DEV·2yExplaining SSH to my Uber Driver
SSH is a secure, secret tunnel that allows developers to connect to another computer over the internet and perform various tasks. It is commonly used for deploying code and updating server configurations. SSH's encryption and authorization protocols make it more secure than older communication protocols. By using public-key authentication, SSH protects user information from hackers.
asayer·3yBest Practices for Security in Next.js
Explore common security vulnerabilities in web applications and learn best practices for securing Next.js applications, including keeping dependencies up-to-date, input validation, authentication and authorization, data encryption, implementing security headers, and using TypeScript for type safety.
Hacker News·2yStop using JSON Web tokens for user sessions
Using JSON Web tokens (JWTs) for user sessions without an effectively implemented logout mechanism can lead to security vulnerabilities. An XSS vulnerability can allow an attacker to access and exploit the JWT, gaining unauthorized access to the application.
The New Stack·3yBest Practices for Storing Access Tokens in the Browser
This article discusses best practices for storing access tokens in the browser and highlights different storage solutions available. It covers browser threats such as cross-site request forgery (CSRF) and cross-site scripting (XSS) and provides recommendations for mitigating these risks. The article also introduces the token handler pattern as a design pattern for secure authentication and making authenticated calls to APIs in JavaScript applications.
Community Picks·2y5 Docker Extensions to make your development life easier
Explore five awesome Docker Extensions that can level up your development game, including Livecycle Extension for easy collaboration, Portainer Extension for managing Docker containers, Snyk Extension for checking vulnerabilities in Docker images, Ddosify Extension for load testing applications, and Excalidraw Extension for drawing ideas offline.
Descope·3yWhat Is a Refresh Token (and How Does It Work)?
Refresh tokens are long-lived tokens that allow users to obtain new access tokens without re-authenticating. They provide continuous access, enhance security, and improve the user experience. Refresh tokens should be securely stored and implemented with a token rotation policy and revocation mechanism. They are useful for maintaining user sessions, performing background processes, reducing latency, increasing security, enabling third-party access, and supporting federated identity. Overall, refresh tokens are essential for secure and efficient authentication processes.
AWS in Plain English·3yComplete Guide to AWS API Gateway
AWS API Gateway is a robust service that offers features for API management, scalability, security, and integration with other AWS services. It can be set up by creating a new API, defining resources and methods, mapping to AWS Lambda functions, and testing the API. Alternative tools to AWS API Gateway include Google Cloud Endpoints, Microsoft Azure API Management, Apigee, Kong, Nginx, and Tyk.
GitHub Blog·3yUniverse 2023: Copilot transforms GitHub into the AI-powered developer platform
GitHub is transforming into an AI-powered developer platform with the introduction of Copilot Chat, Copilot Enterprise, the Copilot Partner Program, AI-powered security features, and the Copilot Workspace. These new offerings aim to enable developers to write code faster, improve collaboration, personalize AI to organization's codebases, integrate with third-party tools, and enhance security.
Community Picks·3yungoogled-software/ungoogled-chromium: Google Chromium, sans integration with Google
ungoogled-chromium is a lightweight approach to removing Google web service dependency from Google Chromium. It retains the default Chromium experience while enhancing privacy, control, and transparency. The features include disabling functionality specific to Google domains, blocking internal requests to Google, and stripping binaries from the source code. Automated builds are available for various platforms, and third-party binaries can also be downloaded.
Go·3yFourteen Years of Go
Go celebrates its fourteenth birthday with two feature-filled releases, profile-guided optimization (PGO), and important milestones. The language has improved its compatibility, introduced toolchain management, and added new packages such as log/slog. It continues to refine generics and focuses on making Go the best environment for software engineering at scale. The Go community and contributors have played a significant role in making Go what it is today.
ShiftMag - Insightful Engineering Content·3yThe Lazy Developer: Testing in production is real, but…
Developers admit to pushing untested code to production and circumventing security protocols, according to a study. The behavior is seen as a systemic issue, with organizations advised to re-evaluate their testing processes and security protocols.
Vercel·3yBuilding secure and performant web applications on Vercel – Vercel
Vercel's Frontend Cloud provides tools for building and scaling secure and performant web applications. It offers features such as a collaborative deployment workflow, quick UI changes, decoupled deploys from releases, seamless API and database integrations, and secure authentication and API protection. Vercel also provides a powerful compute platform and built-in monitoring capabilities for optimal performance and minimal downtime.
