“Let’s encrypt” on localhost

Let's encrypt on localhost

Usually you develop your stuff locally and want to test the SSL encrypted stuff part too. With out a valid certificate, you always have to confirm the security dialogs, whether you are sure that you want to proceed. That annoys me each time. Furthermore you do not see, whether you have a problem with “mixed content”. In this article a show you how you can use „Let’s encrypt” certificates on localhost. Continue reading

Unprotected .git or .svn directories put your website at risk of information disclosure

dvcs_security

Version control software is very popular among web developers. The most used tool might be Git. Unfortunately the repository directory, e.g. .git is often unprotected in production environments. These folders not only contain the source code of a website but also database credentials, API access keys or tokens for popular cloud services like Amazon AWS, salts and hashes. Even more problematic is private data contained in sql dumps or csv files.

Studies e.g. by Internetwache.org or Jamie Brown show that a reasonable amount of websites is affected by this problem. Continue reading

TYPO3 Forger: Get in Touch with Issues and Reviews!

You feel lost on forge.typo3.org? With all the tickets? Categories? Tracker? You do not know which patch you like to put your energy on review.typo3.org? You do not find those topics / reviews you have the best expertise?
So forger.typo3.org is probably the answer you are looking for!  It basically provides an intuitive interface to filter reviews and shows some statistics. In this article I will give you an overview over all the possible views.

Continue reading