Collaborate Disseminate
As part of TLS1.3 handshake client hello sent containing the TLS1.3 version support as part of suppored_versions extension, consider if as part of server hello supported_versions extension is not present, but Legacy_version is set to 0x030… Continue reading In TLS1.3 server hello can the legacy version field set to 0x0304
I work remotely and I have a company provided cisco gateway device and a thin client that I can use to login into my company’s citrix server. I’ve only ever logged in via the gateway/thin client at my apartment. Recently, I’m in the middle… Continue reading If using a company provided cisco gateway and thin client, can they see IP address? [closed]
Can I setup and enforce additional WiFi connection (and password) requirements on managed laptops using Windows or MacOS?
Such as:
blocking (or entirely hiding) the option to connect to open networks
blocking (or entirely hiding) networks… Continue reading Can I setup and enforce additional WiFi connection (and password) requirements on managed laptops using Windows or MacOS?
Is it okay to upload .env files containing client ID and client secret to elastic beanstalk? If not, what is the risk involved? How would one access those files?
I’ve read about this but I don’t fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that are not trusted with a client secret.&qu… Continue reading Public client or Confidential client: should I generate a client secret?
I see why it is obviously bad to store a secret key and client ID in the source code for a web application. However, how do you go about the alternative? Surely, that information has to be stored somewhere. Is it stored in a local text fil… Continue reading What does it mean to store secret keys as an "environment variable" as opposed to hardcoded in the source code?
Is there any way to reliably identify the referring site on modern browsers (not considering manual HTTP requests outside of a browser e.g. cURL, etc.)?
Referrer header will not work because the referring site could just set Referrer-Polic… Continue reading How to reliably identify referrer on client browser?
A custodian bank has a client which is an investment arranger.
The funds of the investment arranger’s clients are held at the custodian.
The custodian has flagged one of the investment arranger’s clients as being an AML risk and has now fr… Continue reading AML information on the beneficial owner for clients of a custodian
In an SSO scenario (it’s Azure Active Directory specifically, but conceptually I’m not sure it matters), I obtain a token that then allows my application to impersonate the user to access resources – for example an Azure storage account wi… Continue reading Sending Client-Acquired SSO Token to My API Server to Access Firewalled Resources Under User Identity
How would you enforce user PC to only connect to a given network?
Answers need to be OS agnostic.
One weak solution could be to set client-side firewall rules to only allow communications with legit_IP_allowed_network, but this will not pr… Continue reading How would you enforce user to only connect on a given network?