Security Posts

Write only S3 permissions

Time and time again I've found myself needing to limit access to S3 repositories via write-only. Read-Only access is widely used for public repositories, such as CDNs. A highly common use case for write-only access is allowing users to upload new files, but not modify any that currently exist.

SSL All The Things

Lately there has been a lot of buzz around security when using web services. Everyone seems to be very paranoid all of a sudden and encryption is the answer to everything internet based. I wouldn't say I'm too overly paranoid, but I took this opportunity to add some extra security to my personal website. This post will cover the things I learned along the way through my research and also explain how quick and easy it can be to add SSL Encryption to your website.

Removing Password from SSL Key

I recently just setup a new SSL Certificate on and ran into a little glitch that wasn't explained in the setup process, but luckily I already knew how to fix as I've installed these many times before. When you generate the .key file you must put a password on it, which is a good idea, but impractical for use on an Apache server. All goes well until your restart, during which is asks for the password before the server can start. This is a huge problem, especially if your server crashes, or restarts and there's no one around to type in the password, your entire site will be down because the Apache process will be locked up waiting for this password. Luckily there is a simple workaround. Make sure you backup your original key first, just in case!

Improving SSH Security on Linux

This is a quick post to inform you of some ways to keep your Linux machines well protected from hackers and bots. Today I realised some of these so called hackers had been brute forcing my web servers for the last few days; luckily they didn't prevail but it got me thinking. I'm going to tell you the steps I took to secure my server even further than it already was, and hopefully help you avoid the same troubles.

Secure Proxy with Squid and SSH Tunnels

Today I decided to build myself a small, yet very secure proxy tunnel to use at work. Not that I have anything to hide, I'd just prefer my boss not to know what sites I browse in my lunch hour, or get curious as to why I enjoy watching stand up comedy while I work. Luckily most of the services I use are https enabled anyways, but for the few that aren't, this is my workaround.

Secure Proxy with Hamachi2 on Linux