Client certificates are a cool technology that, once setup, eliminate the need to use your password on your own website from your own devices.
This article wont run through the entire procedure for setting up a web server, Windows domain, file permissions, server certificates, or a certificate authority. I just want to convey some of the configuration pitfalls that exist in IIS 6.
This is a quick explanation of some more referencing quirks in PHP.
Let’s say you need to store an array in a specific variable so that another variable can be freed up and overwritten with different information. [To clarify, this array may be very large and copying it would be detrimental to performance in this particular application. For small arrays, copying and not referencing may be preferable.]
The operation for referencing the array with a new variable is quite simple:
$array_goes_here =& $need_to_free_up_this_var;
The code above will reference the array to prevent PHP from making an unnecessary copy of the whole thing.
Back in August, I mentioned the importance of disabling most versions of PPTP for security reasons, and included my own tutorial for How to Secure a Windows VPN with PEAP. That solution works great for Windows, but is not compatible with iPads.
Now I will offer a solution that works great for iPad, but may not work on Windows computers. In addition, I will explain how to get the two solutions to work together securely so that both Windows and iPad computers will be able to connect to a Windows VPN simultaneously without using the insecure versions of PPTP.
The Layer 2 Tunneling Protocol (L2TP) is an obvious choice for the iPad because it is the only supported protocol other than the insecure PPTP option. On the server side, however, there are some implementation nuances that could easily discourage the use of L2TP. I took the time to research L2TP in more depth before writing this article, because I felt that a generic recommendation could leave readers totally confused about the security issues involved. So before delving into a new tutorial, I want to explain two new concepts: L2TP Pre-Shared Key, and L2TP NAT Traversal.
A careful reading of the Microsoft recommendation against NAT-T will reveal that the underlying security problem with NAT-T is not a server problem but a client problem. In other words, Microsoft recommends that Windows XP computers not attempt to use NAT-T to connect to privately-addressed servers. The Windows 2003 server itself fully supports NAT-T out of the box and doesn’t even need to be configured to use it. This is perfect for iPad users, because iPad also supports NAT-T out of the box, and this almost eliminates the address translation challenges of using L2TP.