Direkt zum Hauptbereich

Putting phpPgAdmin behind SSL virtualhost and securing it a bit more

This could be a huge post, but I am cutting it short:

  1. configure pg_hba.conf right, e.g. set host stuff to password md5
  2. try to connect to your database locally to test it,
    e.g. psql -U user "psql -U user dbname -W" and type in the password
  3. install phppgadmin, e.g. on debian I could not find a /etc/phppgadmin/apache.conf but a /etc/apache2/conf.d/phppgadmin
  4. your apache2 should be able to serve SSL, otherwise look a my post from yesterday: SSL virtualhost after you setup a SSH connection through rsa keys and always redirect to it
  5. in order to serve multiple site using SSL you should change to *:443 instead of _default_
  6. also you have to tell /etc/apache2/ports.conf to use NameVirtualhost when listening on 443; otherwise apache will tell you about conflicting virtualhosts.
  7. apache2: now its time to copy the content of conf.d/phppgadmin into a sites-available file and dont forget to delete the alias line and adjust names and folders.
  8. From now on I followed these steps: Step Two—Adjust The Security Settings which is basically a htpasswd in front of the virtualhost
Even though you cant login into phpPgAdmin as root or postgres you database could be exposed. Now the attacker has to listen to a SSL conversation, hack it, sneack though apaches htpasswd system, and then hack phppgadmin.

But in any case its always good to close ports due to misconfiguration, e.g. postgresql exposed to the internet, or other services but SSH:
iptables - setting up a decent firewall
Labels:

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

rails + carrierwavve + plupload = multiple file upload

Right now I am very happy! I finished my work on creating a file upload method in rails for more than one file, altogether handled by rails sessions and as objects. First I had to learn a bit more about how rails works and I achieved that by reading a lot: books, screencasts and blogs. In this blog post I like to share what I accomplished, but without the hussle of putting code blocks in here, so watch out for bold formatted text as that is the code. My goal was to have one site with just the pure option of uploading files. All file handling would be done behind the scenes by myself logging onto my server. That said you are not going to see any fancy CRUD here. Lets start then! And dont forget to versioning your app BEFORE you try something new! [e.g. git] > rails g scaffold Photo title:string Now add carrierwave to you Gemfile and run > bundle install >rails g uploader Photo Alltogether you have model, controller, views and an uploader folder with the Ph...
Kommentar veröffentlichen
Mehr anzeigen

debian 6 vserver - a new installation due to centOS update problem - my steps

My centOS vserver broke down after a "yum update" and even the centOS community forum could not give an answer within 24h. In my books that is poor for the almighty and stable centOS. Bare in mind that I am just a normal user of linux, no professional and definitely no expert when it comes to server, but I can read, try and share my findings: debian 6 installation steps via ssh secure your server: adduser foobar for security purposes  change /etc/sshd/sshd_conf to PermitRootLogin no now you can login as foobar and change to root via su - visudo for sudo command permissions and put this at the bottom: foobar   ALL=(ALL) ALL change hostname change hostname in /etc/hostname and in /etc/hosts reboot login via rsa key rather than password locally do ssh-keygen ssh-copy-id -i foobar@hostname... ssh now works without passwords but with keys (for easy deployment) install ruby and rails via rvm login as root always good to have: sudo apt-get install...
Kommentar veröffentlichen
Mehr anzeigen

Virtuelles Wasser?!

In den letzten Tagen habe ich immer mal wieder etwas mit Rails programmiert und werde mich ebenso heute dem neuen Auftrag "multiple file upload" kümmern. Und weil vieles "Versuch-Irrtum" ist, gucke ich auf dem zweiten Monitor immer Reportagen. Letztens kam mir "Der große Haushaltscheck" unter die Finger: ARD Mediathek "Der große Haushaltscheck" In der Sendung vom 11.3.2013 ging es um unser Trinkwasser. Jedem sollte klar sein, dass Plastikflaschen nicht die erste Wahl sind, weil man nicht darauf vertrauen kann, dass der Hersteller wirklich "gutes" Plastik nahm (BPA, Phtalate, Benzol, Xylol usw.), aber das interessante waren die genannten Zahlen in puncto virtuellem Wasser bzw. Wassersparen. Wasser sparen an und für sich ist ja gut, nur heisst das nicht, dass wir weniger die Klospühlung benutzen sollten, sondern dass wir uns Gedanken machen über das "virtuelle Wasser". Unsere Kanalisation ist eine Schwemm-Kanalisatio...
3 Kommentare
Mehr anzeigen