Is CSRF possible with PUT or DELETE methods? Or does the use of PUT or DELETE prevent CSRF? Answer Great question! In a perfect world, I can’t think of a way to perform a CSRF attack. You cannot make PUT or DELETE requests using HTML forms. Images, Script tags, CSS Links etc all send GET … Read more
You see a fair bit (in the Geek community anyway) about OpenID. It seems like a good idea. I’m developing a website that will be targeted at a somewhat less geeky audience (but not quite Mom and Pops either) so I have to wonder if OpenID is going to be “too hard” for some audiences. … Read more
I wrote a short C++ program to do XOR encryption on a file, which I may use for some personal files (if it gets cracked it’s no big deal – I’m just protecting against casual viewers). Basically, I take an ASCII password and repeatedly XOR the password with the data in the file. Now I’m … Read more
I have a simple website where I establish a connection to a MySQL server using PDO. $dbh = new PDO(‘mysql:host=localhost;dbname=DB;port=3306’, ‘USER’, ‘SECRET’, array(PDO::MYSQL_ATTR_INIT_COMMAND => “SET NAMES utf8”)); I had some traffic on my site and the server’s connection limit was reached, and the website throws this error, with my plain password in it! Fatal error: … Read more
Is mysql_real_escape_string sufficient for cleaning user input in most situations? ::EDIT:: I’m thinking mostly in terms of preventing SQL injection but I ultimately want to know if I can trust user data after I apply mysql_real_escape_string or if I should take extra measures to clean the data before I pass it around the application and … Read more
<!–HTML CODE–> <p #mass_timings></p> //Controller code @ViewChild(‘mass_timings’) mass_timings: ElementRef; constructor(private domSanitizer:DomSanitizer) getInnerHTMLValue(){ this.mass_timings.nativeElement.innerHTML = this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings); } but the output which the mass_timings is displaying is including the text:- Safe value must use [property]=binding at the beginning How to remove this string. Answer As the error message says, the sanitized HTML needs to be added using … Read more
I’m new with angularjs… I read the docs, and completed the tutorial; i also tried something else by myself, and things start to make sense to me. Now i wonder how to make a safe authentication system. The easy part: no code, i will describe operations my code execute: I’ve a classic form: username, and … Read more
We’d like to ‘lock-down’ an iPhone/iPod/iPad so that the user can only run one app (we’ve developed this app internally). I’m guessing we’d be looking at jailbreaking, and then replacing (?) the default Springboard app. Can we do this? If so, how? EDIT: iOS 7 now includes an ‘App Lock’ payload as part of the … Read more
I have been trying to deploy my web application (war) from Glassfish AdminConsole but I keep getting the following error message – Exception while loading the app : Error in linking security policy for MyApp-war — Inconsistent Module State. But it deploys without any problem when I do it from Netbeans. (I don’t know if … Read more
Got a build rejection The app’s Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data. The app does not use microphone. Or so I think. How do I track down where mic is used? UPD23112016: given that the lazy answer is being upvoted I’ve … Read more
