Skip to main content

Tag: security

Validating file uploads in Sitecore WFFM

Our Sitecore installation was in dire need of a way to lock down file uploads on forms built with the Web Forms for Marketers (WFFM) module; out of the box, it doesn't do any checking at all, which can lead to some risky situations. I tacked on a simple whitelist …

Continue reading

Disable SSLv3 to avoid POODLE attack in web.py

An open source application that I contribute to uses web.py to provide a web server platform for its services alongside the other platforms available. I recently updated it to use a sane set of default ciphers and to disable the SSLv3 protocol in order to avoid the POODLE attack …

Continue reading

LDAP authentication with C#

LDAP, or Lightweight Directory Access Protocol, is a convenient, central repository for a system's personnel information. LDAP (and other Active Directory services) are widely-used by organizations big and small to consolidate user credentials and identification data. For instance: a reporting services application, a webmail client, and a database administration suite …

Continue reading

Add password maintenance feature to cgit with PHP

Have you ever wanted to have a nifty, browser-driven password maintenance feature in your htpasswd-secured cgit site? I've been meaning to build this for a while—and I finally did it. Granted, this was not a difficult task, and I'm not expecting to bask in any glory for completing …

Continue reading

Easy SSL redirection for select folders in nginx

I have many various web applications installed on my server; some of them need to be wrapped in a secure connection, while it is less important (or meaningless) for others. For those applications whose security I am concerned about, I've developed an easy way to force nginx to serve the …

Continue reading

Programmatically modifying file permissions in .NET

For one reason or another, somewhere down the line, you're probably going to want to modify a file's access permissions from your code. Maybe your users have a nasty habit of overwriting them, or you want to ensure that newly-created files are given a specific permission mask. Whatever the reason …

Continue reading

Redirect Tomcat to FQDN

Recently, I have been trying to configure several Tomcat servers (versions 5.0, 5.5, and 6.0) to restrict all traffic to SSL and ensure that all requests are served through the FQDN (fully-qualified domain name) of the server involved.

Well, the first half of that adventure was relatively …

Continue reading

LDAP authentication with VB.NET

LDAP, or Lightweight Directory Access Protocol, is a convenient, central repository for a system's personnel information. LDAP (and other Active Directory services) are widely-used by organizations big and small to consolidate user credentials and identification data. For instance: a reporting services application, a webmail client, and a database administration suite …

Continue reading

Prepared SQL statements in VB.NET

Thousands of websites have been hit lately by the rash of SQL injections being perpetrated en-masse. Most languages (current versions, at least) have a procedure for separating parameters from the query they augment in an effort to prevent SQL injection, and VB.NET is no different.

Assuming you have stored …

Continue reading