Skip to main content
I'm streaming on Twitch right now. You should stop by. Let's go!

Tagged: security

  • Validating file uploads in Sitecore WFFM


    Our Sitecore installation was in dire need of a way to lock down file uploads on forms built with the Web Forms for Marketers (WFFM) module; out of the box, it doesn't do any checking at all, which can lead to some risky situations. I tacked on a simple whitelist attribute to the UploadFile control, and our security engineer can breathe easy.  …

  • Disable SSLv3 to avoid POODLE attack in web.py


    An open source application that I contribute to uses web.py to provide a web server platform for its services alongside the other platforms available. I recently updated it to use a sane set of default ciphers and to disable the SSLv3 protocol in order to avoid the POODLE attack the Internet is currently buzzing about. Here's an abstract example so that you can do this yourself at home.  …

  • LDAP authentication with C#


    LDAP, or Lightweight Directory Access Protocol, is a convenient, central repository for a system's personnel information. LDAP (and other Active Directory services) are widely-used by organizations big and small to consolidate user credentials and identification data. For instance: a reporting services application, a webmail client, and a database administration suite can all read from the same Directory, with no need for replicating user information. John Doe only has to remember one password for all systems. When he changes it, those changes cascade across the board.  …

  • Add password maintenance feature to cgit with PHP


    Have you ever wanted to have a nifty, browser-driven password maintenance feature in your htpasswd-secured cgit site? I've been meaning to build this for a while—and I finally did it.  …

  • Easy SSL redirection for select folders in nginx


    I have many various web applications installed on my server; some of them need to be wrapped in a secure connection, while it is less important (or meaningless) for others. For those applications whose security I am concerned about, I've developed an easy way to force nginx to serve the application over an SSL connection. The method involves creating empty foldername.ssl files in a specific location, and then comparing the base folder name of an HTTP request against these file names. If there is a match, the connection is redirected to an https:// URL.  …

  • Programmatically modifying file permissions in .NET


    For one reason or another, somewhere down the line, you're probably going to want to modify a file's access permissions from your code. Maybe your users have a nasty habit of overwriting them, or you want to ensure that newly-created files are given a specific permission mask. Whatever the reason, the following C# code example shows how to modify a file's access permissions using the System.Security.Principal and System.Security.AccessControl namespaces.  …

  • Redirect Tomcat to FQDN


    Recently, I have been trying to configure several Tomcat servers (versions 5.0, 5.5, and 6.0) to restrict all traffic to SSL and ensure that all requests are served through the FQDN (fully-qualified domain name) of the server involved. Well, the first half of that adventure was relatively easy to figure out (thanks to Google and some newsgroups). However, the second half of it all—the FQDN redirection—has been boggling my mind (and my search results) for a little while… that is, until now.  …

  • LDAP authentication with VB.NET


    LDAP, or Lightweight Directory Access Protocol, is a convenient, central repository for a system's personnel information. LDAP (and other Active Directory services) are widely-used by organizations big and small to consolidate user credentials and identification data. For instance: a reporting services application, a webmail client, and a database administration suite can all read from the same Directory, with no need for replicating user information. John Doe only has to remember one password for all systems. When he changes it, those changes cascade across the board.  …

  • Prepared SQL statements in VB.NET


    Thousands of websites have been hit lately by the rash of SQL injections being perpetrated en-masse. Most languages (current versions, at least) have a procedure for separating parameters from the query they augment in an effort to prevent SQL injection, and VB.NET is no different.  …

View all tags