Our Sitecore installation was in dire need of a way to lock down file uploads on forms built with the Web Forms for Marketers (WFFM) module; out of the box, it doesn't do any checking at all, which can lead to some risky situations. I …
Tagged: security
Validating file uploads in Sitecore WFFM
Tags:Disable SSLv3 to avoid POODLE attack in web.py
Tags:An open source application that I contribute to uses web.py to provide a web server platform for its services alongside the other platforms available. I recently updated it to use a sane set of default ciphers and to disable the SSLv3 …
LDAP authentication with C#
Tags:LDAP, or Lightweight Directory Access Protocol, is a convenient, central repository for a system's personnel information. LDAP (and other Active Directory services) are widely-used by organizations big and small to consolidate user …
Add password maintenance feature to cgit with PHP
Tags:Have you ever wanted to have a nifty, browser-driven password maintenance feature in your htpasswd-secured cgit site? I've been meaning to build this for a while—and I finally did it.
Easy SSL redirection for select folders in nginx
Tags:I have many various web applications installed on my server; some of them need to be wrapped in a secure connection, while it is less important (or meaningless) for others. For those applications whose security I am concerned about, I've …
Programmatically modifying file permissions in .NET
Tags:For one reason or another, somewhere down the line, you're probably going to want to modify a file's access permissions from your code. Maybe your users have a nasty habit of overwriting them, or you want to ensure that newly-created …
Redirect Tomcat to FQDN
Tags:Recently, I have been trying to configure several Tomcat servers (versions 5.0, 5.5, and 6.0) to restrict all traffic to SSL and ensure that all requests are served through the FQDN (fully-qualified domain name) of the server involved. …
LDAP authentication with VB.NET
Tags:LDAP, or Lightweight Directory Access Protocol, is a convenient, central repository for a system's personnel information. LDAP (and other Active Directory services) are widely-used by organizations big and small to consolidate user …
Prepared SQL statements in VB.NET
Tags:Thousands of websites have been hit lately by the rash of SQL injections being perpetrated en-masse. Most languages (current versions, at least) have a procedure for separating parameters from the query they augment in an effort to …