Collaborate Disseminate
Let’s say we have:
Publicly available HTTPS API (e.g. api.example.com). The web server that runs it uses a certificate from a publicly trusted CA (e.g. Let’s Encrypt) with both server auth and client auth usages.
A database using mutual T… Continue reading Is it a good idea to reuse certificate issued by public CA for internal database client authentication?
We placed a jump server in CDE to restrict the direct access to PCI in-scope devices (although I believe it should be outside CDE, please confirm)
Now, we have opened SQL ports 1433 and application ports from the jump server to the prod ho… Continue reading Ports open on jump server in CDE
There’s a website I have an account on, and I needed to change my username. They said they were unable to change that. I requested to just have my account deleted, and then I would create a new account with the same email (As the email I u… Continue reading Site "can’t" change username, why? [closed]
I’ve taken a pen-testing course and for the final certificate, I have to analyze a server and make a report regarding the vulnerabilities.
The server does multiple functionalities, It acts as a web application server ( as I can connect t… Continue reading The server acts as a database server , but there is no open port regarding that why?
I am setting up a postgres db that will never be used by humans. In fact, I really don’t need to know it myself ever. I assumed that just using a 256bit(64 alphanumeric chars) hash of a unix timestamp IE:
date +%s%3N | sha256sum
A very im… Continue reading Is a sha256 hash of a unix timestamp a strong password
There doesn’t exist a trustless voting system that retains anonymity – yet.
My idea is a name, which:
houses a tamper-proof DNS service, that
may require peer-to-peer grid-telecommunications, which is not my specialization.
This service … Continue reading How is anonymous voting possible without having to trust the government other than my solution? [closed]
I am building election technology for the international government consumer and would like to confirm the statistical meaning of having a device private key for voting, and with the following requirements:
I call it ArrayArrays
The matchin… Continue reading Would only a fully distributed database not already be at risk? [closed]
What is best practice for the encryption of offline application data?
I have an application where multiple users can log in. The user gets data from an internet API, where the user authenticates. I want to store some of the data, for examp… Continue reading Best practice to encrypt data on smartphone
I am working on a project where I want to store end-user private data, but immediately this brings up the trust question of why a user would trust me to hold their data. I don’t actually want to hold their data, but rather run an analysis … Continue reading Trustless Application Architecture for end-users with secure enclaves
I have a application where users can log in by providing a username or email address (both case insensitive) and a password. In the users table in the database, the relevant account information is stored in three columns lowercase_usernam… Continue reading What are best practices for finding an account in a SQL database during authentication? Is using `LIMIT 1` vulnerable to timing attacks?