Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Can I use XAMPP for real to serve to WWW, not just my localhost? I see some warnings in some articles on internet not to do that and that XAMPP is for testing only and that hackers will screw it up... If so, what kind of SPECIFIC security holes and problems does it have that is not secure to serve for real?
I don't want some lose answers. I want SPECIFIC answer about the security holes or weaknesses of XAMPP. Thanks!
This is not an answer, more a long comment.
Here be Dragons:
The issue with the 'out of the box' XAMPP setup is that all the passwords are defaults and everyone knows them. You need to change every password. If you are not using certain services then disable them if you don't want to bother changing the password.I disabled DAV for this reason. I use XAMPP as an internet facing server and never have bother. I am on version 1.7.7. been using it for years.
If you are using it on a 'home' network with dynamic ip. If you want a domain name then you need to use a service that provides support for your ip address changing regularly. i use 'dyn' but there are others.
As #Braders has commented. Security is a major issue! Get it wrong and your server will be used for all sorts of nasties, both to your pc and others on the internet. I would suggest an external scan for security issues before you leave it permanently connected to the internet.
I set my server up a few years ago and i am starting to remember all the checks i made at the time. It took many days before i could 'trust' it. Lots of time looking at the access logs etc.
If you are not sure then do not do it. It is very easy to get the setup wrong.
The major issue with running any server is that you are making 'holes' in the firewall and that can be 'interesting' as to what comes in.
As was also mentioned by Braders, you really do need to check with your internet provider to ensure it is allowed by your agreement.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I am new to web development, and particularly for the back end, I was wondering what are the first basic precautions should be implemented to ensure cybersecurity to avoid any exploits which could leak user data or credential for example.
First of all make sure you are following the CIA model:
Confidentiality: Refers to access control of information to ensure that those who should not have access are kept out. This can be done with passwords, usernames, and other access control components.
Integrity: Ensures that the information end-users receive is accurate and unaltered by anyone other than the site owner. This is often done with encryption, such as Secure Socket Layer (SSL) certificates which ensure that data in transit is encrypted.
Availability: Ensures information can be accessed when needed.
Some other tips would be :
Use SSL certificate.
Take precautions when accepting file uploads through your site.(Incase if you have)
Use CSP (To prevent against Cross-site scripting)
Set permissions that controls who can read, write, and execute any given file or folder of your website.
Limit Login Attempts and temporarily lock out IP Addresses that make several failed attempts to get inside.
Keep scripts up-to-date.
Maintain multilayer security and keep backup.
And please take care of your Database, how you create and link it.
Lastly, show the beta version of your website to someone with good experience to look for any loopholes before your website goes live.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have been looking about the pros and cons of browsers specifically for security property. Please share if you know which browser is more secure than others and why it is so.
Each browser have different security features, vulnerability, maybe even NSA backdoors for some of them, at some point in time but... http://www.infosecurity-magazine.com/view/33645/there-is-no-single-most-secure-browser/
You might want to look here for additional insight : http://slashdot.org/story/13/06/23/0317243/ask-slashdot-most-secure-browser-in-an-age-of-surveillance
There is not web browser that is more secure than other in big margin, reason being is that most todays browsers use at most same standard. For example, usage of javascripts is allowed or disabled by default, tracking and sharing, your ip... Beacause this question does not have proper answer, here is example how to make web browser secure as much as possible if needed:
In this example I will use Mozilla Firefox.
First step is disabling javascripts in web browser (manually or by implementing some plugin to do that, for example "NoScript")
Disabling javascripts will disable viewing web pages properly or using them beacause almost any website today use javascripts. But we talk now about security.
Second step should be disabling tracking and sharing again, manually or by some plugin.
Third should be usage of some proxy server to hide your ip.
There is to many different things that could be done, also note again, javascripts, that are required for proper displaying page content and proper interaction with them on almost all modern websites, but can be big security hole, for example, session hijacking, forcing browser to get your geolocation and to many other things...
My reccomendation is to see first exactly, what you would like to protect, and then search on google how to do that.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have found the internet to be a massive time sink for me.
My efforts to block the websites that are utterly useless to me have been vain for the simple reason that, if I am bored enough, I will bypass the block.
All I can think of is to use the hosts file and a file monitor to ensure it has a loopback in place every time it is edited.
Note: I run Linux and Mac.
StayFocusd is a productivity extension for Google Chrome that helps you stay focused on work by restricting the amount of time you can spend on time-wasting websites. Once your allotted time has been used up, the sites you have blocked will be inaccessible for the rest of the day.
It is highly configurable, allowing you to block or allow entire sites, specific subdomains, specific paths, specific pages, even specific in-page content (videos, games, images, forms, etc).
You could block the website on your router, assuming you have a firmware that allows for it. You could make a long, not easily typed password to the router and then it would (hopefully) so inconvenient that you wouldn't bother changing it when you're bored. On the other hand, you could just not go on these sites.
Try creating a crontab task which checks and updates the hosts file every few minutes. You can obfuscate the job and script to make it more time consuming to remove.
Check out: https://www.rescuetime.com/
Supposedly their product is designed for this purpose.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I'm currently testing all ways to get it done.
I will host a website project inside a Linux cloud server with dedicated resources and CentOS 6.
Now I'm stuck with apache and nginx, which should I choose?
I read some tests, saying nginx is a lot faster.
But I have a lot more experience with apache.
Also what should I use to load balancer, Linux tools like Hearbeart, peacemaker. Or should I go with nginx upstream?
Also I looked at nginx plus LAMP where nginx serve load balancer.
Please help me to decide.
Thanks
Based off your question and the comment you made above I'd recommend going with apache. I cannot claim to be an expert with nginx or apache, but do know that nginx is very well known for its super fast serving of static content. Apache will get the job done just fine, and being as you said you know more about apache there is nothing wrong with going that route.
As far as load balancing....it would be my opinion based off what you've said to not worry about load balancing unless you have a need for it. It might be more helpful for you to increase the size/memory/etc of your server if you are experiencing an inability to keep up with demand.
Also based off what you've said I would take a look at what problems you see in your set up and try attack those on an individual basis. Looking at the whole set up and wanting a solution will be difficult for you and anyone helping to really give you good solid advice without knowing what specifics you are having difficulty with.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I have quite a few domains that I manage (100+) and I'm getting tired of GoDaddy's management. Whenever I need to make changes shifting things around to DreamHost or Heroku to Google App Engine or my own VPS and private servers things eventually get hairy and it's tiresome to have to go to multiple locations in order to manage things.
I was curious if there was a solid option for developers that need robust domain management. I don't really (and PLEASE correct me if I'm wrong) see an answer with DynDNS or EasyDNS options. Perhaps I'm overlooking something.
I'm really looking for a single console to rule them all (i.e., register wherever and set NS entries to the master service) and to then be able to go into a domain and, by using a template split everything out to where I want it go go. In other words by setting up my own DNS templates I could with one fell swoop set up Google Apps sub domains, development dyndns cnames, AWS CDNs, etc. etc. etc.
Anyone aware of such a comprehensive solution?
I'm quite happy with DynDNS but I'm equally satisfied with Zerigo. Templates, AJAX interface, migration tools, an API...
Short of deploying your own infrastructure or piggybacking off something like Dynect, I'd hazard that Zerigo should do everything you want. The fact that it's recently been acquired by 8x8 suggests other people agree.
[I don't work for them if this sounds like a plug ;)]