Is it reasonable to require passwords when users sign into my application through social media accounts?
I’ve built an application that requires users to authenticate with one or more social media accounts from either Facebook, Twitter, or LinkedIn.
What are the downsides of leaving automation tags in production code?
I’ve been setting up debug tags for automated testing of a GWT-based web application. This involves turning on custom debug id tags/attributes for elements in the source of the app. It’s a non-trivial task, particularly for larger, more complex web applications. Recently there’s been some discussion of whether enabling such debug ids is a good idea to do across the board.
Is having sensitive data in a PHP script secure?
I’ve heard that PHP is somewhat secure because Apache won’t allow the download of raw PHP. Is this reliable, though? For example, if you wanted to password protect something, but didn’t want to create a database, would something like $pass = "123454321"; be safe?
Is there any reason not to go directly from client-side Javascript to a database?
Possible Duplicate:
Writing Web “server less” applications
Are all security threats triggered by software bugs?
Most security threats that I’ve heard of have arisen due to a bug in the software (e.g. all input is not properly sanity checked, stack overflows, etc.). So if we exclude all social hacking, are all security threats due to bugs? In other words, if there were no bugs, would there be no security threats (again, excluding the faults of humans such as disclosing passwords and such)? Or can systems be exploited in ways not caused by bugs?
typical way to share database connection for open-source project, without revealing too much
I have an open source project for mydomain.com which requires connections to a database (…as is tradition). What is the standard practice for allowing others to work on the site, without giving them full access to the database’s credentials?
Verifying a debit card online – What information is checked?
I am eager to know what information is checked by the online companies to confirm that the card is yours?
Is it possible to read memory from another program by allocating all the empty space on a system?
Theoretically, if I were to build a program that allocated all the unused memory on a system, and continued to request more and more memory as other applications released memory that they no longer need, would it be possible to read recently released memory from another applications? Or is this somehow protected by modern operating system?
Securely changing system configuration from a web application
I need to write a web application that acts as a configuration interface for some system services. Meaning it will probably change some kind of configuration file and has to restart (linux) system services.
How to verify data from localStorage on a server
On my mobile app, I am storing the username of a logged in person, and downloading some data for the given/stored username. When the user checks for updates to his data content on the server, the server dishes out a delta of the content, based on the username. The app then updates its local display accordingly.