Can green flame blade, slashing flourish, and sweeping maneuver be combined for a massive sweeping attack?

A character with the classes: Rogue(Arcane Trickster) lvl 3, Bard (College of Swords) lvl 4, Fighter (Battle Master) lvl 3, has:

  1. Green Flame blade.
  2. The Bardic College of Sword’s slashing flourish.
  3. Battle Master’s sweeping maneuver.

Can these be used in the same turn against the same 2 foes?

Character is fighting 2 opponents, Casts Green Flame blade and hits target and therefore the “jumping flame” portion of the spell hits the 2nd target as well, and since the attack hit the player decides to use both the flourish and sweep to deal even more damage to the second target.

Do both damage sources stack?

Can both be used at the same time?

Both the slashing flourish and the sweeping maneuver do not require an action nor bonus action to activate. For the attack, would both the flourish and maneuver apply should the player choose to use both resources?

Is it just down to a DM call?

When casting Inflict Wounds through a familiar, can I reroll the attack roll using the Elven Accuracy feat if I have advantage?

If I have a familiar, I can cast Inflict Wounds through it, as per the description of Find Familiar:

Your familiar can deliver the spell as if it had cast the spell.

Inflict Wounds includes a melee spell attack. The rules for spell attacks state (PHB p. 206) that:

Your attack bonus with a spell attack equals your spellcasting ability modifier + your proficiency bonus.

The Elven Accuracy feat (XGtE, p. 74) states that

Whenever you have advantage on an attack roll using Dexterity, Intelligence, Wisdom, or Charisma, you can reroll one of the dice once.

The second person pronoun is used in both of these last two wordings. So if the caster’s, rather than the familiar’s, spellcasting ability modifier and proficiency bonus are used for this melee spell attack, it seems to follow that, given advantage on the attack, a reroll would be available via Elven Accuracy (if the caster has that feat). Is this the case?

How to mitigate credential disclosure in man in the middle attack

I have the followin scenario and looking for a secure solution.

There is a web application, hosted on IIS. The connection is established over TLS 1.2 and is encrypted.

So the steps are

  1. Client connects to the server over ssl

  2. Client sends the username and password (as well xsrf token)

  3. The server authenticates the user and creates an encrypted cookie that will go back and forth.

Assume that we are in a corporate environment were all communication occurs via a proxy server (for example when using SSL Inspection). If the inspector is compromised (quite probable based on this) then the user is vulnurable to credential theft.

I read about the crypto binding solution, but this only secures us from the MITM to not be able to keep the connection alive after the client has stopped creating traffic.

Is there a way to secure the user’s passwords when ssl has been compromised this way?

How would a gravity-based AoE Flight attack be resisted?

I’m trying to build a power that changes which way is “down” in a certain volume. I’m planning to use the Flight effect, with Burst Area and Attack modifiers. As I understand it, unwilling targets would get a Dodge resistance check for half-effect, and then another resistance check to avoid all effect.

I’m not sure what kind of check that would be, or how often targets would make it (only once? once per round?). I feel like acrobatics or athletics would make sense for grabbing on to something or getting out of the affected area. Can skills be used for resistance checks? And if so, would it warrant the use of the “alternate resistance” extra?

Man In The Middle Attack On File Uploads

I am using a web service (call it X) which allows files to be uploaded to AWS S3.

The way it works is that an initial call is made to X which then returns a list of file descriptors and also meta information which should be injected into the web form as hidden fields that the user is presented with to choose a file to upload. One of these hidden fields is the url of the S3 bucket where the file will be uploaded to.

When the user chooses a file and clicks submit the file is sent as byte streams to the S3 location.

I see two security concerns here:

  1. The url which is returned from calling X and then set as a hidden field in the form could be hijacked and substituted for another url of the hacker’s choosing
  2. I am not sure if this is possible but the byte stream from the user’s browser to the S3 bucket could be diverted?

Is this paranoia or actual real security concerns?

Does an attack from a chaotic-aligned character break regeneration/chaotic?

I am DMing an adventure where the players can fight an arbiter inevitable. The inevitable is listed as having regeneration 2/chaotic. The book says that the type after the slash is the damage type needed to stop regeneration, but I’m not sure what counts as doing ‘chaotic damage’.

Would an attack by a PC with a chaotic alignment count as doing chaotic damage and break the regeneration?

What options are available for a Level 2 party to break the regeneration, if the answer to the above question is ‘no’?

How can a ranged rogue sneak attack?

A player of mine started to play a rogue in pathfinder 2e, he was already playing a rogue in DnD 5e. He feels a bit frustrated that it was impossible to profit from the flanking rule to sneak attack.

My question is how the rogue can sneak attack with a ranged weapon?

I know that he can use the hide action and then attack but what are the other opportunities?

Is a grappling character considered to be distracted for the purposes of an attack by a second opponent?

If a character is grappling a struggling opponent, and a second opponent attacks the character, would the DM rule that the distraction of dealing with the grappled opponent causes opponent number 2 to have Advantage on its attack?

I suppose it might depend on the nature of the Grapple. Merely grabbing an opponent by the wrist to impede his slingshot might leave you alert and ready to parry or dodge, but a more violent tussle, involving a grab with both arms would, I presume, leave you wide open for a whack from behind and thus at a Disadvantage versus a second opponent.

Even if you have followed up with a move to leave your grappled opponent Prone, I imagine that you are now kneeling, crouching or otherwise distorting your fighting stance in such a way (at least I cannot imagine that grappling a prone opponent can be done standing up) as to give a second opponent the Advantage.

I don’t see anything in the Rules (I have Essentials Kit Rulebook) covering this.