How can I make a security token automatically expire in a passive STS setup?
I have a passive STS set up for a new application I’m working on.
security
.NET WebAPI centralized Authorization
In .NET WebAPI, I’ve created a way to have all of the authorization rules in a central location, rather than scattered throughout controllers. I’m curious why this centralization isn’t done more often; are there repercussions/security concerns?
ViewStateUserKey + shared hosting + ViewStateMac validation failure
So, the question is simple, even though I’m starting to have doubts if this will get answered…
What is all the browser agent stuff?
I am new to ASP.NET and wanted to capture details about people on my site. So I capture the Request.UserAgent attributes to file. Can anyone explain how to deconstruct these so I know what they mean? I am actually stumped by some of the user agents I see. Examples:
What are the risks of running ‘sudo pip’?
Occasionally I run into comments or responses that state emphatically that running pip under sudo is “wrong” or “bad”, but there are cases (including the way I have a bunch of tools set up) where it is either much simpler, or even necessary to run it that way.
Security of Python’s eval() on untrusted strings?
If I am evaluating a Python string using eval(), and have a class like:
hash function in Python 3.3 returns different results between sessions
I’ve implemented a BloomFilter in python 3.3, and got different results every session. Drilling down this weird behavior got me to the internal hash() function – it returns different hash values for the same string every session.
Is distributing python source code in Docker secure?
I am about to decide on programming language for the project.
The requirements are that some of customers want to run application on isolated servers without external internet access.
Hiding a password in a python script (insecure obfuscation only)
I have got a python script which is creating an ODBC connection. The ODBC connection is generated with a connection string. In this connection string I have to include the username and password for this connection.
Change to sudo user within a python script
I have a problem. I am writing a piece of software, which is required to perform an operation which requires the user to be in sudo mode. running ‘sudo python filename.py’ isn’t an option, which leads me to my question. Is there a way of changing to sudo half way through a python script, security isn’t an issue as the user will know the sudo password the program should run in the following way to illustrate the issue