Sunday, September 26, 2010

Securing apache Basic authentication

The easiest way to secure your apache webserver is using Basic authentication. Users wanting to access your webserver will be prompted to enter a username/password pair to do that. However, Basic authentication is not secure as it does not encrypt these credentials, nor the content itself. The solution comes in Digest authentication. This is how to migrate your server configuration from Basic to Digest authentication.

In Basic authentication, you create a passwords file (using htpasswd command) then configure apache as in the link above. To migrate to Digest authentication all you have to do is to:
  1. Use the command htdigest instead of htpasswd to create users
    htdigest -c /path/to/your/passwords/file "Authentication Realm" username
  2. Configure apache by adding the following:
    AuthType Digest
    AuthName "Authentication Realm"
    AuthUserFile /path/to/your/passwords/file
    Require valid-user

  3. If you have SELinux running, enable httpd to access the passwords file:
    setsebool -P httpd_enable_homedirs 1
  4. Restart apache:
    service httpd restart
Note: the apache user (usually apache) needs to have read access to the passwords file, apparently!

It is worth nothing that Digest authentication only encrypts your password, but not the content. Moreover, anyone sniffing on the packets, having the encrypted password, can use it directly to access your content. To overcome these issues, you have to put your content under SSL, but this is another story.



Read more...

Thursday, August 19, 2010

Nokia Ovi Store distribution market and the axis-of-evil countries

Today I was reading some technical news and came across an article from the Forum Nokia Blog. The article highlights the achievements and new features of the Ovi Store. What drew my attention in this page is the distribution market map of the store. It basically tells which countries have paid apps, which have free only apps, which are totally blocked!




As you can see from the map, these are the axis-of-evil countries that are blocked from the Ovi Store:
  1. Iran
  2. Syria
  3. Sudan
  4. Cuba
  5. North Korea
  6. Cote d'Ivoire
  7. Congo
  8. Zimbabwe
  9. Did my eyes miss something?
This reminds me of the ban of some of these countries from the SourceForge website post Clinton's Internet Freedom Speech. At least Nokia should make this block list under the control of the app publishers, exactly like what SourceForge did.

I don't like the political influence on the technical world. It does not align with the human rights of the people of these countries.

You too Nokia?


Read more...

Monday, June 7, 2010

Who is the true God, Jesus or Allah?

Everything that is made should have a maker. The computer you are using right now did not come from nothing randomly. There should be a maker of it. The earth, sky, mountains, rivers, your body and everything should have a maker. This maker should be one and only one because if there is more than one, there would be much discrepancy throughout the creatures. This creator is the only God who is so powerful, so great and so merciful. This God is called for since Adam, Noah, Moses, Jesus and Mohammad, Peace be upon them all. They all call for the same creator, the same God, Allah. This is what Muslims believe.

As for Jesus, Peace be upon him, he was given birth without a father. Allah sent his angel Gabriel to Jesus mother, Mary with the blessing of a baby. She asked Gabriel, oh how can I have a baby without a father? He replied, for Allah, the most powerful, do you think it is difficult for him? Allah created Eve without a mother, and Adam without a mother, nor a father.

Jews at that time condemned Mary of making illegal love, they did not believe Jesus is a blessed prophet sent from almighty Allah. They even tried killing him over the Cross when he was an adult. However, Allah, the most merciful, sent someone that resembles him to be prosecuted instead of him. Since then, Christians believe it was Jesus was really prosecuted for the humanity sake. They even believe that he is God himself, or the son of God. But how could a God stay in his mother's womb for 9 months? How could he eat and drink and then urinate and defecate? And how was the world managed while he was in his mother's womb?

If you need more information about Allah and Islam, you can check these websites:
http://www.islam-qa.com/en/cat/12
http://www.islamicity.com/education/understandingislamandmuslims/

Peace be upon you.

Read more...

Thursday, June 3, 2010

The undocumented changes in Google Groups posting policies

I have been noticing that my email posts on one of the Google Groups I am subscribed to do not get replies from other members anymore. I was starting to get upset and thought my popularity has dropped and people are totally skipping my emails! I asked Mahmoud what was the last email he got from me and he told me it was several days ago! I logged in to the group website and found that my recent posts do NOT get delivered at all, without a single notice from Google!

After several tests I came to the following:
When your subscription in Google Groups is on email A, you have to really send from this email account A. If you use an email account B with an alternate account A (that appears in the From field), this will not work (as of May 29th and at least for me!)
You will not even get a delivery error from Google in this case because they think you are forging this email.

However, if you send from a totally different account C (and don't try to modify the sender), you will get a delivery error.

Moreover, if you send from account A USING ANY ALTERNATIVE ACCOUNT B, C, D, ... The message will be delivered!

Bottom line, now they only look for the real sender, and if an alternative account is used, they don't reply back with any error.

Read more...