IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [library]

A library is a collection of software routines made available to other programs through a well-documented interface.

A library is a collection of software behavior and resources that are available for use by other software programs that are being run on the computer. They may be provided as pre-compiled binary code or as source code. Each version of a library comes with a documented interface.

The difference between a library and a service is that services execute independently of the clients, listening for new communications to come in over a network connection. Libraries don't normally execute on their own; their routines are loaded and executed by the client in the context of the main program.

39 questions
26
votes
5 answers

How to deal with this fundamental problem with the advice: "Don't trust obscure PHP libraries that nobody uses!"?

Frequently, I'd say in virtually every case, there is only one PHP library for any particular problem. (I don't count obsolete, abandoned, trash ones.) Therefore, it's never a "choice" by me to use it. I have to either use it or nothing. For this…
whybotheryouharasverydamnquest
  • 269
  • 3
  • 3
19
votes
5 answers

How can I ensure my dll has not been modified?

I have an old project in VB which created an unique pc code from MAC address and disc id. This was used to identify a pc so credentials cannot be used between pcs. This project migrated to C#, and I encapsulated this logic in a DLL which simply…
Vallo
  • 319
  • 1
  • 2
  • 7
18
votes
7 answers

Why are security-crucial software written in unsafe languages?

This may be a stupid question, but... Why are security-crucial software written in languages such as C and C++? I understand why, say, an embedded system might need a low-level language to make the most use of limited resources, but it seems foolish…
ithisa
  • 566
  • 4
  • 11
10
votes
2 answers

security implications of Java's System.load vs System.loadLibrary

Jumping from https://stackoverflow.com/questions/7016391/difference-between-system-load-and-system-loadlibrary-in-java What are the security implications of both approach ? System.loadLibrary("_name_"); Automatically searches for a library named…
Cerber
  • 205
  • 2
  • 7
10
votes
4 answers

Do outdated Javascript libraries present a risk for my web application?

I have a small web application and I just realized that some of my JavaScript libraries are outdated. An example:
user134969
  • 1,298
  • 4
  • 15
  • 24
8
votes
2 answers

Do people even exist who actually vet all the updates to their open source software?

A year or so ago, I set up this system which, whenever Composer (that's PHP's packet/library update manager) fetched new updates to my few (but critically required) third-party libraries, created a copy of the Composer dir and opened up WinMerge to…
T R
  • 81
  • 1
8
votes
2 answers

Restrict JS in SVGs

Does anyone know of a way to prevent JS from running inside of an SVG or stripping out JS from an SVG? In my use case I'd prefer to keep the image as an SVG and not convert it to a JPG. I've thought about stripping out script tags and on-attributes,…
winhowes
  • 349
  • 1
  • 13
7
votes
2 answers

Are devDependencies in Node.js exploitable?

I am well aware that the best approach is to update any dependency, no matter whether it is a development dependency or a runtime/production dependency. But from a research prospective, I want to know whether a vulnerability in development…
LGDGODV
  • 143
  • 5
6
votes
2 answers

Can I trust a security hash implementation after testing it with random inputs against another implementation?

Let's say I want to use a security hashing algorithm, like bcrypt, and I want to use a young bcrypt implementation, e.g. called libfancybcrypt, instead of an well established implementation. Of course, I can simply generate a few thousand or…
Lukas Kalbertodt
  • 293
  • 1
  • 7
6
votes
1 answer

What software can be used to read data from smart cards?

I have recently got this smart card reader. In the description it says that it can be used to read data from fidelity smart cards, library cards, etc. The technical card compatibility support is as follows: Supported Smart card: microprocessor smart…
cybergeek654
  • 181
  • 1
  • 1
  • 4
6
votes
3 answers

How much can we trust open source implementations of crypto (security) libraries?

In one of my projects I was choosing bcrypt or PBKDF2 for the KDF for passwords. I have read that bcrypt is generally more advanced and scrypt is even better. But I am using .NET platform where bcrypt/scrypt are not available from Microsoft though…
Ilya Chernomordik
  • 2,197
  • 1
  • 21
  • 36
5
votes
1 answer

NaCl: US Export Regulations

I'm in charge of a product security in our US based startup and I plan to use NaCl for encryption (well, Sodium, actually). I'm trying to navigate the labyrinth of US export regualtions - something I never dealt with before. By now I'm aware that…
portnoy
  • 81
  • 5
5
votes
1 answer

Using OpenSSL as a library versus calling output from standalone command in a program being written

In another question about how to use OpenSSL programmatically a community member was writing, one suggestion was to use the system() command whereas another was to include the C headers and work with the library using functions directly. Also, if…
Eric G
  • 9,691
  • 4
  • 31
  • 58
4
votes
2 answers

How are apps on the Play Store infected by malware?

I just read about the Xavier malware that has apparently "infected" some apps on the Google Play Store. As usual when there are news like this, they dumb it down to a level that most people can relate to, using terms like "infected with" etc. Some…
Magnus
  • 213
  • 1
  • 5
4
votes
1 answer

LibTomCrypt weird ECC Keys

I recently started working with the LibTomCrypt Library because it claimed to be a well documented C Library to get started with Elliptic Curve Cryptography. In my first little program I created an ECC key which I afterwards tried to print out.…
clickMe
  • 143
  • 5
1
2 3