token - w3toppers.com

Codeigniter ajax CSRF problem

You might like to try this code I’ve used. It works great: <script type=”text/javascript”> $(function(){ $(‘.answerlist’).each(function(e){ $(this).click(function(){ var valrad = $(“input[@name=answer]:checked”).val(); var post_data = { ‘ansid’: valrad, ‘<?php echo $this->security->get_csrf_token_name(); ?>’ : ‘<?php echo $this->security->get_csrf_hash(); ?>’ }; $.ajax({ type: “POST”, url: “<?php echo base_url(); ?>online/checkanswer”, data: post_data, success: function(msg){ /// do something } }); }); … Read more

syntax error: unexpected token

This usually happens when you’re including or posting to a file which doesn’t exist. The server will return a regular html-formatted “404 Not Found” enclosed with ‘<html></html>’ tags. That first chevron < isn’t valid js nor valid json, therefore it triggers an unexpected token. What if you try to change ‘funcoes/enquete_adm.php’ to an absolute url, … Read more

Sending the bearer token with axios

const config = { headers: { Authorization: `Bearer ${token}` } }; const bodyParameters = { key: “value” }; Axios.post( ‘http://localhost:8000/api/v1/get_token_payloads’, bodyParameters, config ).then(console.log).catch(console.log); The first parameter is the URL. The second is the JSON body that will be sent along your request. The third parameter are the headers (among other things). Which is JSON as … Read more

secure api data from calls out of the app

SIMPLE APPS For a simple app it’s ok It depends on the data you are exposing via this simple app, because in Europe for example GDPR law is very strict for anyone that ends up in a data breach situation for Personal Identifiable Information(PII) due to the lack of security measures, and the complexity of … Read more

Do login forms need tokens against CSRF attacks?

Yes. In general, you need to secure your login forms from CSRF attacks just as any other. Otherwise your site is vulnerable to a sort of “trusted domain phishing” attack. In short, a CSRF-vulnerable login page enables an attacker to share a user account with the victim. The vulnerability plays out like this: The attacker … Read more

How to securely store access token and secret in Android?

Store them as shared preferences. Those are by default private, and other apps cannot access them. On a rooted devices, if the user explicitly allows access to some app that is trying to read them, the app might be able to use them, but you cannot protect against that. As for encryption, you have to … Read more

How to get a Token from a Lucene TokenStream?

Yeah, it’s a little convoluted (compared to the good ol’ way), but this should do it: TokenStream tokenStream = analyzer.tokenStream(fieldName, reader); OffsetAttribute offsetAttribute = tokenStream.getAttribute(OffsetAttribute.class); TermAttribute termAttribute = tokenStream.getAttribute(TermAttribute.class); while (tokenStream.incrementToken()) { int startOffset = offsetAttribute.startOffset(); int endOffset = offsetAttribute.endOffset(); String term = termAttribute.term(); } Edit: The new way According to Donotello, TermAttribute has been … Read more

best practice to generate random token for forgot password

In PHP, use random_bytes(). Reason: your are seeking the way to get a password reminder token, and, if it is a one-time login credentials, then you actually have a data to protect (which is – whole user account) So, the code will be as follows: //$length = 78 etc $token = bin2hex(random_bytes($length)); Update: previous versions … Read more

Authenticating socket io connections using JWT

It doesn’t matter if the token was created on another server. You can still verify it if you have the right secret key and algorithm. Implementation with jsonwebtoken module client const {token} = sessionStorage; const socket = io.connect(‘http://localhost:3000’, { query: {token} }); Server const io = require(‘socket.io’)(); const jwt = require(‘jsonwebtoken’); io.use(function(socket, next){ if (socket.handshake.query … Read more

Error: Uncaught SyntaxError: Unexpected token

This is a browser issue rather than a javascript or JQuery issue; it’s attempting to interpret the angle bracket as an HTML tag. Try doing this when setting up your javascripts: <script> //<![CDATA[ // insert teh codez //]]> </script> Alternatively, move your javascript to a separate file. Edit: Ahh.. with that link I’ve tracked it … Read more