In the famous 1993 cartoon from the New Yorker, one canine sits at a PC, looking at another, and says, “On the Internet, nobody knows you’re a dog.” More than a quarter of a century later, digital certificates have made us more certain who we’re talking to online, but there are still problems that mean we can’t be 100% sure. Certificate pinning serves to close that gap by narrowing down the certificates we accept from...

Read more

Apple’s recent announcement of a single sign-on (SSO) solution, Sign in with Apple, has developers everywhere thinking about how to incorporate it into their application’s infrastructure. Apple is hardly the first organization to introduce SSO—it’s a security-focused methodology that has been available for years—and one of the protocols behind it is SAML. The SAML protocol lets users prove their identities across multiple applications with just one set of login credentials. It was ratified in 2002...

Read more

Picture yourself a year from now. Someone just put your entire password database on Pastebin. User accounts are being hacked by the thousands and your local privacy regulator just called to have a chat. Depending on the hashing algorithm you were using to store your user passwords, you could be in a lot of trouble. As they say, an ounce of prevention is worth a pound of cure, so how does hashing work and what...

Read more

“It works on my machine.” If you’re a developer, or you work with developers, you’ve heard this phrase one too many times. If you’ve been in the industry for a while, you may even have the coffee mug, tee shirt, or mouse pad. It’s fair to say that if Bart Simpson decides to embark on a career in software, “It works on my machine” will be the new “Eat my shorts”. Jokes aside, it represents...

Read more

Encrypting data is all about making sure that only the right people can view the data you’ve encrypted. There are two primary forms of data encryption: symmetric and asymmetric. While you can easily Google “symmetric encryption best practices” and figure out the best algorithms and developer libraries to use (more on this later) to encrypt and decrypt data, one thing isn’t so easy: figuring out how to properly store and manage your data encryption keys....

Read more

If I could sum up the amount of time I’ve wasted in meetings over the span of my career, it would be staggering! I’ve been in countless frustrating meetings where rabbits were chased down endless roads with no hope of return, dead horses were beaten beyond recognition, or the loudest person bullied the entire discussion with their personal agenda. Chances are you’ve had your share of exasperating meetings, too. Years ago I was introduced to...

Read more

Laravel is one of the hottest frameworks for backend and full-stack development of Web applications today. It boasts a large number of quality features out-of-the-box, but it’s still easy to learn the basics. The community is vast, and there are tons of free resources available on the Internet. This sample application will use Postgres as the backend database system, Okta for user authentication, and Heroku for quick deployment to a scalable platform. Heroku is a...

Read more

It can be very satisfying to build an application “the hard way”, using few conveniences. This approach helps you understand core development principles and the inner workings of everyday abstractions. That’s why today, you’ll build an application from the ground up using Java Servlets with a login form. There are more modern, technologically savvy ways to handle authentication within your application, namely OAuth 2.0 and OIDC, which I will touch upon later. However, this post...

Read more

The choice of a database management system is usually an afterthought when starting a new project, especially on the Web. Most frameworks come with some object-relational mapping tool (ORM) which more or less hides the differences between the different platforms and makes them all equally slow. Using the default option (MySQL in most cases) is rarely wrong, but it’s worth considering. Don’t fall into the trap of familiarity and comfort – a good developer must...

Read more

Vue.js is known as a “progressive framework for building user interfaces”. There’s a lot to unpack in this simple statement. It’s easy to get started with Vue.js, with a minimal feature set, and then layer in more of the framework as you need it. Unike React, it has full support for the MVC (Model View Controller) pattern out-of-the-box. It’s easier to use and grow with than Angular. And, if you couldn’t tell, I’m a little...

Read more