A way to provide a TLS certificate that is not self-signed or using AWS private certificate authority

I need to secure the communications between my frontend and backend. My frontend resides in a PHP server owned by DonDominio (web hosting) and my backend in an instance in AWS.
My public web domain is .app so I’m forced to use a certificat… Continue reading A way to provide a TLS certificate that is not self-signed or using AWS private certificate authority

Does copying cookies allow attackers to view pages that should be visible only after login?

TLDR;
Copying the request from ChromeDevTools along with all cookies allows me to view pages that I should not be able to view after logging in.
Have I been pwned ?

I just found a terrifyingly easy way to view pages that should be visible… Continue reading Does copying cookies allow attackers to view pages that should be visible only after login?

Why would you use random algorithm for CSFLE if you can’t query the inserted data?

I think I really misunderstand something about data encryption. This guide (https://docs.mongodb.com/manual/core/security-client-side-encryption/#randomized-encryption) says the following:
"Encrypting the personal_information and phon… Continue reading Why would you use random algorithm for CSFLE if you can’t query the inserted data?