Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
Serverless reduces a lot of operational burdens, but a secure architecture is still your responsibility.
From web threats over IAM principles to auditing and monitoring, learn more about securing serverless architectures in this 2-parter infographic:
Building full-stack Express applications have always involved connecting to a database or external resources that are needed to have functional applications. When connecting to these external resources, we would need a means of verifying our identity before making a successful connection.
We use special secret keys or API keys that are specific to our application to verify our identity. These keys should always be kept secret from the public eye, as the web is an open village, or we stand to lose our application to cybersecurity attacks.
As the number of services grows in an organization, the problem of secret management only gets worse. Between Zero Trust and the emergence of microservices, handling secrets such as tokens, credentials, and keys has become an increasingly challenging task. That’s where a solution like HashiCorp’s Vault can help organizations solve their secret management woes.
Although there are secret management tools native to each cloud provider, using these solutions locks you in with a specific cloud provider. Vault, on the other hand, is open source and portable.
There is no doubt that the world's workforce is becoming more remote, particularly in tech as developers can now work from any location in the world. But there are a large number of new obstacles that come with this. The most pressing is security.
Take the current COVID-19 health crisis. From one day to the next, countries are going into quarantine and forcing companies and developers into working remotely. I for one am writing this from my home office in Paris, sipping filter coffee while looking onto the empty streets in a complete lock-down that started last week (April 2020).
Hello, everyone! Today, I will try to explain in detail how to implement Client Id Enforcement in Mule 4. The purpose of the Client ID Enforcement policy is to allow access only to authorized client applications.
The Client Id Enforcement policy is used to restrict access to a protected resource by allowing requests only from registered client applications. The policy ensures that each request, which contains valid client credentials is able to access protected resources.
I use AWS CodeCommit to hold the work-in-progress articles for this blog. It's free, it's private, and it's not living on a disk drive in my house.
To access my repositories, I use SSH private key authentication. Unlike GitHub, CodeCommit doesn't just let you attach a public key to a repository. Instead, you associate a public key with a user token, and must use that user token to access the repository. That's not too onerous, because you can put the token in your .ssh/config: