Tag: Security
-
Getting the Real IP Address from a Proxied Request in ATG
Many things can obscure the real IP address of the end user when they visit your site: a load balancer in front of your ATG cluster, Akamai, the user’s ISP or office network, and more. This makes correlating logging events, or using the ATG session IP validation security option, and more, very difficult. In light…
-
login-required=”true” Will End Your Conversation
In Seam, in the pages.xml or mypage.page.xml files, you note that a given page requires the user to be logged in to view the page. It is a very easy way of handling simple security. What happens is if a user attempts to access a page with the login-required=”true” attribute and they are not logged…
-
Don’t like people leeching your wireless?
Don’t just block them, get a little more creative…. http://www.ex-parrot.com/~pete/upside-down-ternet.html Enjoy:)
-
CAPTCHA with Seam in Three Minutes
Adding a CAPTCHA to a form using Seam is easy now that Seam is bundling jCaptcha. The Seam documentaiton is good, and can be found in section 13.9 here: http://docs.jboss.com/seam/2.0.0.CR2/reference/en/html/security.html#d0e7755 If you used seam-gen to create your project, you will need to make a few changes. First, you need to modify your project’s ant build…
-
How to block an IP in Linux
I run Debian on my server, and I often find that my server is being attacked by other computers. Brute force SSH attacks, viruses scanning for the ability to spread, things like that. I’ll go into the SSH brute force defenses in a later post, but for now I’ll cover how to easily block an…
-
ATG Security
World-facing websites always have to be written carefully in order to prevent malicious attacks. There are tons of additional vulnerabilities and attack vectors which need to be addressed as well, but in this post I’m going to talk about the two most common: Cross Site Scripting (XSS) and SQL Injection. If you already know what…