profile image
Swati Rajput
Posts by Swati Rajput
article-img
Marketing & Commerce | April 22, 2019
Exposing an Application Level Security Bug
​​Today, we are going to discuss about a very common scenario which can compromise the security of your applications.Whenever developers do an authentication in any secured (HTTPS) application and we end up using any testing tool (burp/fiddler), password gets visible at application level. If you believe that exposed credentials are a risk to the application then you are correct. ​For example-  My application has username: swati and Password is password. This is how the credentials are exposed when I used Fiddler tool for intercepting request ​I have tested application using Fiddler tool and now explaining how it works. There are three component here in case 1- Client device, 2- Interceptor(Burp or Fiddler), 3- Application Sever. Step you might follow: 1 - You enter HTTPS enabled url in Browser and try to intercept in Fiddler, while you try to intercept. you will get fiddler prompt "HTTPS Decryption is disabled click to configure", and you clicked on that prompt and that will redirect you to Fiddler -> Options -> HTTPS, and you checked on Decrypt HTTPS traffic which will ask you to install Fiddler root certificate, and ask you to configure in windows. ​If you select yes then Windows prompt you with warning  like ​If you click yes, again windows will prompt: ​If you click on yes, then with your consent you trusting on fiddler certificate and added to your device. ​In Windows Certificate manager you are able to see fiddler added certificate ​In doing so, you explicitly begin to trust any certificate signed by Fiddler's root certificate. When you now make a https request, Fiddler will perform a Man in the middle attack with you. In all you trusted Fiddler to decrypt your HTTPS request, by enabling to install signed certificate in your device, which should not be happen in this...
article-img
Marketing & Commerce | November 14, 2018
Binary Sort Collation Campaign
​Today, I am writing about how different binary collations between databases affect Campaign sorting and result in an error. The 'Campaign' uses binary sort collation but this is not enough. I encountered a case where two databases (Oracle and Netezza) are using binary sort collation but still, it results in incorrect sort order. In the case, the input is taken from 1 database and this was made output to another database. ERROR Message encountered : [SORT ORDER] [THIS_CYCLE] Audience ID: Wrong sort order detected (Last ID > This ID)[SORT ORDER] [THIS_CYCLE] Audience ID: Wrong sort order detected (Last ID > This ID)Last ID: Name=FK_ROWID_ASSET, Type=8, Chars=100, Bytes=100, dbtype=17, prec=0, Value='02i0Y000001XOBiQAO'   Reason: This is because sort order of database is different from what Campaign expects. Although both databases have binary sort collation yet there is a difference between these two binary sort collations itself. One database is using ASCII format and the other one is using EBCDIC standard. In the ASCII standard, all uppercase letters appear before any lowercase letters. In the EBCDIC standard, the opposite is true: all lowercase letters appear before any uppercase letters. So, the way one database sorts are different from the way another database expects sorting to be. Hence it resorts them onto campaign server. That's why we get the wrong sort order error. If this is the case, there is no way we can avoid this error. This is as expected. Documents referred: https://docs.oracle.com/en/database/oracle/oracle-database/12.2/nlspg/linguistic-sorting-and-matching.html#GUID-68633595-DC95-4393-A6B8-146AD05F5FDF https://docs.oracle.com/cd/E17952_01/mysql-5.1-en/charset-binary-collations.html Swati Rajput I am a Technical Analyst with over 3+ years of experience in the IT and software industry, with a focus to help my clients do better and achieve better customer satisfaction.  I am currently a Technical Analyst for Marketing Suite at HCL.
article-img
Marketing & Commerce | October 23, 2018
Campaign Sort Orders
  This is Swati Rajput. I am getting started with my first blog today in which I am writing about various sort orders that a database has and what sort orders are specifically needed by Campaign. ​ If sort order of database is different than what Campaign needs, what parameters, configuration or commands need to be run on database to match those so that data sorting can be avoided on Campaign Server. Instead if appropriate sort orders are set , sorting of data would be carried on database which would be much faster. By default, Campaign Use Binary Sort order. In order to do proper sorting at campaign, set default character set as UTF-8, default character type as Unicode and sort order as Binary. Oracle Sort Orders: Default sorting order in oracle is binary. Execute this command to check various sorting techniques in Oracle: select * from v$nls_valid_values where parameter='SORT'; ​Sort order Sql Server​ More description: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc36273.1572/html/sprocs/X46017.htm DB2 sort order collate_info - Collating Information This parameter determines the database's collating sequence. For a language-aware collation, the first 256 bytes contain the string representation of the collation name (for example, SYSTEM_819_US). This parameter can only be displayed using the db2CfgGet API. It cannot be displayed through the command line processor or the Control Center. You can specify the collating sequence at database creation time. More description: https://www.codeproject.com/Articles/71612/Controlling-Collation-Order-On-DB https://www.ibm.com/support/knowledgecenter/en/SSEPGG_10.1.0/com.ibm.db2.luw.admin.nls.doc/doc/c0007183.html Teradata sort order: The Teradata Database offers five standard collation sequences in which data can be defined as CASESPECIFIC or NOT CASESPECIFIC. This affects how the five collation sequences collate and compare data. The five collations, determined either by default or explicit use of the SET SESSION COLLATION statement, are: •  ASCII •  EBCDIC •  CHARSET_COLL •  JIS_COLL •  MULTINATIONAL CASESPECIFIC or NOT CASESPECIFIC can be chosen at table definition time, or specified...
a/icon/common/search Created with Sketch.