Ubuntu Security :: Use A "secure" Proprietary Web-based Java FTP Client?
Oct 15, 2010
I was given the responsibility at work to upload some files to an offsite 3rd party FTP server. Apparently we use a "secure" proprietary web-based java FTP client.
The FTP client was buggy and repeatedly crashed. While I was waiting for it to work, I decided to look at the HTML of the website when I was logged in to their FTP server. It contained the following lines:
Code:
hostname="-------------"
username="--------"
password="--------"
connectionType="ftps"
mode="binary"
enableHost="false"
enableConnectionType="false"
enableAnonymous="false"
I substituted dashes for the sensitive information that was in the website. I do not have access to analyze the network traffic to see if our username and password is being transmitted in plain text to the website. It makes me nervous to see the username and password plainly written out in the html for a website; however analyzing the network traffic and securing networks is not part of my job description. So my question for people here who have this as part of their job description is as follows:
View 7 Replies
ADVERTISEMENT
Jan 29, 2010
I am trying to setup a web-based secure ftp client that can handle not only file transfers to and from one of my company's servers, but also allow new clients of ours to visit our site, create an account of their own and use it to log in and begin transferring files. This way, the users can manage their own accounts.
I don't know a lot about exactly what is running on our server, though I am almost positive it is debian based. I really only have access via ssh and ftp. I may be able to do more in the server room, but haven't tried. I thought about using net2ftp, but that doesn't seem to work with sftp, and also doesn't allow the creation of new users on the server.
Is there anything out there for me??You will undoubtedly require more information from me, so please let me know what it is and where I can find it and I'll get back to you as quickly as I can.
View 3 Replies
View Related
Jul 26, 2010
In my Windows environment, I use email client such as Microsoft Outlook to connect to our email server to send email with the following configuration:
Incoming server (POP3): 995 - (requires with SSL)
Outgoing server (SMTP): 465 - (use encrypted connection SSL)
[code]....
And the mail server requires user ID login and password.how do I setup a text command based email client in my Linux (Centos 5.1) to send out email through the existing email server above, which is in another machine? The email client has to be text command based because I need to use command line to send notification email from anothar application installed in my Linux (Centos 5.1) Since the email client will only be used to send email notification, I don't require setting up of an email server in my linux.
View 2 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Feb 18, 2011
This is my first post and I'm pretty new on Debian. I had used Ubunu for a while now and I've decided to move on Debian Squeeze.But I've one problem: I've a Java programm to install and the installer is GUI Java based. When I run the script, I've the next message:
Preparing to install. Extracting the JRE from the installer archive.Unpacking the JRE.Extracting the installation resources from the installer archive.Configuring the installer for this system's environment.Launching installer Graphical installers are not supported by the VM. The console mode will be used instead. Preparing CONSOLE Mode Installation. But this program is not able to run the installation in console mode.
I've tried to install sun-java6-jre but without success.Has anyone an idea to help me install this programm? My Configuration: Debian Squeeze 6.0 amd64.
View 13 Replies
View Related
May 5, 2011
Know any documentation or software packages to do a open source "File Hosting" or also known as "one-click hosting" server.I want to create my own private secure site to easily have clients download sensitive files. If it could be setup to use SSL that would be great.
View 1 Replies
View Related
Mar 9, 2010
Can any one tell me a good GUI based tool to secure PHP code . i have tried ioncube but its not GUI based on linux
View 3 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies
View Related
Jun 8, 2010
I'm trying to compile JGR, rJava, etc. for use w/ my updated R. My configuration of Ubuntu (9.10 Karmic, kernel 2.6.31-22-generic) and R (version 2.11.1; from lib.stat.cmu.edu source) shouldn't be terribly unusual. But, all my efforts to compile Java programs for R fail, possibly because of something in my Ubuntu configuration of Java.First, I ran: R CMD javareconf. The output from that tells me that "JAVA_HOME is not a valid path, ignoring" and the cpp flags are set to nothing. The javareconf fills most of the variables with references to openjdk. JAVA_HOME, as far as I can tell, points to a properly installed copy of Sun Java. When I run update.packages(checkBuilt=T) with this, it unsurprisingly tells me that "One or more Java configuration variables are not set" and all of my Java based programs fail to compile.
I've tried switching the default Java to the Sun version using "sudo update-alternatives --config java". Now, javareconf fills in the cpp flag and variables point to the Sun version, though I still get the error msg that JAVA_HOME is not a valid path (though javareconf sets the home path to: /usr/lib/jvm/java-6-sun-1.6.0.20/jre). When I try to compile rJava, I get the error: rJava, "JNI types differ from the native type."Does anyone have any thoughts on how to fix this? Alternatively, is there somewhere I can report these problems so they might get fixed in future versions?I suspect I can't be the only person having these problems.
View 3 Replies
View Related
Jul 10, 2009
I am trying to write a simple client that opens a secure connection. My intent is to use the OpenSSL library.
I am following this tutorial: [URL]... The tutorial mentions that I need a trust certificate store called TrustStore.pem. However, I can't find that on my machine. Is there a way to generate it? I separately downloaded the source from the OpenSSL website. The source distribution doesn't have it either. There is a whole bunch of .pem files. Can I use any one of them?
View 2 Replies
View Related
Jul 29, 2010
I'm looking for a version of Getopts for Java that isn't licensed under the GPL and accepts long options (i.e. both -h and --help). My code is licensed under BSD and I don't really want to change that just because a module uses the GPL...
View 1 Replies
View Related
Jun 21, 2011
I am looking for an interactive terminal based twitter client. It seems like there are a few around, but some of them appear to be abandoned. Does anyone have any recommendations of a good one to use?
View 1 Replies
View Related
Sep 16, 2010
I have install Ubuntu 10.04 version. Then install Crossover 9 and run Internet Explore 7 on the crossover. Now I need to access web based system through IE7 which is java applet enabled system and also I have already installed java runtime environment on crossover. But that system can not access through IE7 it given some errors.
View 1 Replies
View Related
Mar 21, 2010
For the analysis of wireless mobile nodes simulations, I have downloaded Jtrana from [URL] This is a java based project but I do not know what steps I am supposed to follow to use it for my trace analysis. In fact I know how to compile a .java file, but jtrana is a complete GUI software.So I want to know to how to install it under fedora.
View 14 Replies
View Related
May 17, 2010
I have disabled password logins to a server.I want to transfer some files to it using a client like FileZilla but there was no way I could give private key to filezilla is there an ftp client
which supports key based login?
View 2 Replies
View Related
Jul 27, 2015
I need to build a new computer, and I'm considering buying an "AMD-oriented" motherboard, that comes with an integrated ATI Radeon GPU.But, being a big Free Software enthusiast, that likes to have completely free drivers for everything, and knowing that the "open source" Radeon driver, for ATI/AMD GPUs, uses a non-free firmware, I'm reluctant about this... Above all, because I don't know what kind of security risk I'm taking, when using a proprietary firmware.
And, having read what was recently reported about the security of proprietary firmwares, in general,URL... if the firmware component of graphics cards drivers poses any security threat?(I mean, can the firmware part of a graphics cards driver be used to do anything more than executing instructions to display graphics?)
View 9 Replies
View Related
Aug 14, 2010
is there a way to run flash and java securely? stupid question i guess. i'd like to use a couple of sites that require them but don't want to open my box up to the bad things that can happen with these. videos, pandora etc. i don't know linux security well and just wonder what the ramifications of this will be?
View 9 Replies
View Related
Mar 18, 2011
If i were to build an sftp client which launched with logon details, and could then controlled by sending commands to that daemon; would that be ideal way to create an sftp client with disposable credentials?
View 1 Replies
View Related
Jan 26, 2010
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
View 9 Replies
View Related
Feb 11, 2010
A) Pc-bsd
B) Ubuntu
And also which OS is more reliable?
View 9 Replies
View Related
Mar 11, 2010
How can i secure grub 2.0 ? with grub 1 just do : grub-md5-crypt then we write password --md5 <crypted_password> in /boot/grub/menu.lst
View 9 Replies
View Related
May 10, 2010
Is it possible at all to secure transmission?
View 9 Replies
View Related
Jun 14, 2010
Newbie here,
I'm thinking of moving mostly to linux to get away from the security holes in Windows. And I have some questions...
How secure is Firefox for doing online banking?
Sometimes I have run into a situation where the bank doesn't support anything but Windows explorer when accessing my accounts. Can this be gotten around safely in Linux?
If so, How?
View 9 Replies
View Related
Sep 19, 2010
Is there any way to secure harddisk accessbility ? i want encrypt my hard disk, and partitions that ubuntu installed on that. is there a way ? i want deny all access to hard disk, just my own root account can have access to all.
View 9 Replies
View Related
Feb 19, 2011
Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies
View Related
May 25, 2011
I want to set up a website that hosts very confidential business information. The info needs to be accessed by multiple people in different geographical regions. The entire website would require the high security (ie: there are no little sections that are publicly viewable). While the site will be run with Ubuntu server, I will be hosting it in Amazon's EC2 cloud.
So, if I use the HTTPS protocol with an SSL certificate, am I pretty well reaching the most secure possible situation? Are there any concerns with using the EC2 solution? Obviously there are a LOT of variables involved with maintaining website security, but I want to know if HTTPS is the current best bet (in addition to all the "best practices" of securing a site) or if there is a more robust way of securing content.
View 9 Replies
View Related
Jul 27, 2011
what is the best option to securing server via firewall and iptables?
View 9 Replies
View Related
Feb 3, 2010
I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
View 4 Replies
View Related
Feb 4, 2010
If I need to get a file to someone I could place it on the server and somehow automate an email telling them there is a file available. They could login to the server based on their email address and a randomly generated key combination and down load the file.I also need it to preform the same function going the other way. Login into my server and place files going to me.
View 2 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else.looking for a file that logs any change to the security settings of the system.
View 6 Replies
View Related
