Defend SQL injection attack with OpenCart 2.3.0.2

I am new in OpenCart. Today on my dashboard section Sales → Returns I saw this: And: It looks like SQL injection attack on order form. How can I secure my web from SQL injection attacks? I also want to hide my administration URL. I want it t...
more »

2017-06-21 23:06 (1) Answers

Chrome extension authentication without OAuth 2

I currently have a web app that implements its own authentication via a "login" REST endpoint which returns a JWT and I would like to reuse this for my Chrome extension's authentication. The accepted answer in this question suggests that only OAuth ...
more »

2017-06-21 15:06 (0) Answers

yii2 how to deny access Yii::$app->db in view

We have a development team and I want the developer who focuses on the views will not be able to do retrieving,updating,deleting directly using Yii::$app->db. Every database operation in view must be done via a proper model object. How to? Thanks. ...
more »

2017-06-21 14:06 (1) Answers

USI Webservice SOAP Format

I am in the process of developing process to communicate with the Unique Student Identifier (USI) Webservice. I have a Vanguard token, courtesy of some nice (SoapClient avoiding) code by Sergey Vidusov (thanks!) and I'm trying to use the contents of ...
more »

2017-06-21 12:06 (0) Answers

Backend API Security

I have a backend server which serves mobile apps both android and iOS. Now I have SSL installed on the server so all requests made are secure. Can you give me suggestions if I need to encrypt my sensitive info which is being sent to server as plain ...
more »

2017-06-21 11:06 (0) Answers

How secure is Sinch SDK?

I have implemented sinch SDK in my iOS application and also have a URL callback to check with my backend if the request is from my existing users. But let's say a new user wants to signup to my app and I verify his mobile number, then only sign him ...
more »

2017-06-21 09:06 (0) Answers

Truly safe `eval` using ES6 `Proxy` and `with`?

It's a well known fact that neither Javascript's eval keyword nor Function objects created from strings should ever for any reason be used to run untrusted code. However, I'm wondering if ES6 proxies change that. Consider: let env = {eval: eval}; l...
more »

2017-06-21 04:06 (0) Answers

Store private data in Android library project

I am building an Android library project (a third-party SDK) and I am trying to store data in a way that is inaccessible to the host application. Is there any way to do this? I started out saving to a SQLite database but the sqlite file is saved insi...
more »

2017-06-20 15:06 (0) Answers

IE 10 blocked AngularJS & Jquery content to load

I have added new AuthInterceptor to an application and it is being blocked by IE-10. The code is loaded in iframe and when parent URL domain is different than UI and domain URL, it is not working e.g parent browser URL: http://test1.com iframe load...
more »

2017-06-20 14:06 (0) Answers

how can I solve r57shell_php_php warnings?

My host provider has sent to me an email which it says my application have some malwares and I should fix them .that email also contains the following list: {YARA}r57shell_php_php : /home/virtfs/username/usr/ local/apache.ea3/conf/modsec2. user.c...
more »

2017-06-20 09:06 (0) Answers

Hook in to Jenkins Pipeline Lifecycle

I am interested in implementing my own security mechanism in Jenkins in order to restrict who can modify Jenkinsfiles and have their changes executed in a pull request. To do this I'd like to execute some code on every pull request build immediately ...
more »

2017-06-20 00:06 (0) Answers

Verifying JWT Signature using public key endpoint

I'm wanting to verify the signature of some JWTs from Microsoft. I'm using Spring-Boot, the JJWT library and following endpoint: https://login.microsoftonline.com/common/discovery/v2.0/keys The endpoint returns an array of JSON public keys. Here is ...
more »

2017-06-19 23:06 (1) Answers