client-side – Page 2 – WindowsTechs.com

CSP for Single Page App: Use client-side nonce for securing iframe content

Posted on February 7, 2023 by DarkTrick

Goal I’d like to tighten my Content Security Policy.
Situation
I have a single page react application (= All code and styles are bundled together into a bundle.js file). The file is simply placed on a file storage server (Concrete: S3 buck… Continue reading CSP for Single Page App: Use client-side nonce for securing iframe content→

client side certificate installed on ios 16 are not being sent by browsers on that device when a server requests for a identity cert

Posted on January 4, 2023 by Muhammad Ebrahym

I have a client side certificate from cloudflare (non-root) that i install on our devices in order to gain access to our sites that ask for a client side certificate from browsers. This works perfectly well on desktop browsers on linux, wi… Continue reading client side certificate installed on ios 16 are not being sent by browsers on that device when a server requests for a identity cert→

What are the most common client info when accessing website?

Posted on December 24, 2022 by Muhammad Ikhwan Perwira

I want to know client information when accessing my website as an identifier so I can filter who are deserve to access my website.
So far I only know this useful information from client those are User-Agent and Client Public IP Address.
Wh… Continue reading What are the most common client info when accessing website?→

Are there any reasons to forbid employees from using desktop email clients?

Posted on November 17, 2022 by John Doe

Corporate email services often use web-based solutions like gmail or office365.
Is there any valid security concern in allowing third party email clients if two factor authentication
is enabled on the email accounts?

Continue reading Are there any reasons to forbid employees from using desktop email clients?→

Logging secrets in the user agent (browser)

Posted on November 14, 2022 by Marek Puchalski

There are sound reasons not to put any secrets, PII or other sensitive information into the logs on the server side (see OWASP ASVS V7).
But should the same rule apply on the client side? Is there a sound reason we should prohibit devs fro… Continue reading Logging secrets in the user agent (browser)→

Client CA certificate & RADIUS

Posted on November 8, 2022 by Quirik

when my client tries to authenticate with Radius servers it gives following error:
unable to get local issuer certificate
As per my understanding, this is a trust chain problem or, in other words, my client is missing the CA certificate.
W… Continue reading Client CA certificate & RADIUS→

Is _ga, _gid, _incap_ses, _visid_incap, _fw_crm_v, nlbi_, ai_session and ai_user cookies first must be store on a server side? [closed]

Posted on November 8, 2022 by user285220

I didn’t find anything related to this. Help out here a little.

Continue reading Is _ga, _gid, _incap_ses, _visid_incap, _fw_crm_v, nlbi_, ai_session and ai_user cookies first must be store on a server side? [closed]→

Client-Server: How wrong is this kind of request? [closed]

Posted on November 7, 2022 by thePOOOISE

Pseudocode: https://pastebin.com/riecfFu4
CLIENT CODE:
function Login()
{
form f = {username, password};
WWW request = SendRequest("https:/…/login.php", f);

wait request;

if(request.error != NULL || request…. Continue reading Client-Server: How wrong is this kind of request? [closed]→

On the gains and losses of an additional client side stretching of the user password

Posted on August 4, 2022 by Margaret Bloom

Picture a state of the art implementation of a website registration and login system.
I’m interested in analyzing what a defender gains and loses by feeding the user password to a key-stretching KDF function (e.g. argon2).
Let’s start from… Continue reading On the gains and losses of an additional client side stretching of the user password→

On the gains and losses of an additional client side stretching of the user password

Posted on August 4, 2022 by Margaret Bloom