Assume that, I have already setup two different domain, such as: https://test1_example.com/ https://test2_example.com/ Test1 has an iframe with src of test2 site. I would like to pass a username and password from test1 to test2 site, but I’m worry about whether someone will capture the sensitive data through the network during this process. Should I ..
I have an attachment functionality on my app. Users can upload Documents to S3 using Slingshot and then click a button which opens up a modal and a carousel displaying the attachments. The downloadUrls from S3 are stored in Mongo and I have a template helper to spit them out and then an each puts ..
I am creating a website, the goal of this site is to inform, in fact it is a page that provides a description of the work done, the company contacts and the workplace (there is no e-commerce or online shop ). Now I am creating a send email form that allows a user to send ..
We are using Twilio CLIENT to make voice calls from browser to phone numbers. On the Twilio server side we build a getToken function, based in this article: https://www.twilio.com/blog/generate-access-token-twilio-chat-video-voice-using-twilio-functions On the client side, do you think sending ’identity’, ‘secretKey’, ‘accountSid’ without encription is correct, in terms of security? Is this the recommended way to do ..
I have an express app with MongoDB. It creates a user id for each user document. This user id also get encoded in jwt, which creates an illusion for new devs that user id must not be sent to front end in plain text form. Can someone explain how sending user id to front end ..
I have come accross the issue that one of the WordPress websites I provide maintenance for would strangely redirect the user (unprotected by an AdBlocker) to scam websites. The redirection has been done through stick.travelinskydream.ga. On a closer check, a script with the following code has been automatically injected into the application. The following code ..
I’ve read a lot about this topic lately. I am still not sure if additional hashing + salt on the frontend, would make sense to some extend. As I understand, this would (more or less) just draw on computational resources rather than adding much security-wise. What is the common practice when it comes to such ..
I have a small web application written in vanilla PHP with MySQL database, on which registered users are able to create custom profile pages. Id like to add a textarea form field in the control panel, for users to add their custom tracking code (namely Facebook Pixel or Google Analytics) for their tracking purposes. My ..
I need to render an untrusted HTML document (an email) inside my Angular web app. I plan to render the document inside an iframe with the sandbox attribute to prevent security issues. I am not providing any parameters to the sandbox attribute, so all sandbox restrictions will be enabled. I am providing the HTML to ..