A blog about my life, development and projects

Ionic Native HTTP

About a year or so back I created a mobile application for a client that was based on Ionic and was asked recently to add SSL pinning for security reason. During this I found and interesting behaviour that isn't very well documented and took me a while to discover.

In order to add SSL pinning I had to change the Http service calls from using Angular HTTP to Ionic Native Http. Everything was all good untill I had to make service calls.

But first, what is SSL Pinning: 

By default, when making an SSL connection, the client checks that the server’s certificate:

  • has a verifiable chain of trust back to a trusted (root) certificate
  • matches the requested hostname

What it doesn't do is check if the certificate in question is a specific certificate, namely the one you know your server is using.

Relying on matching certificates between the device's trust store and the remote server opens up a security hole. The device’s trust store can easily be compromised - the user can install unsafe certificates, thus allowing potential man-in-the-middle attacks.

Certificate pinning is the solution to this problem. It means hard-coding the certificate known to be used by the server in the mobile application. The app can then ignore the device’s trust store and rely on its own, and allow only SSL connections to hosts signed with certificates stored inside the application.

Adding SSL Pinning to an Ionic application:

The Ionic documentation is quite limited when it comes to examples. You can find it here https://ionicframework.com/docs/native/http/

Step 1: Install the required packages

$ ionic cordova plugin add cordova-plugin-advanced-http
$ npm install --save @ionic-native/http

Step 2: Add the plugin to the apps modules

import { HTTP } from '@ionic-native/http';

...

@NgModule({
...

providers: [
...
HTTP
...
]
...
})
export class AppModule { }

 

Step 3: Set SSL pining before making the HTTP service call

this._http.setSSLCertMode('pinned');

 

Issue 1: Now that SSL pinning is set, you can make the service call right? Wrong, the 1st issue was to actually specify the SSL certificate to use. The documentation didn't specify where the certificate should go, or what it should look like. I ended up creating a ".cer" file that consists only of the Public key (Please never distribute your private key). This certificate file I added to "/src/certificates" in my project. After this I had to update my Ionic asset copy to copy this file to "www/cerificates". Sure you could just add it directly to this folder, but I wanted it as part of the build in order to easily change it later on.

Now that the certificate is added the http calls started to work as expected. But some of the calls were still failing which leads to Issue 2.

Issue 2: After adding SSL pinning, the cerificate, and updating all my service calls from angular Http to Ionic Native Http some of the service calls were still failing. After some debugging, WireShark traces I discovered that Ionic Native Http by default sends all post requests as "application/x-www-form-urlencoded". This was fine for the basic calls as .Net Web Api can handle these things, even if it's expecting Json Rest calls, but the complex types were failing becouse they weren't parsed corectly.

The solution to this was simple. All I had to do was to set the Data Serializer for Ionic Native Http to Json. I wasted a lot of time on this which could have been solved if it was in the documentation, but here it is now for anyone else if they battle.

this._http.setDataSerializer('json');

 

Free SSL certificate on an Azure Website

Over the last last year it has become more and more required for websites to be secured using SSL cerificates. But what if you don't really want to pay for a ssl certificate and isn't worried about a green seal verification?

Well, all you need a a certificate from Let's Encrypt, the free SSL provider.

Last year when I tried adding it to one of my other websites it was quite a mission and there weren't much documentation on it for Azure Websites. Today I thought I would try again to add ssl to my blog, and guess what? Scott Hanselman has posted a very nice blog post on how to add this to an Azure Website. I was able to get it set up in just 5 minutes.

You can view the blog post here: https://www.hanselman.com/blog/SecuringAnAzureAppServiceWebsiteUnderSSLInMinutesWithLetsEncrypt.aspx 

I am from now on adding it to all my sites by default.

Transport/Convert SqLite to MS Sql

Happy new year everyone!

So over the last few weeks I needed to import a lot of GIS and geographical data from a .db file into an existing Sql database.

After asking "the oracle" aka Google for an option on what the best approach would be I found a few posts that led nowhere safe.
Some of the options deals with SqLite ODBC drivers then mapping it as a linked server. Normally this would not be a bad idea, but having then to write a bunch of queries to port the data over to my database just seems like too much work. Besides for that, you might not always have access to set up a linked server.

The best option that I found was a tool called "esf database migration toolkit" but it turns out that you have to buy it. With our South African exchange rate it just seems a little steep, otherwise it would have been an excellent tool.

So as any good developer would do, I wrote my own little tool. In just 4 hours I had a tool that can read the schema from my SqLite database, create the structure with the correct data types on the MS Sql Database and then transport the data for me. The tool is not perfect, but it works.

If you want to use the tool for your own project, or just have a peek at my code you can find it on my GitHub https://github.com/TechnoDezi/SqLiteToMSSqlConvert

Transport/Convert SqLite to MS Sql

Happy new year everyone!

So over the last few weeks I needed to import a lot of GIS and geographical data from a .db file into an existing Sql database.

After asking "the oracle" aka Google for an option on what the best approach would be I found a few posts that led nowhere safe.
Some of the options deals with SqLite ODBC drivers then mapping it as a linked server. Normally this would not be a bad idea, but having then to write a bunch of queries to port the data over to my database just seems like too much work. Besides for that, you might not always have access to set up a linked server.

The best option that I found was a tool called "esf database migration toolkit" but it turns out that you have to buy it. With our South African exchange rate it just seems a little steep, otherwise it would have been an excellent tool.

So as any good developer would do, I wrote my own little tool. In just 4 hours I had a tool that can read the schema from my SqLite database, create the structure with the correct data types on the MS Sql Database and then transport the data for me. The tool is not perfect, but it works.

If you want to use the tool for your own project, or just have a peek at my code you can find it on my GitHub https://github.com/TechnoDezi/SqLiteToMSSqlConvert

Hording data and data retention needs

This blog post will be about a topic that I haven't even thought about in my 13+ years of software development and technology. Hoarding - especially the data kind.

Image result for hoarding data

Tonight while eating my dinner I was watching a show on Netflix about hoarders and people collecting junk, which made me cringe. Over the years I have watched many such shows, without giving them much thought.
My house is always clean, free of clutter, I hate paper to start with and everything must have a place, I periodically throw away or sell unwanted stuff that I don't use.
This is not always possible, as you know "life happens", but I do try and because of this I have never given the hoarding topic much time.

Everyone that knows me will tell you that I have a thing against paper, or the use there of. In this day and age with cloud storage and connected everything the use of paper is quickly becoming a thing of the past.
Tonight I realized with a shock that this can easily lead to a different kind of problem, not just in our personal lives but corporate as well.

Lets first look at what is hoarding:

Compulsive hoarding, also known as hoarding disorder, is a pattern of behavior that is characterized by excessive acquisition and an inability or unwillingness to discard large quantities of objects that cover the living areas of the home and cause significant distress or impairment.
https://en.wikipedia.org/wiki/Compulsive_hoarding 

So basically hording comes down to collecting junk and not being able to get rid of it. I definitely don't have a problem there, but it triggered a thought about all the different kinds of hoarding, especially in the technology world and I realized that an excessive collection of data can also be considered hoarding.
After a simple search on the net I quickly realized the topic have been debated quite extensively.

Digital hoarding (also known as e-hoarding) is excessive acquisition and reluctance to delete electronic material no longer valuable to the user. The behavior includes the mass storage of digital artifacts and the retainment of unnecessary or irrelevant electronic data. The term is increasingly common in pop culture, used to describe the habitual characteristics of compulsive hoarding, but in cyberspace.
https://en.wikipedia.org/wiki/Digital_hoarding

With a horror shock I now know that I have fallen victim to data hoarding, and yes, it happens to all of us. I have a lot of old hard drives with countless backups over the years, even as far back as my school days, data lying on cloud services, data from way back when, and it goes on and on.
I won't classify this as a problem yet, as I haven't yet shown a reluctance to get rid of it, I simple haven't though about my personal data retention policy - we'll get to this in a bit. But the question everyone should ask themselves is "Do you really need that data from back in 2005?".

Hoarding data in business or corporations even now has a name, called Big Data, and people are making a living trying to give meaning to the endless amount of data that everyone, even businesses collect over the years.
It's perfectly understandable to store data because of legislation or local laws, such as storing medical or financial information for a number of years.

As more and more systems, people and businesses becomes connected and start to generate vast amounts of information it becomes more and more pressing to know what data you should keep, what data you need, and the data that is causing clutter.

In our personal lives we are generating so much data on social networks, chatting, texting, emails, digital photography and videos that losing track of it all is a real concern.
I for one definitely did and will start to put measures in place to not only delete data but to organize the data that I need to keep.

Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements; although sometimes interchangeable.
https://en.wikipedia.org/wiki/Data_retention

Now that we know what data retention means, we will need to define what we will store, why and then lastly a plan on how we would clean up our data.

My steps for a data rention policy looks like this:

  • Is the data a temporary record?
  • Does the data primarily consist of intellectual property?
  • Is the data a permanent record?
  • Have I needed or used the data in the last 3 years?
  • Is there a legal or contractual requirement to store the data?

My plan of action to deal with my data problems will be as follows:

  • Sort photos and videos accross cloud services, social media, delete duplicates, organize into albums and consolodate into one service.
  • Look at all hard drives lying around and delete data that I have not used in 3 years, or no need to keep then consolodate the data that I do need or use.
  • Consolodate all IP and code written to VSTS under the respective projects, including the code written for micro controllers and hobby electronics.
  • Sort and store business related data and properly backup or archive a single copy in accordance to contracts.
  • Securely erase data from redundant or old hard drives and physically throw away the drives.
  • Ensure that I have a backup strategy in place that works, for example using the 3-2-1 strategy. This means having 3 total copies of your data, 2 of which are local but on different mediums (read: devices), and at least 1 copy offsite.

Now that I have a plan I can start getting rid of my digital clutter, clean up my life, and get away from this data hoarding thing.

If anyone have interesting stories regarding data hoarding, please do leave me a comment, or send me a message?