Follow us on...
Follow us on Twitter Follow us on Facebook
Register
Page 1 of 3 123 LastLast
Results 1 to 8 of 23
  1. #1
    yoshi is offline Registered User
    Join Date
    Dec 2001
    Location
    Longwood, FL
    Posts
    214
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Howto: Installing OpenSSL and the SSL perl module Net::SSLeay.pm

    Here is the step by step process for installing a working version of OpenSSH on your MacOS X 10.1.2
    Install. I have done this HowTo with 10.1.2 in mind and I will not guarantee that this will work on
    10.0.x.

    OpenSSH Install:

    Notes about this install:
    YOU MUST follow this exactly because me and scope were doing this for over on IRC for over
    5 hours! We tried many ways and this is the only one that worked for us. If you deviate from the
    path I will not answer your support question. I know this seems harsh but this is the way it has to
    be since this was a complete pain! You also need this before SSH will work also.

    Step 1) Download OpenSSH 0.96c here: http://www.openssl.org/source/openssl-0.9.6c.tar.gz

    Step 2) Uncompress the archive and rename the resulting folder "openssl"

    step 3) Open up the terminal and type cd /users/YOURUSERNAME/desktop/

    step 4) type sudo mv openssh /usr/local/

    step 5) type sudo cd /usr/local/openssl

    step 6) type ./config

    step 7) type make

    step 8) type make install


    Net::SSLeay.pm Install:

    Notes about this install:
    This install like the other one is very sensitive to the options you use and I reccomend following
    these instructions exactly. Like the above notes me and scope were working on this for a long while
    and I think we are benefiting everyone who needs SSL for OS X. Also if you see an error message that
    says "some error [ignored]" don't worry about it we had 1 error also but it wasn't serious and
    everything is working... Apples cc compiler can be finiky sometimes.

    Step 1) Download Net::SSLeay.pl here: http://www.bacus.pt/Net_SSLeay/Net_S...pm-1.12.tar.gz

    step 2) Uncompress the archive and rename the resulting folder "netssl"

    step 3) Open up the terminal and type cd /users/YOURUSERNAME/desktop/netssl

    step 4) Type perl Makefile.PL -t

    step 5) type sudo make install


    That should be it, you now have OpenSSL 0.96c installed and the perl module Net::SSLeay 1.12
    installed and working. One way to test this is to install webmin which for I also wrote a howto that
    is very easy to do I reccomend you follow that one as well to test your installation here. As for
    compiling notes it varies from computer to computer I myself did all the Net::SSLeay stuff in about
    7 minutes while scope has a G4 (I have a G3) and it took him about 10-12 minutes.

    Good Luck and post any questions.

    `Yoshi
    Last edited by yoshi; January 17th, 2002 at 02:58 PM.
    I have held many Macs over the years: Performa 631CD, iMac DV SE, iBook G3, PM G4, B/W G3, PM 8500; They have all been special to me in some way or another. May the ones that did not survive, RIP.

  2. #2
    scope is offline Registered User
    Join Date
    Jun 2001
    Location
    South of the border, down Mexico lane (not really)
    Posts
    221
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yeah, I opened my G4 as I do for fun every now and then, and the whole MoBo was burning up, even the RAM chips. I got a fan or two and some cold beer from the fridge and helped cool it down. Of course, I put protection so as the MoBo wouldn't get wet. I think it was because I was compiling about 10 things at once along with running some apps.
    scope
    PowerMac G4 400MHz AGP, Radeon AGP, 54GB hard drive space, 512MB RAM, Mac OS X 10.1.5 and 10.2, Mac OS 9.2.2, ASD 17" Monitor, Altec Lansing APT5 Stereo System, APS Tech 8x4x32x CD-RW Drive. | PowerMac G3 233MHz with stuff. | PowerMac 8500/120 with other stuff.... | 6100/60 acting as network firewall. |

  3. #3
    mikasjoman is offline Registered User
    Join Date
    Jan 2002
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Errors...

    Some comments...

    Well the first thing you have to have installed is the cc complier from Apple, if you donīt have it, donīt try it.

    Then no: 5 was wrong, you canīt type:
    cd sudo /adirectory/
    should be cd /thedirectory/

    -Mika
    --------------------------------
    [ Shiva the destroyer ]

  4. #4
    mikasjoman is offline Registered User
    Join Date
    Jan 2002
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Would it be possible to make an installer?

    Hi...

    Do you think that it would be possible to make an installer?

    Or atleast an .command file?

    A .sh file?
    --------------------------------
    [ Shiva the destroyer ]

  5. #5
    scope is offline Registered User
    Join Date
    Jun 2001
    Location
    South of the border, down Mexico lane (not really)
    Posts
    221
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'll see if I can turn it into a .pkg file.
    scope
    PowerMac G4 400MHz AGP, Radeon AGP, 54GB hard drive space, 512MB RAM, Mac OS X 10.1.5 and 10.2, Mac OS 9.2.2, ASD 17" Monitor, Altec Lansing APT5 Stereo System, APS Tech 8x4x32x CD-RW Drive. | PowerMac G3 233MHz with stuff. | PowerMac 8500/120 with other stuff.... | 6100/60 acting as network firewall. |

  6. #6
    WhateverJoe is offline echo $row['what_tha'];
    Join Date
    Apr 2001
    Location
    Epsalon 3
    Posts
    138
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I may be off here,

    But I'm trying to learn asap, how to create a secure site on OS X using apache+php+mysql ... to my understanding the howto above is step one ?

    But in conversation with a stepwise.com fellow, SSL and Apache on OS X is not quite a workable item at this time ??

    I'm wondering if any one knows and if a howto is out on building a secure SSL site using OS X (Apache+php+mysql) ?

    Thanks,

  7. #7
    mikasjoman is offline Registered User
    Join Date
    Jan 2002
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security...the small course.

    If you start thinking of security, as we talk about web security, I think a good way of looking at it is as different layers.

    Iīl start at the wrong end: the computer that hosts the database server.

    Try to have it as "out of the box" as possible, because when it comes to MacOS X thats as secure as youīl get.
    Install what you have to, and donīt mess around.

    Get a good firewall that only allows visitors to get access via port 80.

    Next, we come to the MySQL server.
    The fist thing you could do is to set the mysq.users table in mysql only to accept users from localhost.
    And the user you set up, please use something else that your wifeīs name as a password

    The next level, if you want it really secure would be to encrypt atleast the user data that is stored in database.

    Lest say that you make a login db with a table called user_info.
    What I did yesterday with a nice webapplication that is on beta right now called LassoPro5 was this:


    A websurfer decides to register on my homepage. He then fills out his form, wich is really personal shit to him. But I tell him that everything, exept his login name will be encrypted. So now he feels safe and sends his form to my page called create_sec_user.lasso

    Then what I do looks like this:

    [var: 'encrypted_password' = (encrypt_md5: (form_param: 'the_password'))]
    [var: 'user_data' = (encrypt_blowfish: (form_param: 'user_data'), -seed='myWebDevSecretPassword']
    Now I have his password in an encrypted form in a variable.

    To put it in a tabel I do like this:

    [inline: -database='user_db',
    -table='user_info',
    'username'=(form_param: 'his_username'),
    'password'=(var: 'encrypted_password'),
    'user_data'=(var: 'user_data'),
    -username='A_username_configurated_to_allow_to_add_in_Lasso5',
    -password='the_lasso_user_password_to_add',
    -add]

    This would now add a record to my LassoMySQL database with an encrypted password and a username with the form parameters he sent.
    Offcourse I first had to check if someone is registerd with that username, but I wonīt make that here.

    The first thing I did was encrypting the password in something called MD5. What that is, will eaiest be explained in this login example.

    // code to search for a username and now to test the password sent again.
    [if: (encrypt_md5: (form_param: ' password') == (field: 'password')]
    You have the right to log in
    [else]
    Sorry try again, wrong password.
    [/if]

    Well, MD5 is a one way encryption, usually used for logins. what I first do is to find if there is a username in the system (none encrypted, and not in the code I wrote), and if there is one, I encrypt the password he tried to log in with and compare if the results are the same as the first time he encrypted his password (the time he registerd).
    so itīs impossible for me as a webmaster to decrypt his password. Makes him happy and me because Iīm safe that if someone manages to steel my user database, he does not get hold of the password.

    Then I used a encryption method called Blowfish.
    I took the form params from the userdata and encrypted it with my (the web server managers) password, called a seed.
    What I could have done is to encrypt it with his password if the IF statement looks allright, instead of my personal seed.

    So now your finised... not quite!

    The problem is that when the web user sends his form params, the form is sent unencrypted. I satisfied with saving all the user data encrypted, but if you would like to go on from there, you would have to go on with SSL.

    What you first have to do to install (what I have heard), is to get a verryfied certificate from a company as Verysign.

    Then you would follow the guide here on how to set up SSL.

    The metod I would do would be something like this:

    On the index.html page I would make a link to a secure login page.

    On the secure login page, I would the make the user to send his form params to my server.

    Then check the form params against the MD5 encrypted password as explained before.

    Then set something called a Session cookie, and end the SSL connection.
    What a session cookie is a cookie that getīs updated every time a person clicks on a page.
    If the person has not been active, the cookie is terminated, and if the person does not have a cookie, I log him out of the system.

    Thats if fokes!

    That is what I know about web security.

    Hope that was a small introduction.

    Kind regards

    - Mika

    Send me a email if you like, and correct my errors. Iīm not a security expert.: mika@fortress.no
    --------------------------------
    [ Shiva the destroyer ]

  8. #8
    yoshi is offline Registered User
    Join Date
    Dec 2001
    Location
    Longwood, FL
    Posts
    214
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Errors...

    Originally posted by mikasjoman
    Some comments...

    Well the first thing you have to have installed is the cc complier from Apple, if you donīt have it, donīt try it.

    Then no: 5 was wrong, you canīt type:
    cd sudo /adirectory/
    should be cd /thedirectory/

    -Mika
    Buddy, trust me if you want to get this done right just do it the way I say to above. I have tested many ways of doing this and it is the way that is the fastest. If you want to start flying off from the Howto I will not try and help because I spent several hours getting this right and if it worked for me it should work for you, if you don't know the admin password thats fine it won't work. Your way may work also but usually only admins can access /usr/local trust me I know although the cd sudo part was a screw up its fixed now...

    In response to having the apple CC compiler that is a "NO DUH!" comment. People who are getting into compiling should know to have the developer tools installed. But you have duely proven me wrong so now any HowTo's I do shall include a line in the disclaimer about Having the Developer tools.

    I also have question for you, how much experience do you have in in Linux/Unix. If you have had much these comments weren't needed as the way the howto is setup is for people who don't have much experience with this sort of thing. People who do usually don't need howto's.


    I know all these comments sounded harsh but its all good I hope you don't take them the wrong way and go crazy on us.

    Have a good one folks

    `Yoshi
    Last edited by yoshi; January 17th, 2002 at 02:57 PM.
    I have held many Macs over the years: Performa 631CD, iMac DV SE, iBook G3, PM G4, B/W G3, PM 8500; They have all been special to me in some way or another. May the ones that did not survive, RIP.

 

 
Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •