Is it OK for Electron app to store source code in sqlite database and than later execute using `new Function`
The application I'm working at the moment requires to store some source code on the client's machine, so it could be executed later. So I chose to store it in the sqlite database and than execute it ...
I can't auto login user after registration in spring boot
when i registrate user my project throws stackOverFlowError, but user is saved to database.I also have registration form. Here is my registration controller: @PostMapping("/register-user") ...
stackoverflow.com
How to send a HTTP Cookie using the Set-Cookie header over a HTTP connection?
I'm developing the backend for a web application using the Java Spring Framework and Spring Security. I'm trying to create a login system using JWT, by sending the JWT access token from the server to ...
Ways to allow inline script for script-src CSP header without using nonce/hash/unsafe-inline
Is there any way that allows inline script for script-src CSP header without using nonce/hash/unsafe-inline ? Since our project is huge and there are multiple areas where inline script is present We ...
stackoverflow.com
Is it safe to use the `Function` constructor to validate JavaScript syntax?
I would like to verify (client-side) that the user has entered valid JavaScript code. Pulling in a Javascript parser (e.g. Acorn or Esprima) is a relatively heavy dependency. However (if CSP is not ...
reCAPTCHA cookie is not being passed for subdomains, only the domain where the reCAPTCHA is being set
Domains are fictional :) I have a website hosted at: app.sunsetland.com.au In that website, on one page I <embed> another website which is hosted at subdomain.sunsetland.com.au Our GCP Cloud ...
stackoverflow.com
I'm making a program to prevent discord token theft
I'm making a program to prevent discord token theft. And I have a question, how do all these viruses get the discord token from the discord application? What files do they download it from and how do ...
Unable to execute Google Classroom API script due to possible threat detection
I work in the ICT department of a university. At the beginning of each semester, I need to create Google Classroom courses and enroll members based on the university's course data. I have been using a ...
Android Emulator detection is not working for some devices
I have a piece of native code with C in my Android project for detecting emulators. It works perfectly for detecting all Emulators but some real devices are detected as vulnerable too. How can I ...
Incorrect redirect to /login causing issues
I keep running into an error on my first React-Spring Boot project that I just cannot work out. I have an Auth Controller that sets a user session on successful login - which it does. I am getting the ...
How can I prevent post variables from appearing in the Yii2 log when I call warning() or info()?
I am maintaining an app built in Yii2, and I want to use Yii::warning() to write log messages. This is fine except when I'm logging events in the user login sequence. The username and password are ...
How to generate test alert/incident in "Microsoft 365 Defender" portal for test purpose?
I want to generate test alert in "Microsoft 365 Defender" portal. I have tried to login "portal.azure.com" and "outlook.office.com" from tor browser; and I was expecting ...
stackoverflow.com
Is it appropriate for an application (SPA) to pass an "extra" access token to a backend service (so that service can call other services)?
I have a web application (SPA), which we'll call A. This application calls an API service (that I control), which we'll call B. Service B uses OAuth authentication, and trusts an issuer I. In my ...
Best tools for Thick Client Penetration Testing
I am looking for Application Security Testing (Penetration Testing) of Thick Client Applications. I know of Echo Mirage and ITR as good tools to test these kinda applications. Does anyone know of ...
jenkins assign roles to views
I have a Jenkins, which is integrated with AD, using Global Security. I know already, that I can assign, with Role Strategy Plugin, role-based access for some AD users\groups to particular projects. ...
How can I detect an overposting attack in ASP.MVC during model binding?
I want to determine if a user is attempting an overposting attack in Asp.NET MVC. How can I determine if someone is sending special values (via Fiddler for example) to my controller? Note the "...
stackoverflow.com
How to install CDO on Alpine:3.20 docker image
I am trying to set up a Docker container based on Alpine Linux. The container needs to have Python 3.12.4 installed with Dask and Zarr. I had to install it from the source, and it went well. However, ...
stackoverflow.com
How to allow SELECT queries and prevent others?
In our application, users can create custom export functions in form of SQL statements. Something like this: SELECT name, age, date_birth FROM users WHERE group_id = 2 I don't want them to clear the ...
How to calculate BLE SC Pairing Confirm Value for Passkey Entry in Python?
I'm implementing some Bluetooth Low Energy functionalities in Python. In the pairing process there is a Pairing Confirm Value like specified in Bluetooth Core Specs 5.3 page 1604 and 1562f. I have the ...
stackoverflow.com
Unable to install jimp library through npm bcz of vulnerabilities checks
phin <3.7.1 Severity: moderate phin may include sensitive headers in subsequent requests after redirect - https://github.com/advisories/GHSA-x565-32qp-m3vf fix available via npm audit fix --...
What is the meaning of frame-src 'self' blob:?
I want to restrict my site to blob: only from its own origin. I thought frame-src 'self' blob: would do that but checking on checked on CSP evaluator the results are: It shows 'self' & blob. ...
What does "wsse:InvalidSecurity" mean?
An error was discovered processing the <wsse:Security> header This is a WS-Security question btw... I can't see anything wrong with my WS endpoint (apart from the fact that it's running in a ...
stackoverflow.com
What is the alternate to PasswordDigest when clear text password is not stored on the web-service producer?
Scenario: Web-service producer have only SHA-1 hash of passwords stored in database. We need to authenticate Web-service users using User Name/Password combination. Web Services Security ...
stackoverflow.com
WCF: Web Service Login / Authentication: HowTo?
We have a web service (WCF in C#) that has been used on an intranet until now. Going forward we want to open it up to the internet. Obviously we are concerned that naughty people cannot access the ...
Spring Boot OAuth2 is redirecting to IDP on each unauthorized request
I have made an OAuth2 configuration in Spring Boot. It also works, especially when I make get requests via the browser URL and I am not yet authenticated, I am redirected to the IDP, I can log in and ...
stackoverflow.com
If I have already a HTTPS can I use wss, or I need to pay additional fee?
I'm wondering if I have to pay additional fee, if I already bought a HTTPS.
Is it possible to force socket.io to use wss instead of ws, without having to change to https?
I have been trying to setup a server where users can send sign in using websockets, but I don't want to do this using ws. I want to be able turn on wss without having https. Sadly, there aren't any ...
stackoverflow.com
websocket secure connection wss://localhost:443/ not making a connection to server
I have a client server application, but when I try to make a WSS connection, it gives me an error. static void Main(string[] args) { Connect("wss://localhost:8080/...
Is rapid IP switchting available for attackers on TCP servers?
I'm working on a server implementation and I'm wondering how quickly attackers can switch ip addresses. I know with UDP attackers can actually just send in whatever ip address they want, but with TCP ...
Can we test injection attacks in API parameters with Zap?
Can we test injection attacks in API parameters with Zap tool? With Zap I am trying to scan APIs. Provided Bearer token with a script and Swagger API definition file. I am getting results related to ...
Email Updates
Log in to receive emails of new questions in this filter. You can receive emails every 15 minutes, every 3 hours, or daily.These users asked the most upvoted questions on this page
