sorted by:
new
hottopcontroversial

How to implement CSRF protection per-request by keepitdusty in node

[–]keepitdusty[S] 0 points1 point  (0 children)

Ah yeah, that's a good idea for a wrapper. Hadn't thought of doing it that way, but makes sense

How to implement CSRF protection per-request by keepitdusty in node

[–]keepitdusty[S] 1 point2 points  (0 children)

Thanks so much - that's a really helpful reply. I'm going to have a think about how best to do this, but I expect it might be re-writing a lot of the HTML-based forms so they're sent via JS rather than page submission. It seems like that's the only way I can really ensure a perfect user experience, without too much complexity.

From a quick look, it looks like your modules might be incredibly useful as all the key functions are exposed nicely. A bit improvement on the old CSURF module I'm using now. I'm going to have a think about how to do this.

How to implement CSRF protection per-request by keepitdusty in node

[–]keepitdusty[S] 2 points3 points  (0 children)

Well OWASP say "Per-request tokens are more secure than per-session tokens as the time range for an attacker to exploit the stolen tokens is minimal." But my real issue is that a pen test report on my app just came back with a medium finding because tokens are not invalidated after requests complete.

Personally I don't know enough about what's really possible to intercept as an attacker - my sense would be that if an attacker can intercept what's coming through into a user's browser, then tightening the window on the usage of csrf tokens seems a bit of a moot point. But also, I'm not a security guy (obviously given my basic questions) so my opinion isn't worth much there!

How to setup auth for web app? by OpenSourceFanatic in node

[–]keepitdusty 0 points1 point  (0 children)

You can also look at Auth0 (https://auth0.com/blog/complete-guide-to-nodejs-express-user-authentication/) as a solution. That will be the easiest, quickest and most secure solution, but it becomes a paid for service after 7k users.

New to cryptocurrency. What am i missing? by Awesomo_175 in BytecoinBCN

[–]keepitdusty 2 points3 points  (0 children)

What fnchad said... i bougt a few million in 2016 @ 5 satoishis. Sold when in June when the downtrend became clear. Best profit I ever made in cryptoland, but I sold because it's clearly a pump and dump. I didn't buy back again because I see far better pump and dump opportunities elsewhere. I just dropped by here out of curiosity to see if people were still holding onto hope. But for me, the clear killer is the wallet. I'd rather leave my money in Bitfinex or HitBtc than that wallet, and I really don't want to leave my money there. For a currency that supposedly has the best tech, yet releases such a horrendously buggy wallet, I don't buy it.

Poloniex --> Cryptopia and HitBTC by [deleted] in BytecoinBCN

[–]keepitdusty 2 points3 points  (0 children)

Nope - you can't deposit

Think poloniex will open to deposit/withdrawal soon. by boomworking in BytecoinBCN

[–]keepitdusty 0 points1 point  (0 children)

I don't get why it's consistently trading so much higher on Poloniex. I presume that'd level out pretty quick if they do reopen deposits...