I have a question regarding secure storage of API keys & secrets. Here's my scenario: I'm developing a program that collects/analyzes data from multiple external APIs. The data is rather sen...

I suddenly started to recceive this warning when running any script on my computer: Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially ha...

Is it possible to set the maxretry parameter of a fail2ban filter to 0 so that every IP will be banned instantly? The client does not complain about this setting but it does not seem to ban IPs eit...

Currently I am building rest API using Laravel. For authentication, I am using the Sanctum package. Every time a user is logged in it generate a token that looks like this: "token": &quot...

Integrating Firebase into my Android app and have configured it with the SHA-256 certificate fingerprint from my Google key. However, the setup isn't working, and all requests to Firebase are block...

I'm interested in social networks and have stumbled upon something which makes me curious. How does facebook keep people from playing with URLs and gaining access to photos they should not? Let m...

There is an error launching activity, unfortunately I assume it is not connected strictly with the project due to the fact the app launches on genymotion emulator, but does not on physical device. ...

This is my code in a Sample-Expo-Project. I am not able to add environment variable using process.env and also in EAS Secrets. I have added secrets in EAS but cannot read while building. In both ca...

Or, perhaps this boils down to: How do I get or create a working seccomp profile for google-chrome? I'd like to create a docker image where I launch Google chrome and browse sites I do not trust an...

I am trying to decide how to implement image uploading functionality on my flask app. I am currently using Flask-Uploads to get the job done and it seems to work pretty well. However, I have no ide...

I am getting a popup message when I'm login into my website that "Chrome found the password you just used in a data breach to secure your accounts....". Is there a way to hide or disable ...

I need to take a signed PDF document, compare with a reference document, and see if the only thing that changed was the addition of a new signature. I am trying to implement this with rust's lopdf ...

I'm using Mozilla SOPS to encrypt secrets, the results of which are committed to a git repo shared by the other members of a project. When using SOPS for personal projects, I am using age to encryp...

My app is live. It was working fine. But somedays before we changed the certificates(for security purpose) on Server. And Now whenever I tried to run my app. It is giving error: The certificate ...

I have a Spring Security version 3.2.3 application that listens to both HTTP and HTTPS. I want any request to the HTTP port to be redirected to HTTPS. How do I configure that using Java only? Spri...

I had tried using paths-ignore that I read about from https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scannin...

Consider the following code. In the event that an exception occurs, the trace (which will be logged and stored in a database) will include the sensitive password data. How can sensitive data in cas...

I'd like to allow scripts only from my local server with certain exceptions like jQuery etc., but be flexible to load external images. I'm aware that there is a directive like Content-Security-Pol...

I want to use post to update a database and don't want people doing it manually, i.e., it should only be possible through AJAX in a client. Is there some well known cryptographic trick to use in th...

In our application, users can create custom export functions in form of SQL statements. Something like this: SELECT name, age, date_birth FROM users WHERE group_id = 2 I don't want them to clear...

I have a route api/v1/track and I want to send some data (JSON) by given track ID, but I want to send response for only my frontend requests or my mobile app, not any other request from anywhere! I...

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User i...

In Window, I'm trying to create a key in the TPM with the help of the NCrypt library and restrict the access to only my application in C++, but I get the error: "The security descriptor struct...

I Read through many documents in the mongoDB doc, still unclear how authentication works for clients an member of replica set(using x.509). Found a resource "http://pe-kay.blogspot.in/2016/02/secu...

I am trying to load a certificate from a pfx file in a WPF application and it gives me an access denied error. using (FileStream stream = System.IO.File.OpenRead(certificatePath)) { using (Binar...