Encrypting the site

I’ve just moved my site from HTTP over to HTTPS.  It’s not a huge deal for something like this, but it’s something which I’ve really needed to do for a while, and something which is becoming more and more popular.  For most people this won’t mean much, and for this site it doesn’t amke much difference, but given that encrypting web pages is a simple process, there’s no real reason not to be doing it.

Continue reading “Encrypting the site”

Joomla 3.5.1 released

Joomla has announced the release of their open source CMS system, version v3.5.1.  The latest version fixes the following issues which were found in v3.5:

Joomla 3.5 Released

A little over a week ago, the Joomla! Project anounced the release of Joomla 3.5.  The major advantage this has is that the widely used CMS has PHP7 support, allowing webmasters to upgrade their server installations and take advantage of the performance improvements that PHP7 brings.

The new version comes with an e-mail update plugin to allow site admins to know when there are patches and bug fixes; hopefully they will then patch their sites to the benefit of everyone.

A run down of the listed major changes are:

Continue reading “Joomla 3.5 Released”

NEVER trust user input

I’ve had the joys recently of being part of a code audit for a potential client for a change or re-build of a system.  The code in itself was complete textbook…of how not to code a system.  It looked like it had been built long long ago when OO principles didn’t exist, and when no-one knew about security unless they were in that field.  Certainly developers knew nothing about security.

Continue reading “NEVER trust user input”

Drupal 8.0.5 Released

Open source and widely popular CMS Drupal released a maintenance fix to their 8.x branch a little under a week ago.  This release fixes some bugs in the branch, but there’s no security fixes as part of it.  The list of changes is available here.  The change log also lists April 20th as the release date for Drupal 8.1.0 which should have further fixes and new features.

For those people running a CMS site, keeping up to date with the security and bug fix patches is good practice, and therefore you should look to update as soon as possible.

Developers still lack security know-how

Earlier this week I was looking into RESTFUL web services and how to create them, so I set myself a small project.  The idea was to do something very basic, but that could be useful for someone rather than just a proof of concept.  i had no real direction.  With the news recently being about Apple locked in a battle with the FBI about whether or not they should be breaking their security for the FBI to access data on a particular iPhone, I started thinking about how much bad security I have seen in software applications over the years.  From this, I decided to build a web service which would take a hash string, and provide the original string for that hash where possible.

Continue reading “Developers still lack security know-how”

So you think you’re in control of your website?

I’ve recently been approached about a project for me to work on, part-time and on the side.  This itself isn’t unusual, but it’s one of a very small minority which I think is a good idea and has some promise.  I’ll not go into details about it, as I don’t know the full details of what role I would be involved in, and to what extent, but I had a look into it over the weekend and discovered something which probably affects many small businesses initially, and something which could be disastrous for them.  Their SEO sucks.

Continue reading “So you think you’re in control of your website?”

Setting up your web server

I spend quite a lot of time on StackOverflow, both in terms of finding answers for something I need, and also for helping people out with their issues.  One question I see quite a lot is around security permissions for creating files on the server.  Usually these questions are for PHP, and as such I’m going to address this post as if PHP developers are sensible and deploy on a LAMP stack.

More often than not, I see the posts and they have something along the lines of the following:

I’ve set the permissions to 777 but it’s still not working

It makes me want to turn into the Hulk and smash things.

Continue reading “Setting up your web server”