w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
CentOS Webserver: Best practice for creating SSH user that is friendly with Nginx
You need to modify File Access Control. Try these commands by swapping out bob with your specific user and specific path to your web root. That way your newly created user will have to ability to read/write/execute files without the need to modify permissions. setfacl -R -d -m u:bob:rwx /var/www/mydomain.com setfacl -R -m u:bob:rwx /var/www/mydomain.com Here is further reading if you would like to know more. http://linuxcommand.org/man_pages/setfacl1.html Let me know if it helped.

Categories : Linux

Centos 6 lamp server security
This is probably off-topic for stackoverflow, you might look at serverfault. However, some quick hints: Disable access to all unnecessary ports, probably by configuring iptables. You shouldn't need to open more than 22,80, and 443. If you do run ssh, edit /etc/ssh/sshd_config and disable root login. I recommend DenyHosts as well. Turn SELinux back on. You just need to use setsebool to enable the right things. This might be all you need $ sudo setsebool httpd_can_network_connect_db 1 This will let you look at related booleans. $ getsebool -a | egrep '(http|php)'

Categories : Wordpress

Nginx + Supervisor + Gunicorn + Django + Celery - Security concerns
Supervisor will need to be root to start the other processes (like Nginx) with root privileges. That should be fine because Supervisor shouldn't interact directly with external users or accept user input. Gunicorn should be able run without privileges, you may have to change the owner of the unix domain socket it's using to be www-data instead of root. Generally in web server scenarios you need root privileges to access files and open sockets on ports below 1024. If your server can't access files, you should change their permissions rather than run with privileges. You'll generally need privileges to open up port 80 or 443 which is why modern web servers start as root, bind to their port and then shed privileges to their running user of www-data or nobody. In terms of other things yo

Categories : Security

Where is my nginx being configured? Changing nginx.conf still brings me to the 'Welcome to nginx' page
when you rewrited the nginx.conf in the folder of source code of nginx and installed it firstly, it will be copied to /usr/local/nginx/conf/nginx.conf (without specially modification of the configure in the folder of source code). But when you do this secondly, the nginx.conf in the folder of source code will be copied to /usr/local/nginx/conf/nginx.conf.defualt,and it usually don't work unless you use nginx -c /usr/local/nginx/conf/nginx.conf.defualt to assign its configure file evertime. There is a line NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" in your script above,which indicates the configure file clearly. To handle this, I suggest rewrite /usr/local/nginx/conf/nginx.conf (not the one in the folder of source code) instead.

Categories : Nginx

How to download owncloud app which is not approved?
An ownCloud app currently marked as "nor approved" is in review process stage. That probably means it could be downloaded before, but some details was changed (most likely an update). Because of this change the app has to be reviewed again to make sure no backdoors or security problems were introduced with the update. During the review process only members of ownclouds review team can access the app. As soon as it has been approved you will see the download link again.

Categories : Misc

Owncloud + Swift + Keystone
See if this ownCloud doc helps. http://doc.owncloud.org/server/5.0/admin_manual/configuration/custom_mount_config.html I would advice you to look at ownCloud discussion forum for more help. Good luck!!

Categories : Misc

owncloud installation client error
"If this module is listened there it doesn't mean that it is loaded / activated. So you or your hoster should check that the modules (pdo and pdo_mysql for example) is loaded in your php.ini."

Categories : Misc

Rewrite for owncloud shorty - from a different server
This is possible using a single redirection rule: RewriteRule ^/go/([A-Za-z0-9]{4,12}) http://cloud.domain.com/public.php?service=shorty_relay&id=$1 [QSA,L] This is mentioned in the documentation for Shortys 'Static Backend'.

Categories : Apache

Python library for caldav server (owncloud)
You probably want to provide more details about how you are actually making use of the API but in case the query command is indeed not implemented, there are other Python libraries at http://calconnect.org/caldav/implementations/librariestools.html .

Categories : Python

how to upload file via c# post request? ownCloud
Instead of trying to simulate a POST upload (which ownCloud makes fairly difficult due to security issues) you can use WebDAV to upload the file. Simply send a PUT request to http://example.com/owncloud/remote.php/webdav/some/path

Categories : C#

OwnCloud enhance core features with App (eg. user registration)
After a lot of digging around I did figure out a way to do this. In the App's app.php file, you can force a script to be loaded if the plugin is enabled: $api->addScript('script_name'); // without .js In that script jQuery can be used to add the elements to the page where you need them. This was a good solution for me since I only needed to add a single button to the login page. I can see this being a bad idea if you want to make vast modifications. At that point you might as well just create a separate page that you have full control over.

Categories : Misc

Access Owncloud data files stored same server from php
I assume you try to load the image directly via a url pointing to the files location inside the owncloud file structure? owncloud will prevent this, in the end you are trying to access internal or private data via a public url. That would be a huge security flaw. If the image is inside a users file hierarchy inside owncloud then you can access it using the "official" link, as long as it is shared by the user. The only workaround would be to use administrative means on server level. This is of course something the owncloud software cannot prevent. If you have those rights you can create a second Directory / Location inside the http servers configuration to provide a second base url publishing those files. This would access the file system whilst bypassing the owncloud software. But take

Categories : Image

Restarting nginx: nginx: [alert] Unable to start the Phusion Passenger watchdog because its executable
Passenger takes what you set in the file nginx.conf by passenger_ruby, for example: passenger_root /home/dev/.rvm/gems/ruby-1.9.3-p448/gems/passenger-4.0.5; passenger_ruby /home/dev/.rvm/wrappers/ruby-1.9.3-p448/ruby;

Categories : Ruby

Can a server run Nginx for some sites and Apache Nginx Reverse Proxy for others?
server { server_name example.com; location / { # assuming apache is on port 81 for example proxy_pass http://127.0.0.1:81; # to make apache detect the host header proxy_set_header Host $host; } # if you have assets folders, you can let nginx serve them directly, # instead of passing them to apache location /images { # or /css or /js .. etc try_files $uri =404; } } Note: in the case of assets, sometimes some sites serve assets through rewrites, or even handled by the application it self, you can pass it to apache by adding that in the assets location as a fallback like this location /images { try_files $uri @apache; } location @apache { proxy_pass http://127.0.0.1:81; } In apache you create a virtual host <Virtua

Categories : Apache

Spring Security 3.1.x & JSF 2.0 : " BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains' "
I would start by checking your classpath (look in the lib directory of your WAR file) and make sure you don't have different Spring jars in there. It's not uncommon for maven to pull in transitive dependencies from some dependency and cause you to end up with Spring 3.0.x and Spring 3.1.x jars at once. You can avoid this by adding exclusions to your pom, or more simply by explicit versions each Spring jar you need. Then make sure you are using up-to-date versions of both Spring Security and Spring. Note that Spring and Spring Security are separate projects with independent version numbers. There's no reason why you can't be using Spring 3.2.3 with Spring Security 3.1.4, for example, but you should have the latest minor version of whichever release you choose.

Categories : Java

What are the security ramifications of checking security with an HTTP call to an external server?
HTTPS makes sure the message can't be read or tampered with any relaying parties (proxies, etc.) but it doesn't guarantee the source of the data is trusted. If another service can determine the other URL and wire format they could spoof a request to it. This is generally where something like request signing comes into play using a shared-secret signing mechanism. Twilio's API uses this method to prove to you that they're actually calling your servers. HTTP Signatures is a proposal for a standardized way of doing this.

Categories : Api

Cannot perform CAS Asserts in Security Transparent methods security level issue
I guess you are using a shared host, so there's no way you can changed trust level if they don't give you permissions to do it. What versions of the MySQL connector are you using? Have you tried copying them to the in folder of your project? (right-click on MySQL.* references and setting then to "Copy Local = true") Are you able to try to connect to your database server from localhost to make sure your connection string parameters are ok?

Categories : C#

java.lang.ClassNotFoundException: org.springframework.security.access.expression.SecurityExpressionHandler when using tag
When I checked my WEB-INF/lib folder I found that I had different versions of spring-security jars, some had 3.1.4 and others 3.0.2. It's working well now with all jars on 3.1.4 version ! Thank you Luke, your comment gave me the answer !

Categories : Spring

System.Security.SecurityException Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission
I am also facing the same issue in my code. I have did the following and the issue has resolved. Please try the below and let me know whether it is solved the issue or not. File > Info > Design Checker > Open the Design Checker Window. In that, click Change Settings > Security and Trust > Choose the option Full Trust.

Categories : Sharepoint

Spring security override specific message : Your login attempt was not successful, try again. - not found under org.springframework.security
Actually it is easy resolvable by custom login form. Since it won't display any of sf error messages we can pass error param back after processing. Consequently simply check for this param and add whatever text message you like. authentication-failure-url="/login?error=true" then in our new login page simply add something like: <c:if test="${error}"> <s:message code="AbstractUserDetailsAuthenticationProvider.badCredentials"/></c:if> where you can use any message code from your resource bundle.

Categories : Spring

ajax security versus php include in root directory security
There is nothing to stop someone from looking at your JavaScript code, getting the URL to the AJAX call. However, if security is a huge issue then look into session variables and the method of storing the value(s). There is file, database and cookie. You do not want php to store session variables in a cookie as these would be accessible to the visitor (they are stored like normal cookies). Set a session value, when the AJAX request is made then check if the session value is also set. If it is then continue as per normal. If it isn't (and the session could have timed out) then do nothing.

Categories : PHP

Providing security for Restful Web Services into existing Spring security 3.1
You should use two http tags. One for your web application and the other one for your REST API. Let's say, you can use an entry point web/** for your web app and an entry point api/** for your REST API. You propaply want to secure your API with HTTP Basic, so your web app should work with form login (that uses java session) and your REST API with HTTP Basic authentication. REST APIs are better secured with OAuth 2, but depending on size or audience of your application would be overkill.

Categories : Spring

WCF Security - Transport Level Security with username password
I think your consumers are asking for Basic Authentication. That is, where the authentication token is passed in the HTTP Authorization header rather than in the SOAP security header. Confidentiality of the credentials will be provided only by the transport (HTTPS). The binding configuration for this is: <basicHttpBinding> <binding name="HTTPSwithBasicAuthentication"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </basicHttpBinding> On the client, you set the credentials like this serviceClient.ClientCredentials.UserName.UserName = "username"; serviceClient.ClientCredentials.UserName.Password = "password"; Assuming your service is hosted in IIS, remember to enable Bas

Categories : C#

Spring Security - 'global-method-security' does not work
Looks like you should follow with recomendation from Spring Security Reference Manual: The annotated methods will only be secured for instances which are defined as Spring beans (in the same application context in which method-security is enabled). A similar problem is discussed here: How can <global-method-security> work on my controller by Spring-Security? See the last post.

Categories : Java

Spring security 3.2.0 > deprecated
I'm not sure if this answer can help you. However, the warning message generated by IDE is not a big problem because you did not use the deprecated method. I'm using spring security too and I also can see the same warning message but the service is working perfectly. I'm sorry if the answer is not you wanted.

Categories : Spring

Got security prompt for "yui.yahooapis.com" with security set to High on IE
This is by design. When you have IE security set to high, all JavaScript is disabled. IE security settings set to high - javascript not working

Categories : Internet Explorer

Why do Web Services use WS-Security instead of using Transport Layer Security?
Many people new to Web services see SOAP as a way to exchange messages between two endpoints over HTTP. Over HTTP, one can authenticate the caller, sign the message, and encrypt the contents of the message. This makes the message secure in several dimensions: the caller is known, the receiver of the message can verify that the message did not change in transit, and entities watching the wire traffic cannot figure out what data is being exchanged. For those looking at SOAP messaging to solve bigger problems, however, HTTP-based security simply isn't enough. Many of the bigger problems involve sending the message along a path more complicated than request/response or over a transport that does not involve HTTP. The identity, integrity, and security of the message and the caller need to be pr

Categories : Ssl

Spring security- org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains'
Looking at the stacktrace information it appears as if you have conflicting framework jars in your classpath. When using maven use mvn dependency:tree to figure out which dependencies get used, I suspect that there is an older spring-beans.jar in your classpath.

Categories : Java

Explain the difference between Java *client* security concerns and *server* security concerns
Generally speaking you don't see many CVEs that affect the server side because the server side virtually never runs user provided code (or an attacker's code). The vulnerabilities with server side are mostly failure to properly handle input, and issues with configuration, so not Java's fault. The client side however (applets being a great example) has lots of CVEs because the user's local JVM is actually running byte code that was provided by the attacker. Vulnerabilities in the JVM can then be triggered and exploited. These same vulnerabilities are usually present on the server side, but they aren't accessible to attackers. Another reason you don't see many server side CVEs is because most of the server side vulnerabilities are application/implementation specific, and only affect t

Categories : Java

Spring Security UI plugin for Grails creates neither spring-security-ui.css nor i18n files
Try extracting the files from the directory you need, from the version you need https://github.com/grails-plugins/grails-spring-security-ui/tree/master/grails-app/assets/stylesheets https://github.com/grails-plugins/grails-spring-security-ui/tree/master/grails-app/i18n

Categories : Grails

System.Web.Security.AntiXss.AntiXssEncoder vs Microsoft.Security.Application.AntiXssEncoder
The one in the System.Web.* namespace is a clone of the one in the Microsoft.Security.* namespace, but the System.Web one is slightly tweaked for better performance characteristics. We recommend the System.Web one going forward. If you set the <httpRuntime encoderType> setting as described at http://www.asp.net/aspnet/overview/aspnet-45/whats-new#_Toc318097382, then you can just use the built-in encoding routines like HttpUtility.HtmlEncode, and the implementation will be provided by the Anti-XSS libraries.

Categories : Asp Net

Is it impossible to have both transport level security and message level security in rampart? Why?
I too agree to the point that the specification doesn't say if we can use more than one binding or not (but may be we both have missed it). But you can still use Asymmetric binding for an HTTPS endpoint.

Categories : Java

AWS s3fs - CentOS 6.4
I generally recommend against s3fs. Its not that it can't work, but it creates the expectation that the mount is a block device when it isn't. S3 stores files as complete objects. Operations are on the object in its entirety. This is in contrast to a disk volume where operations are done on blocks. As such, certain tools and operations don't work well with s3fs. Under the covers, files accessed on s3fs are actually cached locally on the disk.

Categories : Amazon

CentOS, sendmail no corresponding with PHP
(Started as a comment but it's getting a bit long) You've provided no details of any attempt to resolve this yourself. What have you tried? It would be helpful if you provided the output of: <?php $mc=ini_get('sendmail_path'); print "config: $mc <br /> "; $p=explode(' ', $mc); if ($p[0]) { passthru("ls -l " . $p[0]); } else { print "no mua "; } print "<br /> "; print "running as " . posix_getlogin() . " <br />";

Categories : PHP

mysql 5.5 on centos 6.4
One way is to install all the RPMs at the same time with yum install MySQL*.rpm, which ideally should take care of all package dependencies and upgrades. You can also get around this problem by using the --replacefiles option to RPM: rpm -ivh --replacefiles MySQL-server-5.5.32-1.el6.x86_64.rpm That uses the error message language files from the server package to overwrite those in the 5.1 version that comes with CentOS.

Categories : Mysql

I can't run cqlengine on centos
You need to upgrade python on your centos box. It looks like you're using python 2.6 on your centos box. Set comprehensions (what's happening in the cqlengine file) were not introduced until python 2.7. That's most likely your problem.

Categories : Django

installing NTP on CentOS 6
It seems like your active repo do not provide all needed packages. Try to add a repo (ex. EPEL) For a detailed howto install see http://fedoraproject.org/wiki/EPEL After that try again to install ntp with yum install ntp

Categories : Linux

Apache, PHP, Centos 6
Make sure you have the PHP module loaded. Somewhere in your config you should see something like: LoadModule php5_module modules/libphp5.so Then, make you you add a handler to handle files with the php extension: AddHandler application/x-httpd-php .php .php5 .phtml AddHandler application/x-httpd-php-source .phps

Categories : PHP

Can I downgrade gcc in centos 64 bit?
Actually I think 4.4.7 will be OK. If you're having trouble using 4.4.7, please post a new question with the details of the problems you are having. Although the link you reference mentions 4.4.5, that simply means what CUDA was tested with. If you look in /usr/local/cuda/include/host_defines.h you will see that the enforced limit is 4.6.x or below: #if defined(__GNUC__) #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 6) #error -- unsupported GNU version! gcc 4.7 and up are not supported! #endif /* __GNUC__> 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 6) */ #endif /* __GNUC__ */ If you really want to install a different gcc/g++, it is possible, you can search on those topics on stack overflow, or on the web. Here's one example on the web of a how-to s

Categories : Linux

PHP modules on CentOS Server - Which ones do I need?
I may not have the complete list, but here would be some suggestions: php-mysql php-pdo php-pear php-pecl php-xml If I were you, however, I would install the PEAR package manager, and install all your required extensions or modules from that. Seems like that would be easier to manage all your php libraries from a single source, because I would bet that at some point you'll want to use a php library that's not available via your yum repository.

Categories : PHP



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.