- The proper way to use OAuth in a native app.
IETF submitted a draft on the best approach to implement OAuth in a mobile native app. They recommended a specific flow and some security considerations.
I am going to show how to implement these in the code on both mobile platforms iOS, and Android using Facebook authentication service as an example of OAuth provider, and then show how Facebook and Google SDK for those platforms are implementing this apporaches.
This is not an OAuth tutorial, so I am assuming that you are familiar with OAuth terminologies and workflows.
read more ...Token Based Authentication and JWTHTTP protocol specified only two standard authentication mechanisms, which are implemented in every browser, the HTTP basic authentication , and Digest authentication.
Because they only reference the user name that they pass with the calls, the development communities in every web development platform came up with their better customized solutions.
read more ...Making sense of SSL, RSA, X509 and CSRThis is the second part of learning about SSL/TLS.
The first part was how to protect the site with SSL.
This part is about explaining more the terms, technologies, protocols, standards used in SSL.
read more ...Web security - Basic AuthenticationAlthough basic authentication is not widely used anymore, but understanding it is a good idea, because some parts of it are used in other security mechanisms like JWT for example.
read more ...Secure your web site with SSLIn order to secure the web site with SSL, you first need to buy a certificate.
A certificate is a document that your website will send back to the browsers as an "Official identification" for your web site, and your business.
read more ...Ajax, CORS, JSONP and the battle with Same-Origin Policy
All modern browsers have a built-in security policy called Same-origin policy, which help mitigate many vulnerabilities and security flaws. This policy means the browser can only pull data from the same site.
Same site means pages that share the scheme (http, ftp, https...), and the host name and the port.
read more ...