web service – Page 4 – WindowsTechs.com

Protect server-side key with client token

Posted on June 15, 2021 by Felipe

I’d like to encrypt some data on the server using a user-managed secret. I could just ask for a password and derive a key from that, but ideally I’d like to offer users the option of using a yubikey to safeguard the data. This way it would… Continue reading Protect server-side key with client token→

Why is CSRF protection only applicable to web services with browser clients? [duplicate]

Posted on May 18, 2021 by hotmeatballsoup

The Spring docs state:

Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disa… Continue reading Why is CSRF protection only applicable to web services with browser clients? [duplicate]→

CORS configuration for service with single browser client

Posted on May 18, 2021 by hotmeatballsoup

Please note: although I mention Spring Boot (and by proxy, Java) I believe this is a pure HTTP/web development question at heart, and as such, can be answered by anyone with CORS-configuration experience and zero Java experience!

I am con… Continue reading CORS configuration for service with single browser client→

Should a server set Expect-CT for a SOAP web service?

Posted on April 7, 2021 by Maicake

Should be the header Expect-CT be set by a server that exposes a SOAP web service over SSL?

Continue reading Should a server set Expect-CT for a SOAP web service?→

How to replace certain backup files on a website every 30 minutes?

Posted on April 3, 2021 by Arnold Rothstein

I have a website built with WordPress, unfortunately somebody hacked it several times, deleted my adsense code and put his own adsense.
I tried many security techniques, changed database name, did some stuff to prevent anybody from editing… Continue reading How to replace certain backup files on a website every 30 minutes?→

Hacking attemps from unkown source

Posted on February 16, 2021 by Sadmi

I’m running a docker container in Kubernetes cluster running in aws, I exposed the container through LoadBalancer service and limited access to it just to my ip address using aws security groups, but I still getting GET/POST requests that … Continue reading Hacking attemps from unkown source→

How do I serve a webpage on a local PC without revealing my IP-address to end users?

Posted on February 11, 2021 by infinitieunique

Are there any ways to serve a webpage locally without revealing IP to end users?

Continue reading How do I serve a webpage on a local PC without revealing my IP-address to end users?→

If our service health API shows the commit/service version, what are the risks?

Posted on February 9, 2021 by Limit

When working with cloud services and deployments, the load balancers often use a health endpoint to ensure that the service node is up and running and can take traffic.
To catch as many issues we can before serving the users, we stage our … Continue reading If our service health API shows the commit/service version, what are the risks?→

API key safety in front end app running in localhost

Posted on January 19, 2021 by u9kV-6J

I have been working on a front end (React) app that sends REST requests to an API end point. I am aware that sensitive items such as API keys should not be stored in front end frameworks (like React, for example),
BUT…
Right now, I am j… Continue reading API key safety in front end app running in localhost→

Strange identifier in web application [closed]

Posted on December 10, 2020 by RRRVIR

have you ever seen such an identifier followed by an application referencing objects?
/show?fuzzzltCfq8Geym-d0tKrto6Jzo-Md5Z8dIie0IWYqJOXi5-cn7DCk9OeqJ9mjJGM0sSozJKYxJRxXg==

Every request have random numbers and letters after ‘fuzzzz’.

… Continue reading Strange identifier in web application [closed]→