Vault encryption, an upgrade

In my first post about encryption I discussed a solution that was basic. The approach used Spring’s Encryptor classes, one of which, the queryable TextEncryptor, was deprecated due to it being insecure. Since then, I have spent time enhancing other aspects of the platform, as well as kicking off an app based on it.… Read more

Moving JWT from headers to cookies

One item that has been nagging me, as we continue developing our framework and sample apps, is that the Java Web Token (JWT) is n the header of the request like this.

GET http://localhost:8080/someprotectedendpoint
Authorization: Bearer <jwt token>

While this works absolutely fine, there are some drawbacks in terms of security.… Read more

Python, oh how I’ve missed you (the power of unpack)

Recently I started playing around more with my Neo Smartpen. The company makes their data storage format public and I wondered how long it would take me to write a program to show my handwritten pages within a simple app. Given my background, I knew I could do this quickly in Java with a UI in Swing so I started there.… Read more

Cognito to rule them all?

After writing custom code to handle signing up users, sending emails, supporting multi-factor authentication, I looked more into alternatives. Why? As a startup you have to be scrappy. Use what’s free, create solutions for platform parts that cost too much for where you’re at. Eventually, you will grow out of this and will need to look at alternatives.… Read more

MFA (Take Two)

It’s been a while since I’ve written a post. I’ve been heads down working on the platform thinking more about use cases, revising code and introducing a basic React client. If I haven’t mentioned already, I love IntelliJ. It’s my tool of choice and have been using it for years. Every time they make a release they introduce something cool that is helpful.… Read more

Multi Factor Authentication

Multi factor authentication has become ubiquitous in web applications. If you work in financial services it’s even a legal requirement in some states. For most of us working professionals I believe we all agree enhanced security for our customers is a good thing. While we have already tackled broader approaches, such as encryption and server hardening, we also want to cover more fine grained approaches that affect an individual’s experience.… Read more

Encryption

First and foremost, I am not an encryption expert. I’ll tell you right off the bat that the solution provided before is not the best to use in a production environment. This is because the encryption password is stored in the application.properties file. If someone gets access to the box and they can read the file, they can decrypt our data.… Read more

Neo Smartpen

Finally. I’ve finally found a smartpen that I like. Not that there was a lot of competition, at least competition that I was aware of. Years ago, when Livescribe came out with their pen I was in awe. According to Wikipedia this was around 2008. I was in amazement that there was this pen that could record what I wrote and I still got to experience the enjoyment of writing.… Read more

Account Verification

Once a user signs up for service on our site we want to make sure we have some type of verification system in place to help ensure they are a real user. Quite often this is done by sending out an email with an account verification link which allows a prospective user to finalize their account creation.… Read more