Add users to sudo

  • It’s good practice to always log-in as a normal user (a non root user account) and use this for your day-to-day things. If you often install things that user can be a member of the sudo group. This is a group that can elavate its rights so it can for example install software on the machine or have access to protected system files.

We’ll show you here how you can install sudo (if not already installed) and how you can add your user to the sudo group.

Be aware with great power comes great responsibilty.

Continue reading

Advertisements

Digest authentication

Digest authentication provides an alternative to basic authentication where the password isn’t tranmsitted as clear text. It however doesn’t lead to a significant increase in security since the password storage on the server is much less secure with digest authentication than with basic authentication. When in doubt: basic authentication over https is a better alternative.

In this post, we’ll talk about

  • the details af digest authentication,
  • how you can configure it on Apache,
  • check what is safe about digest authentication and what’s not.
  • check + demonstrate how easy it is to crack the password

Continue reading

Basic authentication

Baisc authentication is a simple access authentication scheme that is built into the HTTP protocol. It allows a HTTP user agent like a web browser to provide a user name and password when making requests.

Using such a scheme you can for example make a part of your site only accessible by certain users that have the proper credentials.

This scheme is however flawed.

This post will run you through how it works, how to set it up on Apache, how it’s flawed and what you can do to it to improve on it.

password_123_0

Continue reading

Install and configure HTTPS (SSL/TLS)

HTTPS is becoming the standard protocol for web browser – web server communication. Here we’ll learn how we can create self-signed certificates and enable TLS / SSL mode in Apache. Self-signed certificates generate warnings, but are free. In a later post we’ll check out Let’s encrypt certificates as well.

Continue reading

Set-up local hosts file

In windows and linux you can redirect a hostname to an ip address.

This is normally done automatically by your DNS server, but when you’re developing you’re typically not working with acutal domain names.

If you’d like to work with domain names instead of ip addresses you can do this by manually adding the domain – ip translation to your host file. We explain this short procedure for window and linux.

Continue reading

Creating your site on Apache

We’ll show you briefly how one adds and configures a website to apache2 server. This will be a site over the less secure http protocol.

To host a site on Apache we need to do the following:

  • A physical location where the web files are stored (html, php, …)
    • This is typically put in the /var/www folder
  • Proper rights
  • Copy or create website content
  • Set-up a virtual host so Apache knows about the site and how it should be configured

If you want to host multiple sites on a single Apache server, then you simply need to redo the above steps with a different virtual host.

Continue reading