본문 바로가기
  • AI (Artificial Intelligence)

Security103

JSON Web Token Tutorial Ref. www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs With the rising popularity of single page applications, mobile applications, and RESTful API services, the way web developers write back-end code has changed significantly. With technologies like AngularJS and BackboneJS, we are no longer spending much time building markup, instead we are .. 2021. 2. 5.
openid-client Ref. www.npmjs.com/package/openid-client openid-client is a server side OpenID Relying Party (RP, Client) implementation for Node.js runtime, supports passport. Implemented specs & features The following client/RP features from OpenID Connect/OAuth2.0 specifications are implemented by openid-client. OpenID Connect Core 1.0 Authorization Callback Authorization Code Flow Implicit Flow Hybrid Flow .. 2021. 2. 4.
Authentication and Authorization Ref. swagger.io/docs/specification/authentication/ OpenAPI uses the term security scheme for authentication and authorization schemes. OpenAPI 3.0 lets you describe APIs protected using the following security schemes: HTTP authentication schemes (they use the Authorization header): Basic Bearer other HTTP schemes as defined by RFC 7235 and HTTP Authentication Scheme Registry API keys in headers,.. 2021. 2. 3.
The standard authorization code flow Ref. developer.xero.com/documentation/oauth2/auth-flow The standard authorization code flow is suitable for web server applications that can securely store a client secret. If you’re building a native app (desktop or mobile) then you should refer to the PKCE flow. To get started, create an OAuth2.0 app and make sure you select the “Auth Code” grant type. Your app is assigned a unique Client ID a.. 2021. 2. 3.
The standard authorization code flow - Good Sample Design Ref. developer.xero.com/documentation/oauth2/auth-flow The standard authorization code flow The standard authorization code flow is suitable for web server applications that can securely store a client secret. If you’re building a native app (desktop or mobile) then you should refer to the PKCE flow. To get started, create an OAuth2.0 app and make sure you select the “Auth Code” grant type. Your.. 2021. 1. 26.
OpenID Connect Core 1.0 Ref. openid.net/specs/openid-connect-core-1_0.html Abstract OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. This specification defines.. 2021. 1. 22.
OpenID Connect Flows Ref. www.scottbrady91.com/OpenID-Connect/OpenID-Connect-Flows OpenID Connect defines three flows, two of which build upon flows defined in OAuth 2.0. These flows dictate what response types an authorization request can request and how tokens are returned to the client application. This article describes each flow, when to use it, and how to secure it. Authorization Code Flow The authorization co.. 2021. 1. 22.
New Architecture of OAuth 2.0 and OpenID Connect Implementation Ref. darutk.medium.com/new-architecture-of-oauth-2-0-and-openid-connect-implementation-18f408f9338d 1. Semi-Hosted Service Pattern This article describes details about a new architecture of OAuth 2.0 and OpenID Connect implementation which is categorized as "Semi-Hosted Service" pattern in “Deployment and Hosting Patterns in OAuth”. In the pattern, a frontend server (an authorization server and .. 2021. 1. 21.
Diagrams of All The OpenID Connect Flows Ref. darutk.medium.com/diagrams-of-all-the-openid-connect-flows-6968e3990660 Introduction OpenID Connect has been developed by extending OAuth 2.0. OAuth 2.0 is a specification as to how to issue access tokens. It is defined in RFC 6749 (The OAuth 2.0 Authorization Framework). (c.f. “The Simplest Guide To OAuth 2.0”) OpenID Connect is a specification as to how to issue ID tokens. The main part i.. 2021. 1. 21.
OAuth 2.0 and OpenID Connect Overview Ref. developer.okta.com/docs/concepts/oauth-openid/ To decide which authentication flow is best for you based on the type of application that you are building, you first need to understand OAuth 2.0 and OpenID Connect and how you can implement these two flows using Okta. Authentication API vs OAuth 2.0 vs OpenID Connect There are three major kinds of authentication that you can perform with Okta.. 2021. 1. 21.
Access Management with OpenID Connect 1.0 Ref. backstage.forgerock.com/docs/am/6/oidc1-guide/ Preface This guide covers concepts, configuration, and usage procedures for working with OpenID Connect 1.0 and ForgeRock Access Management. This guide is written for anyone using OpenID Connect 1.0 with Access Management to manage and federate access to web applications and web-based resources. About ForgeRock Identity Platform™ Software Forge.. 2021. 1. 21.
OpenID Connect flow Ref. docs.axway.com/bundle/APIGateway_762_OAuthUserGuide_allOS_en_HTML5/page/Content/OAuthGuideTopics/OpenidImport/openid_flow.htm API Management Versions 7.5.X And 7.6.X Reached End Of Support In November 2020. Please Contact Axway Support To Discuss Which Options Are Available To You. OpenID Connect flow Estimated reading 1 minute or less The OpenID Connect process follows the OAuth 2.0 three-.. 2021. 1. 21.
[dCRYPTO] Ethereum 2.0에 대해서 자세히 알아보자 Ref. medium.com/@donekim/dcrypto-ethereum-2-0%EC%97%90-%EB%8C%80%ED%95%B4%EC%84%9C-%EC%9E%90%EC%84%B8%ED%9E%88-%EC%95%8C%EC%95%84%EB%B3%B4%EC%9E%90-faq%EC%A0%95%EB%A6%AC-156fe0d84459#:~:text=%EC%9D%B4%EB%8D%94%EB%A6%AC%EC%9B%80%202.0%EC%9D%80%20Eth2,%EA%B1%B0%EC%B9%98%EB%A9%B0%20%EC%B6%9C%EC%8B%9C%EB%90%A0%20%EC%98%88%EC%A0%95%EC%9E%85%EB%8B%88%EB%8B%A4. 오늘은 이더리움 2.0에 대해서 궁금해하실 분들을 위해서 이더리움 2.0에.. 2020. 12. 2.
Kubernetes for Prometheus Dashboard Ref. github.com/starsliao/Prometheus/tree/master/kubernetes 【中文版本】2020.10.03更新,kubernetes资源全面展示!包含K8S整体资源总览、微服务资源明细、Pod资源明细及K8S网络带宽,优化重要指标展示。kube-state-metrics部署:#kube-state-metrics部署在ops-monit命名空间 kubectl create namespace ops-monit cd kube-state-metrics kubectl apply -f . Kubernetes for Prometheus Dashboard 使用: https://grafana.com/grafana/dashboards/13105 截图 整体资源总览 微服务资源明细 Pod资源明细 K8S网络带宽 2020. 11. 6.
How to create a Self-Signed SSL Certificate with OpenSSL Ref. https://www.learn2crack.com/2014/02/create-ssl-certificate-openssl.html OpenSSL is an open-source implementation of the SSL and TLS protocols. OpenSSL can be used to create your own Self Signed SSL certificates which can be used with your website. In this tutorial we are going to show you how to create a SSL certificate in Ubuntu. Here I am using Ubuntu Linux 13.10 distribution. Steps to cr.. 2020. 8. 11.
Synology NAS(IPsec) 시놀로지는 NAS를 주로 제작하는 대만 업체로 국내에서도 꽤나 유명한 업체입니다. 저는 2015년부터 DS415+ 모델을 사용하고 있습니다. 요즘 업그레이드 욕심이 나기는 하는데, 아직까지 성능의 부족함을 느낀 적은 없습니다. 그저 신제품이 가지고 싶을 뿐. 1베이 모델도 드물긴 하지만 있고, 2베이, 4베이 모델부터 랙 마운트용 NAS 장비도 갖추고 있습니다. 기회가 된다면 신형 4베이 제품에 32TB로 갖추고 싶네요. ㅎㅎ VPN? VPN은 Virtual Private Network의 약자로 가상 사설망을 뜻합니다. 주로 인트라넷 같은 사설망을 운영할 때 사용합니다. 저 같은 경우는 내부에서만 접근할 수 있는 개발용 서버 등을 사용하거나 해외에 있을 때 해외에서 접근이 안 되는 국내 사이트 접속시 I.. 2019. 8. 13.
HTTPS를 활성화하고 Synology NAS에서 인증서 서명 요청을 만드는 방법 개요 일부 상황에서는 HTTPS(Hypertext Transfer Protocol Secure)를 사용하여 Synology NAS와 다른 장치 간의 네트워크 통신을 암호화하고 보안을 적용함으로써, 정보 누출을 방지하고 메시지 가로채기 공격으로부터 보호할 수 있습니다. 네트워크 통신을 보호하려면 Synology NAS를 사용하여 자체 서명 인증서와 인증서 서명 요청(CSR)을 만들면 됩니다. 이 문서에서는 Synology NAS에서 HTTPS를 활성화하는 방법과 함께 인증서 서명 요청을 만드는 단계를 보여줍니다. 인증서 서명 요청은 타사 디지털 ID 인증서를 가져오는데 사용될 수 있습니다. 또한 Let's Encrypt를 사용하여 Synology NAS에서 HTTPS를 구성하는 방법에 대해서는 이 비디오 .. 2019. 8. 13.
VPN 보안 프로토콜 설명: PPTP 이해하기 많은 VPN 서비스는 PPTP를 보안 프로토콜을 제공합니다. 그런데 PPTP이 무엇인지 그리고 왜 중요한지 모르나요? 그렇다면 아래 내용을 확인하세요. 쾌적한 브라우징 전용의 VPN 프로토콜을 선택하는 것은 어렵습니다. 업계 최고의 속도를 자랑하는 프로토콜을 원한다면 PPTP가 제격입니다. PPTP란? PPTP는 무엇이고 무엇을 의미하나요? PPTP는 Point-to-Point Tunneling Protocol(지점간 터널링 프로토콜)의 줄임말입니다. 쉽게 말하자면 컴퓨터가 일련의 규칙을 따라서 서로 통신하는 언어입니다. 사용자는 이러한 통신 규칙을 사용해서 VPN 역할을 하는 공공 네트워크를 통해 “터널링”을 진행하여 개인 네트워크를 확장할 수 있습니다. 1999년에 생성된 PPTP는 가장 오래된 VP.. 2019. 8. 13.