Projects

Mod_security rules for Dokuwiki and Nextcloud

Mod_security is a great tool for security websites. I submited some rulesets for Dokuwiki (here) and Nextcloud/Owncloud (here), and they were merged into the rules, so people can activate them, rather than have to write their own for those platforms.

Status: Active

wptool

wptool is a tool used to edit, manage, fix, and otherwise take care of WordPress sites. You can read more about it and get it here.

Status: Maintenance

Dokuwiki Secure Login

This plugin encrypts submitted login passwords during transit, giving Dokuwiki sites an extra layer of security. It uses Tom Wu’s implementation of RSA algorithm in JavaScript on the client to encrypt the password with the servers public key. The passwords are sent encrypted over HTTP. Man-in-the-middle attacks are prevented by using a variable token (salt) added to the password before encrypting. Therefore, replay attacks don’t work.

In short, it takes this:

p:MySecretPa$$word

And makes sure the login pages submit it instead like this:

securelogin:M66YMHFzjl9qXa96zr2JzDWlV3WTE+4mOgJZNNr3yW9xPzSORtSIjp+ZNczopNUp5N0M0ASiqutgf1nio+iTN....

Status: Maintenance