I have developed a php/mysql application which need to be accessed via both intranet and extranet. I want to give access to a certain page(add_company_details.php) to both intranet and extranet. How can I do that?
Basically I want to give the access to extranet only for some parts of the application. I have poor network knowledge. Do I need to give some ssl certificate or user/password authentication? Please help me. Thanks in advance. We use linux server with apache/php/mysql.
You can check the IP address of the client computer and enable or disable pages based on that.
Look at $_SERVER['REMOTE_ADDR']. If it's an address on your Intranet, enable or disable the page as appropriate. Similarly, you can enable or disable pages for Extranet visitors.
You will still need to authenticate your visitors. There's no specific need for an SSL certificate, but it's the only reliable way to guarantee the security of password exchanges.
Related
I have a website running on IIS that requires two SSL certificates, one for the main website domain, and one for the traffic coming through a CDN (the assets are served from a different domain name). Both use SSL.
I therefore used the Server Name Indication option when creating the HTTPS bindings in IIS.
The site works fine, I know that users on IE6/Windows XP may experience an issue, but we don't have any/many users visiting our site using that combination so that's not a problem. However, it is an ecommerce site that receives postbacks/callbacks from both PayPal and WorldPay. Here is where we are experiencing an issue. It would seem that neither PayPal or WorldPay's mechanism for posting back payment information understands SNI, therefore we don't get notified that a payment has been made.
I'm not sure what the options are. IIS is telling me to create a default SSL site, but I can't find any instructions online regarding what I should be creating, or what benefit it serves.
Am I going down the right path with this? Can anyone offer any advice on a) whether a default SSL site will fix this issue and b) how to create the default SSL site?
Thanks for your time in advance.
Kind regards,
Dotdev
You don't have to have all your sites configured to require SNI.
From what you're saying, your callbacks from PayPal and WorldPay are on your main site are they?
If this is the case, you can simply edit the binding on your main site so that it does not require SNI, and make sure it is set to "All unassigned" rather than a specific IP address (otherwise it will get in the way of the SNI site).
Question in the simplest way possible: I have a website which I want to make capable to use https - how to do it?
I heard about Google and its super powers, but the amount of results treating about ssl and https and so on, is too d* high. I'm really afraid to end up with incompatible certificates or empty bank account because of choosing wrong article or something out there.
I politely ask you to help me find the right articles about this topic. "Where do I start, where do I begin" as Chemical Brothers have sung.
I have an account on shared hosting
the very goal is to let users use my website through the https connections
I have one domain
all of images, javascript, css files are on the same domain
I'm aware of fact that maybe the best articles are right before my eyes (even now as I'm writing this question), but please - be understanding. I don't even know what should I know in the first place.
Thank you in advance for any guides.
First of all you need to create an SSL certificate. There are lots of sites out there that do it http://www.selfsignedcertificate.com/ or http://www.godaddy.com.
Once you have a certificate you need to install it on your web server. Depending on Windows or other OS you will do this differently.
Lastly you will configure you website to use https (port 443) rather than http (port 80). This is configured with IIS or Apache directly.
Hopefully this link for windows and this for Apache helps a bit too.
If you are using another hosting application, just Google: install ssl certificate [myhostingApplication]
Update:
For shared hosting this will more than likely depend on your hosting provider. If you don't have access to IIS or similar, you more than likely will have to contact your provider directly. I use shared hosting with GoDaddy and they say:
NOTE: If you want to install an SSL certificate on our shared hosting, Website Builder or Quick Shopping Cart®, you must purchase one of our SSL certificates. We do not install SSL certificates from other providers on our shared hosting accounts.
Your provider may be the same. So do be careful.
When I click on myAccount->SSL Certificates it redirects me to a page where I need to purchase one from GoDaddy. Upon purchasing one, I can then manage it from SSL Certificates on myAccount page.
Your provider may be different, since you haven't mentioned who they are, you may just have to scour their knowledge base.
I am a developer and have a site that has some sensitive information that needs to be online for people in different cities. The data is not of much use for most people (no CC numbers, or marketing plans)
the server has a LAMP stack.
I have used .htaccess on the server and the site has a web based sign in screen as well.
Two questions:
What is the best way to guarantee the data is secure (within reason)?
How can i check there has not been a security breach?
thanks
You can install SSL cert. and redirect all the HTTP calls to HTTPS (using .htaccess or httpd.conf).
There are many possible security breaches such as: code injection, sql injection etc. You can use services like this and this in order to check your site's security.
First of all sorry for my English, its not my native language. I will try to describe my problem as much as I can.
I searched for a long time on the Internet for a solution where I can create a wcf service that can respond to requests of my clients with username and password required but without creating a certificate, using https or anything else that require a special configuration on the machine where my windows service will be installed.
Here is my point: I want to deploy an application to a lot of my customers. This application will have mobile devices and a server which will give some information to mobile device with the help of wcf. Each customer will have a server and many devices. I don't want that anyone on the web can have access to these information and for this reason, I must implement an authentication procedure with username and password for each request but I don't want to be forced to install a certificate, activate some https port on each machine when I sell a new copy of my application.
I've read that with wcf 4.0, there is a built-in system that can encrypt data and for this reason, I don't want the overhead of implementing anything else if possible.
My question is: Is that possible to have a secure solution considering my requirements and if yes, how can I do that?
If I really must create a certificate and use IIS, https or any other secure solution, it is possible to automate these things in a package that will be installed in a single click wizard into each server machine of my customers?
Thank you in advance for your time.
By default WCF doesnt allow transport of username credentials over http and hence have to use certificates to secure your transport layer. But if you are sure that you are fine with sending username credentials over the http channel then you can have a look at ClearUsernameBinding which gives you the flexibility of sending username credentials over http channel (consider the fact that someone can intercept your transport channel to get access to the credentials)
Also if you want to use certificates that have to be installed you can achieve that writing some code in c# and include that as part of your installation from your package. You can also configure everything from an msi like creating a virtual directory, deploying the application,etc..
what you are probably looking for is one of the wcf bindings that has message level security. You can put the user name and password into this message and not worry about them going across an http wire unencrypted(ie custom authentication). The defaults for WCF send user name and password as part of the http request in the header this is why it wants https.
I am learning sharepoint server 2010 and now confuse how i can deploy sharepoint site to internet so i can access my site from internet like eg. www.google.com
In a nutshell, and at a basic level, you need to first ensure that you enable Anonymous Access for your web application. You'll then need to set up DNS for the domain you own to point to your web front end server (or virtual IP if it's load balanced). Then set up the appropraite IIS bindings for the web application, and finally you'll need to extend your web application to an Internet Zone and give it the appropriate domain name.
Not to give a sales pitch, because I just signed up with them but apps4rent has a pretty good deal and all I needed to do was follow their wizard and then go over to my GoDaddy domain account and make one tiny CNAME entry and I was good to go.
However, like JamesLove said, you will want to enable Anonymous Access as well.