What Are Some Ways to Prevent MITM Attacks or Other Session Exploitative Attacks with a Web Page That Uses JavaScript?

0 Comments

Problem scenario
You know that sessions of a JavaScript can be exploited in today’s world. This category of vulnerability is related to imperfections in authentication and is listed as the #2 biggest web application security risk as of June of 2020 (according to OWASP). What are some techniques to stop such attacks from happening when designing a website that uses JavaScript?

Possible Solution #1
Ensure cookie information is passed using connections that leverage HTTPS (as paraphrased from page 23 of Node.js Security by Liran Tal).

Continue reading “What Are Some Ways to Prevent MITM Attacks or Other Session Exploitative Attacks with a Web Page That Uses JavaScript?”

How Do You Troubleshoot the Hadoop Message “Exception in thread “main” java.nio.file.AccessDeniedException: /home/jdoe/./mapper.py”?

0 Comments

Problem scenario
You are trying to run a hadoop command (to kick off a mapreduce job). But you get this error:
“Exception in thread “main” java.nio.file.AccessDeniedException: /home/jdoe/./mapper.py”

What should you do?

Solution (short version)
Change to a directory where the user can write files to. Retry the command.

Solution (long version)
Create a directory that is owned by the user and the group associated with the user that is running this command.

Continue reading “How Do You Troubleshoot the Hadoop Message “Exception in thread “main” java.nio.file.AccessDeniedException: /home/jdoe/./mapper.py”?”

What Are Some Ways to Prevent XSS Attacks with a Web Page That Uses JavaScript?

0 Comments

Problem scenario
You know that cross-site scripting (aka XSS) attacks are a big concern in today’s world. OWASP places XSS security risks as the seventh biggest web application risk as of June 2020. What are some techniques to stop such attacks from happening when designing a website that uses JavaScript?

Possible Solution #1
Have the HTML and JavaScript validate and escape regularly throughout the code.

Continue reading “What Are Some Ways to Prevent XSS Attacks with a Web Page That Uses JavaScript?”

How Do You Change the Version of Python that Ansible Uses?

0 Comments

Problem scenario
You are using Ansible with -vvv to see what Python version it is using. (Or you use ansible –version.) You see an incorrect version of Python being used.

You tried ansible_python_interpreter=/usr/bin/python3 in your playbook and in the ansible.cfg file. Neither worked.

What should you do?

Solution
In the playbook, find the hosts stanza. Underneath it use this (where python3 is the version you want and “/usr/bin” is the path to it):

vars:
ansible_python_interpreter: /usr/bin/python3 …

Continue reading “How Do You Change the Version of Python that Ansible Uses?”

How Do You Troubleshoot Ansible Errors about SELinux?

0 Comments

Problem scenario
You have Python 3 installed, but you do not have pip3 installed. One of the following also apply to your situation:

Problem scenario #1
You run an Ansible playbook. You receive the error message “Aborting, target uses selinux but python bindings (libselinux-python) aren’t installed.”

Problem scenario #2
You run an Ansible playbook.

Continue reading “How Do You Troubleshoot Ansible Errors about SELinux?”

How Do You Get the libselinux-python to Work with Python 3?

0 Comments

Problem scenario
You have Python 2 and Python 3 installed. When you run Python 3 programs, you get an error message about selinux. The message is consistent with libselinux-python not being installed.

When you enter the Python interpreter for Python 2, you can run this command without errors: import selinux

But when you enter the Python interpreter for Python 3 (e.g., python3), you get errors when you run this command: import selinux

Security of the server is not critical,

Continue reading “How Do You Get the libselinux-python to Work with Python 3?”

How Do You Fix a Python Program that Returns “Killed”?

0 Comments

Problem scenario
You are trying to write a Python program. It returns “Killed” on a Linux terminal. How should you fix this?

Possible Solution #1
“Aside from running time, the memory space occupied by a program is a principal cost.” (Taken from The Mythical Man-Month, page 238.)

Refactor your code. There is a programming method called “brute force” which is a reference to creating an exhaustive number of possibilities and processing those possibilities.

Continue reading “How Do You Fix a Python Program that Returns “Killed”?”