Skip to main content
Information Security

All Questions

Ask Question
Tagged with
84 questions
NewestActiveBountiedUnanswered
0votes
0answers
357views

MariaDB SQL Injection

I'm doing a website PT lab and I'm trying to figure out SQL vulnerability in MariaDB. After some scanning I found the /api/ path, and one of them gives the desired SQL I found out that ' gives me the ...
ewondles's user avatar
ewondles
  • 1
1vote
1answer
238views

Do web-hosting sites like Heroku or Railway expose your database?

I was watching this video https://www.youtube.com/watch?v=Qm7k1CPFkIc about how to steal passwords and the guy mentioned that you can use shodan.io (a site that lists various devices connected to the ...
Some Guy's user avatar
Some Guy
  • 115
2votes
0answers
2kviews

How Secure Is It to Use SQLite for Identity Storage in a Web App

I'm developing an ASP.NET Core 7 MVC Web App. I'm using ASP.NET Core Identity library to manage user and role data. I am considering using SQLite for keeping Identity information, separate from my ...
Emre Bener's user avatar
Emre Bener
  • 121
1vote
1answer
235views

The server acts as a database server , but there is no open port regarding that why?

I've taken a pen-testing course and for the final certificate, I have to analyze a server and make a report regarding the vulnerabilities. The server does multiple functionalities, It acts as a web ...
Kumar's user avatar
Kumar
  • 41
2votes
3answers
196views

Manage passwords from my personal website

So I'm a complete novice in security practices, and an amateur web developer. I have a personal website connected to a personal DB. Currently there is nothing in this DB that would be useful to anyone ...
12345's user avatar
12345
  • 23
2votes
2answers
1kviews

How to control authorized access to specific data for specific users

I am building a web application that involves a login system. Once a user has logged in and is authenticated they should have the ability to access data from a database. This is however where I get a ...
Aplex's user avatar
Aplex
  • 21
2votes
0answers
146views

When using parameterized SQL queries, is there still any *security* issue with simply blindly accepting user input variables?

Suppose I have this: parameterized_database_call('SELECT * FROM widgets WHERE id = $1', $_GET['widget_id']); The SQL query is parameterized, as I've done for many years now. (I'm trying to repress ...
N. C.'s user avatar
N. C.
  • 21
0votes
1answer
159views

What (aside from the law) prevents cloud-hosting owners from eavesdropping on servers/code?

Given a server hosted on a cloud platform, what would stop the cloud platform owner from stealing the server's data and/or code? As far as I can tell, a motivated cloud owner could retrieve the data ...
Asker's user avatar
Asker
  • 101
5votes
1answer
604views

Giving different passwords to the app servers to access the same database. Pros and Cons?

Let's say we have one db server. three app servers with full database access. Which scenario is the best? Each app server connects to that one database with different passwords. Example: app srv 1 ...
Dave Doga Oz's user avatar
Dave Doga Oz
  • 153
1vote
1answer
4kviews

Storing third party API tokens in a database

Currently I have a Node JS project that uses the Spotify API. The project displays the users top played artists and tracks. I am following the Authorization Code Flow to obtain the access token. This ...
rsuresh27's user avatar
rsuresh27
  • 13
3votes
1answer
2kviews

Is SQL Injection possible in this case (REGEXP)?

I'm on a website which have a program, there is a search input for keywords. When I input & or < or > and search, it returns Got error 'empty (sub)expression' from regexp error and when I ...
kevin's user avatar
kevin
  • 31
27votes
4answers
4kviews

Secure Implementation of Password Database

Disclaimer I am not a security professional, just a programmer trying to do my best. Additionally, this is my first post to this community so I appologise if this question is too broad. The ...
Rekamanon's user avatar
Rekamanon
  • 381
19votes
3answers
10kviews

Data Encryption by Application vs Data Encryption in Database

For a GDPR (EU General Data Protection Regulation) implementation, I need to encrypt some personal information. There are two ways we can encrypt the data: Let the web application have the sole ...
madhairsilence's user avatar
madhairsilence
  • 290
0votes
1answer
660views

How can I detect an infection in a database?

Detecting infected files in a website or web application is very easy: you just need to compare the files with a clean backup or the original source (for example with diff) and that's it. However, ...
reed's user avatar
reed
  • 16k
1vote
1answer
263views

hiding emails in database [closed]

I am making a webpage (similar to a social media) which will be open-source, but will probably only run off one server, with multiple levels (php, javascript(hopefully without any modules), postgresql)...
Mark Gardner's user avatar
Mark Gardner
  • 111

153050per page
1
23456
close