Oracle Kerberos authentication on Linux host with SSSD
I have Linux servers which are members of AD domain, running SSSD demon.SSSD is "Kerberized" and I also do want use Kerberos for Oracle db authentication.NOTE: this is not purely about Oracle database....
View ArticleClik here to view.
docker daemon reports 'tls: unconfigured cipher suite' for Nginx reverse...
I am migrating to Artifactory on RHEL8 as a Docker remote repository, i.e. Artifactory is a proxy for a docker registry hosted through Jfrog.io.We have a legacy registry with config in...
View ArticleDoes Firebase App Check provide CSRF protection?
Quoting the OWASP Cheat Sheet on CSRF Prevention:Using the Synchronizer Token Pattern:CSRF tokens should be:Unique per user session.SecretUnpredictable (large random value generated by a secure...
View Articleare new CPUs still vulnerable to attacks like Spectre and Meltdown?
Are the most modern CPUs still susceptible to attacks like Spectre and Meltdown?Is it worth enabling the fixes in kernel (which hit performance) ?Lets say high end laptop CPU such as the AMD Ryzen 7...
View ArticleWhy are HMAC signatures frequently used for webhook authorization but not...
HMAC signatures are very commonly used for webhook authorization from service to consumer.Examples:StripeSlackTwilioTwitterGitHuband hundreds and hundreds more. This seems a near universal design...
View ArticleIs there a standard for OTPs tied to transaction details (that has been...
There are standards for Time-based (TOTP) and Counter-based (HOTP) One Time Password schemes.Generated OTPs are independent of the transactions they are used for, such as authorizing a login or a money...
View ArticleIs HTTP/0.9 considered "End-of-Life" (EOL) due to security vulnerabilities or...
I'm exploring the history and evolution of the HTTP protocol and I know that HTTP/0.9 is generally not used anymore. It's clear how features evolved in newer HTTP versions and how primitive HTTP/0.9...
View ArticleWhy would one use radio instead of the Internet for secure communications?
This question is inspired by someone's comment on this question elsewhereIn the modern era of Internet and encryption it's quite surprising that countries like Russia still regularly use coded radio...
View ArticleWhy does Bluetooth Low Energy Secure Connections with Passkey Entry check the...
If we want to enable an authenticated connection via BLE the passkey method seems like a good idea. A 6-digit PIN is generated randomly on one device and has to be entered on the other - these 20 Bit...
View ArticleDoes a signature service provider level digital certificate for electronic...
I have some basic questions regarding eIDAS and 'Advanced Electronic Signatures'.Say, if I create a product under my company Acme Inc that offers a simple electronic signature where I sign every...
View ArticleWhat should we do in practice to mitigate vulnerabilities in WPA3?
WPA3 for Wi-Fi systems is generally acknowledged to be more secure than WPA2. For example, it introduces SAE with the Dragonfly handshake, in an attempt to close the door on the kind of brute force...
View Article"Duplicate" of Chrome Tabs causes stale tokens
Our implementation for authentication works like thisUser provides username/password to /login APIAPI returns access token and refresh token in payloadWe store the access token and refresh token in...
View ArticleEIDAS compliant advanced digital signature in company name
The company I work for is developing a digital signature application very similar to DocuSign, but we aim to make our signatures EIDAS compliant.For the first version we aim to do the same thing...
View ArticleWould a domain registrar be considered a Service Provider for PCI compliance...
Hypothetical:Company A accepts credit card payments and must be PCI compliant.Company B provides domain registration (but not DNS or web hosting) services to Company A.Some of these domains are used by...
View Article