CS132 Spring 2017 Security Lab
Before reading this README, please make sure you've completed the instructions on Prelab 2 Phase 1. As a reminder, that phase introduced you to the VM where your application will be running on. It was also during that phase where you've forked this directory.
This part is very important, and you should do this portion of the lab carefully to ensure that your server will be running smoothly (until some other group attacks it of course!).
In particular, there are two files that you'll want to configure: config.js and ./db/create.sql. At this point, however, if you have not yet received an email from us about your username, password, database, and port #, then you should stop and make sure you've obtained these credentials. If you know these credentials, great! Let's start.
- Navigate to line 12
var PORT = PORT_NUMBER;
-
Change PORT_NUMBER to the port number that you've received in our email.
-
Navigate to line 13
var DB_CONNECT = 'mysql://USER_NAME:PASSWORD@localhost/DATABASE_NAME';
- Change USER_NAME, PASSWORD, DATABASE_NAME to the credentials that you've received in our email.
- Navigate to line 3
set mysqlargs = "-h localhost -u USERNAME -pPASSWORD"
-
Change Change USER_NAME, PASSWORD to the credentials that you've received in our email. PLEASE NOTE THE LACK OF SPACING BETWEEN p and your PASSWORD.
-
Navigate to lines 4, 8, 10, and 11
-
line 4: set db = DATABASE_NAME
-
line 8: DROP DATABASE DATABASE_NAME;
-
line 10: CREATE DATABASE DATABASE_NAME;
-
line 11: USE DATABASE_NAME;
For each of these lines, change DATABASE_NAME to the database name that you've received in your email.
-
- Change directory to where 'db/create.sql' is.
- Run the following command:
mysql -u USER_NAME -pPASSWORD
Use the credentials supplied in the email. Please take note, again, of the lack of spacing between 'p' and 'PASSWORD'. You should now be in a mysql shell. 3. Run the following command:
source create.sql
- To check if you're done, run
SELECT * FROM User
You should see 3 entries.
In the event that your application has been hacked, you'll have to restart your application from scratch. If you don't want to go through the entire configuration process again, push all these changes to the forked repository. Then, whenever you've been attacked, restarting the application is a matter of just pulling from your git repo, and re-running the create.sql script.
- Navigate back to the application project root.
- Run
npm install
You might encounter some error messages by node, but for now let's ignore them. Check your node_modules directory, and if there are the following modules, you're set:
- any-db
- any-db-mysql
- body-parser
- consolidate
- express
- express-session
- marked
- morgan
- serve-favicon
- swig
- underscore
- Run
node server.js
chromium &
- Navigate to 'localhost:PORT' where PORT is the port number you've configured previously.