IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sensitive-data-exposure]

126 questions
0
votes
1 answer

Windows Encrypted temp directory for files at rest in Windows?

It would be nice if there was an area on my computer where I could work with temp files that may contain sensitive information that could be encrypted with bitlocker or something similar when the files are at rest. It would be even nicer if these…
leeand00
  • 1,297
  • 1
  • 13
  • 21
0
votes
1 answer

Exposing a version number through the assets urls

I just received a blackbox pentesting report where the security company recommended to hide the version number from the page (be it returned to the user as a text or used as a cache-buster in the css/js/img urls, like /path/to/file.css?v1.2.3. I…
zerkms
  • 173
  • 10
0
votes
0 answers

Securing Clipboard Memory

Sometimes sensitive data is copied from/to processes and external devices like (long)passwords, usernames and so forth , but also often people don't get this always in mind and forget to clean that type of memory (it is actually RAM) with the risk…
user211258
0
votes
1 answer

How could you safeguard your data traces when using USB Drive?

I have a very serious question with regard to data security with regard to usage of USB Drive when transmitting, storing or even clearing data with it. When one is going to use USB Drive for interacting with critical data, how could maximise the…
Extrasecurity
  • 37
  • 1
  • 8
0
votes
1 answer

Which is more secure: saving reference link to file in file system in the database, or save the entire file into the database?

We have forms where we get clients to upload images of very sensitive information (passport, signature, etc.). We will store their written information into a database. However, there is the issue of the images. Usually, I hear people saving the…
yaserso
  • 101
  • 3
0
votes
0 answers

How secure will it be to use "Google Docs long url" like authentication scheme for orders in my online shop?

For the sake of simplicity, instead of full-fledged authentication with login and password, I want to create "Google Docs long url" authentication scheme for my internet shop for the users. To let them view, track, and possibly modify their own…
Kaj
  • 1
0
votes
1 answer

Sensitive data transmission over Internet

I was wondering how we should transfer our sensitive data (identity card softcopy, plaintext-password, secret documents, etc) over the internet securely, the following are a few related questions: Is the security level of current widely used…
Yong Cai
  • 11
  • 2
0
votes
1 answer

Is there any other way through which an attacker can obtain user data from HTTP response except MITM and CORS attack?

I am doing some research for my college project and I want to ask is there any other way through which an attacker can obtain data from HTTP response except MITM and CORS attack. For an example, If I send HTTP request to the website and in return,…
Dhananjay
  • 3
  • 3
0
votes
0 answers

Why do people redact MAC addresses?

What are the security implications of sharing a MAC address online? How important is it really, to redact this information; and why? I see it a lot, and I'm in the habit of doing it myself. 1. Censored images Redacted and obscured images, PDFs,…
voices
  • 1,649
  • 7
  • 22
  • 36
0
votes
0 answers

Protecting sensitive data in cache

I have a java application which is reading sensitive data from database (open symmetric key, read data from database) and storing it in-memory cache. I want to make sure that no one should able to dump this data to disk (say by crashing…
learner
  • 101
0
votes
2 answers

User generated search queries

Are user generated search queries classed as sensitive data? For example, if an application put PII from a search query such as names, date of birth, addresses etc. in the query string of a URL (HTTPS GET request), it was my assumption this would…
qwrez
  • 3
  • 2
0
votes
2 answers

How to give a web application a key in order to decrypt data in a database

My situation is that I need to store sensitive data in a database for a web application. The sensitive data includes things like refresh tokens for Oauth2 systems, secret keys for other APIs etc. I'm trying to build this assuming that an attacker…
Lucas
  • 103
  • 2
0
votes
1 answer

Processing sensitive user data on a server without the possibility of data theft?

I have written an application which I would like to offer via REST API to customers. In the task which is executed on the server there is some sensitive user data involved, e.g. the user's login to a third party service. There is no way to execute…
Johnny93715
  • 1
0
votes
1 answer

Medicare card & SSN - What can be done to prevent unauthorized SSN disclosure?

Those of us on Medicare realize that the card displays our SSNs just like the Social Security card. There was the case of the guy from LifeLock who published his, promising that his company would protect him. It didn't go well. Lifelock CEOs…
SDsolar
  • 977
  • 1
  • 6
  • 25
0
votes
1 answer

Privacy alternatives to keep sensible data secure?

I often find myself connecting to the internet through the University network and since I have to authenticate in order to navigate I guess that the system administrator can easily see any connection that I make and monitor all of my traffic. I…
Gamaranto
  • 3
  • 1
1 2 3
8
9