[kwlug-disc] KWLUG site security (was: Firesheep: Open WiFi cookie stealing for the masses ...)
kb at 2bits.com
Thu Oct 28 10:01:43 EDT 2010
On Thu, Oct 28, 2010 at 8:10 AM, Lori Paniak
<ldpaniak at fourpisolutions.com>wrote:
> On Wed, 2010-10-27 at 21:51 -0400, Paul Nijjar wrote:
> > On Tue, Oct 26, 2010 at 08:11:32PM -0400, Lori Paniak wrote:
> > >
> > > Enough editorializing - time for a practical question: how secure is
> > > kwlug site? How can it be improved? At what cost? (Sounds like a new
> > > thread)
> > kwlug.org is not secure. It is on a shared host that (from what I
> > recall) runs a pretty old version of Apache. The Drupal installation
> > is hideously out of date as well.
> > I don't know whether CCJ/Clearline (who donates the space to us) is
> > willing to investigate SNI or not.
> > - Paul
> This may not be necessary. I came across stunnel which looks like an
> SSL proxy system that runs on the server, listening for secure traffic
> and redirecting it locally (or remotely) to insecure web services.
> The link is: http://www.stunnel.org/
> Does anyone out there have experience/knowledge of this package?
> It runs on Linux, BSD and practically everything else and is apt-get
> installable FTW!
> Is it feasible to get a presentation/demo of procuring and installing
> public SSL certificates for use on a web server?
I tried stunnel many years ago (8 or 9 years).
I can't remember all the details, but it still requires shell access, and
rights to the server, i.e. a VPS or dedicated server.
It would not be possible in a shared environment to do it that way.
Another solution is reverse proxies that terminate SSL and leave
the web server setup the way it is (without SSL).
An example is Pound
This allows you to have more than one backend web server, served
by a single SSL end point.
This still requires a server that you fully administer.
Khalid M. Baheyeldin
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kwlug-disc_kwlug.org