Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
4
votes
1 answer

Remembering Passwords

I stumbled across this question earlier and it got me thinking. Everyone's encountered systems that require you change your password every x days and not reuse any of your last y passwords. This kind of thing has always left me vaguely unsettled…
thepocketwade
  • 1,545
  • 5
  • 17
  • 27
4
votes
1 answer

Why enabling _only_ TLSv1.3 is a bad idea?

I have NGINX configured to only support TLS version 1.3 However when I go to https://check-your-website.server-daten.de/ It shows the error Error creating a TLS-Connection: TLSv1.3 found, but no connection via TLSv1.2 possible. Please activate…
DavidH_Tech
  • 55
  • 7
4
votes
4 answers

Best Practices For Managing application interaction with the database server

This is my first question on ServerFault and I am more familiar with software development than administration so I'm not sure if this is a valid question or not. I am creating a web application as a learning excercise and I am uncertain as to…
Crippledsmurf
  • 241
  • 2
  • 11
4
votes
1 answer

Limiting in-band OS access to Supermicro BMC (AST2500) possible?

TL;DR: Is there any option to disable OS (in-band) access to Aspeed AST 2500 BMC on a SuperMicro board or at least limit it somehow (e.g. via specific password or via setting the permission level to read-only access)? Long version: Last year we…
Apollo13
  • 73
  • 3
4
votes
1 answer

Will critical security updates get applied even with "auto minor version upgrade" disabled?

RDS offers an "auto minor version upgrade" setting, described in the docs, which causes AWS to automatically upgrade your database engine from time to time: If you want Amazon RDS to upgrade the DB engine version of a database automatically, you…
Mark Amery
  • 727
  • 1
  • 8
  • 25
4
votes
2 answers

Secure IIS/MS-SQL

I have Windows Server 2008, with IIS 7.5 and SQL Server 2008. I want to install DotNetNuke which is an ASP.NET application. What are the necessary precautions to not to get pwn3d.
Rook
  • 2,655
  • 6
  • 27
  • 35
4
votes
2 answers

Why is the root home directory, /root not in /home? (looking for reasons other than /home is mounted on a different drive)

i know that one reason for /root not being in /home is that usually /home is mounted on a different disk and if it were to fail, we still want root to be accessible. What are some of the other reasons for this structure?
dor
  • 77
  • 1
  • 6
4
votes
1 answer

What is the difference between 'Red Hat Enterprise Linux STIG - Ver 3, Rel 3' and 'Red Hat Enterprise Linux 7 STIG Benchmark -Ver3,Rel3'

I've been assigned to STIG our current rhel7 servers and when I go to 'public.cyber.mil/stigs/downloads' to download the zip file to import into stigviewer, I see two files. Red Hat Enterprise Linux 7 STIG - Ver 3,Rel 3 Red Hat Enterprise Linux 7…
guzr1
  • 41
  • 3
4
votes
3 answers

How to encrypt traffic between two Amazon EC2 instances?

We are building a web app using Amazon EC2 instances running Linux. All the traffic to the client browser is encrypted with SSL. What should be used to encrypt the traffic between the instances. The traffic will include connections to a MySQL…
Peter Hoven
  • 319
  • 3
  • 7
4
votes
2 answers

code injected inside PHP file with 777 permission

I woke up to find that all the folders in my shared-web-host with 777 permission had two new php file. The code inside the file could not be read - here is the decoded version: http://pastie.org/779226 (what the...?) That code was injected even…
coder_
  • 203
  • 3
  • 6
4
votes
2 answers

Can I use Active Directory for user-level security in an Access application? Pretty Please?

My company makes fairly extensive use of an Access + MySQL application that would probably see some significant traffic on the Daily WTF if I posted the source code. The management of users and their permissions is getting out of hand, and I seem…
atroon
  • 508
  • 3
  • 10
  • 23
4
votes
1 answer

Can UAC levels lower than max be turned off programatically?

I was recently told that if your UAC level is anything less than the maximum (always notify) then malicious programs can programatically lower your UAC settings, thereby rendering UAC useless. Now, I remember this being an issue in the Windows 7…
henriksen
  • 273
  • 2
  • 7
4
votes
2 answers

Email smtp credentials keep getting compromised every now and then (laravel 7)

Just as the title says, we have a website that uses third party smtp credentials to send emails, but, we keep getting our smtp credentials hacked and used to send spams emails, which results in our smtp account suspension, we first used ses, and…
logax
  • 129
  • 3
  • 14
4
votes
1 answer

Improving apache2 security

I have been analyzing my server logs for a week and I found bad intentioned requests, and I want to know if is possible to protect it, because I have no clue about what I should to, the only idea I got is creating an .htaccess rule to block certain…
Kaique Vortex
  • 45
  • 4
4
votes
2 answers

Configure external IP redirect inside the Nginx Ingress controller

Question I would like to know how to configure the Nginx Ingress controller to redirect to a URL when calling the external IP address. Ingress controller yaml apiVersion: v1 kind: Service metadata: labels: helm.sh/chart: ingress-nginx-3.4.1 …
ZPascal
  • 143
  • 1
  • 1
  • 7
1 2 3
99 100