VIVEK SHAH

011011010010000001100001011001000110010001101001011000110111010001100101011001000010000001110100011011110010000001101010011000010111011001100001 Click Here

Custom Search

Overview

This page describes the installation of the Win32 version of Apache with the mod_ssl extension. The newest version should always be available from http://tud.at/programm/apache-ssl-win32-howto.php3.

This process worked for many people on Windows NT, 98, ME, 2000 and XP; please mail me your suggestions and bug reports. You can even install Apache with SSL in addition to the Microsoft Internet Information Server if you need to.

Note: sometimes, there are changes between the precompiled apache distributions so that this HOWTO is not correct anymore. In this case, if the current version does not work for you, download an older version - one that was published before the modification date of this HOWTO. Or, if you like adventures, try to make it run, and mail me if you needed to change anything.

Apache with mod_ssl seems to be the only free (as in speech, not in beer) solution for Win32. Please note that Apache on Win32 is considered beta quality as it doesn't reach the stability and performance of Apache on Un*x platforms.
1.: Installing Apache

Get the Win32 version of the Apache web server from one of the mirrors. It is called something like apache_x_y_z_win32.exe. This is a self-extracting archive that contains the Apache base system and sample configuration files.

Don't mix Apache versions 1.3 and 2! It won't work. If you find 1.3.x on modssl.org, you cannot expect it to work with 2.0.x.

Install Apache as described in http://www.apache.org/docs/windows.html.
For Linux, to install Apache 2.0.42 with mod_sll installed, I performed the following steps:

I used http://httpd.apache.org/docs-2.0/install.html as a reference.

$ lynx http://www.apache.org/dist/httpd/httpd-2.0.42.tar.gz
$ gzip -d httpd-2.0.42.tar.gz
$ tar xvf httpd-2.0.42.tar
$ ./configure --enable-mods-shared=most --enable-ssl=shared
$ make
$ make install
If you're using Apache 2.0.42 with Tomcat, you can download the binary mod_jk.so from http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-2.0.42.so. After downloading, put this file into your modules directory and rename it mod_jk.so. Click here for more information on configuring Apache and Tomcat.

Note: You can skip this step and get a full Apache+SSL distribution from modssl.org, as described below. There will be no fancy installation program but you won't need to overwrite the stock Apache files. This is the better way if you are experienced and don't fear editing configuration files (which you will need to do anyway).

Change at least the following parameters in Apache-dir/conf/httpd.conf:
[Replace all occurences of www.my-server.dom with the real domain name!]

* Port 80 to # Port 80 (Comment it out; Port is not necessary, Listen overrides it later.)
* (if not in addition to IIS) Listen 80
* Listen 443 (So your server listens on the standard SSL port)
* ServerName www.my-server.dom
* (if in addition to IIS) DocumentRoot and the corresponding to your Inetpub\wwwroot

Install the Apache service (NT only) and start the server. Verify that everything works before proceeding to the SSL installation because this limits the possible errors.

Try http://www.my-server.dom:443/. It won't be encrypted yet but if this works then the port configuration (port 443) is right.
2.: Getting OpenSSL and mod_ssl

Go to http://www.modssl.org/contrib/ and find a file called like Apache_X-mod_ssl_Y-openssl_Z-WIN32[-i386].zip. (You can get the 2.0.42 version at http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip, older packages are also available at http://hunter.campbus.com). Download and unzip it to a new directory.

If you need the newest version, you will have to compile it yourself if it is not there. Don't ask me about it; I don't have it, I don't compile the versions on modssl.org, and I don't have access to development tools on Win32.

Copy the files ssleay32.dll and libeay32.dll from the Apache/modssl distribution directory to WINNT\System32. This is important! About 70 % of the e-mails I receive is because people forget to do this.

Download and install Cygwin from http://www.cygwin.com.

You'll need a config file for openssl.exe. If you are using Cygwin, one will already exist for you. If you don't want to install Cygwin, there is an openssl.exe application in the OpenSSL distribution.
3.: Creating a test certificate

The following instructions are from http://www.apache-ssl.org/#FAQ.

openssl req -new -out server.csr
This creates a certificate signing request and a private key. When asked for "Common Name (eg, your websites domain name)", give the exact domain name of your web server (e.g. www.my-server.dom). The certificate belongs to this server name and browsers complain if the name doesn't match.

openssl rsa -in privkey.pem -out server.key
This removes the passphrase from the private key. You MUST understand what this means; server.key should be only readable by the apache server and the administrator.
You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don't want this.

If you have users with MS Internet Explorer 4.0+ and want them to be able to install the certificate into their certificate storage (by downloading and opening it), you need to create a DER-encoded version of the certificate:
openssl x509 -in server.crt -out server.der.crt -outform DER

Create an Apache/conf/ssl directory and move server.key and server.crt into it. For Linux create two directories: ssl.key and ssl.crt. Move server.crt into ssl.crt and move server.key into ssl.key.

Tip from Olivier Gambier:
You can't create a certificate with openssl.exe without a config file (you get an error about distinguished names). Thus if the variable OPENSSL_CONF is not defined (and I didn't find it in your doc, nor I found a conf file in the distrib I downloaded), you must add: "-config configfile" to the certificate creation command, and create a valid "configfile" I found the information, among with the error message meaning, from http://www.openssl.org/docs/apps/req.html.
4.: Configuring Apache and mod_ssl

Copy the executable files (*.exe, *.dll, *.so) from the downloaded apache-mod_ssl distribution over your original Apache installation directory (remember to stop Apache first and DO NOT overwrite your edited config files etc.!).

Find the LoadModule directives in your httpd.conf file and add this after the existing ones, according to the file you have found in the distribution:

LoadModule ssl_module modules/ApacheModuleSSL.dll
or
LoadModule ssl_module modules/ApacheModuleSSL.so
or
LoadModule ssl_module modules/mod_ssl.so
in newer versions. (Use this for 2.0.42 on Windows, on Linux, this will be done for you when you compile with --enable-ssh=shared)

In newer versions of the distribution, it could also be necessary to add
AddModule mod_ssl.c
after the AddModule lines that are already in the config file. (Not necessary for 2.0.42)

Copy ssl.conf from the OpenSSL distrution to Apache/conf/. For Windows, you can download from http://www.raibledesigns.com/tomcat/ssl.conf (Right click -> Save Target As...). Make sure and change the DocumentRoot and ServerName values on lines 93 and 94.

Add the following to the end of httpd.conf:

# see http://www.modssl.org/docs/2.4/ssl_reference.html for more info
SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none

ErrorLog logs/ssl.log
LogLevel info
# You can later change "info" to "warn" if everything is OK


SSLEngine On
SSLCertificateFile conf/ssl/server.cert
SSLCertificateKeyFile conf/ssl/server.key


Don't forget to call apache with -D SSL if the IfDefine directive is active in the config file! In other words, either start Apache from the command line with -D SSL or comment out the IfDefine start/end tags in ssl.conf.

NOTE: When using SSL with multiple Virtual Hosts, you must use an ip-based configuration. This is because SSL requires you to configure a specific port (443), whereas name-based specifies all ports (*). You might the following error if you try to mix name-based virtual hosts with SSL.

[error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

You might need to use regedit to change the key HKEY_LOCAL_MACHINE\SOFTWARE\Apache Group\Apache\X.Y.Z to the correct number if the apache.exe from modssl.org/contrib is not the same version as the previously installed one. (This seems not to be necessary with recent versions.)

Start the server, this time from the command prompt (not as a service) in order to see the error messages that prevent Apache from starting. If everything is OK, (optionally) press CTRL+C to stop the server and start it as a service if you prefer.

If it doesn't work, Apache should write meaningful messages to the screen and/or into the error.log and SSL.log files in the Apache/logs directory.
If something doesn't work, set all LogLevels to the maximum and look into the logfiles. They are very helpful.

DON'T e-mail me or the other contributors without having plain Apache installed (Step 1). We will ignore your request; we are not the Free Apache Helpdesk and there is enough good documentation on configuring Apache; if that is not enough for you, you shouldn't run a secure server anyway. Also, DON'T e-mail without having looked into the error.log and SSL.log with LogLevel set to Debug.
Debugging connect problems

Problems connecting to the server with a browser can have many reasons, many of them on the client (proxy, DNS, general IE dumbness).

So, if you encounter problems connecting with SSL, try another browser and/or look into the settings. If even this doesn't work, you can use OpenSSL to debug the problem.

bb@www$ openssl s_client -connect no-such-machine:443
gethostbyname failure # Error resolving this DNS name. Connect with the IP address.
connect:errno=2

bb@www$ openssl s_client -connect www1.tud.at:443
connect: Connection refused
connect:errno=111
# No SSL server on this port. Double-check the Listen and Port directives.

bb@www$ openssl s_client -connect apcenter.apcinteractive.net:443
# everything OK. OpenSSL shows the information it obtained from the server.
CONNECTED(00000003)
depth=0 /C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/Email=bb@apcinteractive.net
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/Email=bb@apcinteractive.net
verify return:1
---
Certificate chain
0 s:/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/Email=bb@apcinteractive.net
i:/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/Email=bb@apcinteractive.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC0TCCAjoCAQAwDQYJKoZIhvcNAQEEBQAwgbAxCzAJBgNVBAYTAmF0MQ0wCwYDV
[...]
9ucXUnk=
-----END CERTIFICATE-----
subject=/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/Email=bb@apcinteractive.net
issuer=/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/Email=bb@apcinteractive.net
---
No client certificate CA names sent
---
SSL handshake has read 1281 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 49ACE1CF484A67D2C476B923D52110A6FCA1A7CE53D76DF7F233DEBF2333D4FB
Session-ID-ctx:
Master-Key: 00E9FA964253752294ECD69C18ADBA527B7170C112E2B3BCB25EA8F4FD847EC46E1FF0194EF8E16985B5E38BF6F12131
Key-Arg : None
Start Time: 980696025
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[Enter:
GET / http/1.0
and press RETURN twice]
http/1.1 200 OK
Date: Sun, 28 Jan 2001 15:34:58 GMT
Server: Apache/1.3.9 (Win32) mod_ssl/2.4.9 OpenSSL/0.9.4
Cache-Control: no-cache, no-store, must-revalidate, private
Expires: 0
Pragma: no-cache
X-Powered-By: PHP/4.0.4
Last-Modified: Sun, 28 Jan 2001 15:35:00 GMT
Connection: close
Content-Type: text/html



# the server shows its main document

Common problems

Q: I see the following when starting Apache:

Syntax error on line [some number] of ...httpd.conf
Cannot load apache/modules/mod_ssl.so into server
(126) The module could not be found:


A: Did you copy the openssl DLLs to WINNT/SYSTEM32 (or WINDOWS/SYSTEM on Win9x/ME)?
You can verify this by copying openssl.exe into a directory of its own and executing it. If it complains about not being able to find some DLLs, then you haven't copied them into the correct directory.
One user told me that he had this problem even when he did everything right. He then found the problem: corrupt openssl DLLs. So if you get this error despite having done everything correctly, try the openssl DLLs from another version from modssl.org/contrib.

Q: I see the following when starting Apache:

Syntax error on line [some number] of apache/conf/httpd.conf:
Cannot load apache/modules/apachemodulessl.dll into server:
(127) The specified procedure could not be found:

or:

Syntax error on line [some number] of apache/conf/httpd.conf:
Invalid command 'SSLMutex', perhaps mis-spelled or defined by a module not
included in the server configuration


A: You didn't add the AddModule line (or not where it belongs, it belongs below the other AddModule lines).

Q: SSL doesn't work in the browser and I see the following in some logfile:

[Fri Nov 16 15:46:30 2001] [error] OpenSSL: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking http to
HTTPS port!?]

A: How much clearer can an error message get? Your VirtualHost or Listen configuration is wrong.

Questions about Java servlets, OpenSSL compilation etc.

Don't ask us about installing servlet extensions, recompiling mod_ssl or Apache with EAPI, recompiled versions etc. We have no idea and won't be able help you. We are just users and not programmers.
If your needs are so special, you are better off with a Debian GNU/Linux or Ope

In this section we will see about how to find the child tables for a given parent table.
In many projects where we deal with databases, we would like to find the list of child tables for a parent table. A parent table will have a primary key and one or more child tables will be referencing the parent table using a foreign key. But how will you find the list of child tables referencing the parent table.
If you use oracle client like TOAD tool, we can easily find out the child tables. But is there any other way to find the same? yes we can find the list using oracle meta data tables. The following query will give the list of parent table name, parent column name, child table name and child column name.

SELECT a.table_name, c.column_name, b.table_name AS CHILD_TABLE, d.column_name, b.R_CONSTRAINT_NAME 
FROMuser_constraints a, user_constraints b, user_ind_columns c, user_cons_columns d 
WHERE a.constraint_type = 'P' AND 
a.CONSTRAINT_NAME = b.R_CONSTRAINT_NAME AND  
b.CONSTRAINT_TYPE = 'R' AND  
a.table_name = c.table_name AND
a.constraint_name = c.index_name AND  
b.CONSTRAINT_NAME = d.constraint_name AND  
a.table_name = ''TABLE_NAME"

In the above query substitute the required table name at the end of where clause to find the list of child tables for the given parent table.

substitute "TABLE_NAME" with your parent_table_name

Often you may be faced with a requirement to optimize a sql query(increase query running time) to be executed in oracle database. Query Optmization in general is a huge topic to discuss. Let me provide some basic steps to be followed while optimizing a sql query.
1. If the query has only one table and certain where conditions, then try to index the columns given in the where condition. By default primary key columns are indexed. Then try to reorder the set of where conditions based on number of rows for the column values in descending order.
2. If the query contains more than one table (joins), first try to order the tables in descending order (number of rows) in the 'from' clause. Then try to reorder the set of where conditions based on number of rows for the column values in descending order. Try executing the sql query in TOAD to get the explain plan and then find the tables which are taking more time to retrieve rows in explain plan and index the required columns in those tables.
3. Try using sql hints to make the query execution faster. Let see some of the common hints available in oracle
ORDERED - This hint will execute the query in the same order of tables.
SELECT /*+ ORDERED */   FROM employee e
INDEX(tablename indexname) - this hint will force the system to use the particular index while executing the query
SELECT /*+ index(e emp_pk) */   FROM employee e
USE_NL(table1, table2) - this hint will use nested loop joins to join table1 and table2.
SELECT /*+USE_NL(a,sn) */  FROM employee e,DEPARTMENT D
WHERE E.DEPT_ID = D.DEPT_ID
We can also use more than one hint in a single query as follows.
SELECT /*+ORDERED USE_NL(a,sn) */  FROM employee e,DEPARTMENT D
WHERE E.DEPT_ID = D.DEPT_ID
Oracle DBMS will optimize every query it receives for execution. But if you are not satisfied with the default optimization done and query execution time you can follow the above steps to optimize your query.

An IP (Internet Protocol) address is as unique to a computer as a fingerprint is to us. An IP addressenables one networked device to talk to the next. The downside of this inter-connectedness is that a logical location provided by the IP address is an open arms invitation to spammers and hackers. The art of war necessitates the importance of knowing who your ‘attacker’ is. Being able to trace an IP address to a PC is a direct way to remove the cloak of anonymity from a computer communicating with your own.
An IP address is a series of digits separated by dotted decimals and represented from 0.0.0.0 to 255.255.255.255. Currently we are following theInternet Protocol Version 4 (IPv4), although the successor ‘version 6’ has been standardized.
A good hacker will take steps to prevent his IP from being revealed. A spammer might hide behind a proxy server. It is also important to remember that locating an IP address using online tools does not reveal the physical address of the guy on the computer. The basic tools merely tell us the location of the ISP providing the connection by using publicly available information. To go beyond that and actually nail down the guy sending you the dirty emails would require the law to be in the loop.

Stefan’s post on How to Trace Your Emails Back to the Source is required reading for a very useful application of IP address tracking. An interesting comment has been made by a reader who says that he uses IP address tracing to ‘find out the origin of potential customers who send e-mails and make inquiries through his company’s website’.
In the lines that follow, I am taking Stefan’s post as a stepping stone and extending it by listing sites which serve as tools to trace an IP address to a PC. Any one should be enough but is there any harm in bookmarking a few more?

Part 1: Trace an IP Address to the Country and City of Origin









This web service provides a whole range of geolocation services. Included tools are IP Lookup, Reverse IP lookup Email trace, Traceroute, Ping tool among others. Also of use is a handy link which you can use to get someone else’s IP. Field the IP address in the IP address location box and the results give you the geolocation info behind the address and a marker on a Google Map. A Firefox experimental add-on is also available from the Firefox Add-ons gallery.







A single field box for the IP address or host name, and the information follows. Geotool also uses Google Maps to depict the geographical location of the originating IP address. Geotool’sFirefox add-on shows a country flag representing the location of the current IP address (or website) and gives one click quick access to detailed location and web server information.







HostIP says that it’s a community driven project to resolve IP addresses. At present it has 8,886,729 entries in its database. You can contribute information to the database and the database is accessible to all. The site’s FAQ goes into the motivation behind the community project. The project is a buildup as an alternative to commercial geolocation databases. The site also provides a Firefox add-on which unfortunately, is not compatible with the latest version of the browser.







This Whois Lookup search service provides a spiffy domain name lookup service along with IP address searching. The information is comprehensive including contact data-like listed telephone numbers and email address of the hosting service. The Whois access is free while other domain tools (the Power Tools) come with the paid options.







A simple box and a simple IP address tracking service. You can also add the IP tracker to your website as a Google gadget.









IP-Address has three information pages which are of use to us – the homepage of IP-Address detects your IP, IP-Tracer locates the source of any IP address and Email Trace which nails the location of the senders IP address. With Email Trace, we simply need to paste the email header info in the box provided to get details about the sender.






The web service provides different web tools for IP addressing. With an input you can find the exact location of any IP address plus the OS used, DNS, IP address range of the country, country code and country flag. The integrated Geolocator and a world map narrows down to the city and country. Also included is a tool to check the validity of an email address. According to the site, its IP database is updated every 48 hours.

Part 2: How to Find Your Own IP Address

An IP address is akin to a home address but really, it is not as simple. Lots of geek speak and networking lingo would be required to explain what’s it’s all about. The 7 online tools covered not only give you the location of a foreign IP address but yours too as soon as you hit their landing page. There are many online services which decipher your IP address in a flash. Here are a few from the swarm -
That’s the quick and easy way. But what if you wanted to do it on your own using just your OS?
Here’s the how for Windows –
  • Go to Start – Run. Type in cmd to bring up the command prompt.
  • On the command prompt, type in ipconfig/all and hit enter.
    ip trace tools
  • Basic information of your network interfaces is listed along with your device’s IP address.
    ip trace tools
(Please note that your IP address may be static or dynamic depending on how the DHCP server that’s assigns the IPs is configured.)
The ISP service provider knows exactly where we are located. With the tools mentioned here, at best we can find the approximate area (even though a city is a large area!). It’s still useful…and sometimes it’s fun too.
Have you ever had to use IP tracking? Tell us why and how…

ANDROID ARCHITECTURE






















An Android system is a stack of software components. At the bottom of the stack is Linux – Linux 2.6 with approximately 115 patches. This provides basic system functionality like process and memory management and security. Also, the kernel handles all the things that Linux is really good at such as networking and a vast array of device drivers, which take the pain out of interfacing to peripheral hardware.


On top of Linux is a set of libraries including bionic (the Google libc), media support for audio and video, graphics and a lightweight database, which is a useful repository for storage and sharing of application data.


A key component of an Android system is the runtime – the Dalvik VM. This is not strictly a Java virtual
machine. It was designed specifically for Android and is optimized in two key ways. 
1. It is designed to be instantiated multiple times – each application has its own private copy running in a Linux process. 
2. It is also designed to be very memory efficient, being register based (instead of being stack based like most Java VMs) and using its own bytecode implementation. 

The Dalvik VM makes full use of Linux for memory management and multi-threading, which is intrinsic in the Java language.

The Application Framework provides many higher-level services to applications in the form of Java classes.
This will vary in its facilities from one implementation to another.

A key Android capability is the sharing of functionality. Every application can export functionality for use by
other applications in the system, thus promoting straightforward software re-use and a consistent user experience.

At the top of the Android software stack are applications. A number are supplied as standard. As mentioned,
each application may also expose some of its functionality for use by others. For example, the message sending
capability of the SMS application can be used by another application to send text messages.


APPLICATION DEVELOPMENT

1. DEVELOPMENT ENVIRONMENT

The standard Android development environment from Google is, as you might expect, Eclipse based, using a
plug-in to provide the necessary facilities. You need to define your target configuration by specifying an Android
Virtual Device. You can then execute code on either the host-based emulator or a real device, which is normally
connected via USB.

This environment only supports Android development on ARM-based target devices. Recently, however,
Mentor Graphics and others have ported Android to other processor architectures like MIPS.

2. PROGRAMMING MODEL

An Android application consists of a number of resources which are bundled into an archive – an Android
package. 

Programs are generally written in Java, built using the standard Java tools, and then the output file
is processed to generate specific code for the Dalvik VM. 

Each application runs in its own Linux process – 
an instantiation of the Dalvik VM – which protects its code and data from other applications. Of course, there are 
mechanisms for applications to transfer, exchange, and share data.



An application is a set of components which are instantiated and run as required. There is not really an
entry point or main() function

There are four types of application component: activities, services, broadcast receivers, and content providers.

Activity is the basic building block of every visible android application. It provides the means to render a UI. Every screen in an application is an activity by itself. Though they work together to present an application sequence, each activity is an independent entity. it is is a functional unit of the application, which may be invoked by another activity.
Service is another building block of android applications which does not provide a UI. It is a program that can run in the background for an indefinite period. it is is similar to an activity, except that it runs in the background without a GUI. 
An example of a 
service might be a media player that plays music while the user performs other tasks.
Broadcast Receiver i
simply respond to broadcast messages from other applications or from the system. 
For example, it may be useful for the application to know when a picture has been taken. This is the kind 
of event that may result in a broadcast message.
Content Providers 
supplies data from one application to others on request. Such requests are handled by 
the methods of the ContentResolver class. The data may be stored in the file system, the database or 
somewhere else entirely.
When you develop an Android application, you need to describe it to the system and this is achieved by means 
of a manifest file. This is an XML file called AndroidManifest.xml which is stored in the root folder of 
the application’s file system. 
This outline example of a manifest file includes the definition of a single activity called MyActivity:
                
                        
                        
                         . . .
                



The means of communication between the above mentioned components is through 
1. Intents
2. Intent Filters

When an Android application wishes to obtain some functionality from another application or from the system, 
it can issue an Intent
This is an asynchronous message that is used to activate an activity, service, or broadcast 
receiver. For an activity or service, the specific action and location of data is included.