Home

security

Create an iptables firewall

Sun, 02/21/2010 - 22:23 by jbernat   Tags:

Its very important to firewall your server if its directly connected to an untrusted network.

I put together this sample for my box by using this helpful iptables tutorial.

This configuration allows any outbound traffic, and inbound requests only on ports 25, 80, 110, 443, and 37530. Everything else gets sent to the LOGNDROP rules which log the attempts on syslog, but no more than 5 per minute, and then discards the packets.

»

SQL Injection Avoidance

Sat, 02/20/2010 - 20:58 by jbernat   Tags:

SQL Injection is a serious security concern for any application that accepts user input and executes SQL created by concatenating strings including user-provided values.

How does this present a risk? Consider the following:

s = "SELECT * " +
"FROM users " +
"WHERE username = '" + username + "';"
db.execute(s)

Now consider if the user entered the following value into the login form as their username:

'; DELETE FROM users; --

»

Disable Firefox 3 "(extension) will not be installed because it does not provide secure updates"

Sun, 02/14/2010 - 15:49 by jbernat   Tags:

Firefox 3 will refuse to install an extension if it does not have a secure update URL.

If you wish to bypass this safeguard, do the following:

  1. In the address bar type "about:config" and press enter.
  2. Click through the Firefox warranty disclaimer. (amusing)
  3. Right-click in the list of preferences.
  4. Select New and then Boolean.
  5. Enter "extensions.checkUpdateSecurity" as the preference name.
  6. Choose "false" as the value.
»