Tag Archives: security

Spring Boot: Logging Failed Logins

In many applications it’s important to react to failed logins and other security-critical events, for example to log the failed login attempt to a file or to display a captcha after repeated failures. Spring-based applications come with a simple mechanism to … Continue reading

Posted in java | Tagged , | Leave a comment

Detecting Security Upgrades on Ubuntu

In my article on unattended upgrades I described how to set up an Ubuntu system to install security upgrades automatically. This is convenient for small setups, but in an enterprise environment you typically want to perform some QA before applying the … Continue reading

Posted in linux | Tagged , , , | Leave a comment

Migrating to HTTPS

There’s more to migrating a complex site to HTTPS than just enabling TLS in your web server or reverse proxy. All links to embedded resources like style sheets, images, or scripts need to be served via HTTPS and potentially have … Continue reading

Posted in misc | Tagged , , | Leave a comment

Let’s Encrypt on WordPress.com

A couple of days ago, WordPress.com announced that they are now supporting TLS for custom domains (which is how this blog is hosted). There are many reasons for not hosting a blog yourself even if you have the necessary skills, like not … Continue reading

Posted in meta | Tagged , , | Leave a comment

Let’s Use TLS

I have followed the HTTP/2 specification process closely and I like how the new protocol improves web performance and makes old workarounds obsolete. One drawback of deploying HTTP/2 is that most browser vendors only implement it on top of TLS. Since … Continue reading

Posted in best practices, Uncategorized | Tagged , , , | Leave a comment

Web Service Security

As a developer, I’ve used lots of web services and also implemented plenty myself. I’ve seen services with IP-based security provided by network firewalls, services protected by standard HTTP Authentication, TLS with client and server certificates and custom mechanisms using … Continue reading

Posted in misc | Tagged , | Leave a comment

Two-Factor Authentication

With more and more of my personal data being hosted in the cloud, I felt that I needed to take security more seriously. Since passwords are the weakest link in most systems, I was looking for a better solution. While … Continue reading

Posted in misc | Tagged , | Leave a comment