Questions tagged [security]
Topics relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE: https://security.stackexchange.com
security
56,617
questions
0
votes
0
answers
12
views
Incorrect redirect to /login causing issues
I keep running into an error on my first React-Spring Boot project that I just cannot work out.
I have an Auth Controller that sets a user session on successful login - which it does. I am getting the ...
0
votes
0
answers
16
views
Is it appropriate for an application (SPA) to pass an "extra" access token to a backend service (so that service can call other services)?
I have a web application (SPA), which we'll call A. This application calls an API service (that I control), which we'll call B. Service B uses OAuth authentication, and trusts an issuer I.
In my ...
0
votes
0
answers
14
views
How to install CDO on Alpine:3.20 docker image
I am trying to set up a Docker container based on Alpine Linux.
The container needs to have Python 3.12.4 installed with Dask and Zarr. I had to install it from the source, and it went well. However, ...
0
votes
0
answers
11
views
What is the meaning of frame-src 'self' blob:?
I want to restrict my site to blob: only from its own origin.
I thought frame-src 'self' blob: would do that but checking on checked on CSP evaluator the results are:
It shows 'self' & blob.
...
-1
votes
0
answers
15
views
How to Create a Custom passfilt.dll for Active Directory Password Policy Enforcement? [closed]
I need to create a custom passfilt.dll to enforce a more stringent password policy in our Active Directory (AD) environment. The default AD password policy is not sufficient for our security ...
0
votes
0
answers
25
views
Question about hashing for security research [closed]
So when a User sends a post request with login credentials to the server for the first time. The Server hashes the password and stores it. When the User logins in again with that password it gets ...
1
vote
1
answer
28
views
Spring Boot OAuth2 is redirecting to IDP on each unauthorized request
I have made an OAuth2 configuration in Spring Boot. It also works, especially when I make get requests via the browser URL and I am not yet authenticated, I am redirected to the IDP, I can log in and ...
0
votes
0
answers
6
views
Is rapid IP switchting available for attackers on TCP servers?
I'm working on a server implementation and I'm wondering how quickly attackers can switch ip addresses.
I know with UDP attackers can actually just send in whatever ip address they want, but with TCP ...
-2
votes
0
answers
27
views
Unexposed Cloudflare Workers APIs Being Accessed by Unknown IP Addresses (Hacker) [closed]
** MY Cloudflare worker APIS are being stolen**
A few months ago my desktop was hacked and most of my accounts were compromised including cloudflare. I retrieved the accounts changed passwords and set ...
-1
votes
0
answers
29
views
http Cookie is automatically sent on every server side request
I am trying to implement a authentication mechanism on nexjs server side. What i did is upon login the jwt token is saved in the cookie like this:
"use server";
import jwt from "...
-4
votes
0
answers
28
views
Best OS for Bastion Host [closed]
Could you please suggest the best Linux distribution for a bastion host from a security perspective?
0
votes
0
answers
18
views
Bitnami/Redis doesn't know why it was suddenly shut down [closed]
Hello everyone,
I'm encountering an issue with my Redis container, which shuts down unexpectedly after running for some time. I've checked the logs and found some unusual entries, but I'm not sure ...
-3
votes
0
answers
35
views
Python: basic example of input sanitization for sql queries
I'm a computer science student and I'm currently learning about writing secure code.
I came across a very simple function to sanitize the input:
import re
def my_sanitize(input_string):
...
0
votes
0
answers
11
views
Is there a way in the gradle build system to prevent all permissions of library dependencies from getting merged into application's manifest?
Recently, Google Play Billing library added Network related permissions, which are not really required for the billing functionality. See Google Play Billing Library 6.0 introduces the INTERNET ...
0
votes
0
answers
6
views
Tier 2 static scan CASA for laravel project
I need to verify laravel application that uses restricted api from gmail,
I need to provide CASA scanning test, I read that the tier 2 for static scanning is open source and I can do it by my self,but ...