Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting

vulnerability on openSSL – heartbleed

2014
Apr 14

There is a vulnerability in OpenSSL version 1.0.1 and it was fixed on version 1.0.1g.
http://www.openssl.org/news/vulnerabilities.html

For older version of OpenSSL, it does not have the effect.

it has a wide range of affect because all service through TLS protocol would be affected. The most common use is https, ftp through TLS, email through TLS, etc.

To test whether your server hit the vulnerability, you could go to the below site to test:
https://www.ssllabs.com/ssltest/

2 common password methodology for login system

2014
Feb 12

MD5 encryption

MD5 is very common and popular in the old days, some system may still use it.
MD5 is a one-way hash of the password and it has already been brute force attacked. Some websites provide you the way to reverse lookup and get back the original password from the hash.
if the password hashing use pure md5, it is regarded as not safe.

salt password

This is the most popular we found nowadays in most open source software. This is the enhanced version of one-way hashing to prevent brute force attack.
this is the most simple example of salt:
password = md5(password+salt)
p.s. some may use sha instead of md5 to improve the security

the trend of CDN

2013
Nov 19

in the past, you had to upload the static content like image or static page to the CDN provider manually in order to enjoy the benefit of performance improvement for your site. Nowadays, you no longer need to do so.
What you have to do is to change your DNS setting, pointing your domain to CDN provider and then set the origin server on the CDN provider. So the flow look like this:
YOURDOMAIN.com —-> SUBDOMAIN.CDNDOMAIN.com —-> YOURSUBDOMAIN.com

so the CDN provider could help you to cache your server content and response to the public user directly. Amazon is one of the provider, for detail, you could look through the below link:
Amazon Cloudfront

However, Amazon does not have any detail document about the security protection, but you could look through another provider – cloudflare which could provide some kind of protection to your website.

However, you may need to understand the HTTP header, for example the cache control header: max-age, s-maxage
this could affect your cached content on the CDN provider.

new extension on DNS – DNSSEC

2013
Oct 13

DNS – Domain Name System is a very old system which does not have any security protection. For example, all your DNS record is disclosed to the public.

To increase the security, now is new extension called DNSSEC is ready for some top-level domains (like .com, .net, .org), it helps to prevent malicious activities like cache poisoning, pharming and man-in-the-middle attacks.

A digital signature is used to enhance the data integrity. The common type of digital signature is SHA.

When a request send to the DNS resolver, the DNS resolver would verify and check for the authorization of the DNS record, if it is valid, then it would return. Otherwise, it would discard the response.

You may need to check whether your hosting provider provide such kind of feature to you. Some of the providers does not provide free service on DNSSEC.

generate HTML email, exclamation mark “!” issue in outlook

2013
Aug 10

when you use program (sendmail or phpmailer) to generate HTML email, you may notice one strange experience, why you see some exclamation marks in the email through outlook?

the main issue is: your HTML content does not have line-break character “\r\n”. You may need to do line-break because if the HTML content mix into one line, the line is too long and it would cause issue in outlook parser.

so do line-break on the HTML is one of the way to solve the “!” issue on outlook when viewing the email

php output excel, is it possible??

2013
Aug 10

is it possible to output excel through php. the answer is yes.

We did try to use PHP Excel few years before, however the performance is not quiet well. however, when we try to current version 1.7.9, the performance improved a lot.

we could now generate 4 tabs, set cell color, set font size and excel formula in just few seconds. To generate the spreadsheet, we no longer need to use .Net program to do so.

mysql fail to connect remotely, mysql process: unauthorized user

2013
Jun 23

There is an unusual case that we connect the mysql through remote connection.

the username, password and host is correct but we can never connect and in mysql process, it shows “unauthorized user”.

 

we tried a few time changing password, checking permission and everything is fine.

finally we find that the root cause is caused by nameserver.

 

if you confirmed everything is correct but fail to connect mysql database remotely, try to check the nameserver as well.

our hosting migration

2013
Apr 20

our website moved to a new the 3rd hosting provider and now the performance and availability seems to be the best. Up till now we do not face any downtime reported by pingdom.com, although pingdom.com may have false alert sometimes.

our 1st hosting provider

- burst:

actually the hosting is quite good if your website is not too heavy load, but you have to restart/reload your web server and database server frequently because there is no swap for openvz. the price is affordable and reasonable, although there is some alert by pingdom.com, but with such cost and just 1-2 alerts per month is acceptable.

last year they started to provide XEN framework VPS but we did not try yet. i think the service would be similar. if you have limited budget, it is a good choice for start.

our 2nd hosting provider

- vps6:

the hosting provided XEN framework VPS and have swap support. however, the downtime alert is too much and finally we decide to switch to another hosting……

our current hosting provider

- linode:

no DOWNTIME alert from pingdom for 16 days!! it is a good news. In recent month, they have upgrade their bandwidth, then CPU, then now RAM. Although we did not yet upgrade our RAM, but i think we could upgrade it in near future. However, the only drawback is the cost if you have limited budget.

the migration is done and we got double RAM, cheer!

new update Aug 10 2013: harddisk space is dobule too! But we really want them to have a cheaper plan~~

magento hellowired theme slider white blank screen issue

2013
Apr 06

many people have issues on the slider jquery plugin on magento, we tried the free template hellowired and we found out the fix for IE8 or let said mainly issue on IE.

follow their example:

<div id=”slider-wrapper”> <div id=”slider”> <div class=”panel”><img src=”image1,jpg”/></div> <div class=”panel”><img src=”image2.jpg”/></div> <div id=”controls”> </div> </div> </div>

you would get the white blank screen after the slider 1 changed to slider 2.

by looking through the css, what you need to do is just a simple fix, add the overflow:hidden at the end.

#slider { width: 674px; height: 328px; overflow:hidden;}