Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives Advice
0votes
1replies
15views
OAuth middleman API
I am having issue with our current login setup.We have multiple types of clients (mobile, webapp, spa).Our app has its own user managment a pretty old way to auth users (Each user recieve GUID and ...
Best practices
0votes
1replies
30views
How many of you have firewall enabled on an Oracle server?
[Update: It makes no sense to ask "How many of you have a firewall enabled on an Oracle database server?" as I did earlier today. So I'm changing the question]If your company uses Oracle ...
- 101
0votes
0answers
50views
Trying to setup a snowflake oath security integration but saml integration getting in the way?
So I'm currently trying to setup two different security integrations. My snowflake instance already has a SAML security integration setup for users, where they're logging into okta using sso, this ...
- 299
-1votes
1answer
55views
How to detect or mitigate wall-clock time jumps when validating offline software licenses?
I’m implementing an offline license validation mechanism in a desktop/server application.The license has an expiration date and must continue to work without any online checks.The problem I’m facing ...
0votes
0answers
55views
Can we intercept the download of files from any website using a browser extension [closed]
I just wondering how can we intercept a download file and parse it before actually downloading the file. just like in android download via this or that app like when click download from any website i ...
-3votes
1answer
97views
How to make my TOTP generator work with other hashing algorithms (other than sha1)? [closed]
I'm having trouble making my Python code generate the correct TOTPs using the test secret key 12345678901234567890, the same one used in the RFC6238 appendix B examples. I was able to get the correct ...
Best practices
0votes
2replies
70views
How to verify webhook signatures from multiple providers (Stripe, GitHub, Shopify, etc.) in Go?
I'm building a webhook handler that needs to accept webhooks from multiple providers (Stripe, GitHub, Shopify, Twilio, etc.). Each provider uses different signature verification methods:- Stripe: ...
- 235
-4votes
0answers
55views
How to design a privacy-preserving user identity system without exposing client/backend details? Should I use hashing or random tokens? [closed]
I’m working on a project where privacy is extremely important for both the client and the backend.Neither side should expose any sensitive or identifying information.A senior developer suggested ...
0votes
1answer
39views
How to hide UI elements in a custom frontend based on Dataverse security roles when using MSAL authentication?
We are building a custom frontend application (SPA) that authenticates users against Microsoft Dataverse using MSAL and OAuth.The UI should hide certain navigation items and actions, e.g. show the &...
- 21
0votes
0answers
126views
How can unsafe React Server Component deserialization paths, like those exploited in React2Shell (CVE-2025-55182), be reliably detected and secured? [closed]
I’m researching the internal behavior of React Server Components (RSC) and the Flight protocol, specifically in relation to the React2Shell vulnerability (CVE-2025-55182).This exploit abuses the $@ ...
Best practices
0votes
1replies
52views
Is BFF actually more secure with Oauth for SPAs?
Some of the articles that I have seen lately imply that implementing a Back-end for Front End architecture is more secure for a SPA than a traditional setup as the tokens never leave the "...
Advice
1vote
3replies
61views
CS degree project on computer networks
I am preparing a project for a computer networks course and I wanted to ask for advice. My teacher gave me this assignment for the exam: make an analysis on the vulnerabilities and attacks to protect ...
Best practices
0votes
0replies
54views
How should I pass user secrets from my frontend to my backend with Tauri?
I'm currently working on an app that stores secrets in an encrypted vault, and the key is derived from a user password. How can I securely prompt the user for their password? Is the IPC with invoke ...
- 191
Advice
0votes
0replies
84views
Design review: ntfy-based remote unlock for Vaultwarden without exposing .env passphrase on a compromised host?
(If you want to skip to the part I ask the question, scroll down to the last section with the heading "Concrete question".)I’m working on a home lab / learning project and would appreciate ...
- 41
Advice
0votes
0replies
29views
What is Github policy about distributing closed source software binaries on GitHub?
While it is possible to use GitHub for releasing software with outdated sources or no sources at all,I wonder how legal it is and how what is official Microsoft position is.I think for most ...
- 64.7k
- The Overflow Blog
- Featured on Meta
Hot Network Questions
- Intuition behind likelihood function used for Tobit model
- PSE Advent Calendar 2025 (Day 15): Twelve Days of Wordle
- Tightness of Novak space
- Choosing one specific MeshFunction in Plot3D
- Why does mathematical notation and terminology stop being standard after calculus?
- What happens when corporate restrictions on contracting authority interact with adhesion contracts or other kinds of -wrap contracts?
- Why did my credit score drop when I added a gold card?
- Is there an elegant proof to this old problem of parallelism that dates back to the 19th century?
- Find winner of Connect-Four game board
- What does it mean when physicists say: "An object rotates around any point you choose"?
- In what sense is God - as portrayed in monotheistic traditions - a 'moral' being, if God has created morality?
- How to search all CloudPages in a Business Unit for specific Content Block IDs?
- "Creepy Dolls" story about dolls that are protection spells for pregnant women including characters named Anna and Alice
- Vertical line in matrix using LaTeX
- Algorithm to distribute points on the perimeter of a box (box unit formation)
- Averaging an RF signal
- How could the Psalmist say, "I have never seen the righteous forsaken or their children begging bread"?
- Horror movie in which a killer girl is killed in a hospital by a survivor
- How does storing save games in steamapps/common/ work when using more than one Steam library?
- Need csvuniq functionality on the command line for CSV with embedded end of line
- Android 12 phone asks me to format SD card every time I reset it
- unicode-math or lua-unicode-math?
- Is ritualized confession a sign of a bad culture of failure?
- Is retracting the flaps just before flare a safe procedure?