Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
I am sure that almost all of you would be aware about OWASP. But, just for the context let me just brief about the same.
OWASP is an international non-profit organization that is dedicated to web application security. It is a completely opensource and community driven effort to share articles, methodologies, documentation, tools, and technologies in the field of web application security.
Assume that you are building an application for a hypothetical store chain. Each user of this application is assigned a role, and each role has a defined set of activities that it can perform (technically the API that it can access). Let say this store has the following roles and activities. (Note: this is part our in a series on JWTs security best-practices, parts one, two, and three can be found here, here, and here, respectively.)
We will be implementing authentication with the following tools:
In the previous article, we introduced Authentication and Authorization. In this article, let us have a look at one of the most commonly used implementation, i.e. OAuth2.0.
In the traditional client-server authentication model, the client requests protected resources on the server by authenticating with the server using the resource owner's credentials. To provide third-party applications access to restricted resources, the resource owner shares its credentials with the third party. This sharing of credential can create several problems and limitations, some of which are listed below.
Right from the inception of computer-based applications to today, one of the most common, yet complex problems that almost every developer must have come across during his career is security. Which, means understanding what data/information to be presented to whom — in addition to many other aspects like time, validation, re-validation and so on.
All the concerns related to security can be broken down into two categories. Authentication and Authorization.
In previous article we have introduced OAuth2.0. In this article let us have a look at JWT.
JSON Web Token (JWT), usually pronounced as “jot,” is an standard () that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. They contain information in terms of claims and are specially used in in space constrained environments such as HTTP. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSAor ECDSA.
This is the second part of the four parts series of articles. In the previous article, we introduced you to Apache Kafka. In this article, we will briefly discuss Kafka APIs with special attention given to Kafka's Streams API.
Before we have a deep dive in Kafka streams, here's a quick refresher on important concepts in Kafka.
In previous articles, we have gained the ground on understanding basic terminologies used in Kafka and Kafka-Streams. In this article, we set up a single node kafka cluster on our Windows machine. Now, based on the knowledge we have gained so far, let us try to build a use case.
Consider a hypothetical fleet management company that needs a dashboard to get the insight of its day to day activities related to vehicles. Each vehicle in this fleet management company is fitted with a GPS based geolocation emitter, which emits location data containing the following information
Today, with the rise of IoT and Smart Devices, we are generating data at an unprecedented speed. With distributed computing, data is generated somewhere and processed somewhere else. Sensors or UI on devices capture some data (manual or automated) as an event and send it to some other unit for processing. This happens continuously.
These events may be processed at a fixed rate or in bursts, resulting in a stream of events. This process is known as an Event Stream. In most scenarios, these events are generated at a very high speed (seconds or even milliseconds). So, we need to process these event streams at the same or higher processing rate.