Collaborate Disseminate
Tutorials I’ve come across about implementing magic link authentication (in Node) recommend a mechanism like this:
the user hits your endpoint with their email address
you generate a signed JWT from the email and the date using a constant… Continue reading Magic links: JWT vs random string
I’m new to Node.js and I have Node.js App with Vue. I use AWS S3 to server static JS file like app.XXXX.js manifest.XXXX.js vendor.XXXXX.js
So what is the security implication if a hacker can gain access to my S3 bucket and try to modify m… Continue reading Node.js static file security: What happens if hackers can control my bucket?
I use localhost for learning more coding, and I keep wondering the same question over and over again when I use Node.js:
Is it really safe?
Many, many people might have asked this. I would naturally want to put SSL HTTPS encryption on it, … Continue reading Are node.js, express, socket.io, localhost on http, and alike ACTUALLY secure? [closed]
Saw this in the journalctl for a service I have:
jul 29 12:39:05 ubuntu-18 node[796]: GET http://www.123cha.com/ 200 147.463 ms – 8485
jul 29 12:39:10 ubuntu-18 node[796]: GET http://www.rfa.org/english/ – – ms – –
jul 29 12:39:10 ubun… Continue reading Unusal GET requests in my nodejs journal – has my nginx/node been hacked?
I’m building a user authentication system in Nodejs and use a confirmation email to verify a new account is real.
The user creates an account, which prompts him/her to check the email for a URL that he/she clicks to verify the account.
It … Continue reading Suspicious behavior by Google when verifying users via nodejs
I have received an encrypted XML document, that contains
a. An encrypted session key – this was encrypted using my public key. I have succesfully decrypted this using:
const decryptedSessionKey = crypto.privateDecrypt(
{ key: privKey,… Continue reading How to extract IV from ciphertext in XML [migrated]
I tried setting iv or not setting iv, but encrypted messages were always different.
import CryptoJS from "crypto-js";
const iv = CryptoJS.lib.WordArray.create([0x20212223, 0x24252627, 0x28292a2b, 0x2c2d2e2f]);
const a = CryptoJS…. Continue reading How to generate the same AES encrypted message in crypto-js? [migrated]
When we are developing software applications, we design reusable components to apply the power and benefit of
reuse. Reuse is still an emerging discipline. It appears in many different forms from ad-hoc reuse to systematic reuse, and fro… Continue reading Custom Node Module Management using Private npm Registry Configured in Nexus Repository
In my node.js project, I’m using a several open source libraries and frameworks like – express, express-session, bootstrap 4.x etc.
I also have NGINX setup as reverse proxy. For this app’s website, I do not have any tracking added by goog… Continue reading Are tracking cookies from facebook, google, etc sneaked into open source projects?
I’m currently reading the following article and trying to exploit the vulnerability (Handlebars.js 4.1.1 Server Side Template Injection):
http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html
Sure enough, the … Continue reading Handlebars.js 4.1.1 Server Side Template Injection exploitation – running system commands with a Node.js RCE when require() is not available?