Collaborate Disseminate
In the node.js express.js framework there is middleware support. Let’s assume I have two middleware – the first one, which verifies whether the JWT token is legit and not tampered with and the second middleware which doesn’t verify anymore… Continue reading Can the data between Express.js middleware be manipulated/tampered in any way?
So I wrote the following logic for my web app:
When a user interacts with the website it initiates a Backend call. In the backend every endpoint has multiple middlewares, of which there is a JWT verification step, if it succeeds it goes to… Continue reading Is there any danger in refreshing JWT tokens directly without a refresh token?
Our threats are: PHI (Protected Health Information) potentially being stolen and used to blackmail the corresponding gov bodies and persons by either a man in the middle or an internal malicious cloud provider employee.
Our goal is: protec… Continue reading Storing sensitive data partially in the cloud using the blockchain and on the private IPFS cluster on-premises?
When generating a certificate what would more secure – generating a self-signed certificate using PGP or using a public CA like Let’s Encrypt? We are using it for signing and encrypting.
What are the advantages and disadvantages?
Continue reading Are self-signed certificates better for local usage?
We are trying to encrypt files in a manner that they can be completely secure in an insecure environment (like a public cloud). We’re talking about military grade secure.
The data should be so secure in the public cloud, that the employees… Continue reading Secure data (+ private key) storage in an insecure public cloud environment
Can the API keys somehow be accidentally exposed?
Are there any other dangers that this approach could entail?
For my web app, I hardcode a reverse DNS detection for common web crawlers. And for detecting them I use their Reverse DNS, which I always check whether it includes i.e. google.com. My questions would be:
Can this be a possible security f… Continue reading Can this logic with regard to checking Reverse DNS records be flawed?
In the current day and age we have the problem of malicious/spam crawlers and similar concerns.
My suggestion would be implementing cookie support for crawling and by that I mean giving specific cookies with crawler ID (at best refreshed u… Continue reading Why can’t you give special security cookies to a specific crawler so that they could securely crawl the website?
Since SVG files can have JavaScript, which would get executed is it a potential threat for malware, tracking scripts and similar stuff?
Continue reading Can SVG be a potential threat for tracking scripts and similar?
Are files put into the Pages/Shared folder public to the whole WWW if the website is hosted publicly? I am asking since I want to implement a partial view load thru a controller and want to know whether it’s secure.
I am using ASP.NET Core… Continue reading ASP.NET Core – are files put in the Shared folder under Pages (where the Razor pages reside) publicly accessible?