IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [restrictions]

23 questions
37
votes
6 answers

Is it possible for a hacker to download a php file without executing it first?

I have a php website where everything is in the public_html\ folder, including an includes folder with config and classes. I told my developer to move it away from public folder but he said there is no risk as files are php files and even if someone…
Petja Zaichikov
  • 471
  • 1
  • 4
  • 3
33
votes
1 answer

Which properties of a X.509 certificate should be critical and which not?

RFC5280's section 4.2 states Each extension in a certificate is designated as either critical or non-critical. A certificate-using system MUST reject the certificate if it encounters a critical extension it does not recognize or a critical…
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
8
votes
2 answers

Is restricting a Google API key for an Android app useless?

According to Google, one can add the SHA-1 certificate fingerprint and the name of the package in the Google Developers Console to restrict the usage of his API key to his Android app, so that developers can make sure that their API keys are not…
user9514066
  • 81
  • 2
6
votes
2 answers

Is IP restriction enough or should I SSL my web authentication?

I want to connect to my home install of phpmyadmin. I restricted the connection for this to my 2 IPs. But I don't really understand this whole OSI layering. I do know that the IP is saved in the second layer, and I guess that the IP restriction will…
Harrys Kavan
  • 193
  • 4
5
votes
1 answer

Why is `cd` restricted in rbash/restricted bash?

The bash manual says: A restricted shell behaves identically to bash with the exception that the following are disallowed or not performed: Changing directories with the cd builtin. Why is this not allowed? What security holes does this close /…
Michael Thorpe
  • 153
  • 1
  • 5
4
votes
1 answer

UUID in URL - how safe from accidental discovery is my proposed solution?

Here is what I want to do: We create reports for customers, normally we send them as pdf to our customer who then shares them with colleagues across his company. We want to switch now to digital reports. The report is accessible only via URL with…
urban-a
  • 51
  • 1
  • 5
4
votes
2 answers

What access does installing custom certificate file give?

I recently installed a custom CA certificate from a trusted authority to access some blocked resources. Android popped up with a message "The network can be monitored" This made me question what can be monitored and would it have any impact in other…
Dexter
  • 143
  • 4
3
votes
4 answers

Securing Data at Rest in Android

Here's a situation. I am the author of an app that allows my customers to stream videos on their local android device. I also allow them to download the video and store it locally on their android device itself. But now I want to restrict the…
qre0ct
  • 1,492
  • 3
  • 19
  • 30
3
votes
1 answer

How do they determine that "It's likely that you're behind VPN or proxy" if I have my own custom VPN?

I have my own VPN server on a remote server on VPS. On some websites, very unknown and small ones, I've faced up to a restriction stating "It's likely that you're behind VPN or proxy, you're not allowed to use our website". I don't want to change…
Dorion
  • 31
  • 2
2
votes
1 answer

Folder Access restriction in Shared Hosting

In a shared hosting I use (where I don't have access to httpd.conf files) I want PHP files in "MyTargetFolder" to not have ability to access anything in upper directories. It needs some configuration like OPEN_BASEDIR, SAFE_MODE,…
T.Todua
  • 2,677
  • 4
  • 19
  • 28
2
votes
1 answer

How safe are networking ACLs based on IP-address?

As far as I know, a determined attacker would have no major issues in hacking the IP address of the packets contained by his (web) request. Therefore, I cannot see how an Access Control List (such as the ones listed below) might improve the security…
turdus-merula
  • 123
  • 3
2
votes
1 answer

PDF User Password always give access to the Owner Password, even when encrypted with AES-128

I've been messing around with qpdf, and noticed something that seems huge: that a document's Owner Password is essentially useless, as it can be easily unset, and therefore that only the User Password offers any real security for a PDF. For example,…
Hashim Aziz
  • 969
  • 8
  • 21
2
votes
1 answer

Block AzureRM PowerShell Module

Is there a way to block AzureRM PowerShell module commands from being executed by certain Azure AD users somewhere in Azure group policy? Or is there a way to do this with PowerShell tools?
C.J. May
  • 23
  • 4
1
vote
0 answers

Device Control Policy

I want to blacklist all the external storage devices and only allow specific brand of device such as SanDisk. I had blacklisted the external storage devices by using USBSTOR* and whitelist all the SanDisk devices by using USBSTOR\DISK&VEN_SANDISK*…
IanCool
  • 101
  • 1
  • 4
1
vote
2 answers

Blocking access to social media on Windows

I would like to block websites like Facebook, YouTube and other social sites as part of my job and would need your advice on how to manage that. There are about 120 PCs in the building. Is something like that possible? Can it be done with the host…
VEGA
  • 13
  • 4
1
2