[2018 oracle code one] JWT’s suck

Main menu:

Topics

Recent Posts

Feeds

RSS Feed RSS - Posts

January 2019
M T W T F S S
« Dec    
 123456
78910111213
14151617181920
21222324252627
28293031  

Past Posts

Java/Java EE

JDBC

Other

Archive for the tag "security"

[2018 oracle code one] JWT’s suck

October 25th, 2018 by Jeanne Boyarsky

JWTs Suck Speaker: Randall Degges @rdegges For more blog posts, see The Oracle Code One table of contents JWT (JSON Web Token) pronounced “jot” JSON data cryptographically signed Not encrypted most of the time Prove that some JSON data can be trusted Common use case: Website generates JWT after validating credentials. Website then sends JWT to browser […]

two factor and google voice

August 25th, 2018 by Jeanne Boyarsky

I’ve been using two factor authentication for a number of years.  I like when services offer a choice of two factor options. Or the common Google Authenticator app. Less of a fan of SMS required two factor. If I lose my phone or number, I can’t two factor authenticate to a few services. The most […]

good security – warnings in project

July 29th, 2018 by Jeanne Boyarsky

Cloudbees puts out security alerts frequently for Jenkins. We didn’t patch at CodeRanch for a while and then it got overwhelming. I wanted to get the latest JUnit plugin today. After upgrading to the latest Jenkins core, I went to manage Jenkins and saw this. I was pleased. The product itself reminded me that we […]