SSL certificates for multiple virtual hosts: problem on IE for Windows XP

Using a single server for multiple virtual hosts is something that comes naturally nowadays for any web server sysadmin. Using SSL certificates is also common (particularly so since the infamous Blacksheep extension for Firefox as published a few years back). However, the mixing of SSL and virtual hosts might not be as easy as you might think.

20 most common passwords

I wouldn't want this post to disappear, so just to make sure that the information is better spread on what passwords *not to use*, here is the list: 1. 123456 2. 12345 3. 123456789 4. Password 5. iloveyou 6. princess 7. rockyou 8. 1234567 9. 12345678 10. abc123 11. Nicole 12. Daniel 13. babygirl 14. monkey 15. Jessica 16. Lovely 17. michael 18. Ashley 19. 654321 20. Qwerty Come on, people, get some imagination!

Don't use true filenames on your server

In a recent meeting with the Dokeos 2.0 team, I realized that sometimes things are not quite evident. One of these cases that can only be understood with experience is that there's no use in allowing a user to upload files and keep the true filenames on the server's disk. In fact, it is quite a bigger problem to do that instead of changing the filenames and storing files as hashes.

Reason 1: Avoid security issues

When uploading a file to the server, you will have filters in place (won't you?).

Dokeos cPanel upgrade checklist

This is a draft list of what you need to think of when you upgrade a Dokeos from a cPanel install...
  • check you have the sufficient login information to access the Dokeos portal, the cPanel files manager and the cPanel MySQL account for the corresponding Dokeos portal
  • connect to the cPanel server
  • take a backup of the database (possibly through phpMyAdmin if there is no easier way) and download it on your computer (safeguard)
  • connect to the file manager
  • if possible compress the whole Dokeos directory (after a check to see if archive is not filled w

Securing Web Services - Research

I've been looking for a few hours now for a "quick and easy" solution at securing the Dokeos web services, but I have still to go through a whole lot of technical details. Looking for help (at avoiding so much reading work), I have sent an e-mail to the php-general mailing-list, hoping for an answer. Because this e-mail is the result of considerable search efforts, I'm saving it here.

Security certifications

The pen-test mailing list (see has a short thread going about security certifications, which basically gives two possibilities for security certifications in the case of watching the information security: That's a personal bookmark for later. There's also an Ubuntu Professional Certi