Category: Security

How to fix 404 errors in Laravel application authenication

Introduction

I am not a Laravel programmer by any stretch of imagination but I like to think that I am a pretty good engineer who can solve problems regardless of the situation. Recently I faced a situation where I was working with one of my clients on setting up a validated environment for their customers using a standard operating procedure (SOP). They had gotten the application developed from a third party vendor. Long story short, since their target market is highly regulated industry, they must have detailed and exhaustive documentation of all steps of setting up and tearing down of the computer systems.

It's not easy to write SOPs

There is a video where a father is asking his kids for some instructions to make a peanut butter and jelly sandwich. While for most of us making a peanut butter and jelly sandwich is highly intuitive and easy, for a person who doesn't know what is to be done, it can be stupefying. When we write instructions, we know a lot of things as we have already done the task successfully and assume that the reader is already aware of a lot of things that we know about and do not include those steps in our documentation.
Sometimes it is different. We miss some steps in our documentation and when someone else finds out and reports the gaps, we quickly make the change and do not update the documentation, hoping the problem will not recur. That exacerbates the actual problem. In case someone else has to reproduce the environment using those SOPs then they are basically stuck.
Therefore it is very important to have accurate and correct documentation updated. Admittedly, it is tedious and cumbersome, but in the long run it definitely is the right thing to do.

Laravel and Apache server

I had a Laravel application that was front ended by an Apache server and the backend was MySQL database. The developer had setup an instance and my job was to replicate the same using the SOP that they had built to ensure they are accurate and the process is predictable and repeatable. I followed the steps exactly as documented. I was able to get to the login screen. So far so good. But when I tried to log in using the test credentials, I was shown a 404 - Page not found error. Initially, I worked with the developer and they did something and fixed it. Interestingly, they failed to mention it to me what they did and neither was it documented in the SOP. So as it happened, I had to rebuild the server to try and get the SOP working. I again faced that issue and this time, instead of reaching out to the developer, I did my own research and Voila' I was able to solve the problem.
The research led me far and wide and in one of the forums I found the possible answer which suggested setting AllowOverride All on the parent directory of the application. In my case it was /var/www. The post suggested to set it at the main Apache configuration file. But I always try to localize these solutions and not make global changes if I can help it in order to keep the installation secure. So I added a Directory directive in the VHost configuration file which enables AllowOverride All for that VHost only while leaving the original configuration untouched.

Conclusion

They say that Laravel is a programming language for coding artists with elegant frameworks. But these issues are pretty simple and will be prevalent in all applications that require authentication. Why is this not better documented? More importantly why does the authenticate or login action in Laravel return a 404 error?
I wonder...

How to unblock file sharing on Windows

Have you ever come across a situation where you want to access another computer via itsFirewall Options UNC (\\computer-name\share) and came across a "Network Path not found" error? Although not too uncommon, this errors can puzzle you in cases where you know all the services required for file sharing are running. I faced this issue the other day and finally after a bit of tussle, I managed to solve the problem. We were trying to access a computer at one of our remote locations and it was giving this error. What made this even more puzzling was that local users were able to access the same computer by using the UNC path. We tried all we could and knew but still the error was the same.

Then I searched on the internet and found some references and a very useful knowledge base article (KB article number 840634) on Microsoft support website which addressed this issue. Apparently somebody had enabled the firewall and the firewall is designed to block File and Printer Sharing from any network and allow access only in the same subnet in its default configuration.

To allow file and print sharing on your computers from any network, follow the steps described below:

  1. Click on Start --> Settings --> Control Panel. If you are using the Windows XP Start Menu, you can find the Control Panel on the right side of the start menu.
  2. Category view: In the category view, click on the Security center and then click on Windows Firewall to open the Windows Firewall configuration window. In the Classic view, you will see the Windows Firewall icon.
  3. Ensure that the Do not Allow Exceptions check box is not checked on the General tab
  4. Click on Exceptions tab and highlight File and Printer Sharing and click on Edit...to modify the settings. The file and printer sharing is done through port number 445.Enable Port 445
  5. Highlight the TCP 445 and click on Change scope... or just double click to edit it. In the resulting screen, select whether you want to enable for any network for just your network or for a custom list of networks. In case you choose custom list of networks, you will have to manually enter each subnet you want to enable for it to work.
  6. Click OK your way out and now you should be able to access the computer(s) over the network using UNC path.

A word of caution: I don't recommend setting the scope to Any as is shown here. It means that anyone who can reach your network will be able to access the computer over the network. Either select just the subnet you are on or explicitly define the subnets that you know and trust that would be required to connect remotely using UNC path.

Elections in the new world

Context:

A long running episode has just turned an important page right now. Robert Mueller finally testified in front of the congress and as I expected provided almost nothing to the lawmakers outside his report. The focus of media and most of the public was around collusion and obstruction of justice. Indeed, that was the most newsworthy story but in my opinion not the main story or threat to the democracies of the world. It was only Rep. Adam Schiff brought out the question of integrity and security of elections. Director Mueller had already highlighted it in his monologue of a press conference in May 2019. How will the elections look like in the new world?

Subtext:

It is an important aspect that all the democratically elected governments of the

Elections
Elections in India

world should be really worried about. In fact there are questions being asked of the validity of the Brexit referendum vote and even some of the assembly Elections results in India. Now defunct Cambridge Analytica is being suspected as being involved and even instrumental in altering the outcome of both the results.

Just imagine if the Pakistani intelligence agency ISI decides to engage itself in Indian politics. It can ensure a party that is sympathetic towards Pakistan comes to power. Or even worse, it can ensure that an incompetent leader becomes the prime minister of India. That would be a disaster not only for India but to the stability of the region and I daresay, even the world. I can't think of India being ruled by Congress party led by an inept leader like Rahul Gandhi.

With the world becoming more and more digital and online, governments of the world should take infinitely more care about ensuring the data security and integrity to ensure fair and correct results. We all see in day to day life how easy it is to hack any computer system and bring it down. The private companies of the world realize it and spend a fortune on securing their IT infrastructure. The governments also should realize it. The bureaucrats must eliminate of reduce bureaucracy to a large extent and actually care about the security and integrity of the election process and the integrity of the results.

Conclusion:

It is very easy to ensure the security of elections in the new world if you think about it. First of all, Government must appoint competent people to key positions with reasonable autonomy to perform their function. As a result of strong and fair oversight, it will ensure that the right policies and procedures are implemented. Politicians must be kept at more than an arms length from the entire process. State of the art technology should be implemented. Most importantly, the people involved in the process at the grass roots level should be provided training and right incentives.

This is the just the starting point. But we don't have a lot of time to get it right. The bad actors are already off the blocks and the race is on!!!