Collaborate Disseminate
I am trying to test a potential file upload vulnerability of a website. The website is based on a javascript framework. The website allows uploading images. Once the file is uploaded, the URL of the image is displayed as data:image/png;bas… Continue reading File Upload Vulnerability: Exploit local storage [closed]
I am currently working on a medium scale app and am a month into learning React. I got to the part where I need to authenticate users. I have written some code and It is working, but I don’t know is it secure enough. When my users login, … Continue reading Where to store token from auth header in React
I logged in to WhatsApp desktop (Windows) app while the "Linked Devices" feature was enabled in my phone (by scanning a QR Code). This creates "/Appdata/Roaming/Whatsapp" folder which contains some files and subfolders,… Continue reading Restore WhatsApp Session (Desktop app) in Another Windows installation
Today I have a web application that needs to store the user’s email and password, so that when he opens the login screen, the authentication is done automatically.
For this, our application saves the email and password in localStorage, unf… Continue reading Store login credentials securely with JavaScript [duplicate]
I am trying to figure out if the solution I am suggesting is valid for both XSS & CSRF protection,
I would like to store the JWT in an httpOnly & secure cookie and not in local storage,
when the user successfully logs in, he will g… Continue reading JWT cookie with CSRF token as a claim inside the JWT
My web app stores personal data about the user, but on the user’s phone only (HTML5 Local Storage). The data is never touched by any server or database. I can’t see the data. My server can’t see the data. I do not store it anywhere outside… Continue reading Does GDPR apply if my web app stores personal data on the user’s phone only? [migrated]
I know that HTTP requests made by the site get the browser’s localStorage for a site, and document.cookie is encrypted for HTTPs websites, but I’m still wondering the risk of storing sensitive information, because even if the hacker got th… Continue reading Cookies VS localStorage (JavaScript Security)
In other words: Does Safari’s "Prevent cross-site tracking" option effectively prevent cross-site tracking? (Is it for purpose?) I though it would work; are my expectations off?
Or, more specifically, I’m wondering: Why is Facebo… Continue reading Does Safari’s "Prevent cross-site tracking" option ACTUALLY prevent determined efforts at cross-site tracking? (By, e.g. Facebook)
I’m currently working on an existing PWA (Progressive web app) build in VUEJS. Currently i’m using Auth0 for user authentication and it works fine. But it seems a bit overkill and client finds it very hard to manage his users in Auth0 (mul… Continue reading Progressive web app, Access token storage
The recommended way of ensuring that data on a hard disk cannot be recovered is to destroy it physically, for example using a hammer, drill or even thermite.
Question
When physical disk destruction is not an available option, what is the n… Continue reading How to best prevent data recovery on a disk drive without physically destroying it? [duplicate]