Question about CVE-2024-2961 PHP Bug (iconv issue)
I've seen a bunch of news about this bug, does it affect applications that do not use the iconv() function?
Php versions – Does Typo3 12.4 works with PHP 8 and disable_functions=ini_set?
I am running a Typo3 page with some security restriction, especially my admin disabled some PHP functions for security reasons. disable_functions=ini_set Now I did an upgrade: Typo3 11.5 => Typo3 12.4 PHP 7.4 => PHP 8.2 This results in fatal…
$.get(code_url) executes code returned, without using eval( ) neither appending it to DOM. jQuery security fail?
I was debugging my NodeJS app when I came to this huge fact : Using jQuery, a simple $.get(code_url) Where code_url is an URL toward javascript code on the server, does executes the code. What is expected is : $.get("script.js",…
Securing SharePoint Content: Leveraging Group IDs for Access Restrictions in Azure AI search
Architecture: I have my data as files in SharePoint, I want to use Azure AI search to query the data but also apply security filters for document level restriction. I created a new application which has access to that SharePoint.…
Javascript – Is Using Classes and Private Fields As An Alternative To Environment Variables A Bad Idea?
The way I handle sensitive information in my projects such as API keys is to create a file with a class that holds sensitive information in private fields. I then put that file name in my .gitignore file so I…
Reactjs – Can props be forged in React?
Pardon me if this is a ridiculous question. But can props be forged in React? In other words can someone navigating your website find a way to deliberately change the values of the props that are being passed from component…
WordPress Security for Custom PHP files
Good day, I am quite concerned about whether storing custom php files within my child theme is secure, and if they would be publicly accessible since they are within the web root. For example, if my file path was something…
Amazon web services – Avoiding hardcoding secrets into ~/.kube/config
I'd like to configure the kubectl tool to use the variables defined in my current shell in order to connect to the cluster, rather than pointing to the profile defined in a ~/.aws/credentials file, for security reasons. This works with…
Amazon web services – AWS S3 | Allow to access file only to the user that uploaded it
I'm building a website using React and AWS Services, for storage AWS S3. I've read many use cases online, almost all of them suggest IAM user policies. But I'm not sure if it helps me in my case. The idea…
WordPress – How to rate limit visitors voluntarily opening hundreds of tabs?
I am recently facing an issue with some haters opening hundreds of tabs on my website to put it down. It's a Wordpress website hosted on a VPS with a 12 threads CPU and 48 GB memory with PHP 8.1.…