HTTPS

  • Enable HTTPS and make your entire site secure

    Life is full of surprises. One of these days I got a job offering with a consistent budget, one of my former clients approached me to "make his site secure".  I said yes, but when turned out what he wanted in fact i had a surprise: he wanted nothing else, just to make the browser warning about "unsecure site" go away. He actually purchased a security certificate and hired someone to install it onto his server - with no success.

  • HTTP Sniffing

    HTTP stands for 'HyperText Transfer Protocol', and it is the mechanism used to transfer data from one computer to another across the Internet. You can use HTTP to request information from a server, or to send information to a client by wrapping the request or data in a 'packet'.

  • Misterious "Bad Certificate" error when you click on certain inner links

    One of my clients, who have serious Joomla background complained recently, that on his brand new Joomla site when he clicked on one of menu items his browser raised the well known "Bad Certificate" error. The site obviously worked well, but for some reason the link to that inner page was created using the https:// prefix.

    Obviously, he had no valid security certificate in place - as many sides does not have these days, but the menu entry being an inner, Joomla generated link he (and myself, for some... 5 minutes approx) was dazzled, what might happened?

  • Protect yourself from clickjacking hack

    Clickjacking is a browser security issue and is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. The hacker installs an invisible layer over the existing site, hijacking the user's clicks. The suspicious-less user will perform this way actions they never intended to, from apparently inoffensive ones, as following someone on Twitter, to really nasty things, like password, credit card information theft, and anything else you might (not want to) do on a webpage.

  • Running your Joomla Website over Secure Connection

    Joomla 1.5 and newer versions have full https support without any hacks being necessary. But what you can do if you want to run your Joomla 1.0 site over https for some reason? Upgrade it!... Easy to say, I am managing even Mambo based sites, running rock solid and doing the job they have built for, so this might be out of question. Bud don't despair, You can do it! You must hack here and there...

  • Server Settings

    Joomla specifies certain settings that are recommended for proper functioning of the system. A list of the recommended and actual settings is displayed when you install Joomla. One of the recommended settings is to have 'Display Errors' switched on. This is very useful when developing and debugging a site, but there is a security vulnerability in PHP (not Joomla, but the language in which Joomla was written) which may allow cross-site-scripting attacks when the display errors option is enabled, if you have a script which produces an error.