Add password to .p12/.pfx-certificate

With following procedure you can change your password on an .p12/.pfx certificate using openssl.

Export you current certificate to a passwordless pem type:

Convert the passwordless pem to a new pfx file with password:

Now you are done and can use the new mycert2.pfx file with your new password.

pfSense 2.2.5 CaptivePortal Patch

Patch for pfSense 2.2.5 to redirect proxy users to the authentification portal.

Diff created with WinMerge.

MySQL: UPDATE query based on SELECT query

Passwords

Don’ts

  • Don’t limit what characters users can enter for passwords. Only idiots do this.
  • Don’t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don’t prevent them from using it.
  • Never store your user’s password in plain-text.
  • Never email a password to your user except when they have lost theirs, and you sent a temporary one.
  • Never, ever log passwords in any manner.
  • Never hash passwords with SHA1 or MD5 or even SHA256! Modern crackers can exceed 60 and 180 billion hashes/second (respectively).
  • Don’t mix bcrypt and with the raw output of hash(), either use hex output or base64_encode it. (This applies to any input that may have a rogue \0 in it, which can seriously weaken security.)

Dos

  • Use scrypt when you can; bcrypt if you cannot.
  • Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.
  • Reset everyone’s passwords when the database is compromised.
  • Implement a reasonable 8-10 character minimum length, plus require at least 1 upper case letter, 1 lower case letter, a number, and a symbol. This will improve the entropy of the password, in turn making it harder to crack. (See the “What makes a good password?” section for some debate.)

PHP

white-space: pre-warp don’t work at Internet Explorer

Today i noticed that our Knowledge Base looks ugly at Internet Explorer. It seems that he ignoring the following CSS attribute:

After a few test I found out, that by default IE use for intranet page the compatibility mode. OMG…

There are two ways to change this. First you can add a meta attribute the every page:

or you can use the Apache Module mod_headers which is my choise:
1. Change Apache2 Config to load the headers_module

  1. Change now the vhost.conf and add the Header

  1. Reload Apache2