Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

Information security (Wikipedia article).

6881 questions

votes

11 answers

Why is SSH password authentication a security risk?

Most guides for OpenSSH configuration advise to disable password authentication in favor of key-based authentication. But in my opinion password authentication has a significant advantage: an ability to connect from absolutely anywhere without a…

asked Nov 24 '11 at 12:12

Septagram

votes

6 answers

How to remove strict RSA key checking in SSH and what's the problem here?

I have a Linux server that whenever I connect it shows me the message that changed the SSH host key: $ ssh root@host1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ …

security ssh rsa man-in-the-middle hostkey

asked May 08 '09 at 11:34

setatakahashi

1,457
2
13
15

votes

15 answers

Are IP addresses "trivial to forge"?

I was reading through some of the notes on Google's new public DNS service: Performance Benefits Security Benefits I noticed under the security section this paragraph: Until a standard system-wide solution to DNS vulnerabilities is universally…

security domain-name-system ip-address spoofing

asked Dec 03 '09 at 17:53

Jeff Atwood

13,104
20
75
92

votes

4 answers

How can I allow one user to su to another without allowing root access?

I'd like to allow certain users to su to another user account without having to know that account's password, but not allow access to any other user account (i.e. root). For instance, I'd like to allow Tom the DBA to su to the oracle user, but not…

linux security sudo

asked Jun 02 '09 at 15:13

gharper

5,425
4
29
35

votes

8 answers

A previous IT worker probably left some backdoors. How can I eliminate them?

I started working for a company that fired a previous IT worker for leaking data. I can only say the following things: We use a Firebird DB with an application written by another company, Proxmox, for virtualization of Windows Server 2008 R2, SQL…

networking security malware audit exploit

asked Jan 25 '17 at 09:00

user2265690

votes

11 answers

How do I check if Log4j is installed on my server?

I have read about security vulnerabilities related to Log4j. How do I check if Log4j is installed on my server? My specific servers use Ubuntu 18.04.6 LTS. I have installed many third-party packages and maybe some of them contain it. Is there a…

ubuntu security log4j

asked Dec 12 '21 at 04:52

Uri

votes

2 answers

Why does AWS recommend against public S3 buckets?

"We highly recommend that you never grant any kind of public access to your S3 bucket." I have set a very granular public policy (s3:GetObject) for one bucket that I use to host a website. Route53 explicitly supports aliasing a bucket for this…

security amazon-web-services amazon-s3 amazon-route53

asked Dec 16 '17 at 22:44

Andrew Johnson

votes

3 answers

Is the PHP option 'cgi.fix_pathinfo' really dangerous with Nginx + PHP-FPM?

There has been a lot of talking about a security issue relative to the cgi.fix_pathinfo PHP option used with Nginx (usually PHP-FPM, fast CGI). As a result, the default nginx configuration file used to say: # NOTE: You should have…

nginx security php-fpm fastcgi

asked Sep 11 '14 at 17:35

Totor

2,916
3
23
31

votes

3 answers

How to use docker secrets without a swarm cluster?

Currently we im a running application on a single docker container, the application needs all sorts of sensitive data to be passed as environments variables, Im putting those on the run command so they don't end up in the image and then on a…

security docker docker-swarm

asked Aug 29 '17 at 16:24

Juan Sebastian

1,233
3
10
13

votes

7 answers

Redis (error) NOAUTH Authentication required

I get the error: (error) NOAUTH Authentication required. When in redis-cli and trying to display the KEYS *. I've only set a requirepass not an auth afaiac. I'm in the redis.conf but do not know what to do.

security authentication redis

asked Sep 16 '15 at 18:28

Karl Morrison

1,621
4
29
43

votes

8 answers

What steps do you take to secure a Debian server?

I am installing a Debian server which is connected directly to the Internet. Obviously I want to make it as secure as possible. I would like you guys/gals to add your ideas to secure it and what programs you use for it. I want part of this question…

linux security debian firewall

asked May 23 '09 at 20:49

Thomaschaaf

3,092
5
30
24

votes

4 answers

How to decide where to purchase a wildcard SSL certificate?

Recently I needed to purchase a wildcard SSL certificate (because I need to secure a number of subdomains), and when I first searched for where to buy one I was overwhelmed with the number of choices, marketing claims, and price range. I created a…

ssl certificate-authority security ssl-certificate

asked May 28 '14 at 20:32

user664833

1,277
1
11
13

votes

6 answers

Heartbleed: are services other than HTTPS affected?

The OpenSSL 'heartbleed' vulnerability (CVE-2014-0160) affects webservers serving HTTPS. Other services also use OpenSSL. Are these services also vulnerable to heartbleed-like data leakage? I'm thinking in particular of sshd secure SMTP, IMAP etc…

security openssl heartbleed

asked Apr 08 '14 at 11:21

Flup

7,978
2
32
43

votes

9 answers

Cannot SSH: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

We have a server on Amazon EC2 running SSH is on a standard (22) port. I placed my public key at the /.ssh/authorized_keys file. The fun thing is that yesterday it was working great! But today, I don't know what happened! I just can't log…

linux security ssh amazon-ec2

asked Dec 08 '10 at 12:35

bakytn

1,217
5
16
28

votes

5 answers

How do I grant start/stop/restart permissions on a service to an arbitrary user or group on a non-domain-member server?

We have a suite of Windows Services running on our servers which perform a bunch of automated tasks independently of one another, with the exception of one service which looks after the other services. In the event that one of the services should…

windows permissions group-policy security windows-service

asked Oct 04 '10 at 13:16

abitgone

1,323
1
11
14

Prev 1 2

…

99 100 Next