Posts tagged security
It would seem that the C standard library is a collection of diverse functions that pretty much just ended up in the standard by tradition or "accident", rather than through some careful plan or ra...
I manage a wsgi application that accepts JSON data via POST from potentially untrusted sources. Normally it is treated as a text blob and never parsed, but there is a value in the expected input th...
I work for an IoT company. We recently got secure boot to work for a customer-visible product. For secure boot to work, the images we generate must be signed. Obviously, we want customer-visible sy...
Many web login and contact form features could be set as standard HTML builtins without the need to develop and backend and/or (non HTML) frontend for them, for example: Select field Input Date...
As I don't have any significant experience with internationally-standard information security literature, I would like to ask here if some international information security organization took the i...
Context Our team has begun migrating a pretty old internal application and one aspect that got my attention is the impersonation. This is implemented as follows: only administrators are allowed...
On a shared hosting (CentOS-Bash) I have a website with a backend (PHP) - frontend CMS-agnostic contact form. I need to transfer emails sent via this contact form directly to an email address (I d...
I use CentOS with Bash and I would like to download, execute and delete the executed downloaded file (running a remote/cloud script locally). I often prefer to load my own shell scripts from my ow...
To protect against dictionary and rainbow table attacks it is well known that passwords should be salted before hashing. The salt (unique to each password) gets stored with the hash, often in the s...
I have decided to convert a legacy database-first ASP.NET Core project to code-first. However, I have noticed that the project used the same database as another bigger project and the Entity Framew...