In the beginning of the SSL handshake attributes like SSL Version, Random, Cipher Suite etc are sent to the server (and vice versa). But the handshake happens before establishing any security capabilities (even the certificate of the server is sent afterwards). So how are these important attributes exchanged between the server and client securely.
Hi Guys It's Brian H. Cornett. I am New trader in online section. I want to know about cryptocurrency exchange. I need to know about the different exchanger and it's facilities. Can you guys help me in finding a exchanger which provide me a lot of facilities?
I’m working with site that is served via HTTP. Authentication service is external and served via HTTPS. I’m not sure that it isn’t security concern that is website is not using SSL.
I’m building the equivalent of a blockchain wallet, it is an end-to-end encryption desktop program, the user (client) must be the only one to know his private key, with this private key, he can send funds or perform some potentially very critical operations, of course he just sends messages signed with the private key.
The UX allows the user to save his private key, so it can be reused later by the same application.
For obvious reasons, I need to encrypt this private key (64 characters string) some way or another, so any other program or person that has access to the file system cannot read it.
What are the state-of-the-art or recommended practice to adress this critical issue ?
Is there some OS features that allow only one program to read/put some data ?
I have a Remote Event Receiver developed/deployed for SharePoint online using hosted-addin. This add-in can be deployed in different sharepoint online enviroments. When item added event gets triggered another list gets updated.
To update the list with data, a WebAPI gets invoked which is secured using OAuth. How i can invoke the WebAPI to get the needed data.
I am able to get the context of sharepoint to manage the list data and access token is also available. Can this token be passed somehow to get the API authericated and how ??
I guess the token available is for sharepoint and not for the webapi.How this can be made working??
With this setup, or with additional “moving parts” to be added to the overall system, is there a way to at a later date to assert that a certain user identity was responsible for a transaction? Assume that we are able to store any/all data that is in-context (i.e., is part of the REST call for the transaction) at the time the transaction is requested.
Thanks to @alnbhclyn for their thoughts below. I think I need to clarify — the key gap above seems to be the link between a JWT and the specific contents of a transaction. Is there a means of “signing” the transaction with the JWT or some part thereof such that a positive link between the two can be made at any point in the future?
I want to access the SharePoint REST API secured by MFA from Powershell, it is not working? How can I achieve this?
iam trying to find all the pages that my website have as a fast check when i used wget with http it worked very well , but when dealing with https “port 443” it is not opening because it deals with my terminal as unsupported browser and redirects me
How to secure antivirus updates that do not use secured HTTP? I suspect that the antivirus I’m using makes updates through unsecured HTTP. Moreover, it transfers using GET method information about my system.
am developing a commercials app using nwjs and postgresql as a database, but since I have to ship postgresql database with my commercial app, client can find hba config file, they can configure postgresql to use host based authentication, that makes postgresql not to prompt a password. so my question is how can I make postgresql prompt password no matter what hba config is or other config file is? thanks!