Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
I did an interesting experiment today.
I opened Amazon.com in my browser, logged in, brought up Fiddler, and tried to add a brand new credit card.
I typed in my credit card number, expiration, and card holder name. When I submitted the request I didn't see any POST to Amazon in Fiddler. The UI said there was a problem submitting my information, and that I should try again.
I repeated it and got the identical response.
I shut down Fiddler and hit submit. My information was accepted instantly.
I'd like to know how Amazon accomplished this feat. Is it common knowledge? Is there an HTTP header involving certificates that makes it easy?
I think it is certificate pinning or something like it. Server certificate is pinned in application, so app accept only it, not any other certs even they are valid.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
Is there any way you can be sure that web application you want to register on is encrptying your passwords and not sotirng them in plain text (where admin can read them or attacker could easily get them)?
Unless you are able to read the source code of the script processing your password, there is no way to know what's happening to it behind the scenes.
But there are some things about security you can find out on the client side, just to get a feel about the kind of security level this web application adheres to.
Check if the website is using a valid SSL certificate. This already tells you something on how feasible it is for someone to do network sniffing.
Have a look in the HTML source, and see how the form submitting your data is built. Is it using a POST request and not a GET?
Register with a fake account and check your cookies. Do you see anything that looks like your session information is saved in plain text or base64? And if something looks like base64 (the string ends with = or ==), decode it and see what the string really contains.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
I'm trying to register a new client on Instagram developers page. After filling the form with the web page, phone number, and description, I'm getting a blank page that says:
"Sorry, an error occurred while processing this request.".
Not sure if it's a problem with the system or with my account.
Any hint?
It's a problem with Instagram server.
I have one API, on my website, and it not work more. And some times show 502 error.
And the error: "Sorry, this page could not be found."
I don't know why. But website like a web.stagram.com have the same problem.
If you try login (on web.stagram.com for exemple), and go to https://instagram.com/accounts/manage_access the aplication/api, the app from Stagram is not allowed and is not on the list.
I think is a problem with API system. And a Captcha on Instagram have the same error too.
Sorry for my English.
the web.stagram.com, is only for example, because is a big website.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Google had this deal on youtube about sharing an issue on their site by leaving feedback. When you clicked on it, it took a screenshot of the current page. How can I do that in my application so I can see the error my users are having?
With Usersnap (http://usersnap.com), you can get screenshots from your users. They don't have to install any plugin or browser extension and it works with all major browsers (read: including Internet Explorer!).
Installing usersnap is as easy as installing Google analytics, i.e. adding a small JavaScript snippet to your page.
P.S: I'm a co founder of usersnap - if you have any further questions, don't hesitate to ask.
Using ASP.NET, you could do something like this (see the "Calling with the IHttpHandler Method"):
http://www.codeproject.com/Articles/95439/Get-ASP-NET-C-2-0-Website-Thumbnail-Screenshot
Then, your button would submit a request to the handler (possibly via AJAX), and you could either store the answer using the handler itself, or do a second postback with the results to your processing form.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I'm looking for some sort of web software that is secure, where a team of people can login and view/add/edit Clients, with the following normal meta data:
Client Name
Domain
FTP User/Pass
MySQL User/Pass
CMS User/Pass
Anyone have any recommendations, don't really want to create a php script myself?
The problem at the moment is: We currently administrate a .DOC with all the information in it.
look at https://lastpass.com or http://www.passpack.com/ which allows you to share credentials with people.
I don't know of any specific software that could help you, however, I have used Basecamp before which is a payed cloud based service.
http://basecamphq.com/
They also offer something called 'highrise' which could better suit your needs:
http://highrisehq.com/
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I'll be using a shared Internet connexion starting this September at my school and I was wondering about what someone sniffing traffic with Wireshark may find there. I am not planing to do this myself but I feel I ought to know more about it if I want to sometimes work on my website during class.
Basically, isn't every non-SSL website that asks you for a password and an e-mail totally unsecure to log on on a shared connexion? When you know how many people use the same password for all their web/laptop/mobile accounts, it doesn't take long to get access to someone's all private data if you manage to sniff one password and e-mail.
As for me, I am already looking at how to secure my FTP connexions, but what about my users who log through HTTP? Unless I buy a SSL certificate (which I don't want, the site's too small), they are going to get more exposed to Wireshark sniffers all over the world, right? Isn't this where login tools such as OpenID become handy for small communities, since they do provide a free encryption of passwords?
OpenID and SSL are completely unrelated. OpenID's purpose is to consolidate and give ownership of a user's identity to the user, while SSL is used to keep a user's traffic with your site secret (encrypted). You can use OpenId to keep track of the user (like Stackoverflow does) and still not use SSL for the content pages.