > > If such a beast exists, we could sleep() a few ms for each > > > wrong login > > > > and maybe up to 30 seconds as the failures increase... > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Michael Meckelein > > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > > > > Brian wrote: > > > > > > Side note: > > > > > > Maybe a good thing to slow it down in the case of > brute force > > > > > password > > > > > > cracking. (Users Table). (scripts can do this, not for > > > us to worry > > > > > about, > > > > > > yet). > > > > > > > > > > Rainer wrote: > > > > > > hehe... another low priority todo list item - tarpiting > > > > > attacks (after > > > > > > all, such a brute force may case the system to exhaust its > > > > > > ressources...) > > > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > > if there are > > > > > more than three failed login attempts in a minute, we can > disable > > > the > > > > > login for this user for some minutes. > > > > > > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 18:40:38 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 12:40:38 -0500 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070940j4ff9ea9du5c4a87a2746b5986@mail.gmail.com> text_CAPATCHA, think i spelled it right, look at pear, this could be (required/optional) for login along with passwords Rev 2 issue? Programming 101 More security = harder to use and no one likes it Less security = easy to use, and not enough to keep bad guys out we need to be in between, or let user set the amount of security they want. For me, i would enable it. Then we could log login attempts. and disable account after x attempts, except for 1 account that would be admin account!! Or limit number pre time interval (min/hour/day) On 12/7/05, Rainer Gerhards wrote: > > hehe... another low priority todo list item - tarpiting attacks (after > all, such a brute force may case the system to exhaust its > ressources...) > > --Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Wednesday, December 07, 2005 5:08 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > > Agree, we are not a high volume application. > > > > Side note: > > Maybe a good thing to slow it down in the case of brute > > force password > > cracking. (Users Table). (scripts can do this, not for us to > > worry about, > > yet). > > > > > > On 12/7/05, Michael Meckelein wrote: > > > > > > > Well... I've gone through the references and my guess is that Pear > > > will > > > > probably be not that bad in our case (though ADOdb might > > be something > > > we > > > > should look at). > > > > > > This -> > > > > > > > My reason is that I think we do relatively simply > > > > queries. Anyhow, these simple queries can relate to a lot > > of i/o at > > > the > > > > database itself, which probably turns out to be the botleneck. > > > > > > is exactly the point. phpLogCon does not bother the > > database with a high > > > amount of queries. The queries are typical simple as Rainer > > mentioned. > > > Just using some where clauses and only SystemEvents table > > have to select > > > if phplogcon works with data. > > > > > > Michael > > > > > > >Of > > > > course, nothing of this is verified, but I have the > > strong impression > > > > that performance will not be that much of an issue (well, to be > > > > precisely "performance of the abstraction layer" - > > performance per se > > > > *is* an issue, especially with the potentially huge > > amounts of data we > > > > have in syslog... ;)). > > > > > > > > So my educated (but unverified) opinion is that it would > > probably be > > > > worth looking at Pear. I Am still of the view that native > > DB support > > > via > > > > our own layer is causing more trouble than it is worth. > > > > > > > > My 2cts... > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Michael Meckelein > > > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > > > phpLogCon > > > > > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > > > performance-wise. > > > > > > > > > > Of course, abstraction layer have naturally impact on > > > > > performance. I did > > > > > some research about pear::db performance. I was > > surprised some say > > > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > > > DBMS-specific code" [1]. Also found some benchmark > > indicating that > > > is > > > > > true [2][3]. > > > > > > > > > > As I already wrote, I have used pear::db in small projects > > > > > and it works > > > > > great. The impact of the abstraction layer was hardly noticeable > > > > > (subjective), but I have not made any performance testing. > > > > > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. > > It's a good > > > > > decision indicates that it worth to use a db > > abstraction layer. I > > > > > support this approach since I know about the trouble, > > testing and > > > time > > > > > effort for developing your own db wrapper. > > > > > > > > > > Michael > > > > > > > > > > [1] Impaired performance of pear::db > > > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > > > [2] simple benchmark (08/13/02) comparing some db > > abstraction layer > > > > > http://freshmeat.net/screenshots/30313/ > > > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > > > MySQL > > > > > http://phplens.com/lens/adodb/ > > > > > [4] Is PEAR DB worth using?" > > > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > > > /1d1dca65e > > > > > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 18:45:14 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 12:45:14 -0500 Subject: [Phplogcon-dev] brute force password cracking prevention In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070945v5d905dd0k9a85c7b9a1432b79@mail.gmail.com> Yep, this all sound good, Lets put it on a TODO list. On 12/7/05, Rainer Gerhards wrote: > > ok, so "f" should not grow larger than 50 (25.2 seconds sleep time). > > --Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:35 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > > Actually, maximum execution time is 30 seconds by default. Editable in > > php.ini (max_execution_time). > > > > Michael > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > > > Sent: Wednesday, December 07, 2005 5:30 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > OK, I propose to usleep((f/2)*1000000+200000) where f is > > the number of > > > failed logins. f should not be allowed to grow larger than > > 60, because > > I > > > think we will get into trouble with php execution timeout (there is > > one, > > > isn't it? ;)) at some point. Please note that the +200000 > > handles the > > > case of just one invalid login. > > > > > > How does this sound? > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:23 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > > > > Is there something like a sleep() call in php? > > > > > > > > Of course, it is. > > > > http://www.php.net/sleep > > > > > > > > Michael > > > > > > > > > > > > > Sleep(), in most OS, is a > > > > > way to tell the OS that the callig process has no interest in > > being > > > > > executed for the specified amount of time. > > > > > > > > > > If such a beast exists, we could sleep() a few ms for each > > > > wrong login > > > > > and maybe up to 30 seconds as the failures increase... > > > > > > > > > > Rainer > > > > > > > > > > > -----Original Message----- > > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > > Michael Meckelein > > > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > > Subject: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > > > > > > > Brian wrote: > > > > > > > Side note: > > > > > > > Maybe a good thing to slow it down in the case of > > brute force > > > > > > password > > > > > > > cracking. (Users Table). (scripts can do this, not for > > > > us to worry > > > > > > about, > > > > > > > yet). > > > > > > > > > > > > Rainer wrote: > > > > > > > hehe... another low priority todo list item - tarpiting > > > > > > attacks (after > > > > > > > all, such a brute force may case the system to exhaust its > > > > > > > ressources...) > > > > > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > > > if there are > > > > > > more than three failed login attempts in a minute, we can > > disable > > > > the > > > > > > login for this user for some minutes. > > > > > > > > > > > > Michael > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Thu Dec 8 04:56:14 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 20:56:14 -0700 Subject: [Phplogcon-dev] TODO Taks List Message-ID: <9ef8de70512071956n2b68ee58tf47fb5161481d1de@mail.gmail.com> We have many items to work on now :) !!! I think it is time to organize them in to tasks? 1) Mysql Character flaw. 2) Cookie flaw. 3) PEAR:DB 4) text_CAPATCHA, do we want it ? 5) Logins, user Auth, login attemps and such 6) Parametric searches (AND, OR) search terms 7) phpLogCon Layout Did I miss any? From bgshea at gmail.com Thu Dec 8 15:52:24 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 07:52:24 -0700 Subject: [Phplogcon-dev] Flow Chart for Index.php Message-ID: <9ef8de70512080652u568f88d3v711c233d5a2d8c5a@mail.gmail.com> I'm not sure if i can send pdf files to the mailing list. There is a new page on my site http://www.hackthebox.org/phplogcon/index.php This shows one way to have phplogcon flow. Open to suggestions. Once we agree on a flow, we can then work on each specific box flow. We can add more in/out directions for boxes, but at the top level simple is good. The boxes are color coded, each color represents other php files that have code in them. Same color box means the code is in the same file. This was based on my 1.2.4_bgs that has the common index.php and branches off to each page from a switch statement. The session variable page can be replaced with a cookie, and that cookie has nothing to do with security, since the user has to pass through auth first. Let me know what you think. If you want to stick with the current setup with multiple pages i can draw up more flow charts. Brian From mmeckelein at hq.adiscon.com Thu Dec 8 16:27:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Thu, 8 Dec 2005 16:27:04 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C429@grfint2.intern.adiscon.com> Brian, Please note that some users want not use phplogcon's ability of user management/authentication. In the branch phplogcon-1.2.4_bgs it is not possible to turn off user management/authentication. I think it is a vital point that phplogcon is working without the authentication stuff. Please hold in mind that phplogcon is also running in a windows environment (IIS). Some people prefer to use windows integrated authentication. It is worth to mention, I thought, that it will not be forgotten. Michael From mmeckelein at hq.adiscon.com Thu Dec 8 16:36:42 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Thu, 8 Dec 2005 16:36:42 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> > I think it is a vital point that phplogcon is working without the > authentication stuff. Please hold in mind that phplogcon is also running > in a windows environment (IIS). Some people prefer to use windows > integrated authentication. To be accurate, using windows authentication is only the authentication part to deny access to users who are not authorized (same as using e.g. .htaccess or other file access control mechanism). Of course using only one of these approaches provides not the advantages of phplogcon's user management. Michael From bgshea at gmail.com Fri Dec 9 01:16:55 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 19:16:55 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> So in IIS people have it setup to allows users listed in the windows users to access, such as administrator. In which case, you do not want to verify them against a user in the DB. Okay, that is fine. We just remove the user in DB check from the auth function when server (apache, IIS) auth is turned on. Sessions are sent as a cookie to the browser and stored. So when the server authenticates a user and grants access, the PHP code will pick up the session id and all session value restored. Since sessions are started before auth is run, auth can be removed!! Or return true with server auth is enalbed. I dont see any issues here. Auth was a means for a central authentication so that if a change was required, it would be propagated to all pages that called auth. Since, in 1.2.4_bgs, all page access is done from index.php, we just need to add a define to the config.php called SERVER_AUTH and set it true with the server does the authentication. Auth can still be called, it will just need to check for the define statement and return true. I have to use a vacation day so i will be off friday (Dec 9th), (execpt for one breif meeting) i can work on adding this feature. On 12/8/05, Michael Meckelein wrote: > > > I think it is a vital point that phplogcon is working without the > > authentication stuff. Please hold in mind that phplogcon is also > running > > in a windows environment (IIS). Some people prefer to use windows > > integrated authentication. > > To be accurate, using windows authentication is only the authentication > part to deny access to users who are not authorized (same as using e.g. > .htaccess or other file access control mechanism). Of course using only > one of these approaches provides not the advantages of phplogcon's user > management. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Fri Dec 9 01:21:19 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 19:21:19 -0500 Subject: [Phplogcon-dev] More flow charts Message-ID: <9ef8de70512081621i66446711rde80aa5f9b3717bb@mail.gmail.com> I'm going to go back through all the emails and make of a flow chart for user authentication. Including the server auth as described by Michael. I will post this to my webpage. I will probably also make up a few more for the user config and filter options. These are not set in stone, so please make suggestions/changes so we can all agree on the program flow. Brian From bgshea at gmail.com Fri Dec 9 06:18:40 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 22:18:40 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> Message-ID: <9ef8de70512082118g6de50c3at355bf7aed03deea1@mail.gmail.com> One question? If Apache or IIS is used to authenticate users, how do you know which user got authenticated? Or does phplogcon not care? Single user web app. One addition to the previous email, _SESS_SHARE_TBL will not be compatible with _SERVER_AUTH. _SERVER_AUTH will negate _SESS_SHARE_TBL, so a seperate session table will need to be used. No big deal. In this mode, sessions will only store settings that the user sets. But I suspect that in future version of phpLogCon most of the filter and config setting will be stored into UserPrefs table. Draw backs, if users migrates from PC to Laptop to Home computer to whereever, his settings will be different on each computer. Since the server (IIS or APACHE) does not pass along user info, there is no way for phplogCon to know which settings to load. Options, use sessions only to store things that are required to navigate the pages, preform searchs, and return results. Everything else, predefiined search terms, layout, language, etc, get stored to UserPrefs. UsersPrefs are loaded no matter who view the page. On 12/8/05, Brian Shea wrote: > > So in IIS people have it setup to allows users listed in the windows users > to access, such as administrator. In which case, you do not want to verify > them against a user in the DB. Okay, that is fine. We just remove the user > in DB check from the auth function when server (apache, IIS) auth is turned > on. Sessions are sent as a cookie to the browser and stored. So when the > server authenticates a user and grants access, the PHP code will pick up the > session id and all session value restored. > > Since sessions are started before auth is run, auth can be removed!! Or > return true with server auth is enalbed. > > I dont see any issues here. Auth was a means for a central authentication > so that if a change was required, it would be propagated to all pages that > called auth. > > Since, in 1.2.4_bgs, all page access is done from index.php, we just need > to add a define to the config.php called SERVER_AUTH and set it true with > the server does the authentication. > > Auth can still be called, it will just need to check for the define > statement and return true. > > I have to use a vacation day so i will be off friday (Dec 9th), (execpt > for one breif meeting) i can work on adding this feature. > > > On 12/8/05, Michael Meckelein wrote: > > > > > I think it is a vital point that phplogcon is working without the > > > authentication stuff. Please hold in mind that phplogcon is also > > running > > > in a windows environment (IIS). Some people prefer to use windows > > > integrated authentication. > > > > To be accurate, using windows authentication is only the authentication > > part to deny access to users who are not authorized (same as using e.g. > > .htaccess or other file access control mechanism). Of course using only > > one of these approaches provides not the advantages of phplogcon's user > > management. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From mmeckelein at hq.adiscon.com Fri Dec 9 10:30:17 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Fri, 9 Dec 2005 10:30:17 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42B@grfint2.intern.adiscon.com> Brian, Probably I was too vague. As in phplogcon_1.2.1, if the user leaved the "Install User Interface:" unchecked (or set it manually in config.php, define('_ENABLEUI', 0)) there is NO user management for phplogcon. No user in Users table. So it can only used as a single user application. Using authentication (windows, linux, whatever) together with this configuration is only used to denied access to phplogcon's pages to who are not authorizes to use it. I did not mean to use the OS authentication mechanism to verify against phplogcon's own user management system. Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Friday, December 09, 2005 1:17 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > So in IIS people have it setup to allows users listed in the windows users > to access, such as administrator. In which case, you do not want to verify > them against a user in the DB. Okay, that is fine. We just remove the user > in DB check from the auth function when server (apache, IIS) auth is > turned > on. Sessions are sent as a cookie to the browser and stored. So when the > server authenticates a user and grants access, the PHP code will pick up > the > session id and all session value restored. > > Since sessions are started before auth is run, auth can be removed!! Or > return true with server auth is enalbed. > > I dont see any issues here. Auth was a means for a central authentication > so > that if a change was required, it would be propagated to all pages that > called auth. > > Since, in 1.2.4_bgs, all page access is done from index.php, we just need > to > add a define to the config.php called SERVER_AUTH and set it true with the > server does the authentication. > > Auth can still be called, it will just need to check for the define > statement and return true. > > I have to use a vacation day so i will be off friday (Dec 9th), (execpt > for > one breif meeting) i can work on adding this feature. > > > On 12/8/05, Michael Meckelein wrote: > > > > > I think it is a vital point that phplogcon is working without the > > > authentication stuff. Please hold in mind that phplogcon is also > > running > > > in a windows environment (IIS). Some people prefer to use windows > > > integrated authentication. > > > > To be accurate, using windows authentication is only the authentication > > part to deny access to users who are not authorized (same as using e.g. > > .htaccess or other file access control mechanism). Of course using only > > one of these approaches provides not the advantages of phplogcon's user > > management. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Fri Dec 9 11:36:58 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Fri, 9 Dec 2005 11:36:58 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> > One question? > > If Apache or IIS is used to authenticate users, how do you know which user > got authenticated? > > Or does phplogcon not care? Single user web app. Phplogcon does not care! Yes, some admins want to use it as a single user app. I have a quick discussion with Rainer and he has a good idea, I think. What's about to use a "hidden user" if phplogcon is installed without user management. This means that in spite of user said "NO I want not use phpLogCon's user management", phplogcon creates a user account. Also during the install process phplogcon puts a _AutoLogin_User = Userid var into config.php where the userid is the user account created for this purpose. If a user name is set to _AutoLogin_User, phplogcon automatically logins to this user account without any interaction from the user. [snip] > But I suspect that in future > version of phpLogCon most of the filter and config setting will be stored > into UserPrefs table. Actually this is possible in the current release. In the user-config.php page, the user can set "Save filter settings in database and load them while logging in". But this does not mean that which each page request phplogcon reads the filter options / user options from the database. Let me elaborate a little in which way it works and what was our intension. If you login to phplogcon, it reads the user settings from UserPrefs table and store it into session's variables. Each phplogcon's page you visit, it reads the settings from the session variable pool. About the following three pages in phplogcon and their relation with database/sessions: - User_Options Here a user can set things he prefer like language, stylesheet settings and so on. By "Update Config" the settings are stored into database and into the current session vars. - Filter_Options Here you can alter your default filter settings which are used to display data e.g. in Show_events page. [quote from manual] If User Interface is enabled and the option "Save filter settings in database and load them while logging in" is checked, all filter settings will be saved in database. Otherwise, they only will stay like this in current session! If User Interface is disabled, the settings will only stay like this in the current session. Next time opening phpLogCon, they will be default. [/quote from manual] This means if user management is enabled, clicking "Update Config" stored the filter settings in database and into session vars. You can say that the user can define his default filter settings on the Filter Options page. These filter settings are read during user login. - Show_Events [quote from manual] Here you can see the events; listed in respect to the current filter settings. Also you can use the quick filter, that allows you to override (not overwrite!) temporally your current filter settings. This provides a quick view on different filtered events, without going to the filter options. You can also choose how much event's should be displayed per page, color and search for an expression and search for a Host or IP. [/quote from manual] "override (not overwrite!) temporally your current filter settings" this is the most important point. Clicking "Submit" does not change any values in the database neither it change the filter settings defined on the Filter_Options page. Hold in mind, the form elements you see on Show_Events page are so called "Quick Filters": [quote from manual] They will override the general filters while staying in Events Display. They provide you quick changes for temporally viewing different and little bit fine filtered events, without changing your general filter settings. [/quote from manual] Hope it is clear how it works. If you have any questions or any concern with this approach, don't hesitate to write ;) Best regards, Michael From bgshea at gmail.com Fri Dec 9 16:28:18 2005 From: bgshea at gmail.com (Brian Shea) Date: Fri, 9 Dec 2005 08:28:18 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> Got ya. It was a bit confusing with the excessive use of the session varible in the code. It looked like you were trying to use sessions, but wanted some other method of storage. Okay, the _SERVER_AUTH can be replaced by _ENABLEUI so auth will just return true. No user will be authenticated by phpLogCon. Or Auth is never called, i perfer the other way one central auth method that does not required multiple pages to be updated. I'm going to update my auth flow chart i made last night a post it. This should now show with EnableUI and with EnableUI auth flow. Filter settings will only be written to the DB when Filter Settings are updated from Filter Options page. Quick Filter settings will override the stored filter settings but not overwrite! Brian On 12/9/05, Michael Meckelein wrote: > > > One question? > > > > If Apache or IIS is used to authenticate users, how do you know which > user > > got authenticated? > > > > Or does phplogcon not care? Single user web app. > > Phplogcon does not care! Yes, some admins want to use it as a single > user app. > > I have a quick discussion with Rainer and he has a good idea, I think. > What's about to use a "hidden user" if phplogcon is installed without > user management. This means that in spite of user said "NO I want not > use phpLogCon's user management", phplogcon creates a user account. Also > during the install process phplogcon puts a _AutoLogin_User = Userid var > into config.php where the userid is the user account created for this > purpose. If a user name is set to _AutoLogin_User, phplogcon > automatically logins to this user account without any interaction from > the user. > > [snip] > > But I suspect that in future > > version of phpLogCon most of the filter and config setting will be > stored > > into UserPrefs table. > > Actually this is possible in the current release. In the user-config.php > page, the user can set "Save filter settings in database and load them > while logging in". But this does not mean that which each page request > phplogcon reads the filter options / user options from the database. > > Let me elaborate a little in which way it works and what was our > intension. > > If you login to phplogcon, it reads the user settings from UserPrefs > table and store it into session's variables. Each phplogcon's page you > visit, it reads the settings from the session variable pool. > > About the following three pages in phplogcon and their relation with > database/sessions: > > - User_Options > Here a user can set things he prefer like language, stylesheet settings > and so on. By "Update Config" the settings are stored into database and > into the current session vars. > > - Filter_Options > Here you can alter your default filter settings which are used to > display data e.g. in Show_events page. > [quote from manual] > If User Interface is enabled and the option "Save filter settings in > database and load them while logging in" is checked, all filter settings > will be saved in database. Otherwise, they only will stay like this in > current session! > > If User Interface is disabled, the settings will only stay like this in > the current session. Next time opening phpLogCon, they will be default. > [/quote from manual] > > This means if user management is enabled, clicking "Update Config" > stored the filter settings in database and into session vars. You can > say that the user can define his default filter settings on the Filter > Options page. These filter settings are read during user login. > > - Show_Events > [quote from manual] > Here you can see the events; listed in respect to the current filter > settings. Also you can use the quick filter, that allows you to override > (not overwrite!) temporally your current filter settings. This provides > a quick view on different filtered events, without going to the filter > options. You can also choose how much event's should be displayed per > page, color and search for an expression and search for a Host or IP. > [/quote from manual] > > "override (not overwrite!) temporally your current filter settings" this > is the most important point. Clicking "Submit" does not change any > values in the database neither it change the filter settings defined on > the Filter_Options page. > > Hold in mind, the form elements you see on Show_Events page are so > called "Quick Filters": > [quote from manual] > They will override the general filters while staying in Events Display. > They provide you quick changes for temporally viewing different and > little bit fine filtered events, without changing your general filter > settings. > [/quote from manual] > > Hope it is clear how it works. If you have any questions or any concern > with this approach, don't hesitate to write ;) > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Fri Dec 9 20:06:00 2005 From: bgshea at gmail.com (Brian Shea) Date: Fri, 9 Dec 2005 12:06:00 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> Message-ID: <9ef8de70512091106k147c30dbr7e9c2d5e598749a5@mail.gmail.com> Okay, it should work with _ENABLEUI setting now. Only will authenticate users when _ENABLEUI is set to 1. Michael, were you having trouble with the trailing slash removal? If so what was the problem? we should fix it to work with IIS and Apache. 1.2.5_bgs is posted and can be downloaded. Changes include: Removed redirect to remove ?page from url, was causing trouble posting data. Added User Config settings back in. Tested on Apache. _ENABLEUI for authentication control. I think this covers most of the major issues. User login bypassing, insecure cookies and such. If the trailing slash is causing too much trouble, lets remove it for now. You guys can test on apache, and IIS to find major bugs. I can help correct any that might occure. Installer needs to setup some new config vars. I'll send another email with the vars that need to be setup and how they should be setup. On 12/9/05, Brian Shea wrote: > > Got ya. > > It was a bit confusing with the excessive use of the session varible in > the code. It looked like you were trying to use sessions, but wanted some > other method of storage. Okay, the _SERVER_AUTH can be replaced by _ENABLEUI > so auth will just return true. No user will be authenticated by phpLogCon. > Or Auth is never called, i perfer the other way one central auth method that > does not required multiple pages to be updated. > > I'm going to update my auth flow chart i made last night a post it. This > should now show with EnableUI and with EnableUI auth flow. > > Filter settings will only be written to the DB when Filter Settings are > updated from Filter Options page. > > Quick Filter settings will override the stored filter settings but not > overwrite! > > Brian > > On 12/9/05, Michael Meckelein wrote: > > > > > One question? > > > > > > If Apache or IIS is used to authenticate users, how do you know which > > user > > > got authenticated? > > > > > > Or does phplogcon not care? Single user web app. > > > > Phplogcon does not care! Yes, some admins want to use it as a single > > user app. > > > > I have a quick discussion with Rainer and he has a good idea, I think. > > What's about to use a "hidden user" if phplogcon is installed without > > user management. This means that in spite of user said "NO I want not > > use phpLogCon's user management", phplogcon creates a user account. Also > > during the install process phplogcon puts a _AutoLogin_User = Userid var > > into config.php where the userid is the user account created for this > > purpose. If a user name is set to _AutoLogin_User, phplogcon > > automatically logins to this user account without any interaction from > > the user. > > > > [snip] > > > But I suspect that in future > > > version of phpLogCon most of the filter and config setting will be > > stored > > > into UserPrefs table. > > > > Actually this is possible in the current release. In the user-config.php > > page, the user can set "Save filter settings in database and load them > > while logging in". But this does not mean that which each page request > > phplogcon reads the filter options / user options from the database. > > > > Let me elaborate a little in which way it works and what was our > > intension. > > > > If you login to phplogcon, it reads the user settings from UserPrefs > > table and store it into session's variables. Each phplogcon's page you > > visit, it reads the settings from the session variable pool. > > > > About the following three pages in phplogcon and their relation with > > database/sessions: > > > > - User_Options > > Here a user can set things he prefer like language, stylesheet settings > > and so on. By "Update Config" the settings are stored into database and > > into the current session vars. > > > > - Filter_Options > > Here you can alter your default filter settings which are used to > > display data e.g. in Show_events page. > > [quote from manual] > > If User Interface is enabled and the option "Save filter settings in > > database and load them while logging in" is checked, all filter settings > > will be saved in database. Otherwise, they only will stay like this in > > current session! > > > > If User Interface is disabled, the settings will only stay like this in > > the current session. Next time opening phpLogCon, they will be default. > > [/quote from manual] > > > > This means if user management is enabled, clicking "Update Config" > > stored the filter settings in database and into session vars. You can > > say that the user can define his default filter settings on the Filter > > Options page. These filter settings are read during user login. > > > > - Show_Events > > [quote from manual] > > Here you can see the events; listed in respect to the current filter > > settings. Also you can use the quick filter, that allows you to override > > (not overwrite!) temporally your current filter settings. This provides > > a quick view on different filtered events, without going to the filter > > options. You can also choose how much event's should be displayed per > > page, color and search for an expression and search for a Host or IP. > > [/quote from manual] > > > > "override (not overwrite!) temporally your current filter settings" this > > > > is the most important point. Clicking "Submit" does not change any > > values in the database neither it change the filter settings defined on > > the Filter_Options page. > > > > Hold in mind, the form elements you see on Show_Events page are so > > called "Quick Filters": > > [quote from manual] > > They will override the general filters while staying in Events Display. > > They provide you quick changes for temporally viewing different and > > little bit fine filtered events, without changing your general filter > > settings. > > [/quote from manual] > > > > Hope it is clear how it works. If you have any questions or any concern > > with this approach, don't hesitate to write ;) > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From bgshea at gmail.com Mon Dec 12 16:43:12 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 08:43:12 -0700 Subject: [Phplogcon-dev] What's Next? Message-ID: <9ef8de70512120743i72e055a2ge59c2abddd5424d3@mail.gmail.com> What's the next step for phpLogCon? I think Rainer had ask what was going in to the next release? We have plenty of items to work on, PEAR support, 2 Security issues, Adding custom search phrases, etc. I think it would be a good idea to have the official phplogcon-1.2.2 include just the mysql '%' fix. The other stuff can wait till it's been tested and working. Brian From mmeckelein at hq.adiscon.com Mon Dec 12 16:50:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Mon, 12 Dec 2005 16:50:04 +0100 Subject: [Phplogcon-dev] What's Next? Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> Brian, > I think it would be a good idea to have the official phplogcon-1.2.2 > include > just the mysql '%' fix. The other stuff can wait till it's been tested and > working. I totally agree with that approach. Actually I have already included this fix in the current cvs version. Probably we will release phplogcon-1.2.2 tomorrow. Just want to remark that we should keep the Installer up to date. Or do you prefer make all changes/improvements and finally update the Installer? Michael From mmeckelein at hq.adiscon.com Mon Dec 12 16:58:28 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Mon, 12 Dec 2005 16:58:28 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> > Michael, were you having trouble with the trailing slash removal? If so > what > was the problem? we should fix it to work with IIS and Apache. Just noticed, you have already fixed this issue in phplogcon-1.2.6_bgs :-) Michael From bgshea at gmail.com Tue Dec 13 01:20:19 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:20:19 -0500 Subject: [Phplogcon-dev] What's Next? In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> Umm, Depneds on how much we do. For 1.2.2 I doubt that any chagnes need to be made. Otherwise if we are going to work on lots of features, let's not worry about the installer untill we have a new release then put the feature installer options in. Not to complicate things, but an XML file with all the install options would be good to have, that was php can just parse the XML and create a table. With XML you can specify option types (text, checkbox, enum) There might be something for this already. Other wise for now we can just write the installer by hand. ---- Not sure if you grabbed the 1.2.6 release from my server, but there is a problem with the quick filters. I will fix it tonight. I've been testing that all weekend and the Remember me stuff works well. On 12/12/05, Michael Meckelein wrote: > > Brian, > > > I think it would be a good idea to have the official phplogcon-1.2.2 > > include > > just the mysql '%' fix. The other stuff can wait till it's been tested > and > > working. > > I totally agree with that approach. Actually I have already included > this fix in the current cvs version. Probably we will release > phplogcon-1.2.2 tomorrow. > > Just want to remark that we should keep the Installer up to date. Or do > you prefer make all changes/improvements and finally update the > Installer? > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 13 01:27:07 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:27:07 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512121627x73daf9c1qe7d4595c3c65203c@mail.gmail.com> So what do you think of the 1.2.6_bgs? You can use as much/little as you want and i can help put what you need into 1.2.1/1.2.2. Also, i played with the Auth_PrefManager from PEAR, it works okay maybe that sould be considered for a futur release of phpLogCon along with PEAR:DB which works nicely. PEAR::Auth_PrefManager lacks one function Auth_PrefManager::getUserPrefs( string userId ). Otherwise it would work great for all the Quick filters and definable filters, and maybe even supporting multiple DB's/Tables for log viewing. I'll probably write the function and email it to them. -Brian On 12/12/05, Michael Meckelein wrote: > > > Michael, were you having trouble with the trailing slash removal? If > so > > what > > was the problem? we should fix it to work with IIS and Apache. > > Just noticed, you have already fixed this issue in phplogcon-1.2.6_bgs > :-) > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 13 01:28:39 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:28:39 -0500 Subject: [Phplogcon-dev] What's Next? In-Reply-To: <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> Message-ID: <9ef8de70512121628u56d78e15j9f84e0225c8a54d2@mail.gmail.com> What are some of the features people want to see added or improved? On 12/12/05, Brian Shea wrote: > > Umm, Depneds on how much we do. > > For 1.2.2 I doubt that any chagnes need to be made. Otherwise if we are > going to work on lots of features, let's not worry about the installer > untill we have a new release then put the feature installer options in. > > Not to complicate things, but an XML file with all the install options > would be good to have, that was php can just parse the XML and create a > table. With XML you can specify option types (text, checkbox, enum) > > There might be something for this already. Other wise for now we can just > write the installer by hand. > > ---- > > Not sure if you grabbed the 1.2.6 release from my server, but there is a > problem with the quick filters. I will fix it tonight. I've been testing > that all weekend and the Remember me stuff works well. > > > > > On 12/12/05, Michael Meckelein wrote: > > > > Brian, > > > > > I think it would be a good idea to have the official phplogcon-1.2.2 > > > include > > > just the mysql '%' fix. The other stuff can wait till it's been tested > > and > > > working. > > > > I totally agree with that approach. Actually I have already included > > this fix in the current cvs version. Probably we will release > > phplogcon-1.2.2 tomorrow. > > > > Just want to remark that we should keep the Installer up to date. Or do > > you prefer make all changes/improvements and finally update the > > Installer? > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From bgshea at gmail.com Tue Dec 13 05:23:56 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 21:23:56 -0700 Subject: [Phplogcon-dev] New Configuration varibles Message-ID: <9ef8de70512122023l6214028fye3abfc7a52e5e5a2@mail.gmail.com> Here is a list of configuration varibles that need to be setup during installation for 1.2.6_bgs. Most can be set to defaults the only one that is install dependant is _URI_PATH. Which should be set to the server path where phpLogCon is installed. There is a PDF file on my site with these varible as well. _URI_PATH Set this path to the server path, e.g. for www.example/phplogcon/ use /phplogcon/ _SINGLEUSER User name to use when _ENABLEUI is set to 0 _SESSION_NAME PHP session id defaults to phplogconid _SESS_NOCOOKIES Disable cookies to store session id, not recommended _ENABLE_COOKIES Depreciated, should not be used. _COOKIE_PREFIX Prefix for cookie names _COOKIE_DIR Server path for which cookies are valid, same as _URIPATH _SECURE_COOKIE Only transmit cookies over secure link. _COOKIE_EXPIRE Expiration for cookies defaults to 30days _SESS_HOW Session DB Method, [PHP,DB_PEAR,DB_MYSQL] _DBSESS_TBL_PRE Prefix for table names, use for testing. Defaults to "" _DBSESS_TBL_NAME Table name to store sessions in. Defaults to sess_Users _DBSESS_FILED_PRE Prefix for Field Names. Defaults to "" _DBSESS_FIELD_DATA Session data field name. Defaults to sess_data _DBSESS_FIELD_ID Session ID field name. Defaults to sess_id _DBSESS_FIELD_EXPIRE Session expire field name. Defaults to sess_expire Brian From rgerhards at hq.adiscon.com Tue Dec 13 08:50:33 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 08:50:33 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> That sounds pretty interesting. If we can offload some work to a standard library, that is helpful in many cases (assuming that the library is a good one, of course ;)). Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 13, 2005 1:27 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > So what do you think of the 1.2.6_bgs? > > You can use as much/little as you want and i can help put > what you need into > 1.2.1/1.2.2. > > Also, i played with the Auth_PrefManager from PEAR, it works > okay maybe that > sould be considered for a futur release of phpLogCon along > with PEAR:DB > which works nicely. > > PEAR::Auth_PrefManager lacks one function > Auth_PrefManager::getUserPrefs( > string userId ). Otherwise it would work great for all the > Quick filters > and definable filters, and maybe even supporting multiple > DB's/Tables for > log viewing. > > I'll probably write the function and email it to them. > > -Brian > > On 12/12/05, Michael Meckelein wrote: > > > > > Michael, were you having trouble with the trailing slash > removal? If > > so > > > what > > > was the problem? we should fix it to work with IIS and Apache. > > > > Just noticed, you have already fixed this issue in > phplogcon-1.2.6_bgs > > :-) > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 13 09:25:19 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 09:25:19 +0100 Subject: [Phplogcon-dev] A feature request Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E406B@grfint2.intern.adiscon.com> Hi all, as we have discussed about enhancements, I just thought I bring up this feature request here: http://www.phplogcon.com/index.php?name=PNphpBB2&file=viewtopic&p=49&hig hlight=#49 :) Rainer From mmeckelein at hq.adiscon.com Tue Dec 13 15:59:30 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 15:59:30 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C431@grfint2.intern.adiscon.com> > So what do you think of the 1.2.6_bgs? First I took a look the online demo on your page. Works great. Installing it in my lab caused some trouble :( After adapting config.php I got an "Improper session table formatting" (btw: formating is misspelled in your version) error. I think there is a bug in DB_PEAR_sess_drv.php in line 155. Replaced: switch( $field['name'] ) with: switch( _DBSESS_FILED_PRE.$field['name'] ) After this change it works for me, too. I have to admit that I have taken a quick view only, no testing. However, please let me add some notes here: 1) You use the same error message twice: echo( "Improper session table formating. Please contact administrator.
"); is used for check if( count( $info ) < 3 ) and for if( $fld_cnt < 3 ) in DB_PEAR_sess_drv.php. Probably it would be better to attach a unique error number or something similar to the error messages in order to make trouble shooting easier. 2) scripts/session_table.sql contains no valid sql statement. I guess the following is sufficient CREATE TABLE `sess_Users` ( `sess_id` text NOT NULL, `sess_data` text NOT NULL, `sess_expire` datetime NOT NULL ) > You can use as much/little as you want and i can help put what you need > into > 1.2.1/1.2.2. We will release the current cvs version as 1.2.2. The only fix adapted from you is the '%' security fix. All other should be considered in the next release. > Also, i played with the Auth_PrefManager from PEAR, it works okay maybe > that > sould be considered for a futur release of phpLogCon along with PEAR:DB > which works nicely. > > PEAR::Auth_PrefManager lacks one function Auth_PrefManager::getUserPrefs( > string userId ). Otherwise it would work great for all the Quick filters > and definable filters, and maybe even supporting multiple DB's/Tables for > log viewing. > > I'll probably write the function and email it to them. Sounds really useful. Michael From bgshea at gmail.com Tue Dec 13 16:14:56 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 08:14:56 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512130714y37d600c0xecba960904615c33@mail.gmail.com> Okay, that sounds good, I think we should discuss the syntax: double quote designates the search pattern Message Contains: "apple AND banana" in this search the AND is not a literal and, but a search modifier. Search results will return events with both word: apple, banana Message Contains: "apple 'AND' banana" in this search the AND is a literal and, which will be included in the search. Search results will return messages that contain the entire "apple and banana" Same goes for OR for the above. Now the slightly more complicated part Message Contains: "red apples AND yellow bananas" The search should be preformed as such "red AND apples AND yellow AND bananas" Results will display all event with those words Or could be preformed as such: Message Contains: "red apples AND yellow bananas " The search will be preformed as such " 'red apples' AND 'yellow bananas' " Results will contain all events with 'red apples' AND 'yellow bananas'. But not events like 'red delicious apples' or 'yellow delicious bananas' PLEASE comment on the above. ----- If we try to tackle the first two on the list AND/OR, we can build on it from there, but changing the syntax from release to release might confuse users, so we should figure out how the language is interpreted. Maybe a few google searches to see how google interprets things might be a good place to start. I might be able to hack out a simple searcher tonight, nothing that could be used in phpLogCon, but enought to show how to start processing the search terms. Brian On 12/13/05, Rainer Gerhards wrote: > > That sounds pretty interesting. If we can offload some work to a > standard library, that is helpful in many cases (assuming that the > library is a good one, of course ;)). > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 13, 2005 1:27 AM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > So what do you think of the 1.2.6_bgs? > > > > You can use as much/little as you want and i can help put > > what you need into > > 1.2.1/1.2.2. > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > okay maybe that > > sould be considered for a futur release of phpLogCon along > > with PEAR:DB > > which works nicely. > > > > PEAR::Auth_PrefManager lacks one function > > Auth_PrefManager::getUserPrefs( > > string userId ). Otherwise it would work great for all the > > Quick filters > > and definable filters, and maybe even supporting multiple > > DB's/Tables for > > log viewing. > > > > I'll probably write the function and email it to them. > > > > -Brian > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > Michael, were you having trouble with the trailing slash > > removal? If > > > so > > > > what > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > Just noticed, you have already fixed this issue in > > phplogcon-1.2.6_bgs > > > :-) > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Tue Dec 13 16:47:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 16:47:04 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> Google Help Center -> Advanced Search Made Easy http://www.google.com/help/refinesearch.html Google does not care about "AND" operator. Google include all search terms by default. We should adapt this approach. This means > Okay, that sounds good, I think we should discuss the syntax: > > double quote designates the search pattern > > Message Contains: "apple AND banana" Should be equal with "apple banana", shouldn't be? (just a site note, because it is interesting but has nothing to do with phplogcon: http://www.google.com/search?q=apple+AND+banana and http://www.google.com/search?q=apple+banana have different result pages.) > > in this search the AND is not a literal and, but a search modifier. Search > results will return events with both word: apple, banana > > Message Contains: "apple 'AND' banana" We should use double quotes (") instead of single quote (') like google. http://www.google.com/search?q=apple+%22and%22+banana > > in this search the AND is a literal and, which will be included in the > search. Search results will return messages that contain the entire "apple > and banana" > > Same goes for OR for the above. Ok. > Now the slightly more complicated part > > Message Contains: "red apples AND yellow bananas" > > The search should be preformed as such "red AND apples AND yellow AND > bananas" Results will display all event with those words I would go on with this approach, because it is like Google. > > Or could be preformed as such: > > Message Contains: "red apples AND yellow bananas " > > The search will be preformed as such " 'red apples' AND 'yellow bananas' " > Results will contain all events with 'red apples' AND 'yellow bananas'. > But > not events like 'red delicious apples' or 'yellow delicious bananas' If you want perform such a search you have to enclose with quotes. http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+bananas%22 Michael > PLEASE comment on the above. > ----- > > If we try to tackle the first two on the list AND/OR, we can build on it > from there, but changing the syntax from release to release might confuse > users, so we should figure out how the language is interpreted. Maybe a > few > google searches to see how google interprets things might be a good place > to > start. > > I might be able to hack out a simple searcher tonight, nothing that could > be > used in phpLogCon, but enought to show how to start processing the search > terms. > > Brian > > On 12/13/05, Rainer Gerhards wrote: > > > > That sounds pretty interesting. If we can offload some work to a > > standard library, that is helpful in many cases (assuming that the > > library is a good one, of course ;)). > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Brian Shea > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > You can use as much/little as you want and i can help put > > > what you need into > > > 1.2.1/1.2.2. > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > okay maybe that > > > sould be considered for a futur release of phpLogCon along > > > with PEAR:DB > > > which works nicely. > > > > > > PEAR::Auth_PrefManager lacks one function > > > Auth_PrefManager::getUserPrefs( > > > string userId ). Otherwise it would work great for all the > > > Quick filters > > > and definable filters, and maybe even supporting multiple > > > DB's/Tables for > > > log viewing. > > > > > > I'll probably write the function and email it to them. > > > > > > -Brian > > > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > > > Michael, were you having trouble with the trailing slash > > > removal? If > > > > so > > > > > what > > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > > > Just noticed, you have already fixed this issue in > > > phplogcon-1.2.6_bgs > > > > :-) > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From bgshea at gmail.com Tue Dec 13 17:05:12 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 11:05:12 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512130805o645e0b3k363e7383ba53d09b@mail.gmail.com> Okay, that is something to think about. I'll have to look at the google link after work. Yeah, that was a generic message that should never be displayed. I guess they should have been different, probably just copy/pasted it and forgot to change the text. In DB_PEAR_sess_drv.php in line 155 that should have been taken care of in the config.php file if not, then that's where the fix needs to go, not in the switch statement. And should be done for each of the field constants. define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") Oh, there is a problem when session ids are passed in the URL, the quick filters dont work quite right. I'm not sure why. Thanks, Brian On 12/13/05, Michael Meckelein wrote: > > Google Help Center -> Advanced Search Made Easy > http://www.google.com/help/refinesearch.html > > Google does not care about "AND" operator. Google include all search > terms by default. We should adapt this approach. > > This means > > > Okay, that sounds good, I think we should discuss the syntax: > > > > double quote designates the search pattern > > > > Message Contains: "apple AND banana" > > Should be equal with "apple banana", shouldn't be? > > (just a site note, because it is interesting but has nothing to do with > phplogcon: > http://www.google.com/search?q=apple+AND+banana > and > http://www.google.com/search?q=apple+banana > have different result pages.) > > > > > in this search the AND is not a literal and, but a search modifier. > Search > > results will return events with both word: apple, banana > > > > Message Contains: "apple 'AND' banana" > > We should use double quotes (") instead of single quote (') like google. > http://www.google.com/search?q=apple+%22and%22+banana > > > > > in this search the AND is a literal and, which will be included in the > > search. Search results will return messages that contain the entire > "apple > > and banana" > > > > Same goes for OR for the above. > > Ok. > > > Now the slightly more complicated part > > > > Message Contains: "red apples AND yellow bananas" > > > > The search should be preformed as such "red AND apples AND yellow AND > > bananas" Results will display all event with those words > > I would go on with this approach, because it is like Google. > > > > > Or could be preformed as such: > > > > Message Contains: "red apples AND yellow bananas " > > > > The search will be preformed as such " 'red apples' AND 'yellow > bananas' " > > Results will contain all events with 'red apples' AND 'yellow > bananas'. > > But > > not events like 'red delicious apples' or 'yellow delicious bananas' > > If you want perform such a search you have to enclose with quotes. > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+bananas%22 > > Michael > > > PLEASE comment on the above. > > ----- > > > > If we try to tackle the first two on the list AND/OR, we can build on > it > > from there, but changing the syntax from release to release might > confuse > > users, so we should figure out how the language is interpreted. Maybe > a > > few > > google searches to see how google interprets things might be a good > place > > to > > start. > > > > I might be able to hack out a simple searcher tonight, nothing that > could > > be > > used in phpLogCon, but enought to show how to start processing the > search > > terms. > > > > Brian > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > That sounds pretty interesting. If we can offload some work to a > > > standard library, that is helpful in many cases (assuming that the > > > library is a good one, of course ;)). > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Brian Shea > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > You can use as much/little as you want and i can help put > > > > what you need into > > > > 1.2.1/1.2.2. > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > okay maybe that > > > > sould be considered for a futur release of phpLogCon along > > > > with PEAR:DB > > > > which works nicely. > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > Auth_PrefManager::getUserPrefs( > > > > string userId ). Otherwise it would work great for all the > > > > Quick filters > > > > and definable filters, and maybe even supporting multiple > > > > DB's/Tables for > > > > log viewing. > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > -Brian > > > > > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > removal? If > > > > > so > > > > > > what > > > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > phplogcon-1.2.6_bgs > > > > > :-) > > > > > > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Tue Dec 13 17:06:48 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 17:06:48 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> > > After adapting config.php I got an "Improper session table formatting" > (btw: formating is misspelled in your version) error. > > I think there is a bug in DB_PEAR_sess_drv.php in line 155. Forget about it, it was a config issue in my test lab. Michael From rgerhards at hq.adiscon.com Tue Dec 13 17:37:33 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 17:37:33 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> Not sure about the google link, but "apples AND bananas", in my opinion should search for the literal "apples and bananes" but not "apples bananas". If I want the later, I'd say "apples" and "bananas" The double quotes are actually (in most such search engines) a tool to search for exact phrases. I am pretty sure the same applies to google (at least this is how I use it ;)). Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 13, 2005 5:05 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > Okay, that is something to think about. I'll have to look at > the google link > after work. > > Yeah, that was a generic message that should never be > displayed. I guess > they should have been different, probably just copy/pasted it > and forgot to > change the text. > > In DB_PEAR_sess_drv.php in line 155 that should have been > taken care of in > the config.php file > > if not, then that's where the fix needs to go, not in the > switch statement. > And should be done for each of the field constants. > > define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") > > Oh, there is a problem when session ids are passed in the > URL, the quick > filters dont work quite right. I'm not sure why. > > Thanks, > Brian > > On 12/13/05, Michael Meckelein wrote: > > > > Google Help Center -> Advanced Search Made Easy > > http://www.google.com/help/refinesearch.html > > > > Google does not care about "AND" operator. Google include all search > > terms by default. We should adapt this approach. > > > > This means > > > > > Okay, that sounds good, I think we should discuss the syntax: > > > > > > double quote designates the search pattern > > > > > > Message Contains: "apple AND banana" > > > > Should be equal with "apple banana", shouldn't be? > > > > (just a site note, because it is interesting but has > nothing to do with > > phplogcon: > > http://www.google.com/search?q=apple+AND+banana > > and > > http://www.google.com/search?q=apple+banana > > have different result pages.) > > > > > > > > in this search the AND is not a literal and, but a search > modifier. > > Search > > > results will return events with both word: apple, banana > > > > > > Message Contains: "apple 'AND' banana" > > > > We should use double quotes (") instead of single quote (') > like google. > > http://www.google.com/search?q=apple+%22and%22+banana > > > > > > > > in this search the AND is a literal and, which will be > included in the > > > search. Search results will return messages that contain > the entire > > "apple > > > and banana" > > > > > > Same goes for OR for the above. > > > > Ok. > > > > > Now the slightly more complicated part > > > > > > Message Contains: "red apples AND yellow bananas" > > > > > > The search should be preformed as such "red AND apples > AND yellow AND > > > bananas" Results will display all event with those words > > > > I would go on with this approach, because it is like Google. > > > > > > > > Or could be preformed as such: > > > > > > Message Contains: "red apples AND yellow bananas " > > > > > > The search will be preformed as such " 'red apples' AND 'yellow > > bananas' " > > > Results will contain all events with 'red apples' AND 'yellow > > bananas'. > > > But > > > not events like 'red delicious apples' or 'yellow > delicious bananas' > > > > If you want perform such a search you have to enclose with quotes. > > > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+ > bananas%22 > > > > Michael > > > > > PLEASE comment on the above. > > > ----- > > > > > > If we try to tackle the first two on the list AND/OR, we > can build on > > it > > > from there, but changing the syntax from release to release might > > confuse > > > users, so we should figure out how the language is > interpreted. Maybe > > a > > > few > > > google searches to see how google interprets things might > be a good > > place > > > to > > > start. > > > > > > I might be able to hack out a simple searcher tonight, > nothing that > > could > > > be > > > used in phpLogCon, but enought to show how to start processing the > > search > > > terms. > > > > > > Brian > > > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > > > That sounds pretty interesting. If we can offload some work to a > > > > standard library, that is helpful in many cases > (assuming that the > > > > library is a good one, of course ;)). > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Brian Shea > > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > > > You can use as much/little as you want and i can help put > > > > > what you need into > > > > > 1.2.1/1.2.2. > > > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > > okay maybe that > > > > > sould be considered for a futur release of phpLogCon along > > > > > with PEAR:DB > > > > > which works nicely. > > > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > > Auth_PrefManager::getUserPrefs( > > > > > string userId ). Otherwise it would work great for all the > > > > > Quick filters > > > > > and definable filters, and maybe even supporting multiple > > > > > DB's/Tables for > > > > > log viewing. > > > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > > > -Brian > > > > > > > > > > On 12/12/05, Michael Meckelein > wrote: > > > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > > removal? If > > > > > > so > > > > > > > what > > > > > > > was the problem? we should fix it to work with > IIS and Apache. > > > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > > phplogcon-1.2.6_bgs > > > > > > :-) > > > > > > > > > > > > Michael > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 14 04:07:13 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 20:07:13 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512131907r28942669jbedb22a44ba5adb1@mail.gmail.com> Michael, Please fix this issue in /layout/bgs_theme on line 171 change : echo substr($_SERVER['REQUEST_URI'], $i); to echo preg_replace("/&" . _SESSION_NAME . "=([a-z0-9]*){25,32}/i", "", substr($_SERVER['REQUEST_URI'], $i) ); And also near line 168: if ($_SESSION['refresh'] > 0) echo ''; with if ($_SESSION['refresh'] > 0) if( defined('_SESS_NOCOOKIES') && _SESS_NOCOOKIES ) echo ''; else echo ''; This will fix the double sid in the url when _SESS_NOCOOKIES is set to 1 and if auto refresh is turn on it will pass the sid in the url as required by php. Or just download 1.2.6a_bgs and replace /layout/bgs_theme.php in 1.2.6_bgsfrom 1.2.6a_bgs. Oh, and one last small change, in index.php, move the require_once("/debug/debug.php") to include.php just after the require_once statement for config.php I think that will get the last of the issues. I have not run into any other problems, have you? On 12/13/05, Michael Meckelein wrote: > > > > > After adapting config.php I got an "Improper session table formatting" > > (btw: formating is misspelled in your version) error. > > > > I think there is a bug in DB_PEAR_sess_drv.php in line 155. > > Forget about it, it was a config issue in my test lab. > > Michael > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 14 07:06:46 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 23:06:46 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512132206g33e26aadocdc1cf4016465c32@mail.gmail.com> Rainer, I did some MySQL research on searching DB's. MySQL support Full Text Search (http://dev.mysql.com/doc/refman/5.0/en/fulltext-boolean.html) Which works well, I have not looked at MSSQL, unfortunately i cannot find an MSSQL server to test SQL queries on. Here is a good example SQL search SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE MATCH(`Message`) AGAINST('+proftpd +(LOGIN no such user)' IN BOOLEAN MODE) GROUP BY(`SysLogTag`) This works for my Messages and phpMyAdmin returns Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1011 (I hope you can view that okay, it's html) For some reason the Syslog tag for proftpd is not placed in to the syslogtag field (not too worried about it right now, maybe you could look into it tho) So what that did for me is it found all messages that contained protfpd and with any of the words (LOGIN, no ,such, user) <-- these are ORed This works if you set FullText serach on the message fields. Also table must be MyISAM. Please see ( http://dev.mysql.com/doc/refman/5.0/en/fulltext-restrictions.html) The same query can be accomplished with this SQL statement SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE (`Message` LIKE 'proftpd%') AND (`Message` LIKE '%no%' OR `Message` LIKE '%such%' OR `Message` LIKE '%user%' OR `Message` LIKE '%LOGIN%') GROUP BY(`SysLogTag`) Which return 6 more messages not sure why, it might be picking up single word 'no' or 'such' that the first search would have droped. Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1017 This is probably more portable across SQL's but as you can see tougher to write. Last one, i promis: This SQL Statement returns the same number as the first: SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE (`Message` LIKE 'proftpd%') AND (`Message` LIKE '%no such user%' OR `Message` LIKE '%LOGIN%') GROUP BY(`SysLogTag`) Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1011 This was the intended result, all messages that contained 'proftpd' and the phrase 'no such user' or 'proftpd' and the word 'LOGIN' So, I guess my point is, we need a way to seperate pharses from single words with boolean operators. For a first try!!!! My suggestion, and it is only a suggestion, and i think it follows your same thinking. Searches are entered as such SEARCH: proftpd & ('no such user' | login) SEARCH: proftpd & ("no such user" | login) SEARCH: proftpd & (no such user | login) treat all these the same, only assume ANDing/ORing when user specifies. PLEASE NOTE single or double quotes will do the same thing. PLEASE!! that will make things easier for everyone. Parenthsis are important. They can follow the SQL syntax. Since we read left to right, syntax will follow that thinking: SEARCH: proftpd & no such user | login would be the same as SEARCH: (proftpd & "no such user") | login Because I think that is how SQL will treat the AND OR in the Where clause. -Brian On 12/13/05, Rainer Gerhards wrote: > > Not sure about the google link, but "apples AND bananas", in my opinion > should search for the literal "apples and bananes" but not "apples > bananas". If I want the later, I'd say > > "apples" and "bananas" > > The double quotes are actually (in most such search engines) a tool to > search for exact phrases. I am pretty sure the same applies to google > (at least this is how I use it ;)). > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 13, 2005 5:05 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > Okay, that is something to think about. I'll have to look at > > the google link > > after work. > > > > Yeah, that was a generic message that should never be > > displayed. I guess > > they should have been different, probably just copy/pasted it > > and forgot to > > change the text. > > > > In DB_PEAR_sess_drv.php in line 155 that should have been > > taken care of in > > the config.php file > > > > if not, then that's where the fix needs to go, not in the > > switch statement. > > And should be done for each of the field constants. > > > > define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") > > > > Oh, there is a problem when session ids are passed in the > > URL, the quick > > filters dont work quite right. I'm not sure why. > > > > Thanks, > > Brian > > > > On 12/13/05, Michael Meckelein wrote: > > > > > > Google Help Center -> Advanced Search Made Easy > > > http://www.google.com/help/refinesearch.html > > > > > > Google does not care about "AND" operator. Google include all search > > > terms by default. We should adapt this approach. > > > > > > This means > > > > > > > Okay, that sounds good, I think we should discuss the syntax: > > > > > > > > double quote designates the search pattern > > > > > > > > Message Contains: "apple AND banana" > > > > > > Should be equal with "apple banana", shouldn't be? > > > > > > (just a site note, because it is interesting but has > > nothing to do with > > > phplogcon: > > > http://www.google.com/search?q=apple+AND+banana > > > and > > > http://www.google.com/search?q=apple+banana > > > have different result pages.) > > > > > > > > > > > in this search the AND is not a literal and, but a search > > modifier. > > > Search > > > > results will return events with both word: apple, banana > > > > > > > > Message Contains: "apple 'AND' banana" > > > > > > We should use double quotes (") instead of single quote (') > > like google. > > > http://www.google.com/search?q=apple+%22and%22+banana > > > > > > > > > > > in this search the AND is a literal and, which will be > > included in the > > > > search. Search results will return messages that contain > > the entire > > > "apple > > > > and banana" > > > > > > > > Same goes for OR for the above. > > > > > > Ok. > > > > > > > Now the slightly more complicated part > > > > > > > > Message Contains: "red apples AND yellow bananas" > > > > > > > > The search should be preformed as such "red AND apples > > AND yellow AND > > > > bananas" Results will display all event with those words > > > > > > I would go on with this approach, because it is like Google. > > > > > > > > > > > Or could be preformed as such: > > > > > > > > Message Contains: "red apples AND yellow bananas " > > > > > > > > The search will be preformed as such " 'red apples' AND 'yellow > > > bananas' " > > > > Results will contain all events with 'red apples' AND 'yellow > > > bananas'. > > > > But > > > > not events like 'red delicious apples' or 'yellow > > delicious bananas' > > > > > > If you want perform such a search you have to enclose with quotes. > > > > > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+ > > bananas%22 > > > > > > Michael > > > > > > > PLEASE comment on the above. > > > > ----- > > > > > > > > If we try to tackle the first two on the list AND/OR, we > > can build on > > > it > > > > from there, but changing the syntax from release to release might > > > confuse > > > > users, so we should figure out how the language is > > interpreted. Maybe > > > a > > > > few > > > > google searches to see how google interprets things might > > be a good > > > place > > > > to > > > > start. > > > > > > > > I might be able to hack out a simple searcher tonight, > > nothing that > > > could > > > > be > > > > used in phpLogCon, but enought to show how to start processing the > > > search > > > > terms. > > > > > > > > Brian > > > > > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > > > > > That sounds pretty interesting. If we can offload some work to a > > > > > standard library, that is helpful in many cases > > (assuming that the > > > > > library is a good one, of course ;)). > > > > > > > > > > Rainer > > > > > > > > > > > -----Original Message----- > > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > > Brian Shea > > > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > > > > > You can use as much/little as you want and i can help put > > > > > > what you need into > > > > > > 1.2.1/1.2.2. > > > > > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > > > okay maybe that > > > > > > sould be considered for a futur release of phpLogCon along > > > > > > with PEAR:DB > > > > > > which works nicely. > > > > > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > > > Auth_PrefManager::getUserPrefs( > > > > > > string userId ). Otherwise it would work great for all the > > > > > > Quick filters > > > > > > and definable filters, and maybe even supporting multiple > > > > > > DB's/Tables for > > > > > > log viewing. > > > > > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > > > > > -Brian > > > > > > > > > > > > On 12/12/05, Michael Meckelein > > wrote: > > > > > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > > > removal? If > > > > > > > so > > > > > > > > what > > > > > > > > was the problem? we should fix it to work with > > IIS and Apache. > > > > > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > > > phplogcon-1.2.6_bgs > > > > > > > :-) > > > > > > > > > > > > > > Michael > > > > > > > _______________________________________________ > > > > > > > Phplogcon-dev mailing list > > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 14 17:42:54 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 14 Dec 2005 17:42:54 +0100 Subject: [Phplogcon-dev] trouble with IIS Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> Brian, I just want to test phplogcon_1.2.6a_bgs with IIS. It run into trouble with $_SERVER['REQUEST_URI'], because it is an apache environment variable. I have to add a patch in all the files using $_SERVER['REQUEST_URI']: $_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']); // Append the query string if it exists and isn't null if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) { $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; } It seems to work but I think it is more or less a dirty hack. I haven't tested all out. I will spend some more time tomorrow testing php in a windows/iis environment. Michael From bgshea at gmail.com Wed Dec 14 18:15:35 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 14 Dec 2005 12:15:35 -0500 Subject: [Phplogcon-dev] trouble with IIS In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512140915o5434d56fof2ebb704345905ee@mail.gmail.com> Okay, I was trying to figure out what QUERY_STRING was for because it seemed like PHP was putting ig all into the [REQUEST_URI]. I think we might be able to look at the server type, if IIS do one thing, for APACHE do another. Thanks, I'll fix that up when i get home and post a 1.2.6b. On 12/14/05, Michael Meckelein wrote: > > Brian, > > I just want to test phplogcon_1.2.6a_bgs with IIS. It run into trouble > with $_SERVER['REQUEST_URI'], because it is an apache environment > variable. > > I have to add a patch in all the files using $_SERVER['REQUEST_URI']: > > $_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ? > $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']); > > // Append the query string if it exists and isn't null > if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) > { > $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; > } > > It seems to work but I think it is more or less a dirty hack. I haven't > tested all out. I will spend some more time tomorrow testing php in a > windows/iis environment. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 10:15:19 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 10:15:19 +0100 Subject: [Phplogcon-dev] FW: phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E3FF3@grfint2.intern.adiscon.com> Hi all, I am forwarding a very good post from Brian to the list. Now that we have the list, I invite everyone to join the discussion and iron out how it is best to proceed. I think Brian has done some exceptionally good work and I would be glad if we can move toward jointly creating a great app. Brian: sorry for the silence the past days. Now Michael is back from vacation and he has a much better understanding of phpLogCon than I have. I think it'll make sense if you too primarily disucss how to proceed - I will throw in any advise I can offer, but as I've said I am not proficient with php. But sometimes I have good ideas on the "overall picture" ;) Thanks, Rainer > -----Original Message----- > From: Brian Shea [mailto:bgshea at gmail.com] > Sent: Tuesday, December 06, 2005 9:03 AM > To: Rainer Gerhards > Subject: Re: phpLogCon > > This is a work-in-progress, you can view a demo on my site. I > have about 4 more days of work before this will by a 100% > usable version. You can download a snap-shot of the code. I > have not put any copyrigth's on my files yet. So please don't > publish them. > > Link is not on webpage, but file should be there if you paste > the link into a browser. > > http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2 > > Watch out for the new file structure > /sessions/ --- Hold session related code files > /pages/ --- Hold the different view, home, > event, syslogtags, etc. > /pages/forms/ --- was /forms/ > > All pages are access through index.php and the > $_SESSION['pages'] variable and a sub pages by the get data > slt or lid. > This hides much of the information about the web app, so it > will be harder to XSS, but if they have the code ... > > http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2 > > TODO: > 1) Clean up and organization. > 2) Combine like code on different pages into functions > 3) Get filter settings in to stored sessions > 4) You had some comments about user's being able to select > different filters, that needs to be done, should be easy at > this point. > 5) Finish the user-config page. > 6) Consider using Text_CAPTCHA to prevent brute force scripts > of trying to login, this would be optional, cause it can be > annoying/unavailable. > > > On 12/5/05, Brian Shea wrote: > > That could work, but since you i'm 8 hours behind you, > midnight for me is 8am for you and by time i wake up at 8:30 > it's the end of your day. > > Either way will work. > > Reposted the file. phplogcon_1.2.3_bgs.tar.bz2 > > now I'm off to bed ;) > > > > On 12/5/05, Brian Shea wrote: > > I dont mind. 4 to 5am is no problem, besides, > if i get up that eairly i have a good change of making it to > work on time, otherwise i don't roll out of bed till 8:30 ;) > > Also, added session_write_close() on line 117. > You might find an extra 's' on line 118 (typo). I'm going to > re-bzip the files. (keyboard short cut is ALT-F-S, sometimes > i hit the fn key next to alt key) > > Anyway, you should find that adding stored > varibles to phplogcon by $_SESSION is quite easy now. Have fun!! > > Off to sleep. > > > > On 12/5/05, Rainer Gerhards < > rgerhards at hq.adiscon.com > wrote: > > Hi Brian, > > thanks for sticking around ;) I guess > this week will be a much better > one with Michael coming back from > vacation. I think it is not a good > idea to make you get up early just to > talk to us ;) What do you think: I > could set up a developers mailing list > and all discussions could take > place on that. I guess that would be > more convenient for everyone... > > Rainer > > > -----Original Message----- > > From: Brian Shea [mailto: bgshea at gmail.com] > > Sent: Sunday, December 04, 2005 7:03 PM > > To: Andre Lorbach; Rainer Gerhards > > Subject: Re: phpLogCon > > > > Andre, Rainer > > > > I'm going to write php Session > handling functions. This will > > be a separate file that can be > included and used with out any > > changes to your current version. > Since php session handling > > functions can be set from php, so > this file will set them. > > Then all the session data will be > written to (DB, FILE, > > dev/null) what ever. > > > > Also, if you still want to chat on > MSN, maybe we can arrange > > a time this week. I think it would be > better for me to get up > > early (4 or 5am) which would be your > afternoon. Any day but > > my Thursday would work. > > > > I would like to work with you, if you > still want that. This > > is your project, so it is your call. > > > > Regards, > > > > Brian Shea > > > > > > On 12/1/05, Brian Shea > wrote: > > > > My MSN account is > bgshea at gmail.com > > > > > > > > > > On 12/1/05, Brian Shea > wrote: > > > > Okay, I'll setup an > account and we can chat! > > > > Thanks, > > > > Brian Shea > > > > > > > > On 12/1/05, Andre Lorbach < > > alorbach at ro1.adiscon.com > > > wrote: > > > > Hi, > > > > you will > contact me (Andre Lorbach) on > > MSN using: delta_ray at hotmail.com > > Timm Herget has > the following MSN: > > therget at gmx.net > > > > I will be on > MSN again tomorrow, so > > don't wounder when I am offline > > there. > > > > Best regards, > > Andre Lorbach > > > > > -----Original > Message----- > > > From: Brian > Shea [mailto: > > bgshea at gmail.com bgshea at gmail.com > ] > > > Sent: > Wednesday, November 30, 2005 6:35 PM > > > To: Rainer Gerhards > > > Subject: Re: phpLogCon > > > > > > Umm, not > sure, I have Gaim and that > > support a number of > > > protocols. I > don't use chat that > > often so any of them are > > > fine. Just > let me know what you guys > > use (MSN/ICQ/AIM) and > > > I'll sign up > for an account. > > > > > > Yeah, That's > my project i do to get > > away from computers. > > > > > > > > > On 11/30/05, > Rainer Gerhards < > > rgerhards at hq.adiscon.com > wrote: > > > > > > > excellent (and good luck with > > your truck!!!). Any > > > preferrence regarding > > > the messenging? > > > > > > Rainer > > > > > > > > -----Original Message----- > > > > From: > Brian Shea [mailto: > > bgshea at gmail.com bgshea at gmail.com > ] > > > > Sent: > Wednesday, November 30, > > 2005 5:04 PM > > > > To: > Rainer Gerhards > > > > > Subject: Re: phpLogCon > > > > > > > > Okay, > that will work for me > > too cause i need to install the > > > > > engine for my truck this > > weekend and will be tied up with > > > > that > for the rest of the > > week. I'll hold off off on the > > > > > emails till we can all get > > together. Let me know when is good > > > > for > you. Also let me know > > what were are going to use. > > > > > > > > Thanks, > > > > > > > > > > > > On > 11/30/05, Rainer Gerhards < > > > > rgerhards at hq.adiscon.com > > > > rgerhards at hq.adiscon.com > > > wrote: > > > > > > > > Brian, > > > > > > > > > just one further note. > > I think there is lots of room > > > > for > improvements, > > > > > even besides the bug > > fixing. The good thing is that I > > > > am > also in control > > > > > of a back-end, namely > > rsyslog, which definitely > > > helps with the > > > > > integration. > > > > > > > > Rainer > > > > > > > > > > -----Original Message----- > > > > > > From: Brian Shea > > [mailto: bgshea at gmail.com] > > > > > > Sent: Monday, > > November 28, 2005 10:36 PM > > > > > > To: Rainer Gerhards > > > > > > Subject: Re: phpLogCon > > > > > > > > > > > Sure, this will give > > me a chance to really > > > help out on an > > > > > > open source project. > > I use ton of open source > > > software and > > > > > > occasionally buy > > Tee-Shirts or Mugs, but that > > > doesn't really > > > > > > go all that far. I'll > > be glad to help in > > > anyway possible. > > > > > > > > > > > I'm gonna spend more > > time tonight to > > > re-instate > cookies with > > > > > > more protection and > > better cookie expiration. > > > > > > > > > > > I think we should > > look at moving all the auth > > > code to one > > > > > > function or set of > > functions. I was having a > > > bit of trouble > > > > > > last night with > > erroneous valid sessions even > > > when i logged > > > > > > out. No doubt a > > result of my changes. I > > > eventually over came > > > > > > the issue, but it is > > a hack at best. > > > > > > > > > > Brian > > > > > > > > > > > > > > > > On 11/28/05, Rainer Gerhards < > > > > rgerhards at hq.adiscon.com > > > > > > > wrote: > > > > > > > > > > > Brian, > > > > > > > > > > > the office I am > > in has had some ISP > > > troubles today. I > > > > > > am receiving messages > > out of order... > > > Anyhow... I really > > > > > > appreciate your work > > - it is awsome ;) I > > > think we could > > > > > > really do quite a lot > > together and I am > > > excited about that > > > > > > opportunity. The > > primary coder so far - > > > Michael Meckelein - > > > > > > is on vacation since > > friday, he'll be back > > > next monday. I > > > > > > have asked Andre to > > work with you. I think > > > that will be fun > > > > > > ;) I myself have > > mostly worked on the basic > > > concept, and even > > > > > > that not for quite some time. > > > > > > > > > > > I think we are > > on a quite good track now :) > > > > > > > > > > > > > > > > Rainer > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Brian Shea > > > > [mailto:bgshea at gmail.com] > > > > > > Sent: > > Monday, November 28, 2005 4:20 PM > > > > > > To: > > Rainer Gerhards > > > > > > > Subject: phpLogCon > > > > > > > > > > > > > > > > You can > > use this email for > > > coordinating the > > > > > > fixes. I'll be at > > work from 8:00 to 4:30, but > > > after that I'm > > > > > > free to work on phpLogCon. > > > > > > > > > > > BTW: > > > > > > > > > > > The > > code is pretty good, The > > > first thing we > > > > > > need to do is have a > > central authentication > > > point. Move all > > > > > > the valid user checks > > to one function that is > > > called at the > > > > > > start of the scripts, > > and if fails kills the > > > session and > > > > > > sends the user back > > to index.php. > > > > > > > > > > > I > > noticed that you had some of > > > the auth code in > > > > > > index.php, some in > > writestandardhead and more > > > in auth. I > > > > > > moved most of the > > auth code to auth, but > > > there is still a few > > > > > > bits and pieces left over. > > > > > > > > > > > Regrads, > > > > > > Brian > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From bgshea at gmail.com Tue Dec 6 16:18:40 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 08:18:40 -0700 Subject: [Phplogcon-dev] Great, thank you!! Message-ID: <9ef8de70512060718q437b4113ve44acc05d4036179@mail.gmail.com> Okay, great, I will be interested to hear what is on your todo list!!! Thanks, Brian From mmeckelein at hq.adiscon.com Tue Dec 6 16:38:57 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 16:38:57 +0100 Subject: [Phplogcon-dev] Great, thank you!! Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C416@grfint2.intern.adiscon.com> Hello Brian, I am Michael, one of the core developers of phpLogCon. First of all, your enhancements and ideas for phpLogCon are very impressive. I have already taken a look into your code improvements and have installed your phplogcon-1.2.4_bgs branch. After some trouble (I know you wrote that this version will have bugs) it is running in my test environment. Of course I will discuss with you the enhancements and will also provide phpLogCon's todo list. Please bear a little with me. I will prepare some questions / comments and forward it to the list soon. Regards, Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Tuesday, December 06, 2005 4:19 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Great, thank you!! > > Okay, great, > > I will be interested to hear what is on your todo list!!! > > Thanks, > > Brian > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Tue Dec 6 17:05:28 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 17:05:28 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> Hi, I will discuss each topic in a separate email on the list. I think it is easier for tracking. One of the most desired items for phpLogCon is a database abstraction layer. We have already implemented our own db abstraction layer, but it is more or less an 'it does, but it not perfect' one (also it only supports mysql, mssql and access). We had often trouble to get all supported database working. Therefore we have considered to use a third party db abstraction layer like pear:db [1] or adodb for phpLogCon. Brian, as you mentioned, the session handler only works with mysql. If we want support other db we have to write a wrapper. Maybe it is a good time to implement the third party stuff now in order to get rid of all the trouble with different db. Brian, how does it sound? Maybe you have already experience with db:pear or adodb? I have already tested both in smaller projects. I personally prefer db:pear, but both are powerful and easy to use. [1] pear::db http://pear.php.net/package/DB [2] ADOdb http://adodb.sourceforge.net/ Best Regards, Michael From mmeckelein at hq.adiscon.com Tue Dec 6 17:53:07 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 17:53:07 +0100 Subject: [Phplogcon-dev] logged in via cookie Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> Hi Brian, If I understand the concept of your session handling correctly, it is no longer possible to keep the user logged in longer than the browser session. I know it is more insecure remember users via cookie, but this is a feature most of the users like. Actually this was one of the 'have to' features as we introduce the user interface. The user should decide if he wants to use cookies for remembering or not in my opinion. Of course, we should mention in the documentation (and/or provide a link to "read about using cookie" or something similar) that using cookie can be insecure. Best Regards, Michael From mmeckelein at hq.adiscon.com Tue Dec 6 18:19:03 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:19:03 +0100 Subject: [Phplogcon-dev] changing user name / adding user Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C419@grfint2.intern.adiscon.com> Hi, In phplogcon it is possible to add a user with a username (UserIDText) which already exist. Remember unique for users it's by UserID. In version 1.2.3_bgs, Brian has introduced to change the user name. I guess it is possible to change the username to a name already exist. I have not verified this by testing, because this feature does not work in my test lab. Identical usernames are very confusing and a good source for trouble. Therefore, I think we should make the UserIDText in the users table unique and check if UserIDText already exist before adding/changing anything. Comments are highly appreciated. Michael From mmeckelein at hq.adiscon.com Tue Dec 6 18:23:14 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:23:14 +0100 Subject: [Phplogcon-dev] FW: Great, thank you!! Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41A@grfint2.intern.adiscon.com> I will post Brian's post to the list. A setup issue of the mailing list caused that a reply goes to the initiator of the mail instead to the list. This issue is already solved. Michael -----Original Message----- From: Brian Shea [mailto:bgshea at gmail.com] Sent: Tuesday, December 06, 2005 5:56 PM To: Michael Meckelein Subject: Re: [Phplogcon-dev] Great, thank you!! No problem, I have trouble installing the demo myself. I usually try to get the code worked in, then work out the bugs. I will be glad to answer any questions Regards, Brian On 12/6/05, Michael Meckelein wrote: Hello Brian, I am Michael, one of the core developers of phpLogCon. First of all, your enhancements and ideas for phpLogCon are very impressive. I have already taken a look into your code improvements and have installed your phplogcon-1.2.4_bgs branch. After some trouble (I know you wrote that this version will have bugs) it is running in my test environment. Of course I will discuss with you the enhancements and will also provide phpLogCon's todo list. Please bear a little with me. I will prepare some questions / comments and forward it to the list soon. Regards, Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Tuesday, December 06, 2005 4:19 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Great, thank you!! > > Okay, great, > > I will be interested to hear what is on your todo list!!! > > Thanks, > > Brian > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev _______________________________________________ Phplogcon-dev mailing list http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Tue Dec 6 18:37:12 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:37:12 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> Hi Brian, I need your help. Please can you point me to where I can find the following modification? > added php code to not allow certain files to be access by the > URL!!! esp. include.php and config.php Thank you. Best regards, Michael From bgshea at gmail.com Tue Dec 6 18:37:21 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 12:37:21 -0500 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C417@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512060937q2c1c9347x19954d8cebb6bb93@mail.gmail.com> The Pear DB sounds good, i have the pear lib installed and have used it before. I can modify the session handlers to include pear support. It would be a good idea to have native support for mssql/mysql for those that can't use pear. I think those two are probably the most widely used DBs. All other's can be supported by pear. That item has been added to the TODO list. On 12/6/05, Michael Meckelein wrote: > > Hi, > > I will discuss each topic in a separate email on the list. I think it is > easier for tracking. > > One of the most desired items for phpLogCon is a database abstraction > layer. We have already implemented our own db abstraction layer, but it > is more or less an 'it does, but it not perfect' one (also it only > supports mysql, mssql and access). > > We had often trouble to get all supported database working. Therefore we > have considered to use a third party db abstraction layer like pear:db > [1] or adodb for phpLogCon. > > Brian, as you mentioned, the session handler only works with mysql. If > we want support other db we have to write a wrapper. Maybe it is a good > time to implement the third party stuff now in order to get rid of all > the trouble with different db. > > Brian, how does it sound? Maybe you have already experience with db:pear > or adodb? I have already tested both in smaller projects. I personally > prefer db:pear, but both are powerful and easy to use. > > [1] pear::db > http://pear.php.net/package/DB > [2] ADOdb > http://adodb.sourceforge.net/ > > Best Regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 18:39:37 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 12:39:37 -0500 Subject: [Phplogcon-dev] logged in via cookie In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C418@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512060939r7000d6g2074d10d257c6b65@mail.gmail.com> The timeout can be set for 1 year if they want to stay logged in. If they are offline for more than 1 year, i doubt they would complain to re-login. An option can be added to the page to similar to 'remember me' so the user will stay loged in On 12/6/05, Michael Meckelein wrote: > > Hi Brian, > > If I understand the concept of your session handling correctly, it is no > longer possible to keep the user logged in longer than the browser > session. > > I know it is more insecure remember users via cookie, but this is a > feature most of the users like. Actually this was one of the 'have to' > features as we introduce the user interface. > > The user should decide if he wants to use cookies for remembering or not > in my opinion. Of course, we should mention in the documentation (and/or > provide a link to "read about using cookie" or something similar) that > using cookie can be insecure. > > Best Regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 18:41:14 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 18:41:14 +0100 Subject: [Phplogcon-dev] TodoList and such Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> Hi all, it is nice seeing the discussion to come alive. I have a general suggestion when it comes to todo list, bug trackers and those. Besides the dedicated site, phpLogCon is also hosted on sourceforge.net, where we also use the CVS. Sourceforge offers a lot of trackers. I suggest we use them, this is a nice way to keep everyone informed of whats going on and who is doing what. How does this sound? Rainer From mmeckelein at hq.adiscon.com Tue Dec 6 18:45:18 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 6 Dec 2005 18:45:18 +0100 Subject: [Phplogcon-dev] enhanced "message must contain" filter Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> Please not in the current CVS version we have already build in support to search a message for multiple words. However we want to enhance the "message must contain" filter further. It would be great it is more useable like google searching, e.g. search for a term enclosed in double quotes like "foo bar" or for and/or conditions (foo OR bar). Best regards, Michael From bgshea at gmail.com Tue Dec 6 19:09:11 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 13:09:11 -0500 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <9ef8de70512061009y1ad1a27bq8c76efc8614a983a@mail.gmail.com> >From what i read so far, it sound like we need to get our systems setup the same. We need to have a common php.ini and mysql table/database setup. and test directories. Thanks, From bgshea at gmail.com Tue Dec 6 20:03:10 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:03:10 -0500 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> The code is just below the GNU license marked with // BGS -- // BGS end the first section is the trailing '/' (slash) removal, the second section is the diss allow. I dont have the code in front of me to look at. On 12/6/05, Michael Meckelein wrote: > > Hi Brian, > > I need your help. Please can you point me to where I can find the > following modification? > > > added php code to not allow certain files to be access by the > > URL!!! esp. include.php and config.php > > Thank you. > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 20:03:49 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:03:49 -0500 Subject: [Phplogcon-dev] TodoList and such In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4004@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061103l3063aa64i33d0567065558bd9@mail.gmail.com> Will do!! On 12/6/05, Rainer Gerhards wrote: > > Hi all, > > it is nice seeing the discussion to come alive. I have a general > suggestion when it comes to todo list, bug trackers and those. Besides > the dedicated site, phpLogCon is also hosted on sourceforge.net, where > we also use the CVS. Sourceforge offers a lot of trackers. I suggest we > use them, this is a nice way to keep everyone informed of whats going on > and who is doing what. > > How does this sound? > > Rainer > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 20:10:04 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 14:10:04 -0500 Subject: [Phplogcon-dev] enhanced "message must contain" filter In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41C@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061110s76e73e3bu7d9c26eed57592c3@mail.gmail.com> WOW, that is a big one. Certainly possible, this should be considered for a 2.0 release! Let's concentrate on the DB, security and layout for 1.x.xreleases. We can introduce a new page with this type of search. We should also be able to utilize SQL language for searching and indexing. On 12/6/05, Michael Meckelein wrote: > > Please not in the current CVS version we have already build in support > to search a message for multiple words. > > However we want to enhance the "message must contain" filter further. It > would be great it is more useable like google searching, e.g. search for > a term enclosed in double quotes like "foo bar" or for and/or conditions > (foo OR bar). > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 21:29:08 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 21:29:08 +0100 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> Let me caution on the database schema. We should try NOT to change it, because other products/projects rely on it. For example, rsyslogd supports it be default and it would be bad if it couldn't use the "normal" schema. Also, the (commercial) Windows event reporter use intentionally the same schema. I guess that some others are also building on that schema with add-on scripts. Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 7:09 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > >From what i read so far, it sound like we need to get our > systems setup the > same. > > We need to have a common php.ini and mysql table/database setup. > > and test directories. > > Thanks, > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 6 21:44:17 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 15:44:17 -0500 Subject: [Phplogcon-dev] Hmm, before we get too far.. In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4006@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512061244u5d4882k8934a05cc1c471b9@mail.gmail.com> Yeah, i think that is good. There seems to be a difference in our system setups, not so much in the table/column names. For the most part, i want to change my system to match yours as close a possible so that code can be easily transferred in working condition. This might be as simple as an Apache directory, or php.ini config setting, or location to where the code is stored. on my system i use /phplogcon121 as the Apache location to phplogcon. You might have say /phplogcon_test, which could cause some of the config parameter to get mixed up. This will be an issue during install to get all the config setting correct so when user installs phplogcon the proper directory names are set. Brian, On 12/6/05, Rainer Gerhards wrote: > > Let me caution on the database schema. We should try NOT to change it, > because other products/projects rely on it. For example, rsyslogd > supports it be default and it would be bad if it couldn't use the > "normal" schema. Also, the (commercial) Windows event reporter use > intentionally the same schema. I guess that some others are also > building on that schema with add-on scripts. > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 06, 2005 7:09 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > > > >From what i read so far, it sound like we need to get our > > systems setup the > > same. > > > > We need to have a common php.ini and mysql table/database setup. > > > > and test directories. > > > > Thanks, > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 6 21:50:07 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 6 Dec 2005 21:50:07 +0100 Subject: [Phplogcon-dev] Hmm, before we get too far.. Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4007@grfint2.intern.adiscon.com> Brian, I agree it would be advisable to have the same setup. I think once we have made clear what we use, we should document that. Maybe Timm can jump onto that. Please note that phpLogCon shall work both on Linux and Windows (even with IIS). I think we should do the verifcation that everything continues to work with IIS. Or are you up for some Windoze? ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 9:44 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Hmm, before we get too far.. > > Yeah, i think that is good. There seems to be a difference in > our system > setups, not so much in the table/column names. For the most > part, i want to > change my system to match yours as close a possible so that > code can be > easily transferred in working condition. > > This might be as simple as an Apache directory, or php.ini > config setting, > or location to where the code is stored. > > on my system i use /phplogcon121 as the Apache location to > phplogcon. You > might have say /phplogcon_test, which could cause some of the config > parameter to get mixed up. > > This will be an issue during install to get all the config > setting correct > so when user installs phplogcon the proper directory names are set. > > Brian, > > > On 12/6/05, Rainer Gerhards wrote: > > > > Let me caution on the database schema. We should try NOT to > change it, > > because other products/projects rely on it. For example, rsyslogd > > supports it be default and it would be bad if it couldn't use the > > "normal" schema. Also, the (commercial) Windows event reporter use > > intentionally the same schema. I guess that some others are also > > building on that schema with add-on scripts. > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Brian Shea > > > Sent: Tuesday, December 06, 2005 7:09 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] Hmm, before we get too far.. > > > > > > >From what i read so far, it sound like we need to get our > > > systems setup the > > > same. > > > > > > We need to have a common php.ini and mysql table/database setup. > > > > > > and test directories. > > > > > > Thanks, > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 06:35:50 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 6 Dec 2005 22:35:50 -0700 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C41B@grfint2.intern.adiscon.com> <9ef8de70512061103m3daa2e5dlc518de2eb50b7913@mail.gmail.com> Message-ID: <9ef8de70512062135m61be2987r5fbae426c9d96a7b@mail.gmail.com> Michael, here is the code section that will disallow access to php files from the URL. It basically looks at the file name in the $_SERVER[script_name] to see if it mathces itself. // BGS -- do not allow access from URL $filename = substr(__FILE__, strrpos( __FILE__, "/" )); $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( $_SERVER['SCRIPT_NAME'], "/" )); if( $filename == $requestname ) { session_unset(); header("Location: ../index.php"); exit; } // BGS end On 12/6/05, Brian Shea wrote: > > The code is just below the GNU license marked with > > // BGS -- > > // BGS end > > the first section is the trailing '/' (slash) removal, the second section > is the diss allow. I dont have the code in front of me to look at. > > > On 12/6/05, Michael Meckelein wrote: > > > > Hi Brian, > > > > I need your help. Please can you point me to where I can find the > > following modification? > > > > > added php code to not allow certain files to be access by the > > > URL!!! esp. include.php and config.php > > > > Thank you. > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From rgerhards at hq.adiscon.com Wed Dec 7 09:19:35 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:19:35 +0100 Subject: [Phplogcon-dev] release structure Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E400F@grfint2.intern.adiscon.com> Hi all, a non-technical issue... I think we need to put some thinking into what shall go into which release as soon as we have finished an agreed-upon todo list (but not sooner ;)). Anyhow, we should remember that the whole thing started when Brian detected some security issues. The currently distributed source still contains them. So I think it is definitely time to do something against it. I propose we do the following: #1 document that limitiations of the current "security model", which most importantly means telling people very directly that these are profiles and not actual security-safe accounts. Michael mentioned we had such a document. If so, we should dig it out and publish it, if not, we should create at least a small one ;) #2 fix the most important things without major change (I think about the % userid/password issue). My goal here would be to fix what can be done very quickly and have a better version online. We could then also fork phplogcon into a stable and a development branch, where stable just receives the most important things (but is stable ;)) while development would be the (b)leading edge, at which allmost all further work is conducted. Feedback is highly appreciated. Many thanks, Rainer From rgerhards at hq.adiscon.com Wed Dec 7 09:40:40 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:40:40 +0100 Subject: [Phplogcon-dev] enhanced "message must contain" filter Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4011@grfint2.intern.adiscon.com> I think we should just add it to the todo list as a feature request. I agree that the other topics are more important. From the feedback I received, it might be a less enormous task than it sounds, but that can be seen once we are there ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 8:10 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] enhanced "message must contain" filter > > WOW, that is a big one. Certainly possible, this should be > considered for a > 2.0 release! Let's concentrate on the DB, security and layout for > 1.x.xreleases. > > We can introduce a new page with this type of search. We > should also be able > to utilize SQL language for searching and indexing. > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > Please not in the current CVS version we have already build > in support > > to search a message for multiple words. > > > > However we want to enhance the "message must contain" > filter further. It > > would be great it is more useable like google searching, > e.g. search for > > a term enclosed in double quotes like "foo bar" or for > and/or conditions > > (foo OR bar). > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 09:45:22 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 09:45:22 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4012@grfint2.intern.adiscon.com> Brian, please let me elaborate why I proposed some time ago to use a different db abstraction layer. Just so that we remember the reasoning. The db abstraction layer we have done works, but is a bit "rough" and also limits the abilities to use SQL to its full extent. At least this is what has been discussed so far. My hopes for a layer like Pear is that it provides a higher-level abstraction with better functionality. So my main objective behind that would not be to support additional databases (although this definitely is a secondary goal) but to have cleaner and more capable code inside phpLogCon. In the light of this, I'd propose to not support MSSQL and MySQL natively, because that would require us to continue to use our own layer, which seems to have some issues. Of course, the question is what implications Pear has - e.g. performance-wise. I hope this clarifies and initiates another round of good discussions ;) Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 06, 2005 6:37 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > The Pear DB sounds good, i have the pear lib installed and > have used it > before. I can modify the session handlers to include pear > support. It would > be a good idea to have native support for mssql/mysql for > those that can't > use pear. I think those two are probably the most widely used DBs. All > other's can be supported by pear. > > That item has been added to the TODO list. > > > On 12/6/05, Michael Meckelein wrote: > > > > Hi, > > > > I will discuss each topic in a separate email on the list. > I think it is > > easier for tracking. > > > > One of the most desired items for phpLogCon is a database > abstraction > > layer. We have already implemented our own db abstraction > layer, but it > > is more or less an 'it does, but it not perfect' one (also it only > > supports mysql, mssql and access). > > > > We had often trouble to get all supported database working. > Therefore we > > have considered to use a third party db abstraction layer > like pear:db > > [1] or adodb for phpLogCon. > > > > Brian, as you mentioned, the session handler only works > with mysql. If > > we want support other db we have to write a wrapper. Maybe > it is a good > > time to implement the third party stuff now in order to get > rid of all > > the trouble with different db. > > > > Brian, how does it sound? Maybe you have already experience > with db:pear > > or adodb? I have already tested both in smaller projects. I > personally > > prefer db:pear, but both are powerful and easy to use. > > > > [1] pear::db > > http://pear.php.net/package/DB > > [2] ADOdb > > http://adodb.sourceforge.net/ > > > > Best Regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 12:39:00 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 12:39:00 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C41F@grfint2.intern.adiscon.com> > Of course, the question is what implications Pear has - e.g. > performance-wise. Of course, abstraction layer have naturally impact on performance. I did some research about pear::db performance. I was surprised some say "PEAR::DB code will run at about 3/8 the speed of the equivalent DBMS-specific code" [1]. Also found some benchmark indicating that is true [2][3]. As I already wrote, I have used pear::db in small projects and it works great. The impact of the abstraction layer was hardly noticeable (subjective), but I have not made any performance testing. "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good decision indicates that it worth to use a db abstraction layer. I support this approach since I know about the trouble, testing and time effort for developing your own db wrapper. Michael [1] Impaired performance of pear::db http://www.hudzilla.org/phpbook/read.php/9_6_4 [2] simple benchmark (08/13/02) comparing some db abstraction layer http://freshmeat.net/screenshots/30313/ [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL http://phplens.com/lens/adodb/ [4] Is PEAR DB worth using?" http://groups.google.com/group/comp.lang.php/browse_frm/thread/1d1dca65e 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en From mmeckelein at hq.adiscon.com Wed Dec 7 13:01:53 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 13:01:53 +0100 Subject: [Phplogcon-dev] release structure Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> > Anyhow, we should remember that the whole thing started when Brian > detected some security issues. The currently distributed source still > contains them. So I think it is definitely time to do something against > it. ACK. > I propose we do the following: > > #1 document that limitiations of the current "security model", which > most importantly means telling people very directly that these are > profiles and not actual security-safe accounts. Michael mentioned we had > such a document. If so, we should dig it out and publish it, if not, we > should create at least a small one ;) I didn't find such document. Probably it was discussed by email or chat. I know we have discussed, but obviously missed to document. We should immediately document that out. Beside to mention it in the manual, should we create a faq e.g. telling how to use .htaccess for example? > > #2 fix the most important things without major change (I think about the > % userid/password issue). My goal here would be to fix what can be done > very quickly and have a better version online. Timm, please take the current code from the cvs and merge Brian's bug fixes (http://www.hackthebox.org/) into it as soon as possible. Then we can make a release of this branch. Note that beside the security fixes this release will also include some minor fixes which already made and the Database options page Timm has implemented. > We could then also fork phplogcon into a stable and a development > branch, where stable just receives the most important things (but is > stable ;)) while development would be the (b)leading edge, at which > allmost all further work is conducted. Sounds good. It is the common way for open source development, isn't it? Michael From rgerhards at hq.adiscon.com Wed Dec 7 15:48:09 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 15:48:09 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E401D@grfint2.intern.adiscon.com> Well... I've gone through the references and my guess is that Pear will probably be not that bad in our case (though ADOdb might be something we should look at). My reason is that I think we do relatively simply queries. Anyhow, these simple queries can relate to a lot of i/o at the database itself, which probably turns out to be the botleneck. Of course, nothing of this is verified, but I have the strong impression that performance will not be that much of an issue (well, to be precisely "performance of the abstraction layer" - performance per se *is* an issue, especially with the potentially huge amounts of data we have in syslog... ;)). So my educated (but unverified) opinion is that it would probably be worth looking at Pear. I Am still of the view that native DB support via our own layer is causing more trouble than it is worth. My 2cts... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 12:39 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > Of course, the question is what implications Pear has - e.g. > > performance-wise. > > Of course, abstraction layer have naturally impact on > performance. I did > some research about pear::db performance. I was surprised some say > "PEAR::DB code will run at about 3/8 the speed of the equivalent > DBMS-specific code" [1]. Also found some benchmark indicating that is > true [2][3]. > > As I already wrote, I have used pear::db in small projects > and it works > great. The impact of the abstraction layer was hardly noticeable > (subjective), but I have not made any performance testing. > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > decision indicates that it worth to use a db abstraction layer. I > support this approach since I know about the trouble, testing and time > effort for developing your own db wrapper. > > Michael > > [1] Impaired performance of pear::db > http://www.hudzilla.org/phpbook/read.php/9_6_4 > [2] simple benchmark (08/13/02) comparing some db abstraction layer > http://freshmeat.net/screenshots/30313/ > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL > http://phplens.com/lens/adodb/ > [4] Is PEAR DB worth using?" > http://groups.google.com/group/comp.lang.php/browse_frm/thread > /1d1dca65e > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 15:49:49 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 15:49:49 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> Brian, This approach works only in a linux environment. Note that Windows uses \ instead linux's / for directory browsing. E.g. file in - windows: c:\webserver\phplogcon\config.php - linux: /var/www/phplogcon/config.php Furthermore, I have to admit that I am not aware of an actually security issue by accessing those file directly via url. Of course it is not intended to call files like config.php directly. To prohibit accessing files directly which are not intended to access directly is of course a good security concept. But maybe I oversee a security issue with the current (without your check) approach? Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Wednesday, December 07, 2005 6:36 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > Michael, here is the code section that will disallow access to php files > from the URL. > > It basically looks at the file name in the $_SERVER[script_name] to see if > it mathces itself. > > // BGS -- do not allow access from URL > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > $_SERVER['SCRIPT_NAME'], "/" )); > > if( $filename == $requestname ) > { > session_unset(); > header("Location: ../index.php"); > exit; > } > // BGS end > > > > On 12/6/05, Brian Shea wrote: > > > > The code is just below the GNU license marked with > > > > // BGS -- > > > > // BGS end > > > > the first section is the trailing '/' (slash) removal, the second > section > > is the diss allow. I dont have the code in front of me to look at. > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > Hi Brian, > > > > > > I need your help. Please can you point me to where I can find the > > > following modification? > > > > > > > added php code to not allow certain files to be access by the > > > > URL!!! esp. include.php and config.php > > > > > > Thank you. > > > > > > Best regards, > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Wed Dec 7 16:05:24 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 16:05:24 +0100 Subject: [Phplogcon-dev] duplicated code Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> Hi Brian, I noticed that you use duplicated code in some files. The code snippet below is in e.g. auth.php, config.php, include.php, ... Wouldn't it be better to put it into a function onto the top in include.php? // BGS -- This will remove the trailin / in a uri like .../index.php/ // This causes the directories to get mucked up. // Patch from http://www.php.net/manual/en/ref.apache.php by henk_nicolai at REMOVE-THIS at hotmail dot com $req = $_SERVER['REQUEST_URI']; // Remove rubbish. $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', $_SERVER['SCRIPT_NAME'], $req); if (strlen($newReq) < strlen($req)) { header ('Location: '.$newReq); header ('HTTP/1.0 301 Moved Permanently'); die; // Don't send any more output. } unset($req); unset($newReq); // BGS end // BGS -- do not all access from URI $filename = substr(__FILE__, strrpos( __FILE__, "/" )); $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( $_SERVER['SCRIPT_NAME'], "/" )); if( $filename == $requestname ) { session_unset(); header("Location: ../index.php"); exit; } // BGS end Michael From mmeckelein at hq.adiscon.com Wed Dec 7 16:14:25 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 16:14:25 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> > Well... I've gone through the references and my guess is that Pear will > probably be not that bad in our case (though ADOdb might be something we > should look at). This -> > My reason is that I think we do relatively simply > queries. Anyhow, these simple queries can relate to a lot of i/o at the > database itself, which probably turns out to be the botleneck. is exactly the point. phpLogCon does not bother the database with a high amount of queries. The queries are typical simple as Rainer mentioned. Just using some where clauses and only SystemEvents table have to select if phplogcon works with data. Michael >Of > course, nothing of this is verified, but I have the strong impression > that performance will not be that much of an issue (well, to be > precisely "performance of the abstraction layer" - performance per se > *is* an issue, especially with the potentially huge amounts of data we > have in syslog... ;)). > > So my educated (but unverified) opinion is that it would probably be > worth looking at Pear. I Am still of the view that native DB support via > our own layer is causing more trouble than it is worth. > > My 2cts... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 12:39 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > > > Of course, the question is what implications Pear has - e.g. > > > performance-wise. > > > > Of course, abstraction layer have naturally impact on > > performance. I did > > some research about pear::db performance. I was surprised some say > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > DBMS-specific code" [1]. Also found some benchmark indicating that is > > true [2][3]. > > > > As I already wrote, I have used pear::db in small projects > > and it works > > great. The impact of the abstraction layer was hardly noticeable > > (subjective), but I have not made any performance testing. > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > > decision indicates that it worth to use a db abstraction layer. I > > support this approach since I know about the trouble, testing and time > > effort for developing your own db wrapper. > > > > Michael > > > > [1] Impaired performance of pear::db > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > [2] simple benchmark (08/13/02) comparing some db abstraction layer > > http://freshmeat.net/screenshots/30313/ > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native MySQL > > http://phplens.com/lens/adodb/ > > [4] Is PEAR DB worth using?" > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > /1d1dca65e > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From bgshea at gmail.com Wed Dec 7 16:52:32 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 08:52:32 -0700 Subject: [Phplogcon-dev] release structure In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C420@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070752n678e178cve529919475811480@mail.gmail.com> Completely agree to to sable and beta versions!! 1.2.1 Can be fixed easily for the % char, but the cookies will need much more work. But if you tell people about the problem, then they can take the proper precautions. This can be found in auth.php for 1.2.4_bgs, it will handle all characters that we might want to limit in the future. // Check for special sql characters function invalid_chars( $string ) { $bad_list = array("'",'"',"%"," "); foreach( $bad_list as $needle ) { if( strpos( $string, $needle ) !== FALSE ) { return TRUE; } } return FALSE; } Example how to use it if( invalid_chars( $user ) || invalid_chars( $pass ) ) {// BAD WriteHead('phpLogCon :: ' , _MSGAccDen, '', '', _MSGAccDen, 0); print '
..:: ' . _MSGNamInvChr . ' ::..
'; echo '
..:: ', _MSGBac2Ind, ' ::..'; WriteFooter(); exit; } else { //GOOD } NOTE TO MYSELF: make gmail insert > for replies to messages. On 12/7/05, Michael Meckelein wrote: > > > Anyhow, we should remember that the whole thing started when Brian > > detected some security issues. The currently distributed source still > > contains them. So I think it is definitely time to do something > against > > it. > > ACK. > > > I propose we do the following: > > > > #1 document that limitiations of the current "security model", which > > most importantly means telling people very directly that these are > > profiles and not actual security-safe accounts. Michael mentioned we > had > > such a document. If so, we should dig it out and publish it, if not, > we > > should create at least a small one ;) > > I didn't find such document. Probably it was discussed by email or chat. > I know we have discussed, but obviously missed to document. We should > immediately document that out. Beside to mention it in the manual, > should we create a faq e.g. telling how to use .htaccess for example? > > > > > #2 fix the most important things without major change (I think about > the > > % userid/password issue). My goal here would be to fix what can be > done > > very quickly and have a better version online. > > Timm, please take the current code from the cvs and merge Brian's bug > fixes (http://www.hackthebox.org/) into it as soon as possible. Then we > can make a release of this branch. Note that beside the security fixes > this release will also include some minor fixes which already made and > the Database options page Timm has implemented. > > > We could then also fork phplogcon into a stable and a development > > branch, where stable just receives the most important things (but is > > stable ;)) while development would be the (b)leading edge, at which > > allmost all further work is conducted. > > Sounds good. It is the common way for open source development, isn't it? > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 16:58:00 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 08:58:00 -0700 Subject: [Phplogcon-dev] not allow certain files to be access In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C422@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070758m46ea70cavee116c3927a0c344@mail.gmail.com> Ah, that would be a problem. Easily fixed with a config setting or checking the os environment. Nor do i, buy why let someone else find it and exploit it if one does exist!!! This is more for the type of files i use in 1.2.4_bgs where all the Auth is done in index.php and each page is loaded by an include statement. I'm just so use to having them there that i feel better with them. On 12/7/05, Michael Meckelein wrote: > > Brian, > > This approach works only in a linux environment. Note that Windows uses > \ instead linux's / for directory browsing. > > E.g. file in > - windows: c:\webserver\phplogcon\config.php > - linux: /var/www/phplogcon/config.php > > Furthermore, I have to admit that I am not aware of an actually security > issue by accessing those file directly via url. Of course it is not > intended to call files like config.php directly. To prohibit accessing > files directly which are not intended to access directly is of course a > good security concept. But maybe I oversee a security issue with the > current (without your check) approach? > > Michael > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > bounces at lists.adiscon.com] On Behalf Of Brian Shea > > Sent: Wednesday, December 07, 2005 6:36 AM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > > > Michael, here is the code section that will disallow access to php > files > > from the URL. > > > > It basically looks at the file name in the $_SERVER[script_name] to > see if > > it mathces itself. > > > > // BGS -- do not allow access from URL > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > $_SERVER['SCRIPT_NAME'], "/" )); > > > > if( $filename == $requestname ) > > { > > session_unset(); > > header("Location: ../index.php"); > > exit; > > } > > // BGS end > > > > > > > > On 12/6/05, Brian Shea wrote: > > > > > > The code is just below the GNU license marked with > > > > > > // BGS -- > > > > > > // BGS end > > > > > > the first section is the trailing '/' (slash) removal, the second > > section > > > is the diss allow. I dont have the code in front of me to look at. > > > > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > > > Hi Brian, > > > > > > > > I need your help. Please can you point me to where I can find the > > > > following modification? > > > > > > > > > added php code to not allow certain files to be access by the > > > > > URL!!! esp. include.php and config.php > > > > > > > > Thank you. > > > > > > > > Best regards, > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:00:33 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:00:33 -0700 Subject: [Phplogcon-dev] duplicated code In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C423@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070800t2ed5eb10l4a58217ca6c248ce@mail.gmail.com> Can't, unless certain varibles are passed becuse the code looks at the file the code is in, and sometimes I need header("Location: ../index.php"); or header("Location: index.php"); Look close, one has ../index.php the other does not. I've always just seen it place at the top of every file as needed. On 12/7/05, Michael Meckelein wrote: > > Hi Brian, > > I noticed that you use duplicated code in some files. The code snippet > below is in e.g. auth.php, config.php, include.php, ... > > Wouldn't it be better to put it into a function onto the top in > include.php? > > // BGS -- This will remove the trailin / in a uri like .../index.php/ > // This causes the directories to get mucked up. > // Patch from http://www.php.net/manual/en/ref.apache.php by > henk_nicolai at REMOVE-THIS at hotmail dot com > $req = $_SERVER['REQUEST_URI']; > // Remove rubbish. > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > $_SERVER['SCRIPT_NAME'], $req); > if (strlen($newReq) < strlen($req)) > { > header ('Location: '.$newReq); > header ('HTTP/1.0 301 Moved Permanently'); > die; // Don't send any more output. > } > unset($req); > unset($newReq); > // BGS end > // BGS -- do not all access from URI > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > $_SERVER['SCRIPT_NAME'], "/" )); > if( $filename == $requestname ) > { > session_unset(); > header("Location: ../index.php"); > exit; > } > // BGS end > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:01:47 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:01:47 +0100 Subject: [Phplogcon-dev] not allow certain files to be access Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4024@grfint2.intern.adiscon.com> Warning: the php-noob is writing about php ;) Would it be possible in php to set a variable (let's call if "validcall") in the main file and check that in each of the to-be-included files? So if they would be called directly, "validcall" would be unset. I've just similar things in ASP apps in the dark ages ;) It sounds pretty OS-independent but I am probably not aware of the quirks ;) Rainer PS: I think there isn't such thing as "too much security"... > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 4:58 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > Ah, that would be a problem. Easily fixed with a config > setting or checking > the os environment. > > Nor do i, buy why let someone else find it and exploit it if one does > exist!!! > > This is more for the type of files i use in 1.2.4_bgs where > all the Auth is > done in index.php and each page is loaded by an include statement. > > I'm just so use to having them there that i feel better with them. > > > > On 12/7/05, Michael Meckelein wrote: > > > > Brian, > > > > This approach works only in a linux environment. Note that > Windows uses > > \ instead linux's / for directory browsing. > > > > E.g. file in > > - windows: c:\webserver\phplogcon\config.php > > - linux: /var/www/phplogcon/config.php > > > > Furthermore, I have to admit that I am not aware of an > actually security > > issue by accessing those file directly via url. Of course it is not > > intended to call files like config.php directly. To > prohibit accessing > > files directly which are not intended to access directly is > of course a > > good security concept. But maybe I oversee a security issue with the > > current (without your check) approach? > > > > Michael > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev- > > > bounces at lists.adiscon.com] On Behalf Of Brian Shea > > > Sent: Wednesday, December 07, 2005 6:36 AM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] not allow certain files to be access > > > > > > Michael, here is the code section that will disallow access to php > > files > > > from the URL. > > > > > > It basically looks at the file name in the > $_SERVER[script_name] to > > see if > > > it mathces itself. > > > > > > // BGS -- do not allow access from URL > > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > > $_SERVER['SCRIPT_NAME'], "/" )); > > > > > > if( $filename == $requestname ) > > > { > > > session_unset(); > > > header("Location: ../index.php"); > > > exit; > > > } > > > // BGS end > > > > > > > > > > > > On 12/6/05, Brian Shea wrote: > > > > > > > > The code is just below the GNU license marked with > > > > > > > > // BGS -- > > > > > > > > // BGS end > > > > > > > > the first section is the trailing '/' (slash) removal, > the second > > > section > > > > is the diss allow. I dont have the code in front of me > to look at. > > > > > > > > > > > > On 12/6/05, Michael Meckelein wrote: > > > > > > > > > > Hi Brian, > > > > > > > > > > I need your help. Please can you point me to where I > can find the > > > > > following modification? > > > > > > > > > > > added php code to not allow certain files to be > access by the > > > > > > URL!!! esp. include.php and config.php > > > > > > > > > > Thank you. > > > > > > > > > > Best regards, > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:05:10 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:05:10 +0100 Subject: [Phplogcon-dev] duplicated code Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> another php-noob suggestion... what if that function would be place in *another* include file that is included in the not-to-be-directly called pages. Then, that function could be passed in the proper redirect location. Let me use a sample, NOT in php (pseudo-php at best ;)) in notToBeCalled.php include check.php call checker("../index.php") in check.php checker(redirect) do checking redirect to "redirect" in case of error I hope this conveys what I intend to say... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 5:01 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] duplicated code > > Can't, unless certain varibles are passed becuse the code > looks at the file > the code is in, and sometimes I need > > header("Location: ../index.php"); > > or > > header("Location: index.php"); > > Look close, one has ../index.php the other does not. > > I've always just seen it place at the top of every file as needed. > > On 12/7/05, Michael Meckelein wrote: > > > > Hi Brian, > > > > I noticed that you use duplicated code in some files. The > code snippet > > below is in e.g. auth.php, config.php, include.php, ... > > > > Wouldn't it be better to put it into a function onto the top in > > include.php? > > > > // BGS -- This will remove the trailin / in a uri like > .../index.php/ > > // This causes the directories to get mucked up. > > // Patch from http://www.php.net/manual/en/ref.apache.php by > > henk_nicolai at REMOVE-THIS at hotmail dot com > > $req = $_SERVER['REQUEST_URI']; > > // Remove rubbish. > > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > > $_SERVER['SCRIPT_NAME'], $req); > > if (strlen($newReq) < strlen($req)) > > { > > header ('Location: '.$newReq); > > header ('HTTP/1.0 301 Moved Permanently'); > > die; // Don't send any more output. > > } > > unset($req); > > unset($newReq); > > // BGS end > > // BGS -- do not all access from URI > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > $_SERVER['SCRIPT_NAME'], "/" )); > > if( $filename == $requestname ) > > { > > session_unset(); > > header("Location: ../index.php"); > > exit; > > } > > // BGS end > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:08:28 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:08:28 -0700 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C424@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070808y6a449911g4bce0ad4e59683e6@mail.gmail.com> Agree, we are not a high volume application. Side note: Maybe a good thing to slow it down in the case of brute force password cracking. (Users Table). (scripts can do this, not for us to worry about, yet). On 12/7/05, Michael Meckelein wrote: > > > Well... I've gone through the references and my guess is that Pear > will > > probably be not that bad in our case (though ADOdb might be something > we > > should look at). > > This -> > > > My reason is that I think we do relatively simply > > queries. Anyhow, these simple queries can relate to a lot of i/o at > the > > database itself, which probably turns out to be the botleneck. > > is exactly the point. phpLogCon does not bother the database with a high > amount of queries. The queries are typical simple as Rainer mentioned. > Just using some where clauses and only SystemEvents table have to select > if phplogcon works with data. > > Michael > > >Of > > course, nothing of this is verified, but I have the strong impression > > that performance will not be that much of an issue (well, to be > > precisely "performance of the abstraction layer" - performance per se > > *is* an issue, especially with the potentially huge amounts of data we > > have in syslog... ;)). > > > > So my educated (but unverified) opinion is that it would probably be > > worth looking at Pear. I Am still of the view that native DB support > via > > our own layer is causing more trouble than it is worth. > > > > My 2cts... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > phpLogCon > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > performance-wise. > > > > > > Of course, abstraction layer have naturally impact on > > > performance. I did > > > some research about pear::db performance. I was surprised some say > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > DBMS-specific code" [1]. Also found some benchmark indicating that > is > > > true [2][3]. > > > > > > As I already wrote, I have used pear::db in small projects > > > and it works > > > great. The impact of the abstraction layer was hardly noticeable > > > (subjective), but I have not made any performance testing. > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. It's a good > > > decision indicates that it worth to use a db abstraction layer. I > > > support this approach since I know about the trouble, testing and > time > > > effort for developing your own db wrapper. > > > > > > Michael > > > > > > [1] Impaired performance of pear::db > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > [2] simple benchmark (08/13/02) comparing some db abstraction layer > > > http://freshmeat.net/screenshots/30313/ > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > MySQL > > > http://phplens.com/lens/adodb/ > > > [4] Is PEAR DB worth using?" > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > /1d1dca65e > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:11:21 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:11:21 +0100 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> hehe... another low priority todo list item - tarpiting attacks (after all, such a brute force may case the system to exhaust its ressources...) --Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Wednesday, December 07, 2005 5:08 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > Agree, we are not a high volume application. > > Side note: > Maybe a good thing to slow it down in the case of brute > force password > cracking. (Users Table). (scripts can do this, not for us to > worry about, > yet). > > > On 12/7/05, Michael Meckelein wrote: > > > > > Well... I've gone through the references and my guess is that Pear > > will > > > probably be not that bad in our case (though ADOdb might > be something > > we > > > should look at). > > > > This -> > > > > > My reason is that I think we do relatively simply > > > queries. Anyhow, these simple queries can relate to a lot > of i/o at > > the > > > database itself, which probably turns out to be the botleneck. > > > > is exactly the point. phpLogCon does not bother the > database with a high > > amount of queries. The queries are typical simple as Rainer > mentioned. > > Just using some where clauses and only SystemEvents table > have to select > > if phplogcon works with data. > > > > Michael > > > > >Of > > > course, nothing of this is verified, but I have the > strong impression > > > that performance will not be that much of an issue (well, to be > > > precisely "performance of the abstraction layer" - > performance per se > > > *is* an issue, especially with the potentially huge > amounts of data we > > > have in syslog... ;)). > > > > > > So my educated (but unverified) opinion is that it would > probably be > > > worth looking at Pear. I Am still of the view that native > DB support > > via > > > our own layer is causing more trouble than it is worth. > > > > > > My 2cts... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > > phpLogCon > > > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > > performance-wise. > > > > > > > > Of course, abstraction layer have naturally impact on > > > > performance. I did > > > > some research about pear::db performance. I was > surprised some say > > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > > DBMS-specific code" [1]. Also found some benchmark > indicating that > > is > > > > true [2][3]. > > > > > > > > As I already wrote, I have used pear::db in small projects > > > > and it works > > > > great. The impact of the abstraction layer was hardly noticeable > > > > (subjective), but I have not made any performance testing. > > > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. > It's a good > > > > decision indicates that it worth to use a db > abstraction layer. I > > > > support this approach since I know about the trouble, > testing and > > time > > > > effort for developing your own db wrapper. > > > > > > > > Michael > > > > > > > > [1] Impaired performance of pear::db > > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > > [2] simple benchmark (08/13/02) comparing some db > abstraction layer > > > > http://freshmeat.net/screenshots/30313/ > > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > > MySQL > > > > http://phplens.com/lens/adodb/ > > > > [4] Is PEAR DB worth using?" > > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > > /1d1dca65e > > > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 17:13:36 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 09:13:36 -0700 Subject: [Phplogcon-dev] duplicated code In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4025@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070813g57855463u745b747e667b8d0@mail.gmail.com> Got it,sudo code is fine. Wont work like that with out __FILE__ You need to pass the __FILE__ (special varible in php to give the file name) so checker(__FILE__, $wheretogo); or no functions in notToBeCalled.php and just set $me = __FILE__; $wheretogo="home_sweet_home"; include notToBeCalled.php //will get here if all is good. unset($me); unset($wheretogo); The first trailing '/' can be a function. Nothing special there. On 12/7/05, Rainer Gerhards wrote: > > another php-noob suggestion... > > what if that function would be place in *another* include file that is > included in the not-to-be-directly called pages. Then, that function > could be passed in the proper redirect location. > > Let me use a sample, NOT in php (pseudo-php at best ;)) > > in notToBeCalled.php > include check.php > call checker("../index.php") > > in check.php > checker(redirect) > do checking > redirect to "redirect" in case of error > > I hope this conveys what I intend to say... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Wednesday, December 07, 2005 5:01 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] duplicated code > > > > Can't, unless certain varibles are passed becuse the code > > looks at the file > > the code is in, and sometimes I need > > > > header("Location: ../index.php"); > > > > or > > > > header("Location: index.php"); > > > > Look close, one has ../index.php the other does not. > > > > I've always just seen it place at the top of every file as needed. > > > > On 12/7/05, Michael Meckelein wrote: > > > > > > Hi Brian, > > > > > > I noticed that you use duplicated code in some files. The > > code snippet > > > below is in e.g. auth.php, config.php, include.php, ... > > > > > > Wouldn't it be better to put it into a function onto the top in > > > include.php? > > > > > > // BGS -- This will remove the trailin / in a uri like > > .../index.php/ > > > // This causes the directories to get mucked up. > > > // Patch from http://www.php.net/manual/en/ref.apache.php by > > > henk_nicolai at REMOVE-THIS at hotmail dot com > > > $req = $_SERVER['REQUEST_URI']; > > > // Remove rubbish. > > > $newReq = ereg_replace ( $_SERVER['SCRIPT_NAME'] . '[^?]*', > > > $_SERVER['SCRIPT_NAME'], $req); > > > if (strlen($newReq) < strlen($req)) > > > { > > > header ('Location: '.$newReq); > > > header ('HTTP/1.0 301 Moved Permanently'); > > > die; // Don't send any more output. > > > } > > > unset($req); > > > unset($newReq); > > > // BGS end > > > // BGS -- do not all access from URI > > > $filename = substr(__FILE__, strrpos( __FILE__, "/" )); > > > $requestname = substr($_SERVER['SCRIPT_NAME'], strrpos( > > > $_SERVER['SCRIPT_NAME'], "/" )); > > > if( $filename == $requestname ) > > > { > > > session_unset(); > > > header("Location: ../index.php"); > > > exit; > > > } > > > // BGS end > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:18:12 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:18:12 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C425@grfint2.intern.adiscon.com> Brian wrote: > Side note: > Maybe a good thing to slow it down in the case of brute force password > cracking. (Users Table). (scripts can do this, not for us to worry about, > yet). Rainer wrote: > hehe... another low priority todo list item - tarpiting attacks (after > all, such a brute force may case the system to exhaust its > ressources...) As a simply approach we can log failed login attempts. E.g. if there are more than three failed login attempts in a minute, we can disable the login for this user for some minutes. Michael From rgerhards at hq.adiscon.com Wed Dec 7 17:20:28 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:20:28 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4028@grfint2.intern.adiscon.com> Is there something like a sleep() call in php? Sleep(), in most OS, is a way to tell the OS that the callig process has no interest in being executed for the specified amount of time. If such a beast exists, we could sleep() a few ms for each wrong login and maybe up to 30 seconds as the failures increase... Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:18 PM > To: phplogcon-dev at lists.adiscon.com > Subject: [Phplogcon-dev] brute force password cracking prevention > > Brian wrote: > > Side note: > > Maybe a good thing to slow it down in the case of brute force > password > > cracking. (Users Table). (scripts can do this, not for us to worry > about, > > yet). > > Rainer wrote: > > hehe... another low priority todo list item - tarpiting > attacks (after > > all, such a brute force may case the system to exhaust its > > ressources...) > > As a simply approach we can log failed login attempts. E.g. > if there are > more than three failed login attempts in a minute, we can disable the > login for this user for some minutes. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:23:05 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:23:05 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C427@grfint2.intern.adiscon.com> > Is there something like a sleep() call in php? Of course, it is. http://www.php.net/sleep Michael > Sleep(), in most OS, is a > way to tell the OS that the callig process has no interest in being > executed for the specified amount of time. > > If such a beast exists, we could sleep() a few ms for each wrong login > and maybe up to 30 seconds as the failures increase... > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:18 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > Brian wrote: > > > Side note: > > > Maybe a good thing to slow it down in the case of brute force > > password > > > cracking. (Users Table). (scripts can do this, not for us to worry > > about, > > > yet). > > > > Rainer wrote: > > > hehe... another low priority todo list item - tarpiting > > attacks (after > > > all, such a brute force may case the system to exhaust its > > > ressources...) > > > > As a simply approach we can log failed login attempts. E.g. > > if there are > > more than three failed login attempts in a minute, we can disable the > > login for this user for some minutes. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From rgerhards at hq.adiscon.com Wed Dec 7 17:30:11 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:30:11 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402B@grfint2.intern.adiscon.com> OK, I propose to usleep((f/2)*1000000+200000) where f is the number of failed logins. f should not be allowed to grow larger than 60, because I think we will get into trouble with php execution timeout (there is one, isn't it? ;)) at some point. Please note that the +200000 handles the case of just one invalid login. How does this sound? Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:23 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > Is there something like a sleep() call in php? > > Of course, it is. > http://www.php.net/sleep > > Michael > > > > Sleep(), in most OS, is a > > way to tell the OS that the callig process has no interest in being > > executed for the specified amount of time. > > > > If such a beast exists, we could sleep() a few ms for each > wrong login > > and maybe up to 30 seconds as the failures increase... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > Brian wrote: > > > > Side note: > > > > Maybe a good thing to slow it down in the case of brute force > > > password > > > > cracking. (Users Table). (scripts can do this, not for > us to worry > > > about, > > > > yet). > > > > > > Rainer wrote: > > > > hehe... another low priority todo list item - tarpiting > > > attacks (after > > > > all, such a brute force may case the system to exhaust its > > > > ressources...) > > > > > > As a simply approach we can log failed login attempts. E.g. > > > if there are > > > more than three failed login attempts in a minute, we can disable > the > > > login for this user for some minutes. > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From alorbach at ro1.adiscon.com Wed Dec 7 17:31:09 2005 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Wed, 7 Dec 2005 17:31:09 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: Hi, Finally I can also say something here ;) A sleep of 1000 ms "if" the password was wrong would slow down a brute force attack. Sounds like a good idea. Regards, Andre > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:23 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > Is there something like a sleep() call in php? > > Of course, it is. > http://www.php.net/sleep > > Michael > > > > Sleep(), in most OS, is a > > way to tell the OS that the callig process has no interest in being > > executed for the specified amount of time. > > > > If such a beast exists, we could sleep() a few ms for each > wrong login > > and maybe up to 30 seconds as the failures increase... > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > Brian wrote: > > > > Side note: > > > > Maybe a good thing to slow it down in the case of brute force > > > password > > > > cracking. (Users Table). (scripts can do this, not for > us to worry > > > about, > > > > yet). > > > > > > Rainer wrote: > > > > hehe... another low priority todo list item - tarpiting > > > attacks (after > > > > all, such a brute force may case the system to exhaust its > > > > ressources...) > > > > > > As a simply approach we can log failed login attempts. E.g. > > > if there are > > > more than three failed login attempts in a minute, we can disable > the > > > login for this user for some minutes. > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Wed Dec 7 17:33:15 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:33:15 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402C@grfint2.intern.adiscon.com> oh, and one thing: we would probably need to track failed logins on a per-ip basis (beware of concurrent requests). Now this simple thing begins to become complicated ;) Anyhow, I think we are far enough to create a todo item (but not to solve it). Is there agreement? Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Andre Lorbach > Sent: Wednesday, December 07, 2005 5:31 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > Hi, > > Finally I can also say something here ;) > A sleep of 1000 ms "if" the password was wrong would slow down a brute > force attack. Sounds like a good idea. > > Regards, > Andre > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:23 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > > Is there something like a sleep() call in php? > > > > Of course, it is. > > http://www.php.net/sleep > > > > Michael > > > > > > > Sleep(), in most OS, is a > > > way to tell the OS that the callig process has no > interest in being > > > executed for the specified amount of time. > > > > > > If such a beast exists, we could sleep() a few ms for each > > wrong login > > > and maybe up to 30 seconds as the failures increase... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > > Brian wrote: > > > > > Side note: > > > > > Maybe a good thing to slow it down in the case of brute force > > > > password > > > > > cracking. (Users Table). (scripts can do this, not for > > us to worry > > > > about, > > > > > yet). > > > > > > > > Rainer wrote: > > > > > hehe... another low priority todo list item - tarpiting > > > > attacks (after > > > > > all, such a brute force may case the system to exhaust its > > > > > ressources...) > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > if there are > > > > more than three failed login attempts in a minute, we > can disable > > the > > > > login for this user for some minutes. > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 7 17:35:21 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 7 Dec 2005 17:35:21 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C428@grfint2.intern.adiscon.com> Actually, maximum execution time is 30 seconds by default. Editable in php.ini (max_execution_time). Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > Sent: Wednesday, December 07, 2005 5:30 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > OK, I propose to usleep((f/2)*1000000+200000) where f is the number of > failed logins. f should not be allowed to grow larger than 60, because I > think we will get into trouble with php execution timeout (there is one, > isn't it? ;)) at some point. Please note that the +200000 handles the > case of just one invalid login. > > How does this sound? > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:23 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > > > Is there something like a sleep() call in php? > > > > Of course, it is. > > http://www.php.net/sleep > > > > Michael > > > > > > > Sleep(), in most OS, is a > > > way to tell the OS that the callig process has no interest in being > > > executed for the specified amount of time. > > > > > > If such a beast exists, we could sleep() a few ms for each > > wrong login > > > and maybe up to 30 seconds as the failures increase... > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: [Phplogcon-dev] brute force password cracking prevention > > > > > > > > Brian wrote: > > > > > Side note: > > > > > Maybe a good thing to slow it down in the case of brute force > > > > password > > > > > cracking. (Users Table). (scripts can do this, not for > > us to worry > > > > about, > > > > > yet). > > > > > > > > Rainer wrote: > > > > > hehe... another low priority todo list item - tarpiting > > > > attacks (after > > > > > all, such a brute force may case the system to exhaust its > > > > > ressources...) > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > if there are > > > > more than three failed login attempts in a minute, we can disable > > the > > > > login for this user for some minutes. > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From rgerhards at hq.adiscon.com Wed Dec 7 17:36:48 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 7 Dec 2005 17:36:48 +0100 Subject: [Phplogcon-dev] brute force password cracking prevention Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> ok, so "f" should not grow larger than 50 (25.2 seconds sleep time). --Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Michael Meckelein > Sent: Wednesday, December 07, 2005 5:35 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > Actually, maximum execution time is 30 seconds by default. Editable in > php.ini (max_execution_time). > > Michael > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > > Sent: Wednesday, December 07, 2005 5:30 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > OK, I propose to usleep((f/2)*1000000+200000) where f is > the number of > > failed logins. f should not be allowed to grow larger than > 60, because > I > > think we will get into trouble with php execution timeout (there is > one, > > isn't it? ;)) at some point. Please note that the +200000 > handles the > > case of just one invalid login. > > > > How does this sound? > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Michael Meckelein > > > Sent: Wednesday, December 07, 2005 5:23 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > Is there something like a sleep() call in php? > > > > > > Of course, it is. > > > http://www.php.net/sleep > > > > > > Michael > > > > > > > > > > Sleep(), in most OS, is a > > > > way to tell the OS that the callig process has no interest in > being > > > > executed for the specified amount of time. > > > > > > > > If such a beast exists, we could sleep() a few ms for each > > > wrong login > > > > and maybe up to 30 seconds as the failures increase... > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Michael Meckelein > > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: [Phplogcon-dev] brute force password cracking > prevention > > > > > > > > > > Brian wrote: > > > > > > Side note: > > > > > > Maybe a good thing to slow it down in the case of > brute force > > > > > password > > > > > > cracking. (Users Table). (scripts can do this, not for > > > us to worry > > > > > about, > > > > > > yet). > > > > > > > > > > Rainer wrote: > > > > > > hehe... another low priority todo list item - tarpiting > > > > > attacks (after > > > > > > all, such a brute force may case the system to exhaust its > > > > > > ressources...) > > > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > > if there are > > > > > more than three failed login attempts in a minute, we can > disable > > > the > > > > > login for this user for some minutes. > > > > > > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 18:40:38 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 12:40:38 -0500 Subject: [Phplogcon-dev] Database abstraction layer for phpLogCon In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4026@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070940j4ff9ea9du5c4a87a2746b5986@mail.gmail.com> text_CAPATCHA, think i spelled it right, look at pear, this could be (required/optional) for login along with passwords Rev 2 issue? Programming 101 More security = harder to use and no one likes it Less security = easy to use, and not enough to keep bad guys out we need to be in between, or let user set the amount of security they want. For me, i would enable it. Then we could log login attempts. and disable account after x attempts, except for 1 account that would be admin account!! Or limit number pre time interval (min/hour/day) On 12/7/05, Rainer Gerhards wrote: > > hehe... another low priority todo list item - tarpiting attacks (after > all, such a brute force may case the system to exhaust its > ressources...) > > --Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Wednesday, December 07, 2005 5:08 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon > > > > Agree, we are not a high volume application. > > > > Side note: > > Maybe a good thing to slow it down in the case of brute > > force password > > cracking. (Users Table). (scripts can do this, not for us to > > worry about, > > yet). > > > > > > On 12/7/05, Michael Meckelein wrote: > > > > > > > Well... I've gone through the references and my guess is that Pear > > > will > > > > probably be not that bad in our case (though ADOdb might > > be something > > > we > > > > should look at). > > > > > > This -> > > > > > > > My reason is that I think we do relatively simply > > > > queries. Anyhow, these simple queries can relate to a lot > > of i/o at > > > the > > > > database itself, which probably turns out to be the botleneck. > > > > > > is exactly the point. phpLogCon does not bother the > > database with a high > > > amount of queries. The queries are typical simple as Rainer > > mentioned. > > > Just using some where clauses and only SystemEvents table > > have to select > > > if phplogcon works with data. > > > > > > Michael > > > > > > >Of > > > > course, nothing of this is verified, but I have the > > strong impression > > > > that performance will not be that much of an issue (well, to be > > > > precisely "performance of the abstraction layer" - > > performance per se > > > > *is* an issue, especially with the potentially huge > > amounts of data we > > > > have in syslog... ;)). > > > > > > > > So my educated (but unverified) opinion is that it would > > probably be > > > > worth looking at Pear. I Am still of the view that native > > DB support > > > via > > > > our own layer is causing more trouble than it is worth. > > > > > > > > My 2cts... > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Michael Meckelein > > > > > Sent: Wednesday, December 07, 2005 12:39 PM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for > > > phpLogCon > > > > > > > > > > > Of course, the question is what implications Pear has - e.g. > > > > > > performance-wise. > > > > > > > > > > Of course, abstraction layer have naturally impact on > > > > > performance. I did > > > > > some research about pear::db performance. I was > > surprised some say > > > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent > > > > > DBMS-specific code" [1]. Also found some benchmark > > indicating that > > > is > > > > > true [2][3]. > > > > > > > > > > As I already wrote, I have used pear::db in small projects > > > > > and it works > > > > > great. The impact of the abstraction layer was hardly noticeable > > > > > (subjective), but I have not made any performance testing. > > > > > > > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php. > > It's a good > > > > > decision indicates that it worth to use a db > > abstraction layer. I > > > > > support this approach since I know about the trouble, > > testing and > > > time > > > > > effort for developing your own db wrapper. > > > > > > > > > > Michael > > > > > > > > > > [1] Impaired performance of pear::db > > > > > http://www.hudzilla.org/phpbook/read.php/9_6_4 > > > > > [2] simple benchmark (08/13/02) comparing some db > > abstraction layer > > > > > http://freshmeat.net/screenshots/30313/ > > > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native > > > MySQL > > > > > http://phplens.com/lens/adodb/ > > > > > [4] Is PEAR DB worth using?" > > > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread > > > > > /1d1dca65e > > > > > > > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 7 18:45:14 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 12:45:14 -0500 Subject: [Phplogcon-dev] brute force password cracking prevention In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E402D@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512070945v5d905dd0k9a85c7b9a1432b79@mail.gmail.com> Yep, this all sound good, Lets put it on a TODO list. On 12/7/05, Rainer Gerhards wrote: > > ok, so "f" should not grow larger than 50 (25.2 seconds sleep time). > > --Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Michael Meckelein > > Sent: Wednesday, December 07, 2005 5:35 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] brute force password cracking prevention > > > > Actually, maximum execution time is 30 seconds by default. Editable in > > php.ini (max_execution_time). > > > > Michael > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > > > Sent: Wednesday, December 07, 2005 5:30 PM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > OK, I propose to usleep((f/2)*1000000+200000) where f is > > the number of > > > failed logins. f should not be allowed to grow larger than > > 60, because > > I > > > think we will get into trouble with php execution timeout (there is > > one, > > > isn't it? ;)) at some point. Please note that the +200000 > > handles the > > > case of just one invalid login. > > > > > > How does this sound? > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Michael Meckelein > > > > Sent: Wednesday, December 07, 2005 5:23 PM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > > > > Is there something like a sleep() call in php? > > > > > > > > Of course, it is. > > > > http://www.php.net/sleep > > > > > > > > Michael > > > > > > > > > > > > > Sleep(), in most OS, is a > > > > > way to tell the OS that the callig process has no interest in > > being > > > > > executed for the specified amount of time. > > > > > > > > > > If such a beast exists, we could sleep() a few ms for each > > > > wrong login > > > > > and maybe up to 30 seconds as the failures increase... > > > > > > > > > > Rainer > > > > > > > > > > > -----Original Message----- > > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > > Michael Meckelein > > > > > > Sent: Wednesday, December 07, 2005 5:18 PM > > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > > Subject: [Phplogcon-dev] brute force password cracking > > prevention > > > > > > > > > > > > Brian wrote: > > > > > > > Side note: > > > > > > > Maybe a good thing to slow it down in the case of > > brute force > > > > > > password > > > > > > > cracking. (Users Table). (scripts can do this, not for > > > > us to worry > > > > > > about, > > > > > > > yet). > > > > > > > > > > > > Rainer wrote: > > > > > > > hehe... another low priority todo list item - tarpiting > > > > > > attacks (after > > > > > > > all, such a brute force may case the system to exhaust its > > > > > > > ressources...) > > > > > > > > > > > > As a simply approach we can log failed login attempts. E.g. > > > > > > if there are > > > > > > more than three failed login attempts in a minute, we can > > disable > > > > the > > > > > > login for this user for some minutes. > > > > > > > > > > > > Michael > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Thu Dec 8 04:56:14 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 7 Dec 2005 20:56:14 -0700 Subject: [Phplogcon-dev] TODO Taks List Message-ID: <9ef8de70512071956n2b68ee58tf47fb5161481d1de@mail.gmail.com> We have many items to work on now :) !!! I think it is time to organize them in to tasks? 1) Mysql Character flaw. 2) Cookie flaw. 3) PEAR:DB 4) text_CAPATCHA, do we want it ? 5) Logins, user Auth, login attemps and such 6) Parametric searches (AND, OR) search terms 7) phpLogCon Layout Did I miss any? From bgshea at gmail.com Thu Dec 8 15:52:24 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 07:52:24 -0700 Subject: [Phplogcon-dev] Flow Chart for Index.php Message-ID: <9ef8de70512080652u568f88d3v711c233d5a2d8c5a@mail.gmail.com> I'm not sure if i can send pdf files to the mailing list. There is a new page on my site http://www.hackthebox.org/phplogcon/index.php This shows one way to have phplogcon flow. Open to suggestions. Once we agree on a flow, we can then work on each specific box flow. We can add more in/out directions for boxes, but at the top level simple is good. The boxes are color coded, each color represents other php files that have code in them. Same color box means the code is in the same file. This was based on my 1.2.4_bgs that has the common index.php and branches off to each page from a switch statement. The session variable page can be replaced with a cookie, and that cookie has nothing to do with security, since the user has to pass through auth first. Let me know what you think. If you want to stick with the current setup with multiple pages i can draw up more flow charts. Brian From mmeckelein at hq.adiscon.com Thu Dec 8 16:27:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Thu, 8 Dec 2005 16:27:04 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C429@grfint2.intern.adiscon.com> Brian, Please note that some users want not use phplogcon's ability of user management/authentication. In the branch phplogcon-1.2.4_bgs it is not possible to turn off user management/authentication. I think it is a vital point that phplogcon is working without the authentication stuff. Please hold in mind that phplogcon is also running in a windows environment (IIS). Some people prefer to use windows integrated authentication. It is worth to mention, I thought, that it will not be forgotten. Michael From mmeckelein at hq.adiscon.com Thu Dec 8 16:36:42 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Thu, 8 Dec 2005 16:36:42 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> > I think it is a vital point that phplogcon is working without the > authentication stuff. Please hold in mind that phplogcon is also running > in a windows environment (IIS). Some people prefer to use windows > integrated authentication. To be accurate, using windows authentication is only the authentication part to deny access to users who are not authorized (same as using e.g. .htaccess or other file access control mechanism). Of course using only one of these approaches provides not the advantages of phplogcon's user management. Michael From bgshea at gmail.com Fri Dec 9 01:16:55 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 19:16:55 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> So in IIS people have it setup to allows users listed in the windows users to access, such as administrator. In which case, you do not want to verify them against a user in the DB. Okay, that is fine. We just remove the user in DB check from the auth function when server (apache, IIS) auth is turned on. Sessions are sent as a cookie to the browser and stored. So when the server authenticates a user and grants access, the PHP code will pick up the session id and all session value restored. Since sessions are started before auth is run, auth can be removed!! Or return true with server auth is enalbed. I dont see any issues here. Auth was a means for a central authentication so that if a change was required, it would be propagated to all pages that called auth. Since, in 1.2.4_bgs, all page access is done from index.php, we just need to add a define to the config.php called SERVER_AUTH and set it true with the server does the authentication. Auth can still be called, it will just need to check for the define statement and return true. I have to use a vacation day so i will be off friday (Dec 9th), (execpt for one breif meeting) i can work on adding this feature. On 12/8/05, Michael Meckelein wrote: > > > I think it is a vital point that phplogcon is working without the > > authentication stuff. Please hold in mind that phplogcon is also > running > > in a windows environment (IIS). Some people prefer to use windows > > integrated authentication. > > To be accurate, using windows authentication is only the authentication > part to deny access to users who are not authorized (same as using e.g. > .htaccess or other file access control mechanism). Of course using only > one of these approaches provides not the advantages of phplogcon's user > management. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Fri Dec 9 01:21:19 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 19:21:19 -0500 Subject: [Phplogcon-dev] More flow charts Message-ID: <9ef8de70512081621i66446711rde80aa5f9b3717bb@mail.gmail.com> I'm going to go back through all the emails and make of a flow chart for user authentication. Including the server auth as described by Michael. I will post this to my webpage. I will probably also make up a few more for the user config and filter options. These are not set in stone, so please make suggestions/changes so we can all agree on the program flow. Brian From bgshea at gmail.com Fri Dec 9 06:18:40 2005 From: bgshea at gmail.com (Brian Shea) Date: Thu, 8 Dec 2005 22:18:40 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42A@grfint2.intern.adiscon.com> <9ef8de70512081616h599e7d8bnfd9e4a6a3a05c5c0@mail.gmail.com> Message-ID: <9ef8de70512082118g6de50c3at355bf7aed03deea1@mail.gmail.com> One question? If Apache or IIS is used to authenticate users, how do you know which user got authenticated? Or does phplogcon not care? Single user web app. One addition to the previous email, _SESS_SHARE_TBL will not be compatible with _SERVER_AUTH. _SERVER_AUTH will negate _SESS_SHARE_TBL, so a seperate session table will need to be used. No big deal. In this mode, sessions will only store settings that the user sets. But I suspect that in future version of phpLogCon most of the filter and config setting will be stored into UserPrefs table. Draw backs, if users migrates from PC to Laptop to Home computer to whereever, his settings will be different on each computer. Since the server (IIS or APACHE) does not pass along user info, there is no way for phplogCon to know which settings to load. Options, use sessions only to store things that are required to navigate the pages, preform searchs, and return results. Everything else, predefiined search terms, layout, language, etc, get stored to UserPrefs. UsersPrefs are loaded no matter who view the page. On 12/8/05, Brian Shea wrote: > > So in IIS people have it setup to allows users listed in the windows users > to access, such as administrator. In which case, you do not want to verify > them against a user in the DB. Okay, that is fine. We just remove the user > in DB check from the auth function when server (apache, IIS) auth is turned > on. Sessions are sent as a cookie to the browser and stored. So when the > server authenticates a user and grants access, the PHP code will pick up the > session id and all session value restored. > > Since sessions are started before auth is run, auth can be removed!! Or > return true with server auth is enalbed. > > I dont see any issues here. Auth was a means for a central authentication > so that if a change was required, it would be propagated to all pages that > called auth. > > Since, in 1.2.4_bgs, all page access is done from index.php, we just need > to add a define to the config.php called SERVER_AUTH and set it true with > the server does the authentication. > > Auth can still be called, it will just need to check for the define > statement and return true. > > I have to use a vacation day so i will be off friday (Dec 9th), (execpt > for one breif meeting) i can work on adding this feature. > > > On 12/8/05, Michael Meckelein wrote: > > > > > I think it is a vital point that phplogcon is working without the > > > authentication stuff. Please hold in mind that phplogcon is also > > running > > > in a windows environment (IIS). Some people prefer to use windows > > > integrated authentication. > > > > To be accurate, using windows authentication is only the authentication > > part to deny access to users who are not authorized (same as using e.g. > > .htaccess or other file access control mechanism). Of course using only > > one of these approaches provides not the advantages of phplogcon's user > > management. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From mmeckelein at hq.adiscon.com Fri Dec 9 10:30:17 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Fri, 9 Dec 2005 10:30:17 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42B@grfint2.intern.adiscon.com> Brian, Probably I was too vague. As in phplogcon_1.2.1, if the user leaved the "Install User Interface:" unchecked (or set it manually in config.php, define('_ENABLEUI', 0)) there is NO user management for phplogcon. No user in Users table. So it can only used as a single user application. Using authentication (windows, linux, whatever) together with this configuration is only used to denied access to phplogcon's pages to who are not authorizes to use it. I did not mean to use the OS authentication mechanism to verify against phplogcon's own user management system. Michael > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev- > bounces at lists.adiscon.com] On Behalf Of Brian Shea > Sent: Friday, December 09, 2005 1:17 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > So in IIS people have it setup to allows users listed in the windows users > to access, such as administrator. In which case, you do not want to verify > them against a user in the DB. Okay, that is fine. We just remove the user > in DB check from the auth function when server (apache, IIS) auth is > turned > on. Sessions are sent as a cookie to the browser and stored. So when the > server authenticates a user and grants access, the PHP code will pick up > the > session id and all session value restored. > > Since sessions are started before auth is run, auth can be removed!! Or > return true with server auth is enalbed. > > I dont see any issues here. Auth was a means for a central authentication > so > that if a change was required, it would be propagated to all pages that > called auth. > > Since, in 1.2.4_bgs, all page access is done from index.php, we just need > to > add a define to the config.php called SERVER_AUTH and set it true with the > server does the authentication. > > Auth can still be called, it will just need to check for the define > statement and return true. > > I have to use a vacation day so i will be off friday (Dec 9th), (execpt > for > one breif meeting) i can work on adding this feature. > > > On 12/8/05, Michael Meckelein wrote: > > > > > I think it is a vital point that phplogcon is working without the > > > authentication stuff. Please hold in mind that phplogcon is also > > running > > > in a windows environment (IIS). Some people prefer to use windows > > > integrated authentication. > > > > To be accurate, using windows authentication is only the authentication > > part to deny access to users who are not authorized (same as using e.g. > > .htaccess or other file access control mechanism). Of course using only > > one of these approaches provides not the advantages of phplogcon's user > > management. > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From mmeckelein at hq.adiscon.com Fri Dec 9 11:36:58 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Fri, 9 Dec 2005 11:36:58 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> > One question? > > If Apache or IIS is used to authenticate users, how do you know which user > got authenticated? > > Or does phplogcon not care? Single user web app. Phplogcon does not care! Yes, some admins want to use it as a single user app. I have a quick discussion with Rainer and he has a good idea, I think. What's about to use a "hidden user" if phplogcon is installed without user management. This means that in spite of user said "NO I want not use phpLogCon's user management", phplogcon creates a user account. Also during the install process phplogcon puts a _AutoLogin_User = Userid var into config.php where the userid is the user account created for this purpose. If a user name is set to _AutoLogin_User, phplogcon automatically logins to this user account without any interaction from the user. [snip] > But I suspect that in future > version of phpLogCon most of the filter and config setting will be stored > into UserPrefs table. Actually this is possible in the current release. In the user-config.php page, the user can set "Save filter settings in database and load them while logging in". But this does not mean that which each page request phplogcon reads the filter options / user options from the database. Let me elaborate a little in which way it works and what was our intension. If you login to phplogcon, it reads the user settings from UserPrefs table and store it into session's variables. Each phplogcon's page you visit, it reads the settings from the session variable pool. About the following three pages in phplogcon and their relation with database/sessions: - User_Options Here a user can set things he prefer like language, stylesheet settings and so on. By "Update Config" the settings are stored into database and into the current session vars. - Filter_Options Here you can alter your default filter settings which are used to display data e.g. in Show_events page. [quote from manual] If User Interface is enabled and the option "Save filter settings in database and load them while logging in" is checked, all filter settings will be saved in database. Otherwise, they only will stay like this in current session! If User Interface is disabled, the settings will only stay like this in the current session. Next time opening phpLogCon, they will be default. [/quote from manual] This means if user management is enabled, clicking "Update Config" stored the filter settings in database and into session vars. You can say that the user can define his default filter settings on the Filter Options page. These filter settings are read during user login. - Show_Events [quote from manual] Here you can see the events; listed in respect to the current filter settings. Also you can use the quick filter, that allows you to override (not overwrite!) temporally your current filter settings. This provides a quick view on different filtered events, without going to the filter options. You can also choose how much event's should be displayed per page, color and search for an expression and search for a Host or IP. [/quote from manual] "override (not overwrite!) temporally your current filter settings" this is the most important point. Clicking "Submit" does not change any values in the database neither it change the filter settings defined on the Filter_Options page. Hold in mind, the form elements you see on Show_Events page are so called "Quick Filters": [quote from manual] They will override the general filters while staying in Events Display. They provide you quick changes for temporally viewing different and little bit fine filtered events, without changing your general filter settings. [/quote from manual] Hope it is clear how it works. If you have any questions or any concern with this approach, don't hesitate to write ;) Best regards, Michael From bgshea at gmail.com Fri Dec 9 16:28:18 2005 From: bgshea at gmail.com (Brian Shea) Date: Fri, 9 Dec 2005 08:28:18 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> Got ya. It was a bit confusing with the excessive use of the session varible in the code. It looked like you were trying to use sessions, but wanted some other method of storage. Okay, the _SERVER_AUTH can be replaced by _ENABLEUI so auth will just return true. No user will be authenticated by phpLogCon. Or Auth is never called, i perfer the other way one central auth method that does not required multiple pages to be updated. I'm going to update my auth flow chart i made last night a post it. This should now show with EnableUI and with EnableUI auth flow. Filter settings will only be written to the DB when Filter Settings are updated from Filter Options page. Quick Filter settings will override the stored filter settings but not overwrite! Brian On 12/9/05, Michael Meckelein wrote: > > > One question? > > > > If Apache or IIS is used to authenticate users, how do you know which > user > > got authenticated? > > > > Or does phplogcon not care? Single user web app. > > Phplogcon does not care! Yes, some admins want to use it as a single > user app. > > I have a quick discussion with Rainer and he has a good idea, I think. > What's about to use a "hidden user" if phplogcon is installed without > user management. This means that in spite of user said "NO I want not > use phpLogCon's user management", phplogcon creates a user account. Also > during the install process phplogcon puts a _AutoLogin_User = Userid var > into config.php where the userid is the user account created for this > purpose. If a user name is set to _AutoLogin_User, phplogcon > automatically logins to this user account without any interaction from > the user. > > [snip] > > But I suspect that in future > > version of phpLogCon most of the filter and config setting will be > stored > > into UserPrefs table. > > Actually this is possible in the current release. In the user-config.php > page, the user can set "Save filter settings in database and load them > while logging in". But this does not mean that which each page request > phplogcon reads the filter options / user options from the database. > > Let me elaborate a little in which way it works and what was our > intension. > > If you login to phplogcon, it reads the user settings from UserPrefs > table and store it into session's variables. Each phplogcon's page you > visit, it reads the settings from the session variable pool. > > About the following three pages in phplogcon and their relation with > database/sessions: > > - User_Options > Here a user can set things he prefer like language, stylesheet settings > and so on. By "Update Config" the settings are stored into database and > into the current session vars. > > - Filter_Options > Here you can alter your default filter settings which are used to > display data e.g. in Show_events page. > [quote from manual] > If User Interface is enabled and the option "Save filter settings in > database and load them while logging in" is checked, all filter settings > will be saved in database. Otherwise, they only will stay like this in > current session! > > If User Interface is disabled, the settings will only stay like this in > the current session. Next time opening phpLogCon, they will be default. > [/quote from manual] > > This means if user management is enabled, clicking "Update Config" > stored the filter settings in database and into session vars. You can > say that the user can define his default filter settings on the Filter > Options page. These filter settings are read during user login. > > - Show_Events > [quote from manual] > Here you can see the events; listed in respect to the current filter > settings. Also you can use the quick filter, that allows you to override > (not overwrite!) temporally your current filter settings. This provides > a quick view on different filtered events, without going to the filter > options. You can also choose how much event's should be displayed per > page, color and search for an expression and search for a Host or IP. > [/quote from manual] > > "override (not overwrite!) temporally your current filter settings" this > is the most important point. Clicking "Submit" does not change any > values in the database neither it change the filter settings defined on > the Filter_Options page. > > Hold in mind, the form elements you see on Show_Events page are so > called "Quick Filters": > [quote from manual] > They will override the general filters while staying in Events Display. > They provide you quick changes for temporally viewing different and > little bit fine filtered events, without changing your general filter > settings. > [/quote from manual] > > Hope it is clear how it works. If you have any questions or any concern > with this approach, don't hesitate to write ;) > > Best regards, > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Fri Dec 9 20:06:00 2005 From: bgshea at gmail.com (Brian Shea) Date: Fri, 9 Dec 2005 12:06:00 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42C@grfint2.intern.adiscon.com> <9ef8de70512090728h1c76bb85i76165f905d8e45a6@mail.gmail.com> Message-ID: <9ef8de70512091106k147c30dbr7e9c2d5e598749a5@mail.gmail.com> Okay, it should work with _ENABLEUI setting now. Only will authenticate users when _ENABLEUI is set to 1. Michael, were you having trouble with the trailing slash removal? If so what was the problem? we should fix it to work with IIS and Apache. 1.2.5_bgs is posted and can be downloaded. Changes include: Removed redirect to remove ?page from url, was causing trouble posting data. Added User Config settings back in. Tested on Apache. _ENABLEUI for authentication control. I think this covers most of the major issues. User login bypassing, insecure cookies and such. If the trailing slash is causing too much trouble, lets remove it for now. You guys can test on apache, and IIS to find major bugs. I can help correct any that might occure. Installer needs to setup some new config vars. I'll send another email with the vars that need to be setup and how they should be setup. On 12/9/05, Brian Shea wrote: > > Got ya. > > It was a bit confusing with the excessive use of the session varible in > the code. It looked like you were trying to use sessions, but wanted some > other method of storage. Okay, the _SERVER_AUTH can be replaced by _ENABLEUI > so auth will just return true. No user will be authenticated by phpLogCon. > Or Auth is never called, i perfer the other way one central auth method that > does not required multiple pages to be updated. > > I'm going to update my auth flow chart i made last night a post it. This > should now show with EnableUI and with EnableUI auth flow. > > Filter settings will only be written to the DB when Filter Settings are > updated from Filter Options page. > > Quick Filter settings will override the stored filter settings but not > overwrite! > > Brian > > On 12/9/05, Michael Meckelein wrote: > > > > > One question? > > > > > > If Apache or IIS is used to authenticate users, how do you know which > > user > > > got authenticated? > > > > > > Or does phplogcon not care? Single user web app. > > > > Phplogcon does not care! Yes, some admins want to use it as a single > > user app. > > > > I have a quick discussion with Rainer and he has a good idea, I think. > > What's about to use a "hidden user" if phplogcon is installed without > > user management. This means that in spite of user said "NO I want not > > use phpLogCon's user management", phplogcon creates a user account. Also > > during the install process phplogcon puts a _AutoLogin_User = Userid var > > into config.php where the userid is the user account created for this > > purpose. If a user name is set to _AutoLogin_User, phplogcon > > automatically logins to this user account without any interaction from > > the user. > > > > [snip] > > > But I suspect that in future > > > version of phpLogCon most of the filter and config setting will be > > stored > > > into UserPrefs table. > > > > Actually this is possible in the current release. In the user-config.php > > page, the user can set "Save filter settings in database and load them > > while logging in". But this does not mean that which each page request > > phplogcon reads the filter options / user options from the database. > > > > Let me elaborate a little in which way it works and what was our > > intension. > > > > If you login to phplogcon, it reads the user settings from UserPrefs > > table and store it into session's variables. Each phplogcon's page you > > visit, it reads the settings from the session variable pool. > > > > About the following three pages in phplogcon and their relation with > > database/sessions: > > > > - User_Options > > Here a user can set things he prefer like language, stylesheet settings > > and so on. By "Update Config" the settings are stored into database and > > into the current session vars. > > > > - Filter_Options > > Here you can alter your default filter settings which are used to > > display data e.g. in Show_events page. > > [quote from manual] > > If User Interface is enabled and the option "Save filter settings in > > database and load them while logging in" is checked, all filter settings > > will be saved in database. Otherwise, they only will stay like this in > > current session! > > > > If User Interface is disabled, the settings will only stay like this in > > the current session. Next time opening phpLogCon, they will be default. > > [/quote from manual] > > > > This means if user management is enabled, clicking "Update Config" > > stored the filter settings in database and into session vars. You can > > say that the user can define his default filter settings on the Filter > > Options page. These filter settings are read during user login. > > > > - Show_Events > > [quote from manual] > > Here you can see the events; listed in respect to the current filter > > settings. Also you can use the quick filter, that allows you to override > > (not overwrite!) temporally your current filter settings. This provides > > a quick view on different filtered events, without going to the filter > > options. You can also choose how much event's should be displayed per > > page, color and search for an expression and search for a Host or IP. > > [/quote from manual] > > > > "override (not overwrite!) temporally your current filter settings" this > > > > is the most important point. Clicking "Submit" does not change any > > values in the database neither it change the filter settings defined on > > the Filter_Options page. > > > > Hold in mind, the form elements you see on Show_Events page are so > > called "Quick Filters": > > [quote from manual] > > They will override the general filters while staying in Events Display. > > They provide you quick changes for temporally viewing different and > > little bit fine filtered events, without changing your general filter > > settings. > > [/quote from manual] > > > > Hope it is clear how it works. If you have any questions or any concern > > with this approach, don't hesitate to write ;) > > > > Best regards, > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From bgshea at gmail.com Mon Dec 12 16:43:12 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 08:43:12 -0700 Subject: [Phplogcon-dev] What's Next? Message-ID: <9ef8de70512120743i72e055a2ge59c2abddd5424d3@mail.gmail.com> What's the next step for phpLogCon? I think Rainer had ask what was going in to the next release? We have plenty of items to work on, PEAR support, 2 Security issues, Adding custom search phrases, etc. I think it would be a good idea to have the official phplogcon-1.2.2 include just the mysql '%' fix. The other stuff can wait till it's been tested and working. Brian From mmeckelein at hq.adiscon.com Mon Dec 12 16:50:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Mon, 12 Dec 2005 16:50:04 +0100 Subject: [Phplogcon-dev] What's Next? Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> Brian, > I think it would be a good idea to have the official phplogcon-1.2.2 > include > just the mysql '%' fix. The other stuff can wait till it's been tested and > working. I totally agree with that approach. Actually I have already included this fix in the current cvs version. Probably we will release phplogcon-1.2.2 tomorrow. Just want to remark that we should keep the Installer up to date. Or do you prefer make all changes/improvements and finally update the Installer? Michael From mmeckelein at hq.adiscon.com Mon Dec 12 16:58:28 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Mon, 12 Dec 2005 16:58:28 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> > Michael, were you having trouble with the trailing slash removal? If so > what > was the problem? we should fix it to work with IIS and Apache. Just noticed, you have already fixed this issue in phplogcon-1.2.6_bgs :-) Michael From bgshea at gmail.com Tue Dec 13 01:20:19 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:20:19 -0500 Subject: [Phplogcon-dev] What's Next? In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> Umm, Depneds on how much we do. For 1.2.2 I doubt that any chagnes need to be made. Otherwise if we are going to work on lots of features, let's not worry about the installer untill we have a new release then put the feature installer options in. Not to complicate things, but an XML file with all the install options would be good to have, that was php can just parse the XML and create a table. With XML you can specify option types (text, checkbox, enum) There might be something for this already. Other wise for now we can just write the installer by hand. ---- Not sure if you grabbed the 1.2.6 release from my server, but there is a problem with the quick filters. I will fix it tonight. I've been testing that all weekend and the Remember me stuff works well. On 12/12/05, Michael Meckelein wrote: > > Brian, > > > I think it would be a good idea to have the official phplogcon-1.2.2 > > include > > just the mysql '%' fix. The other stuff can wait till it's been tested > and > > working. > > I totally agree with that approach. Actually I have already included > this fix in the current cvs version. Probably we will release > phplogcon-1.2.2 tomorrow. > > Just want to remark that we should keep the Installer up to date. Or do > you prefer make all changes/improvements and finally update the > Installer? > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 13 01:27:07 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:27:07 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42F@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512121627x73daf9c1qe7d4595c3c65203c@mail.gmail.com> So what do you think of the 1.2.6_bgs? You can use as much/little as you want and i can help put what you need into 1.2.1/1.2.2. Also, i played with the Auth_PrefManager from PEAR, it works okay maybe that sould be considered for a futur release of phpLogCon along with PEAR:DB which works nicely. PEAR::Auth_PrefManager lacks one function Auth_PrefManager::getUserPrefs( string userId ). Otherwise it would work great for all the Quick filters and definable filters, and maybe even supporting multiple DB's/Tables for log viewing. I'll probably write the function and email it to them. -Brian On 12/12/05, Michael Meckelein wrote: > > > Michael, were you having trouble with the trailing slash removal? If > so > > what > > was the problem? we should fix it to work with IIS and Apache. > > Just noticed, you have already fixed this issue in phplogcon-1.2.6_bgs > :-) > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Tue Dec 13 01:28:39 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 19:28:39 -0500 Subject: [Phplogcon-dev] What's Next? In-Reply-To: <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C42E@grfint2.intern.adiscon.com> <9ef8de70512121620y7b68efd0ic9f12247da398722@mail.gmail.com> Message-ID: <9ef8de70512121628u56d78e15j9f84e0225c8a54d2@mail.gmail.com> What are some of the features people want to see added or improved? On 12/12/05, Brian Shea wrote: > > Umm, Depneds on how much we do. > > For 1.2.2 I doubt that any chagnes need to be made. Otherwise if we are > going to work on lots of features, let's not worry about the installer > untill we have a new release then put the feature installer options in. > > Not to complicate things, but an XML file with all the install options > would be good to have, that was php can just parse the XML and create a > table. With XML you can specify option types (text, checkbox, enum) > > There might be something for this already. Other wise for now we can just > write the installer by hand. > > ---- > > Not sure if you grabbed the 1.2.6 release from my server, but there is a > problem with the quick filters. I will fix it tonight. I've been testing > that all weekend and the Remember me stuff works well. > > > > > On 12/12/05, Michael Meckelein wrote: > > > > Brian, > > > > > I think it would be a good idea to have the official phplogcon-1.2.2 > > > include > > > just the mysql '%' fix. The other stuff can wait till it's been tested > > and > > > working. > > > > I totally agree with that approach. Actually I have already included > > this fix in the current cvs version. Probably we will release > > phplogcon-1.2.2 tomorrow. > > > > Just want to remark that we should keep the Installer up to date. Or do > > you prefer make all changes/improvements and finally update the > > Installer? > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > From bgshea at gmail.com Tue Dec 13 05:23:56 2005 From: bgshea at gmail.com (Brian Shea) Date: Mon, 12 Dec 2005 21:23:56 -0700 Subject: [Phplogcon-dev] New Configuration varibles Message-ID: <9ef8de70512122023l6214028fye3abfc7a52e5e5a2@mail.gmail.com> Here is a list of configuration varibles that need to be setup during installation for 1.2.6_bgs. Most can be set to defaults the only one that is install dependant is _URI_PATH. Which should be set to the server path where phpLogCon is installed. There is a PDF file on my site with these varible as well. _URI_PATH Set this path to the server path, e.g. for www.example/phplogcon/ use /phplogcon/ _SINGLEUSER User name to use when _ENABLEUI is set to 0 _SESSION_NAME PHP session id defaults to phplogconid _SESS_NOCOOKIES Disable cookies to store session id, not recommended _ENABLE_COOKIES Depreciated, should not be used. _COOKIE_PREFIX Prefix for cookie names _COOKIE_DIR Server path for which cookies are valid, same as _URIPATH _SECURE_COOKIE Only transmit cookies over secure link. _COOKIE_EXPIRE Expiration for cookies defaults to 30days _SESS_HOW Session DB Method, [PHP,DB_PEAR,DB_MYSQL] _DBSESS_TBL_PRE Prefix for table names, use for testing. Defaults to "" _DBSESS_TBL_NAME Table name to store sessions in. Defaults to sess_Users _DBSESS_FILED_PRE Prefix for Field Names. Defaults to "" _DBSESS_FIELD_DATA Session data field name. Defaults to sess_data _DBSESS_FIELD_ID Session ID field name. Defaults to sess_id _DBSESS_FIELD_EXPIRE Session expire field name. Defaults to sess_expire Brian From rgerhards at hq.adiscon.com Tue Dec 13 08:50:33 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 08:50:33 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> That sounds pretty interesting. If we can offload some work to a standard library, that is helpful in many cases (assuming that the library is a good one, of course ;)). Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 13, 2005 1:27 AM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > So what do you think of the 1.2.6_bgs? > > You can use as much/little as you want and i can help put > what you need into > 1.2.1/1.2.2. > > Also, i played with the Auth_PrefManager from PEAR, it works > okay maybe that > sould be considered for a futur release of phpLogCon along > with PEAR:DB > which works nicely. > > PEAR::Auth_PrefManager lacks one function > Auth_PrefManager::getUserPrefs( > string userId ). Otherwise it would work great for all the > Quick filters > and definable filters, and maybe even supporting multiple > DB's/Tables for > log viewing. > > I'll probably write the function and email it to them. > > -Brian > > On 12/12/05, Michael Meckelein wrote: > > > > > Michael, were you having trouble with the trailing slash > removal? If > > so > > > what > > > was the problem? we should fix it to work with IIS and Apache. > > > > Just noticed, you have already fixed this issue in > phplogcon-1.2.6_bgs > > :-) > > > > Michael > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From rgerhards at hq.adiscon.com Tue Dec 13 09:25:19 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 09:25:19 +0100 Subject: [Phplogcon-dev] A feature request Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E406B@grfint2.intern.adiscon.com> Hi all, as we have discussed about enhancements, I just thought I bring up this feature request here: http://www.phplogcon.com/index.php?name=PNphpBB2&file=viewtopic&p=49&hig hlight=#49 :) Rainer From mmeckelein at hq.adiscon.com Tue Dec 13 15:59:30 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 15:59:30 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C431@grfint2.intern.adiscon.com> > So what do you think of the 1.2.6_bgs? First I took a look the online demo on your page. Works great. Installing it in my lab caused some trouble :( After adapting config.php I got an "Improper session table formatting" (btw: formating is misspelled in your version) error. I think there is a bug in DB_PEAR_sess_drv.php in line 155. Replaced: switch( $field['name'] ) with: switch( _DBSESS_FILED_PRE.$field['name'] ) After this change it works for me, too. I have to admit that I have taken a quick view only, no testing. However, please let me add some notes here: 1) You use the same error message twice: echo( "Improper session table formating. Please contact administrator.
"); is used for check if( count( $info ) < 3 ) and for if( $fld_cnt < 3 ) in DB_PEAR_sess_drv.php. Probably it would be better to attach a unique error number or something similar to the error messages in order to make trouble shooting easier. 2) scripts/session_table.sql contains no valid sql statement. I guess the following is sufficient CREATE TABLE `sess_Users` ( `sess_id` text NOT NULL, `sess_data` text NOT NULL, `sess_expire` datetime NOT NULL ) > You can use as much/little as you want and i can help put what you need > into > 1.2.1/1.2.2. We will release the current cvs version as 1.2.2. The only fix adapted from you is the '%' security fix. All other should be considered in the next release. > Also, i played with the Auth_PrefManager from PEAR, it works okay maybe > that > sould be considered for a futur release of phpLogCon along with PEAR:DB > which works nicely. > > PEAR::Auth_PrefManager lacks one function Auth_PrefManager::getUserPrefs( > string userId ). Otherwise it would work great for all the Quick filters > and definable filters, and maybe even supporting multiple DB's/Tables for > log viewing. > > I'll probably write the function and email it to them. Sounds really useful. Michael From bgshea at gmail.com Tue Dec 13 16:14:56 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 08:14:56 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E406A@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512130714y37d600c0xecba960904615c33@mail.gmail.com> Okay, that sounds good, I think we should discuss the syntax: double quote designates the search pattern Message Contains: "apple AND banana" in this search the AND is not a literal and, but a search modifier. Search results will return events with both word: apple, banana Message Contains: "apple 'AND' banana" in this search the AND is a literal and, which will be included in the search. Search results will return messages that contain the entire "apple and banana" Same goes for OR for the above. Now the slightly more complicated part Message Contains: "red apples AND yellow bananas" The search should be preformed as such "red AND apples AND yellow AND bananas" Results will display all event with those words Or could be preformed as such: Message Contains: "red apples AND yellow bananas " The search will be preformed as such " 'red apples' AND 'yellow bananas' " Results will contain all events with 'red apples' AND 'yellow bananas'. But not events like 'red delicious apples' or 'yellow delicious bananas' PLEASE comment on the above. ----- If we try to tackle the first two on the list AND/OR, we can build on it from there, but changing the syntax from release to release might confuse users, so we should figure out how the language is interpreted. Maybe a few google searches to see how google interprets things might be a good place to start. I might be able to hack out a simple searcher tonight, nothing that could be used in phpLogCon, but enought to show how to start processing the search terms. Brian On 12/13/05, Rainer Gerhards wrote: > > That sounds pretty interesting. If we can offload some work to a > standard library, that is helpful in many cases (assuming that the > library is a good one, of course ;)). > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 13, 2005 1:27 AM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > So what do you think of the 1.2.6_bgs? > > > > You can use as much/little as you want and i can help put > > what you need into > > 1.2.1/1.2.2. > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > okay maybe that > > sould be considered for a futur release of phpLogCon along > > with PEAR:DB > > which works nicely. > > > > PEAR::Auth_PrefManager lacks one function > > Auth_PrefManager::getUserPrefs( > > string userId ). Otherwise it would work great for all the > > Quick filters > > and definable filters, and maybe even supporting multiple > > DB's/Tables for > > log viewing. > > > > I'll probably write the function and email it to them. > > > > -Brian > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > Michael, were you having trouble with the trailing slash > > removal? If > > > so > > > > what > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > Just noticed, you have already fixed this issue in > > phplogcon-1.2.6_bgs > > > :-) > > > > > > Michael > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Tue Dec 13 16:47:04 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 16:47:04 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> Google Help Center -> Advanced Search Made Easy http://www.google.com/help/refinesearch.html Google does not care about "AND" operator. Google include all search terms by default. We should adapt this approach. This means > Okay, that sounds good, I think we should discuss the syntax: > > double quote designates the search pattern > > Message Contains: "apple AND banana" Should be equal with "apple banana", shouldn't be? (just a site note, because it is interesting but has nothing to do with phplogcon: http://www.google.com/search?q=apple+AND+banana and http://www.google.com/search?q=apple+banana have different result pages.) > > in this search the AND is not a literal and, but a search modifier. Search > results will return events with both word: apple, banana > > Message Contains: "apple 'AND' banana" We should use double quotes (") instead of single quote (') like google. http://www.google.com/search?q=apple+%22and%22+banana > > in this search the AND is a literal and, which will be included in the > search. Search results will return messages that contain the entire "apple > and banana" > > Same goes for OR for the above. Ok. > Now the slightly more complicated part > > Message Contains: "red apples AND yellow bananas" > > The search should be preformed as such "red AND apples AND yellow AND > bananas" Results will display all event with those words I would go on with this approach, because it is like Google. > > Or could be preformed as such: > > Message Contains: "red apples AND yellow bananas " > > The search will be preformed as such " 'red apples' AND 'yellow bananas' " > Results will contain all events with 'red apples' AND 'yellow bananas'. > But > not events like 'red delicious apples' or 'yellow delicious bananas' If you want perform such a search you have to enclose with quotes. http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+bananas%22 Michael > PLEASE comment on the above. > ----- > > If we try to tackle the first two on the list AND/OR, we can build on it > from there, but changing the syntax from release to release might confuse > users, so we should figure out how the language is interpreted. Maybe a > few > google searches to see how google interprets things might be a good place > to > start. > > I might be able to hack out a simple searcher tonight, nothing that could > be > used in phpLogCon, but enought to show how to start processing the search > terms. > > Brian > > On 12/13/05, Rainer Gerhards wrote: > > > > That sounds pretty interesting. If we can offload some work to a > > standard library, that is helpful in many cases (assuming that the > > library is a good one, of course ;)). > > > > Rainer > > > > > -----Original Message----- > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > Brian Shea > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > To: phplogcon-dev at lists.adiscon.com > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > You can use as much/little as you want and i can help put > > > what you need into > > > 1.2.1/1.2.2. > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > okay maybe that > > > sould be considered for a futur release of phpLogCon along > > > with PEAR:DB > > > which works nicely. > > > > > > PEAR::Auth_PrefManager lacks one function > > > Auth_PrefManager::getUserPrefs( > > > string userId ). Otherwise it would work great for all the > > > Quick filters > > > and definable filters, and maybe even supporting multiple > > > DB's/Tables for > > > log viewing. > > > > > > I'll probably write the function and email it to them. > > > > > > -Brian > > > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > > > Michael, were you having trouble with the trailing slash > > > removal? If > > > > so > > > > > what > > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > > > Just noticed, you have already fixed this issue in > > > phplogcon-1.2.6_bgs > > > > :-) > > > > > > > > Michael > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev From bgshea at gmail.com Tue Dec 13 17:05:12 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 11:05:12 -0500 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C432@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512130805o645e0b3k363e7383ba53d09b@mail.gmail.com> Okay, that is something to think about. I'll have to look at the google link after work. Yeah, that was a generic message that should never be displayed. I guess they should have been different, probably just copy/pasted it and forgot to change the text. In DB_PEAR_sess_drv.php in line 155 that should have been taken care of in the config.php file if not, then that's where the fix needs to go, not in the switch statement. And should be done for each of the field constants. define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") Oh, there is a problem when session ids are passed in the URL, the quick filters dont work quite right. I'm not sure why. Thanks, Brian On 12/13/05, Michael Meckelein wrote: > > Google Help Center -> Advanced Search Made Easy > http://www.google.com/help/refinesearch.html > > Google does not care about "AND" operator. Google include all search > terms by default. We should adapt this approach. > > This means > > > Okay, that sounds good, I think we should discuss the syntax: > > > > double quote designates the search pattern > > > > Message Contains: "apple AND banana" > > Should be equal with "apple banana", shouldn't be? > > (just a site note, because it is interesting but has nothing to do with > phplogcon: > http://www.google.com/search?q=apple+AND+banana > and > http://www.google.com/search?q=apple+banana > have different result pages.) > > > > > in this search the AND is not a literal and, but a search modifier. > Search > > results will return events with both word: apple, banana > > > > Message Contains: "apple 'AND' banana" > > We should use double quotes (") instead of single quote (') like google. > http://www.google.com/search?q=apple+%22and%22+banana > > > > > in this search the AND is a literal and, which will be included in the > > search. Search results will return messages that contain the entire > "apple > > and banana" > > > > Same goes for OR for the above. > > Ok. > > > Now the slightly more complicated part > > > > Message Contains: "red apples AND yellow bananas" > > > > The search should be preformed as such "red AND apples AND yellow AND > > bananas" Results will display all event with those words > > I would go on with this approach, because it is like Google. > > > > > Or could be preformed as such: > > > > Message Contains: "red apples AND yellow bananas " > > > > The search will be preformed as such " 'red apples' AND 'yellow > bananas' " > > Results will contain all events with 'red apples' AND 'yellow > bananas'. > > But > > not events like 'red delicious apples' or 'yellow delicious bananas' > > If you want perform such a search you have to enclose with quotes. > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+bananas%22 > > Michael > > > PLEASE comment on the above. > > ----- > > > > If we try to tackle the first two on the list AND/OR, we can build on > it > > from there, but changing the syntax from release to release might > confuse > > users, so we should figure out how the language is interpreted. Maybe > a > > few > > google searches to see how google interprets things might be a good > place > > to > > start. > > > > I might be able to hack out a simple searcher tonight, nothing that > could > > be > > used in phpLogCon, but enought to show how to start processing the > search > > terms. > > > > Brian > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > That sounds pretty interesting. If we can offload some work to a > > > standard library, that is helpful in many cases (assuming that the > > > library is a good one, of course ;)). > > > > > > Rainer > > > > > > > -----Original Message----- > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > Brian Shea > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > To: phplogcon-dev at lists.adiscon.com > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > You can use as much/little as you want and i can help put > > > > what you need into > > > > 1.2.1/1.2.2. > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > okay maybe that > > > > sould be considered for a futur release of phpLogCon along > > > > with PEAR:DB > > > > which works nicely. > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > Auth_PrefManager::getUserPrefs( > > > > string userId ). Otherwise it would work great for all the > > > > Quick filters > > > > and definable filters, and maybe even supporting multiple > > > > DB's/Tables for > > > > log viewing. > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > -Brian > > > > > > > > On 12/12/05, Michael Meckelein wrote: > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > removal? If > > > > > so > > > > > > what > > > > > > was the problem? we should fix it to work with IIS and Apache. > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > phplogcon-1.2.6_bgs > > > > > :-) > > > > > > > > > > Michael > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Tue Dec 13 17:06:48 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Tue, 13 Dec 2005 17:06:48 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> > > After adapting config.php I got an "Improper session table formatting" > (btw: formating is misspelled in your version) error. > > I think there is a bug in DB_PEAR_sess_drv.php in line 155. Forget about it, it was a config issue in my test lab. Michael From rgerhards at hq.adiscon.com Tue Dec 13 17:37:33 2005 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 13 Dec 2005 17:37:33 +0100 Subject: [Phplogcon-dev] phplogcon without user managment Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> Not sure about the google link, but "apples AND bananas", in my opinion should search for the literal "apples and bananes" but not "apples bananas". If I want the later, I'd say "apples" and "bananas" The double quotes are actually (in most such search engines) a tool to search for exact phrases. I am pretty sure the same applies to google (at least this is how I use it ;)). Rainer > -----Original Message----- > From: phplogcon-dev-bounces at lists.adiscon.com > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > Brian Shea > Sent: Tuesday, December 13, 2005 5:05 PM > To: phplogcon-dev at lists.adiscon.com > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > Okay, that is something to think about. I'll have to look at > the google link > after work. > > Yeah, that was a generic message that should never be > displayed. I guess > they should have been different, probably just copy/pasted it > and forgot to > change the text. > > In DB_PEAR_sess_drv.php in line 155 that should have been > taken care of in > the config.php file > > if not, then that's where the fix needs to go, not in the > switch statement. > And should be done for each of the field constants. > > define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") > > Oh, there is a problem when session ids are passed in the > URL, the quick > filters dont work quite right. I'm not sure why. > > Thanks, > Brian > > On 12/13/05, Michael Meckelein wrote: > > > > Google Help Center -> Advanced Search Made Easy > > http://www.google.com/help/refinesearch.html > > > > Google does not care about "AND" operator. Google include all search > > terms by default. We should adapt this approach. > > > > This means > > > > > Okay, that sounds good, I think we should discuss the syntax: > > > > > > double quote designates the search pattern > > > > > > Message Contains: "apple AND banana" > > > > Should be equal with "apple banana", shouldn't be? > > > > (just a site note, because it is interesting but has > nothing to do with > > phplogcon: > > http://www.google.com/search?q=apple+AND+banana > > and > > http://www.google.com/search?q=apple+banana > > have different result pages.) > > > > > > > > in this search the AND is not a literal and, but a search > modifier. > > Search > > > results will return events with both word: apple, banana > > > > > > Message Contains: "apple 'AND' banana" > > > > We should use double quotes (") instead of single quote (') > like google. > > http://www.google.com/search?q=apple+%22and%22+banana > > > > > > > > in this search the AND is a literal and, which will be > included in the > > > search. Search results will return messages that contain > the entire > > "apple > > > and banana" > > > > > > Same goes for OR for the above. > > > > Ok. > > > > > Now the slightly more complicated part > > > > > > Message Contains: "red apples AND yellow bananas" > > > > > > The search should be preformed as such "red AND apples > AND yellow AND > > > bananas" Results will display all event with those words > > > > I would go on with this approach, because it is like Google. > > > > > > > > Or could be preformed as such: > > > > > > Message Contains: "red apples AND yellow bananas " > > > > > > The search will be preformed as such " 'red apples' AND 'yellow > > bananas' " > > > Results will contain all events with 'red apples' AND 'yellow > > bananas'. > > > But > > > not events like 'red delicious apples' or 'yellow > delicious bananas' > > > > If you want perform such a search you have to enclose with quotes. > > > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+ > bananas%22 > > > > Michael > > > > > PLEASE comment on the above. > > > ----- > > > > > > If we try to tackle the first two on the list AND/OR, we > can build on > > it > > > from there, but changing the syntax from release to release might > > confuse > > > users, so we should figure out how the language is > interpreted. Maybe > > a > > > few > > > google searches to see how google interprets things might > be a good > > place > > > to > > > start. > > > > > > I might be able to hack out a simple searcher tonight, > nothing that > > could > > > be > > > used in phpLogCon, but enought to show how to start processing the > > search > > > terms. > > > > > > Brian > > > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > > > That sounds pretty interesting. If we can offload some work to a > > > > standard library, that is helpful in many cases > (assuming that the > > > > library is a good one, of course ;)). > > > > > > > > Rainer > > > > > > > > > -----Original Message----- > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > Brian Shea > > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > > > You can use as much/little as you want and i can help put > > > > > what you need into > > > > > 1.2.1/1.2.2. > > > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > > okay maybe that > > > > > sould be considered for a futur release of phpLogCon along > > > > > with PEAR:DB > > > > > which works nicely. > > > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > > Auth_PrefManager::getUserPrefs( > > > > > string userId ). Otherwise it would work great for all the > > > > > Quick filters > > > > > and definable filters, and maybe even supporting multiple > > > > > DB's/Tables for > > > > > log viewing. > > > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > > > -Brian > > > > > > > > > > On 12/12/05, Michael Meckelein > wrote: > > > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > > removal? If > > > > > > so > > > > > > > what > > > > > > > was the problem? we should fix it to work with > IIS and Apache. > > > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > > phplogcon-1.2.6_bgs > > > > > > :-) > > > > > > > > > > > > Michael > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 14 04:07:13 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 20:07:13 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C433@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512131907r28942669jbedb22a44ba5adb1@mail.gmail.com> Michael, Please fix this issue in /layout/bgs_theme on line 171 change : echo substr($_SERVER['REQUEST_URI'], $i); to echo preg_replace("/&" . _SESSION_NAME . "=([a-z0-9]*){25,32}/i", "", substr($_SERVER['REQUEST_URI'], $i) ); And also near line 168: if ($_SESSION['refresh'] > 0) echo ''; with if ($_SESSION['refresh'] > 0) if( defined('_SESS_NOCOOKIES') && _SESS_NOCOOKIES ) echo ''; else echo ''; This will fix the double sid in the url when _SESS_NOCOOKIES is set to 1 and if auto refresh is turn on it will pass the sid in the url as required by php. Or just download 1.2.6a_bgs and replace /layout/bgs_theme.php in 1.2.6_bgsfrom 1.2.6a_bgs. Oh, and one last small change, in index.php, move the require_once("/debug/debug.php") to include.php just after the require_once statement for config.php I think that will get the last of the issues. I have not run into any other problems, have you? On 12/13/05, Michael Meckelein wrote: > > > > > After adapting config.php I got an "Improper session table formatting" > > (btw: formating is misspelled in your version) error. > > > > I think there is a bug in DB_PEAR_sess_drv.php in line 155. > > Forget about it, it was a config issue in my test lab. > > Michael > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From bgshea at gmail.com Wed Dec 14 07:06:46 2005 From: bgshea at gmail.com (Brian Shea) Date: Tue, 13 Dec 2005 23:06:46 -0700 Subject: [Phplogcon-dev] phplogcon without user managment In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA0E4078@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512132206g33e26aadocdc1cf4016465c32@mail.gmail.com> Rainer, I did some MySQL research on searching DB's. MySQL support Full Text Search (http://dev.mysql.com/doc/refman/5.0/en/fulltext-boolean.html) Which works well, I have not looked at MSSQL, unfortunately i cannot find an MSSQL server to test SQL queries on. Here is a good example SQL search SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE MATCH(`Message`) AGAINST('+proftpd +(LOGIN no such user)' IN BOOLEAN MODE) GROUP BY(`SysLogTag`) This works for my Messages and phpMyAdmin returns Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1011 (I hope you can view that okay, it's html) For some reason the Syslog tag for proftpd is not placed in to the syslogtag field (not too worried about it right now, maybe you could look into it tho) So what that did for me is it found all messages that contained protfpd and with any of the words (LOGIN, no ,such, user) <-- these are ORed This works if you set FullText serach on the message fields. Also table must be MyISAM. Please see ( http://dev.mysql.com/doc/refman/5.0/en/fulltext-restrictions.html) The same query can be accomplished with this SQL statement SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE (`Message` LIKE 'proftpd%') AND (`Message` LIKE '%no%' OR `Message` LIKE '%such%' OR `Message` LIKE '%user%' OR `Message` LIKE '%LOGIN%') GROUP BY(`SysLogTag`) Which return 6 more messages not sure why, it might be picking up single word 'no' or 'such' that the first search would have droped. Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1017 This is probably more portable across SQL's but as you can see tougher to write. Last one, i promis: This SQL Statement returns the same number as the first: SELECT `Message`,`SysLogTag`, COUNT(`Message`) FROM `SystemEvents` WHERE (`Message` LIKE 'proftpd%') AND (`Message` LIKE '%no such user%' OR `Message` LIKE '%LOGIN%') GROUP BY(`SysLogTag`) Message SysLogTag COUNT( `Message` ) proftpd[5035]: 192.168.1.2 ( 64.42.157.76[64.42.157... 1011 This was the intended result, all messages that contained 'proftpd' and the phrase 'no such user' or 'proftpd' and the word 'LOGIN' So, I guess my point is, we need a way to seperate pharses from single words with boolean operators. For a first try!!!! My suggestion, and it is only a suggestion, and i think it follows your same thinking. Searches are entered as such SEARCH: proftpd & ('no such user' | login) SEARCH: proftpd & ("no such user" | login) SEARCH: proftpd & (no such user | login) treat all these the same, only assume ANDing/ORing when user specifies. PLEASE NOTE single or double quotes will do the same thing. PLEASE!! that will make things easier for everyone. Parenthsis are important. They can follow the SQL syntax. Since we read left to right, syntax will follow that thinking: SEARCH: proftpd & no such user | login would be the same as SEARCH: (proftpd & "no such user") | login Because I think that is how SQL will treat the AND OR in the Where clause. -Brian On 12/13/05, Rainer Gerhards wrote: > > Not sure about the google link, but "apples AND bananas", in my opinion > should search for the literal "apples and bananes" but not "apples > bananas". If I want the later, I'd say > > "apples" and "bananas" > > The double quotes are actually (in most such search engines) a tool to > search for exact phrases. I am pretty sure the same applies to google > (at least this is how I use it ;)). > > Rainer > > > -----Original Message----- > > From: phplogcon-dev-bounces at lists.adiscon.com > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > Brian Shea > > Sent: Tuesday, December 13, 2005 5:05 PM > > To: phplogcon-dev at lists.adiscon.com > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > Okay, that is something to think about. I'll have to look at > > the google link > > after work. > > > > Yeah, that was a generic message that should never be > > displayed. I guess > > they should have been different, probably just copy/pasted it > > and forgot to > > change the text. > > > > In DB_PEAR_sess_drv.php in line 155 that should have been > > taken care of in > > the config.php file > > > > if not, then that's where the fix needs to go, not in the > > switch statement. > > And should be done for each of the field constants. > > > > define'(_DBSESS_DATA_FIELD', _DBSESS_FIELD_PRE . "sess_data") > > > > Oh, there is a problem when session ids are passed in the > > URL, the quick > > filters dont work quite right. I'm not sure why. > > > > Thanks, > > Brian > > > > On 12/13/05, Michael Meckelein wrote: > > > > > > Google Help Center -> Advanced Search Made Easy > > > http://www.google.com/help/refinesearch.html > > > > > > Google does not care about "AND" operator. Google include all search > > > terms by default. We should adapt this approach. > > > > > > This means > > > > > > > Okay, that sounds good, I think we should discuss the syntax: > > > > > > > > double quote designates the search pattern > > > > > > > > Message Contains: "apple AND banana" > > > > > > Should be equal with "apple banana", shouldn't be? > > > > > > (just a site note, because it is interesting but has > > nothing to do with > > > phplogcon: > > > http://www.google.com/search?q=apple+AND+banana > > > and > > > http://www.google.com/search?q=apple+banana > > > have different result pages.) > > > > > > > > > > > in this search the AND is not a literal and, but a search > > modifier. > > > Search > > > > results will return events with both word: apple, banana > > > > > > > > Message Contains: "apple 'AND' banana" > > > > > > We should use double quotes (") instead of single quote (') > > like google. > > > http://www.google.com/search?q=apple+%22and%22+banana > > > > > > > > > > > in this search the AND is a literal and, which will be > > included in the > > > > search. Search results will return messages that contain > > the entire > > > "apple > > > > and banana" > > > > > > > > Same goes for OR for the above. > > > > > > Ok. > > > > > > > Now the slightly more complicated part > > > > > > > > Message Contains: "red apples AND yellow bananas" > > > > > > > > The search should be preformed as such "red AND apples > > AND yellow AND > > > > bananas" Results will display all event with those words > > > > > > I would go on with this approach, because it is like Google. > > > > > > > > > > > Or could be preformed as such: > > > > > > > > Message Contains: "red apples AND yellow bananas " > > > > > > > > The search will be preformed as such " 'red apples' AND 'yellow > > > bananas' " > > > > Results will contain all events with 'red apples' AND 'yellow > > > bananas'. > > > > But > > > > not events like 'red delicious apples' or 'yellow > > delicious bananas' > > > > > > If you want perform such a search you have to enclose with quotes. > > > > > http://www.google.com/search?q=%22red+apples%22+AND+%22yellow+ > > bananas%22 > > > > > > Michael > > > > > > > PLEASE comment on the above. > > > > ----- > > > > > > > > If we try to tackle the first two on the list AND/OR, we > > can build on > > > it > > > > from there, but changing the syntax from release to release might > > > confuse > > > > users, so we should figure out how the language is > > interpreted. Maybe > > > a > > > > few > > > > google searches to see how google interprets things might > > be a good > > > place > > > > to > > > > start. > > > > > > > > I might be able to hack out a simple searcher tonight, > > nothing that > > > could > > > > be > > > > used in phpLogCon, but enought to show how to start processing the > > > search > > > > terms. > > > > > > > > Brian > > > > > > > > On 12/13/05, Rainer Gerhards wrote: > > > > > > > > > > That sounds pretty interesting. If we can offload some work to a > > > > > standard library, that is helpful in many cases > > (assuming that the > > > > > library is a good one, of course ;)). > > > > > > > > > > Rainer > > > > > > > > > > > -----Original Message----- > > > > > > From: phplogcon-dev-bounces at lists.adiscon.com > > > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of > > > > > > Brian Shea > > > > > > Sent: Tuesday, December 13, 2005 1:27 AM > > > > > > To: phplogcon-dev at lists.adiscon.com > > > > > > Subject: Re: [Phplogcon-dev] phplogcon without user managment > > > > > > > > > > > > So what do you think of the 1.2.6_bgs? > > > > > > > > > > > > You can use as much/little as you want and i can help put > > > > > > what you need into > > > > > > 1.2.1/1.2.2. > > > > > > > > > > > > Also, i played with the Auth_PrefManager from PEAR, it works > > > > > > okay maybe that > > > > > > sould be considered for a futur release of phpLogCon along > > > > > > with PEAR:DB > > > > > > which works nicely. > > > > > > > > > > > > PEAR::Auth_PrefManager lacks one function > > > > > > Auth_PrefManager::getUserPrefs( > > > > > > string userId ). Otherwise it would work great for all the > > > > > > Quick filters > > > > > > and definable filters, and maybe even supporting multiple > > > > > > DB's/Tables for > > > > > > log viewing. > > > > > > > > > > > > I'll probably write the function and email it to them. > > > > > > > > > > > > -Brian > > > > > > > > > > > > On 12/12/05, Michael Meckelein > > wrote: > > > > > > > > > > > > > > > Michael, were you having trouble with the trailing slash > > > > > > removal? If > > > > > > > so > > > > > > > > what > > > > > > > > was the problem? we should fix it to work with > > IIS and Apache. > > > > > > > > > > > > > > Just noticed, you have already fixed this issue in > > > > > > phplogcon-1.2.6_bgs > > > > > > > :-) > > > > > > > > > > > > > > Michael > > > > > > > _______________________________________________ > > > > > > > Phplogcon-dev mailing list > > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > > > _______________________________________________ > > > > > > Phplogcon-dev mailing list > > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > > > _______________________________________________ > > > > > Phplogcon-dev mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > > > > > _______________________________________________ > > > > Phplogcon-dev mailing list > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > > > Phplogcon-dev mailing list > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > > > _______________________________________________ > > Phplogcon-dev mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > > > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev > From mmeckelein at hq.adiscon.com Wed Dec 14 17:42:54 2005 From: mmeckelein at hq.adiscon.com (Michael Meckelein) Date: Wed, 14 Dec 2005 17:42:54 +0100 Subject: [Phplogcon-dev] trouble with IIS Message-ID: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> Brian, I just want to test phplogcon_1.2.6a_bgs with IIS. It run into trouble with $_SERVER['REQUEST_URI'], because it is an apache environment variable. I have to add a patch in all the files using $_SERVER['REQUEST_URI']: $_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']); // Append the query string if it exists and isn't null if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) { $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; } It seems to work but I think it is more or less a dirty hack. I haven't tested all out. I will spend some more time tomorrow testing php in a windows/iis environment. Michael From bgshea at gmail.com Wed Dec 14 18:15:35 2005 From: bgshea at gmail.com (Brian Shea) Date: Wed, 14 Dec 2005 12:15:35 -0500 Subject: [Phplogcon-dev] trouble with IIS In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA11C437@grfint2.intern.adiscon.com> Message-ID: <9ef8de70512140915o5434d56fof2ebb704345905ee@mail.gmail.com> Okay, I was trying to figure out what QUERY_STRING was for because it seemed like PHP was putting ig all into the [REQUEST_URI]. I think we might be able to look at the server type, if IIS do one thing, for APACHE do another. Thanks, I'll fix that up when i get home and post a 1.2.6b. On 12/14/05, Michael Meckelein wrote: > > Brian, > > I just want to test phplogcon_1.2.6a_bgs with IIS. It run into trouble > with $_SERVER['REQUEST_URI'], because it is an apache environment > variable. > > I have to add a patch in all the files using $_SERVER['REQUEST_URI']: > > $_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ? > $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']); > > // Append the query string if it exists and isn't null > if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) > { > $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; > } > > It seems to work but I think it is more or less a dirty hack. I haven't > tested all out. I will spend some more time tomorrow testing php in a > windows/iis environment. > > Michael > _______________________________________________ > Phplogcon-dev mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev >