Most voted "security-guard" questions
This tag is used for security related issues and attacks against the software application.
Learn more…395 questions
Sort by count of
-
0
votes0
answers228
viewsSubprocess & call in Python ( Security )
Developing a simple application, some code analysis tools gave me the following warning : Consider possible security implications Associated with call module. For that particular code snippet : from…
-
0
votes1
answer856
viewsBlock PHP page access through the URL | Doubt about PHP page security
DOUBT 1 On my site I have PHP pages that register/login users, products, and other things, which I call through ajax. Have some way to not allow people to access these pages via URL? Example:…
-
0
votes0
answers64
viewsUsing filter_var() Sanitize with Pdo, do I need to use statements?
I wonder if even using filter_var with Sanitize you need to use Pdo statements. Is it safe to do so? or do I need to use bindValue for example() <?php $con=conectar(); //Recebe número da pagina,…
-
0
votes0
answers38
viewsIdea for data cleaning and processing library
I need to make a library for data processing, so I can use it before calling functions like: Register, Change, Delete and etc... I am using PDO for communication with the mysql database, and the…
-
0
votes1
answer1612
viewsSecurity and login authentication in Ionic 3 using PHP-generated access token
I’m developing an application where the user can login by providing his email and password. After that, I make a request to my server PHP which checks in the database if the data exist and are…
-
0
votes0
answers43
viewsWhat method to use to not show the json data on the php page that serves as a request for android app
Good evening, I have an android app and I am using this php code for the request of a json and I wish that the data would not appear when someone used the url, because so can see the exit…
-
0
votes0
answers59
viewsPHP file requested by jQuery to respond only to the domain itself
I made a code .ajax() jQuery to avoid direct access to PHP files, but would like to improve the security of the requested PHP files, read on Access-Control-Allow-Origin and other tips, but I…
-
0
votes1
answer45
viewsis_numeric is safe to select?
I am developing an application with PDO, and I normally use the bindValue() to execute the SELECT's, but I am developing an application that receives a variable that contains numbers and comma,…
-
0
votes0
answers32
views"protect" Javascript code
Good afternoon dear(as), I know that Client-Side programming is vulnerable and there is no protection. However, there are techniques (I don’t know the name) that compress or shrink the code. I’ve…
-
0
votes0
answers39
viewsEncrypt fixed-size files in Arduino with AES
I know that on Arduin it is difficult to work with files, however, how can I encrypt a file of fixed size, in Kb or Mb on Arduin using Aes or other encryption algorithm? anyone has any idea??…
-
0
votes0
answers360
viewsSecurity in checking and validating user with PDO:PHP
I want to create a panel with a secure login environment, using PDO as a validation. To explain, I am using the IPB forum database, basically I want to take advantage of the same forum user and…
-
0
votes2
answers173
viewsHow to validate data securely in the frontend?
According to that comment by @Pauloalexandre, it would be possible to validate the data only on the front, so that the back only receives the ready data I know that it is possible to limit, through…
-
0
votes1
answer85
viewsIs the PHP password_hash function a wrapper for the crypt function?
The function password_hash seems to me a wrapper that adds a high-level layer in function crypt, because it brings a default setting that could be made with crypt manually. Same with the function…
php function security-guard characteristic-language passwordasked 6 years, 4 months ago raphael 2,131 -
0
votes1
answer1893
viewsCryptography in C
I am developing a program in C, which will be able to encrypt and decrypt texts and save them to disk separately. I want to use the ASCII table for the implementation of Cryptography, I am able to…
-
0
votes0
answers24
viewsExternal Connection Postgresql
I have a java application on my computer running offline along with a database connection, with full access. I wonder how I would do so that if this program is installed on another computer, the…
-
0
votes2
answers710
viewsDo I need to use a middleware auth on the controller if I use Gates from Laravel?
It’s safe to remove an authentication middleware from a controller if I’ve already set a Gate on Laravel? I did so: In Authserviceprovider.php Gate::define( 'admin', function ( $user ) { return…
-
0
votes1
answer244
viewsbcrypt character limit in PHP
In the PHP documentation for the function password_hash has the notice: Care Using PASSWORD_BCRYPT as algorithm, will result in the parameter password truncated to a maximum length of 72 characters.…
-
0
votes1
answer74
viewsin Angular the service.ts is also transposed and executed in the browser even though it does not have an html attached to it?
my doubt is about the angular security and business rules, I can leave some kind of business rule at the angle at least in service.ts because the service is running on Node and does not have an HTML…
-
0
votes2
answers456
viewsblock access to a particular directory via htaccess with password
I currently have a server where I leave my web projects running, some of them in Laravel, so far without problems, however I want to create a password restriction on .htaccess to the root, For…
-
0
votes1
answer211
viewsHow to establish SSL/TSL socket connection with Nodejs
I created a very simple server socket with Nodejs (V8.11.3) and it is working OK apparently. My goal is to keep an open socket connection continuously with an electronic device (Iot). QUESTION: How…
-
0
votes0
answers39
viewsHashing a hash increases security?
Well a colleague of mine has been insisting on the idea of hashing a hash, I think they use in the company where he works The hash is in md5. I’ll explain as an employee: When registering a new user…
-
0
votes1
answer45
viewsDoubt with data protection in application
Hello, I am developing an Android app and Iphone that will store various sensitive information of my customers in the mobile database. My question is being in what is the best way to protect this…
-
0
votes0
answers43
viewsApplication server or Java program that determines sent TLS protocol?
I have a Java program that uses JDK 7, it is deployed on an application server (WEBLOGIC 10.3). By default, when making requests for data in the JSON format provided by a website, the program is…
-
-1
votes4
answers271
viewsDoes the secure API depend entirely on the developer or platform?
What challenges does the programmer face to make his API completely secure? When I talk about security I mean directly if the application exposes customer information or even makes your application…
-
-1
votes1
answer265
viewsWhat is the KEY used in frameworks for?
Generally, when I see systems that have been made without the use of frameworks, there is no use of keys. However, all the frameworks I have used to date, all of them you need to define a key (key)…
-
-1
votes1
answer84
viewsAre there security problems when implementing and using "add-ins" in VBA (Excel)?
Due to security problems with macros in VBA/Excel, I was wondering if the same occurs (or something similar) when adding a supplement and use it later in projects of VBA. This would impact a user…
-
-1
votes1
answer258
viewsObfuscating a string in the source code
I need to hide a string in the source code of my program. Searching I found a programmer who hid the phrase "Hello World!" through a chain of if and loops tying everything to a array numerical. The…
-
-1
votes1
answer49
viewsSecurity with Wordpress
I am updating a site and I have a question related to the security of it: In the database files the connection variable with the database is global; The PHP part is bundled with HTML; Variables of…
-
-1
votes1
answer770
viewsDo not allow change in source code
Does anyone know how not to allow changes in "values" by inspecting element ? ah a few days ago I entered a site and went to try to change the value of an input, but when I clicked ENTER to record,…
javascript jquery html5 security-guard google-chromeasked 6 years, 8 months ago Di Max Developer 53 -
-1
votes1
answer542
viewsError saving rules in firebase console
What errors can occur in the firebase Realtime database security rules console when defining my rules and what they are?
-
-1
votes1
answer26
viewsHash of some Cakephp2 field
I generated some scaffolding tables from Cakephp2, I have a model called account and created a Setter and getter: public function setPassword($password) { $this->password =…
-
-1
votes1
answer152
viewsHow to protect a php page that runs something
I am developing a very basic system, just for study. During the development, I had a question. In my system I have a page called register Customer.php that when submitting a form, it will execute an…
-
-1
votes2
answers284
viewsPassword encryption in Javascript
I have this snippet of code that makes the sending of user and password to my web service done in Asp C#. function validation(){ var json =({ "emailUser": email, "passwordUser": passWord });…
-
-1
votes2
answers107
viewsDon’t I have to worry about the frontend?
I would need to worry about the vulnerability of frontend or just with the backend?
-
-1
votes1
answer822
viewsHow to add license for my python application?
I’m having a problem. This problem is "How to create a license for my software". Suppose this is my license key - 12345YW When the user enters this license key, the software should allow him to use…
-
-1
votes1
answer80
viewsError while trying to compress folders from a drive - Unauthorizedaccessexception
I need to compress all of my E folders: But when I try with this code, I get this access exception. I’m new to programming and I’m trying to learn how to do things right. I am using dotnetzip to…
-
-2
votes1
answer150
viewsWhat exactly do "linkability" (linkability) and "traceability" (Traceability) mean in the context of private traffic networks?
The design article of Tor says: "Customers worried about linkability should rotate circuits more frequently than those concerned with traceability." These appear to be precise terms. What they…
-
-2
votes2
answers1019
viewsUse "anti_injection" in a MD5 password
I am studying a little more in depth the PHP and in question of security in PHP I have used the standard anti_injection found on the internet and used by many function anti_injection($sql){ $sql =…
-
-2
votes2
answers263
viewsPermissions according to groups of AD
Good people, as I mentioned in some questions I am developing a query Webapp that needs to have a login through the network using the users of Active Directory. My goal is that there is a group and…
-
-2
votes1
answer402
viewsBlock query string url - php
Good morning, My doubt arises because of increasing the security of my application. The scenario is as follows: A user with authorization sees the listing of several items (e.g., list-item.php), and…
-
-2
votes2
answers68
viewsCreating Mysql user safely
For security reasons, what privileges a database user should or should not have?…
-
-2
votes1
answer56
viewsHow to identify the customer by the public key of a certificate
How do I identify the X client, Y client and Z client when they try to authenticate via API... Example... such a customer sends me the key uy2395734asdfas, how do I know that that customer is…
-
-2
votes1
answer48
viewsIs it safe to use filter_input to receive password from another page? Should I use a filter or Sanitizer?
I’m still new to programming so I don’t know what safe ways to handle a password.
-
-3
votes1
answer261
viewsCryptocurrencies: What is the difference between SEED, Private/Public Keys, and Address?
What is the difference between these elements? and what is the importance of each, and the relationship between them? What is generated from which? and how these elements are generated/created?…
-
-5
votes1
answer241
viewsWhat is the most efficient way to make string literals not appear in compiled code?
What is the most efficient way to make literals of string do not appear in compiled code? I want to prevent reverse engineering. To do this, I tried the following code. However, I am concerned about…