Collaborate Disseminate
A lot of the web is moving to HTTPS, which to my understanding does two things: Making the data unreadable by third parties, and verifying it’s coming from the expected sender.
The latter seems unarguably good, but the first also has some … Continue reading Signed but Unencrypted HTTP Traffic
I’m currently reading about resource record in the Domain Name System (DNS), in particular about the Time to live (TTL) aspect of start of authority records (SOA) records. It seems to me that the TTL was firstly defined in RFC 1034 and la… Continue reading Does the Time-To-Live (TTL) value of DNS records have any security implications?
In other words: Does Safari’s "Prevent cross-site tracking" option effectively prevent cross-site tracking? (Is it for purpose?) I though it would work; are my expectations off?
Or, more specifically, I’m wondering: Why is Facebo… Continue reading Does Safari’s "Prevent cross-site tracking" option ACTUALLY prevent determined efforts at cross-site tracking? (By, e.g. Facebook)
I’ve set up a firebase passport strategy on a NestJS server which works fine, but I did not like the long load times it would incur on all requests that went through it. So I decided to cache decoded tokens until they are expired, and this… Continue reading Is it bad practice or major security risk to cache decoded auth tokens in my backend?
I have researched and understood that Cache-Control: no-cache is not sufficient alone to absolutely prevent caching, but what about Cache-Control: no-store alone? Since it will not allow storing of cache anywhere, this seems to be enough f… Continue reading Is Cache-control: no-store enough to prevent caching?
Can nginx do HTTPS content caching if used as tunnel/caching proxy? If yes, how?
For the usual reasons we want to cache certain resources browser side, e.g. list of products bought in the past.
Context is a web application, accessed via the internet.
This list is confidential in my case, and I want to mitigate the case… Continue reading How can I protect browser cached files to be accessed in a case of a stolen hard drive?
We have a web application that stores cached information in browser (both is firefox and chrome).
When we subjected it to Penetration Testing, a finding was filed saying that "Senstive Data such as Database Name, Storage and Version w… Continue reading Local IndexedDB in Browser – is it really a security risk?
If I wanted to visit a sketchy website and was able to block attempted caches from it, wouldn’t this make our browsing a lot safer?
Continue reading Why doesn’t Google Chrome allow us to block caching on certain websites?
Google today announced the launch of Apigee X, the next major release of the Apgiee API management platform it acquired back in 2016. “If you look at what’s happening — especially after the pandemic started in March last year — the volume of digital activities has gone up in every kind of industry, all kinds […] Continue reading Google Cloud launches Apigee X, the next generation of its API management platform