Search Results

11 matches found for 'security'

Web Backend Security Headers - 1. CSP Headers

... DNS records and SPF Background Content Security Policy (CSP) is a security standard introduced to prevent cross-site scripting, clickjacking and other code injection attacks.

March 13, 2021

Web Backend Security Headers -3. HSTS

... records and SPF Background HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

March 14, 2021

Web Development 101

... the validity of the authentication between the user and the server. The access token contains the security credentials of the user and identifies the user's privileges, groups, and other characteristics.

November 9, 2017

Authentications

... to a JSON Web Token. This is not much better than the Basic Authentication in terms of actual security - JWT can be decoded easily. If a hacker fetches your JWT somehow, the hacker can now do whatever they want on your behalf because they are "authenticated" It's completely stateless, just like Basic Authentication, which means it scales very easily.

February 3, 2021

Add SSL certificates to a website

... middle attacks. How SSL certificates work SSL stands for Secure Socket Layer, which is a security protocol for maintaining an encrypted connection between two end-to-end hosts -- typically, this would be the web server (website) and a browser.

July 5, 2019

OpenVPN / DNS / resolv.conf

... your OpenVPN Client Lastly, in your OpenVPN client config file, add the following lines: script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf script-security 2 means that OpenVPN is allowed to call built-in executables and user-defined scripts.

September 16, 2017

What is DDD? What is CQRS?

... then the read side can be fine-tuned separately from the write side. PRO: Good for managing security and permissions because data isn't exposed in the wrong context like in CRUD user-interface, where read operations and update operations may share the same interface.

October 2, 2017

P vs. NP

... we'll be able to cure cancer. This would also mean that all forms of public-key cryptography and security would be crackable. P vs. NP is still a big mystery, but if it is solved, then the world will definitely change very fast.

October 11, 2017

Working with Production at Amazon Retail Website

A short background Prior to working at Amazon, I was developing software at a couple of startups, mostly working with products that were in the conceptual phase or the development phase. One of the things I desired the most was to have exposure to products that were live in production or to bring a development project to production.

December 28, 2021

Storing passwords into a database

Don'ts Don'ts Don't put raw passwords in the database Don't put encoded passwords in the database (i.e. Base64) Don't put simple hashed passwords in the database (i.e. MD5, SHA-256) Whys For obvious reasons, putting raw passwords means that the DBA or anyone who has access to the database can steal the passwords.

January 30, 2021

Python Essentials

... these objects are un-pickled, it might also execute some random code. Note that this can be a security concern, where hackers can maliciously pack dangerous scripts into pickled objects; json is more preferable if you are worried about not running dangerous scripts at un-pickling.

April 3, 2019