segurança

From the I understood , this response header controls access to the contents of the application, and together with other hea ... itself, CDN, Google, Font-awesome etc to be able to load data on the page, what should the statement on .htaccess look like?

Does the use of virtual keyboards (the same as Google search) prevent the typed data from being collected by Keyloggers? If yes is there any virtual keyboard they can indicate?

I have been thinking of an algorithm against attacks of the type Brute-force that, as we saw in the case of iCloud , can ge ... tentar denovo] A session-only check would be enough? Or would it be worth adding cookies, or some other method of checking?

I'm curious trying to understand how a DDoS attack works, for this I gave an online read and then wrote this snippet of code ... is working? How do I know for another computer to recognize the attack? And how could I prevent it from another computer?

I would like to know the difference between these two types of ACL and RBAC access control. I've been reading about them, a ... ng questions about them are: 1 - difference (a direct explanation please). 2-which one to use? 3-advantages between both.

I received a machine with an instance of SQL Server 2008 installed, I am able to access this instance through SQL Server Mana ... with Windows ADMIN account? 2-I can give permission from sysadmin to Windows ADMIN account without using the account of SA?

closed . This question needs to be more objective and is not currently accepting answers. ... and to access it, the user enters the login and password. How best-safe and simple - to make the login and password system?

I did not understand very well the operation of salt of bcrypt , in javascript code (node): const bcrypt = require('bcrypt' ... ated salt, how then bcrypt makes this comparison, since the value of salt will interfere with the final hash of the password?

The function password_hash seems to me a wrapper that adds a high-level layer to the function crypt, as it brings a default c ... a. The point is whether it is a wrapper or not. Therefore, security is not the focus of this question. Right now, thank you.

Can I leave, for example, the ID of a user q I will do select in hidden, and use it (the id) without having to confirm that that ID belongs to the logged in user? In other words, can the user change the input hidden?

I'm trying to generate a nonce for the CSP, I have already enabled Apache mod unique_id, and in .htaccess it is already gener ... generated in HTML, but it is different from what is generated in htaccess (which appears in the report of the message above).

I missed the name of this technique in which the developer instead of treating the problem simply hides it. For example: I h ... so no one clicks. However, anyone with knowledge can circumvent this "solution"of mine. What is the name of this technique?

closed. this question is out of scope and is not currently accepting answers. ... y way to try to log in via URL? How was the new address discovered? How to prevent this? Thank you for everyone's attention.

Despite not understanding almost anything on this subject I was reading about the protocols and security certificates as I sa ... as CDNs, imagens and know if they are "optionally lockable content" and how I set whether on my site they are allowed or not.

I have a file isolated from the others called config.php. It stores information from 3 databases and some sensitive passwor ... inds it will be able to read the information contained in it and disrupt my system afterwards. Is there any solution to this?