I just want an expert opinion if what I am doing should be considered to be secure (or if there is a more secure way to do what I am doing). I made our hotel's online reservation system and it stores the guests' credit card information.
The card is encrypted using AES (MCRYPT_RIJNDAEL_128) and the key that is used to encrypt/decrypt must be entered from the client side in order to log in. It is not stored on the server. So that my employees do not have to enter it every time they want to log in, it is stored in a cookie on their computer or entered manually if the cookie is deleted. When logged in, I have the key stored in a _SESSION variable in a subdirectory of that account's home directory and have the following attributes (for example):
For starters im using mysql Server version: 5.0.32-Debian_7etch1-log Debian etch distribution.
What i did :
a) i run out of space on var partition, so i figured that i will copy my /lib/mysql to other partition (/mnt/hdb) and change only in my.cnf path to it.
b) I did so, and after launching mysql again i got several of this :
Could not retrieve from database: Incorrect information in file: './database/******.frm'
c) when i copy it back to my old location (and change back my : my.cnf) , same result errors
I have a client who specializes in providing training for high-end CAD/CAM applications. They have training modules (currently in .ppt format mostly) that they want to store securely on the server and give out access only to approved customers. Additionally, they want to ensure that these training modules never fall into the hands of their competitors- that is, no downloads.
Does anyone have experience with this kind of thing? Based on their requirements, a few possible solutions come to mind:
1.) Put the training modules in a subdomain that is password protected. Additionally, encrypt the traffic with SSL etc. However, this doesn't solve the problem of users being able to download the files and do what they want with them. Also, it isn't possible to view .ppt files online in a browser, as far as I know.
2.) Use a solution similar to what Lynda.com has. They have an entire online library of training videos that are available 24x7, but customers can only view it, not download it. I think they use some solutions from Adobe to make this possible.
I have a busy dating website with 30 000 registered users and ~200-600 users online all the time. I would like to offer free email with ~10 MB mailbox to all users.
I have an idea to use scripts provided by b1gmail.de. Its similar to Hivemail or Socketmail. It uses only one POP3 catch-all mailbox and stores all emails in MySQL database, including attachments.
My worries are about MySQL. If I have 30 000 users and each user has some 5000 messages in his/her mailbox: 30 000 x 5 000 = 150 000000
That's 150 million rows in one table!
I know, not all users will have 50000 messages in their mailboxes, but the number of users increases about +2000/month.
I can't imaggine how long time will need MySQL to find messages for each user in the table with 150 000000 rows.
I don't know - maybe it's not a problem at all. I just never had such large tables and I don't know if it's possible at all.
Another problem: I have Fedora Core 2 installed and even don't know yet if it supports files larger than 2 GB.
Maybe it's better to set-up normal POP3 mailboxes for all users instead of using one catch-all box and storing data in MySQL?
do not post warnings about spammers. In the beginning I'll provide email addresses only to "gold" members. I opened this thread because I don't want to set-up a system which will hang after a couple of months because MySQL will not be able to handle it or I will have other unknown problems.
I am working towards launching a site that, among other things, will be a repository for sensitive data on war crimes. As these crimes are ongoing, and occur in a location where assassinations are endemic, I need to develop a comprehensive security strategy that takes into account all levels of the interface between end user / witness and the site / database itself.
I have considered, but am open to insight and advice on, the following:
1. Data security laws in given countries, in order to ensure the privacy and integrity, as much as possible and away from political / state interference, of data communications. Concerns include the interception of data in transfer and the security of stored data (the United States and the UK are almost certainly cancelled out in this regard. Canada appears significantly better, though Greece, it appears, has the greatest level of legislative protection).
2. Encryption as a technique to ensure the security of transfered and stored data. I am particularly interested in best practice advice on encryption.
3. Javascript as a means to establish a more secure interface between the end user (i.e., the browser interface) and the secured database into which sensitive data will be inputed. Has anyone used this, or other techniques of overcoming the inherent insecurity of the browser interface?
4. Various best practices concerning php, MySQL and Apache security. Any and all advice, or guidelines, welcome.
5. Considerations relative to dedicated hosting, and also colocation hosting as an option.
In general, my problem is to ensure that the identities of witnesses, so much as is technically conceivable, can be protected from extra-judicial interference or surveillance. Nothing about this site will be illegal in any way. The problem is that the witness testimony will be about the actions of a powerful state that has demonstrated its disrespect for law.
Ideally I'd find in these forums a few individuals with whom I could discuss these technical matters off-forum. At the same time, general responses would be values.
The site that I'm building is non-profit (indeed zero budget) and does not represent any political party. It's a people's initiative, against aggressive violence and in support of international law.
I am moving one of my site from windows to centOS hosting. The problem is that the new server is case sensitive for folders and file names. I had all my folders in capital letters previously and also all my links inside pages(www.domain.com/FOLDER/Page-Name.php).
I have nearly 1000 pages and most of them are indexed in google in this format [url]
Now i have renamed all my folders, files and links inside the files to absolute lowercase.
Is there a way in shell, to find out information on the CPU(s) in the server? I'm using Centos, on a cPanel server. However, I'm looking for more info than what WHM's "Server Information" provides.
Trying to find out what generation Xeon is in the server, so I can read about it's specs.
How do you get like for example ROOT of cPanel in a VPS? How would you be able to use it besides like giving permission to use WHM and stuff on accounts. As doesn't remote reboot and such have to happen on the whole server?
I am moving my servers this week and my new host doesn't do domain hosting. This is my first time doing it, I need help in pointing my domain to the new server. I just need the basic settings for A, CNAME and MX records.
I understand that servers can do automatic backups of information, yet I also see forum modifications that enable simple ways of doing a backup. Are there different types of backups? Why is it necessary to manually backup a forum database when its done automatically by the server? In terms of assuring the data, what is required and whats a typical procedure, what does it entail, is it manual and if so usually how often, or is it usually automatic?
Processor #2 Vendor: GenuineIntel Processor #2 Name: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz Processor #2 speed: 2660.000 MHz Processor #2 cache size: 4096 KB Why is the Processor #1 speed labeled as 1.6 ghz? Processor #2 speed never goes down no matter how high the load is. Could it be the reason that my server can't handle 4 websites with a cumulative total of 20k unique hits per day?
We are planning for a clustering archirecture for our mail servers,The basic idea is put all of mailservers behind a load balancer which will monitor and distribute the n/w load as server load and forward the requests accordingly can u suggest any good hardware loadbalancer which could give us 'server load balancing' as well as n/w load balacing.
I would also like to know if it is a good idea to go for a software load balancer(like linux heartbeat) or to h/w load balancer.
When I login to plesk as admin and then Tools and settings and then backup manager and choose backup and then Server configuration and content and run backup, after 2-4 minutes i see backup process failed and then i see "Backup log information is not available" what should i do?
I am trying to get a hold of the abuse department of Layered Technologies. They host a splog which is continually ripping my content - takes the content down after a complaint - just to publish it again after a few hours.
I only have sales@layeredtech.com - and even so they promise to forward the request - the latest rip is from yesterday evening and still on the other site.