Subscribe: 振华博客
http://zhenhua.org/feed.asp?cat=9
Preview: 振华博客

ZhenHua 's blog



zenhua zhenhua 振华博客,振华's blog



Published: Tue, 23 Jan 2018 15:00:13 +0800

Copyright: Copyright 2018, ZhenHua 's blog
 



key crt converter tomcat keystore

Wed, 25 Mar 2015 22:11:12 +0800

Quote
openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile mycert.crt -caname root -chain

keytool -importkeystore -v -srckeystore mycert.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore tomcat.keystore -deststoretype jks -deststorepass 123456



get an A+ on the Qualsys SSL Labs

Thu, 12 Mar 2015 13:31:14 +0800

For that you’ll need to do the following:

1 Don’t support older protocols. A lot of servers support really old and obsolete protocols. If you run a web app, your users will very likely not need support for these.
2 Don’t support flawed SSL ciphers. There’s a bunch of these and you can avoid using them. Browsers support multiple different ciphers, so this is not a problem.
3 Cache SSL sessions. This will improve performance.
4 Turn on HTTP Strict Transport Security (HSTS). This is a special



网站木马批量清除工具

Thu, 03 Sep 2009 14:16:20 +0800

asp网站木马批量清除工具:
来源:helpidc
(image) Click Here To Download



Windows 2000 激活终端服务

Fri, 25 Jul 2008 12:41:14 +0800

首先确保 终端服务器模式为“应用程序服务器”模式,这种模式下不会有2个连接数限制。

Win2K的终端服务有90天的限制,如果这90天内不激活它的话,过期之后就不能连接到Win2K终端了(不影响无盘DOS站的使用)。要激活它首先得拥有一个七位数的注册号码,利用它再经过如下操作即可完成终端的激活:

(1)首先进入"我的电脑→控制面板→添加/删除程序",选"添加/删除Windows组件",然后确保已选中其中的"终端服务"和"终端服务授权"两项。








Winwebmail 所需权限

Tue, 10 Oct 2006 00:10:15 +0800

上级目录
Administrator 完全控制
System 完全控制
Users 读取运行

安装目录
Administrator 完全控制
System 完全控制
Users 完全控制

web目录

Administrator 完全控制
System 完全控制
Users 完全控制
IIS帐户 完全控制



Access 访问所需权限

Mon, 09 Oct 2006 00:25:29 +0800

数据库连接出错,请检查连接字串

解决方法:

1. 查看数据库是否有问题,或conn.asp连接是否有问题

2. 数据库访问需要系统目录temp文件夹做缓存。
但如果temp文件夹权限不够,就会出现以上问题。

解决:temp文件夹属性—安全 填加

network service 组 读取 / 特别权限
users 组 特别权限

如仍不能解决,填加Everyone 读取和写入 两个权限。



加固基于Windows 2003的WEB服务器

Sat, 19 Aug 2006 13:36:23 +0800

可禁用服务列表

•Application Experience Lookup Service
•Automatic Updates
•BITS
•Computer Browser
•DHCP Client
•Error Reporting Service
•Help and Support
•Network Location Awareness
•Print Spooler
•Remote Registry
•Secondary Logon
•Server
•Smartcard
•TCP/IP NetBIOS Helper
•Workstation
•Windows Audio
•Windows Time
•Wireless Configuration

打开服务器本地计算机策略(gpedit.msc),参考以下选择和修改对服务器进行加固:
1. 设置帐号锁定阀值为5次无效登录,锁定时间为30分钟;
2. 从通过网络访问此计算机中删除Everyone组;
3. 在用户权利指派下,从通过网络访问此计算机中删除Power Users和Backup Operators;



IIS 6 默认ACLs权限

Sat, 19 Aug 2006 13:33:35 +0800

NTFS permissions
Directory UsersGroups Permissions
%windir%helpiishelpcommon Administrators Full control
%windir%helpiishelpcommon System Full control
%windir%helpiishelpcommon IIS_WPG Read
%windir%helpiishelpcommon Users (See Note 1.) Read, execute
%windir%IIS Temporary Compressed Files Administrators Full control
%windir%IIS Temporary Compressed Files System Full control
%windir%IIS Temporary Compressed Files IIS_WPG List, read, write
%windir%IIS Temporary Compressed Files Creator owner Full control



note

Tue, 25 Jul 2006 16:13:51 +0800

WScript.Shell:
regsvr32/u wshom.ocx
regsvr32/u wshext.dll

Shell.application:
regsvr32 shell32.dll /u /s
cacls %systemroot%\system32\shell32.dll /e /d guests

regedit:
shell.application
wscript.shell

net.exe cacls.exe telnet.exe tftp.exe tftp.exe format.com mountvol.exe mshta.exe