Tag: security

Posted on

Getting data from API works in Postman but not working in localhost

If you are getting the data from an external API when using Postman, but when you try the code provided by Postman in your local host you get no data. A reason for that could be the SSL, first, try to install SSL for your local hosting server. Usually, OpenSSL will do the trick. Here is a link to a step-by-step of how to install SLL over WAMP.

https://infyom.com/blog/how-to-enable-localhost-https-ssl-on-wamp-server

If you still can’t connect to the external API, the reason could be an issue with the SSL certificate validation. (after all, this is a self-signed certification). This error usually occurs when the certificate authority (CA) that issued the SSL certificate used by the server you’re trying to connect to is not recognized or trusted by your system.

If you are using cURL, to resolve this issue, you have a few options:

1- Update your CA certificates: Your system’s CA certificate bundle might be outdated. You can try updating it to include the latest CA certificates. The location of the CA certificate bundle can vary depending on your operating system and cURL installation. In some cases, it may be located at /etc/ssl/certs/ca-certificates.crt.

2-Specify the CA certificate bundle path explicitly: If you have access to the CA certificate bundle, you can specify its path explicitly using the –cacert option with cURL. For example:

curl --cacert /path/to/ca-certificates.crt https://example.com

3- Ignore certificate validation (not recommended): If you’re in a development or testing environment and certificate validation is not crucial, you can bypass the certificate validation check using the -k or –insecure option with cURL. However, this approach is not recommended in production environments because it exposes you to potential security risks. Example:

curl -k https://example.com

If you are using PHP, here is an example

<?php

// Create a cURL handle
$ch = curl_init();

// Set the URL
curl_setopt($ch, CURLOPT_URL, "https://example.com");

// Disable SSL certificate verification
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

// Execute the request
$response = curl_exec($ch);

// Check for errors
if ($response === false) {
    $error = curl_error($ch);
    echo "cURL error: " . $error;
}

// Close the cURL handle
curl_close($ch);
?>
Posted on

How to abort with custom message in Laravel

If you want to abort with a custom message, you will find that in some code like this, 

abort(400, 'custom error message');

the above code will show you the standard 400 error without any custom messages. You need to write the code like this

abort(
    response()->json(['message' => "My Custom error message"], 400)
  );
Posted on

How to solve “gpg: public key decryption failed: Bad passphrase” in batch file

If you are trying to decrypt a file or a bunch of files using batch file in windows you will write something like this:

gpg --pinentry-mode=loopback --batch --yes --passphrase "abc%123" --decrypt-files *.pgp

and you put the above code in a .bat file and run it but you got an error like:

gpg: public key decryption failed: Bad passphrase

You are 1000% sure the passphrase is correct .. well the problem is in the passphrase itself as it contains a special character that needs to be escaped .. in the above example , the passphrase : “abc%123” must be written like this: “abc%%123” as %% is the escape of % … for a complete list of batch file escape characters , check this link

in case if you are wondering about the meaning of
–pinentry-mode=loopback  
it is used to prevent the gui from pooping up and asking for the passphrase.

Another important point , to make the batch option work without problem .. you have to make sure that the encrypted file extensions is *.pgp

Posted on

How to sanitize raw data in Laravel

When doing a raw data query from user input like this:

$someVariable = Input::get("some_variable");

$results = DB::select( DB::raw("SELECT * FROM some_table WHERE some_col = '$someVariable'") );

we are at risk of SQL injection , to avoid that we can bin parameters to our query like this:

$someVariable = Input::get("some_variable");

$results = DB::select( DB::raw("SELECT * FROM some_table WHERE some_col = :somevariable"), array(
   'somevariable' => $someVariable,
 ));

 

Another point is that if we want to do a raw that doesn’t return a value, we can do it like this

DB::statement( 'ALTER TABLE HS_Request AUTO_INCREMENT=1111' );

and that way can take parameters as well

DB::statement( 'ALTER TABLE HS_Request AUTO_INCREMENT=:incrementStart', array('incrementStart' => 1111) );