Skip to content

Commit

Permalink
Deploy the generated website via GitHub Actions
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Jan 16, 2025
1 parent 060b984 commit e38db2b
Show file tree
Hide file tree
Showing 6 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion News.xml

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Website last update: 2025-01-16 at 14:50:04.
Website last update: 2025-01-16 at 14:52:27.
Binary file modified bundle.zip
Binary file not shown.
8 changes: 4 additions & 4 deletions cheatsheets/Nodejs_Security_Cheat_Sheet.html
Original file line number Diff line number Diff line change
Expand Up @@ -3244,16 +3244,16 @@ <h4 id="use-flat-promise-chains">Use flat Promise chains<a class="headerlink" hr
<span class="w"> </span><span class="p">});</span>
</code></pre></div>
<p>And using async/await:</p>
<div class="highlight"><pre><span></span><code><span class="kd">function</span><span class="w"> </span><span class="k">async</span><span class="w"> </span><span class="nx">func1</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<div class="highlight"><pre><span></span><code><span class="k">async</span><span class="w"> </span><span class="kd">function</span><span class="w"> </span><span class="nx">func1</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// operations that takes a bit of time and then resolves the promise</span>
<span class="p">}</span>
<span class="kd">function</span><span class="w"> </span><span class="k">async</span><span class="w"> </span><span class="nx">func2</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="k">async</span><span class="w"> </span><span class="kd">function</span><span class="w"> </span><span class="nx">func2</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// operations that takes a bit of time and then resolves the promise</span>
<span class="p">}</span>
<span class="kd">function</span><span class="w"> </span><span class="k">async</span><span class="w"> </span><span class="nx">func3</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="k">async</span><span class="w"> </span><span class="kd">function</span><span class="w"> </span><span class="nx">func3</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// operations that takes a bit of time and then resolves the promise</span>
<span class="p">}</span>
<span class="kd">function</span><span class="w"> </span><span class="k">async</span><span class="w"> </span><span class="nx">func4</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="k">async</span><span class="w"> </span><span class="kd">function</span><span class="w"> </span><span class="nx">func4</span><span class="p">(</span><span class="nx">name</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// operations that takes a bit of time and then resolves the promise</span>
<span class="p">}</span>

Expand Down
2 changes: 1 addition & 1 deletion cheatsheets/Session_Management_Cheat_Sheet.html
Original file line number Diff line number Diff line change
Expand Up @@ -3776,7 +3776,7 @@ <h3 id="considerations-when-using-multiple-cookies">Considerations When Using Mu
<p>Web applications should try to avoid the same cookie name for different paths or domain scopes within the same web application, as this increases the complexity of the solution and potentially introduces scoping issues.</p>
<h2 id="session-expiration">Session Expiration<a class="headerlink" href="#session-expiration" title="Permanent link">&para;</a></h2>
<p>In order to minimize the time period an attacker can launch attacks over active sessions and hijack them, it is mandatory to set expiration timeouts for every session, establishing the amount of time a session will remain active. Insufficient session expiration by the web application increases the exposure of other session-based attacks, as for the attacker to be able to reuse a valid session ID and hijack the associated session, it must still be active.</p>
<p>The shorter the session interval is, the lesser the time an attacker has to use the valid session ID. The session expiration timeout values must be set accordingly with the purpose and nature of the web application, and balance security and usability, so that the user can comfortably complete the operations within the web application without his session frequently expiring.</p>
<p>The shorter the session interval is, the lesser the time an attacker has to use the valid session ID. The session expiration timeout values must be set accordingly with the purpose and nature of the web application, and balance security and usability, so that the user can comfortably complete the operations within the web application without the session frequently expiring.</p>
<p>Both the idle and absolute timeout values are highly dependent on how critical the web application and its data are. Common idle timeouts ranges are 2-5 minutes for high-value applications and 15-30 minutes for low risk applications. Absolute timeouts depend on how long a user usually uses the application. If the application is intended to be used by an office worker for a full day, an appropriate absolute timeout range could be between 4 and 8 hours.</p>
<p>When a session expires, the web application must take active actions to invalidate the session on both sides, client and server. The latter is the most relevant and mandatory from a security perspective.</p>
<p>For most session exchange mechanisms, client side actions to invalidate the session ID are based on clearing out the token value. For example, to invalidate a cookie it is recommended to provide an empty (or invalid) value for the session ID, and set the <code>Expires</code> (or <code>Max-Age</code>) attribute to a date from the past (in case a persistent cookie is being used): <code>Set-Cookie: id=; Expires=Friday, 17-May-03 18:45:00 GMT</code></p>
Expand Down
2 changes: 1 addition & 1 deletion search/search_index.json

Large diffs are not rendered by default.

0 comments on commit e38db2b

Please sign in to comment.