Skip to content
Fragmented Development

Posts Tagged With security

All of the following posts share a tag, and are related to that subject. If you would like to try another subject, you can pick from the available tags.

Headless server and disk encryption

As an enthusiast of encryption, it always felt a little strange that my servers kept all of their data in the clear. But the problem with encrypting a headless server is that, inevitably, you have to reboot it. So how do you connect to your server and unlock the drive before it boots? It's quite the catch-22.

Read the full post: Headless server and disk encryption

Keeping keys for SSH, and passwords for SFTP

My VPS has lots of different applications residing on it, and many people need to access it in various ways. Sometimes, tightening security for one group can negatively impact another.

Read the full post: Keeping keys for SSH, and passwords for SFTP

Better permissions for uploaded files in Django

Django assigns permissions to any user-submitted files it saves. If you don't explicitly set what these are, it uses an operating system default - which, in most cases, is 0600. If you're unfamiliar with unix-style file permissions, that means the following:

Read the full post: Better permissions for uploaded files in Django

Troubleshooting: Scheduling Batch Scripts in Server 2003

For all of us stuck in a Windows Server environment, hopefully this will help a bit.

Read the full post: Troubleshooting: Scheduling Batch Scripts in Server 2003

Information Overload

I've recently been reading the planets: Planet Ubuntu and Planet Web Security, in addition to my daily blogs. Planets are really just lots of blogs tied together into one RSS feed, so in essence I just started reading forty more blogs in two additional subscriptions.

Read the full post: Information Overload

How To Dodge SQL Injection

Recently, a lot of .gov and .edu web sites have been the target of SQL Injection attacks that seed their database with Javascript that does all sorts of nasty things, including targeting an old RealPlayer vulnerability. For all the gory details on this particular incident, I recommend reading the Web Security Blog over at ModSecurity.com for all the details, or the original SANS report of the attacks.

Read the full post: How To Dodge SQL Injection

Oh I'm a lumberjack and I'm okay...

I've been getting IIS worker process errors lately. I can't really track them down to a certain page or a specific recurring time of the day, and it's driving me crazy. As a last resort, I re-enabled logging on the main Warren County site. It turns out that I still have quite a bit to learn about a server administrator: I should have been doing this for months.

Read the full post: Oh I'm a lumberjack and I'm okay...