ict.ken.be

Delivering solid user friendly software solutions since the dawn of time.

To SSL or not to SSL 

Categories: IIS mojoPortal Security

To SSL or not to SSL, that is the question.
We are not running a bank, so my business doesn't need that. Does it?

Ano 2013, still millions of sites on the internet are running insecurely over http port 80 and who can blame them. Switching your site to https puts more pressure on your web server, makes your ranking in the SERP drop and on top of that it is a pain to get a good certificate working. Or so they say...

Graph of website hits after switching to ssl

So, let's check this out.

  1. yes, you will lose money while transfering serp ranking, it takes on average around one and a half month to transfer it. More of an issue is the fact that adsense doens't support https... yes dumb very dumb... you can change the protocol but then you do not comply with the agreement... yes, can't understand this one either. 
  2. difference in speed is only a few miliseconds, so no problem there
  3. yes, it is not easy to set up correctly when it is your first time

And last but not least, yes you should put your whole site on ssl. Well actually tls. And this means everything, not just parts of it or your users will get sslstripped away... so educate your users.

And then my checklist, the reason I am posting it here.

Testing with a self-signed certificate

Types:

  • Basic : one ip, one domain
  • Wildcard : one ip, one domain + subdomains
  • SAN aka UCC : one ip, multiple domains
  • SNI : multiple certificates on one ip (eg. not supported on IE for XP)

Requesting a certificate

  • Lot of personal details + calls
  • DNS records should match your personal details 

Import certificate and trust intermediate certificates

  • Especially Firefox doesn't like it, if you forget to trust the intermediates

IIS Settings

  • Bindings
  • Use an astriks * in front of the friendly name, so you can use the GUI to set the hostnames 
  • OR use appcmd set site /site.name:"<IISSiteName>" /+bindings. [protocol='https',bindingInformation='*:443:<hostHeaderValue>']
  • Rewrite with 301 (do not use 302)
  • Add strict security headers for HTST, and use chrome://net-internals to check if they are correct. (Strict-Transport-Security / max-age=16070400; includeSubDomains)

Additional settings for mojoPortal

  • SSLAvailable on true
  • SSLIsRequiredByWebserver (web.config) & Require SSL on All Pages (admin ui -> will update cannonical)
  • SSLCookies in two places + different cookie name
  • Robots file for ssl, you probably need same as default one
  • Test also for page that doesn't exists
  • If using paypal, make sure your update your url protocols

Update your content

  • <link rel='canonical' href='https...
  • using // for img and javascript
  • update your own links to https where posible
  • hopefully you don't use third party that doesn't support https
  • recommend and social links: point an og:url meta tag for both URLs to the https one

Update your webmaster tools

  • http and https are seen as different sites

more on https:

update (aug 2014)

Today google announced to take https into account for their search ranking. I hope they also do something about the adsense, but at least it is a step in the right direction. Read more at http://googlewebmastercentral.blogspot.be/2014/08/https-as-ranking-signal.html.

Drop all the tables, stored procedures, triggers, constraints and all the dependencies 

Categories: SQL Server

/* Drop all non-system stored procs */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'P' AND category = 0 ORDER BY [name])
WHILE @name is not null
BEGIN
SELECT @SQL = 'DROP PROCEDURE [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped Procedure: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'P' AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

/* Drop all views */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'V' AND category = 0 ORDER BY [name])
WHILE @name IS NOT NULL
BEGIN
SELECT @SQL = 'DROP VIEW [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped View: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'V' AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

/* Drop all functions */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] IN (N'FN', N'IF', N'TF', N'FS', N'FT') AND category = 0 ORDER BY [name])
WHILE @name IS NOT NULL
BEGIN
SELECT @SQL = 'DROP FUNCTION [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped Function: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] IN (N'FN', N'IF', N'TF', N'FS', N'FT') AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

/* Drop all Foreign Key constraints */
DECLARE @name VARCHAR(128)
DECLARE @constraint VARCHAR(254)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' ORDER BY TABLE_NAME)
WHILE @name is not null
BEGIN
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
WHILE @constraint IS NOT NULL
BEGIN
SELECT @SQL = 'ALTER TABLE [dbo].[' + RTRIM(@name) +'] DROP CONSTRAINT [' + RTRIM(@constraint) +']'
EXEC (@SQL)
PRINT 'Dropped FK Constraint: ' + @constraint + ' on ' + @name
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' AND CONSTRAINT_NAME <> @constraint AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
END
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' ORDER BY TABLE_NAME)
END
GO

/* Drop all Primary Key constraints */
DECLARE @name VARCHAR(128)
DECLARE @constraint VARCHAR(254)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' ORDER BY TABLE_NAME)
WHILE @name IS NOT NULL
BEGIN
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
WHILE @constraint is not null
BEGIN
SELECT @SQL = 'ALTER TABLE [dbo].[' + RTRIM(@name) +'] DROP CONSTRAINT [' + RTRIM(@constraint)+']'
EXEC (@SQL)
PRINT 'Dropped PK Constraint: ' + @constraint + ' on ' + @name
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' AND CONSTRAINT_NAME <> @constraint AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
END
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' ORDER BY TABLE_NAME)
END
GO

/* Drop all tables */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'U' AND category = 0 ORDER BY [name])
WHILE @name IS NOT NULL
BEGIN
SELECT @SQL = 'DROP TABLE [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped Table: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'U' AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

The Joel Test 

Categories: Testing
  1. Do you use source control?
  2. Can you make a build in one step?
  3. Do you make daily builds?
  4. Do you have a bug database?
  5. Do you fix bugs before writing new code?
  6. Do you have an up-to-date schedule?
  7. Do you have a spec?
  8. Do programmers have quiet working conditions?
  9. Do you use the best tools money can buy?
  10. Do you have testers?
  11. Do new candidates write code during their interview?
  12. Do you do hallway usability testing?

Read more at JoelOnSoftware or get the book Smart and Gets Things Done by Joel Spolsky

Which Windows folder is 64 bit 

Categories: Windows
Folder name Bits Folder path Description
System32 64 C:\Windows\System32 Windows System folder (system directory) for 64-bit files
SysWOW64 32 C:\Windows\SysWOW64 Windows System folder (system directory) for 32-bit files
Program Files 64 C:\Program Files Folder for 64-bit program files
Program Files (x86) 32 C:\Program Files (x86) Folder for 32-bit program files

Running dd-wrt on a Linksys WRT160N 

Categories: Network

Linksys WRT160N and power adaptor Status page of dd-wrt

The Linksys WRT160N is a nice router, I bought it years ago and it served me for a long time. 

Recently I had to discard it because wifi protected setup (wps) has become vulnerable and linksys does not release new firmware for the device. Not to mention that they actually removed the source from their GPL Opensource Center.

So I decided to flash dd-wrt on it for using it internally.

Figure out correct version:

  • WRT160N with firmware v1.53.0 from 19 dec 2007
  • This is a version 1, at this time version 2 is NOT supported by dd-wrt
  • Supports 2,4Ghz has 16MB of ram and 4MB of flash memory
  • Default password is admin with a blank username

Get latest correct binary:

Flash the firmware:

  • Connect RJ45 cable between router and computer.
  • Disable all other network adaptors of computer.
  • Disable all firewalls and antivirus of computer.
  • Set static ip for the computer. eg. 192.168.1.100
  • Do a 30/30/30 reset (with power on press reset button for 30s, unplug power for 30s, keep another 30s for a total of 90s pressing the reset button) and wait at least 3 minutes.
  • Browse to 192.168.1.1 and check if default password.
  • Do a 30/30/30 reset and wait at least 3 minutes.
  • Clear browser cache and goto 192.168.1.1
  • Administration > Firmware Upgrade
  • Upload binary > Flash
  • Wait at least 3 additional minutes (even if you get success from browser)
  • Do a power cycle (30s unplugging the power of router)
  • Wait at least 3 minutes
  • Clear browser cache and goto 192.168.1.1
  • You should see the dd-wrt.
  • Do a 30/30/30 reset and wait at least 3 minutes.
  • Clear browser cache and goto 192.168.1.1
  • Setup new password and configure the router
  • Put computer back on dynamic ip
  • And remember your antivirus and so :)

 Development and sources:

Page 9 of 39 << < 1 2 3 4 5 6 7 8 9 10 20 > >>