Peter Locke – Medium

Published in

·Jul 7, 2017

Getting Token Authentication Right in a Stateless Single Page Application

Single page application architecture is becoming more prevalent, yet many established patterns to implement authentication security and user experience have not caught up. Patterns used by traditional web applications do not cross over well, or at all, to a true stateless architecture where there is no server-side web session. The…

Authentication

12 min read

Authentication

12 min read

Published in

Lightrail

·Jun 26, 2017

Prevent Business Intelligence Leaks by Using UUIDs Instead of Database IDs on URLs and in APIs

Let’s examine an innocuous looking URL that you may see when you are looking at your order history on some e-commerce site: https://www.yourfavsite.com/account/orders?orderid=5963 Speaking strictly from an application security perspective, there is no problem here. As long you’ve done your job on the back end checking that the order’s user…

Programming

6 min read

Prevent Business Intelligence Leaks by Using UUIDs Instead of Database IDs on URLs and in APIs

Programming

6 min read