What's the chance of a collision in Python's secrets. compare_digest function? Question: The closest function I can find to a constant time compare in Python’s standard library is secrets.compare_digest But it makes me wonder, if in the case of using it to verify a secret token: What’s the chance of a collision? As in, what’s …
AES-GCM 256-bit VS. SSL/TLS for socket security Question: Is there a difference between using AES-GCM 256-bit encryption, or using SSL/TLS to pass data over a socket. I am currently passing data back and forth from client to server, using asymmetric AES-GCM 256-bit encryption. Is there an advantage to using SSL/TLS as opposed to my current …
Restrict access per customer in django Question: I am trying to restrict access to records based on each customer so users can’t access each others data through URL. I have added this but its restricting everything. if request.user.customer != Infringement.customer: return HttpResponse(‘Your are not allowed here!!’)" views.py @login_required(login_url=’login’) def infringement(request, pk): if request.user.customer != Infringement.customer: …
unique identifier for USB device Question: i want to add a security feature to my python executable, its a portable program which can be installed on a usb drive, how can i make it so it only starts from the usb on which it was installed, when copied or moved to different usb or PC …
Why does the subdomain finder stop because "label empty or too long"? Question: So I made this subdomain finder from a hacking course. It seems to work fine for a little bit but then gives a weird error. Could anyone help me? Here is the code import requests url = "youtube.com" def request(url): try: return …
Encrypt/Hide sqlite3 database (Tkinter & Python) Question: I am currently working on a password saving application using tkinter, and I don’t want the database to be visible/accesible from the computer’s local storage. Is there a way to achieve this with a pre-existing python library, or do I have to pay for a service? Asked By: …
Handling the token expiration in fastapi Question: I’m new with fastapi security and I’m trying to implement the authentication thing and then use scopes. The problem is that I’m setting an expiration time for the token but after the expiration time the user still authenticated and can access services import json from jose import jwt,JWTError …
How do I know if the 'usedforsecurity' flag is supported by hashlib.md5? Question: When I run the following on my Macbook, I get the error: >>> import hashlib >>> hashlib.md5(usedforsecurity=False) Traceback (most recent call last): File “<stdin>”, line 1, in <module> TypeError: openssl_md5() takes no keyword arguments But when I run it on my Linux …
How to secure own backend API which serves only my frontend? Question: I’m setting up a webapp with a frontend and a backend that communicates with the frontend soley through RESTful methods. How do I make sure that the backend endpoints are only accessed by my own frontend, and not anyone else? I cannot find …
Security issues I should be aware of with jupyter notebook? Question: I’ve been using jupyter notebook for about six months now, but I don’t really know the inner workings and any potential security issues I should be concerned with. When I run the jupyter command from my console, It seems I am connecting to a …
