Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- Types

  4 ways to obtain access token in OAuth 2.0

OAuth 2.0 is an authorization mechanism, it's ,mainly used for issuing access token. There are 4 ways to obtain access token as per RFC 6749. Authorization code Implicit Password Client credentials The third party application must obtain a client id and client secret from the target service before obtaining access token no matter which method to use. This is to prevent token to be used maliciously. Authorization code With this method, the third party application must first get an authorization...

   OAUTH2,ACCESS TOKEN,REFRESH TOKEN     2019-06-29 07:12:03

  What is encryption? Its role in the modern age

“Messages and calls are end-to-end encrypted.” If you are a WhatsApp user, you must have read this statement at the top of chats you open. Now, what does it mean? The statement signifies that all the messages or voice notes shared between users are encrypted, and no one can read or listen in on them. As mostly all of us use messaging apps and emails, information security has become a major concern. Moreover, we don’t know how many digital footprints we leave on the web can be t...

   DATA SECURITY,VPN     2021-01-21 08:04:16

  Convert JKS to BKS using keytool

There are lots of questions(question 1, question 2) on Stackoverflow about how to convert JKS keystore to BKS keystore(a keystore format provided by BouncyCastle) using Java keytool.  The reason why this conversion gets lots of questions is that BKS is not a keystore format supported by Java SE, it's a third party keystore format. To convert JSK to BKS, the BKS provider has to be downloaded first. And a few more options needs to be added when running the keytool command. The typical co...

   JKS,BKS,KEYTOOL,JAVA,SECURITY     2016-07-14 03:49:52

  Unfortunate Python

Python is a wonderful language, but some parts should really have bright WARNING signs all over them. There are features that just can't be used safely and others are that are useful but people tend to use in the wrong ways. This is a rough transcript of the talk I gave at my local Python group on November 15, with some of the audience feed back mixed in. Most of this came from hanging around the Python IRC channel, something I highly recommend. [update 2011-12-19: improved "array" cr...

   Python,Defects,Deprecated methods,Warning     2011-12-20 08:27:36

  Generate certificate in Java -- Store certificate in KeyStore

In previous post, we have explained how to create a certificate chain in Java. After generating the chain, we need to store it somewhere so that it can be used later when we are doing the actual SSL communication, either in a key store or trust store. This post will show you how to store the private key and its associated certificate chain in a keystore file. There are different types of keystore in Java, in this post, we will choose the JKS to demonstrate how to store the certificate chain. Whe...

   Java,Certificate chain,Keystore     2014-08-20 03:56:39

  Be careful about nil check on interface in GoLang

nil check is frequently seen in GoLang code especially for error check since GoLang's special error handling convention. In most cases, nil check is straight forward, but in interface case, it's a bit different and special care needs to be taken. Take a look at below code snippet and guess what the output will be. package main import ( "bytes" "fmt" "io" ) func check(w io.Writer) { if w != nil { fmt.Println("w is not nil") } fmt.Printf("w is %+v\n", w) } func main() { var b *bytes.B...

   INTERFACE,GOLANG,NIL CHECK,NIL TYPE,NIL VALUE     2019-04-06 07:47:07

  Different types of keystore in Java -- JKS

JKS is Java Keystore, a proprietary keystore type designed for Java. It can be used to store private keys and certificates used for SSL communication, it cannot store secret keys however. The keytool shipped with JDKs cannot extract private keys stored on JKS. This type of keystore usually has an extension of jks. Next we will show how to operate the JKS keystore with pure Java code. Create JKS keystore The simplest method to create a JKS keystore to create an empty keystore. We can first get an...

   DEMO,EXAMPLE,KEYSTORE,JKS     2014-09-05 20:21:51

  How does JGSS read Windows native TGT credential?

MS LSA is a protected subsystem that authenticates and logs users onto the local system. The user credential is stored at the native credential cache of LSA on Windows. This kind of credential is often used to authenticate the user to the server, one of the authentication methods is Kerberos. JGSS has provided a native interface which can read the native TGT credential and use it to get the TGS of a service. But how does JGSS read the native TGT credential? Here is a sample code for reading nati...

   KERBEROS,JGSS,MS LSA,NATIVE CREDENTIAL,TGT,SESSION KEY TYPE     2015-03-25 03:42:32

  Web Security: In-Depth Explanation of X-XSS-Protection

What is X-XSS-Protection X-XSS-Protection is an HTTP response header designed to enable or configure built-in cross-site scripting (XSS) filters in certain versions of Internet Explorer, Chrome, and Safari. The purpose of these filters is to detect reflected XSS attacks in the response and prevent the loading of pages, thereby protecting users from such attacks. The X-XSS-Protection response header was initially introduced by Microsoft in Internet Explorer 8 to control the browser's XSS filter. ...

   X-XSS-PROTECTION,WEB SECURITY,CONTENT SECURITY POLICY,XSS,CSP     2023-11-29 01:48:40

  + operation on JavaScript objects

In JavaScript, there are two types of values: primitive and object. Primitives consist undefined, null, boolean, number and string. Other values such as array and function are objects. When applying + operation on different type of values, there would be three kinds of type conversion. Primitive conversion Number conversion String conversion There three type conversions have corresponding abstract operations in JavaScript: ToPrimitive(), ToNumber(), ToString(). For number additi...

   JAVASCRIPT,PROGRAMMING     2018-10-12 22:19:12

RECENT