Digest authentication with Apache

This article is in continuation with previous and talks about setting up digest authentication with Apache.

There are few changes compared to the steps for Basic authentication.

1. Generating the password file for digest auth.

htdigest -c digest.txt secret prash

digest.txt is the password file, secret - the realm and prash is the username.

2. Create htaccess.acl under c:\wamp\www\digest-auth\ with following data

AuthUserFile C:\wamp\bin\apache\Apache2.2.11\bin\digest.txt
AuthName "Protected by Digest auth"
AuthType Digest
AuthDigestProvider file

<Limit GET POST>
require valid-user
</Limit>

‘AuthDigestProvider file’ is an additional property that needs to be mentioned for proper working of digest authentication.

3. And, last but not the least. Enable auth_digest_module by un-commenting the following line if its already commented in httpd.conf.

LoadModule auth_digest_module modules/mod_auth_digest.so

Reference : http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html

Setting up HTTP Basic authentication with Apache

Last week, I had a chance to setup our test Apache server for Basic and Digest authentication. The setup was required to verify few of the HTTP authentication related test cases.

I’m blogging it here so that I’ll not forget, if I need it again :)

I had WAMP Server v2.0  which included Apache v2.2.11 web server.

Setting up Basic authentication was straight forward.

1. Update http.conf by adding :

AccessFileName htaccess.acl .htaccess

An htaccess file can be used to modify the Apache configuration on a per-directory basis.

On some operating systems ‘htaccess.acl’ is not required. Ex, on Linux, you can just mention it as .htaccess. This is because, on Linux you can create a file with name .htaccess.

2. Add “Directory” tag into http.conf as shown below :

<Directory "c:/wamp/www/basic-auth/">
    Options None
    AllowOverride all
    Order Deny,Allow
</Directory>

c:/wamp/www/basic-auth/ is the folder which needs to be secured by the authentication scheme which we are trying to impose.

3. Next step is to create password file.

cd C:\wamp\bin\apache\Apache2.2.11\bin
htpasswd -c pwd.txt prash

This prompts for the password for the username – ‘prash’. After supplying the password we will be ready with the password file – ‘pwd.txt’ under ‘C:\wamp\bin\apache\Apache2.2.11\bin’.

4. Create the htaccess file - ‘htaccess.acl’ file with the following data.

AuthUserFile C:\wamp\bin\apache\Apache2.2.11\bin\pwd.txt
AuthName "Protected"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

This specifies which password file need to be considered for the authentication – ‘C:/wamp/bin/apache/Apache2.2.11/bin/pwd.txt’ also the type of authentication scheme – Basic.

Place this file under the folder ‘c:/wamp/www/basic-auth/’ along with other live data and restart the server.

Now, try accessing the folder http://localhost/basic-auth. This should prompt for username and password.

Reference : http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html

Making my blog 'Mobile Friendly'

Being part of mobile software industry and that too working for S60 Browser research team, I desperately wanted to make my blog mobile friendly.

Unfortunately Blogger, where this blog is hosted lacks this service. This would be a very nice and really useful feature.

Wordpress seems to offer this already - http://wordpressmobile.mobi/.

After I did some googling I came across MoFuse. Mofuse provides feeds based solution to convert your blogs to mobile readable version.

Setting up a mobilized version with MoFuse was pretty straight forward, I just registered for a new mobilized blog URL - http://prashtech.mofuse.mobi which internally points to my blogs' RSS feeds.

That's it. If any of you visiting my blog from your mobile, try the mobilized version of my Blog!

http://prashtech.mofuse.mobi.

Backward Compatibility with DLLs – Part 2 (Private Implementation)

A very Happy New Year to all of the readers!

This article is in continuation with the previous one, about preserving DLL exported APIs’ backward compatibility.

The last article described a technique of achieving this by privatizing the API’s constructor. This has many disadvantages of its own, as the c’tor is private, ex: Object can not be instantiated on stack.

An alternative technique is to have a “Private Implementation”.

If you have a class, which you intend to export, separate out all the internal implementation including the data members and the functions which you think can be hidden. The exported class will only have the functions exported along with a private member pointer to the new internal class.

As an example, consider the following class,

#define DLL_EXPORT __declspec(dllexport)
class DLL_EXPORT ExampleExport
{
public: // c'tors and d'tors
    ExampleExport();
    ~ExampleExport();

public: // functions
    void function1();
    int function2();

private: // private data members
    int m_member1;
    int m_member2;
};

We have 2 integer member variables. Adding or removing the member variables later, will always cause a binary compatibility break as described in the previous article.

Let’s try to separate out the internal implementation. We will move all the private data members to a different class – ExampleExportPrivate.

class ExampleExportPrivate
{
public: // c'tors and d'tors
    ExampleExportPrivate();
    ~ExampleExportPrivate();

public: // data members
    int m_member1;
    int m_member2;
};

We will redefine ExampleExport to use ExampleExportPrivate.

#define DLL_EXPORT __declspec(dllexport)

class ExampleExportPrivate; // <<-- forward declaration of the private implementation which is defined in cpp file

class DLL_EXPORT ExampleExport
{
public: // c'tors and d'tors
    ExampleExport();
    ~ExampleExport();

public: // functions
    void function1();
    int function2();

private:
    ExampleExportPrivate *m_private; // <—Pointer to private implementation. };

As a first step, forward declare the private implementation class – ExampleExportPrivate. The actual definition of this private implementation class can be placed as part of the cpp file. So, we are not exposing this class outside, even in the header files exported. Next step is to have a private pointer member variable which points to ExampleExportPrivate. Any references to the data will be redirected to the internal private implementation.

This technique will help us to not change the size of the exported class. If we need to add or delete a new member variable, ExampleExportPrivate will be the class which will have those changes, but not ExampleExport.

This technique is usually called as “PImpl” (Private Implementation). Here is an interesting article http://www.gotw.ca/publications/mill04.htm

Backward Compatibility with DLLs

This and the following articles, I personally feel very interesting.

It’s related to the “backward compatibility” of the DLLs.

If you are distributing your DLLs to people or 3rd party, whom you expect to use them, you should be very careful about the interface you expose out of the DLLs.

Consider you are distributing a DLL, which has an exported class of some size and few public functions. If you update the same DLL in future and redistribute it, you cannot always expect the users to re-link their application with your new DLL. In such cases, users of the DLL expect the same interface what you had provided in the earlier release. If by any way there is a change in the interface, it results in failure of backward compatibility.

Let’s take an example to explain this situation. The following is a class which you are exporting as part of your DLL,

#define DLL_EXPORT __declspec(dllexport)

class DLL_EXPORT ExampleExport
{
    public:
        ExampleExport();
        ~ExampleExport();

        void function1();
        int function2();

    private:

        int m_member1;
        int m_member2;
};

In a future release you updated this class to have an additional member variable,

class DLL_EXPORT ExampleExport
{
    public:
        ExampleExport();
        ~ExampleExport();

        void function1();
        int function2();

    private:

        int m_member1;
        int m_member2;
        int m_member3; // <<---- a new member variable added
};

You can observer that the class size has been changed. Earlier it was 8 bytes (assuming int as 4 bytes) and it’s changed to 12 by adding an additional integer member variable.

Consequence: For an end user application, which is not re-linked with the updated DLL, the size of the class is still 8 bytes. Since the application was compiled and linked with the first version of DLL, the size is still the same even after they started using the new DLL. The application may have unpredicted behavior.

Resolution: This problem needs to be addressed before we release the first version of the DLL. Of course we cannot restrict the size of the class to not to change in future. We may need to update it by adding or removing new member variables. One solution is to force the end user application to not to construct the object by itself.

• Make constructor private.
• Export a new static member function which creates an object by calling private constructor

class DLL_EXPORT ExampleExport
{
public:
    ~ExampleExport();

public:
    static ExampleExport* Instance();

public:
    void function1();
    int function2();

private:
    ExampleExport(); // <<---- private constructor

private:
    int m_member1;
    int m_member2;
    int m_member3; // <<---- a new member variable added
};

This forces the client application to use ExampleExport::Instance() function always to construct an object and since the definition of Instance() is part of the DLL, 12 bytes will be allocated with the new DLL.

Let’s have a look at another solution for the same problem, in the next article.

Forward Declarations

We can use forward declaration to speedup the compilation and to reduce the interdependencies between different modules.

Consider following CServer and CClient classes, declared in Server.h and Client.h header files respectively.

Server.h

#include "Client.h"

class CServer 
{
public:
    CServer();
    virtual ~CServer();

    void SendMsg(CClient &clnt);

private:
    CClient *m_ptrClient;
};

In this case it will always be more efficient to omit the inclusion of the header file Client.h, instead we can use forward declaration as shown below,

class CClient;

class CServer 
{
public:
    CServer();
    virtual ~CServer();

    void SendMsg(CClient &clnt);

private:
    CClient *m_ptrClient;
};

This is sufficient in this case because of the reason that C++ compiler is optimized enough and it doesn't need to know about the size and interfaces of the class CClient within the declaration of the CServer class.

However we have to include the Client.h header in Server.cpp where the actual definition of the member functions exist.

Below are some use cases which indicates the usage of forward declarations,

class CClient;

class CServer 
{
public:
    CServer();
    virtual ~CServer();

    void SendMsg(CClient clnt);  // non-ref/pointer parameter

private:
    CClient *m_ptrClient;
};

Usage of forward declaration is valid even though we have non-reference or non-pointer parameter in the member function.

 

Below is a case where we cannot use forward declaration,

class CClient;

class CServer 
{
public:
    CServer();
    virtual ~CServer();

    void SendMsg(CClient clnt) { clnt.updateMsg(); } // inline definition

private:
    CClient *m_ptrClient;
};

Cannot use forward declaration here because SendMsg has it's inline definition which is actually using CClient::updateMsg(). In this case we need to include the header Client.h within Server.h

 

One more case where we can not use forward declaration,

class CClient;

class CServer 
{
public:
    CServer();
    virtual ~CServer();

    void SendMsg(CClient clnt);

private:
    CClient m_client;
};

Since the member variable m_client within CServer is of type CClient, compiler need to know about the CClient. We cannot use the forward declaration here.

Rule of Thumb : "If the compiler doesn't need it, you won't have to do it." C++ is well optimized.

dynamic_casting with pointers and references

First of all a very warm happy new year to all the readers. Its been a while since the last post.

Today I intend to write about dynamic_cast again. There's already an article about dynamic_cast. The reason why I'm writing about this is to show with some samples how we can use dynamic cast with pointers and also with references.

Yes, RTTI can be implemented both with pointers and references.

Below sample shows how to use dynamic_cast with pointers. I have considered the same example classes which were there in the dynamic_cast article .

void ProcessButtonEvent(CControlIface *pControl)
{
    // Here we need make sure safe down-cast happens
    CButtonControl *pButton = dynamic_cast <CButtonControl *> (pControl);

    // casting works fine here since we had passed pControl1

    if(pButton != NULL)
    {
        pButton->OnClick();
        // We can now safely call OnClick() of CButtonControl
    }
    else
    {
        cout << "dynamic_cast failed. pControl is not pointing to instance of CButtonControl"<<endl;
    }
}

We need to note here that whenever dynamic cast fails with pointers it returns NULL. This is the reason why we are checking for

pButton!=NULL

Lets try dynamic casting with references,

void ProcessButtonEvent(CControlIface &Control)
{
    // Here we need make sure safe down-cast happens
    try{
    CButtonControl &Button = dynamic_cast <CButtonControl &> (Control);
    Button.OnClick();
    }
    catch(bad_cast)
    {
        cout << "Caught: bad_cast exception. This control is not a button"<<endl;
        return;
    }
}

In case of references if dynamic_cast fails, it throws bad_cast exception. This is the reason why we are catching the exception in the above code sample.

Please note that some old compilers may not support dynamic_cast. In that case its high time for you to upgrade your C++ compiler!