It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
What does SSL do and what are the bad things that can happen if I omit SSL for my website?
SSL prevents man-in-the-middle attackers from seeing or modifying data as it's sent through the internet.
Any page which contains or asks for sensitive information, or any page which involves code that executes with elevated privileges (eg, browser addins or software downloads) should use SSL for all requests.
In theory, a signed SSL certificate also indicates that the signatory has verified the identity of the site, but that doesn't mean much.
Basically everything in HTML is sent in plain text formats, meaning if intercepted it could be ready very easily.
SSL makes all the plain text into encrypted mumojumbo that is extremely difficult to decrypt and read.
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I need to set up tortoise svn on a share that is hosted on our server. I read this is not wise, but I dont mind, because only me and my manager uses that. Anyone done that before? Would appreciate any help.
TortoiseSVN is not a server and includes no server components.
Anytime you are using a repository on a network and/or sharing with another user, you need to be running a server (svnserve or Apache). Ignoring best practices & other advice with "I know it's wrong, but I don't mind, it's only two of us" is faulty and you will eventually have a problem.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
That is when someone opens this web page, the .exe automatically gets downloaded in his system without any user's interaction.
Usually that is considered opening a hole for viruses. Most browsers will warn the users that they are about to download an executable and there isn't a way to work around it.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
How can I turn my website into a secure website. I want it to run on secure webpage such as Facebook most apps run on secure page.
I want to know if I have to buy new domain or I can do with my same domain or if there is some setting to do so?
I have never worked with secure web.
Or if there is some good secure provider etc etc kindly tell me.
Get an SSL certificate. http://www.digicert.com/
If your using IIS, install the certificate to point to the directory where your web pages will be saved. And if you update all your links to https:\ that will make the user direction faster. No need for a different domain name.
When the viewer comes to your site, the browser will redirect to the ssl.
I can't help with apache or any of the other linux variants.
You could have a look at an Apache tutorial for SSL certificates. Setting up Apache locally, you can get to know certificates (generate your own, freely) and try deploying one.
It is possible to deploy a so-called self-signed SSL certificate online, but the user will be alerted that it is untrusted. What you pay for is the trust of a Certificate Authority, which in turn has paid the web browser to trust them. A "chain of trust".
Actually, some ISPs lack support for SSL(!) so that's good to establish beforehand.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I have a PHP web application. This application works on Windows server, but it doesn't work on a Linux server. I think this is about php.ini or file permissions. What can be other reasons for this situaion? What must be the basic php.ini configurations for this situation?
Never ask "What can be other reasons". We are not weather forecasters here. We are programmers. And we have tools to be certain, what particular problem we are experiencing now.
The only thing you need is to ask PHP to tell you, what's the problem.
The easiest way is to put these lines into your configuration file,
ini_set('display_errors',1);
error_reporting(E_ALL);
and see what your app will say. It can be permissions or php.ini. All will be told.
Quite easy, eh? ;)
If these magic lines won't help, there are several other ways, the manual has a good manual in it: http://php.net/manual/en/configuration.changes.php
When your server goes public, don't forget to change these lines to
ini_set('display_errors',0);
ini_set('log_errors',1);
error_reporting(E_ALL);
and see error messages in the error log, not revealing it to the possible hackers and innocent users.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
How does interprocess communication generate security holes? Examples appreciated.
Feels like homework, but I'll bite anyways.
Any time you have one process talking to another - whether it's via pipes, sockets, shared memory, etc. those processes either need to be coded very defensively or they need to be able to "trust" each other to ensure that the inter-process communications follow the protocol that they both expect.
You always have to consider the possibility that a rouge process could be created that attempts to use whatever IPC mechanism you have in place to crash, corrupt, or gain unauthorized access to whatever data you might be sharing via IPC.