Questions tagged [validation]
Validation (in contrast with verification) is assurance that a product, service, or system meets the needs of the stakeholders. It could contain the acceptance phase.
129 questions
0votes
0answers
45views
How are checksums validated automatically in a system [duplicate]
Let's take an over-the-air update procedure for example. The client which needs updating downloads an update image from the source. It then performs some checksum calculation initially on the received ...
- 297
0votes
0answers
48views
Validate a newly issued certificate
I'm using EST protocol for enrolling new certificates. And I was thinking how I, as an application, should validate a certificate issued by that CA or EST server before storing and using it. should I ...
- 21
3votes
2answers
631views
What are the risks of disabling issuer URL validation?
According to the OIDC specification: The issuer value returned MUST be identical to the Issuer URL that was used as the prefix to /.well-known/openid-configuration to retrieve the configuration ...
- 45
1vote
1answer
2kviews
Validate File Uploads in PHP: PDFs and images
We're trying to secure our upload forms in PHP regarding image uploads and PDF files. For this purpose, we're currently trying to do the following in all cases, according to our research done so far: ...
- 151
1vote
2answers
191views
What's the shortest message you need to claim ownership of another message?
Hypothetically, I'd like to demonstrate that I am the owner of a piece of published information. The requirements are the following. The hash/ characteristic string is compact enough (ideally a few ...
- 121
2votes
1answer
188views
When a detection tool fires no alert, how to tell the difference if the environment is safe or just something is wrong with the tool
For example, if an antivirus gives no alert for a couple of months, how do you confirm if the antivirus is working to prevent viruses, and not just hung?
- 121
2votes
3answers
803views
Should password strength validation also be run server-side or only client-side?
Personally, I think that it's not so important to check the strength of the passwords on server-side, since, if the user evades the validation on the client side, it would be their responsibility to ...
0votes
0answers
488views
How to determine validation process of a certificate used by a website using HTTPS?
When visiting a website that uses HTTPS, we can see its certificate in the browser. But how can we know for sure which validation process the company or domain behind the website has gone through? ...
user279925
1vote
1answer
528views
Best practice for "stateOrProvinceName" in certificate
In RFC-4519 stateOrProvinceName is abbreviated to ST. Should we assume that it is best practice to put ST=<name-of-state> in the certificate if the state or province is indicated? After all X-...
- 4,983
0votes
1answer
82views
Processing Parameters passed in URL String from a Third Party
I'm working with a developer to develop a web application. For one aspect of this application, I need to allow hundreds of merchants to deliver non-PII and non-sensitive data to my website. The data ...
- 129
3votes
1answer
369views
How may I check if an expired certificate was valid at the time?
I have an old let's encrypt (but disregard that, it could be any) certificate that is no longer active. How may I check if it was valid at the time?
- 198
-1votes
2answers
507views
How does DNS-01 validation for LetsEncrypt know what the right IP address is?
For my personal use, I bought a domain for internal ssl validation for my pfsense. I was able to get the LetsEncrypt's ACME script to successfully validate my domain and produce an ssl certificate for ...
- 166
0votes
1answer
915views
If a file is digitally signed, is posting a hash very useful for security purposes?
In this question I asked about how to handle situations when SHA-256 hashes are not available for a file downloaded from the internet that contains executable code. Another community member ...
1vote
0answers
430views
When file hash not available, how to best check authenticity of a file?
Normally, The Document Foundation (TDF) publishes the SHA-256 and SHA-1 hashes, along with the MD5 checksum, for all LibreOffice releases. For example, see this. However, for their current release (...
0votes
1answer
420views
Is it true that frontend validation is generally redundant for minimalist contact forms on minimalist environments?
Say I have a continuously upgraded and well maintained LAMP environment with a website which its CMS is all-core and continuously upgraded as well and I have created a simple backend HTML contact form ...
