It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
How can I turn my website into a secure website. I want it to run on secure webpage such as Facebook most apps run on secure page.
I want to know if I have to buy new domain or I can do with my same domain or if there is some setting to do so?
I have never worked with secure web.
Or if there is some good secure provider etc etc kindly tell me.
Get an SSL certificate. http://www.digicert.com/
If your using IIS, install the certificate to point to the directory where your web pages will be saved. And if you update all your links to https:\ that will make the user direction faster. No need for a different domain name.
When the viewer comes to your site, the browser will redirect to the ssl.
I can't help with apache or any of the other linux variants.
You could have a look at an Apache tutorial for SSL certificates. Setting up Apache locally, you can get to know certificates (generate your own, freely) and try deploying one.
It is possible to deploy a so-called self-signed SSL certificate online, but the user will be alerted that it is untrusted. What you pay for is the trust of a Certificate Authority, which in turn has paid the web browser to trust them. A "chain of trust".
Actually, some ISPs lack support for SSL(!) so that's good to establish beforehand.
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
What does SSL do and what are the bad things that can happen if I omit SSL for my website?
SSL prevents man-in-the-middle attackers from seeing or modifying data as it's sent through the internet.
Any page which contains or asks for sensitive information, or any page which involves code that executes with elevated privileges (eg, browser addins or software downloads) should use SSL for all requests.
In theory, a signed SSL certificate also indicates that the signatory has verified the identity of the site, but that doesn't mean much.
Basically everything in HTML is sent in plain text formats, meaning if intercepted it could be ready very easily.
SSL makes all the plain text into encrypted mumojumbo that is extremely difficult to decrypt and read.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I tried a lot of time,but failed.could any one tell me step-by-step?can i only use tomcat and keytool?
the process is a bit complicated, you need understand how Certification Authority(CA) and Public Key Infrastructure (PKI) works. steps
Create RootCA
Generate key pairs for tomcat server and clients
Generate CSR using step 2's keypair
Sign CSR with RootCA
Import CA reply
Install RootCA as trusted CA and Signed certificate in Server and clients machine.
Modify tomcat connector settings to use two-phase SSL
if you are not familiar with keytool or openssl command line, there are some GUI aviabile, e.g. portecle TinaCA
And if you have windows server running, you can install certificate service and do the generate and sign stuff through web interface
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I'll be using a shared Internet connexion starting this September at my school and I was wondering about what someone sniffing traffic with Wireshark may find there. I am not planing to do this myself but I feel I ought to know more about it if I want to sometimes work on my website during class.
Basically, isn't every non-SSL website that asks you for a password and an e-mail totally unsecure to log on on a shared connexion? When you know how many people use the same password for all their web/laptop/mobile accounts, it doesn't take long to get access to someone's all private data if you manage to sniff one password and e-mail.
As for me, I am already looking at how to secure my FTP connexions, but what about my users who log through HTTP? Unless I buy a SSL certificate (which I don't want, the site's too small), they are going to get more exposed to Wireshark sniffers all over the world, right? Isn't this where login tools such as OpenID become handy for small communities, since they do provide a free encryption of passwords?
OpenID and SSL are completely unrelated. OpenID's purpose is to consolidate and give ownership of a user's identity to the user, while SSL is used to keep a user's traffic with your site secret (encrypted). You can use OpenId to keep track of the user (like Stackoverflow does) and still not use SSL for the content pages.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I´m considering using Kooboo as an intranet management system. Are there same featured in Kooboo that are present in SharePoint?
Where I can find examples of Kooboo extensions' development? I haven't found any extension showcase as Umbraco has. Is there something alike?
One year ago, we launched a website powered by Kooboo CMS.
The deployment was easy and everything was OK. The problem is that a lot of modules are not set or not mature enough to be used under the production environment.
For example, there was a big bug in the forum module. As we couldn't wait future releases that would come with the fixes, we considered editing the code.
On the other hand, the admin interface is really awesome: Full AJAX and easy to understand.
But, unhopefully, I would not recommand this CMS as it is still IMO in a development process.
Kooboo is a good open source CMS, but IMO it's not possible to compare it with Sharepoint. Kooboo is not an enterprise level CMS.
You can found examples on the Kooboo forum
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I have a PHP web application. This application works on Windows server, but it doesn't work on a Linux server. I think this is about php.ini or file permissions. What can be other reasons for this situaion? What must be the basic php.ini configurations for this situation?
Never ask "What can be other reasons". We are not weather forecasters here. We are programmers. And we have tools to be certain, what particular problem we are experiencing now.
The only thing you need is to ask PHP to tell you, what's the problem.
The easiest way is to put these lines into your configuration file,
ini_set('display_errors',1);
error_reporting(E_ALL);
and see what your app will say. It can be permissions or php.ini. All will be told.
Quite easy, eh? ;)
If these magic lines won't help, there are several other ways, the manual has a good manual in it: http://php.net/manual/en/configuration.changes.php
When your server goes public, don't forget to change these lines to
ini_set('display_errors',0);
ini_set('log_errors',1);
error_reporting(E_ALL);
and see error messages in the error log, not revealing it to the possible hackers and innocent users.