• Advanced HTTPS

    Adding an SSL Certificate and enabling HTTPS on your web site is not the end of the road for securing your website, and securing the communication to your website.
    It is just the start, and you need to do more steps related to HTTPS to guarantee your site safety, and your visitor safety. In this post I am going to describe:

    1. TLS and its algorithms in more depth.
    2. Insecure protocols, and algorithm.
    3. Best algorithm combination.
    4. Redirect from HTTP using HSTS.

    read more ...
    Universal (Isomorphic) React Application. Beyond the basics.

    I decided to write this post, because I didn’t find any blog post, article, or a tutorial that will sum up for developers what the issues they are going to face when they build a universal application.
    If you googled a tutorial on how to build a universal react application, you will find a lot, but most of them are just covering the surface, hello-world examples. But as you go further, or even you decided to use one of the universal frameworks/boilerplate, you will start to face some issues and difficulties.

    read more ...
    Redux Vs. MVC, Why and How?

    In last two or three years, we started to see the rise of Redux-based (or Unidirectional data flow architecture in general) in the user interface side of the applications, and the slowly decline of MVC based architecture in the UI side.
    What Redux has of advantages over MVC, and what problems it solves? I am going to show what the benefits of Redux over MVC.
    Redux library by itself is not enough to build a whole system, and this is why there is an ecosystem developed around Redux. I am going to show the basic ecosystem needed to build a Redux application, or the essential building blocks of a any redux-based application.

    read more ...
    The proper way to use OAuth in a native app.

    IETF submitted a draft on the best approach to implement OAuth in a mobile native app. They recommended a specific flow and some security considerations.
    I am going to show how to implement these in the code on both mobile platforms iOS, and Android using Facebook authentication service as an example of OAuth provider, and then show how Facebook and Google SDK for those platforms are implementing this apporaches.
    This is not an OAuth tutorial, so I am assuming that you are familiar with OAuth terminologies and workflows.

    read more ...
    Sending emails with attachments or embedded image using Amazon's AWS SES API & .NET.

    To send an email with AWS services, there are two options, either connecting directly to the AWS SMTP server with SMTP protocols, but then you have to open SMTP ports (587 or 25 usually). Otherwise you can use the AWS API which are bunch of REST API services that you can call them over HTTPS.
    AWS SES API has two options to send emails as described in the documentation:

    1. Send simple formatted email:
      which will make your life easy, but you are limited to send only text messages.
    2. Send raw email in order to send an embedded image or more complicated content.

    In order to send raw email with embedded images, you can just find some code on stackoverflow, but I will try in this post to describe what is going on, and how raw email works, so you can understand the process in details.

    read more ...