Web Security

Complexity is not the answer, it too often the problem.

How to set up ubuntu secure ssh login (AWS & Digital Ocean)

Ubuntu Initial Setup: setup ubuntu secure ssh login on digitalocean or Amazon Web Services EC2 instance Download PDF:  Download Secure Login Cheat Sheet PDF This post is a “cut to the chase”, “gitter dun” list of things to do for initial setup of an ubuntu server. To gain a deeper understanding of the process of securing… Read more How to set up ubuntu secure ssh login (AWS & Digital Ocean)

How to use multiple ssh keys for different accounts

I wanted to have multiple rsa keys for various different hosts to help prevent hidden connection issues. Issues may arises when an rsa key is changed on one host that may have been used on another host effectively severing the connection without your knowledge. By having different rsa keys when dealing with a host that… Read more How to use multiple ssh keys for different accounts

How To Create a Password Hash with Python passlib

Create a password hash with python passlib A quick and easy way to create a password hash is with python passlib. Install passlib with pip like this: sudo pip install passlib Then, run the command below. Of course, you will replace the text “myplaintextpassword” with YOUR OWN plain text password, right? python -c “from passlib.hash… Read more How To Create a Password Hash with Python passlib

Using SGID to Control Group Ownership of Directories

1. My login id is paul and my primary group is webdev. I’m also a member of several other groups including staff. By default, any file (including a directory) I create will be marked with the group webdev (my primary group) . $mkdir mydir $ls -ld mydir drwxr-xr-x 2 paul webdev 512 May 06 11:14… Read more Using SGID to Control Group Ownership of Directories

Drupal Security Best Practices When Outputting Text Into HTML

When creating a module in Drupal it is very important to be aware of some security best practices when outputting text into HTML. This helps prevent XSS (Cross Site Scripting) exploits and keeps your code in general good health as it prevents problems with user input like angle brackets or ampersands. Be sure to read… Read more Drupal Security Best Practices When Outputting Text Into HTML

How to Protect Against SQL Injection

One of the most common web security problems is SQL Injection. As the name implies, SQL injections works by introducing malicious SQL code where it doesn’t belong. Since it is SQL code you could probably guess that the attacker “injects” his poison via database queries. Web developers often pass some sort of variable to their… Read more How to Protect Against SQL Injection