Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Posts tagged security

4 child tags

Use for questions dealing with the security aspects of the programming (e.g. attacks against software). Always add tags related to the programming context (library, language, framework etc.).

This tag doesn't have a detailed wiki yet.

91%
+19 −0
Q&A Should a salt be stored in the same database as the hash?

To protect against dictionary and rainbow table attacks it is well known that passwords should be salted before hashing. The salt (unique to each password) gets stored with the hash, often in the s...

5 answers  ·  posted 3y ago by jla‭  ·  last activity 2mo ago by bencurthoys‭

Question security hash salt
85%
+10 −0
Q&A Are "strong passwords" at all meaningful?

Whenever registering to diverse sites on the net, you are often forced to enter a so called "strong password", which would ideally contain both upper case letters, lower case letters, digits, and s...

5 answers  ·  posted 3mo ago by Lundin‭  ·  last activity 2mo ago by Kattensen‭

77%
+5 −0
Q&A Best practices for company internal Swagger Docs in production

The current project I am working on consists of a bunch of microservices (Web APIs) accessible only internally using Entra ID (formerly Azure ID). To simplify the development, all services expose ...

1 answer  ·  posted 3mo ago by Alexei‭  ·  edited 3mo ago by Alexei‭

83%
+8 −0
Q&A Which functions in the C standard library must always be avoided?

It would seem that the C standard library is a collection of diverse functions that pretty much just ended up in the standard by tradition or "accident", rather than through some careful plan or ra...

1 answer  ·  posted 2y ago by Lundin‭  ·  last activity 2y ago by Lundin‭

84%
+9 −0
Q&A Is it dangerous to use json.loads on untrusted data?

I manage a wsgi application that accepts JSON data via POST from potentially untrusted sources. Normally it is treated as a text blob and never parsed, but there is a value in the expected input th...

1 answer  ·  posted 2y ago by ajv‭  ·  last activity 2y ago by hkotsubo‭

Question python json security
60%
+1 −0
Q&A How to properly manage PGP signing key storage, access, and usage for dev and automation?

I work for an IoT company. We recently got secure boot to work for a customer-visible product. For secure boot to work, the images we generate must be signed. Obviously, we want customer-visible sy...

0 answers  ·  posted 2y ago by ghost-in-the-zsh‭  ·  edited 2y ago by ghost-in-the-zsh‭

33%
+0 −2
Q&A Is there a problem in making Captcha an HTML builtin with an attribute setting which type of Captcha

Many web login and contact form features could be set as standard HTML builtins without the need to develop and backend and/or (non HTML) frontend for them, for example: Select field Input Date...

2 answers  ·  posted 3y ago by deleted user  ·  last activity 3y ago by corporat‭

28%
+0 −3
Q&A What makes a software module an "authentication" module?

As I don't have any significant experience with internationally-standard information security literature, I would like to ask here if some international information security organization took the i...

2 answers  ·  posted 3y ago by deleted user  ·  last activity 3y ago by nelson777‭

81%
+7 −0
Q&A How to properly deal with impersonation in a Web application? (security vs. usefulness for tech support)

Context Our team has begun migrating a pretty old internal application and one aspect that got my attention is the impersonation. This is implemented as follows: only administrators are allowed...

2 answers  ·  posted 3y ago by Alexei‭  ·  last activity 3y ago by meriton‭

40%
+0 −1
Q&A I don't want to setup DKIM, SPF and to do SMTP authentication ; an hosting-provider-email-box solves this but what if I want a domain-registrar-email-box instead?

On a shared hosting (CentOS-Bash) I have a website with a backend (PHP) - frontend CMS-agnostic contact form. I need to transfer emails sent via this contact form directly to an email address (I d...

0 answers  ·  posted 3y ago by deleted user  ·  edited 3y ago by deleted user

50%
+1 −1
Q&A Running remote scripts (cloud scripts) locally --- valid and securely as possible

I use CentOS with Bash and I would like to download, execute and delete the executed downloaded file (running a remote/cloud script locally). I often prefer to load my own shell scripts from my ow...

1 answer  ·  posted 3y ago by deleted user  ·  last activity 3y ago by Peter Taylor‭

66%
+2 −0
Q&A How to automatically run Entity Framework Core migrations for an application which uses a user with read/write rights on certain tables?

I have decided to convert a legacy database-first ASP.NET Core project to code-first. However, I have noticed that the project used the same database as another bigger project and the Entity Framew...

1 answer  ·  posted 3y ago by Alexei‭  ·  last activity 3y ago by Alexei‭