Abaksoft Posted August 6, 2014 Posted August 6, 2014 Hi all, Anyone have knowledge about VPS security ? 1. If you have an importante Database wich is hosting in a folder, and working with your UNIGUI web application, can a hacker take control of : - your application.DLL ? - your database ? 2. Is it safe to show the url : www.xxx.xxx.x.x\myFolder\myappli.DLL Where xxx.xxx.x.x is your IP server 3. So, hackers can see your IP server ! THX.
Marlon Nardi Posted August 7, 2014 Posted August 7, 2014 Hello Abaksoft, you do not need to show: url: www.xxx.xxx.xx \ myfolder \ myappli.DLL in my case I only present the Clean URL. app.falconsistemas.com.br referring to present the IP you can use a DNS server that hides your real IP: https://www.cloudflare.com/ 1
Marlon Nardi Posted August 7, 2014 Posted August 7, 2014 DDoS attack protection: https://www.cloudflare.com/under-attack
Abaksoft Posted August 7, 2014 Author Posted August 7, 2014 Thank you Marlon, Very nice is your page home. So, it confirm that web attacks are possible ! We have to take care of this. Now my question : even if i hide my VPS IP adresse (Rewrite technics) can a hacker take control of my VPS server ? Big THX.
Administrators Farshad Mohajeri Posted August 7, 2014 Administrators Posted August 7, 2014 You must activate a firewall and only leave incoming ports open which you need. You must also change the default ports. For example, don't keep the remote desktop port at its default value. using security software and anti-viruses which are specially designed for Windows Server OS is useful too. 1
Andrey Volkov Posted August 14, 2014 Posted August 14, 2014 You must activate a firewall and only leave incoming ports open which you need. You must also change the default ports. For example, don't keep the remote desktop port at its default value. using security software and anti-viruses which are specially designed for Windows Server OS is useful too. Hi, Farshad! Let's take out discussion about safety in a separate branch of a forum. There is a wish to see responses of security specialists about check of the created server on vulnerability.
vipin Posted January 18, 2016 Posted January 18, 2016 Hi we are converting our delphi application in web using uniGUI. Please let me know how we do web security management for this web app.
Administrators Farshad Mohajeri Posted January 18, 2016 Administrators Posted January 18, 2016 Hi we are converting our delphi application in web using uniGUI. Please let me know how we do web security management for this web app. First step is to use UniLoginForm to create a login form for your app.
Abaksoft Posted January 28, 2016 Author Posted January 28, 2016 Hello vipin, In addition to what has already been said, you can add some of techniques that you can improve : 1. Change your default DataBase "masterkey". 2. Even if your folder is stollen, allow runing your program only on your VPS (signature Mac adress etc...) 3. Protect your dll from reverse ingineering (unigui generate a no classical dll...i am testing a solution). Greetings.
md9projetos Posted August 19, 2016 Posted August 19, 2016 Talking about security,The mere fact that uniGUI is a server centric environment is already an advantage over traditional Delphi desktop applications. Application security and server security are two different subjects. I see many people here concerned about html injection,even though its a valid concern ,SQL injection is still much more dangerous.I myself never write SQL statements in my client application (at least when I´m doing my own stuff and tell the rules). In your client you should only call methods of a service or stored procedures and work with the resultsets. Allways use https ,encryption whatever tool you have in your hands. If it make things slow,you should work in a VPN . Talking about server security,no matter what you do ,you´ll probably never reach the same level of security of a hosting provider,but if you really want to host yourself the best thing is buying a good dimensioned embed Linux appliance(Fortigate,Sonicwall,etc),and make a course to at least understand the basic concepts. Some of these appliances even have a kind of playgound to fool hackers. Try not to have your database ,and web server in the same machine,make several backups each day,have periodic password changes,policies to do whenever you fire a system administrator and so on. And of course,don´t use the database server,or the web server to surf the WEB. 1 1
Recommended Posts