50
votes
3
answers
1.7K
views
What is a retpoline and how does it work?
In order to mitigate against kernel or cross-process memory disclosure (the Spectre attack), the Linux kernel1
60
votes
8
answers
2.9K
views
Create new user in MySQL and give it full access to one database
I want to create a new user in MySQL and give it full access only to one database, say dbTest, that I create w
58
votes
4
answers
2.5K
views
SQL injection that gets around mysql_real_escape_string()
Is there an SQL injection possibility even when using mysql_real_escape_string() function? Consider this samp
61
votes
2
answers
2.6K
views
API Keys vs HTTP Authentication vs OAuth in a RESTful API
I'm working on building a RESTful API for one of the applications I maintain. We're currently lookin
54
votes
7
answers
1.7K
views
Firebase Permission Denied
I'm relatively new to coding and am having trouble. I have this code to send data to firebase app.useri
55
votes
9
answers
1.7K
views
How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?
With the new firebase cloud function I've decided to move some of my HTTP endpoint to firebase. Everythin
60
votes
5
answers
560
views
Why is JsonRequestBehavior needed?
Why is Json Request Behavior needed? If I want to restrict the HttpGet requests to my action I can decorate t
60
votes
28
answers
612
views
Transport security has blocked a cleartext HTTP
What setting do I need to put in my info.plist to enable HTTP mode as per the following error message? Tra
64
votes
9
answers
1.5K
views
Refused to load the script because it violates the following Content Security Policy directive
When I tried to deploy my app onto devices with Android system above 5.0.0 (Lollipop), I kept getting these ki
62
votes
16
answers
1.5K
views
Get current URL/URI without some of $_GET variables
How, in Yii, to get the current page's URL. For example: http://www.yoursite.com/your_yii_application/?l
64
votes
3
answers
1.5K
views
Why is there no same-origin policy for WebSockets? Why can I connect to ws://localhost?
I'd like to use WebSockets for inter-process communication for my application (Daemon<->WebGUI and
65
votes
8
answers
2.8K
views
How to construct a WebSocket URI relative to the page URI?
I want to construct a WebSocket URI relative to the page URI at the browser side. Say, in my case convert HTTP
60
votes
18
answers
442
views
Why is char[] preferred over String for passwords?
In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (retur
59
votes
8
answers
1.8K
views
Why does Google prepend while(1); to their JSON responses?
Why does Google prepend while(1); to their (private) JSON responses? For example, here's a response whil
55
votes
18
answers
3.1K
views
How can I sanitize user input with PHP?
Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS att
66
votes
14
answers
2.5K
views
Secure hash and salt for PHP passwords
It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which
53
votes
28
answers
1.1K
views
56
votes
4
answers
3.1K
views
What is the difference between CORS and CSPs?
From my perspective, the technologies referred to as Cross-Origin Resource Sharing (CORS) and Content Security
61
votes
4
answers
1K
views
Why is it common to put CSRF prevention tokens in cookies?
I'm trying to understand the whole issue with CSRF and appropriate ways to prevent it. (Resources I'
