Resetting Passwords

I bought an application a few years ago and I have always been able to login without any issues, however with this particular application I didn’t use a password manager to save the string needed in order to get back in. It is a paid application and the “forgot password” functionality didn’t work.

I could have contacted the original creators of the application, however being that my version was behind it would probably have taken days to get me back on line so I went ahead and did what most developers would do. Open the application and figure out the encryption function, cryptographic hash function, login signature in order to create a new password that then could be added to the database, at this moment the only thing I had was the encrypted password and the salt value.

Here is the end of the function that would encrypt the password to compare to what is in the database:

[php]
return  $salt . substr(sha1($salt . $password), 0, -$this->salt_length);
[/php]

With this information I was able to remove the salt valuable temporarily in order to access the application and update the password directly in the database. After accessing the application the password could be updated directly within the system.

Are you locked out of your application? Look at the database and find the login methods to figure out how you can update your database directly and maybe be able to get back in.

As always since you are dealing with the system directly ensure you have a back up of your data in the event that you need to revert the application completely.

photo credit: Yuri | cc

Spaces on linkTrackVars

When you us the linkTrackVars make sure that when you provide multiple parameters they are only separated by a comma and that there is spaces between each of the elements.

BAD:

s.linkTrackVars=’prop1, prop2, events’;

GOOD:

s.linkTrackVars=’prop1,prop2,events’;

For some odd reason Adobe has made this implementation part of their best practices but they haven’t highlighted the importance of having it all without spaces between each element.

Best Practices Source

large_23390123

Almost 3 Million users affected by the latest hack to Adobe.

Today Adobe released a bulletin stating that 2.9 million Adobe customer’s data has been stolen from their systems:

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

Reading some comments from around the web some people make the argument that with so much money Adobe should not have this kind of issues but the reality is that security is a very complex subject. We do not know details on how the data bridge was performed which it will be interesting to find out in the near future.

This hits close home since currently I am working on an application that requires extra care, specially with user’s data and altho the data can be encrypted there is always the risk of some trying to access data and it only takes decrypting one string in order to get the key to decrypt the rest.

photo credit: Kris Krug | cc

SXSW by the numbers

Source: @Mashable

SQL general error 1005 and errno 150

SQLSTATE[HY000]: General error: 1005 Can’t create table ‘mydatabase.#sql-c7c_81e’ (errno: 150)

My issue was that the Foreign Key didn’t match the type of field I was trying to use as reference.

id (source) = int(10) – unsigned

foreign = int(11)

Foreign here needs to be unsigned as well to avoid this type of errors.

id (source) = int(10) – unsigned

foreign = int(10) – unsigned