Home » Archive for December 2007

How to keep your website secure

December 26, 2007

1. Say NO to shared hosting if doing E-commerce
With shared web hosting, permissions are set up to restrict users from your directories and files. However, this is a relatively low level of security compared to that of managed dedicated servers where you and only you have access to your machine and can severely restrict access to your server from the outside world. Also with dedicated hosting, you are not affected by other sites on the same server. In shared hosting environments, other site processes, scripts or activities can cause problems on the server that could affect anyone else on the same machine.

2. Choose wisely
- Many web applications are notorious for having vulnerabilities. Does it have a good security record? What’s the number of vulnerabilities it’s had in the last year and how fast were patches available? Securityfocus and Secunia are great resources to find out this information.
- What kind of permission system does my web application have? Can I set up access control lists or do I only have a single login? What happens if I need to give access to other staff members? Can I limit their access? These are some good questions you should be asking yourself - not all web applications are created equal in this area.

3. Keep your web applications up to date
- Unfortunately web applications are rarely “set and forget”. A web application can have a vulnerability from the time it was installed to the time that your web site is actually launched! Make sure that in your working agreement with your web development company that it includes a section for web site security upgrades and maintenance.
- If your domain doesn’t have a security related email address then start one (). Use this email address to subscribe to security related mailing lists concerning any web applications you run on your site.

4. Don’t be a target
- Don’t store credit card information. Most third party payment processors can handle most or all of the credit card transaction. This will put your customer’s mind at ease and there is no financial gain for a hacker to target you.
- Insist that version information is removed from your web pages. Content management systems are notorious for listing version information in the header or footer. Unfortunately this information gets parsed and stored by search engines. Malicious users can then write automated scripts to search that information to find your site.

5. Protect your logins
- Use a password manager. This will allow you to use very strong (non guessable) passwords. Keepass Password Safe is a great open source password manager for windows, OSX, and Linux
- Make sure that your administrative login pages are protected with a SSL certificate. Expensive SSL certificates are a thing of the past. 256 bit certificates can be purchased for as little as twenty dollars a year.
- If you’re office or home has a dedicated IP address then your server admin can limit login access to that specific IP address or corporate subnet.
- Don’t login to your web site from an un-trusted computer. You have no idea what kind of malicious programs are installed on that computer (key loggers, etc). Also make sure that your own computer is up-to-date and has a virus scanner installed.

Written by admin · Filed Under Server Admin & Security  

How to install Exaile! on Ubuntu Edgy

December 26, 2007

Exaile is a media player aiming to be similar to KDE’s AmaroK, but for GTK+. It incorporates many of the cool things from AmaroK (and other media players) like automatic fetching of album art, handling of large libraries, lyrics fetching, artist/album information via the wikipedia, last.fm support, optional iPod support (assuming you have python-gpod installed).

Enable The Universe and Non-Free Multiverse Repositories
Ensure the relevant repositories are enabled. Click System -> Administration -> Synaptic Package Manager -> Settings -> Repositories and then click Add. Check the Community maintained (Universe)’ and Non-free (Multiverse) boxes. When you close the window, click Reload.

Grab the Ubuntu Edgy binary package

  1. wget http://www.exaile.org/files/exaile_0.2.8_i386.deb

Install Required Packages

  1. sudo apt-get install python2.4 python-gtk2 gstreamer0.10-plugins-base gstreamer0.10-plugins-good python-gst0.10 gstreamer0.10-alsa gstreamer0.10-esd python2.4-dbus python-pysqlite2 python-pyvorbis python-mutagen python-pysqlite2 python-elementtree

Install Optional Packages (enable mp3 support, ipod support, directory watching, clear button to filters , lyrics, better tray icon, etc.)

  1. sudo apt-get install python-gpod gstreamer0.10-plugins-ugly python2.4-gamin sexy-python python-gnome2-extras

Install Exaile!

  1. dpkg -i exaile_0.2.8_i386.deb

Run Exaile!

  1. exaile

Written by admin · Filed Under Danami, Ubuntu  

Total Validator Firefox Plugin

December 26, 2007

I would highly recommend this Firefox plugin to any web developer.

I have never seen such a comprehensive list of features in a validation plug-in before!

  • HTML validator
  • An accessibility validator
  • A spelling validator
  • A broken links validator
  • The ability to take screenshots with different browsers to see what your web pages really look like (27 different browsers supported!).

It also has the ability to upload local pages to the total validator service (great if the web site isn’t actually live yet).

Note: They also offer standalone versions for windows and OSX and a “pro” version that can spider through and validate an entire site. The Firefox extension works well on Linux!

Written by admin · Filed Under Web Design