Questions tagged [configuration]
1. In computers and computer networks, a configuration often refers to the specific hardware and software details in terms of devices attached, capacity or capability, and exactly what the system is made up of. 2. In networks, a configuration often means the network topology. 3. In installing hardware and software, configuration is sometimes the methodical process of defining options that are provided.
161
questions
1
vote
2
answers
215
views
Is it safe to store database credentials as plain text in the configuration file?
Some services like ejabberd, nginx for authenticating using a database, and dovecot requires providing the database password as plain text in the configuration file. Is it safe to store MariaDB ...
0
votes
1
answer
110
views
Is it safe to allow linking to images by URL in user-made posts?
I'm working on an imageboard website that uses the TinyIB bulletin board software.
When editing the settings, I found this line:
define('TINYIB_UPLOADVIAURL', false); // Allow files to be uploaded via ...
4
votes
1
answer
763
views
Making sure that SSH key is NOT used anywhere but specific hosts
I have an SSH key for work that I do NOT want to be offered by the forwarding agent anywhere but the work hosts.
So I thought following ~/.ssh/config could do the trick:
Host *
ForwardAgent yes
...
1
vote
0
answers
173
views
What's the tradeoff of storing a connection string vs the password as a secret?
This is for an app service + database I am pushing up to Azure. I am using Key Vault + Managed Identity for the secrets. I have several connection strings in the secrets to ApplicationInsights, etc.
...
0
votes
1
answer
98
views
How to store ClientID and ClientSecret in a K8 Env
I am trying integrate our service with SSO. I have generated the ClientID and ClientSecret.
Is it a good security practice to store the ClientID and ClientSecret as a configmap? If not, what are the ...
1
vote
0
answers
168
views
TPM FAPI sealing data inside /dev
I am using TPM simulator in my local VM to test FAPI API and am able to seal the important data inside directory ~/.local/share/tpm2-tss/user/keystore as per the path mentioned in config file /etc/...
0
votes
0
answers
107
views
Is process-based authentication more secure than username and password?
My infosec officer is campaigning the use of client process-based authentication everywhere applicable for future and existing projects. For existing projects, especially for custom applications, this ...
5
votes
1
answer
2k
views
Are there any negative consequences if you change your ssh config for a host with `UpdateHostKeys no`?
I recently came across a question on stackoverflow.com regarding gitlab.com and ssh config. The solution apparently is to update your ssh config with the following:
Host gitlab.com
UpdateHostKeys ...
0
votes
1
answer
390
views
Intel Ethernet Driver Advanced Settings for Security/Privacy
There are some settings found on Device Manager > Ethernet Driver > Advanced Tab.
Are there suggestions for any of these settings? or any suggestion to improve ethernet driver security?
Adaptive ...
1
vote
1
answer
597
views
What is the most up-to-date secure method for storing .ENV variables?
I am improving the security on my php website. I am not using any frameworks or cms. The credentials are currently stored in plain text in the relevant php files. While researching, I came across this ...
1
vote
1
answer
2k
views
Changing $_SERVER['REMOTE_ADDR'] remotely
On a nginx web-server running the following config is to possible to change $_SERVER['REMOTE_ADDR'] remotely?:
user www;
pid /run/nginx.pid;
error_log /dev/stderr info;
events {
...
47
votes
3
answers
6k
views
Security implications of stolen .git/objects/ files
As a security in-charge, I just noticed that one of our production web apps was attacked by some hackers. The attacker accessed the .git/objects/ files.
I already modified .htaccess to make .git and ...
1
vote
1
answer
549
views
Config file contains password hashes and signature keys
First, I am a beginner in IT security. I hope my question is not too dumb.
I use a program that can show a live feed from a security camera. You can import a project file, that sets up user accounts ...
1
vote
1
answer
1k
views
How to make Squid Proxy undetectable by ip-check.net? [closed]
I have setup squid proxy on a CentOs server where I set forwarded_for to delete and denied request headers on the /etc/squid/squid.conf file. However, whilst connected to the proxy, if I visit http://...
0
votes
0
answers
119
views
Configuring a macbook for a specific case
I've used cleanbrowsing.org as a DNS filter, created an administrator account, logged in into that account, changed my usual (admin) account to a normal user and set the new admin account with a long ...