Tag: security

50 votes
3 answers
1.7K views
What is a retpoline and how does it work?

In order to mitigate against kernel or cross-process memory disclosure (the Spectre attack), the Linux kernel1

avatar
Gigi
0 1 0 9
asked 07 September, 2021
60 votes
8 answers
2.9K views
Create new user in MySQL and give it full access to one database

I want to create a new user in MySQL and give it full access only to one database, say dbTest, that I create w

avatar
Emilia
0 1 0 9
asked 07 September, 2021
58 votes
4 answers
2.5K views
SQL injection that gets around mysql_real_escape_string()

Is there an SQL injection possibility even when using mysql_real_escape_string() function? Consider this samp

avatar
Don
0 1 0 9
asked 07 September, 2021
61 votes
2 answers
2.6K views
API Keys vs HTTP Authentication vs OAuth in a RESTful API

I'm working on building a RESTful API for one of the applications I maintain. We're currently lookin

avatar
Hilario
0 1 0 9
asked 07 September, 2021
54 votes
7 answers
1.7K views
Firebase Permission Denied

I'm relatively new to coding and am having trouble. I have this code to send data to firebase app.useri

avatar
Dorinda
0 1 0 9
asked 07 September, 2021
55 votes
9 answers
1.7K views
How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?

With the new firebase cloud function I've decided to move some of my HTTP endpoint to firebase. Everythin

avatar
Fabian
0 1 0 9
asked 07 September, 2021
60 votes
5 answers
559 views
Why is JsonRequestBehavior needed?

Why is Json Request Behavior needed? If I want to restrict the HttpGet requests to my action I can decorate t

avatar
Sena
0 1 0 9
asked 07 September, 2021
60 votes
28 answers
611 views
Transport security has blocked a cleartext HTTP

What setting do I need to put in my info.plist to enable HTTP mode as per the following error message? Tra

avatar
Luis
0 1 0 9
asked 07 September, 2021
64 votes
9 answers
1.5K views
Refused to load the script because it violates the following Content Security Policy directive

When I tried to deploy my app onto devices with Android system above 5.0.0 (Lollipop), I kept getting these ki

avatar
Carmelina
0 1 0 9
asked 07 September, 2021
64 votes
3 answers
1.5K views
Why is there no same-origin policy for WebSockets? Why can I connect to ws://localhost?

I'd like to use WebSockets for inter-process communication for my application (Daemon<->WebGUI and

avatar
Shantay
0 1 0 9
asked 07 September, 2021
60 votes
18 answers
442 views
Why is char[] preferred over String for passwords?

In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (retur

avatar
Chelsea
0 1 0 9
asked 07 September, 2021
59 votes
8 answers
1.8K views
Why does Google prepend while(1); to their JSON responses?

Why does Google prepend while(1); to their (private) JSON responses? For example, here's a response whil

avatar
Shantay
0 1 0 9
asked 07 September, 2021
55 votes
18 answers
3.1K views
How can I sanitize user input with PHP?

Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS att

avatar
Trudy
0 1 0 9
asked 07 September, 2021
66 votes
14 answers
2.5K views
Secure hash and salt for PHP passwords

It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which

avatar
User demo
0 1 0 9
asked 07 September, 2021
53 votes
28 answers
1.1K views
56 votes
4 answers
3.1K views
What is the difference between CORS and CSPs?

From my perspective, the technologies referred to as Cross-Origin Resource Sharing (CORS) and Content Security

avatar
Leonardo
0 1 0 9
asked 07 September, 2021
61 votes
4 answers
1K views
Why is it common to put CSRF prevention tokens in cookies?

I'm trying to understand the whole issue with CSRF and appropriate ways to prevent it. (Resources I'

avatar
Wei
0 1 0 9
asked 07 September, 2021