Category: Web Security
-
Faking Enumerations with Vanilla javascript
What is an Enumeration? An Enumeration is a way to create a limited list of options to choose from.This is useful for keeping a list of field names for a form so you can use javascript to animate something for example. Having a limited list of options is helpful so that you can eliminate bugs…
-
How to secure individual Symfony AJAX api routes without using API Platform
I am in the process of updating this article entirely. Please stay tuned. Creating the Symfony route is easy. Checking if the request was sent by AJAX is again easy. But what stops a mischievous hacker from hitting that endpoint and trying to get a list of used emails or something else with a script?…
-
How to add CSRF protection to Symfony 5+ forms
How CSRF works What you are basically doing with CSRF is trying to make sure a hacker has not created a fake form to gather private information from your user. You want your app to create a unique string and save it on the server in a session cookie or database, redis etc. Then you…
-
How to create ssh keys for admin user login without passwords
The idea is to have a way for an admins to SSH into a server without having to use passwords. This adds a level of security to your server setup. Without private keys you have to enter your user name and password. This can be less secure than generating SSH keys and adding your public…
-
Stupid linux issues.
This is my collection of stupid. Top of the list Debian/Ubuntu removes apt-key support and doesn’t tell anyone they did it, doesn’t give anyone a single hint as to what to do. No just remove/deprecate shit and don’t tell a single soul on earth. This kind of stupid makes me want to leave the industry…
-
How to create ssh deploy keys for github
One issue with creating SSH keys is there are so many ways to do it and no one tells you why they do what they do. A quick search will reveal almost everyone has their own way of doing it. If you are new to ssh keys I suggest you read this article really quick.…
-
SSL links, videos and other resources.
SSL is a very important subject. All websites/apps should be using it. However the docs will leave you scratching your head saying WTF? So I am creating this long list of resources for anyone else who ever has to learn how to use it. Articles First here is a link to the docs – this…
-
Our programming tools are stuck in the past
Recently I decided to start automating my infrastructure. Before this it had never occurred to me how stuck in the past our ancient tools are. These days we have the cloud. We can fire instances up in seconds. But to do this we need ways of automating things. Tools such as SSH, SSL, GIT etc.…
-
How to use Multiple ssh deploy keys with Github and Git
I came across this issue when automating infrastructure provisioning. I needed a way to pull the repository code for my app in the provisioning scripts. I didn’t want to use the ssh keys I have setup for the entire Github account due to security. I discovered that github has the ability for you to add…