Is it possible to create a common pem file in softlayer to access all the machines in on VLAN from UI itself.
I have looked in all the configuration panels but wasnt able to find this setting.
I wanted to check with other users who might have created pem file to keep a common access credential login in all the machines.
I did not have the experience of working with this, but I can suggest to send an email to PortalFeedBack#softlayer.com, in order that they can provide more information about it or if it can be consider to implement.
Related
We utilize an outside vendor for hosting our WordPress site. The SSL certificate will expire soon and they have requested that I send them the contents of the PFX file, unencrypted, to them via email. The PFX file contains the KEY file and the CRT file. Our SSL is a wildcard for our domain; the same key is used to protect our VPN and another web server which I manage. We do not use it to sign any code.
If I have to share this/these files, I'd much prefer to do it by way of OneDrive or Google drive, but the host service person says that emailing presents no risks since an attacker would need to get into our DNS to make use of it.
Am I justified in pushing back on this? I find it weird that they haven't even offered to send it encrypted and provide the passcode via another mechanism.
TIA
I need a little guidance on how to implement signing of documents in a web based document distribution system we are developing.
At its simplest, user A will be logging into the website and create a Data Package. Word/Pdfs can be added to the package. User A will sign this document(s) using a digital certificate. User A might assign this to other users for reviewing the documents. They may sign the documents as well.
Now I know how to digitally sign data with C#. What I don't know is how to generate a certificate when each user logs into the website. The site is secured with DigiCert certificate.
What approach should I take to generate a digital certificate for each user? Once I have a .pfx file I believe I can store it in the database and use that.. Any guidance on this matter will be greatly appreciated!
thanks
I take to generate a digital certificate for each user? Once I have a .pfx file I believe I can store it in the database and use that..
This is what I call "naive approach" (read simplistic). You consider to store (maybe even generate) keypairs for the users in a web application. The biggest isssue with this approach is that someone with low-level access to the system (admins) or if database is leakt could gain access to the user's private key. To have a secure solution (considering signing), the private key may not leave its user
Doing everything in a web environment, you may consider using SubtleCrypto or other client site libraries, however at this point of time I see no reasonable way to manage the keys for pure web apps. Maybe you can store the user's keys and certificate in a localStorage, but it leaves some space for mallignant scripts to leak the keys.
Many real life secure solutions are working with secure modules (e. g. crypo cards), unfortunatelly the web libraries have no access to the modules (usually exposed as pkcs11 interface). As a solution usually the signing piece runs as custom code on user's computer. Before it was ActiveX, Applet,.. now it is often a "driver" exposed as a web server bound to "localhost" so the signig service can be used as web api from web applications.
I am writing a python script that sends a get request to a router. The problem is that the user and password are exposed to all in the script. I have seen multiple methods for dealing with this problem(using environment variables, reading credentials from a file) but these methods have not satisfied my needs. I would like that only a local admin user could have access to the file or variables that hold the user/pass values.
So I solved this problem by encrypting my credentials with a permanent fernet key using the cryptography library. The permanent key is in a file in the same directory as the main code as well as the encrypted credentials.
Thanks for the suggestions.
I’m developing an UWP app for Windows 10 phone. The client request is to be able to get the HttpClient BaseAddress (Services address) from a local file located on the Host File like on desktop apps (C:\Windows\System32\drivers\etc\hosts). This is because they need to use the app on different local networks and they want to be able to change the URL manually from the file.
Any ideas? I didn’t find information about it. Basically what I need is to manually write an address in a file to be read by my app without allowing the user interact with the to file.
I see two conflicting requests in your question - being able to manually write address in a file while at the same time without allowing the user to interact with the file.
If you store such configuration anywhere in the file system, where it can be manually written to, you cannot prevent the user to do the same. You could store the file in the applications ApplicationData.Current.LocalFolder which is more secure (although a crafty user can still find a way to edit the files stored there) but you would lose the ability to make manual edits, so your app would have to contain an area that would allow the user to edit the configuration.
In any case - ability to manually edit means user can interact with the file as well.
My approach would be to ask the administrators to create a HTTP endpoint, that would always return the configuration information you require on any given network, which your app would download on startup to reconfigure itself.
Disclaimer - I'm a non-coder, willing to learn, but have a question about SFTP.
So my developer whom I hired, provided me with a PPK file to login into my server. Is this a preferable way for FTP authentication?
I'm wondering because - What if I want to hire another developer to work on my site - now two developers will have the PPK file, right? So, how do I protect myself from previous developers having access to my site after they are finished? What is the proper process for these types of things?
Thank you!
You've been given a private key, needed to login to the server using key-based authentication. The key is not sent to the server, but it is used during SSH handshake. You are right that the key should remain private and you should not give it here and there. In general it would be a good idea to create your own keypair and place new public key to the server (and keep the private key with you). You will find more information about SSH authentication in this article. If you post your question to Superuser.com or Serverfault.com, you will get (find existing or ask for) more detailed instructions for non-programmer.
Every developer you hire should be given access to the site through a personal (individual) SFTP profile. Therefore each one of them will have his own PPK file. And when you want to revoke one of their accesses, just remove that developer's personal key from the server side configuration and he/she won't be able to log in again.