Skip to content
loading...

All 82 Comments

re: Webassembly is good but doesn't the thought scare you that sites will now be able to run full binary programs on your devices?
Read what Nikola and Austin said. You need special Web Asse...
re: If/else or just if?
Which ever route is the easiest to read(usually it's the se...
re: If/else or just if?
Ternary operators are really nice for simple and small stat...
re: Pushing Left, Like a Boss — Part 5.4 — Session Management
Session IDs should be at least 128 characters long. Do y...
re: Preventing malicious authentication attempts while avoiding CAPTCHAs.
Ah, okay. That makes more sense.
re: Preventing malicious authentication attempts while avoiding CAPTCHAs.
Discord is an example of using CAPTCHAs during sign in proc...
re: Preventing malicious authentication attempts while avoiding CAPTCHAs.
Actually, CAPTCHAs are also used for sign in processes in s...
re: Embedding code in posts
Another issue: poor internet connections and images don't m...
re: What programming best practice do you disagree with?
I'm pretty fond of 80 characters being the limit.
re: Dynamic data and SQL statement
In PHP, using prepared statements DOES NOT prevent...
re: htmlspecialchars()
+1 for recommending the use of template engines. I'd also ...
re: Q Vault: An open source secret manager
Oh okay, that makes sense now. I thought you were using a s...
re: Q Vault: An open source secret manager
Okay. It makes sense. Why do you want AES-256 in GCM mode? ...
re: Q Vault: An open source secret manager
Libsodium isn't "training wheels". It's a production ready ...
re: Q Vault: An open source secret manager
You might as well not use a salt.
re: Q Vault: An open source secret manager
Libsodium is a cryptography library that's easy to use. You...
re: Q Vault: An open source secret manager
But that's no excuse for reusing salts.
re: Q Vault: An open source secret manager
Also, what's up with this? I don't think that a hardcoded ...
re: Q Vault: An open source secret manager
I guess it's fine to have a built-in syncing feature, but i...
re: Q Vault: An open source secret manager
I'd avoid it. It seems really low level from reading some o...
re: Q Vault: An open source secret manager
2) It's debatable. 3) It is not the password manager's job...
re: Q Vault: An open source secret manager
What library/libraries does it use for cryptography?
re: Securing a Webapp - Step 0: An Introduction
I will definitely be looking forward to this series. Especi...
re: Absolute Security with No Trust
Perhaps you should also give the hashtag of cryptography? A...
re: Block malicious login attempts, but preventing account lock-outs.
If CSRF token could prevent automated logins, wouldn't it a...
re: Block malicious login attempts, but preventing account lock-outs.
Also, I don't think CSRF tokens should be the only solution...
re: Block malicious login attempts, but preventing account lock-outs.
Nice, so would having CSRF tokens prevent automated registr...
re: Moving Past Tutorials: Pseudocode
I love it! I write articles and focus on the problem solvin...
re: Block malicious login attempts, but preventing account lock-outs.
I do like your idea of caching the IPs, watching them and t...
re: Block malicious login attempts, but preventing account lock-outs.
So this is a combination of account and IP based locking. E...
re: Block malicious login attempts, but preventing account lock-outs.
Actually, it's not as simple as you think. I'll try to expl...
re: Be educated about today's security.
Sure, you may use some passages and links.
re: Simple PHP Control Structure Refactoring
I think it would have a great use case if you're building a...
re: Pushing Left, Like a Boss! -- Part 2: Security Requirements
Yeah, it is really hard. I think systems should be designed...
re: Pushing Left, Like a Boss! -- Part 2: Security Requirements
Hmm, you're right. I guess we shouldn't be giving users any...
re: Simple PHP Control Structure Refactoring
Do take note, that a lot of PHP developers may not be aware...
re: Pushing Left, Like a Boss! -- Part 2: Security Requirements
I guess when you're signing up or changing your password/pa...
re: Pushing Left, Like a Boss! -- Part 2: Security Requirements
But another problem out of that is, it could scare them to ...
re: Pushing Left, Like a Boss! -- Part 2: Security Requirements
Ah, okay. I did know about how the API works. It was more o...
re: Pushing Left, Like a Boss! -- Part 2: Security Requirements
I really enjoyed this article thank you. <3 But I would...
re: Safe Spaces & WoSEC
Awesome! If you publish any security articles I'll be sure ...
re: Why the JS ecosystem is awesome !
Interesting article, thank you, coming from a novice JS dev...
re: Laravel validation rule — passwords
Actually, the Bcrypt algorithm supports up to 72 bytes(at l...
re: Encrypting Files in a Post-PGP Age
I know this post was made a while back, but I will pitch in...
re: Top 5 Cybersecurity Myth To Leave Behind In 2018
Thanks for bringing up these important topics! <3 I do...
re: Is it just me or is Microsoft really crushing it lately?
Honestly, I can't say anything else but that I have been im...
re: Linux: GPG-keys, Pass – passwords manager, and passwords import from a KeePass database
Yeah, Syncthing is pretty cool. I recommend you back up it ...
re: Web performance for a Frontend developer
Says Google, when their article takes almost 10 seconds to ...
re: Introduce NoSQL Into Your Legacy LAMP Stack Projects With FireSql
I think FireSQL would be great for prototyping, and then sw...
re: Why is_admin() is totally unsafe for your Wordpress development
And this is why being vague and unclear is horrible for sec...
re: Linux: GPG-keys, Pass – passwords manager, and passwords import from a KeePass database
A really good idea would be to create a easy to use Libsodi...
re: Linux: GPG-keys, Pass – passwords manager, and passwords import from a KeePass database
Yep. I honestly think we as developers and privacy enthusia...
re: Linux: GPG-keys, Pass – passwords manager, and passwords import from a KeePass database
Interesting article. What benefits does Pass have over KeeP...
re: What are your favourite dev resources?
Nope. I do not use Reddit either. I occasionally go there i...
re: What are your favourite dev resources?
I have a lot of resources. I stick with the high quality on...
re: NodeJS vs. Python 3 Performance
But I have to admit, the Python implementation is just plea...
re: NodeJS vs. Python 3 Performance
Some languages have better performance in certain areas. No...
re: Announcing DEV for Android
I'd love to keep up on the site. But I try to avoid Google ...
re: Authy: step by step Multi-Factor Authentication configuration for Github and AWS
Oh my god, I have no idea what happened to my comment. I fi...
re: Authy: step by step Multi-Factor Authentication configuration for Github and AWS
I would not trust Authy to handle my OTPs. Their code is ...
re: How to improve your npm identity security with 2FA and Tokens
But hey! Thanks for the heads up. Nice article.
re: How to improve your npm identity security with 2FA and Tokens
Isn't it authentication? Not authorization? The user is per...
re: Please don't "overchain" array methods
I always thought the whole "humans won't notice the perform...
re: Why don't websites allow users to create their own security questions?
It really depends on the audience you are expecting. If you...
re: Difference between local storage vs cookies
On a note, no one should be putting sensitive data in the L...
re: Why don't websites allow users to create their own security questions?
I don't know, but it's bad practice that they do that. In m...
re: My migration from keepassxc to pass (password store)
I honestly prefer to stick to KeePassXC. While you're still...
re: What was your win this week?
This week, I.... came up with something, called using files...
re: What’s an unpopular software opinion you have?
That's neat. Thanks! I didn't know you could do that. :D
re: What’s an unpopular software opinion you have?
Oh? You can compile regular expressions ... ?
re: What’s an unpopular software opinion you have?
Hmm, that's very interesting. How would you go about making...
re: PHP Validating a form using PHP
That's good to know.
re: What’s an unpopular software opinion you have?
And yes, the modern URL routers usually use regular express...
re: What’s an unpopular software opinion you have?
MVC isn't a horrible design pattern. It's because they're t...
re: What’s an unpopular software opinion you have?
Thanks for the wonderful post. You write great articles BTW...
re: What’s an unpopular software opinion you have?
I've been in the field of coding in general for around 4 ye...
re: PHP Validating a form using PHP
If you want to see a "bug", there is a link for you. I just...
re: PHP Validating a form using PHP
In some cases getimagesize function doesn't work and I coul...
re: Phishing my company. An infosec lesson for businesses
Avoiding phishing attacks are pretty hard if the attacker d...
loading...