Collaborate Disseminate
Obviously any known vulnerabilities are not great, but I’m curious how much I should be concerned about them.
I’ve seen plenty of articles that talk about the rise in malware/spam in npm packages:
NPM malware attack goes unnoticed for a y… Continue reading How serious are npm module vulnerabilities?
With a simple firmware update, Kaluma puts a lightweight JavaScript runtime on the Raspberry Pi Pico (which uses the RP2040 microcontroller), providing handy modules for file systems, graphics, networking, and …read more Continue reading Kaluma Puts JavaScript on the RP2040
I am using bcrypt.js for basic login. I have found that the below code runs noticeably quicker when no user is found, since it exits immediately, and no check is done on the hash. This could give an attacker insight into whether a username… Continue reading Timing Attack using bcrypt.js
I’m hosting a simple MariaDB/mySQL server on my Raspberry Pi. I would like to know whether or not this code is secure enough to reject an injection attempt made by login/signup, etc.
function secureUnInject() {
const str = String(argumen… Continue reading What’s an example of a good uninjection in Node.js? (mySQL)
I found that one of our programs uses an sha256 implementation, that produces different hashes for same inputs, compared to standard libraries (in this case compared to node:crypto and Web Crypto API.
The hashes are different for character… Continue reading Implications of SHA256 implementation producing false / unexpected hashes
We are currently working on setting up new Android handheld devices (RF guns) to read/write to our SQL Server 2019 database and are at a fork in the road in deciding what to do. Both options below would work, but option 1 is a lot faster t… Continue reading Which is safer – using the sql_conn Flutter package or using a web server as a middle layer for requests against a SQL Server database?
I have a pretty standard web app (react client, node server), https-enabled.
I want to add the ability for the web app to access a device on the local LAN. The device has REST APIs and I can install a certificate in it to enable https.
He… Continue reading Certificate structure for accessing a local device from a web app
So the csurf middleware used in Node.js applications has been deprecated since Sept 2022 due to security vulnerabilities being discovered by Fortbridge in Aug 2022. However, it it still being downloaded almost as much now as it was 1 year … Continue reading Secure alternative to csurf npm package
I’ve read bits around this, but I am curious should I be worried. I constantly am getting hit with random GET and POST requests from I guess just bots crawling the web trying to find vulnerabilities.
You can see below, the POST /GponForm/d… Continue reading Random endpoint getting pinged constantly on my server [duplicate]