Explore >> Select a destination
|
You are here 
|
blog.cloudant.com | ||
| | | | |
philodev.one
|
|
| | | | | oAuth is a hard to get into because of its (necessary) complexity. A basic understanding of the standard flow and the actors involved can help to make better decisions and understand the security implications of the choices. | |
| | | | |
www.rasikjain.com
|
|
| | | | | Here are three scenarios for implementing authentication workflows. Internet Applications (Public facing) For internet web applications and APIs, Session based (SessionID cookie) and Token Based (JWT) Authentication can be implemented. Session Based: Implemented for a majority of traditional and stateful web applications. Once the user is authenticated, A Session state is created and stored in an external State server or SQL database. The Session state is identified by a unique SessionID.... | |
| | | | |
gouthamanbalaraman.com
|
|
| | | | | This post will give a basic discussion on securing authentication tokens that can be used with Flask-Login. | |
| | | | |
mathieu.fenniak.net
|
|
| | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | ||
