#security
21 pages tagged security.
markupsafe
Package-level reference for markupsafe on PyPI — install, the Markup class, escape semantics, and its role as a Jinja2/Flask/Django dependency.
helmet
Package-level reference for helmet on npm — default headers, CSP customization, per-route overrides, HSTS, and v7→v8 migration.
cryptography
Package-level reference for the cryptography library on PyPI — install, version policy, Fernet, asymmetric keys, X.509, and TLS contexts.
cors
Package-level reference for cors on npm — preflight handling, credentialed requests, dynamic origins, and Express integration.
certifi
Package-level reference for certifi on PyPI — what the bundle contains, install, integration with requests / urllib3 / ssl, alternatives.
xattr
Deep-dive on macOS extended attributes — listing, reading, writing, and removing xattrs with xattr(1); the Gatekeeper com.apple.quarantine flag; Spotlight metadata attributes; ACLs via ls -le and chmod +a; preserving attributes on copy with cp -p and rsync -X.
whoami
Display the current user name, SID, group memberships, and privileges from the Windows command prompt — essential for auditing security context in scripts and support scenarios.
wevtutil
Query, export, clear, and manage Windows Event Log channels from the command line — the primary CLI for event log automation, log archiving, and scripted log analysis on Windows.
takeown
Transfer ownership of files and directories to the current user or the Administrators group from an elevated command prompt — a prerequisite for modifying ACLs on system-protected paths.
ssh
Connect to remote hosts, transfer files, and forward ports over an encrypted channel using the OpenSSH client built into Windows 10 and later.
runas
Launch a program in the security context of a different user account — elevate to Administrator, switch to a service account, or test application behaviour under a restricted identity.
RACF
TSO commands for RACF user, group, dataset, and general-resource profile administration on z/OS.
gpresult & gpupdate
Inspect the Resultant Set of Policy that applied to a user and computer with gpresult, then force a refresh with gpupdate — including HTML reports, scope filtering, and the classic 'why didn't my GPO take effect?' workflow.
codesign
End-to-end macOS distribution pipeline — sign binaries and app bundles with codesign, notarize with notarytool, staple tickets with stapler, and verify Gatekeeper acceptance with spctl.
certutil
The dual-purpose Windows CLI for certificate-store management and as the most reliable built-in tool for file hashing, base64 encoding, and CRL/CTL handling — no install required.
SSH Tunnels & Port Forwarding
Local, remote, and dynamic SSH tunnels — port forwarding, SOCKS proxies, jump hosts, ssh_config directives, agent forwarding, autossh persistence, post-quantum key exchange, and operational recipes.
Security Fundamentals
OS-level security primitives every operator should know: users and groups, file permissions, Linux capabilities, SUID/SGID, mandatory access control (SELinux, AppArmor), sandboxing concepts, least privilege, and encryption at rest vs in transit.
permissions
POSIX file permissions on Linux. Covers symbolic and octal chmod, ownership with chown, the meaning of r/w/x for files vs. directories, setuid/setgid/sticky bits, umask, ACLs, capabilities, and immutable attributes.
gpg
Practical GnuPG cheat sheet — generate keys, sign and verify files, encrypt for a recipient, sign git commits and tags, and manage trust without the bureaucracy.
Code Review
A practical guide to reviewing and authoring pull requests — small PRs, naming, control flow, error paths, security, performance, and GitHub PR conventions.
Approvals & Sandboxing
Control what Codex CLI can do — approval policies (untrusted, on-request, never), sandbox modes (read-only, workspace-write, danger-full-access), OS-native sandbox mechanics, and --full-auto.