Questions tagged [validation]
Validation (in contrast with verification) is assurance that a product, service, or system meets the needs of the stakeholders. It could contain the acceptance phase.
128 questions
0
votes
0
answers
74
views
How are checksums validated automatically in a system [duplicate]
Let's take an over-the-air update procedure for example. The client which needs updating downloads an update image from the source. It then performs some checksum calculation initially on the received ...
- 309
3
votes
2
answers
733
views
What are the risks of disabling issuer URL validation?
According to the OIDC specification:
The issuer value returned MUST be identical to the Issuer URL that was
used as the prefix to /.well-known/openid-configuration to retrieve
the configuration ...
- 45
1
vote
1
answer
2k
views
Validate File Uploads in PHP: PDFs and images
We're trying to secure our upload forms in PHP regarding image uploads and PDF files. For this purpose, we're currently trying to do the following in all cases, according to our research done so far:
...
- 161
1
vote
2
answers
230
views
What's the shortest message you need to claim ownership of another message?
Hypothetically, I'd like to demonstrate that I am the owner of a piece of published information. The requirements are the following.
The hash/ characteristic string is compact enough (ideally a few ...
- 121
2
votes
1
answer
205
views
When a detection tool fires no alert, how to tell the difference if the environment is safe or just something is wrong with the tool
For example, if an antivirus gives no alert for a couple of months, how do you confirm if the antivirus is working to prevent viruses, and not just hung?
- 121
2
votes
3
answers
911
views
Should password strength validation also be run server-side or only client-side?
Personally, I think that it's not so important to check the strength of the passwords on server-side, since, if the user evades the validation on the client side, it would be their responsibility to ...
- 23
0
votes
0
answers
535
views
How to determine validation process of a certificate used by a website using HTTPS?
When visiting a website that uses HTTPS, we can see its certificate in the browser. But how can we know for sure which validation process the company or domain behind the website has gone through?
...
user279925
1
vote
1
answer
619
views
Best practice for "stateOrProvinceName" in certificate
In RFC-4519 stateOrProvinceName is abbreviated to ST. Should we assume that it is best practice to put ST=<name-of-state> in the certificate if the state or province is indicated? After all X-...
- 5,055
0
votes
1
answer
96
views
Processing Parameters passed in URL String from a Third Party
I'm working with a developer to develop a web application. For one aspect of this application, I need to allow hundreds of merchants to deliver non-PII and non-sensitive data to my website. The data ...
- 129
3
votes
1
answer
404
views
How may I check if an expired certificate was valid at the time?
I have an old let's encrypt (but disregard that, it could be any) certificate that is no longer active.
How may I check if it was valid at the time?
- 198
-1
votes
2
answers
542
views
How does DNS-01 validation for LetsEncrypt know what the right IP address is?
For my personal use, I bought a domain for internal ssl validation for my pfsense. I was able to get the LetsEncrypt's ACME script to successfully validate my domain and produce an ssl certificate for ...
- 166
0
votes
1
answer
979
views
If a file is digitally signed, is posting a hash very useful for security purposes?
In this question I asked about how to handle situations when SHA-256 hashes are not available for a file downloaded from the internet that contains executable code. Another community member ...
- 3,194
1
vote
0
answers
468
views
When file hash not available, how to best check authenticity of a file?
Normally, The Document Foundation (TDF) publishes the SHA-256 and SHA-1 hashes, along with the MD5 checksum, for all LibreOffice releases. For example, see this.
However, for their current release (...
- 3,194
0
votes
1
answer
445
views
Is it true that frontend validation is generally redundant for minimalist contact forms on minimalist environments?
Say I have a continuously upgraded and well maintained LAMP environment with a website which its CMS is all-core and continuously upgraded as well and I have created a simple backend HTML contact form ...
5
votes
0
answers
364
views
What's the merit of storing LTV (long term validation) information for RFC3161 tokens and what happens if a TSA private key would leak?
I'll formulate my question in regards to timestamped PDF, but I wonder actually about the long term validation of RFC3161 tokens in general.
So, PAdES has the concept of Long Term Validation, which ...
