All Questions
9 questions
0
votes
1
answer
222
views
Would it be useful from a security perspective to harden an interpreter like Python or NodeJS by removing support for unused features?
When hardening a system you want to remove any features that you do not need. I have been thinking about this concept from the perspective of interpreters like Python, NodeJS, PHP etc. and am ...
- 3
2
votes
3
answers
690
views
About vulnerability in the dependency
I have read many articles about the vulnerability in the program dependency, either direct or transitive.
Here are two questions come out of my mind.
If a dependency A has a vulnerability (Maybe has ...
- 193
4
votes
2
answers
30k
views
URL parameter manipulation and injection
I have a scenario with 2 sites. Site 1 is mysite.com and Site 2 is secondurl.com.
Site 1 is using Wordpress. There, I did a Javascrit/jQuery routine that checks if a given url parameter comes in. If ...
- 153
1
vote
1
answer
973
views
How to test email spoofing with this php script? [closed]
I want to harden my SPF setting.
However I have trouble testing my SPF setting.
I want to be able send a test email to try out my new SPF settings.
Most of the resource on internet seems to be use ...
- 209
0
votes
1
answer
370
views
Encrypt a file in the server and decrypt it in the client without risking the user accessing it?
How can I send an encrypted file from a server to a client, encrypt and use it in the client without risking the user to access it?
I saw an answer where the server saved a file in its memory, and ...
user171096
2
votes
1
answer
379
views
What encryption protocol is used by paragonie/Halite library by default?
We're going to implement encryption between php server and python server. We decided to use paragonie/halite library (based on libsodium) on our php part. Python guy are asking what exact protocol ...
- 123
1
vote
1
answer
149
views
Functions in common server-side languages which are used to execute code [closed]
I want to know the list of functions which are used to evaluate strings to code. For example: in PHP we have the eval function which evaluates a string to PHP code. Input passed into eval without ...
- 89
0
votes
1
answer
1k
views
what are potential security risks of a python script outside public_html folder
I would like to know the risks of a python script that is outside of public_html
application/scripts/myscript.py
public_html
This script is called by the php application asynchronously. it receives ...
- 35
9
votes
3
answers
2k
views
How to implement client side encryption for CalDav & CardDav content?
I'm looking for a client-side encryption implementation that would be able to secure CardDav & CalDav data so that they couldn't be compromised even by the hosting provider.
Server side: PHP or ...
- 189