Advertisements I want to run a docker login from python3 without asking for user input. I have three global variables REGISTRY_URL, USERNAME, PASSWORD. I want to run: os.system(f"echo ‘{PASSWORD}’ | docker login {REGISTRY_URL} -u {USERNAME} –password-stdin") The problem is that my three global variables are user controllable which can lead to Remote Code Execution. How… Read More Running a docker login with python subprocess securely

Advertisements In react, is it better to have form validation checks such as if email is proper or not on client or on server? Wouldn’t it be more faster on client, but less secure. For example, let’s say you have a login form with react. In the login form, you could have two fields: an… Read More React – is it more secure if you validate forms on client or server?

Advertisements html = ` <div class="ai-message loading"> <img src="<?php echo get_template_directory_uri()."/assets/images/icon.png"?>"> <svg class="message-container ai-bg" id="dots" width="66px" height="29px" viewBox="0 0 132 58" version="1.1"> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="dots" sketch:type="MSArtboardGroup" fill="#ffa3fc"> <circle id="dot1" sketch:type="MSShapeGroup" cx="25" cy="30" r="13"></circle> <circle id="dot2" sketch:type="MSShapeGroup" cx="65" cy="30" r="13"></circle> <circle id="dot3" sketch:type="MSShapeGroup" cx="105" cy="30" r="13"></circle> </g> </g> </svg> </div>… Read More appending code like this could be a js vulnerability?

Advertisements I’m new to web development and I don’t know whether it’s better to check that user filled out all the fields in a form by using "required" or to check it later using php with empty() and then return user to the front page. What are the upsides and downsides of each method? I… Read More When making a form, what's the difference between required in html and checking it later in php?

Advertisements I am trying to translate java code to c#. I’m kind of stuck on this exercise below: MessageDigest md = MessageDigest.getInstance("MD5"); md.reset(); md.update(pass.getBytes()); byte[] enc = md.digest(); StringBuilder hex = new StringBuilder(); for (int i = 0; i < enc.length; i++) { String h = Integer.toHexString(0xFF & enc[i]); hex.append((h.length() == 2) ? h :… Read More MessageDigest in Java to C#

Advertisements Is it possible to inject a SQL attack in these queries? is it okay to insert user input in the query directly like below or it need a validation etap in advance : query = self.request.GET.get(‘q’) query_result= Consultant.objects.filter( Q(first_name__icontains=query) | Q(last_name__icontains=query) | Q(group__title_techGroup__contains=query) | Q(practices__title_practice__contains=query) ) >Solution : Yes, they’re just as secure as… Read More are using django q objects (complex queries) with user input secure?

Advertisements for example CodePen and Khan Academy programming projects. they let their users upload js scripts that will run on other computers, codepen even lets users with pro account use 3rd libraries. I want to do the same thing on my site, how dangerous is this ? how to minimise risks ? >Solution : It’s… Read More what are the dangers of letting website members upload js for other members to use?