Sjoerd Langkemper
Sjoerd Langkemper
> For companies that violate the timeouts, I can think of three ways to handle this I think this is not the correct approach. Companies that want to have timeouts...
When I am checking my account balance, it's fine if I am logged out from my banking app after 15 minutes of inactivity. For people working at a bank and...
Perhaps a more general requirement is useful: remove sensitive data that is no longer needed. Similar to 8.3.8: > Verify that sensitive personal information is subject to data retention classification,...
I don't think it makes sense to have different security requirements for different programming languages. The property of memory-safety does not define whether memory can be reliably overwritten. It's hard...
> For systems languages like C/C++ and Rust, you have guaranteed direct access to this memory so you have the ability to overwrite it in-place with nonsense before deallocation. This...
[SecureString Class (System.Security) | Microsoft Learn](https://learn.microsoft.com/en-us/dotnet/api/system.security.securestring?view=net-7.0#remarks): > We recommend that you don't use the SecureString class for new development on .NET (Core) or when you migrate existing code to .NET...
Also see https://github.com/Sjord/growatt_api_client/issues/23. @OrranaLhaynher seems to be on the OSS server, and I think the API is different there.
* `allow-downloads` works in Firefox and Chrome for actual downloads, regardless of `download` attribute. * `allow-downloads-without-user-activation` does not work in Firefox or Chrome. When `allow-downloads` is set, downloads without user...
So `allow-top-navigation` in the CSP header *does* do something, just not in the document but only in child iframes. So it should be documented on this page, but the description...
> If the parser sees a || a ?, it doesn't know whether to reduce a || a into an expr or keep parsing. I think it can't know with...