Should OAuth token be shared to implement SSO?
What’s a commonly accepted way of implementing SSO using a third party OAuth provider?
How to handle security of temporary data on web server?
I’m primarily an ASP.NET developer but this question really applies regardless of language. So obviously it is a good idea to prevent external attacks that arise from session hijacking and csrf attacks as well. But what about internal attacks when the data involved is temporary, needed for the entire session but also sensitive and worth stealing? There is the naturally just only hire trustworthy people route, but lets say that doesn’t apply.
OAuth2 flow – does the server validate with the Auth server?
I’ve been reading a lot on OAuth2 trying to get my head around it, but I’m still confused about something.
Public-private key pair handling on a Windows ecosystem
I’ve been thinking about how to architect an infrastructure for one of our business applications with the following requirement:
Application connecting to database server
I’m working on an application which requires user credentials and so on. So a database is required on the backend.
How to explain to my customer that the hosting provider is terrible, security-wise?
As a freelance developer, I sometimes have to access the administration panels of hosting providers of my customers. It is an astonishingly frightening experience. Below are some points I noticed when accessing recently a not-so-unpopular hosting provider based in UK which has the word “secure” mentioned in large on the home page:
How can we protect the namespace of an object in Javascript?
Continuing from my previous question: Javascript simple code to understand prototype-based OOP basics
Let’s say we run into console this two separate objects(even if they are called child and parent there is no inheritance between them):
Should a stack trace be in the error message presented to the user?
I’ve got a bit of an argument at my workplace and I’m trying to figure out who is right, and what is the right thing to do.
Performing user authentication in a CodeIgniter controller constructor?
In “The Clean Code Talks — Unit Testing”, Miško Hevery mentions that “as little work as possible should be done in constructors [to make classes more easily testable]’. It got me thinking about the way I have implemented my user authentication mechanism.
Situations that require protecting files against tampering when stored on a users computer
I’m making a ‘Pokémon Storage System’ with a Client/Server model and as part of that I was thinking of storing an inventory file on the users computer which I do not wish to be edited except by my program. An alternative to this would be to instead to store the inventory file on the server and control it’s editing by sending commands to the server but I was wondering if there are any situations which require files to be stored on a users computer where editing would be undesirable and if so how do you protect the files? I was thinking AES with some sort of checksum?