Collaborate Disseminate
I am trying to implement JWT in a secure way in Node.js and I am unsure when to request the refresh token.
I got one access token and one refresh token. Both are saved in two httpOnly cookies. When the access token expires the refresh toke… Continue reading When to request refresh token? JWT
I want to create a minimal example where JavaScript injection/XSS is working. This is my example server:
const express = require("express");
const path = require("path");
const app = express();
const port = 3000;
Hello I am currently working in an e-commerce website and I am working in Authentication I read a lot of articles about how to secure the API and this the recap of what I did
when I log in or register I create 3 tokens (access-token, refr… Continue reading Confused about Authentication with JWT
I need to save very sensitive data from an Excelfile that the user uploads. The data will then be saved to mySQL. All is done in Node.js.
Now I wonder what is the most secure way to upload the file.
Should I use Multer (https://expressjs.c… Continue reading Uploading sensitive data, Should I user memoryStorage (buffer) or save and delete file?
I have an app which sends a user-email and a password to a server for verification using a post request:
$.post(server_url,{
email: user_email,
password: user_password,
action: requested_action_on_server
}, function(result){
/… Continue reading Is sending a Post from a node-je/electron app vulnerable to a man in the middle attack even if it is to an https website? [duplicate]
I’ve experienced a behavior where I would specify a header/parameter with a certain name in the request and send it to the Node application (using Postman/BurpSuite), but it doesn’t appear in the request body/headers in the application’s c… Continue reading Blacklisted Param/Header Names in NodeJS?
I am building a web app, which is made of a Node.js Backend and Angular (NOT AngularJS!!! I only used the tag, because Angular was not available..) Frontend.
How do I properly secure this app? I already have an idea to use JWT tokens (I al… Continue reading How to properly invalidate JWT tokens and sessions in this use case?
I built a small app to help me in some daily work tasks, the app can extract some html data from a website and process this data according to my needs. The issue is that the website requires authentication and the cookies expires every hou… Continue reading How to get the cookies from the backend of Meteor or Node js server [migrated]
I know there are a million things that might go wrong if I screw up the code, but is it possible for someone to literally walk to the server and download the .zip file that contains all the source code?
Continue reading How secure is Elastic Beanstalk’s source code?
I know there are a million things that might go wrong if I screw up the code, but is it possible for someone to literally walk to the server and download the .zip file that contains all the source code?
Continue reading How secure is Elastic Beanstalk’s source code?