gpg: failed to create temporary file '/var/lib/lurker/.#lk0x56e95100.hantslug.org.uk.29934': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Fri Mar 20 15:29:58 2009 GMT
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Fri, Mar 20, 2009 at 02:09:32PM +0000, Roger Munford wrote:
> I am helping a friend set up an ubuntu server for his business. However
> I am very concerned about security and am worried about inadvertently
> introducing security holes.
>
> Is there a good book or any recommended websites/tutorials that I could
> read. Something like "10 things you must always do" and "10 of the
> biggest mistakes to avoid" would be excellent.
If you process *any* data from "outside", treat it as dangerous.
Do not assume anything about it at all.
e.g. If you have a web application, don't assume that people will
(a) Use your website to submit data to you
(b) Send "sensible" values
(c) Even use a web browser
Expect very long data values, non-existent ones, random ones, and
ones with any kind of funny format you can think of and all the ones
you didn't think of either. Don't check for bad values and throw them
out. Check for *good* values and accept them.
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- I am but mad north-north-west: when the wind is southerly, I ---
know a hawk from a handsaw.
