PUBLIC MARKS with tags secure & ssl

Have you ever wanted to view an RSS or ATOM feed in a web based feed reader such as Google Reader or Bloglines, but could not because the feed required user authentication or used an invalid SSL certificate?

Commençons tout d’abord par expliquer les quelques termes alambiqués du titre de ce billet pour les néophytes : * SFTP signifie « Secure File Transfer Program », c’est un programme permettant de transférer des fichiers en utilisant une liaison chiffrée par SSH (Secure SHell) ; attention à ne pas confondre SFTP avec FTPS qui signifie pour sa part « File Transfer Protocol over SSL » ! * chroot est un programme permettant de changer le répertoire racine d’un processus afin que ce dernier n’ai accès qu’à une partie limitée de l’arborescence. * scponlyc est un shell limité destiné uniquement aux transferts de fichiers dans un chroot. Le but du jeu est donc de permettre à un utilisateur de transférer des fichiers sur un serveur de manière sécurisée sans qu’il n’obtienne pour autant un shell et sans qu’il lui soit permit de voir l’arborescence du serveur.

his article describes how to implement SSL-enabled name-based vhosts - that is secure virtual hosts which share the same IP address and port - with the SNI-capable mod_gnutls module for Apache’s httpd web server.

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

Today it is possible to create a secure website with relative ease by requiring a client to present a digitally signed certificate. A digitally signed certificate is simply a piece of information that contains data about the subject, public key, dates of validity, identification of the Certificate Authority (CA), and the digital signature. There are typically two ways to go about creating a secure website. First is by the use of a self-signed certificate. The second way is by using a Trusted Certificate signed by a CA. The choice is up to you, and this tutorial will show you how to do both. Go ahead and su into root and let's begin!

All versions of MySQL currently shipped with Debian Sarge lack support OpenSSL due to licensing issues. In order to enable support for SSL connections it is necessary recompile MySQL from source.