Best of SecurityFebruary 2025

  1. 1
    Article
    Avatar of dotnetsquad.NET·1y

    Do you store the JWT in localStorage, sessionStorage, Cookies? then this post is for you

    Storing JWTs in vulnerable client-side storage (like localStorage, sessionStorage, or cookies) can expose applications to significant security risks. Alternatives include using in-memory storage and implementing a refresh token mechanism. This allows users to maintain their sessions without re-authenticating upon page reloads while mitigating potential attacks. Setting cookies with httpOnly, Secure, and SameSite flags is crucial for security. A short-lived JWT with periodic refreshing enhances protection.

  2. 2
    Article
    Avatar of communityCommunity Picks·1y

    7 Crucial PostgreSQL Best Practices

    PostgreSQL is a powerful relational database management system. To ensure optimal performance, security, and maintainability, follow best practices such as consistent naming conventions, appropriate schema design, efficient indexing and querying, proper access control, comprehensive backup strategies, routine maintenance and monitoring, effective database version control, and high availability configurations. Regularly review and update these practices, document deviations, and stay informed about PostgreSQL updates to build a robust database infrastructure.

  3. 3
    Article
    Avatar of last9Last9·1y

    Your Go-To Linux Commands Cheat Sheet

    A comprehensive cheat sheet covering essential Linux commands for directory navigation, file management, user and permission management, system monitoring, networking, disk usage, software handling, system performance, log management, task automation, and firewall security. It's an invaluable resource for both new users and seasoned admins to enhance productivity and streamline system administration tasks.

  4. 4
    Article
    Avatar of devtoDEV·1y

    System Design for DevOps Engineers

    This guide dives into system design, covering topics like communication protocols, CI/CD, architecture patterns, databases, caches, microservices, payment systems, and developer productivity tools with a focus on DevOps and security. It compares REST and GraphQL, explains how gRPC works, discusses webhooks, outlines common strategies to improve API performance, and reviews the evolution of HTTP protocols from 1.0 to HTTP/3.0. The post emphasizes the importance of efficient and safe API design and explores various caching strategies and best practices for microservice architecture.

  5. 5
    Article
    Avatar of kirupaKirupa·1y

    Hash Functions Deep Dive

    Hash functions are essential for efficient data storage and retrieval, password verification, file integrity checking, and digital signatures. This deep dive explains the fundamentals of hash functions, their inputs and outputs, and the criteria that make a good hash function. It also demonstrates how to create a simple hash function in JavaScript and improves it using position weighting. The importance of using existing, well-designed hash functions like MD5 and SHA for critical purposes is emphasized.

  6. 6
    Article
    Avatar of hnHacker News·1y

    Everyone knows your location

    A recent investigation revealed a massive geolocation data leak from Gravy Analytics, involving over 2000 apps secretly collecting user location data. The author discovered their precise location data was sent through requests, even with location services disabled. They explored real-time bidding (RTB) and OpenRTB protocols, shocked by the amount of data shared. Unity Ads and Facebook were among those receiving data without adequate consent. Despite attempts, the author couldn't buy their data from brokers due to high costs. The investigation highlights major privacy concerns in the digital advertising ecosystem.

  7. 7
    Article
    Avatar of tigerabrodiTiger's Place·1y

    How to store external API keys securely

    Learn how to store external API keys securely using encryption techniques. The post covers binary data fundamentals, cryptography basics, key generation and management, the encryption and decryption processes, and crucial security considerations. Implementing encryption at rest ensures the API keys remain secure, and steps are provided to avoid common security mistakes.

  8. 8
    Article
    Avatar of allthingsopenAll Things Open·1y

    10 open source tools you can start using today

    Explore a variety of open source tools designed to improve security, productivity, and creativity. The post highlights powerful applications across categories like web browsers, password management, messaging, office tools, media repositories, video conferencing, educational resources, and podcasting. These resources provide robust features and customization options while promoting community and collaboration.

  9. 9
    Article
    Avatar of logrocketLogRocket·1y

    StackAuth: An open source Auth0 alternative

    StackAuth is an open-source authentication solution designed to offer a cost-effective and customizable alternative to Auth0. It supports various authentication methods, including email/password logins and third-party OAuth providers, allowing developers to maintain control over their authentication systems while adhering to modern security standards. This guide details configuring StackAuth in a Next.js app and demonstrates setting it up for both development and production environments.

  10. 10
    Article
    Avatar of codem13Codem13·1y

    Linux Firewall Management

  11. 11
    Article
    Avatar of astro_sourceAstro·1y

    Astro 5.4

    Astro 5.4 introduces features like remote image optimization in Markdown, experimental responsive image support, and enhanced security for dev and preview servers. New RegExp support for Vercel ISR excludes allows flexible route exclusions, and new config helpers and build options offer easier programmatic use. Upgrade via `@astrojs/upgrade` CLI tool or manually.

  12. 12
    Article
    Avatar of expressotsExpressoTS·1y

    Better NPM

    Better NPM aims to enhance the npm package ecosystem with improved security, maintenance insights, and adoption statistics. It offers a unified marketplace for vetted plugins and extensions, a detailed security information layer, and better analytics for maintainers. Developers can gain comprehensive transparency into packages to make more informed decisions.

  13. 13
    Video
    Avatar of lundeveloperLun Dev Code·1y

    You liked Facebook Page Without Knowing | Javascript

    Learn about a trick used by programmers to manipulate the Facebook like button through JavaScript and CSS. By embedding the like button into a website and using fixed position properties and mouse event handling, the like button can be made to follow the user's cursor, ensuring they click on it unknowingly. Additional conditions and transparency can further enhance this method without disturbing the user experience.

  14. 14
    Article
    Avatar of spaceliftSpacelift·1y

    21 Best DevSecOps Tools and Platforms for 2025

    DevSecOps integrates security practices into the software development lifecycle, combining development, operations, and security tasks to deliver reliable software efficiently. The post explores key DevSecOps tools for 2025, highlighting their benefits, roles they support, and their integration into regular workflows. The selection includes tools like Spacelift for infrastructure management, GitLab for comprehensive CI/CD and security, Open Policy Agent for policy governance, Kubernetes for container orchestration, and many more.

  15. 15
    Article
    Avatar of hnHacker News·1y

    The Rust web framework for lazy developers

    Cot is a powerful, type-safe Rust web framework designed for rapid, secure, and reliable development. It offers a full-featured API, ORM integration, built-in admin panel, and strong performance. Cot emphasizes security and type safety, making it easier to handle common web development challenges and build production-ready web apps quickly.

  16. 16
    Article
    Avatar of collectionsCollections·1y

    Linus Torvalds Pushes for Rust Integration in Linux Kernel Amidst Maintainer Concerns

    The Linux kernel development community is navigating the challenges of incorporating Rust code, balancing safety with maintainability. Rust offers significant benefits for memory safety, potentially reducing bugs and improving reliability. Despite these advantages, concerns remain about the complexity of a multi-language codebase and maintainer burnout. The gradual integration, marked by the Linux 6.13 kernel's initial Rust support, reflects a cautious yet optimistic approach towards Rust's long-term benefits for a safer kernel.

  17. 17
    Article
    Avatar of last9Last9·1y

    How to Effectively Monitor Nginx and Prevent Downtime

    Monitoring Nginx is critical to ensuring its performance and stability. Key metrics include traffic, connection metrics, performance metrics, and system resource utilization. Tools like Prometheus, Grafana, and built-in Nginx modules help track these metrics. Effective monitoring minimizes downtime and improves the incident response. Choosing the right tool and setting up alerts for critical events are essential steps towards maintaining a high-performing, reliable Nginx deployment.

  18. 18
    Article
    Avatar of notedNoted·1y

    PSWD: Self-Hosted, Simple & Secure Password Generator

    Passwords are critical for protecting personal information. PSWD is a secure tool for generating strong, unique passwords, offering various options including character-based passwords and Diceware passphrases. It features a user-friendly interface and can be easily deployed using Docker. Customizable settings enhance security and usability. A demo is available, and users can provide feedback or request features via GitHub.

  19. 19
    Video
    Avatar of lowlevellearningLow Level Learning·1y

    how does this keep happening?

    A backdoor in a Go programming language module was active for over 3 years due to a supply chain attack, exploiting a Go module mirror's caching system. This highlight emphasizes the inherent risks associated with relying on third-party code in languages like Go, Python, Rust, and JavaScript. The attack utilized typo squatting to trick developers into downloading malicious packages. Despite the malicious GitHub package being cleaned up, the security loophole underscores the need for better verification and review processes for cached packages.

  20. 20
    Article
    Avatar of nodejsdevelopersNode.js developers·1y

    Node.js Tip of the Week: Node.js permission model

    Node.js introduces a permission model similar to Deno's with the --experimental-permission flag, allowing developers to control process permissions.

  21. 21
    Article
    Avatar of lnLaravel News·1y

    First Factor One-Time Passwords for Laravel with OTPZ

    OTPZ is a Laravel package developed by Ben Bjurstrom that enables secure first-factor one-time passwords for Laravel applications. Features include rate-limiting, OTP expiration, session-specific OTPs, detailed error messages, and customizable mail templates. Installation involves Composer and Artisan commands, making it relatively simple to implement. The package supports Laravel Breeze with Livewire or Inertia.

  22. 22
    Article
    Avatar of wordpresscoreMake WordPress Core·1y

    WordPress 6.8 will use bcrypt for password hashing

    WordPress 6.8 introduces bcrypt for user password hashing, enhancing security by increasing the computational cost of cracking passwords. Application passwords and security keys will use BLAKE2b hashing via Sodium. No user action is required, as the system automatically updates passwords upon login or change. New functions support the changes, ensuring backward compatibility. Argon2 support can be enabled if the server supports it.

  23. 23
    Article
    Avatar of hnHacker News·1y

    Why Tracebit is written in C#

    The choice of C# for developing Tracebit, a B2B SaaS Security Product, was driven by several key factors: productivity, being free and open source, cross-platform capabilities, popularity, memory safety, garbage collection, static typing, stability, and extensive tooling and features. The author highlights the productivity gains, the advantage of open-source .NET, and the comprehensive tooling ecosystem as significant benefits. Despite initial hesitations, C# has proven to be a robust and efficient choice, surpassing expectations.

  24. 24
    Article
    Avatar of communityCommunity Picks·1y

    Managing Environment Variables in Angular

    Managing environment variables in Angular is crucial for securely handling configurations, especially for sensitive data like API keys. Using the `--define` flag allows dynamic injection of environment variables at build time, preventing exposure in source code and facilitating easier deployments across different environments. This method eliminates the need for multiple environment files and enhances the integration with CI/CD pipelines.

  25. 25
    Video
    Avatar of lawrencesystemsLawrence Systems·1y

    Self-Hosted SSL Simplified: Nginx Proxy Manager

    Looking for an easy way to manage certificates for self-hosted web applications? This tutorial guides you through setting up Nginx Proxy Manager with Docker, emphasizing the importance of DNS configuration. It provides example setups and tips on using wildcard SSL certificates for your applications, making the process straightforward and efficient.

See all Security archives