-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot find mutillidae.zip when building image #8
Comments
hi @deadline39 thank you for letting us know! we haven't touched this example in a while, and mutillidae project has been also significantly updated since then. could you please clarify your requirements: what exactly are you trying to achieve? |
hi @vixentael thank you for the quick reply I wanted an easy way to test the AcraCensor module as protection against SLQ Injection in firewall mode. I wanted to run a working application and test it using SQLmap to see what fraction of attacks would be blocked. I can use other examples or guidelines, if they allow me to achieve a similar result. |
I suggest you doing the following:
It's transparent encryption example (Acra, PostgreSQL, django app). Acra will encrypt / decrypt data before putting it to DB. Try to read / write data to the database, all queries should work.
add default config Try to read / write data to the database, all queries should work.
Try to read / write data to the database, all queries should be stopped by AcraCensor.
Please refer to https://docs.cossacklabs.com/acra/security-controls/sql-firewall/ If you are looking for commercial license, please ping us, we do have ready-to-use playgrounds for customers interested in Acra Enterprise Edition. It will require signing the NDA. |
I'm following instructiuons in Example 1 but after "2.2 Add a new post" the data is not displayed correctly on page http://www.djangoproject.example:8000/admin/blog/entry/ I suspect that the data is not decrypted when retrieved from the database, but I don't know how to fix this problem. At the same time executing another similar Example 5. Client-side encryption works fine, but in either case I don't know how to test SLQ Injection if the web application is not set up for it (has a prepared "unsecured" endpoint), like Mutillidae for example. Therefore, is it possible to connect to AcraServer directly, without connecting to Django, so that it looks like a database to an external application (SQLmap)? |
Following instructions and calling:
causes an error
The problem is due to an outdated url https://sourceforge.net/projects/mutillidae/files/latest/download in the Dockerfile in the project https://github.com/storojs72/docker-mutillidae.git which is given as the build context in
docker-compose.acra-censor-demo.yml
I tried changing the context to a newer project: https://github.com/notdodo/docker-mutillidae which avoids the missing zip file error, but causes a new error:
related to https://github.com/cossacklabs/acra-censor-demo/blob/master/mutillidae/Dockerfile file, but I don't know how to solve it, or if changing the context is a good solution in the first place.
I would like to use the demo from this repository, so if you can, fix the bugs to make the instruction executable, please.
The text was updated successfully, but these errors were encountered: