Collaborate Disseminate
I am currently using the Python Flask framework’s default session function to manage user login. My understanding is that, session function essentially is an encrypted cookie stored in a client’s computer containing the information on whic… Continue reading What if a browser does not honor the "expires" directive of a cookie
Note that this question is not about how to do chroot or make an account SFTP only. The question is about whether there are specific ways for a sysadmin to check if a chrooted and SFTP-only account is correctly set.
Usually I do chroot or … Continue reading Double check if an SSH account is SFTP-only and chrooted
Usually people say directly using root account is a very bad idea. However, my current setting is like this: to achieve a higher level of isolation, all services have their own virtual machine instances.
In this scenario, is it okay to sim… Continue reading Can I use root account if every server only runs one service [Debian/Ubuntu Server]
Basically I have a local network and an IPCam (with its own storage) in it. Due to some practical limitations, I cannot use technologies such as AP isolation or VLAN to isolate low-integrity and high-integrity devices.
Practically, the hash value of a server host key can be (relatively) long and thoroughly compare it with the record again and again can be annoying. For example, for a given md5 hash value:
43:89:1b:62:fa:5c:86:cf:57:fd:2d:e… Continue reading Would it be okay to check only a part of a hash value