I am learning about microservice security and I wanted to see if Netflix really logs me out. While logged into Netflix, I opened
https://www.netflix.com/YourAccount and in inspector viewed headers I am sending.
After copying the headers, I logged out -> opened Postman and issued the same request with the copied headers. The result – I could see my account information so the tokens were not revoked.
Is it a standard to keep auth tokens hanging?
Doesn’t it make user of the site more prone to attack?
I would like to know whether a warlock can directly confront his patron without risking to lose his powers. And generally in which case the patron is allowed can take his “gift” back. I’ve tries searching for relevant lore but couldn’t find anything. I’m playing the 5th edition.
I’m going to introduce a warlock into a campaign that is already running. During previous events the party has accidentally released a devil into the mortal plane and now is on a quest to kick him back. We’ve decided with DM that it would be interesting if that devil were my character’s patron. It makes the new character a good lead to find the devil and the party wouldn’t know whether to trust the new member, making things even more interesting.
However, I can’t have a character that is directly allied with the party’s enemy. I have a backstory that would support antagonistic relationship between my warlock and his patron so that his interests are aligned with party’s. But at the same time the warlock wouldn’t risk losing his powers, hence my question – can a patron take back the powers given to a warlock?
In my case I want to follow the 5th edition handbook so that the character mades a pact/contract with the devil himself.
As @Theik mentioned in the comments, in previous editions warlocks were able to inherit the power from some ancestor who made the pact, and I bet our DM would allow it. But I’d prefer to not to take this path as the character making the pact himself works better for the rest of the background I made for him.
In the end we went with the inherited powers that the devil cannot revoke.
I generated a private key and a certificate for my CA:
Then I generated a client certificate for a user:
openssl ecparam -genkey -name prime256v1 | openssl ec -out user.key openssl req -new -key user.key -out user.csr -subj "/C=RU/ST=Moscow/L=Moscow/O=Company ltd/OU=Sales department/"}); openssl x509 -req -days 3650 -in user.csr -CA ca.pem -CAkey ca.key -set_serial 1 -out user.pem cat user.key user.pem ca.pem > user.full.pem openssl pkcs12 -export -out user.full.pfx -inkey user.key -in user.pem -certfile ca.pem
Now I have these files for the user:
user.csr user.full.pem user.full.pfx user.key user.pem
Now I need to revoke this certificate and generate a file with certificate revocation list adding it to Apache. I read that it must somehow be done using
$ openssl ca -keyfile ca.key -cert ca.pem Using configuration from /etc/ssl/openssl.cnf ./demoCA/index.txt: No such file or directory unable to open './demoCA/index.txt' 3072997056:error:02001002:system library:fopen:No such file or directory:bss_file.c:413:fopen('./demoCA/index.txt','r') 3072997056:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:415:
Is it possible to avoid writing all the configurations, cause I don’t know them well enough.
i cloned a spfx project from https://github.com/SharePoint/sp-dev-fx-webparts/tree/master/samples/react-yammer-api and it basicaly search for a name of the user in yammer and return some informations about it. I was able to execute and query yammer rest api just fine, but then i went to my yammer user profile settings and i revoke the access to the application that i registered.
And now i cannot get the users using the rest api anymore. Always that i make a request its return 401 error.
There are multiple users in ubuntu in my system. Let’s say users are
X3, .. ,
Now in a Storage HD mounted at
/data/ each of them contains one folder. User
X1 is sudoers. Each time a new user (
X1 creates a new folder by his username (
/data/ and gives permission by
setfacl -m u:X*:rwx X* chown X* X*
Now to see the folder persmission we use,
# file: X* # owner: X* # group: N1 user::rwx user:X*:rwx group::rwx mask::rwx other::r-x
Now every user in the usergroup can see the folder content of other users. as they can enter to each other’s designated folder. How to restrict them each entering other’s folder.
I have a strange issue with permissions. We have a web application with custom claims provider (I do not know if this is connected with the issue). We have some site collections with many documents (all documents have broken permissions… I know it is not ok but it has to be that way). The issue is that when I assign a user to a group (this group exists ‘inside’ our custom claims provider) the user receives permissions immediately – he can open the document. But if I revoke permissions – user still can open the document for around 4 or 5 minutes. After that time the permissions are ‘truly’ revoked. What the…?
Apple revoked my company apple developer enterprise account. Does anyone meet this before?now my boss told me to buy one,anyone can help me resolve it?
In a certain website, a JS script causes the Firefox browser in my computer to crash.
Stopping that script will allow me to access the website flawlessly, but I accidentally allowed it to keep running, and now the prompt won’t appear again, so whenever I try to access that website, Firefox will crash.
I’d like to have the chance to revoke the permission on that script, so it will work from now on, but unfortunatelly, I havent found any way to do that.