Browsed by
Author: Kenneth Holter

Storing valid, sanitised HTML in database to mitigate malicious code injection

Storing valid, sanitised HTML in database to mitigate malicious code injection

Comments 0 Comment

In a typical cross-site scripting (XSS) attack, the hacker submit a HTML form which include malicious code. When another user visit the page in which this data is rendered, the malicious code is executed. There are at least a couple of ways to mitigate this risk: When the hacker submit the HTML form, any malicious code is removed before storing the data in the database When retrieving data from the database, removing any malicious code before rendering it on the…

Read More Read More

Custom CSS on SharePoint Online sites

Custom CSS on SharePoint Online sites

Comments 0 Comment

We’ll be using SharePoint Online as platform for our upcoming intranet. As Microsoft currently doesn’t support much visual tweaking, we were looking to apply our own CSS to the intranet related SPO sites. Applying Custom CSS is not supported, so we were looking for a workaround until Microsoft hopefully does enable this in the future. Although not supported, and likely not even recommended, we got our custom CSS up and running by creating an application customizer, based on the official…

Read More Read More

Updating Jenkins CI behind corporate firewall

Updating Jenkins CI behind corporate firewall

Comments 0 Comment

Our Jenkins CI server (https://jenkins.company.com) doesn’t have access to Internet (neither directly nor through a proxy), yet we need to update both Jenkins itself as well as the Jenkins plugins. We’ve set up another of our servers, https://jenkins-repo.company.com, as a Jenkins mirror site, which on a regular basis runs this command in a cron job: The /srv/mirrors/jenkins folder is hosted by Nginx. As the rsync’ed files contain references to https://updates.jenkins.io, Jenkins will try and contact https://updates.jenkins.io when downloading the updated…

Read More Read More

REST API entry points to a message based, event driven architecture

REST API entry points to a message based, event driven architecture

Comments 0 Comment

A while back I started working at an IT department that didn’t really have much in-house development, and thus didn’t have any integration architecture defined. I set out to look into our business needs along with potential architectures. I’d been a great fan of message based, event driven architecture, and found that to be a good fit for our needs. One of my first projects was quite simple – the user would visit one of our internal websites and submit…

Read More Read More

Using AWS Cognito to authorize access to API Gateway

Using AWS Cognito to authorize access to API Gateway

Comments 0 Comment

I’m writing a simple web application that at the moment basically does this: In the web app, users log in The web app contacts AWS Cognito for user authentication. In AWS Cognito, I’ve set up a user pool, think of it as a database, in which my users are stored. When a user sign in, AWS Cognito checks the user pool to verify the password. AWS Cognitor responds with different JWT tokens, including an ID token for the user The…

Read More Read More

Setting up Visual Studio for developing SharePoint online site provisioning software

Setting up Visual Studio for developing SharePoint online site provisioning software

Comments 0 Comment

We’re in the process of setting up SharePoint Online as our Intranet platform, and are looking to automate site creation using something like Azure Functions. Currently, I’m developing the business logic for creating the new sites, including setting the correct permissions, theme, links and so forth. I’m using Visual Studio for this project. I’m new to both SharePoint Online as .NET, and as tutorials on setting up Visual Studio with regards to SharePoint Online provisioning seems to be lacking, I…

Read More Read More

Modifying cn=config in OpenLDAP without rootDN password

Modifying cn=config in OpenLDAP without rootDN password

Comments 0 Comment

Using a configures “admin” user and the corresponding password, I successfully created a bind user uid=bind_user,ou=users,dc=work,dc=com on an OpenLDAP server. The bind user needed escalated privileges, but as the cn=admin,dc=work,dc=com user didn’t have write access to the cn=config database, all my efforts running commands such as ldapmodify on the bind user, resulted in this error message: I didn’t have access to the rootDN password, so I was kind of stuck for a while. Then I was advised to try ldapvi,…

Read More Read More

React: Auto scroll when overflow

React: Auto scroll when overflow

Comments 0 Comment

I recently had an issue with an React app, in which contents was added to the bottom of an area – a <div> element with the CSS property overflow: scroll; set – on the screen. I wanted the app to automatically scroll to the latest element. I found this post on StackOverflow which seemed to be what I needed, and while the auto scroll feature did work it was kind of our of sync with the content. I figured the…

Read More Read More

Docker automatically stopped

Docker automatically stopped

Comments 0 Comment

This morning I found that the Docker service on one our linux servers for no apparent reason had stopped. From the entries in syslog I could see that Docker had been going up and down since about 06:34 in the morning. Extract from syslog: I came across https://www.claudiokuenzler.com/blog/689/rancher-error-response-from-daemon-dockerd-deleted-no-such-file-or-directory, and from the comment section there I was led to check what the unattended upgrades had been doing this morning, and found this: On this particular linux server we don’t really wish…

Read More Read More