Other articles


  1. Spring Boot: Logging Failed Logins

    In many applications it's important to react to failed logins and other security-critical events, for example to log the failed login attempt to a file or to display a captcha after repeated failures. Spring-based applications come with a simple mechanism to access this kind of information using Application Events.

    Spring's …

    read more
  2. Migrating to HTTPS

    There's more to migrating a complex site to HTTPS than just enabling TLS in your web server or reverse proxy. All links to embedded resources like style sheets, images, or scripts need to be served via HTTPS and potentially have to be rewritten. In a well-designed site that's not an …

    read more
  3. Let's Use TLS

    I have followed the HTTP/2 specification process closely and I like how the new protocol improves web performance and makes old workarounds obsolete. One drawback of deploying HTTP/2 is that most browser vendors only implement it on top of TLS. Since I've seen a lot of broken TLS …

    read more
  4. Web Service Security

    As a developer, I've used lots of web services and also implemented plenty myself. I've seen services with IP-based security provided by network firewalls, services protected by standard HTTP Authentication, TLS with client and server certificates and custom mechanisms using API keys. Recently, OAuth 2.0 has been added to …

    read more
  5. Keeping Your Server Secure With Unattended Upgrades

    When operating servers, you're responsible for keeping them up to date with the latest security fixes. Ubuntu comes with a mechanism that installs updates automatically so you don't have to worry about it. Obviously, this is meant for personal servers operated by hobbyists where convenience is more important than availability …

    read more
  6. Setting Up a SOCKS Proxy Using OpenSSH

    Web browsing on a public Wifi network is a security risk as it's quite simple to capture network traffic. Even if you only connect to SSL-protected sites, people can still find out which web sites you're accessing. Fortunately, there is a quick way to protect your privacy - all you need …

    read more

Page 1 / 2 »

social