Search Results

Search found 4061 results on 163 pages for 'secure government'.

Page 29/163 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

• How secure is a bluetooth keyboard against password sniffing?

  - by jhs

  In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system? Edit: Final Summary All answers are excellent. I accepted that which links to the most directly applicable information however I also encourage you to read Nathan Adams's response and discussion about security trade-offs.

  Read the article

• How to set up Drupal Plugin Manager on MAMP in a secure way?

  - by Andrei

  Hi, I use MAMP PRO as global webserver. First of all, is it a good idea? Secondly, my objective is to run a Drupal website with as easy management as possible. Now I want to use Plugin Manager module to install additional modules and themes for my website. It wants to use ftp for that, and I know that if I open access to FTP port then IT-department guys will come to me and ask to shut it down. So I wonder if there is a way to allow Plugin Manager to install modules, having the port 21 closed somehow?

  Read the article

• Secure, efficient, version-preserving, filename-hiding backup implemented in this way?

  - by barrycarter

  I tried writing a "perfect" backup program (below), but ran into problems (also below). Is there an efficient/working version of this?: Assumptions: you're backing up from 'local', which you own and has limited disk space to 'remote', which has infinite disk space and belongs to someone else, so you need encryption. Network bandwidth is finite. 'local' keeps a db of backed-up files w/ this data for each file: filename, including full path file's last modified time (mtime) sha1sum of file's unencrypted contents sha1sum of file's encrypted contents Given a list of files to backup (some perhaps already backed up), the program runs 'find' and gets the full path/mtime for each file (this is fairly efficient; conversely, computing the sha1sum of each file would NOT be efficient) The program discards files whose filename and mtime are in 'local' db. The program now computes the sha1sum of the (unencrypted contents of each remaining file. If the sha1sum matches one in 'local' db, we create a special entry in 'local' db that points this file/mtime to the file/mtime of the existing entry. Effectively, we're saying "we have a backup of this file's contents, but under another filename, so no need to back it up again". For each remaining file, we encrypt the file, take the sha1sum of the encrypted file's contents, rsync the file to its sha1sum. Example: if the file's encrypted sha1sum was da39a3ee5e6b4b0d3255bfef95601890afd80709, we'd rsync it to /some/path/da/39/a3/da39a3ee5e6b4b0d3255bfef95601890afd80709 on 'remote'. Once the step above succeeds, we add the file to the 'local' db. Note that we efficiently avoid computing sha1sums and encrypting unless absolutely necessary. Note: I don't specify encryption method: this would be user's choice. The problems: We must encrypt and backup 'local' db regularly. However, 'local' db grows quickly and rsync'ing encrypted files is inefficient, since a small change in 'local' db means a big change in the encrypted version of 'local' db. We create a file on 'remote' for each file on 'local', which is ugly and excessive. We query 'local' db frequently. Even w/ indexes, these queries are slow, since we're often making one query for each file. Would be nice to speed this up by batching queries or something. Probably other problems that I've now forgotten.

  Read the article

• What is the most secure way to allow a user read access to a log file?

  - by gAMBOOKa

  My application requires read access to /var/log/messages, which belongs to user and group root. What is the minimal exposure level required on /var/log/messages so my application can read it? Presently, my plan is to change the group ownership of /var/log/messages to a new group, and add root and my application user to it, but this would also give the application write privileges to /var/log/messages. OS: Centos 5.5

  Read the article

• what is the best way to secure a server, whilst still allowing wordpress to write to certain directo

  - by significance

  presumably i need to set the permissions to 775 or higher? at the moment i can't do this as apache runs as 'nobody'. i user whm/cpanel to administrate the server. thanks for your help! dan :)

  Read the article

• What is the best way to secure MySQL data on a laptop *without* whole-disk-encryption?

  - by GJ

  I need to have the mysql data on my laptop stored in an encrypted state so that in case of the laptop being lost/stolen it will extremely difficult to recover the data without the password. I don't wish to use whole disk encryption, due to the performance impact it will have on other disk-intensive programs' usage. What could be the ideal solution for me balancing security and performance? Thanks!

  Read the article

• Is it secure to store the cert/key on a private AMI?

  - by Phillip Oldham

  Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables? For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to: Attach & mount specific EBS volume(s) Associate a specific Elastic IP Start issuing backups of the EBS volume(s) to S3 However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

  Read the article

• Running a webserver behind a firewall, is it secure?

  - by i.am.intern

  Currently we have a Linux-based firewall which NAT-ing our public IP address to give internet access to our staff's PCs and a Windows Server 2003 for internal filesharing. I want to host Redmine/SVN (a bugtracker) internally behind this firewall using a Linux server. This webserver will be accessed by our clients externally so they can post bug reports. This means that I have to open port 80 & 22 at the firewall to give access to the webserver and me to SSH it from home. However, let's say I'm using password-based SSH for the webserver and somebody cracked it. Does that mean the cracker could ping and access other servers and PCs in the network?

  Read the article

• How to set up Drupal Plugin Manager on MAMP in a secure way?

  - by Andrei

  Hi, I use MAMP PRO as global webserver. First of all, is it a good idea? Secondly, my objective is to run a Drupal website with as easy management as possible. Now I want to use Plugin Manager module to install additional modules and themes for my website. It wants to use ftp for that, and I know that if I open access to FTP port then IT-department guys will come to me and ask to shut it down. So I wonder if there is a way to allow Plugin Manager to install modules, having the port 21 closed somehow?

  Read the article

• SFTP, SCP, Secure Webdav: which is the most suitable ?

  - by Xavier Maillard

  Hi, currently, I am hosting a webdav share setup in order to store files I need anywhere I am. It is available via HTTPS. Things are that I do not need all the HTTP machinery -i.e. my nginx http server is only there for this webdav folder. I am not sure I made the best choice. My requirements on the client side are: secured transfers mountable as a network drive at work with 'near realtime sync' usable for any OS I could use (including my mobile (android)) At first, I chose webdav since it would pass through my work proxy (which refuses all that is not on HTTP/S (port 80 or 443)). Today, I am not satisfied with the setup and even if nginx memory footprint is pretty small, its webdav support is not really "clean" and full. What would you recommend between SFTP, SCP and the current webdav solution ? I think SFTP is the closest solution but I still have to find out how to pass through my proxy ;) SCP seems quite limited as I read about it (only file transfers if I read right). Cheers

  Read the article

• How can one keep secure regular backups of his desktop on a remote server through aDSL? [on hold]

  - by Antonis Christofides

  I'm a system administrator and I use rsnapshot to backup some servers, duplicity for some others. Both work fine, each one with advantages and disadvantages. Despite that, I am at a loss on how to backup my own private files. I'd use duplicity to automatically backup my files to a remote server; but the problem is that once in a while I must do a full backup. My emails and important files are 9G, and I expect this to increase. Uploading through aDSL at 1Mbit would be 20 hours. Too much. rsnapshot doesn't require periodic full backups (only the first time), but it must be running on the remote server and have a means to connect to my computer; if the server is compromised (or simply if the NSA decides to use it), my own machine is also compromised. Not good. The only solution I've come up with is use encfs, use unison to synchronize the files to a remote server, and use duplicity or rsnapshot on the remote server to backup these files. In that case, the question is whether I can sync the files on many computers; is it possible for encfs to be used with the same key on many computers? I also think that if I append one character to the unencrypted file, its encrypted encfs counterpart might change a lot, so that incrementals with duplicity would be less efficient—but not a big deal. Maybe also, when I need to restore a file, finding the correct file to restore could be a pain, because of filename encryption. I wonder whether there is any other possibility that I've overlooked. Maybe I'm asking too much for my personal use, and I should settle with an external disk?

  Read the article

• Is WinRT really as secure as it's made out to be?

  - by IDWMaster

  Prior to releasing Windows 8, Microsoft claimed that all WinRT apps are cleanly removed from your computer after uninstalling them, and that WinRT apps should not interfere with other running applications, because they are ran in a "sandboxed" environment. Microsoft has also claimed numerous times on Channel9 that Windows 8 apps are not ran in a VM. So my question is; are these claims accurate? If the application is not running inside of a VM, how is it possible to protect the system against malicious code at runtime, assuming the attacker was able to bypass the screening process of the Windows Store system? Microsoft allows "native code" in WinRT apps, so wouldn't it be possible (using hand-coded assembly or some odd pointer manipulation trick to call functions outside of the sandboxed environment and interfere with the rest of the system, if it's really "native code" and not some VM?

  Read the article

• How to secure Apache for shared hosting environment? (chrooting, avoid symlinking...)

  - by Alessio Periloso

  I'm having problems dealing with Apache configuration: the problem is that I want to limit each user to his own docroot (so, a chroot() would be what I'm looking for), but: Mod_chroot works only globally and not for each virtualhost: i have the users in a path like the following one /home/vhosts/xxxxx/domains/domain.tld/public_html (xxxxx is the user), and can't solve the problem chrooting /home/vhosts, because the users would still be allowed to see each other. Using apache-mod-itk would slow down the websites too much, and I'm not sure if it would solve anything Without using any of the previous two, I think the only thing left is avoiding symlinking, not allowing the users to link to something that doesn't belong to them. So, I think I'm going to follow the third point but... how to efficiently avoid symlinking while still keeping mod_rewrite working?! The php has already been chrooted with php-fpm, so my only concern is about Apache itself.

  Read the article

• Apache and fastcgi - How to secure an Apache server with fastcgi enabled?

  - by skyeagle

  I am running a headless server on Ubuntu 10.x. I am running Apache 2.2. I am writing a fastcgi application for deployment on the server. I remember reading a while back (I could be wrong) that running CGI (and by implication fastcgi) on a server, can provide 'backdoors' for potential attackers - or at the very least, could compromise the server if certain security measurements are not taken. My questions are: what are the security 'gotcha's that I have to be aware of if I am enabling mod_fastcgi on my Apache server? I want to run the fastcgi as a specific user (with restricted access) how do I do this?

  Read the article

• How secure is using "Normal password" for SMTP with connection type = STARTTLS?

  - by harshath.jr

  I'm using an email client for the first time - for the most part I've always used gmail via the web interface. Now I'm setting up thunderbird to connect to an email server of my own (on my own server, own domain name, etc). The server machine (and the email server on it) was preconfigured for me. Now i figured out away by which I'm able to send and receive email, but I noticed that in the outgoing and incoming servers section, the connection type was STARTTLS (and not SSL/TLS), and the Authentication Type was "Normal Password". Does this mean that the password will be sent across in plain text? I'm very paranoid about security - its the only way that it works for me. Can someone please post links that explain how SMTP (my outbound server) and IMAP (my inbound server) servers work, and what connection type means what? Thanks! PS: If this question does not belong here, please redirect me.

  Read the article

• Is auto-logon on laptop with encrypted hard drive secure?

  - by Tobias Diez

  I have the complete hdd of my laptop encrypted (with the Windows built-in Bitlocker) and thus have to login two times upon booting (Bitlocker and user account). Since I'm the only person using the computer (and knowing the Bitlocker password), I was thinking about automatically login into the user account to make the boot process smoother and quicker. In which cases/scenarios is this a bad idea and the additional login gives a true additionally layer of security?

  Read the article

• Is Flash a secure content delivery technology for password protected digital content?

  - by Merkel Fastia

  We are working on a project that would be a competitor to Yudu for online publishing and what we are debating is whether to use Flash for content security protection as Yudu does. See for example "The Testicle Cookbok" for which a limited (3-frame) preview is available before a password is requested by the Flash application running in the browser. Do you see any problems with this approach or could you recommend an alternative technology for password proected digital content?

  Read the article

• What is the secure way to isolate ftp server users on unix?

  - by djs

  I've read documentation for various ftp daemons and various long threads about the security implications of using a chroot environment for an ftp server when giving users write access. If you read the vsftpd documentation, in particular, it implies that using chroot_local_user is a security hazard, while not using it is not. There seems to be no coverage of the implications of allowing the user access to the entire filesystem (as permitted by their user and group membership), nor to the confusion this can create. So, I'd like to understand what is the correct method to use in practice. Should an ftp server with authenticated write-access users provide a non-chroot environment, a chroot environment, or some other option? Given that Windows ftp daemons don't have the option to use chroot, they need to implement isolation otherwise. Do any unix ftp daemons do something similar?

  Read the article

• All HTTPS, or is it OK to accept HTTP and redirect (secure vs. user friendly)

  - by tharrison

  Our site currently redirects requests sent to http://example.com to https://example.com -- everything beyond this is served over SSL. For now, the redirect is done with an Apache rewrite rule. Our site is dealing with money, however, so security is pretty important. Does allowing HTTP in this way pose any greater security risk than just not opening or listening on port 80? Ideally, it's a little more user-friendly to redirect. (I am aware that SSL is only one of a large set of security considerations, so please make the generous assumption that we have done at least a "very good" job of covering various security bases.)

  Read the article

• What are secure ways of sharing a server (ssh+LAMP) with friends?

  - by Bran the Blessed

  What is the best way to share a virtual server with friends? More precisely, I have the following assets: A virtual private server (Debian Lenny) with root access for myself, running... SSH apache2 mysql Some unused disk space Some friends in need of hosting The problem I would now like to do the following: Hosting one or several domains per friend My friends should have full access to their domains, including running PHP scripts, for example My friends should not be able to poke around in other directories The security of my server should not be compromised by faulty PHP scripts To clarify: I do trust my friends in the sense that they are not trying to do something evil with their access. I just do not trust the programs they are going to run. So, what are your recommendations for establishing such a scenario? Partial solution I already came up with the following plan: Add chrooted SSH users for my friends Add Apache vhosts per user (point the directories to subdirectories of the homedirectories, i.e. /home/alice/example.com, /home/bob/example.net, etc. But how can I enforce a chroot-like environment for the scripts they are running within these vhosts? Any pointers would be appreciated.

  Read the article

• How copy with shell commands(Linux) from 1 computer have (permanent url + open port) to 2 computer (secure way)?

  - by BenBen

  How copy with shell commands(Linux) from remote(my office computer) computer (permanent url + open port) to my (home) computer home/remote_computer_user/Desktop/test1.txt to my home computer home/home_computer_user/Downloads/ ? What I am doing: 1. ssh <user>@<computer1address> -p <port> :: success to get remote computer shell () 2. (I think I should use scp , but I dont how exactly in my case) Please if you can, write the exact commands that i should to from the shell Thanks in advance

  Read the article

• What are my options for a secure External File Share in Server 2008 R2?

  - by Nitax

  Hi, I have a Windows Server 2008 R2 machine installed on a home network with a number of files that need to be shared in a few different scenarios. I would like for all three scenarios to have a solution with some sort of encyption to protect the data during transfer. Scenario 1: I need to access files from my laptop (Mac OSX) or another computer outside of the network. This option seems like the easy one to answer in that I could use LogMeIn, the windows VPN, etc. to create such a connection. Scenario 2: I need to provide access to another user with minimal installation / configuration on his or her end. This makes me think of the new FTP 7.5 provided with Server 2008 R2 but i'm not sure of the details: Does it support SSH or some other form of encryption?, can an OSX user connect?, etc. My question here is what are my options? I really just don't know where to get started...

  Read the article

• how does hash element make a secure login on zend framework?

  - by ulduz114

  hello all i saw a example for login form same blow code class Form_Login extends Zend_Form { //put your code here public function init($timeout=360){ $this->addElement('hash', 'token', array( 'timeout' => $timeout )); $this->setName('Login'); $username = $this->createElement ( 'text', 'username' ); $username->setLabel('user name:') ->setRequired(); $this->addElement($username); $password=$this->createElement('password','password'); $password->setLabel('password:'); $password->setRequired(); $this->addElement($password); $login=$this->createElement('submit','login'); $login->setLabel('Login'); $this->addElement($login); $this->setMethod('post'); $this->setAction(Zend_Controller_Front::getInstance()->getBaseUrl().'/authentication/login'); } } and in submitAction a part code same below if (!$form->isValid($request->getPost())) { if (count($form->getErrors('token')) > 0) { return $this->_forward('csrf-forbidden', 'error'); } $this->view->form = $form; return $this->render('login'); } now , my question, whats the reason for use of hash element? how this hash element make secure login? anybody may help explain these? thanks

  Read the article

• How can I validate/secure/authenticate a JavaScript-based POST request?

  - by Bungle

  A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

  Read the article

• How to secure login and member area with SSL certificate?

  - by citronas

  Background: I have a asp.net webapplication project that should contain a public and a member area. Now I want to implement a SSL decription to secure communication between the client and the server. (In the university we have a unsecured wireless network and you can use a wlan sniffer to read username/password. I do not want to have this security problem for my application, so I thought of a ssl decription) The application is running on a IIS 7.5. It it possible to have one webapp that has unsecured pages (like the public area) and a secured area (like the member area, which requires a login)? If yes, how can I relealise the communication between these too areas? Example: My webapp is hosted on http://foo.abc. I have pages like http://foo.abc/default.aspx and http://foo.abc/foo.aspx. In the same project is page like /member/default.aspx which is protected by a login on the page http://foo.abc/login.aspx. So I would need to implement SSL for the page /login.aspx and all pages in /member/ How can I do that? I just found out how to create SSL certificates in IIS 7.5 and how to add such a binding to a webapp. How how can I tell my webapp which page should be called with https and not with http. What is the best practise there?

  Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >