Cybersecurity in the Age of the Machine
When the server can’t write to the session data directory, if will use /var/cache/nginx/fastcgi_temp/ and complain in the error log. You don’t want any of these errors, but a setting considered insecure will not even be reported as such. Here is how to bolster your PHP 7 session security with NGINX and php-fpm.
Your users want to access a web server instance as a staging or production environment for DevOps… They want access to the web server document root of the sites they manage. Your job is to maintain the integrity of the whole system in terms of cyber security.
If you happen to be running a web server on Linux—for example in EC2 on Amazon AWS—and need to provide site owners remote access in a secure and responsible manner, here is how to do it.
Logs that grow in size uncontrollably can cause unintended consequences. If you keep ignoring the situation, it will only get worse until you run our of disc space, the system starts being unresponsive or processes begin to crash.
Over the years, Apple has dismissed some of their best technical talent. Today, it came back to bite them: the legendary electronic maker had to admit that they got hacked big-time, joining Seagate in this predicament. It made news all over the airwaves.
[Updated 2019-03-17] Are you wondering why some JavaScript code from external domains simply won’t execute on your website? The reason could be as simple as an overly restrictive Content Security Policy (CSP for short). This article explains how you can create a Content Security Policy that’s both protective and functional. It will help you to secure your web server from some types of cross-site request forgery (XSRF/CSRF/XFS), clickjacking and other code injection attacks.