authentication   36230

« earlier    

security - SPA best practices for authentication and session management - Stack Overflow

One thing you appear to overlook: Cookies are XSS safe when marked httpOnly, and can be locked down further with secure and samesite. And cookie handling has been around much longer === more battle hardened. Relying on JS and local storage to handle token security is a fools game. – Martijn Pieters♦ Jul 22
yesterday by jeffroush
Your API-Centric Web App Is Probably Not Safe Against XSS and CSRF
The bottomline is: session storage (and local storage) isn’t safe. Any serious penetration test marks usage of web storage for authentication token as a serious vulnerability. Many banking and insurance organizations forbid web storage for this reason.
security  authentication 
yesterday by jeffroush
Handling Authentication In Vue Using Vuex ― Scotch
step by step vue2 authentication - very good! and there's a companion post setting up the express server (link to that is within this post)
authentication  vuex  vue2  vue2authentication 
yesterday by ElliotPsyIT
JSON Web Tokens -
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

JWT.IO allows you to decode, verify and generate JWT.
authentication  security  dotnet  microsoft 
2 days ago by andyhuey

« earlier    

related tags

2fa  401  403  aaa  access  ajax  amazon  api  arstechnica  article  aspnetcore  auditing  auth  authenticate  authorisation  authorise  authorization  aws-lambda  aws  azure  banking  biometrics  blockchain  blog  cas  certificates  clevermarks  cli  cloud  cluster  code  configuration  continuing-education  credentials  crypto  csrf  devise  devops  did  difference  django  docker  dotnet  drf  edge  elasticsearch  elixir  elk  emberjs  facerecognition  feathers  federation  fhir  fido2  fingerprint  firebase  framework  gcp  gem  github  golang  grpc  hack  hmac  http  iam  id  identity  indieweb  ionic4  javascript  json  jwt  keycloak  kubernetes  lib  linux  list  login  medium  microservices  microsoft  mobile  mobx  model  node.js  nodejs  oauth  oauth2  oidc  oidc_provider  omeka  opensource  password  pentest  phoenix  plugin  programming  proxy  pwa  python  qrcode  rails-plugin  rails  rbac  react  reactjs  redux  reference-implementations  reference  remote  ruby-gem  ruby  rubyonrails  sample  security  serverless  service  shell  sms  software-macos  software  spa  spec  sqllite  sqlserver  ssh  ssi  ssl  stencil  tech  tls  token  tools  tutorial  tutorials  twofactor  vault  vue  vue2  vue2authentication  vue2router  vuex  vuexmodules  web  webapp  webauthn  webdev  webpacker  webplatform  wordpress  yubikey 

Copy this bookmark: