Netflix logout does not revoke secure netflix ids

I am learning about microservice security and I wanted to see if Netflix really logs me out. While logged into Netflix, I opened https://www.netflix.com/YourAccount and in inspector viewed headers I am sending.

After copying the headers, I logged out -> opened Postman and issued the same request with the copied headers. The result – I could see my account information so the tokens were not revoked.

Is it a standard to keep auth tokens hanging?

Doesn’t it make user of the site more prone to attack?

Can a patron revoke warlock’s powers?

I would like to know whether a warlock can directly confront his patron without risking to lose his powers. And generally in which case the patron is allowed can take his “gift” back. I’ve tries searching for relevant lore but couldn’t find anything. I’m playing the 5th edition.

The backstory:

I’m going to introduce a warlock into a campaign that is already running. During previous events the party has accidentally released a devil into the mortal plane and now is on a quest to kick him back. We’ve decided with DM that it would be interesting if that devil were my character’s patron. It makes the new character a good lead to find the devil and the party wouldn’t know whether to trust the new member, making things even more interesting.

However, I can’t have a character that is directly allied with the party’s enemy. I have a backstory that would support antagonistic relationship between my warlock and his patron so that his interests are aligned with party’s. But at the same time the warlock wouldn’t risk losing his powers, hence my question – can a patron take back the powers given to a warlock?

In my case I want to follow the 5th edition handbook so that the character mades a pact/contract with the devil himself.

As @Theik mentioned in the comments, in previous editions warlocks were able to inherit the power from some ancestor who made the pact, and I bet our DM would allow it. But I’d prefer to not to take this path as the character making the pact himself works better for the rest of the background I made for him.


In the end we went with the inherited powers that the devil cannot revoke.

How to revoke a client certificate using openssl

I generated a private key and a certificate for my CA:

ca.key ca.pem 

Then I generated a client certificate for a user:

openssl ecparam -genkey -name prime256v1 | openssl ec -out user.key openssl req -new -key user.key -out user.csr -subj "/C=RU/ST=Moscow/L=Moscow/O=Company ltd/OU=Sales department/"}); openssl x509 -req -days 3650 -in user.csr -CA ca.pem -CAkey ca.key -set_serial 1 -out user.pem cat user.key user.pem ca.pem > user.full.pem openssl pkcs12 -export -out user.full.pfx -inkey user.key -in user.pem -certfile ca.pem 

Now I have these files for the user:

user.csr user.full.pem user.full.pfx user.key user.pem 

Now I need to revoke this certificate and generate a file with certificate revocation list adding it to Apache. I read that it must somehow be done using

$   openssl ca -keyfile ca.key -cert ca.pem Using configuration from /etc/ssl/openssl.cnf ./demoCA/index.txt: No such file or directory unable to open './demoCA/index.txt' 3072997056:error:02001002:system library:fopen:No such file or directory:bss_file.c:413:fopen('./demoCA/index.txt','r') 3072997056:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:415: 

Is it possible to avoid writing all the configurations, cause I don’t know them well enough.

How undo the “revoke access” in yammer applications

i cloned a spfx project from https://github.com/SharePoint/sp-dev-fx-webparts/tree/master/samples/react-yammer-api and it basicaly search for a name of the user in yammer and return some informations about it. I was able to execute and query yammer rest api just fine, but then i went to my yammer user profile settings and i revoke the access to the application that i registered.

enter image description here

And now i cannot get the users using the rest api anymore. Always that i make a request its return 401 error.

How to revoke permission form a folder?

There are multiple users in ubuntu in my system. Let’s say users are X1, X2, X3, .. , Xn

Now in a Storage HD mounted at /data/ each of them contains one folder. User X1 is sudoers. Each time a new user (X*) comes, X1 creates a new folder by his username (X*) in /data/ and gives permission by

setfacl -m u:X*:rwx X* chown X* X* 

Now to see the folder persmission we use,

# file: X* # owner: X* # group: N1 user::rwx user:X*:rwx group::rwx mask::rwx other::r-x 

Now every user in the usergroup can see the folder content of other users. as they can enter to each other’s designated folder. How to restrict them each entering other’s folder.

Permissions revoke delay

I have a strange issue with permissions. We have a web application with custom claims provider (I do not know if this is connected with the issue). We have some site collections with many documents (all documents have broken permissions… I know it is not ok but it has to be that way). The issue is that when I assign a user to a group (this group exists ‘inside’ our custom claims provider) the user receives permissions immediately – he can open the document. But if I revoke permissions – user still can open the document for around 4 or 5 minutes. After that time the permissions are ‘truly’ revoked. What the…?

How to revoke running permission to unresponsive script in Firefox?

In a certain website, a JS script causes the Firefox browser in my computer to crash.

Stopping that script will allow me to access the website flawlessly, but I accidentally allowed it to keep running, and now the prompt won’t appear again, so whenever I try to access that website, Firefox will crash.

I’d like to have the chance to revoke the permission on that script, so it will work from now on, but unfortunatelly, I havent found any way to do that.