Deploying .ipa To End Users - ipa

I need to create a permanent link to share .ipa to end users. I know only two ways to do:
diawi: but the link that is generated isn't permanent
itms-service: itms-services://?action=download-manifest&url=itms-services://?action=download-manifest&url=https://www.example.com/manifest.plist
but in the server i do not have a secure certificate so https links are not allowed.
Can anybody gives me any hint or any other way what i can do?

Related

how does google verify ownership of a website?

In order to verify that I own a website, google asked me to do the following:
Download this HTML verification file. [googleXXX.html]
Upload the file to http://www.example.com/
Confirm successful upload by visiting http://www.example.com/googleXXX.html in your browser.
Click Verify below.
To stay verified, don't remove the HTML file, even after verification succeeds.
The file provided by google contains a single line:
google-site-verification: googleXXX.html
How that this work? How is that supposed to tell them that I actually own that domain?
It doesn't tell them that you own it, it tells them that you have write permission to it. That's considered enough.
It demonstrates that you have sufficient control of the web server at the domain to be able to add pages to the website. The assumption is that this level of control would only be available to the owner of the domain, or a delegated administrator.

What causes a "this connection is untrusted" issue?

I am new to development and at my new job we have this issue where on a sub-domain users are getting the error you see below but when they go to the base domain (e.g: domain.com) they don't see that.
I am supposed to solve this but not sure what might be causing it. I am not looking for somebody to solve this for me but if you can outline possible reasons why, i would be very thankful.
First thing: open up the "Technical details". They will give you more information, information you might or might not yet fully understand, but it still have the necessary info.
Basically, SSL (https) certificates are created for a specific domain. If the domain name changes (from e.g. example.com to foo.example.com), the certificate can not be used without a security warning popping out.
You need to create (either by self-signing or purchasing) separate SSL certificates for all the host names/domains under which the site will be accepted, to avoid the security warning. An alternate option is to purchase a wildcard certificate for the entire domain and sub tree (ie: *.example.com).
There are, to the best of my knowledge, no other ways around this; it's one part of how the HTTPS security is established.
When you're running HTTPS, you should have a different certificate for each server (subdomain) not each domain and the client should trust it if you don't want them to see this error.
You can use a wildcard certificate also. It would inherit through all subdomains.

HTTPS downloads/uploads

my website is accessible through https, so it provides a secure connection to the user that has to fill in some sensible details.
Does the security extend also to downloads and uploads done through the website?
For example. I provide a simple "Browse" button to upload a file, or a link to download a file hosted on the website, is the download/upload secure as well?
Thanks
Let me explain some things first.
SSL is just a layer or a connection., whichever data that is being sent/received to your website are in packets and are successfully encrypted, whilst this hopefully prevents "Man-in-the-Middle Attack".[Good news..right ? :-)]
But .. as per your request No SSL does not ensure security when it regards to uploads/downloads.
You need to add exception to file types [MIME] that you are letting other (end-users) to upload to your server [Here, SSL has no work here]. You have to set these limitations on your coding part., If these things are not handled properly, a hacker may upload a SHELL script on your upload section and can gain root access to your server and you can't blame this on SSL.

On password-protected site, how to whitelist certain referring domains?

I have a site that is password-protected using a .htaccess and .htpasswd file. I'd like for users to bypass the login prompt ONLY if they come from a certain domain. Can this be done by embedding the .htaccess credentials as parameters in the link somehow?
I do manage the domain I'd like to whitelist, so how can I pass GET parameters in the link that the .htaccess file will process?
You should rethink this as it is trivial to spoof the referring domain (or any information from the client).
You users can easily select to save their username / password if they wish to.
That would be highly insecure, the http referrer can be easily manipulated and your login bypassed.
If you own the other sites you can add some http header or GET var. If you don't, start thinking another solution for what you want to do.

Storing commercial files on the server

Where would you store files that are meant for sale on an e-commerce website?
Somewhere out of htdocs/wwwroot/etc. You don't want anyone to link to them directly. You should have a page/script that can read that location and send the file back.
On a secure server in a network zone that is not directly accessible from the internet. Your webserver can then access and retrieve files only for authorised users.
Rule of thumb: Not in htdocs (i.e. not accessible from the internet).
What do you want to do with those files? Offer them for downloading after a customer payed? You should manage the credentials by a server sided script (e.g. a PHP script) and give that script access to the file.

Resources