Collaborate Disseminate
In my rich client, I escape user-provided data before rendering to prevent XSS.
The data comes from the server unescaped. That is necessary for application logic, e.g., avoiding situations where I mistakenly check “O&… Continue reading How do I prevent XSS in direct access to AJAX/JSON APIs?
What is the difference between using a JSON Web Token (JWT) and simply having an AES key and sending and receiving encrypted JSON from the client?
For example, this could be sent to the client:
AES256.encrypt(JSON.stringify({id: 5552, a… Continue reading What is the difference between JWT and encrypting some json manually with AES?
Other than sql query injection (which can be parsed out) are there any vulnerabilities from directly parsing Json objects (without any schema validation) into ORM / Eclipselink objects and then using the entity manager to per… Continue reading Vulnerabilities using eclipselink to persist Json objects
I’m aware there’s quite a few other questions on this but I’m still feeling confused about how/if our particular setup is vulnerable to a CSRF attack.
How things are currently setup:
we have api.example.com that communicate… Continue reading CSRF with a CORS JSON API
In the final part of this series, Russell Smith shows you how to use the code I created in the previous two installments to provision the resources in Azure.
The post Infrastructure-as-Code Part 3: Deploy Active Directory and Certificate Services in Azure appeared first on Petri.
In this three-part series, Russell Smith discusses how he deployed an Active Directory forest with 2 domain controllers and a member server running certificate services in Microsoft Azure.
The post Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 1 appeared first on Petri.
Currently I have a native PC application that builds and uploads a configuration to an embedded Linux device (i.e. the client). This device connects to Google Calendar via their OAuth2 API. The configuration requires:
A res… Continue reading Is there a good way to store OAuth2 tokens for a native application?
In part two of this series on deploying Active Directory and a member server running certificate services in Microsoft Azure, Russell Smith shows you how to add a PowerShell Desired State Configuration resource to the project.
The post Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 2 appeared first on Petri.
I want to pass a PHP string directly to a JavaScript variable and keep the load on the server to a minimum. I have the following JavaScript in an PHP file for doing this:
<!DOCTYPE html>
<html>
…
<body>
… Continue reading Passing PHP code directly into JavaScript in HTML5
Scenario: I have a to-do list that is generated with JavaScript using JSON that was encoded on the server side. I put the todo item id in the HTML id attribute. So the process goes like this:
Server side code creates a tod… Continue reading Important data can be modified from the developer console. What should I do?