Search Results

Search found 13 results on 1 pages for 'jtnire'.

Page 1/1 | 1 

  • Credit Card storage solution

    - by jtnire
    Hi Everyone, I'm developing a solution that is designed to store membership details, as well as credit card details. I'm trying to comply with PCI DSS as much as I can. Here is my design so far: PAN = Primary account number == long number on credit card Server A is a remote server. It stores all membership details (Names, Address etc..) and provides indivudal Key A's for each PAN stored Server B is a local server, and actually holds the encrypted PANs, as well as Key B, and does the decryption. To get a PAN, the client has to authenticate with BOTH servers, ask Server A for the respective Key A, then give Key A to server B, which will return the PAN to the client (provided authentication was sucessful). Server A will only ever encrypt Key A with Server B's public Key, as it will have it beforehand. Server B will probably have to send a salt first though, however I doin't think that has to be encrypted I havn't really thought about any implementation (i.e. coding) specifics yet regarding the above, however the solution is using Java's Cajo framework (wrapper for RMI) so that is how the servers will communicate with each other (Currently, membership details are transfered in this way). The reason why I want Server B to do the decryption, and not the client, is that I am afraid of decryption keys going into the client's RAM, even though it's probably just as bad on the server... Can anyone see anything wrong with the above design? It doesn't matter if the above has to be changed. Thanks jtnire

    Read the article

  • Obtain newer version of NetSNMP for CentOS 5

    - by jtnire
    I'm using CentOS 5. I have a need to use net-snmp version "net-snmp-utils-5.5-37.el6_2.1.x86_64" which is currently available in CentOS 6 but not in CentOS 5. The reason I need this version (or greater) is because there is a new supported option added to the config files that I need for my setup. It would be very much appreciated if someone would give me some steps to install this version (or greater) on my production CentOS 5 systems. Upgrading to CentOS 6 is currently not an option. Any help would be appreciated. Thanks

    Read the article

  • Install compiled linux program on multiple computers

    - by jtnire
    I'm sorry if this sounds like a silly question, but when I compile something on linux using the usual "./configure, make, make install" steps, how can I install the programs on other servers without having to recompile? I am trying to avoid having to install the build tools on production servers, however I need the latest version of a particular piece of software, so using RPMs isn't an option in this case. Any help is appreciated. Thanks

    Read the article

  • Sharing public key with ssh

    - by jtnire
    Hi Everyone, Is it possible to somehow setup an ssh server that doesn't require a username,password or cert to login? If that's not possible, if I were to give all customers the same public key, would each connection be encrypted individually? (i.e. user A coudn't decrypt the payload of user B's connection) I wish to provide access to a single program, which will prompt for a username and password. Encryption is essential though, and users must not be able to snoop in on each other Thanks

    Read the article

  • New Secure Website with Apache Reverse Proxy

    - by jtnire
    I wish to set up a new website that will be accessed by users using HTTPS. I think it is good practise to put the "real" web server in a seperate subnet, and then install an Apache Reverse Proxy in a DMZ. My question is, where should I put the SSL cert(s)? Should I a) Use a self-signed cert on the "real" web server, and a proper cert on the reverse proxy? b) Use 2 real certs on both the "real" web server and the reverse proxy? c) Don't use any cert on the "real" web server, and use a proper cert on the reverse proxy? I'd like to use a) or c), if possible. I also don't want anyone's browser complaining of a self-signed cert. Thanks

    Read the article

  • Zeroing SSD drives

    - by jtnire
    We host VPSes for customers. Each customer VPS is given an LVM LV on a standard spindle hard disk. If the customer were to leave, we zero out this LV ensuring that their data does not leak over to another customers. We are thinking of going with SSDs for our hosting business. Given that SSDs have the "wear levelling" technology, does that make zeroing pointless? Does this make this SSD idea unfeasable, given we can't allow customer data to leak over to another customer? Thanks

    Read the article

  • Why do people tell me not to use VLANs for security?

    - by jtnire
    Hi Everyone, As per title, why do people tell me not to use VLANs for security purposes? I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links accept tagged frames only and that host ports don't accept tagged frames (They are not "VLAN Aware"). I've also made sure that the native VLAN (PVID) of the trunk links are not the same as either of the 2 host VLANs. I've also enabled "Ingress Filtering". Furthermore, I've made sure that host ports are only members of a single VLAN, which is the same as the PVID of the respective port. The only ports which are members of multiple VLANs are the trunk ports. Can someone please explain to me why the above isn't secure? I believe I've addressed the double tagging issue.. Thanks

    Read the article

  • Simple Central Storage for HA mail server

    - by jtnire
    Hi Everyone, I will have 2 Postfix servers. One will be a backup of the other. What is the easiest method to provide central storage to both of these boxes? My infrastructure is very simple: Just a lot of Xen hosts, so there is no SAN or anything. Each Xen host does have RAID1 though. I don't mind mounting NFS shares on each of those mail servers, as long as the NFS server wasn't a single point of failure. Is there such a thing as redundant NFS? Any help would be appreciated Thanks

    Read the article

  • Email Proxy Ideas

    - by jtnire
    Hi Everyone, I wish to host some managed email servers for some customers. Each customer will have their own email server which will be an all-in-one virtual machine running postfix, dovecot and some webmail suite. Even though each customer will have their own server, I do not wish to give each email server it's own public facing IP. I wish to avail the use of proxy servers so all customers use the same public IP. As for the "smtp-in" from the public internet, this isn't a problem as I can set up many mx servers (using postfix) which will store-and-forward the mail to the correct server (using transport maps). As for the IMAP access from the customer, I was thinking of using perdition which is an IMAP proxy - I believe that this will suit my needs. I am confused however on what to use for the "smtp-out" proxy. The customers will have to authenticate with their receptive email server, however they will have to go via a proxy of some sort as they won't have direct access to their server instance. It probably can't be a store-and-forward proxy either. Does anyone have any idea on what I could use here? Many Thanks

    Read the article

  • Writing secure java code with RMI

    - by jtnire
    Hi Everyone, This may seem like a very broad question, but any help is appreciated. I have a client/server solution written in java which uses the Cajo project (which uses RMI). I just want to try and make my solution as secure as possible, given the sensitive data that will be transferred between server and client. So far, my ideas are to make all my classes "final" as well as throw a "non-serializable" exception for all my classes in the server (except for the object bound in the RMI registry, and any objects that actually do need to be transferred of course). Can anyone think of any other ideas? I know that someone could write a malicious client - this isn't hard to do as you can find out the remote object's API using reflection. However is there anything I can do to protect a malicious client access classes/objects within the server that they are not supposed to access? Many Thanks

    Read the article

  • PHP Readfile() number of bytes when user aborted

    - by jtnire
    Hi Everyone, I'm using a PHP script to stream a live video (i.e. a file which never ends) from a remote source. The output is viewed in VLC, not a web browser. I need to keep a count of the number of bytes transferred. Here is my code: <?php ignore_user_abort(true); $stream = $_GET['stream']; if($stream == "vid1") { $count = readfile('http://127.0.0.1:8080/'); logThis($count); } function logThis($c) { $myFile = "bytecount.txt"; $handle = fopen($myFile,'a'); fwrite($handle,"Count: " . $c . "\n"); fclose($handle); } ?> However it appears that when the user presses the stop button, logThis() is never called, even though I've put in ignore_user_abort(true); Any ideas on what I'm doing wrong? Thanks

    Read the article

  • How to select item in jComboBox

    - by jtnire
    Hi folks, I have a jComboBox that I am populating with some objects. The objects are of a type which I have made myself, and include a String and an int. The object's toString method returns the String, which is displayed in the Combo Box. Now, I wish to select an item in the Combo Box with code. How do I do this? There are multiple items starting with the same letter Thanks

    Read the article

  • Android and PHP - Do I need to use sessions?

    - by jtnire
    I have created an Android App that communicates with a PHP web server. They both send JSON to each other. My App is almost finished, however there is one thing left to do: authentication. Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request? Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different everytime. The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID. If there are some serious cons to using my method above, then I'm more than happy to use sessions, however all advice is appreciated. Thanks

    Read the article

1