Full-stack infrastructure with the access management server, HTTP server, and backend service which takes just a couple of minutes to set up.
Nginx is one of the most popular HTTP servers, according to W3Tech used by more than 33% of all the websites. It’s a perfect choice to serve static content and to forward client requests to servers, thus acting as a reverse proxy.
Keycloak is an open-source identity and access management service. It offers all the features you might need, like multi-factor authentication, integration with common identity providers, user federation, brute force protection, and many others.
Why not put…
I had been working in software development for a couple of years when a breaking change to my career was triggered. I left for a long maternity leave.
However strange this may sound, these were three sabbatical years. Not in the sense of having nothing to do, but in the sense of being able to step out of the daily job routine and take a look at things from a different angle. While being alone with kids at home, without having any serious mental work to do, I was more and more leaning into learning new things. I was stealing…
Did you turn on CSRF protection in your Angular application? Did you notice this doesn’t work for legitime cross-site requests?
Imagine you wake up one day and realize that someone has stolen your internet domain. Exactly this was the case of designer David Airey a couple of years ago. An attacker who exploited Gmail’s CSRF vulnerability, got control over David Airey’s mailbox and contacted the domain registrar in his name.
In past years CSRF gained awareness, so modern frameworks nowadays have built-in protection mechanisms.
A common case is that a web site is served from the same domain (that is…
It happened three weeks after Covid-19 had locked us down at our homes when a request came from the management: “Report the figures of your team’s productivity change after pandemic measures.”
As a software development team leader, I was startled. I didn’t have an answer.
“How your productivity has changed.”
It’s a valid question. Key performance indicators are like ears and eyes. Without them, we can barely judge what’s going on. Making the right decision becomes as difficult as hitting the bull’s eye without looking at the dartboard.
At the same time measuring KPIs often reminds me of quantum mechanics…
One day my colleague reported he couldn’t access a certain website. On every attempt he had been redirected back to the login page. I browsed to that website and surprisingly everything was working fine for me.
We checked our browsers and found out that we both are using the same version of the Chrome. What went wrong was that in his case session cookie was not passed along the request to the backend service and the backend replied with http status code 401 — Unauthorized.
There are a couple of reasons why the browser would not attach a cookie to…
Engineering lead passionate about getting her hands dirty with new technology, though always striving to see a happy user at the end of the journey.