Skip Navigation

maltfield

@ maltfield @lemmy.ca

Posts

5
Comments

10
Joined

3 yr. ago

💼 BusKill (laptop kill-cords)
🦣 @MichaelAltfield@mastodon.social
🏠 michaelaltfield.net

1y ago

Why OAuth MUST share access token with 3rd party?!?
Jump
maltfield @lemmy.ca 1y ago
I figured it out. It's because Stripe doesn't allow the redirect during the OAuth flow to be dynamic. It must be a predefined value that's hard-coded into the app.
For security purposes, Stripe redirects a user only to a predefined URI.
https://docs.stripe.com/connect/oauth-reference#redirect-uri
That's why Stripe forces you to expose your access tokens to the developer's servers.
I'd still appreciate if someone with more experience with OAuth than me knows if this is common. Seems like a very bad design decision to require users to transmit their bearer tokens through the developer's servers.

cybersecurity @infosec.pub

maltfield @lemmy.ca

1y ago

Why OAuth MUST share access token with 3rd party?!?

2y ago

PSA: You can't delete photos uploaded to Lemmy. So don't (accidentally) upload a nude

maltfield @lemmy.ca 2y ago

This is false.

In the case of the article, the image was never sent to other servers. In fact, that is the last thing it does.

2y ago

PSA: You can't delete photos uploaded to Lemmy. So don't (accidentally) upload a nude

1

maltfield @lemmy.ca 2y ago

How? I want to block my app from being able to upload images.

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id!

1

maltfield @lemmy.ca 3y ago

can you please link to the source with Fruhwirth's response?

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id !!

maltfield @lemmy.ca 3y ago

LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id!

maltfield @lemmy.ca 3y ago

LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id!

4

maltfield @lemmy.ca 3y ago

LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id !!

maltfield @lemmy.ca 3y ago

See also https://anarchistburecross.noblogs.org/post/2023/04/27/chiffrement-du-disque-dur-linux-mettez-a-niveau-votre-fonction-de-derivation-de-cle-luks/

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id!

maltfield @lemmy.ca 3y ago

See also https://anarchistburecross.noblogs.org/post/2023/04/27/chiffrement-du-disque-dur-linux-mettez-a-niveau-votre-fonction-de-derivation-de-cle-luks/

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id !!

maltfield @lemmy.ca 3y ago

See also https://anarchistburecross.noblogs.org/post/2023/04/27/chiffrement-du-disque-dur-linux-mettez-a-niveau-votre-fonction-de-derivation-de-cle-luks/

Linux @programming.dev

maltfield @lemmy.ca

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id !!

tails.boum.org /security/argon2id/index.en.html

Linux @sopuli.xyz

maltfield @lemmy.ca

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id!

tails.boum.org /security/argon2id/index.en.html

Linux @discuss.tchncs.de

maltfield @lemmy.ca

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id!

tails.boum.org /security/argon2id/index.en.html

Linux @sh.itjust.works

maltfield @lemmy.ca

3y ago

PSA: Upgrade your LUKS PBKDF to Argon2id !!

tails.boum.org /security/argon2id/index.en.html