Μετάβαση στο κύριο περιεχόμενο

The reality and the future of software engineering

Δημοσίευση σχολίου

Creating a user registry - design and development tips based on modern guidelines and standards [Part 1: Introduction]

Sooner or later, it is almost inevitable that a software engineer comes across the challenge of creating a user registry to store users, user attributes, user credentials and authentication / authorization activities.

It is a very common need since most applications, especially Web and mobile ones, require such functionality, however there are quite a few pi
tfalls in building a secure registry that will resist external and internal attacks. And it will attract attackers since it is one of the most critical component of an application / platform were sensitive data are stored.

Nowadays, there are offerings by cloud providers to create your user registry on their platforms or use OAuth to accept users from other applications, instead of storing their credentials in your premises. Also, there are of course, COTS solutions to run on-premises. Such solutions are definitely a valid way to avoid a significant number of concerns that you have when you build and maintain your own user registry, however there are significant drawbacks too. I will not get into that discussion and I will suppose that your organization decided to create and maintain its own registry of users, their credentials and their behaviors. Now your job is to create a component that will provide the appropriate functionality, be stable, have high performance, allow for various integrations and above all be secure.

The literature in this area is vast. As is the terminology used with the primary being: Identity and Access Management (or IAM) [Wikipedia article]. Yet, it is typical for IT security documents to be lengthy, abstract and lack practical advice - thankfully with a number of notable extensions, on which, this series of posts are based.

So, in the following posts, I will discuss certain aspects of building a user registry, focusing on design and development practices to ensure primarily security and secondarily flexibility with regard to requirements. I will avoid lengthy theoretical discussions and whenever possible I will point to what is currently regarded as best/leading practice.

Stay tuned!

Σχόλια

Δημοσίευση σχολίου

Δημοφιλείς αναρτήσεις από αυτό το ιστολόγιο

Counting Words, Characters and Lines with Notepad++

One of the best text editors in Windows is Notepad++ as it is lightweight, it provides a wealth of useful functionality –let alone the possible extensions through plugins. File Summary A useful feature of Notepad++ is that you can easily get a view on the size metrics of the document you are currently working on (characters, words, lines, etc). However, the menu is not that intuitive on finding that capability. So in order to get the above values you should go to: View >> Summary… The summary contains the following: Full path Created Modified File length (in byte) Characters (without blanks) Words Lines Current document length Selected Area Summary Nevertheless, the above summary provides file-level statistics and it may only provide the number of bytes and characters of a selected area. In order to count the word, characters, lines, etc. for just a selected part of the file you can install and use the TextFX Character plugin through the...
2 σχόλια
Διαβάστε περισσότερα

Format / beautify JSON strings fast and easy

If you are a Web developer you will have to handle JSON strings, for developing, debugging and testing applications and APIs. During theses processes you will also have to use JSON strings that are copied for a HTTP sniffing/dumping tool (e.g. the developer tools of your browser) to analyse them, present them or share them. In that case, you will need to beautify them so that they become human friendly and readable. How do you do that fast and efficiently? OK, there may be a trillion different ways, and almost all IDEs that have some respect for themselves provide such JSON formatting functionality. But IDEs are heavy, and you typically will not create a new file to copy and paste the JSON string to beautify it and then discard it. I've seen many people resorting to "online" formatting tools (i.e. javascript-based formatters), but do you really need to do that (plus, you may be "sharing" you data without realizing it)? Notepad++ to the rescue again!  ...
Δημοσίευση σχολίου
Διαβάστε περισσότερα

Visual Studio 2015 and Git: part 1, cloning a repository

So, your manager sent you a URL and told you to go fix that little C# library that causes all that trouble, which, by the way, is hosted on a git server somewhere online. You have to send him back the new dll ASAP so that his promotion is not at stake. The bad news is that you have no clue how you do that -after all you are a Java developer and use SVN. The good news is that you found this blog. Worry no more, this 6-post-long quick guide is here for you to walk you through using the Visual Studio 2015 Git plugin to effortlessly accompish the following things: 1. clone a repository (presented in this post) 2. create a branch 3. commit changes 4. merge branches 5. pull changes from the repository 6. push your commited changes to the repository The idea here is to help beginners use the VS2015 Git plugin to quickly set up their environment so that their managers get their promotions and they skip studying the command-line git dissertation help pages or wandering thro...
Δημοσίευση σχολίου
Διαβάστε περισσότερα