security – Page 4 – Tarik Billa

Spring Security, Method Security annotation (@Secured ) is not working (java config)

December 29, 2023 by Tarik

Kindly add this @EnableGlobalMethodSecurity(securedEnabled = true) This element is used to enable annotation-based security in your application (by setting the appropriate attributes on the element), and also to group together security pointcut declarations which will be applied across your entire application context specifically for @Secured. Hence your code should look like this @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled … Read more

Throttling brute force login attacks in Django [closed]

December 28, 2023 by Tarik

There are many libraries available for it like Django-axes, Django-defender, Django-ratelimit, these libraries mentioned all do the same thing (with a few differences between them). You can choose the one which best suits your needs. If you are using DRF, then you don’t need an additional library (axes, ratelimit, etc.) because DRF already has the … Read more

Having a POST’able API and Django’s CSRF Middleware

December 28, 2023 by Tarik

How about just splitting off a view(s) for your desktop client and decorating them with csrf_exempt?

What to use as the developer payload in Google In-App Billing APIs?

December 28, 2023 by Tarik

Is Javascript/jQuery DOM creation safe until it’s added to the document?

December 28, 2023 by Tarik

Is this by itself dangerous in any way? My point being, can just the simple act of creating a DOM somehow inject anything, or is it just simply processed and the structure is created? Simply creating an element without appending it to the dom will not cause any script to run since it is purely … Read more

What’s the most secure possible Devise configuration?

December 28, 2023 by Tarik

Peppers: yes you are correct. There is not much additional security achieved with a pepper if you are using salt. Stretches: 12 is reasonable, however bcrypt only ensures a constant time. You should consider using the newer scrypt as it allows you to specify both a constant time and the amount of memory to use. … Read more

Practical applications of homomorphic encryption algorithms?

December 28, 2023 by Tarik

Here’s a wild shot in the dark: We’re thinking about protecting the plaintext from the person doing the computation on it. But what if the objective was to protect both the plaintext AND the algorithm? Take, for example, MRI machines. The most expensive part of the MRI machine is the algorithm in which the machine … Read more

When to use NSSecureCoding

December 28, 2023 by Tarik

How do I check whether File.Delete() will succeed without trying it, in C#?

December 27, 2023 by Tarik

The problem with implementing FileIsDeletableByCurrentUser is that it’s not possible to do so. The reason is the file system is a constantly changing item. In between any check you make to the file system and the next operation any number of events can and will happen. Including … Permissions on the file could change The … Read more

SSL iframe is embedded on other web site

December 27, 2023 by Tarik

No. You will only get a security error if the embedding site uses SSL, but the iFramed one does not. Whether the sites use different certificates or not, that does not matter. No. (Isn’t this the same question as #1?) Summary Having different certificates between the main page and iframed pages is not a problem. … Read more