the_oliver
-
Posts
364 -
Joined
-
Last visited
Never
Posts posted by the_oliver
-
-
Where the data for the tables is stored is specified in the config, but im not sure on windows where that is by default. Do you have a dump of the data as phpMyAdmin can just import this for you? Perhaps i have missed the point!
-
mySQL runs on port 3306 (TCP/IP) by default. You may wish to increase this for security if your the only user? I asume you will need to set up your router to forword access on this post to your servers IP address.
Hope this helps -
as long as apache is looking for .htaccess files it will work exactly the same with or with out virtual hosts. simply create a .htacces file in the directory that should be protected as you would normaly. Apache will not look in specific places for .htaccess files but everywere!
-
sounds like a problem in apache's config file. If the setup is simple it may be best just to re-build it!
-
not sertan but dont think you can do this through ifconfg. Normaly the DNS servers are just stored in a file. e.g. /etc/resolv.conf
-
is this just a case of letting other people get infomationo from your computer? If so it is just a case of giving it an IP address, and teling your firewall to alow access on that port. (be carfull of security isues though).
-
no. not htaccess. htaccess is there to give someone permission (or deny it) to view something.
I am not sure this can be done, but you can specify you 'error pages' in the config file. If it can be done this is where it would be! Do you have access to the servers .conf files, or are you on hosting? -
ok, have posted the 'check' code i use below. Try this first though.
[code]<?php
session_start();
echo session_id();
?>[/code]
If you run the script. Quit your browser and run it again you will see that the number changes every time you do this. The code below criticaly requires the ip address AND session id to be the same. The ip address is not realy very important i just like to know where my users are!
[code]function check_client_cridentials($uid)
{
global $pg_connection;
session_start();
$ip=$_SERVER['REMOTE_ADDR'];
$query = "SELECT ip_address,session_id FROM authenticated_users_credentials WHERE user_id = '".$uid."'";
$result = pg_query($pg_connection, $query);
$data = pg_fetch_array($result);
//CHECK IP ADDRESS
if ( $data["ip_address"] == $ip )
{
$test1 = 1;
}
else
{
$test1 = 0;
}
//IF FIRST TEST IS PASSED CHECK AGAINST SESSION
if ( $data["session_id"] == session_id() )
{
$test2 = 1;
}
else
{
$test2 = 0;
}
//RETURN WETHER CRIDENTIALS CHECKED OUT OR NOT
if ( $test1+$test2 == 2 )
{
return "pass";
}
else
{
return "fail";
}
}
if ( check_client_cridentials('13') == 'pass' )
{
//CRIDDENTIALS CHECK OUT, LET THEM INTO PRIVATE AREA
echo "Bingo";
}
else
{
//CRIDDENTIALS FAILD, DO NOT ALLOW INTO PRIVAT AREA
echo "nhaaa";
}
[/code]
Hope this helps. Sorry its two posts! -
thats the resion for using the session number as well. The session number is unique to every web broser, and will change every time you close it and open it again. There for you can have as many people as you like on one IP address (as this will genuraly be the outside one), but the session number will always be diffrent. Give me a sec and ill see if i can find my code to post.
-
can be view by accessing the database through comand-line? Wont create a PDF though.
-
if the files are owned for apache for example then they have access! Espesialy if the files in the web directory.
-
The way i do it is whenever a user logs in, there ip address and session number (as its unique each time) are recorded against there user name in an mysql table. Then whenever they try to access a 'private area' i run a function that checks there current ip address and session number against the one in the table. It does this by checking what these should be for the user_name specified. If they mach there aloud in, if not then they are redirected. (i do this by having the function return a 'true' or 'false' value). The table in the database is refreshed everytime they log in.
Code for this is very simple. The only problem i see with this is having to store your database details in a standard file.
Hope this makes sence. Shout if not!
-
sure, but it would not be to chalanging for some one to view the origional file. its that bit that im trying to avoid.
Thanks -
Hi. At the moment a site im designing revolvers entirly around a connecton to a postgresql database. All the usernames and passwords etc are stored in the database etc. The connection details for this are stored in a normal .php file as a variable. Is there a more secure way that i can do that? It seems to be that it would be fairly easy for someone to obtain the file, reed the password and get access to all the files, with out being a regested user?
Thanks -
[quote]The originating IP address does not match the server IP, so I know it didn't come from anyone on my server[/quote]
Spamers are clever people! It is possable to make headers look like this. For example you could send an email from your server to me, and with a bit of clever playing it would look like it was sent from my server. What does your mail log say about these sent emails? does it show them as sent by your server? (normaly reprosented by a <= befor the address). Also it is unlikly that they world use your server just to send spam to you. If they are using your server, not just playing with headers, then there may well be multiple sends in your mail log.
If your running something like md5 athentication on your SMTP server it is unlikly there using your server. Do you have users outside your local network using anything other then webmail? If not you can tell your SMTP server to only accept conections from your internal IP range. Would sertinaly stop your problems! -
I see no resion why EXIM would not work on 4.4. It may be that it was wiped in the upgrade, or the old vertion is not compatable. But yes, if you re-install it it will work on 4.4
-
Perhaps this is two late...
Best way to do this is through using black list's through something like spam assasin. Try looking at something like spamcop.net 's list. There are loads out there. SpamAssasin is definatly worth looking at.
As to the bounces this is most likley just spamers doing something clever with there headers so it looks like there from your server. Often to fool you into opening them. However if it realy is someone else using your server to send mail this can be a big problem for you, as it could cause your domain to be listed in a black list. This means that anyone using black list checking (an most do) will not be able to receve mail from you. Security and restricaions on out going mail though have become almost as important on the mail accounts themselves. -
Persionaly i love Exim, mainly because of the way it logs things making fault tracking so easy, and the simple way Clam AV and SpamAssasin works with it. Also can have a nice webAdmin interface to make adding users, filtering, etc simple..... Type it into google and it will come up everyware!
If your running Redhat and want a simple way to install things look into the 'yum' comand. for example you can type 'yum install [i]whateveritis[/i]' into the comand line and assuming it is avalible as an rpm (check through yum search) it will do most of the work for you! no compiling! Beware you have to specify which servers RedHat should look to for these packages first. Some reading on it would save you a lot of time.
Red Hat often comes with sendmail on it. If your looking for a webmail interface to interact with either of these once you have got it going i like sqwebmail and squrilmail is often another popular choice.
Best thing about Linux is that theres loads of free help out there on the web, type most things like this into a serch engin and there is bound to be hundreds of resorces, and pro's willing to offer advice!
Hope this helps. Post below again if i have explained this porly!
-
Not that im aware of. If its simple 'turn around speed' (through high number of hits/users) minimise the number of other aplications running on that interface. Also using a second network card and some routing rules, or having other services running on the second card. If there are a low number of hits and not much else running could be due to restrictions imposed by the hardware, (more ram), or even something strange in the config.
-
not sure what you meen? do you want admin users on your linux box to have permisions to read/write to files owned by apache? If so best way to do it is to add the users to the apache group, or create an admin group, have this group own the files, and have the apache user as a member of the group.
-
Is this an apache server? if so that will be standard out of the box. Can you phrase your question a little better?
-
Works fine from hear! Schools are normaly very restrictive on trafic in/out for odvoius resions, primarily through port blocking. Why are you usingg :8080 / :80 would probably work. If its becouse your router uses this port its self, try another comon one your not using. For example if your running a windows only network your inlikly to use :22 (ssh and pcanyware normaly). Haveing to manditarly add a port just meens more for prople to remember when trying to get there!
-
Can you clarify this a little better? Do you want to know if your site is accessable to anyone? Do you want the conostinatly monitored or just a one off test?
Is your NAT using a static or dynamic IP address? If its static simply get a friend to tap it into the web browser, or point a DNS record at it. If its dynamic there are one or two free services that will enable you to have a fixed domain name, where the DNS record is regualy updated ortomaticaly. I think no-ip.com is one.
If you want a constant check look for 'service monotering' in google. Can recomend blue-emu.net . that can send you and email/sms if it becomes unavalible.
Hope this helps. -
Are this charictors being typed as plain text or using the html number equivelent?
If your just typing ® or anything slightly unusual like it thry using the html number equivelent. eg ® can be writen as [code]®[/code]
Let me know if that works.
phpMyAdmin causes apache to hang
in MySQL Help
Posted