Newest 'web-development security' Questions - Programmers Stack Exchange

35

votes

6answers

1k views

Logging failed login attempts exposes passwords

I started logging failed logins attempts on my website with a message like Failed login attempt by qntmfred I've noticed some of these logs look like Failed login attempt by qntmfredmypassword I'm ...

web-development security

asked Apr 22 at 3:49

qntmfred
27625

0

votes

3answers

200 views

Securely storing secret data in a client-side web application

I have this web application that is going to be all client-side technology (HTML, CSS, JavaScript/AngularJS, etc...). This web application is going to be interacting with REST API in order to access ...

web-development security

asked Apr 5 at 17:15

ryanzec
898517

0

votes

0answers

152 views

Connecting with OAuth, dealing with logout and browser sessions

I work on a open-source web application (Moodle) which connects to a number of external services such as Google Drive, Dropbox etc. to allow users to exchange files with these services. Primarily we ...

web-development security session oauth

asked Feb 20 at 3:06

Dan Poltawski
11

9

votes

7answers

294 views

Is the use of security conditionals in a view a violation of MVC?

Often what's displayed to a user (e.g. on a web page) will be based partly on security checks. I usually consider user-level / ACL security to be part of the business logic of a system. If a view ...

web-development design-patterns security mvc

asked Jan 15 at 15:32

Matt S
2,092315

2

votes

4answers

346 views

What are the downsides of leaving automation tags in production code?

I've been setting up debug tags for automated testing of a GWT-based web application. This involves turning on custom debug id tags/attributes for elements in the source of the app. It's a non-trivial ...

web-development security automation gwt

asked Nov 29 '12 at 1:45

joshin4colours
1,178618

-2

votes

3answers

189 views

How to handle security of temporary data on web server?

I'm primarily an ASP.NET developer but this question really applies regardless of language. So obviously it is a good idea to prevent external attacks that arise from session hijacking and csrf ...

web-development security

asked Jul 28 '12 at 18:24

Peter Smith
1,622310

0

votes

2answers

177 views

What is the logic behind filtering/sanitizing input?

I have always found it more logic to validate input instead of filtering it. How to appropriately filter data depends on the situation, so IMO it should be done in output or when saving to a database. ...

web-development security validation

asked Jul 18 '12 at 15:47

lortabac
867416

3

votes

1answer

119 views

File Upload Forms: Security

SO I'm building an application for uploading files. We're paying scientists to contribute information on pests, diseases and bugs (for Plants). We need the ability to drag and drop a file to upload ...

web-development security

asked Jun 7 '12 at 21:06

Snow_Mac
2007

1

vote

1answer

421 views

How frequent should the Token Updation in CSRF security be?

To start with the background, this post is what Jeff Atwood says about CSRF tokens. In this very page, he goes on to say: An even stronger, albeit more complex, prevention method is to leverage ...

web-development programming-practices security patterns-and-practices

asked Mar 17 '12 at 7:20

c0da
922214

3

votes

2answers

423 views

Making sure database connection information is secured

This is the first time that I am working on a web application. I was going through the question What should every programmer know about web development? and noticed one thing that I knew nothing of: ...

web-development database security

asked Mar 2 '12 at 13:18

c0da
922214

-1

votes

1answer

534 views

python login form vulnerability?

<HTML> <HEAD><TITLE>Login Page</TITLE></HEAD> <BODY> <CENTER> <FORM method="POST" action="http://yourserver/cgi-bin/login.py"> <paragraph> Enter ...

web-development python security web

asked Feb 27 '12 at 15:32

xerxzz
1

4

votes

2answers

314 views

Is a traditional client app which connects directly to a database a good idea?

After using Django's excellent admin interface, I was pondering creating a similar system which wasn't as tied to an ORM. Now, while considering this, I thought that overcoming webapps limitations ...

web-development security sql desktop-development

asked Feb 4 '12 at 10:41

alex
1,902312

11

votes

3answers

2k views

Is it a good practice set connection strings in a web config?

Recently I have a discussion with some of my colleagues at my work because they said that it's better have in a .DLL a string connection encrypted. And I said why just don't use the string connection ...

web-development c# asp.net security entity-framework

asked Nov 8 '11 at 22:22

Jorge
22218

5

votes

6answers

891 views

How can I prevent users from creating multiple accounts on a web site?

I'm building a site that needs to guarantee user reputation scores are accurate by preventing users from creating more than one account, at the cost of decreased user signups. So far, the only ...

web-development security cryptography

asked Oct 19 '11 at 12:41

Alek Storm
1262

3

votes

2answers

222 views

Why should you prevent a search engine from indexing your development server?

I've heard that you shouldn't let search engines index your development server. The reasons given were: Duplicate content penalties Customers making purchases from an unsecured domain (if ...

web-development security

asked Sep 21 '11 at 19:09

JD Isaacks
3,34212044

Tagged Questions

Related Tags