Highest Voted 'client-side' Questions - IT Security Stack Exchange

46

votes

3 answers

Are virtual keyboards not necessary anymore to protect against keyloggers?

My bank has issued a new version of their online banking site. This new version has no virtual keyboard to enter the PIN. I asked them how are they protecting me against keyloggers but I didn't receive any answer.

web-browser client-side keyloggers

asked Oct 25 '17 at 14:37

David Lopez

563
1
4
5

43

votes

6 answers

Sending a client-side high-score to a server securely

I'm creating an web-application that has a simple javascript game in it. Once the player finished playing the game the high-score is sent to the server and saved. After a specific period the player with the best score receives a prize. Is there a…

client-side gaming

asked Jan 15 '17 at 09:45

StationaryTraveller

549
1
4
6

38

votes

5 answers

How secure are my passwords in the hands of Firefox using a Master Password?

I'm relying on Firefox to remember my passwords, using a Master Password of more than 25 characters. How secure is this set-up?

encryption passwords web-browser known-vulnerabilities client-side

asked Nov 17 '10 at 07:51

Roger C S Wernersson

3,060
4
18
12

38

votes

8 answers

Client side password hashing

Edit: Updated to put more emphasis on the goal - peace of mind for the user, and not beefing up the security. After reading through a few discussions here about client side hashing of passwords, I'm still wondering whether it might be OK to use it…

hash java client-side bcrypt pbkdf2

asked Oct 23 '12 at 00:47

Foy Stip

391
1
3
7

36

votes

9 answers

If "you can never trust the client", then why do companies such as Valve rely solely on client-side verification?

In video games, most anticheat software is run clientside (e.g. PunkBuster or Valve Anti-Cheat)- but isn't one of the first rules of security to never trust the client? If so, then why do these companies not offer server side verification for video…

client-side

asked Feb 22 '16 at 00:39

user189790

463
1
4
6

31

votes

3 answers

What useful things can I do with the html5 "keygen" element?

There's a new* keygen element in the html5 spec. It's supported in major browsers excepting Internet Explorer and Safari. Here's what it looks like:

28

votes

5 answers

How does preventing automatic download of pictures help to protect my privacy?

When viewing some emails in Microsoft Outlook, if the sender has included images, I get the following option appear at the top of the email: "To help protect your privacy, Outlook prevented automatic download of some pictures in this message" I…

email privacy client-side

asked Mar 08 '12 at 13:40

m-smith

569
6
10

27

votes

9 answers

Why do some people really hate security via client-side?

For instance, lets look at a common login system for a website HTTPS connection is made User submits credentials via POST Server-side code hashes the password and looks if it matches the user name Session is initialized, and a key may be issued to…

appsec web-application authentication javascript client-side

asked May 18 '11 at 13:52

Incognito

5,204
5
27
31

25

votes

7 answers

Is it possible to modify your user agent http header for malicious use?

The Google crawl bot uses the user agent "Googlebot", and I am wondering if this knowledge can be used maliciously. Let's say in a random website, the Googlebot user agent is allowed to access an admin panel, could this be considered a…

web-application http client-side

asked Feb 23 '16 at 02:12

Xavier

351
3
4

24

votes

6 answers

Is it fundamentally possible to validate that an unmodified version of your client connects to your server?

Is it fundamentally possible to validate that an unmodified version of your client connects to your server? I was just thinking about the idea of having my client-side app hash its own source code and sends that as a key to the server with any…

hash server client-side

asked Oct 31 '14 at 19:24

J.Todd

1,300
1
10
20

23

votes

12 answers

Is there a way to hide HTML source code yet keeping it effective?

I have a website with a client-side HTML contact form created manually (not as output of an HTML constructor like PHP): Email Adress:

email html client-side sensitive-data-exposure

asked Sep 19 '19 at 10:17

user123574

22

votes

8 answers

How can I re-use my password and still protect the password if it is exposed from one source?

I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source. The problem is that servers should do…

hash salt client-side trust client

asked Aug 07 '19 at 11:41

Sinder

389
2
8

21

votes

3 answers

help understanding client certificate verification

I am creating an API that only certain computers should have access to. Communication will be via SSL between the server and the clients. In order to verify that a client has access, I would like to create a certificate for each client, that is…

tls authentication client-side

asked Dec 17 '12 at 16:51

zsalzbank

313
1
2
6

19

votes

5 answers

How to do client side hashing of password using BCrypt?

I am migrating an old application which used MD5 hashing to Spring Security with BCrypt encoding of passwords. I want to encode the password on new user creation page, change password page and on login page before it is sent to the network. I know…

javascript client-side bcrypt

asked Jul 08 '15 at 09:19

Amit

301
1
2
7

19

votes

3 answers

How do RSA SecureID ® Keys Work?

I have been using RSA SecureID ® Keys for quite some time now (perhaps 10 years), for things such as securely my home banking account online or accessing my company's network of computers from home. These keys generate a 6-digit numeric token which…

rsa client-side banks

asked Dec 19 '14 at 22:03

John Sonderson

301
1
2
5

1

2 3

…

17 18 Next

Questions tagged [client-side]