Security

As the beta draws closer (it should have been released last week but we had to add some last minute stuff to avoid waiting 6 months before being able to integrate them), we just happened to organise the January Drupal Perú reunion here in Lima, and...

Reading PHP Architect's November 2008 issue (and in particular the Google Gadgets article by Timothy Boronczyk), I remembered reading a name yesterday (on the Elgg.org features list) that I have seen very often and which I never  got to the bottom of: OAuth. Well, today I decided that this ignorance was enough and that it was time to get there and see what it is... and it just happens to be exactly what we need in Dokeos to secure our web services!

Here are some more of my reference sheets (one on plugins/tools development and one on security). dokeos-185-tools-and-plugins-quickref dokeos-185-security-quickref I think with that I cover all basic questions a new developer might have, except the system to install/upgrade a Dokeos install (changing SQL queries) and the way to actually query the database using the Database class.

I just integrated the first web service implementation for Dokeos.

Although it's got nothing to do with Dokeos (apart from the way I found it), I think this manual is worth a look if you are going on vacation. It's a home-safety manual written by computer security professionals. It is not damn funny as I was half-expecting, but it kind of gives you a nice checklist of what you can do to protect your house before leaving on a sunny beach or a snowy mountain. http://www.isecom.org/hsm/

This article was first written in December 2003 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/96)

Some UNIX administrators find it handy to add «.» in the PATH (and some even put it at the beginning of the PATH). Why is this bad? On UNIX, everything is made so that you don't have to do it. Anything not doing so can be considered buggy, and can be fixed easily. Imagine someone has access to write a file in a otherwise harmless directory, like /tmp for example. Image now that that someone wants to do harm.

To create and save iptables rules the default Debian way, this is the way to go:

• create your rules using the CLI [1] iptables
• save them on the active rule by issuing a /etc/init.d/iptables save active
• create the rules for the inactive state (when booting, for example) and save them accordingly

That way, the rules will survive a reboot. To delete a specific rule previously saved as above:

• go into /var/lib/iptables/active and take the

An IDS is a system to track any changes not planned to a system. It is often used on sensitive machines where any unauthorized access is purely prohibited but can also act as a fool-proof system, more like a monitoring system. It works by checksumming or understanding the format of each file, and scrutinizing any suspect change to files.

A lot of people use the root account to do anything they need, just because it is easier… This is a really bad idea, as that user can do anything to the system.

There is a common problem appearing when installing a new Chamilo portal that I have seen a lot recently, so I thought I'd share the details here.

The problem

When installing Chamilo on a cPanel-kind-of-hosting, it might happen that you complete the installation, but when you want to enter a newly-created course, an ugly error appears.