SAML: What's Behind SSO

avatar-jf.jpg Joël Franusic

Apple’s recent announcement of a single sign-on (SSO) solution, Sign in with Apple, has developers everywhere thinking about how to incorporate it into their application’s infrastructure. Apple is hardly the first organization to introduce SSO—it’s a security-focused methodology that has been available for years—and one of the protocols behind it is SAML. The SAML protocol lets users prove their identities across multiple applications with just one set of login credentials. It was ratified in 2002...

Read more

Hashing Techniques for Password Storage

avatar-william_dawson.jpg William Dawson

Picture yourself a year from now. Someone just put your entire password database on Pastebin. User accounts are being hacked by the thousands and your local privacy regulator just called to have a chat. Depending on the hashing algorithm you were using to store your user passwords, you could be in a lot of trouble. As they say, an ounce of prevention is worth a pound of cure, so how does hashing work and what...

Read more

Build Continuous Integration with Jenkins in C#

avatar-charlie-holland.jpeg Charlie Holland

“It works on my machine.” If you’re a developer, or you work with developers, you’ve heard this phrase one too many times. If you’ve been in the industry for a while, you may even have the coffee mug, tee shirt, or mouse pad. It’s fair to say that if Bart Simpson decides to embark on a career in software, “It works on my machine” will be the new “Eat my shorts”. Jokes aside, it represents...

Read more

The Hardest Thing About Data Encryption

avatar-rdegges.jpg Randall Degges

Encrypting data is all about making sure that only the right people can view the data you’ve encrypted. There are two primary forms of data encryption: symmetric and asymmetric. While you can easily Google “symmetric encryption best practices” and figure out the best algorithms and developer libraries to use (more on this later) to encrypt and decrypt data, one thing isn’t so easy: figuring out how to properly store and manage your data encryption keys....

Read more

How to Have the Best Meetings in Your Life

avatar-reverentgeek.jpg David Neal

If I could sum up the amount of time I’ve wasted in meetings over the span of my career, it would be staggering! I’ve been in countless frustrating meetings where rabbits were chased down endless roads with no hope of return, dead horses were beaten beyond recognition, or the loudest person bullied the entire discussion with their personal agenda. Chances are you’ve had your share of exasperating meetings, too. Years ago I was introduced to...

Read more

Building Scalable Laravel Apps with PostgreSQL

avatar-krasimir.jpg Krasimir Hristozov

Laravel is one of the hottest frameworks for backend and full-stack development of Web applications today. It boasts a large number of quality features out-of-the-box, but it’s still easy to learn the basics. The community is vast, and there are tons of free resources available on the Internet. This sample application will use Postgres as the backend database system, Okta for user authentication, and Heroku for quick deployment to a scalable platform. Heroku is a...

Read more

Servlet Authentication with Java

avatar-joyanne-foster.jpg Joy Foster

It can be very satisfying to build an application “the hard way”, using few conveniences. This approach helps you understand core development principles and the inner workings of everyday abstractions. That’s why today, you’ll build an application from the ground up using Java Servlets with a login form. There are more modern, technologically savvy ways to handle authentication within your application, namely OAuth 2.0 and OIDC, which I will touch upon later. However, this post...

Read more

MySQL vs PostgreSQL -- Choose the Right Database for Your Project

avatar-krasimir.jpg Krasimir Hristozov

The choice of a database management system is usually an afterthought when starting a new project, especially on the Web. Most frameworks come with some object-relational mapping tool (ORM) which more or less hides the differences between the different platforms and makes them all equally slow. Using the default option (MySQL in most cases) is rarely wrong, but it’s worth considering. Don’t fall into the trap of familiarity and comfort – a good developer must...

Read more

Use Vue.js Data Binding Options for Reactive Applications

avatar-dogeared.jpg Micah Silverman

Vue.js is known as a “progressive framework for building user interfaces”. There’s a lot to unpack in this simple statement. It’s easy to get started with Vue.js, with a minimal feature set, and then layer in more of the framework as you need it. Unike React, it has full support for the MVC (Model View Controller) pattern out-of-the-box. It’s easier to use and grow with than Angular. And, if you couldn’t tell, I’m a little...

Read more

Container Security: A Developer Guide

avatar-vrohilla.jpeg Vishal Rohilla

Have you ever spent hours trying to figure out why your newly-installed database, web server, or Python library won’t work? If this sounds familiar, you likely understand the joy of software containers. Forget all those fruitless Stack Exchange searches trying to solve your configuration and dependency problems. Just install a container platform and pull an image. Looking to bootstrap an instant LAMP stack? You can save yourself the time and run sudo docker run -p...

Read more