* You are viewing Posts Tagged ‘security’

Rails: Digitally sign outgoing emails (S/MIME)

rfc2822 April 22, 2009 Web Development No Comments

Tags: , ,

In this article, I will introduce one method to digitally sign outgoing emails with S/MIME using Ruby on Rails.

require ‘openssl’ vs. Kernel.system openssl

At first, I tried to sign mails using the Ruby OpenSSL library which is basically a lightweight wrapper for libopenssl. However, I was not successful; I found out how to create PKCS7 signatures in general, but not especially for S/MIME mails.

So I decided to use the openssl command line tool that can be invoked like this:
openssl smime -sign -signer $CERT_FILE -passin pass:$CERT_PASS
-in $UNSIGNED_MAIL -out $SIGNED_MAIL -certfile $CERT_CA_FILE
-from ‘your ’ -to ‘recipients <email@address>’
Continue Reading

Typo3: still 30 % vulnerable to latest critical security hole

rfc2822 February 15, 2009 Web Development No Comments

Tags: ,

A quick scan of sites made with Typo3 told me that 99 of 330 pages are still vulnerable to the last Typo3 security bug that allows to read all .php files, including localconf.php (where the database password and other things ard stored) at the moment.

That means that about 30 % of all Typo3 pages show their database passwords (and other things) in clear text 5 days after the security bulletin has been sent out.

blog.dev001.net is Digg proof thanks to caching by WP Super Cache