Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Articles Tagged ‘security’

Remember secure passwords easily

Monday, January 22nd, 2018 by Servage
keypadIt's easy for service providers to ask their users to use secure passwords. After all it is the user who is supposed to remember it. Obviously it is better for everyone if secure passwords are being used everywhere, but for many people it represents an annoyance to use a password like "237IMBd!" instead of "pizza". However, there are plenty of ways making it easier to remember secure passwords - and some of them even add a little bit of fun to the process ;-) I would like to explain my personal way of generating and using secure passwords as an inspiration to figure out a way that works for you, and moreover, ...

Chip security flaws

Monday, January 8th, 2018 by Helge
Specter and Meltdown!  These are the names of the two potentially serious security holes in processors that were revealed during the past week. We will start by stating that, with certainty, we can't say exactly how serious the bugs are (or rather how easy they are to exploit). In any case, this is what we know so far: meltdown-spectre-100745814-large The security holes have been traced back to 2011. Initially, only Intel's processors were pointed out (something that, of course, was so bad considering the manufacturer's market dominance) but later at his has been revised and the problem, at least with Spectre, seems to apply to all major processor manufacturers. Simply described, it's all ...

Security feature GeoIP Security

Thursday, January 4th, 2018 by Helge
servage_lockUnfortunately it is a fact that security threats are a reality on the Internet! To address these and to make your hosting package even more secure we have  GeoIP Security added to each Servage account. This feature enables you to prohibit possible intruders to gain access to your account based on their geographic location or IP address. You can enable GeoIP Security in the control panel, where you also have the ability to specify specific countries and IPs to allow access. How does this work? Whenever someone tries to login the user is verified against our database to identify if that particular user is allowed to login from that particular geographic location ...

API authentication using JSON web tokens

Wednesday, November 29th, 2017 by Servage
json-jwt-tokenThere are many ways to authenticate users in APIs: username and password combinations, OAuth 2 and API keys to name a few. Today we will be having a look at a rather new implementation called JSON Web Token, JWT for short. There are some noteworthy advantages in JWTs that we will be covering as well. What is a JWT? A JWT is a way to send and receive data between two parties in a secure way. The data a JWT contains is mostly up to you, although some metadata must be present. JWTs can be used as session tokens to authenticate against an API. As the name implies, a JWT is JSON and therefore ...

Learn about OAUTH

Thursday, July 20th, 2017 by Servage
oauthOAuth is an authorization standard that can be found on websites, APIs, web applications built with React or AngularJS and more. OAuth is often used to let other websites access user information on another website. OAuth can be used for various types of authorization, so let’s see how it works in more detail. Why OAuth? As mentioned previously, OAuth gives a website access to a user’s profile information on another website. When you sign up on a website, you have likely seen the option to sign up using your Google, Facebook or other account. In these cases, the signup process is handled by OAuth and your personal information, such as your name and ...

CORS explained

Sunday, July 9th, 2017 by Servage
cors-hackerCross-origin resource sharing (CORS) is a feature that allows website content, such as external font files, to be requested between different domains. Although it doesn’t sound very obvious, CORS is used on a majority of websites. Let’s have a look into what CORS is all about and when it is used. Same-Origin Policy Before talking about CORS itself, let’s talk about a security feature related to it called the same-origin policy. It is a security feature built into web browser that prevents websites from sending certain types of requests to other websites. For example, www.example.com cannot send a POST request to www.example2.com using AJAX. The reason why this is blocked is because this ...

Protecting users with Two-Factor Authentication

Thursday, May 11th, 2017 by Servage
two-factorTwo-factor authentication (2FA) is considered the most secure way to protect online accounts. It protects user accounts with one-time codes that are usually delivered to the user with a 2FA application or text message. Big companies, such as Google, Facebook and Microsoft, already support 2FA, and it continues to gain more support on smaller websites too. This time we will see what it takes to implement two-factor authentication on a website using PHP. Installing pragmarx/googlef2a To set up two-factor authentication, we will be using a popular Composer package called pragmarx/google2fa. To get started, install the package using Composer: “composer require pragmarx/google2fa”. This requires you to have composer installed globally as described on www.getcomposer.org. Updating ...

Protecting your application from cross-site attacks

Sunday, April 9th, 2017 by Servage
xss-shieldCross-site scripting (XSS) is an attack where a user embeds malicious code as part of a website. This can be done for instance by submitting a comment on a blog website. If the comment contains a malicious script, it will be executed by all visitors who read the blog article. These attacks are quite common, and there are many varieties of XSS scripting. Let’s find out what methods are available to protect web applications from these vulnerabilities. Escaping User Input This is arguably the most important thing to do to prevent XSS attacks. On many websites, users are allowed to freely fill out forms that save the input in a database. Let’s consider ...

Securing you website with CSRF protection

Thursday, March 2nd, 2017 by Servage
secureCross-site request forgery (CSRF) is an exploit that allows a malicious user to send requests on behalf of another user in a web application. Even though protecting applications from CSRF attacks is not very difficult, these vulnerabilities are still fairly common. Now is a perfect moment to learn how to protect your application from such exploits. How CSRF Works A cross-site request forgery attack can happen when a user clicks a malicious link on a website or email message. State-changing operations, such as changing a user’s password should be implemented using POST requests. However, this is not always the case and applications sometimes use GET requests for this type of actions. This is ...

Secure authentication and password-hashing in PHP

Tuesday, June 7th, 2016 by Servage
securityMany PHP frameworks come with built-in helper functions for dealing with passwords in a secure fashion. However, sometimes you may have to manually hash and verify passwords. In either case, it is a good idea to know how everything works behind the scenes and what are the latest and greatest ways of storing passwords securely in PHP 5.6 and 7. Hashing a password PHP 5.5 introduced a new password hashing API that uses a secure bcrypt key function. The bcrypt method is deemed safe and often considered among the best ways to hash passwords in 2016. PHP 5.5 and newer versions include a built-in function called password_hash() that you can use to hash passwords. To ...