Develop Reference

how to integrate ESAPI with Oracle HTTP server or IBM HTTP server

Is there any way to integrate C-language specific plugin of ESAPI with Oracle HTTP or IBM HTTP server. I mean can we integrate C-Lang specific code with Oracle HTTP server to achieve security. It can be Java specific plug in. Expectation is to achieve Sanitize what are the steps do I need to follow?
Thanks in Advance,
Bhanu.

I agree, it's not very clear what you are really trying to do here. If you are just trying to access some of the simple ESAPI validators or encoders, most of that has been implemented in the ESAPI for C project. I'd hate to recommend it because it pretty much is no longer maintained, and some of it is badly broken (e.g., the cryptography component), but if you're really desperate, it might be worth a look.
-kevin

FreeSwitch - MongoDB integration

I've installed FreeSwitch on Linux CentOS 6.4 server. I found out that if I want to add a user, I need to make a xml file under /freeswitch/conf/directory/default folder. I was wondering why it doesn't use database to manage account and password?
FreeSwitch supports MongoDB CDR Mod. http://wiki.freeswitch.org/wiki/Mod_cdr_mongodb It shows detailed call record on web browser. It is like admin tool. However, this is not what I was looking for.
I am looking for a way to store new account and password into MongoDB and use it when a user make a call through FreeSwitch. So, I can handle user data in a better way. Does anyone know how to solve my problem? Thank you.

I think the fastest way for you to get familiar with FreeSWITCH is to read the book: http://www.packtpub.com/freeswitch-1-2/book
The book is quite short, and it answers most of potential questions, and for the rest of questions you have the Wiki and the source code :)
to answer your question, yes, there's a number of mechanisms to look up external sources for user information and credentials. The simplest one is to use mod_xml_curl: it requests pieces of XML from an HTTP server, and you can build the service with whatever database backend you prefer.

Freeswitch supports sqlite, pgsql and odbc those three way all can solve you problem .In sip_profiles/internal.xml you can find some way to connect database
<!--<param name="odbc-dsn" value="dsn:user:pass"/>-->
<!-- Or, if you have PGSQL support, you can use that -->
<!--<param name="odbc-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE' application_name='freeswitch'" />--> ##

FND_VAULT package

I have to encrypt my SOAP message and send to destination and the respective decrypt algorithm should run there. I went through fnd_vault package of oracle but no where I got any useful Information so can anyone please provide me some material or way to deal with this package.
I know I am not expected to ask such question here, but I didn't find any post regarding fnd_vault package so have to post neither I got some satisfactory information after goggling on it. So thought that some discussion regarding this can be done here.

You would want to use TLS/SSL. Depending on what technology you use, you may need to select appropriate driver. I would start from here.
Example 1
You use web services that wraps database API. In this case use HTTPS connection and make sure that service side is configured to accept SSL connection (which means you need to install a trusted certificate on the web server).
Example 2
You use Java driver to directly connect to Oracle server. Use this manual to configure JDBC connection.

Bypassing HTTP basic auth locally

I have two applications which I cannot change:
A: provides a URL protected by HTTP basic auth.
B: needs to access this URL but does not support basic auth.
Credentials are available.
How can I make my two applications work together?
I thought a local proxy might be great which injects the authentication. E.g. using socat:
socat TCP4-LISTEN:81,reuseaddr,fork TCP:UrlToA:80,<inject-basic-auth>=user:pass
However, socat does not provide an option like < inject-basic-auth >. Anybody knows any tool that might help? Any other way out?

You must set up a HTTP reverse proxy server that does the authentication for you. No need to hack any software.
Your reverse proxy listens on some socket (e.g. proxy:8080) and forwards requests to your actual application A, inserting the headers.
client_B ----> http://proxy:8080 -----> http://server_A:80
Nginx is lightweight, high performance and easy to set up. And it's easy to find docs online for what you want.
See for example http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy

This problem seems to be very specific. So you probably won't find a ready-to-use tool.
If you want to do it yourself, your best approach is probably to extend socat:
http://www.dest-unreach.org/socat/download/socat-1.7.2.2.tar.gz
Good luck!

LDAP proxy to addd jpegPhoto to results

I want to build or implement some sort of LDAP proxy that will intercept the LDAP response from our corporate server and tack on a jpegPhoto to each entry which will load the persons image from our intranet (i.e. http://intranet.biz/userPhoto.php?email=johnDoe#domain.com).
My first thought is to setup a Squid proxy with a rewrite filter. The OpenLDAP man pages also seems to mention that it can act as a proxy (perhaps using slapo-rwm to add jpegPhoto?). I'm not very familiar with OpenLDAP and I'm not sure how to implement this.
What's the best solution? Any examples?

You should probably look into openldap's overlays combined with the proxy backends they offer. The 'translucent' overlay might be an appropriate starting point.

Very difficult. You will have to write something that can completely parse an LDAP response and add the required attributes to it. There are various LDAP APIs available that can do that for you but it will be a slog. Have you considered bulk-moving the jpegs into the LDAP database?