How to encrypt password in PHP

Posted by Mycado on September 16, 2010 · 1 Comment 

For some reasons, I should start to write again some PHP scripts and I figured out something, most of websites don’t encrypt password at all. So if someone can get access to the database, he will have access to the full password list.. Not really secure.

In PHP we have a function called md5, you input a string and the function will returns the hash as a 32-character hexadecimal number based on the md5 algorithm (for more information you can read the RFC1321). This function is useful, but some website containing very huge databases with password and the corresponding md5. As we know, basic user always use the same kind of password “azerty”, “hello”, birthday date, dog’s name,.. So it’s not so difficult to find the md5 with a brutforce attack.

So we will do something more, is to add a “salt” at the beginning and at the end of the string, to prevent rainbow table attack. This is already a good way to slow down the bruteforce.

<?php
$password = "bonjour";
$salt1 = "ksn9é)-FvZ8";
$salt2 = "1=YCox3oàç";
$hash = md5($salt1.$password.$salt2);
unset($password);
?>

We also can secure a little bit more, with adding multiple md5 iterations:

<?php
$password = "bonjour";
$salt1 = "ksn9é)-FvZ8";
$salt2 = "1=YCox3oàç";
$iteration = 100;
for($v=0;$v<$iteration;$v++) {
   $hash = md5($hash.$salt1.$password.$salt2);
}
unset($password);
?>

This is maybe not the most secure solution, but seems it’s really enough for most of the programmers and still better than plain password :-)

Filed under IT · Tagged with , ,

Watch CCTV9 streaming on your computer

Posted by Mycado on August 16, 2010 · 3 Comments 

After some weeks, I finally found how to watch CCTV9 (Chinese TV, in English), on my computer. CCTV provide a free streaming flux on his website. But actually, they use a .. windows script to show the video. So, just show the source and we have what we want:

CCTV.com

CCTV.com

Filed under China, IT · Tagged with

DB2 Data compression

Posted by Mycado on August 14, 2010 · Leave a Comment 

Disk storage is not cheaper, take place, make noise, so, for large warehouses (or huge volumes database), the cost of the storage become important. IBM DB2 have a solution, with the data compression named “Venom” technology, reducing storage requirements, improving I/O, and providing quicker data access from the disk.

DB2 uses a dictionary based algorithm for compressing data records. DB2 9 will scan tables, and search for duplicate occurrences, then assign a short numeric key to each entries. You will understand better with a picture:

Compress data

Compress data

Each new occurences of “Sophie”, “New York”, “IBM US”, will be respectively assign to “(01)”, “(19)” and “(09)”. This is very useful on large table. Each time a new row is added to the table, DB2 will automatically compress these new data.

Seems to be good, let’s try on our DB2 now. To enable the compression, we should turn on the “COMPRESS” option on the table.

CREATE TABLE Users COMPRESS YES

or use alter if the table is already created:

ALTER TABLE Users COMPRESS YES

Typically, we can save an average ratio of 45 to 75 percent of our storage space. Next time, we’ll see how to use the inspect tool, to determine the compression ratio.

Filed under IT · Tagged with , ,

Customize your DB2 CLP prompt

Posted by Mycado on July 25, 2010 · Leave a Comment 

You have a nice DB2 CLP prompt, looks like “db2>”, but you want more, you want a efficient prompt. It is possible with DB2 to add or modify your CLP ! DB2 have a registry variable named DB2_CLPPROMPT which allows us to define the prompt to be used in the CLP interactive mode.

To define this variable, let’s use the DB2set command:

Db2set DB2_CLPPROMPT="db2isgreat> "

Our new DB2 Prompt will be “db2isgreat> “. It’s much more better, but we can do more. DB2_CLPPROMPT registry variable can contain the tokens %n, %ia, %d, %da and %i:

  • %n – New line
  • %ia – Authorization ID of the current instance attachment
  • %d – Local alias of the currently connected database
  • %da – Authorization ID of the current database connection
  • %i – Local alias of the currently attached instance

Now, let’s try with these tokens:

Db2set DB2_CLPPROMPT="%ia@%i, %da@%d> "

With an instance attachment to instance “DB2″ with authorization ID “mycado”. Database “sample” with authorization ID “mycadoax”, will return something like:

MYCADO@DB2, MYCADOAX@SAMPLE >

You can now everytime where you are, and one which instance/database you’re working on.

Filed under IT · Tagged with , ,

Let’s start with JCL

Posted by Mycado on July 21, 2010 · Leave a Comment 

You probably know PHP, Java, C, and lot of other programming languages, but what about JCL ? No, it’s not about Java, it’s about Job Control Language a scripting language used on mainframe to instruct the system on how to run a batch job. It is possible to submit JCL for batch processing or directly by to start a JCL procedure (PROC). JCL is very important to create, check, correct and run the daily batch workload.

It’s easy, you have three basic statements:

  • JOB: Provides a name (jobname) for the batch.
  • EXEC: Provides the name of a program to execute.
  • DD: For Data Definition, provides inputs/outputs to the program.

Let’s see a JCL example:

//MYJOB     JOBTES 1
//MYSORT    EXEC PGM=SORT
//SORTIN    DD DISP=SHR,DSN=SUP01.TAB.TEST
//SORTOUT   DD SYSOUT=*
//SYSOUT    DD SYSOUT=*
//SYSIN     DD *
SORT FIELDS=(1,4,CH,A)
/*

Now, try to understand what’s happen here.

  • MYJOB is the jobname associates to the workload, here it’s “JOBTES”.
  • MYSORT is the stepname, which ask the system to execute a program called “SORT”.
  • SORTIN is the program input, here with the DSN (Data Set Name) SUP01.TAB.TEST, and the dataset can be shared (DISP=SHR).
  • SORTOUT is the SORT program output.
  • SYSOUT specifies to send system output to JES (Job Entrey Subsystem), but it’s also possible to send the outpu to a dataset.
  • SYSIN tell the SORT program which fields of the SORTIN data records are to be sorted.

Enough for the moment, JCL is quite hard at beginning !

Filed under IT · Tagged with , ,

Queries on XML data with XQuery

Posted by Mycado on July 16, 2010 · Leave a Comment 

We know how to store native XML data in our DB2 tables, and now we will see how we can access to these data. We can choose between standard SQL queries and XQuery.. or both ! The first solution, with a SQL query, only query at the column level of your table; this query will return the full XML data. The second solution, with XQuery, allow us to make a “query” inside our XML data.

For the SQL query, nothing more than a SELECT:

SELECT id, info from client

Easy, but not really powerful for XML data, let’s try with XQuery, who give us two functions for DB2. db2-fn:sqlquery and db2-fn:xmlcolumn. The first function retrieves a sequence that is the result of an SQL fullselect and the second retrieves a sequence from a column. One important thing you should keep in mind, SQL is not a case-sensitive language alors que XQuery is a case-sensitive language.

An example which return all the XML data from the “info” column:

XQUERY db2-fnxmlcolumn ('CLIENT.INFO')

Which is same as this SQL query:

SELECT info FROM client

Let’s see something more nice. This query will return all the elements in <name> , inside the “info” column, and with the <city> element which containt “Paris”:

XQUERY declare defaut element namespace "http://posample.org";
for $d in db2-fn:xmlcolumn('CLIENT.INFO')/clientinfo
  where $d/addr/city="Paris"
return <out>{$d/name}</out>

db2-fn:xmlcolumn retrieves the data from the “info” column in the “client” table. We add a $d variable, for each element of <clientinfo>, and we use a where to filter the <city> element which should be “Paris. To finish, we use <out> to output the data:

<out xmlns="http://posample.org">
  <name>Sophie Bool</name>
</out>

To finish, the same example with a SQL query inside the XQuery:

XQUERY declare default element namespace "http://posample.org";
for $d in db2-fn:sqlquery('SELECT info FROM client')/clientinfo
  where $d/addr/city="Paris
return <out>{$d/name}</out>

Enough for today, we will see next time how to do more complex and more powerful query with XQuery !

Filed under IT · Tagged with , , ,

Store native XML in a DB2 table

Posted by Mycado on June 29, 2010 · 1 Comment 

IBM DB2 is the first RDBMS to provide a native XML facility, in a table. You will be able to insert in a column, some XML data. It will be easier to make direct requests to these data with XQuery.

So, it’s funny, but why it’s interesting to do that ? Because XML data are hierarchic (instead of relational data which are flat) and data self-describing through XML tags. XML also allows a better flexibility for data structures required to change very often. In the other hand, access time performances will be a little slower, we lose the integrity constraints, and OLAP queries will be more difficult. The important question is “Which flexibility-performance ratio do you need ?”.

Let’s start now with the creation of a database, which should be encoded with UTF-8, to store XML. For that, we use the CREATE DATABASE command:

CREATE DATABASE xmldb USING CODESET UTF-8 TERRITORY US

We have our table, now we should create the “client” table, with an “info” column who contain client information, in XML format:

CONNECT TO xmldb
CREATE TABLE client (id INT, info XML)

Let’s try to insert a new client with a SQL query:

INSERT INTO client (id, info) VALUES (1, '<clientinfo xmlns="http://posample.org" Cid="1"><name>Sophie Bool</name><addr country="France"><street>5 rue du chateau de stable</street><city>Paris</city></addr><phone type="work">01 72 92 02 88</phone></clientinfo>')

The first thing you will told me is this query is a normal SQL query, and this is right, insert XML isn’t more difficult. The second thing is about the XML, here we have a short XML data, but if we have more, it will be very difficult to use. This why, we will use XQuery to manipulate these data or use a XDS import. I’ll come back soon on these points.

Filed under IT · Tagged with , ,

« Previous PageNext Page »