Tag: Security
-
Architecture, DevOps and Security: The 3 Pillars to Grow A Product
A company’s success hinges on its product, which requires strong architecture, DevOps, and security from the start. Neglecting these areas leads to chaos and difficult scaling. Automating processes and maintaining security standards are essential for efficient growth. Investing in these pillars prevents costly issues, ensuring a healthier product lifecycle and company sustainability.
-
Forgot Password Feature with Python and Flask
The article discusses user authentication options, highlighting the “Forgot Password” feature implementation using JWT in Python and Flask. It outlines a secure workflow for resetting passwords via email, emphasizing the importance of short-lived JWTs for security. Proper authentication procedures enhance user trust and experience in applications.
-
How to Solve the CORS error with Flask
This article addresses the common CORS error faced by web developers when connecting a front-end application to a Flask API. It explains the security reasons behind CORS policies, the role of preflight requests, and provides solutions using Flask-CORS.
-
OAuth2, Which Workflow to Choose?
In this article, we’re breaking down the essentials of OAuth2, from the classic Authorization Code Flow to the more modern and secure PKCE. Along the way, you’ll learn which grant types fit your project’s needs (and which ones you should leave behind in the digital dust). And don’t worry—I’ll sprinkle in some jokes to keep…
-
Authenticate Your Spring Application With AWS Cognito
Recently, I needed to create an authentication system for one of my applications. But I need to create it quickly and securely. I may use a JWT with email and password, but people are lazy creating new passwords. So, I choose for a social Sign-In with AWS Cognito.
-
OAuth2 With Google, Spring Boot And Angular
In this article, I describe how to create the Google OAuth2 client, how to connect Spring Security to Google OAuth2 workflow, and have a React frontend to communicate with my Spring Boot application.
-
3 Ways To Store Passwords Securely
In the following article, I describe 3 ways to store passwords securely. I describe how to store passwords managed by users, by API and by systems.
-
Security In The Cloud: 7 AWS Best Practices
In this article I describe 7 AWS best practices to ensure the security in the Cloud. I explain how to configure the VPCs, the IAMs and the naming strategy for any service.
-
Advantages and Disadvantages of the JWT
A JSON Web Token (JWT) is widely used for stateless application authentication, but has limitations. It consists of three parts, including a signature for verification. However, it is susceptible to decryption, thus sensitive information like passwords should not be stored. Despite drawbacks, it offers a condensed JSON object and industry standard authentication. It’s important to…
-
Workflow of the Forget Password Strategy
In this article I explain the workflow of the password recovery strategy. I explain how to link the new password with the user, and how to generate a secure link that can only be used once.
The Dev World - Sergio Lema 