Where to store encryption passwords

I get the reasons for security and encryption. But I'm really confused on how to set it up or use it. I'm working on encrypting passwords our application uses to access the database and other third-party APIs. I'm working under the assumption that p...
more »

2017-10-04 22:10 (0) Answers

MobileFirst Native App security check

We are working on native app using MobileFirst 7.1 and I was checking how MFP protect our app if we ran the case below: The attacker used the same bundleID and same app name targeting our server and ran the app on simulator which doesn't need any ce...
more »

2017-10-04 17:10 (0) Answers

Are OAuth Access Tokens confidential?

I have a web application which uses OAuth 2.0 to talk to a third-party service. I want both my server and my web app to talk to the authorized service on behalf of the user. I go through the normal authorization steps of doing the redirect, getting t...
more »

2017-10-04 10:10 (1) Answers

ELK Stack restrict access to some data

Now I'm touch a elk stack for a log collecting, also install xpack to kibana and elasticsearch. How I can restrict access to some logs group (any hosts) for any people? For log collecting I'm using logstash, listen some udp port, clients send logs wi...
more »

2017-10-04 10:10 (0) Answers

How to use single key value pair to ssh in cluster

I have to configure hadoop cluster. For that it is required that all systems should be able to ssh each other in passwordless mode. Due to security, I have allowed only key based ssh (no password). There are 5 systems in cluster. I have to generated ...
more »

2017-10-04 08:10 (0) Answers

How to password protect a string of text?

I've seen lots of similar questions but not quite sure which is applicable to this situation. I have a program that sends sensitive information by email. I would like the email to be scrambled such that the recipient must know the password in order t...
more »

2017-10-04 06:10 (2) Answers

Holding sensitive data in database

I need to hold some sensitive passwords in my database that I will have to later use to access another application for my user. How can I do this safely? I'm using Django but any method in general would be hugely appreciated. Thanks for any advice...
more »

2017-10-04 00:10 (0) Answers

Autowired TextEncryptor

public class Crypt { private String textToWorkWith = null; @Autowired private TextEncryptor encryptor; public Crypt(){} public String encrypt() throws NullPointerException { if(this.textToWorkWith != null){ return encryp...
more »

2017-10-03 21:10 (0) Answers

Public couchdb security

I exposed a couchdb on https://db.example.com then my services can directly request this URL. However everyone can access to the DB UI at https://db.example.com/_utils. Or simply request the DB. Is there a protection against brute force like rate l...
more »

2017-10-03 18:10 (1) Answers

Login through unprotected network

We are designing an API endpoint for clients to use to log into our service. However, I do have a question about how to be sure that the user's password is protected while using an unprotected network. After thinking about this issue, we concluded t...
more »

2017-10-03 03:10 (3) Answers

Determine Cipher Suite used in Server

I am trying to find out what Cipher Suite being used in our Server.I am wondering any tools to give us the information ? I know Wireshark will provides such details if i am not wrong. Any suggestion greatly appreciated. Thanks in advance ...
more »

2017-09-29 17:09 (2) Answers

Java version upgrade

I've upgrade my Java JDK installation to a later minor release version (e.g. 1.8.131 to 1.8.144). Should I recompile project source code to get any security benefits from bytecode generation or should I just run the old bytecode on the updated JRE?...
more »

2017-09-29 12:09 (1) Answers

prevent url from xss attack in javascript

I am working on data security web application. I am trying to pass parameters from onw jsp page to another, and it is vulnerable to XSS attack. How can i prevent the attack in jsp I tried following things: 1) My url is : "localhost:8080/samplejsp.j...
more »

2017-09-27 23:09 (1) Answers