Servage Magazine

It seems that the increasing amount of accounts, logins, services, increases the amount of passwords to keep in mind dramatically. All too often you see people using too simple, or same passwords, for many important services. Therefore I would like to remind about the importance of secure passwords, like in a previous article here on the Servage Magazine. It's important to keep focus on this issue, so users are always reminded to increase their personal level of security. It’s easy for service providers to ask their users to use secure passwords. After all it is the user who is supposed to remember it. Obviously it is better for everyone if secure ...

The Servage  GeoIP Security supports the use of wildcards to allow IP ranges in addition to specific IPs. This means you can allow entire blocks of IP addresses with one setting, instead of having to add each address individually. What does the GeoIP Security feature do? It enables you to restrict access to login to your Servage account based on the user's country or IP address. You find it in the control panel at "Your Account > GeoIP Login Security". Allowing specific addresses: 12.34.56.78 34.56.78.90 ... Allowing address ranges: 12.34.56.* This allows any address starting with 12.34.56 12.34.* This allows any address starting with 12.34 ... Allowing countries: Simply select the ...

Hey there! Part five is now a few weeks old, and it's about time for the next step! Today the topic is simple file/folder protection with the help of htaccess (don't worry if you have no clue what that means). When you develop on a new project it's nice to be able to keep the public out, while working on it. And I am sure you can also come up with a whole lot of different reasons why you would want to protect certain files. What is htaccess protection? Htaccess files (hypertext access files) allow you to alter the configuration of the web-server to an extend permitted by the server administrator (which ...

Google received 2.4 million requests since 2014 to delete search-engine results under Europe’s “right to be forgotten” (RTBF) rules. European Union citizens currently have the right to ask search engines to remove results that include their names following a landmark decision from the European Court of Justice in 2014. The search giant released an updated version of its annual Transparency Report, which discloses how many and what kind of requests Google has received to delist pages from results and in how many instances the company complied. According to the report, it looks like the company is being asked to remove plenty of content. From 2014-2017, it received more then 2.4 million requests. ...

It's easy for service providers to ask their users to use secure passwords. After all it is the user who is supposed to remember it. Obviously it is better for everyone if secure passwords are being used everywhere, but for many people it represents an annoyance to use a password like "237IMBd!" instead of "pizza". However, there are plenty of ways making it easier to remember secure passwords - and some of them even add a little bit of fun to the process ;-) I would like to explain my personal way of generating and using secure passwords as an inspiration to figure out a way that works for you, and moreover, ...

Specter and Meltdown!  These are the names of the two potentially serious security holes in processors that were revealed during the past week. We will start by stating that, with certainty, we can't say exactly how serious the bugs are (or rather how easy they are to exploit). In any case, this is what we know so far: The security holes have been traced back to 2011. Initially, only Intel's processors were pointed out (something that, of course, was so bad considering the manufacturer's market dominance) but later at his has been revised and the problem, at least with Spectre, seems to apply to all major processor manufacturers. Simply described, it's all ...

Unfortunately it is a fact that security threats are a reality on the Internet! To address these and to make your hosting package even more secure we have  GeoIP Security added to each Servage account. This feature enables you to prohibit possible intruders to gain access to your account based on their geographic location or IP address. You can enable GeoIP Security in the control panel, where you also have the ability to specify specific countries and IPs to allow access. How does this work? Whenever someone tries to login the user is verified against our database to identify if that particular user is allowed to login from that particular geographic location ...

There are many ways to authenticate users in APIs: username and password combinations, OAuth 2 and API keys to name a few. Today we will be having a look at a rather new implementation called JSON Web Token, JWT for short. There are some noteworthy advantages in JWTs that we will be covering as well. What is a JWT? A JWT is a way to send and receive data between two parties in a secure way. The data a JWT contains is mostly up to you, although some metadata must be present. JWTs can be used as session tokens to authenticate against an API. As the name implies, a JWT is JSON and therefore ...

OAuth is an authorization standard that can be found on websites, APIs, web applications built with React or AngularJS and more. OAuth is often used to let other websites access user information on another website. OAuth can be used for various types of authorization, so let’s see how it works in more detail. Why OAuth? As mentioned previously, OAuth gives a website access to a user’s profile information on another website. When you sign up on a website, you have likely seen the option to sign up using your Google, Facebook or other account. In these cases, the signup process is handled by OAuth and your personal information, such as your name and ...

Cross-origin resource sharing (CORS) is a feature that allows website content, such as external font files, to be requested between different domains. Although it doesn’t sound very obvious, CORS is used on a majority of websites. Let’s have a look into what CORS is all about and when it is used. Same-Origin Policy Before talking about CORS itself, let’s talk about a security feature related to it called the same-origin policy. It is a security feature built into web browser that prevents websites from sending certain types of requests to other websites. For example, www.example.com cannot send a POST request to www.example2.com using AJAX. The reason why this is blocked is because this ...