Collaborate Disseminate
I have made a website to control a couple of things at home. I haven’t bought any domain, since this is just going to be for myself.
Right now, I use my public IP address and a port to access my website, however, this can only be done at h… Continue reading Node.js website security for personal use [closed]
I’m writing a simple crawler with node.js, which searches for web pages and conditionally executes any JavaScript present.
The problem is that in doing so, I execute code form untrusted sources in my node.js environment. Can running untrus… Continue reading Threats that JavaScript poses to a web crawler
I’m writing a simple crawler with node.js, which searches for web pages and conditionally executes any JavaScript present.
The problem is that in doing so, I execute code form untrusted sources in my node.js environment. Can running untrus… Continue reading Threats that JavaScript poses to a web crawler
I am building an application and I want users to be able to log in from multiple devices without logging out of other devices.
How should I implement this functionality?
I am using Jwt token for authentication and MySQL database for storin… Continue reading How to enable multiple logins from the same user at the same time on different devices? [closed]
This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. Continue reading LofyLife: malicious npm packages steal Discord tokens and bank card data
I want to hash email addresses so that they are anonymous but still unique in my database. I was thinking of using scrypt for this and creating the salt as a sha256 of some secret stored on the server + their email address. Implementation … Continue reading Hashing email addresses using scrypt
I have a problem where I have too many vulnerabilities on a few hundred repositories introduced with outdated npm packages. The issue is that I need to find a way to prioritize this. The biggest pain in the butt for me is that the engineer… Continue reading Is there a way to check if vulnerability introduced by npm package is reachable/exploitable
I have seen multiple projects committing .npmrc file along with rest of the files. Are the auth credentials npm credentials? What is the risk if an attacker gets hold of the credentials? As npm requires 2 factor auth is the risk low?
… Continue reading What is the risk of committing .npmrc file and exposing to the world?
In a database table, I was running some phone number validations and I noticed that some unicode characters were inserted in a phone number field.
The characters are:
(U+202C): Pop Directional Formatting
(U+202D): Left-to-Right Override
I’ve been thinking about security practices for a personal project where I would create content on a Notion account and have a Node.js middleware server that’ll act as a REST API that allows anybody to access that Notion content while prot… Continue reading Security Practices for a React App – Node.js – Notion REST API Pipeline