Über…
Das ist das Blog von Sven Hasselbach über Themen aus der Entwicklung und alles, was ihm sonst so durch den Kopf geht.
Seit 2003 als freiberuflicher Entwickler deutschlandweit im Einsatz, mit dem Schwerpunkten Lotus Notes & XPages, Spring, Java & OSGi
IBM ICS Champion 2013
Um Kontakt mit mir aufzunehmen, einfach eine eMail an contact<at>hasselba.ch schicken oder mich bei XING finden:
Projektanfragen sind immer willkommen!
Schlagwort-Archive: Security
Re: Make sure that the “Names.nsf” cannot be accessed via Internet!
Because my comments are still awaiting moderation (tried two times hours ago, but no luck), I have decided to answer to this post from Milan in my blog: „Yes, it is not good that these passwords are reachable from „outside“, … Weiterlesen
node.js, domino-db & Docker (10): Protecting Proton Keys
Before we are looking into the details how to setup a non-anynomous connection to Domino’s Proton server, I have an advice for protecting the key files required for the connection. The keys are not password protected, and this is a … Weiterlesen
Veröffentlicht unter Docker, ES6, Java Script, node.js, Security
Verschlagwortet mit Docker, domino-db, ES6, Java Script, node.js, Security
Ein Kommentar
node.js, domino-db & Docker (8): Security
Security is a big topic when developing node.js applications. A simple helper for writing secure code is the eslint-plugin-security plugin. It checks for common mistakes during writing code, for example using the eval statement with external input, or unsafe RegEx … Weiterlesen
Veröffentlicht unter Java Script, node.js, Security
Verschlagwortet mit node.js, Security
Schreib einen Kommentar
java.security.AccessControlException kills productivity
Dear IBM, can you please remove the totally useless java policy restrictions? Especially for agents running on the server? I can’t imagine how much life time and customers money was spent during the last decades just to find a workaround … Weiterlesen
The anatomy of a LTPA token
LTPA Token LTPA token are widely used in the IBM world for authentication between different physical machines, also known as WebSSO. There are two three types available, LTPA1, LTPA2 and a Domino format. LTPA1 and LTPA2 are commonly used with … Weiterlesen
REST & Security: Why HTTP GET is insecure (and the other methods too)
Yesterday René commented that submitting username and password with HTTP GET is insecure, because they are submitted in clear text over the wire as part of the URI. At the first moment, I did not give some thought about it, because it is known … Weiterlesen
REST & Security: More about the DominoStatelessTokenServlet
During the last days I have refined the DominoStatelessTokenServlet a little bit. It is now a pre-beta release, and I think it is time to explain some details about it. While it is still a proof-of-concept, it demonstrates how a … Weiterlesen
REST & Security: A Stateless Token Servlet
I have uploaded some of my projects to GitHub, including an alpha version of a stateless token servlet. The servlet has it’s own authentication mechanism (the password is currently not validated), and for developing purposes it uses HTTP GET. In … Weiterlesen
REST & Security: Same-Origin Policy / CORS
The „Same-orginin policy„ is an important concept for protecting web applications. In short, only resources from the same domain are allowed, everything else is permitted denied. To allow access other domains in your application, you have to enable „CORS„, a … Weiterlesen
Veröffentlicht unter Java Script, REST, Security, Web
Verschlagwortet mit REST, Security, ServerSide JavaScript, Web
2 Kommentare
Raspberry Pi vs. IBM Bluemix – 1:0
I had some time last night (the whole family had gone to bed early), so I spent some to look at the XPages integration into Bluemix. I found the Greenwell Travel Expenses Demo: But after clicking a link, the page … Weiterlesen