Collaborate Disseminate
A number of years ago now, still well into the 2000s, I was very naive. Especially in terms of computer security.
To make a long, painful story which I don’t even remember myself all too well, the basic gist is that I set up a FreeBSD ser… Continue reading Why did/does PostgreSQL, MongoDB and probably other database softwares allow such dangerous configurations?
I had a task to create a MiniCTF event in which I created a challenge to solve using SQLi. Now my final output that the database spits out has a left arrow character (<) in it. While displaying it, the database only prints everything be… Continue reading CTF: Special Character in MySQL Database [closed]
Two Harvard undergraduates completed a project where they went out on the dark web and found a bunch of stolen datasets. Then they correlated all the information, and combined it with additional, publicly available, information. No surprise: the result was much more detailed and personal. "What we were able to do is alarming because we can now find vulnerabilities in… Continue reading Collating Hacked Data Sets
I have a few VPS and Databases in GCP, I can access them by whitelisting my IP, but just few months ago my ISP rollout their CGNAT and I was affected. As far as I know CGNAT, allow multiple subscriber to have a single public IP.
Is still … Continue reading Is it safe to whitelist my public ip to a server, even I am behind CGNAT?
You know one of those news when someone says “thousands of users’ passwords and personal emails have leaked…”. It’s the type of stuff that I assume would be prevented if the emails were encrypted in the app’s logic, before storing them i… Continue reading Storing email addresses in plain text is okay?
Exposing primary keys is bad practice. How should I expose UUID or BIGSERIAL Primary Keys to clients — hashing, encoding, encrypting? For integers there are libraries like hashids, what about UUID?
Currently I have a Node JS project that uses the Spotify API. The project displays the users top played artists and tracks. I am following the Authorization Code Flow to obtain the access token. This access token will be used… Continue reading Storing third party API tokens in a database
When I add “All privileges” on the user. usually mean I should grand everything to the user.
Which basic secure privileges are needed to put it in website configuration?
Continue reading Database user management and privilege to put in website configuration [closed]
I’m on a website which have a program, there is a search input for keywords.
When I input & or < or > and search, it returns Got error ’empty (sub)expression’ from regexp error and when I input $ or ^ or .* I get all keywords at… Continue reading Is SQL Injection possible in this case (REGEXP)?
I’ve been in security for a while now but I’m relatively new to privacy. I’ve been studying differential privacy and its application to databases. However I’m still a little confused about where security and privacy intersect… Continue reading Is a differentially private SQL database relatively more secure from an SQL injection?