Collaborate Disseminate
Assumption a customer is sitting in a public area connected to a public wifi.
Step 1. example.com server sends the following information to trustworthy.external.domain over https:
redirectPath="https://www.example.com/public/endpoint… Continue reading Is encrypting a query parameter within a URI a security best practice?
This document has a sequence diagram (annotated and shown below) explaining how Stripe handle’s a Checkout Session.
My question : When a customer is returned to the successUrl = www.example.com/some/specific/path, how can www.example.com (… Continue reading how should a web application verify a redirect comes from a trustworthy source?
When a user logs in with their email/password combo and gets authenticated to our website, the backend sends the web browser an encrypted cookie based off of their memberId with us. While this encrypted cookie has not expired, the web bro… Continue reading How to properly migrate authentication cookies to using a new encryption scheme on a website while being backwards compatible?
If we upgrade to Amazon Cloudfront’s TLSv1.2_2021, how do we know if the 18 weak cipher suites listed below will no longer be used? The Security Policy Matrix does not seem to list them.
Our website currently uses TLSv1.2_2018 under Amazon… Continue reading What cipher suites are no longer support under Amazon CloudFront’s TLSv1.2_2021? [migrated]
Suppose I have the following 3 files with content:
file1.txt:
This is file1.txt. It is labeled red.
file2.txt:
This is file2.txt. It is labeled green.
file3.txt:
This is file3.txt. It is labeled blue.
Suppose these 3 files are sto… Continue reading How do I take advantage of a specfic user’s attributes to generate an encryption key pair on the fly to encrypt a file?