Category: Security
-
CAPTCHA with Seam in Three Minutes
Adding a CAPTCHA to a form using Seam is easy now that Seam is bundling jCaptcha. The Seam documentaiton is good, and can be found in section 13.9 here: http://docs.jboss.com/seam/2.0.0.CR2/reference/en/html/security.html#d0e7755 If you used seam-gen to create your project, you will need to make a few changes. First, you need to modify your project’s ant build…
-
How to block an IP in Linux
I run Debian on my server, and I often find that my server is being attacked by other computers. Brute force SSH attacks, viruses scanning for the ability to spread, things like that. I’ll go into the SSH brute force defenses in a later post, but for now I’ll cover how to easily block an…
-
ATG Security
World-facing websites always have to be written carefully in order to prevent malicious attacks. There are tons of additional vulnerabilities and attack vectors which need to be addressed as well, but in this post I’m going to talk about the two most common: Cross Site Scripting (XSS) and SQL Injection. If you already know what…
-
Lions and Tigers and Third-Party Javascript
There are many reasons that you may wish to put a third-party javascript reference on your website. Serving ads, making use of tracking and analytics tools such as Google Analytics, and many other features may want to use a remotely referenced third-party javascript. The big issue here is trust. By putting a remotely referenced javascript…
-
What’s up with SMTPS?
Let’s start with SMTP. Simple Mail Transport Protocol. This is how e-mail gets sent. This is how e-mail makes it from you, to your recipient. When you check your e-mail, you use POP or IMAP to get the e-mail from the server. But when you’re sending e-mail, you use SMTP. SMTP is how your mail…
-
PGP E-mail Encryption conceptual issue
I have a number of thoughts in mind, which will likely turn into posts, and they are all leading up to a bigger unified thought. This is one of them. PGP / GPG email encryption is a good thing. It’s a pretty secure system, and the public registries of public keys makes it easy to…