This may be better servered on ServerFault, however, I'm evaluating nginx to determine if it's able to solve a particular problem.
Problem
I want to use nginx response caching with FastCGI Cache. But I need to set the cache key with a value from a cookie. The problem is the cookie needs to be decrypted before I can get the value to use it in the cache key.
What I Know
I know how to configure nginx as a cache (fastcgi_cache). I also know I can set and use a custom variables in the cache key (fastcgi_cache_key). However, I don't know how to call a custom function to decrypt the cookie. I know nginx has the concept of modules. I have also noticed integration with Lua.
Question
Provided my decryption is available as C code, can I access this external code from the nginx configuration and use its return value?
As long as your code is in C, easiest solution would be to write simple nginx module which provides a variable with the decrypted value. Relatively simple example of how to provide a variable may be found in ngx_http_secure_link_module.
The Lua module can indeed help you if compiled it with LuaJIT.
Look here for a simple example of how to interact with cookies: http://mailman.nginx.org/pipermail/nginx/2011-January/024798.html
Now with LuaJIT you could use the FFI to call your C decryption code: http://luajit.org/ext_ffi.html
Another possibility would be to do it all in C, which may be faster but would probably be more work.
Related
I have some .sh files, this file contains my ssh and scp details.
I would like to encrypt the ssh files, upon encryption It should be able to execute/run.
like the background.js ( attachment ) file is encrypted but still executing in the browser
Background:
There is a difference between obfuscation and encryption.
Obfuscation hides the data or makes it hard to read, but it is still theoretically possible to reverse this and get back the original source data.
Encryption actually uses cryptography to make it near-impossible to decrypt without a key.
I believe the image I'm looking at above is "obfuscated" and not "encrypted" based on the details that you've provided.
Answer:
If you're running this file on a machine and not in a browser, I'd recommend looking at compiling it into an executable which will compile it into bytecode. This will likely accomplish your original intent of hiding the source. Nexe is one tool for NodeJS that can do this.
If you're running this in the browser, then you can only really obfuscate it. Terser is a library for this in NodeJS
And lastly, a common pattern for hiding ssh details is to put them into environment variables and have a script reference the environment variables rather than actually putting the credentials in the code.
In JS, that would be process.env.PASSWORD
I'm implementing a RESTful web API in an embedded stack which provides a webserver without the REST feature. To be precise, the embedded stack is RTCS which runs on top of the MQX RT operating system, the microcontroller is a Kinetis K60 from Freescale. I'm able to distinguish GET/POST/DELETE/PUT requests and to get the url with the parameters (let's say /this/firstValue/that/secondValue/...).
I use strtok to separate the different elements of the url and take decisions. But my code is just ugly because it's full of strcmp functions and if statements. I also need to check bounds for firstValue and secondValue (which I could do in set/get functions, but 2 functions for each parameter will be repetitve). Moreover I'd like to be able to add parameters without messing around with the decision tree.
I have two questions:
How would you make the code nice and dry?
Do you think a REST webservice is appropriate to control my microcontroller over the network? Do you have examples of such things? I'm using a REST webservice because it provides authentication (no secrecy however because I can't setup SSL sockets yet) and I think it's an elegant solution.
I evaluated some other solutions:
SNMP (snmpset/snmpget): it worked but setting up the MIBs was a real pain, and since it's SNMPv2 there is still no secrecy.
telnet server (I have no SSH solution yet): I don't see any advantage/drawback aside that REST will probably be easier to control from the outside, I'm testing it with curl :)
SOAP Remote Procedure Call (I just don't like it)
Any other idea ? I need something simple and scalable since there could be multiple targets to control. I have limited resources :s. I would need secrecy at some point, and I expect to have it when CyaSSL (an embedded ssl implemetation) is ported to MQX. They said it's happening next month so secrecy won't be an issue anymore but if you have other ideas...
--
Emilien
REST is an architectual pattern, So i guess you mean your server provides HTTP.
A resource is 'any data that can be named'. e.g. an LED on your embedded device could be a URI of '/leds/led3' You could change the data it holds (its state, rgb led? etc) with the standard PUT request, and GET should return its current state.
As for coding it, a generic tree structure maybe wise if memory permits to make path finding as simple as possible. With the data and function pointers (emulating objects) at the leafs
I'm looking for the simplest possible (cross-platform, but not necessarily cross-browser) code to send data from a local web page to a C (not C++) application running locally. Basically, I have an HTML page with a form and I want to send the data from that form to another process in the simplest way possible. (I know that I can read local data from a webpage relatively easily, especially now with HTML5, but writing outside of the javascript sandbox is a mystery.)
I know that browsers make this very hard to do for security concerns, and I don't want to open up my machine to attacks, but maybe I can run a very simple server inside the C application to receive the submitted data... Either way, I cannot run any standard webserver, so I need to have a C library/app that does it for me.
I've looked into .hta files (seem to only work for Windows) and some C web servers (all I've found are *nix specific). A similar question is how to transfer of data from webpage to a server c program , except that user allows the use of Java and other webserver platforms (I must use C).
UPDATE: Promising libraries: https://stackoverflow.com/questions/175507/c-c-web-server-library
Have you considered FastCGI? I have a fast CGI library written in C that might be helpful. It still needs a lot of work and I'm not sure if I would want to use in a production environment.
If you find any bugs or make any enhancements, please share them so that it can help others.
https://github.com/manvscode/shrewd-cgi
You could write a very simple web server in C, serve the page from it (avoids security issues), and post the form to it.
If you're bound to c, you'll have to go low-level and deal with all the nifty details around the sockets library. (There's a reason why people abstract that in high-level languages). Check out some example code for RPC in C with server and client here. If you can afford to bind to C, e.g. using Tcl, i would implement the server in a tcl script and bind your C functions as a Tcl command. That way you pass the content directly to your c method while avoiding to write all the sockets code low-level.
Send the desired data from web to specific port of your system (for example port X). Then run your application (e.g. APP) in background using following command:
nc -l X | ./APP
And of course you need nc package.
I have some C code that parses a file and generates another file of processed data. I now need to post these files to a website on a web server. I guess there is a way to do a HTTP POST but I have never done this in c (using GCC on Ubuntu). Does anyone know how to do this? I need a starting point as I have no clue of doing this in C. I also need to be able to authenticate with the website.
libcurl is probably a good place to start.
I think Hank Gay's suggestion of using a library to handle the details is the best one, but if you want to "do it yourself", you need to open a socket to the web server and then send your data in the HTTP POST format which is described here. Authentication can mean a variety of different things, so you need to be more specific.
Unfortunately, all of the above three jobs involve a fair bit of complexity, so you need to break the question down into stages and come back and ask about each bit separately.
I am currently using libproxy to get the proxy information (if any) on RedHat and Debian Linux. It doesn't work all that well, but it's the only way I know I can use to get the proxy information from my code.
I need to stop using the lib since in most cases it doesn't recognize the proxy.
Is there any way to acquire the proxy information? What i mean is, is there a file (or group of files) i can read, or an env variable or an API or system call that i can use to get the information?
Gnome based code is OK, KDE might help as well but i am looking for something more generic.
The code is C.
Now, before anyone asks, I don't want to use libproxy anymore. Period. I don't want to start investigating why it doesn't work. I don't really want to know whether there is a new version of that lib. I know it might work, I just don't want to use it. i can't use it (just because). So please don't point me that way.
Code is appreciated.
thanks.
In linux, the "global proxy setting" is typically just environment variables that are usually set in /etc/profile. You can examine those variables to see what proxy is set.
The variables are:
http_proxy - the proxy for HTTP connections
ftp_proxy - the proxy for FTP connections
Using the Network Proxy Preferences tool under Gnome saves information in the GConf database. The path to the keys are /system/http_proxy and /system/proxy. You can read about the detail in those trees at this page.
You can access the GConf database using the library API. Note that GConf is based on GObject. To examine the contents of this tree using the command line, try the following:
gconftool-2 -R /system/http_proxy
This will provide a "name = value" listing of the tree, which may be usable in your application. Note that this requires a system() call, so it's not recommended for a deployed application, but it might help you get started.
GNOME has its own place to store the Proxy settings, and I am sure KDE or any other DE has its own place too. May be you can look for any mention of where Proxy settings should be store in the Linux Standard Base. That could hint you a standard of doing it irrespective of Distro or DE.
DE -> Desktop Environment
char* proxy = getenv("all_proxy");
This statement puts the value of the environment variable called all_proxy, which is used by the system as a global proxy, in your C variable.
To print it in bash, try env | grep 'all_proxy' | cut -d= -f 2.