Questions tagged [confidentiality]
Confidentiality is the property of maintaining the secrecy of an asset. In other words, confidentiality means protecting against the threat of disclosure. It is one of the three key security properties of an asset, along with integrity and availability.
193 questions
1
vote
0
answers
123
views
LinkedIn website automatically gets my email address in Edge without consent, can all websites I browse silently get my email? [closed]
I'm using Edge 135 browser on Windows 10. I am currently logged in my Gmail account, but not logged in LinkedIn.
When browsing to https://www.linkedin.com (I never logged in on this website since I ...
- 982
1
vote
1
answer
127
views
Is form data as is being inputted always safe?
When filling out forms in the browser is the client side input secure against JS and other attack vectors?
- 1,697
1
vote
1
answer
102
views
Risks from sharing screen recording of mobile Australia licence
A Swiss Unicorn scanning software company is asking for a screen recording of my digital driving licence via UpWorks a freelance marketplace.
They're using Aphaia as outsourced DPO.
What are the risks ...
- 121
14
votes
2
answers
4k
views
Should mail addresses for logins be stored hashed to minimize impact of data loss?
I'm currently designing a user authentication system for a web application, and I am considering best practices for storing user login information. While it's common to hash and salt passwords (with ...
- 755
1
vote
1
answer
203
views
Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?
IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can't track it, so we have to make a choice: do we risk and accept it, or do we drop it?
...
- 537
15
votes
7
answers
5k
views
Preventing Javascript in a browser from connecting to servers
I have a webpage I would like to use locally (the JSON-LD Playground). It appears to be designed to operate without connecting to a server. I would like to have a strong confidentiality guarantee ...
- 9,514
1
vote
1
answer
246
views
What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?
ESP in IPsec v2 only provides integrity of the payload, not of the header. So my question is about that. The possible dangers in not having integrity of header, while having ESP active for payload.
...
- 137
0
votes
1
answer
405
views
Wireguard client configuration file - confidential values
Given a Wireguard client configuration file, I guess some of the fields shouldn't be shared with just anyone, like the private key, right?
Is there any other field that should be treated as a ...
- 101
2
votes
1
answer
1k
views
Public client or Confidential client: should I generate a client secret?
I've read about this but I don't fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that ...
- 123
0
votes
1
answer
315
views
Confidential Computing - SQL Server Always Encrypted w/ Secure Enclave - Customer Managed Keys or alternative
I am looking into ways to build a data warehouse that would house confidential data for 1+ clients. The requirement is that our organization can never obtain access to the decrypted data. There would ...
- 101
1
vote
0
answers
100
views
Can the data between Express.js middleware be manipulated/tampered in any way?
In the node.js express.js framework there is middleware support. Let's assume I have two middleware - the first one, which verifies whether the JWT token is legit and not tampered with and the second ...
- 264
1
vote
1
answer
2k
views
Is there any danger in refreshing JWT tokens directly without a refresh token?
So I wrote the following logic for my web app:
When a user interacts with the website it initiates a Backend call. In the backend every endpoint has multiple middlewares, of which there is a JWT ...
- 264
1
vote
0
answers
365
views
MySQL encrypt fields and decrypt them with a password
I'm trying to figure out the best approach to store some information into a DB that will only be accessible by specific users through a password.
So let's say I've got user X that stores something ...
- 11
0
votes
1
answer
191
views
How do you trust two different cloud provider servers?
I've found a question with an answer here on Security StackExchange or on Unix StackExchange, but I can't find it anymore apparently :( If you find this answer already, help would be appreciated, I ...
- 1,697
1
vote
2
answers
149
views
Trustless Application Architecture for end-users with secure enclaves
I am working on a project where I want to store end-user private data, but immediately this brings up the trust question of why a user would trust me to hold their data. I don't actually want to hold ...
- 11