security Questions
1
Polyfill.io is malicious: https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6
I now need to find it my codebase:
I used: grep -r "polyfill.io" to...
Caecilian asked 27/6, 2024 at 8:10
4
Solved
I am building a system that allows users to generate a documents and then download them. The documents are PDFs (not that it matters for the sake of this question) and when they are generated I sto...
4
The command --disable-web-security to allow for cross domain requests on Chrome is no longer working, I presume due to the latest update.
Is there a workaround for this, besides downloading an ol...
Brobdingnagian asked 2/8, 2011 at 20:45
5
Solved
I must warn you I don't use powershell much. I am trying to turn off windows defender real time protection via powershell I found the command Set-MpPreference -DisableRealtimeMonitoring $true and t...
Zacatecas asked 24/2, 2018 at 6:53
9
Solved
I have an ASP.NET 3.5 application that uses ASP.NET forms authentication. I want to be able to get the Windows user name currently logged into the computer (NOT logged into the ASP.NET application,...
Pluralism asked 24/4, 2013 at 6:17
8
Solved
I am trying to Update the SSL certificate in accordance with this post
.
I am noob in certificates, so i followed this guide. But, when i enter
keytool -keystore mycacerts -storepass changeit ...
Sandler asked 27/3, 2012 at 12:38
3
I recently read about the new Instance Metadata Service - IMDSv2 that fixes SSRF attacks in an EC2 environment.
I understand how it works when I directly use EC2 over the cli.
But I couldn't find a...
Stencil asked 26/1, 2020 at 8:45
4
Solved
Suppose I have a server storing encrypted text (end-to-end: server never sees plain text).
I want to be able to do full text search on that text.
I know this is tricky, but my idea is to use the t...
Gambell asked 9/3, 2014 at 18:55
2
Solved
I am aware of the difference between a process running in user mode and one running in kernel mode (based on access restrictions, access to hardware etc.). But just out of curiosity, what is the di...
Cephalic asked 1/3, 2010 at 5:57
4
Solved
How to secure server/proxy settings in settings.xml in maven?
I assume this is mostly about login and passwords stored there and I assume that those can't be placed placed there explicitly, shoul...
3
Attempting to send a SOAP request using suds, I'm using Python 2.7.6.
I'm not very versed with security I am led to believe that either the security - key, on either my machine or the server's mach...
3
Solved
3
Solved
Imagine a scenario where I want to continuously invoke user-supplied Javascript code, like in the following example, where getUserResult is a function that some user (not myself) has written:
for ...
Battlement asked 19/3, 2014 at 12:35
2
Solved
Overview
Create a aws_secretsmanager_secret
Create a aws_secretsmanager_secret_version
Store a uniquely generated string as that above version
Use local-exec provisioner to store the actual secure...
Hartman asked 22/9, 2020 at 19:35
9
Solved
I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output:
[root@localhost bufferoverflow]# gdb stack
GNU gdb (GDB) Red Hat Enterpris...
Yong asked 21/7, 2013 at 17:55
7
Solved
When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http.
<rewrite>
<rules>...
Striped asked 11/4, 2017 at 6:50
4
I created an AWS VPC with public and private subnet.
I created an RDS(MySQL) inside private subnet. I want to access the RDS from internet (From my home machine).
I have kept the flag Publicly Ac...
Sedlik asked 18/11, 2014 at 8:37
12
I'm trying to create a certificate using the BouncyCastle.Crypto dll, which is then used to authenticate a SslStream as the server in a Windows Service process, which runs under the Local System ac...
Contortionist asked 2/11, 2011 at 17:48
1
hello guys i am currently develop android app, i have the intention to use proguard to protecting my app from reverse engineering
however, after i applied proguard to my app was an error like this ...
21
You might already know, that Safari has a nasty autofill bug where it fills email, username and password fields no matter if you set autocomplete="off" or not.
Here's a basic form:
<form actio...
Microspore asked 26/3, 2014 at 13:5
10
Solved
As its name suggests devtools should be visible or accessible only during development and not in production. I don't want my end users playing with the state and dispatcher or seeing what's going o...
Smut asked 29/3, 2020 at 2:15
13
Solved
This question has always troubled me.
On Linux, when asked for a password, if your input is the correct one, it checks right away, with almost no delay. But, on the other hand, if you type the wro...
Lean asked 3/4, 2009 at 2:24
2
In a Authorization Code Grant flow, once a public client such as a Single Page Application (SPA) obtains a OAuth 2.0 access token, where should the SPA keep it?
Storing the access token in locale...
Exotic asked 24/5, 2019 at 16:6
11
Solved
After reading Jeff's blog post on Protecting Your Cookies: HttpOnly. I'd like to implement HttpOnly cookies in my web application.
How do you tell tomcat to use http only cookies for sessions?
10
Solved
How do you prevent multiple clients from using the same session ID? I'm asking this because I want to add an extra layer of security to prevent session hijacking on my website. If a hacker somehow ...
© 2022 - 2025 — McMap. All rights reserved.