Session cookies are often seen as one of the biggest problems for security and privacy with HTTP, yet often times, it's necessary to utilize it to maintain state in modern web applications. By default, it is insecure and vulnerable to be intercepted by an authorized party. Cookies typically store session identifiers that may offer full access to an account, therefore if a cookie is intercepted, … [Read more...]
How to Import IIS Log to PostgreSQL
If you ever had a need to dump and analyze IIS logs from a database, this post will show you how to do it in PostgreSQL RDBMS. The assumption is that you're already familiar with the default installation and setup of PostgreSQL, if not please check the manual link at the bottom of this post. We will use default settings. Steps to Create IIS Log Table and Import Log File to PostgreSQL Create … [Read more...]
How to Backup IIS Manager Connections List on Windows
You've been using IIS Manager to manage remote IIS from your local computer. But how do you export the connections list if you move to a new computer or just to back it up if you lost all data? This post will show you how you can export and back up IIS Manager connections list on your local PC. All connections in IIS Manager are saved in a binary file called InetMgr.preferences and it … [Read more...]
How to Setup HTTP Strict Transport Security (HSTS) on IIS
HTTP Strict-Transport-Security (HSTS) response header is used to tell browsers that the particular website should only be accessed solely over HTTPS. This is a powerful feature that is easy to implement to mitigate the risks for the communication to be intercepted by hackers and keep your website visitors safe. Enabling HTTP Strict Transport Security on IIS See the steps below to enable HSTS on … [Read more...]
How to Troubleshoot IIS 500 Error for ASP Websites
You try to load your classic ASP (Active Server Pages) website and all you can see in your browser is the all too familiar display of 500 Internal Server Error. What is 500 Internal Server Error First of all, the 500 Internal Server Error is a very general HTTP status code that indicates something has gone wrong on the web server without any specifics on the exact problem. This … [Read more...]