Collaborate Disseminate
I want to know whether or not Facebook Messenger calls can be intercepted and listened to by hackers.
Long story, but I went on a date with a girl who I then blocked immediately afterwards due to me suspecting she was a bit of a psychopath… Continue reading Can someone intercept my Messenger calls
There had been a mass email sent to students taking one class at my university. Would it be possible for them to track each one’s IP address if they were using websites or internet tool against the policy?
Let’s say that there were few stu… Continue reading Can university track students’ ip? [closed]
We have to protect a database connection string for a .NET desktop application that has an application-level database user. One option is to encrypt a section of the app.config using asp_regiis. But then every user of the application needs… Continue reading An intranet web app for decrypting values : a bad idea, and if so, why?
Is there a native way, that is, one not requiring the purchase of an expensive third-party obfuscator, that a .NET desktop client program, deployed to the users’ Windows desktops from a LAN server via ClickOnce, can store a symmetric key … Continue reading Can a symmetric key be safely embedded anywhere in a .NET desktop client program
Given an application which prints user-supplied values inside single quotes in a JavaScript context while escaping ‘ – but not \ -, is there a way to gain XSS without /?
Example code:
<script>
test(‘input1, fixed, input2’, ‘/so… Continue reading XSS: Escape the escape – How to deal with trailing single quote without comments in JavaScript context?
In development of a web service, I can use self signed server certificate for testing under HTTPS. How can we make a client (possibly run in the same host, but maybe a different host) work with the service in HTTPS?
On Ubuntu 18.04, I try… Continue reading How can I create and use self signed server certificate?
In HTTP The Definitive Guide
When you establish a secure web transaction through HTTPS, modern
browsers automatically fetch the digital certificate for the server
being connected to. If the server does not have a certificate, the
… Continue reading How does a web client check the signing authority of a server certificate? [duplicate]
https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-gunicorn-and-nginx-on-ubuntu-18-04#step-6-%E2%80%94-securing-the-application says for running a flask web application with gunicorn and nginx with https:… Continue reading Are the following two ways to obtain server certificates for web servers to host web applications?
Sorry for being still confused. I hope someone could share how they understand the following questions and also Is session/cookie based authentication stateful or stateless?. There might be some different terminologies used by different pe… Continue reading Token and cookie based mechanisms: stateful or stateless, session or nonsession based?
Flask Web Development says
The current login functionality implemented with the help of Flask-Login stores data
in the user session, which Flask stores by default in a client-side cookie, so the server
does not store any user-relat… Continue reading Is session/cookie based authentication stateful or stateless?