Data dodania Pytanie
2017-08-16 20:08 Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? »
Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? I am studying the internals of PostgreSQL and have gott...
(1) odpowiedzi
2017-08-14 09:08 csrf not working in java »
I am using csrfguard 3.0.0.jar in my project. I have added my web.xml <filter> <filter-name>CSRFGuard</filter-name> <fil...
(0) odpowiedzi
2017-08-11 23:08 Security concern: Can Razor Engine internally make a REST call? »
I am developing an API in WebApi (current version 2017), which is using Antaris Razor engine 3.10. Today's current non-beta version. A concern was r...
(0) odpowiedzi
2017-08-11 10:08 PasswordVault security when used from Desktop app »
I'd like to use Windows.Security.Credentials.PasswordVault in my desktop app (WPF-based) to securely store a user's password. I managed to access this...
(1) odpowiedzi
2017-08-09 20:08 In ColdFusion How to Eliminate Vulnerable for Cross-Site Script »
What is the best way to stop Cross-Site Scripting for ColdFusion? Is there a setting to set in the CF Admin or is their code in you can put in Applic...
(2) odpowiedzi
2017-08-08 01:08 Do you need XSRF/CSRF token for a logoff request? »
What would be the security loophole if a logoff request is not validated with XSRF/CSRF token? ...
(2) odpowiedzi
2017-08-08 00:08 Is it possible for a mobile app request to be sniffed even if https? »
We are developing a hybrid mobile application and for certain function calls, there is a url called. Here is a sample request for getting user informa...
(1) odpowiedzi
2017-08-03 12:08 CSRF vulnerability in Keycloak Account Service »
Though there is a CSRF token used in the Keycloak Account service, there is CSRF token fixation vulnerability. To prevent CSRF, a cookie named KEYCLO...
(0) odpowiedzi
2017-08-02 20:08 Rails 4 parameters; how to whitelist a param to a set of values »
I have already read some posts, such as Value whitelist using strong parameters in Rails 4, but it's not quite what I need. I have a controller which...
(2) odpowiedzi
2017-07-27 15:07 Setting up jwt or oauth in web application »
I'm buliding a new spa app using angular 4 and I've started to search for different options for implementing security. As I dived deeper I found every...
(1) odpowiedzi
2017-07-26 08:07 Cross Site Request Forgery (CSRF/XSRF) issue in Product add to cart form in magento 1.9.3.4 »
We Scan our site in the https://detectify.com/ for checking CSRF attack. we are getting following issue in our site. For Example Cross Site Request F...
(0) odpowiedzi
2017-07-22 23:07 Email verification in PHP »
At this moment users can create an account at my website (username, password, email) This wil create an entry in the database which stores the userna...
(3) odpowiedzi
2017-07-21 17:07 How to prevent URL disclosure in an AngularJS SPA? »
A 3rd party security consultancy identified a risk in our Angular SPA/ASP.NET WebAPI application under the area of Information Disclosure, which we h...
(1) odpowiedzi
2017-07-21 10:07 Changing master password that is used for encryption »
I want to store some data encrypted, for example like a password manager where your master password unlocks all the underlying app/site passwords. Lo...
(1) odpowiedzi
2017-07-21 07:07 Security against CSRF attacks via GET requests? »
I've built a stateless, JWT-based user authentication system on my web server, following the example of Stormpath (https://stormpath.com/blog/where-to...
(1) odpowiedzi
2017-07-20 00:07 Is it safe to use a custom required HTTP header as a protection method from the CSRF for an API? »
I have a JSON API built for a SPA which accepts only requests with "Accept: application/json" header. So submitting the following form in the browser ...
(0) odpowiedzi
2017-07-19 20:07 Are CSRF attack specific to a target website »
As per my understanding CSRF attack is about sending the POST data to the target server when the user is logged in to the target server and clicks on ...
(1) odpowiedzi
2017-07-14 22:07 php how to securely approve post and user approval »
i am developing an interior management system where clients can post their taught about new design my question is how to securely approve or trash po...
(0) odpowiedzi
2017-07-11 04:07 How to generate a new CSRF token on every request without sacrificing usability or security? »
This article suggests that we should be changing our CSRF tokens on every request to prevent a BREACH attack. i.e., if we use gzip/brotli and per-sess...
(1) odpowiedzi
2017-07-08 16:07 Is it secure to get new csrf hash token from ajax response? »
I use zend 1 framework and I have form that use ajax multiple time, I secured it with csrf, but after first request csrf token will expire and I need ...
(2) odpowiedzi
2017-07-01 19:07 What's point of http only cookies? »
Assume you have XSS attack on your site. Hacker can make any request with cookies. So, what's point to hide this value from client? ...
(2) odpowiedzi
2017-06-28 19:06 For basic auth, can you use a key passed as params via url? »
Not talking anything super sensitive or private. I have a situation where I just want to restrict access, and was going to use Rails' authenticate_or_...
(1) odpowiedzi
2017-06-28 19:06 How to protect against CSRF on a static site? »
I have a static website, being served from a CDN, that communicates with an API via AJAX. How do I protect against CSRF? Since I do not have control ...
(1) odpowiedzi
2017-06-27 14:06 Does the JSSE in Oracle JDK8 implements TLS Fallback SCSV? »
It looks like JSSE in OpenJDK version 8 does not implement RFC7507. There is an open defect in OpenJDK bug tracker: JDK-8061798 But there is not much...
(1) odpowiedzi
2017-06-23 12:06 Storing sensitive data in database, recommendation »
I'm searching for best solution to store sensitive data in database. I know that this is common problem and i have done my homework (at least this is ...
(3) odpowiedzi
2017-06-22 16:06 RSA Signature performance »
When I run the following code on my machine using a key generated from KeyPairGenerator I get around 31 milliseconds. import java.security.KeyPairGen...
(3) odpowiedzi
2017-06-22 11:06 How to avoid hardcoding keys for encryption (Objective C)? »
In my Objective C code, I have a consumer key and secret hardcoded in my code to be used in SHA-1 encryption. What I would like to know is whether I c...
(3) odpowiedzi
2017-06-21 17:06 Azure blob storage images cause security issues when sharing webpages in Facebook »
All website images are stored in the Azure blob storage with standard urls like: https://****.blob.core.windows.net/*.jpg Each page has "og:imag...
(1) odpowiedzi
2017-06-14 15:06 Anti Cross Site Request Forgery (CSRF) token in asp.net c# »
Our team has developed an c# asp.net application and it recently went through a security check. One of the many threats include using anti CSRF token....
(0) odpowiedzi
2017-06-11 21:06 Is Regexp.new(user_input) in ruby secure? »
Is it secure to create Regexp object from user-provided query directly, or do I need to do some validations on it first? Documentation doesn't say muc...
(1) odpowiedzi
2017-06-01 09:06 How to lock certain columns from being edited for a user in postgresql »
How to lock certain columns from being edited even though user have access to editing rights for the table in postgresql. ...
(2) odpowiedzi
2017-05-29 20:05 CSRF token is visible in source code »
Should my Cross-site request forgery TOKEN be viewable on my web page source code I am running a rails app in production and can see Cross-site reques...
(1) odpowiedzi
2017-05-27 21:05 rails: What are the consequences of a leaked secret_key_base »
In rails we have something called secret_key_base in config/secrets.yml What if this production secret is accidentally shared via GitHub (public repo...
(1) odpowiedzi
2017-05-27 02:05 csrf ... php form security »
I'm creating a site with a number of different access levels, from basic user thru to admin level (5 in total) manager and admin levels will have the...
(2) odpowiedzi
2017-05-25 06:05 Is Kotlin harder to reverse engineer than java »
I am deciding which one to use for an Android Studio project and I am willing to use Kotlin. If there is an advantage in terms of being harder to rev...
(1) odpowiedzi