david hu

Ranch Hand
+ Follow
since Jul 20, 2001
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by david hu

I want user to be able to login to my website using https. I am thinking to setup my httpd.conf for apache this way:

I want to remove the following two lines from this file

<IfDefine SSL> //Line 1

...

</IfDefine> //Line 2

So that even web master start the apache using :
/usr/sbin/httpd -k start

Https is still enabled for my website.

Basically all I am trying to do is that: Instead of typing "/usr/sbin/httpd -k start -DSSL" to start apache, user can simply type "/usr/sbin/httpd -k start" (or still typing "/usr/sbin/httpd -k start -DSSL", in this case, since we do not define "SSL" in the config httpd.conf, -DSSL will be ignored).

Is this the desired way to always enforce https when we start apache?

Thanks,

David
18 years ago
Stu, you are right( "PS: I gather www.boh.com is exactly what David wants to do."). That is exactly what I want to do.

What I implemented is the same way as www.boh.com does, what security concern can you suggest? I personally thinks it is secure for all pages between client and server.
18 years ago
Hi,

I am using apache commons fileupload to let users to upload their files to a web site. The web site itself is using https protol, so that the file is securely uploade through the internet using the HTML form based uploading process. However, when the file lands on the hard disk of the web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker, these files will be exposed to the attacker, is there a way to do the follows:

1) Make the landed file to be encrypted when it is landing (even for the temporary file that the fileuploading process written during the file upload process).

2) Is there any other alternative approach to achieve this, e.g. another libary I can use to make the downloaded file always to be encrypted?


I can alway encrypt the file after the whole file is landed, but this is not desired. Since the temporary file written by the file uploading process is not encrypted.Also there is a delay between the landing of the whole file and the start of the encryption process.


Thanks,

David
18 years ago
Hi,

I am using apache commons fileupload to let users to upload their files to a web site. The web site itself is using https protol, so that the file is securely uploade through the internet using the HTML form based uploading process. However, when the file lands on the hard disk of the web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker, these files will be exposed to the attacker, is there a way to do the follows:

1) Make the landed file to be encrypted when it is landing (even for the temporary file that the fileuploading process written during the file upload process).

2) Is there any other alternative approach to achieve this, e.g. another libary I can use to make the downloaded file always to be encrypted?


I can alway encrypt the file after the whole file is landed, but this is not desired. Since the temporary file written by the file uploading process is not encrypted.Also there is a delay between the landing of the whole file and the start of the encryption process.


Thanks,

David
18 years ago
How to examine a site certificate if I am using https to connect to a web site? Say, I am typing https://a_web_site_name.com, How to know the followihng info about the site I am visiting in a web brower?

1)who's the issuer of the certificate
2)when the certificate is expired?


Thanks,

David
18 years ago
Sorry, I might not make my problem clear. What I am trying to discuss is that I want to put "RewriteEngine" directive in my config of apache, so that if somebody type: http://my_website_name.com , the url will be automatically changed to https://my_website_name.com, thus I want to force user to use https instead of http.

Here is what I put in the config httpd.conf of apache(It is working):

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*) https://my_website_name.com$1 [L,R]

However, my question is:

Do I need to open two ports : both 80 and 443 for my apache? Is it possible to only open port 443 if I am trying to achieve above?

Thanks,

David
18 years ago
I want user to be able to login to my website using https. I am thinking to setup my httpd.conf for apache this way:

I want to remove the following two lines from this file

<IfDefine SSL> //Line 1

...

</IfDefine> //Line 2

So that even web master start the apache using :
/usr/sbin/httpd -k start

Https is still enabled for my website.

Basically all I am trying to do is that: Instead of typing "/usr/sbin/httpd -k start -DSSL" to start apache, user can simply type "/usr/sbin/httpd -k start" (or still typing "/usr/sbin/httpd -k start -DSSL", in this case, since we do not define "SSL" in the config httpd.conf, -DSSL will be ignored).

Is this the desired way to always enforce https when we start apache?

Thanks,

David
18 years ago
I am setting up apache to do url rewriting. What I want to do is that if the user type the address of my website, say, http://mysite49.com, I wish the browser automatically change the url to https://mysite49.com. I have following questions:

1)Do I have to open two ports, both 80 and 443(for https)?
2)How to do this functionality?

Thanks,

David
18 years ago
I am using apache as my web servier with ssl enabled. What happened is that when the user uses IE to open the first page of the site, it requests the client certificate by poping up window to let user choose one certificate from the list (The list in the winodw is actually an empty list). However, if using firfox, there is no such a problem.

Also if the user put url in the IE browser address line again and refesh the window, there is no such a window popup to ask client certificate.

Why it behave like this? I want to get rid of the popup window that asks client certificate.

Can anyone give me a help?

Thanks,

David
18 years ago
What does tomcat host-manager application do?

I am just curious. Becuase I saw manager application and admin application, not sure what host-manager does.

It is located at :
/jakarta-tomcat-5.5.9/server/webapps/host-manager

Can anyone give me an explanation?
18 years ago
I am not using any package manager, since the file I got is a .bin file, it is automatically extract itself when installing.

So what else can go wrong?
18 years ago
I installed the j2ee 1.4 on linux box by doing ./j2eesdk-1_4_03-linux.bin, after it's installed under the dir /usr/j2ee. I removed it for some reason by doing rm -rf /usr/j2ee. But when I tried to install it on the same dir, I got the followin problem, it said the j2ee is already installed. If I continue install under the same dir, although it's said finished, but after taking a look at the dir /usr/j2ee, I only found the following file appserv_uninstall.class.

How to do a re-install on the same dir, say /usr/j2ee?

Also, I guess I did not do the right uninstall of j2ee on linux box. What is the procedure to do the uninstallation on linux box?

Thanks,
18 years ago
JkMount /test/*.jsp worker
JkMount /test/*.htm worker

I put the above line in the httpd conf file httpd.conf. The problem is that if in the htm file it refer a picture, say some jpg files. If these files have file extension as .jpg, the browser can correct render it inside the html page. If these files have file extension as .JPG, I mean, capitalized letters, the browser cannot render it inside the html page (basically I got a blank rectangle inside the html page). What i have to do to make it work is to put following line inside the httpd.conf
JkMount /test/*.JPG worker.

For lower case jgp file extension .jpg, I do not even have to put a corresponding line in the config file httpd.conf. These .JPG and .jpg files are under the same dir.

Can someone explain to me, Why?

Thanks

David
18 years ago
I have a question about using ant copy task.

In Linux environment, if some files' owner are somebody else, but say my userid is in the group owner of these files. If I copy files over these files, the owner of these files are not changed.

In ant, if I use copy task, these files' ownership will be change to my userid .

I am wondering why? Can somebody give me an explanation?
18 years ago
I am thinking to use Valve element inside the context file of admin application of tomcat, i.e., admin.xml to filter traffic, i.e., only boxes from inside the company can access this admin application.

Inside the admin.xml file which is under the conf/Catalina/localhost, I am trying to put Valve element to filter machine that makes the request to the admin application, I only allows request from inside my company to access this application.

But my question is that how to specify this in the valve element. I read the doc of tomcat, it only specifies the IP address or host names in the valve element. Since the IP address and host names inside my company can be vastly differnt,I cannot think a good way to use regular expression to achieve that.

Any better ideas?
18 years ago