Collaborate Disseminate
I’m having a discussion at work and I want to know the opinion of the community and know if I’m wrong or not.
We have a product that runs on client computers (on-premises) and it uses a local database to store some customer data. We have a… Continue reading Encryption database on app that runs on client side
I have the APK of an application and analyzed it using MobSF static analysis. It says the application talks with Firebase Database and provides a URL.
Obviously, the URL is not accessible.
I am new to this so trying to find tools from GitH… Continue reading How to Scan Firebase Database?
So say you are developing multiple different projects for different clients and want your developers to use postgres on their development machine (i.e. localhost connection in the development environment). Does one add much/anything, from … Continue reading Is there much practical security value in using passwords/usernames for postgres instances used on development machines?
I was able to hack into a vulnerable database that i downloaded from vulnhub.com and here comes the problem.
I am using kali linux and i got access to the database using metasploit.
There are a lot of folders/files in that database and it … Continue reading Once in, then what?
I am implementing a system where I need to store passwords in a database (hashed and all). My issue is that the business side requires me to not enforce any constraint on them except length (8 characters minimum), but highly advise to use … Continue reading Storing weakness level of passwords
Say I develop an application, and when a user performs a specific set of actions it will send a request to my database telling it to increment a variable (that represents the total number of times users have performed this set of actions)…. Continue reading Is it possible to make sure only my app uses my database?
I would like to store my DB password in Java .property file and encrypt it using Jasypt. But from what I see, it just moves the problem from hiding the DB Password to hiding the encryption password.
I thought of using environment variable … Continue reading How to Securely Store Database Password in Java .properties File
So I’m a complete novice in security practices, and an amateur web developer. I have a personal website connected to a personal DB. Currently there is nothing in this DB that would be useful to anyone but me, and I wouldn’t care if any of … Continue reading Manage passwords from my personal website
The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization.
Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of Bashkortostan is in the west of the country.
[…]
The data is split into two main categories: a series of over 360,000 files totalling in at 526.9GB and which date up to as recently as March 5, and then two databases that are 290.6GB in size, according to Distributed Denial of Secrets’ website…
I’m not too familiar with cryptography in general, nor the cryptography library in question. My question is if the following method would be a relatively secure way of storing an encrypted key/secret/password in a database as long as the e… Continue reading Python method for safely storing data on database using local decryption key