Questions tagged [security]
Topics relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE: https://security.stackexchange.com
security
56,594
questions
0
votes
0
answers
8
views
Android Emulator detection is not working for some devices
I have a piece of native code with C in my Android project for detecting emulators. It works perfectly for detecting all Emulators but some real devices are detected as vulnerable too. How can I ...
0
votes
0
answers
15
views
Unable to execute Google Classroom API script due to possible threat detection
I work in the ICT department of a university. At the beginning of each semester, I need to create Google Classroom courses and enroll members based on the university's course data. I have been using a ...
0
votes
0
answers
26
views
Incorrect redirect to /login causing issues
I keep running into an error on my first React-Spring Boot project that I just cannot work out.
I have an Auth Controller that sets a user session on successful login - which it does. I am getting the ...
1
vote
0
answers
18
views
Is it appropriate for an application (SPA) to pass an "extra" access token to a backend service (so that service can call other services)?
I have a web application (SPA), which we'll call A. This application calls an API service (that I control), which we'll call B. Service B uses OAuth authentication, and trusts an issuer I.
In my ...
0
votes
0
answers
18
views
How to install CDO on Alpine:3.20 docker image
I am trying to set up a Docker container based on Alpine Linux.
The container needs to have Python 3.12.4 installed with Dask and Zarr. I had to install it from the source, and it went well. However, ...
0
votes
0
answers
11
views
What is the meaning of frame-src 'self' blob:?
I want to restrict my site to blob: only from its own origin.
I thought frame-src 'self' blob: would do that but checking on checked on CSP evaluator the results are:
It shows 'self' & blob.
...
-1
votes
0
answers
17
views
How to Create a Custom passfilt.dll for Active Directory Password Policy Enforcement? [closed]
I need to create a custom passfilt.dll to enforce a more stringent password policy in our Active Directory (AD) environment. The default AD password policy is not sufficient for our security ...
0
votes
0
answers
25
views
Question about hashing for security research [closed]
So when a User sends a post request with login credentials to the server for the first time. The Server hashes the password and stores it. When the User logins in again with that password it gets ...
1
vote
1
answer
29
views
Spring Boot OAuth2 is redirecting to IDP on each unauthorized request
I have made an OAuth2 configuration in Spring Boot. It also works, especially when I make get requests via the browser URL and I am not yet authenticated, I am redirected to the IDP, I can log in and ...
0
votes
0
answers
6
views
Is rapid IP switchting available for attackers on TCP servers?
I'm working on a server implementation and I'm wondering how quickly attackers can switch ip addresses.
I know with UDP attackers can actually just send in whatever ip address they want, but with TCP ...
-2
votes
0
answers
29
views
Unexposed Cloudflare Workers APIs Being Accessed by Unknown IP Addresses (Hacker) [closed]
** MY Cloudflare worker APIS are being stolen**
A few months ago my desktop was hacked and most of my accounts were compromised including cloudflare. I retrieved the accounts changed passwords and set ...
-1
votes
0
answers
30
views
http Cookie is automatically sent on every server side request
I am trying to implement a authentication mechanism on nexjs server side. What i did is upon login the jwt token is saved in the cookie like this:
"use server";
import jwt from "...
0
votes
0
answers
18
views
Bitnami/Redis doesn't know why it was suddenly shut down [closed]
Hello everyone,
I'm encountering an issue with my Redis container, which shuts down unexpectedly after running for some time. I've checked the logs and found some unusual entries, but I'm not sure ...
-3
votes
0
answers
36
views
Python: basic example of input sanitization for sql queries
I'm a computer science student and I'm currently learning about writing secure code.
I came across a very simple function to sanitize the input:
import re
def my_sanitize(input_string):
...
0
votes
0
answers
11
views
Is there a way in the gradle build system to prevent all permissions of library dependencies from getting merged into application's manifest?
Recently, Google Play Billing library added Network related permissions, which are not really required for the billing functionality. See Google Play Billing Library 6.0 introduces the INTERNET ...