All Questions
43 questions
1
vote
0
answers
724
views
Best practice for validating passwords with express validator's isStrongPassword()
This answer from @Huhngut provides a succinct way to test the strength of passwords using the express-validator method isStrongPassword(). For example:
body('password').isStrongPassword({
minLength:...
- 607
-5
votes
1
answer
74
views
Detect attribute(type) change of input element [closed]
How to restrict to change input type password to text in Inspection in java Script or jquery. If someone tries to open the input type password element in the developer menu and tries to change the ...
- 46
0
votes
3
answers
566
views
A safe way to send and show passwords to client
I'm building a password manager site using nodejs on the back end. When the user registers and saves a password I encrypt it and then store it in the db, so it's safe. The problem is that I need a ...
- 115
1
vote
1
answer
371
views
How to restrict getting password using the val() for password fields?
I have a form with some input fields. For input type password, the characters are hidden while typing, but on getting val() using input id, credentials can be easily seen by anyone which may cause ...
- 127
0
votes
0
answers
1k
views
Best way to check for common passwords ? (best practice and performance wise)
I am currently working/learning on a **Node.js** website which will have users from various countries, while implementing user registeration I wanted to try protecting myself and users from attacks, ...
0
votes
0
answers
266
views
What kind of JavaScript protection is usually applied on fields to prevent value injection?
There is a certain website with a certain login form which includes two fields; username and password.
I can successfully inject data with vanilla JavaScript to the first field:
document....
user11744452
0
votes
1
answer
71
views
How to take parameters from a URL
I am creating a password reset component where a user will enter their email address and if the email exists a reset email gets sent to this user. The reset email contains a URL like website.reset/{...
user11631308
2
votes
0
answers
64
views
Javascript handle over password type inputs
Why Javascript can to retrieve the value data from password type inputs? Any browser extension could to handle it.
0
votes
0
answers
52
views
Hashing a site's password in Greasemonkey [duplicate]
There is a website that annoyingly doesn't save passwords.
I had to create this unsafe, unsecured script (which I run with Greasemonkey) to save the password:
// ==UserScript==
// @name ...
- 1
3
votes
1
answer
4k
views
What is the best way to store passwords and IDs in JavaScript?
I have a weather app that sends a request to an API service. The URL requires a parameter of id="e4adadfare33" so the API knows you're a user.
So far I'm storing that ID in plain text in my ...
- 2,276
-1
votes
1
answer
207
views
Possible insecure login
At my apartment, I connect to a private WiFi network managed by the building. In order to connect to the internet, I need to sign in via the web-page served by the intranet server.
Out of interest of ...
- 9,007
2
votes
0
answers
570
views
Adobe Javascript Apply Password Protection
I have a javascript that will extract pages from a pdf document, apply an existing Acrobat security policy (to password protect the document from changes) and save them. This all works well, however ...
- 21
1
vote
4
answers
412
views
How do I properly protect a password when the source code is available?
I am building a web application that has a user login feature that I want to make as secure as I can. When a new user is created, I use this javascript function to hash the user's information and ...
- 1,470
1
vote
1
answer
520
views
node js - How to safely pass token from http get request to html page?
I am working on implementing my own custom password reset that sends an email where the user is taking to a page to reset their password.
So far I have generated a unique token that gets put in an ...
- 743
5
votes
2
answers
5k
views
Can JavaScript access autofilled passwords?
Can JavaScript access autofilled passwords, and is this considered a security risk? I know that stored passwords generally are strictly associated with a domain, but sometimes Chrome suggests the ...
- 1,511