Posts tagged secure

Middleware> Secure Liferay Session Cookie (JSESSIONID) in WebLogic

Aug19
2013 Written by Scott Rowley

Extract the WEB-INF/weblogic.xml file from your liferay.war:

jar -xvf WEB-INF/weblogic.xml

Edit WEB-INF/weblogic.xml

vi WEB-INF/weblogic.xml

Add the following to the <session-descriptor> tag:

<cookie-secure>true</cookie-secure>

Update your liferay.war file

jar -uf liferay.war WEB-INF/weblogic.xml

Now redeploy your liferay.war (update or delete/install) and your cookie should be changed to Secure: Yes.

Secure Liferay session cookie

Posted in liferay, middleware, Security - Tagged cookie, cookie-secure, liferay, liferay.war, middleware, session, session-descriptor, weblogic, weblogic.xml

Web Dev> Validate Password creation with PHP

Dec06
2011 Written by Scott Rowley

The following can be used to test for different criteria in passwords.

<?php
$min = 6;
$max = 20;
$password = $_POST['password'];
$confirmpw = $_POST['confirmpw'];
if($password != $confirmpw){
$error .= "Password and Confirm password do not match! <br />";
}
if( strlen($password) < $min ) {
$error .= "Password too short! <br />";
}
if( strlen($password) > $max ) {
$error .= "Password too long! <br />";
}
if( !preg_match("#[0-9]+#", $password) ) {
$error .= "Password must include at least one number! <br />";
}
if( !preg_match("#[a-z]+#", $password) ) {
$error .= "Password must include at least one letter! <br />";
}
if( !preg_match("#[A-Z]+#", $password) ) {
$error .= "Password must include at least one CAPITAL! <br />";
}
if( !preg_match("#\W+#", $password) ) {
$error .= "Password must include at least one symbol! <br />";
}
if($error){
echo "Password Failure: $error";
} else {
// Code to execute on success.
}
?>
Posted in PHP, Security, Web Development - Tagged check, confirm, password, php, security, validate, validation, verify

Web Dev> Password protect webpage(s) with PHP & LDAP

May27
2011 Written by Scott Rowley

The title says it all, this will allow you to restrict the access to a page or pages running php with access to LDAP. I’ve used this a few times for some internal things we don’t want everyone getting access to or similar scenarios. As always if it works for you, please leave a comment and if it doesn’t please leave a question and I’ll see what I can do to help you out.

Enable LDAP

First thing you’ll need to do is to install ldap for php & enable the needed mods, ldap.load & authnz_ldap.load

On Ubuntu:

apt-get update

apt-get install php5-ldap

cd /etc/apache2/mods-enabled

ln -s ../mods-available/ldap.load ldap.load

ln -s ../mods-available/authnz_ldap.load authnz_ldap.load

apache2ctl graceful

READ MORE »

Posted in Ubuntu, Web Development - Tagged apache, apache2ctl, authnz_ldap.load, graceful, ldap, ldap.load, login, mods-available, mods-enabled, php, php5-ldap, restricted, security

Corrections? Questions? Comments?

Find an error?
Everything work out great for you?
Have some feedback?
Like to see something added to the article?

PLEASE leave us a comment after the article and let us know how we are doing, or if something needs corrected, improved or clarified.

Thank you!
- The Management

Advertisement

Back to Top