Linux, PHP, LAMP, The Web in a blog- Android – how to develop directly on a phone
- Android drawable default icons – they are free to use
- Android how to read and write files
- Uncompress on the fly when copying a file from a remove location with scp
- Setting up an encrypted volume on an external hard drive on CentOS
- Linux bash – tar tricks
- Implement Selenium tests
- Using a downloaded package without IDE in Java
- CSS selectors optimisation
- Ubuntu Linux on Acer Aspire AO751h
Category Archives: Security
Secure PHP & Apache Configuration
PHP Disable error messages expose_php Off Check you can’t get info by doing telnet localhost 80 and then issueing: HEAD / HTTP/1.0 session.use_only_cookies = 1 allow_url_fopen Off [if you don’t really need the opposite] register_globals = Off magic_quotes_gpc = ??? … Continue reading
Posted in Apache, LAMP Server Setup, PHP, Security, Web Dev Security
Tagged Web Dev Security
Leave a comment
Web Development Security
Most of these notes come from this book: Essential PHP Security, Chris Shiflett, O’Reilly, First Edition ISBN: 0-596-00656-XX Don’t underestimate a risk just because it’s impossible it happens: hackers are very clever and more expert than you. They could find … Continue reading
Posted in PHP, Security, Web Dev Security
Leave a comment
Secure Login without SSL – using Javascript MD5 library
http://iamjosh.wordpress.com/2008/03/18/encrypting-login-password-without-ssl-in-ruby-on-rails/ http://pajhome.org.uk/crypt/md5/
Posted in Javascript, Security, Web Dev Security
Leave a comment
Server Setup and LAMP Setup From Scratch with full UTF support (utf8)
Set the clock date MMDDhhmmYYYY hwclock –systohc & Where: M=month, D=day, h=hour, m=minute, Y=year The latter command is essential: it copies the date into the BIOS and makes the change definitive First steps * echo “hostname_you_chose” > /etc/hostname /bin/hostname -F … Continue reading
SELinux
A good resource is: http://www.crypt.gen.nz/selinux/faq.html There, the most important thing is this. It is important that server daemons are started within the correct context, if they are not then they will probably not run properly. For Fedora and RedHat Enterprise … Continue reading
Posted in LAMP Server Setup, Redhat / CentOS, Security
Leave a comment
Server: Setting a Firewall With Iptables
Copy the file iptables.sh in the directory /etc/init.d with these rules (but obviously you need to customize them). Make the file executable. Assuming the current run level is the second one:ln -s /etc/init.d/iptables.sh /etc/rc2.d/S97iptables Actually you should link the script … Continue reading
CentOS: Firewall & LAMP Installation
There’s an iptables entry that doesn’t allow connection to the web server from an external PC. To remove it, you need to launch iptables with flags similar to these ones: iptables -D RH-Firewall-1-INPUT 10 Basically you need to remove the … Continue reading
Posted in LAMP Server Setup, Redhat / CentOS, Security
Leave a comment
Auth: Protect A Site With Password
Add this in the Apache configuration file: <Directory document_root_for_the_site > AuthType Basic AuthName “Restricted access area” AuthUserFile path_to_passwords_file Require user username1 username2 </Directory> The Require user parameter could have a list of usernames space-separated. Usually path_to_passwords_file is /etc/httpd/passwords If you … Continue reading
Posted in Apache, Security
Leave a comment
Symmetric Key Data Encryption
You can use: GPG – for single files TrueCrypt – for entire directories/partitions TrueCrypt Home page of this piece of software. Very easy-to-follow how-to. The encryption doesn’t use a public key algorithm because the purpose doesn’t require it. GPG Basically: … Continue reading
