SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Sep 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Why is my site not secure enough? Or is it?

    Hi, I am new here, although I've enjoyed SitePoint for awhile now.

    I have a security question.

    I maintain a site/forum, it uses Simple Machines Forum and Tiny Portal, on shared server, uses php & MySQL. This is for a small nonprofit. We want to use the forum for our board meetings, as we are spread across the world.

    The problem is that one of our board members says she is unable to access the forum due to strict security measures taken by the company she works for. These apply to both her work and home computer since she takes work home. I get very little explanation from her about these measures.

    My question is, is there anything I can do to make the site more secure so that it meets with her company's requirements? (even though I don't know what they are?)
    Or does anyone have any idea what type of strict requirements would not allow our site, but allow Yahoo groups? (she has no trouble using Yahoo groups)

    I would appreciate any insight, or where I can find out more about site security issues.

    Thank you.

  2. #2
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi!
    My guess would be that one of these is responsible:
    1) misconfigured/self-signed/expired/invalid/untrusted SSL certificate
    2) javascript/vbscript that gets included from some 3d party site.

    Other than that it is hard to figure out anything else without additional feedback.

  3. #3
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    You really need to get some explanation of what her IT department is blocking to figure out how to help her.

  4. #4
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If "black box testing" is the only option, I would go with:
    1) create simple html page in http realm and ask her to open it
    2) move the same page to https realm.
    If she can open 1&2, then we can eliminate ssl/dns or ip blocking.
    3) find out all sources of media/scripts/css and test using 1&2.
    4) your site might contain keywords that trigger content filter

  5. #5
    SitePoint Member
    Join Date
    Sep 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you, Aleksejs, for the tips. I will look into those.

    Yes, it would be nice to get some sort of explanation, but I have asked and get no answer. I am working in the dark on this. Not that I am expending much energy on it, but it has made me wonder about it. She seems to be the only one affected.

  6. #6
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    19
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would need more information from the user - such as how exactly she is being blocked (such as by a locally installed program, or something at the border such as Websense). If it's Websense or some sort of filter it could possibly be triggered by certain keywords - these systems are often a bit too restrictive.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •