Tag: security

OpenPGP: no, it’s not broken yet

A picture of a digital lock

You may have noticed: encryption has received some bad rap lately. I’m talking about Efail and SigSpoof of course, two flaws that impacted OpenPGP-based applications such as GnuPG, Enigmail, etc. Does it mean that OpenPGP is broken?

From stateful to stateless RESTful security using Spring and JWTs – Part 4 (JWT-based authentication)

Previously we have managed to finally get rid of that Session object and transform our RESTful API security to leverage a stateless authentication solution. We replaced our beloved JSESSIONID with a simple string of text, a token, that allowed us to identify a user. But the solution we used is not secure at all. We still need to find a token with the right characteristics to be safe enough in this world of leaks and breaches. Enter JWTs…

From stateful to stateless RESTful security using Spring and JWTs – Part 3 (token-based authentication)

Last time we reviewed how to quickly set up stateful authentication on our Spring-based project. That’s very nice ‘n’ all, and in many cases you won’t need anything more. However shouldn’t we try to get rid of that session-based dependency and attempt to move to a REST-friendly stateless authentication solution? Let’s begin…