-
JWT Based Authorization
The author implemented JWT-based authentication in a Redux application. They used a separate refresh token to obtain new authorization tokens when the current one expires. They encountered challenges with token storage, header configuration, and state management within Redux. The author recommends using a custom middleware or listener to handle token refresh and local storage interactions.… Read More
-
Key Recovery
Todays journey goes into key recovery in a simulated scenario where all keys have been deleted. I start a recovery process to reconfigure the database, two-factor authentication, and dropbox api token to import the backup keys. Read More
-
Encryption Key Backup
Without access to a key management service, I work on different solutions to backing up encryption keys off-site while thinking through security risks and the recovery process. Read More
-
Separating Services
Changes were made to store the secrets in a separate database rather than a JSON file to allow scalability and portability. An initial design had setup an over-engineered system for an enterprise. Then it was simplified, and further normalized. Read More
-
Secure Database / Vault
I venture on a path to evaluate the cryptographic features available on my shared hosts database, tests its weaknesses, setup auditing, and perform encryption outside of the database while storing keys in a secrets manager. Read More
-
Keeping Secrets
Read as I evaluate where secrets can be stored, and setup a bare-bones secret management interface where secrets are encrypted and stored in a file outside of the websites html directory that isn’t accessible to FTP. Read More
-
Web Push API
An overview of how to send Web Push notifications from a server with VAPID Keys Read More
-
The path to encryption
The path to encryption Now that I’m looking into methods of encryption data for real (and ignoring XOR encryption), the first thing that that I needed to do was to get the ASCII values for each character in my message. Read More
-
Encryption Anxiety
Encryption Anxiety I have setup my reports to communicate with XOR encryption. The algorithm is weaker than anything I’ve worked with before. I want to find an open-source license free encryption algorithm that I may use. XOR just isn’t cutting Read More
-
Simple Encryption in Second Life
Simple Encryption in Second Life I’ve been working with methods to encrypt data being passed around my objects for the visitor reports with a symmetric cipher. The closest method available that Linden Lab provides is an XOR function. It is Read More