What's the easiest way to have sessions or at least cookie management in a python chalice web app? Have looked around but haven't found a good solution.
Related
I created a Rails API application, that is currently do his job awesomely, but I realized that is missing the most important part, a login from the React application and at the same time the authentication from a python application I developed that should consume those API as well.
Now, looking at the various offering, seems all fuzzy, at least from my prospective and I would like to have an advice that is not from 2016 or before but that is actual today.
Many solutions on the net, was getting dirty the main ApplicationController, that didn't make sense to me.
So I thought that a 'modern' way or let's say, 'a way' is to use doorkeep and devise.
I thought about Doorkeep because allow me to have the 'Applications' therefore I can delegate to applications the authentication in the proper way while using the JWT for the SPA application, but honestly I don't know from where to start deciding :)
I wanted to share here also the link of a blog post that inspired this question: https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization/
Sadly something I found still, without an answer, at the moment, is Setting up DoorKeeper with multiple Rails/React applications?
Now, I can use doorkeeper to manage the JWT for the SPA and the applications for the client in Python ?
Thanks in advance!
I am new to serverless architecture. I am about to create a banking application. Is it a good idea to develop my whole system using 100% serverless architecture (using AWS Lambda) or should it be a hybrid combination of both Serverless and Kubernetes Clustering. Thanks in advance
So long as you set your IAM access policies accordingly, secure your API Gateway endpoints with rotating keys on KMS, while using Cognito to provide JWT authentication for your users, then the short answer is yes (IMO). I have implemented quick and secure solutions with the new AWS secrets solution to store and rotate application secrets quickly and easily, if you're working on a banking app they also have a great HSM service that I think you will find valuable. I personally have no problem with AWS "lock-in", I value my time and peace of mind. You might want to check this out https://aws.amazon.com/security/
This may have a simple solution that I'm just not seeing, but Android apps can be decompiled, so people can extract your OAuth key and secret from your code. What is the best way to prevent this?
All depends on your architecture. May be the best solution is not to place secret data in apps but better in service/server application. All what can be decompiled will be decompiled. You may only gain time for exctracting data from apps by means of encryption.
Is there a way to live stream a tmux session to web application?
Is there a proper preferred way of doing something like this to be shared with other developers online who don't have access to a console.
This is probably a little overkill, but seems like it would solve your problem:
http://liftoffsoftware.com/Products/GateOne
I have recently started playing around with iOS development and have got most of the basics down. I would however like to know about some best practices and what you guys think is the best in coding practice and application architecture.
What I have in mind is a simple application that gets information from a web server, displays the data to the user, and allows the user to edit the data which must then be updated on the web server.
What I would like to know is:
1) What type of web server / architecture is best suited for something like this? For example, data passing / updating similar to something like the facebook or twitter etc. applications where data is retrieved, potentially updated, and sent back for updating.
2) What type of authentication / security can be built into an application like this? I was thinking something in the line of username / password being stored on the server. Obviously the data should be secure when being transfered.
3) Are there any "free" web servers out there to play around with. I'm not building anything enterprise size, just need somewhere to play. Would the Google App Engine be suitable for something like this? What I have thought up to now is that you would probably need to implement a web service or something. Is this correct? Or are there better ways?
4) Are there any good tutorials around? I have started looking at the ones in the apple.com developer center, but I would like to get other people's point of views too.
I realise these are not really programming questions, but I would appreciate any insight that some more experienced iOS developers have. I would like to get the best practices down by incorporating the above into an app.
Thanks!
This doesn't sound like you need an iOS app, more like just a browser based app that works on the iPhone. If you need features like the GPS, Camera, Gyroscope, taking offline things that are native to the phone, then yes build it on iOS.
But if it's a simple web application that performs the operations you mentioned, then you can look at building a mobile web application. The nice thing is that it will work across iPhone, Droid, WiMo 7, really anything that can host a browser.
1) You can pick almost anything you're comfortable with. I program in both ASP.NET and Python for web apps. Personally, I'm building a web app on Django with Python. It's cheap (free) and there are lots of resources for learning as well as an active community.
2) Security is a rather large topic, there are many things beyond authentication and authorization, like cross-site scripting, sql injection, etc that need to be taken into consideration. Django has some things that help with this. But at the simplest you can secure your site with SSL encryption when performing authentication. You should also consider OpenID as an alternative for authentication, like how StackOverflow gives you the option.
3) I do all my "play" on my macbook pro or pc at home. You can do all of this for free on your own machine, and when you're ready to deploy pick a host, like Amazon or something like Media Temple.