The latest articles on Forem by Ankur Goyal (@mrmonk). https://forem.com/mrmonk https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1239154%2F8e44de70-9917-4e77-a0fd-cc8f536648b5.jpg https://forem.com/mrmonk en Ankur Goyal Sat, 01 Jun 2024 16:57:18 +0000 https://forem.com/mrmonk/how-was-your-tech-stack-switching-experience-what-difficulty-you-faced-specially-to-be-java-developer--59a0 https://forem.com/mrmonk/how-was-your-tech-stack-switching-experience-what-difficulty-you-faced-specially-to-be-java-developer--59a0 <p>I know tech industry is rapid changing environment. all though developers love to know and learn about new technology. after getting some experience in their tech stack, I think it must be difficult to chase higher package as well as your favorite tech stack. share some experience or knowledge. I will really be thankful. Can we chase favorite tech stack as well as 2x package? </p> Ankur Goyal Sun, 03 Mar 2024 11:57:27 +0000 https://forem.com/mrmonk/what-if-anyone-steals-your-jwt-41oc https://forem.com/mrmonk/what-if-anyone-steals-your-jwt-41oc <p>Storing JWTs (JSON Web Tokens) in cookies is a common practice, but it comes with security considerations. When storing JWTs in cookies, it's essential to set appropriate security measures to mitigate the risk of token theft. Here are some strategies to enhance security:</p> <h2> HttpOnly Flag: </h2> <p>Set the HttpOnly flag on cookies containing JWTs. This prevents client-side scripts from accessing the cookie, reducing the risk of cross-site scripting (XSS) attacks.</p> <h2> Secure Flag: </h2> <p>Set the Secure flag on cookies to ensure they are only transmitted over HTTPS connections. This prevents interception of cookies in transit over unsecured HTTP connections.</p> <h2> SameSite Attribute: </h2> <p>Set the SameSite attribute on cookies to control when cookies are sent in cross-origin requests. Setting it to "Strict" or "Lax" helps prevent Cross-Site Request Forgery (CSRF) attacks.</p> <h2> Token Expiry: </h2> <p>JWTs should have a relatively short expiration time. This limits the window of opportunity for an attacker to steal and misuse the token.</p> <h2> Token Revocation: </h2> <p>Implement mechanisms for token revocation in case of suspected token compromise. This could involve maintaining a blacklist of revoked tokens or using token rotation techniques.</p> <h2> Additional Security Layers: </h2> <p>Implement additional security measures such as rate limiting, IP filtering, and user-agent verification to protect against token theft and misuse.</p> <p>While storing JWTs in cookies can simplify authentication workflows, it's crucial to implement proper security measures to safeguard against potential vulnerabilities. Additionally, regularly reviewing and updating security practices based on emerging threats and best practices is essential to maintaining a secure authentication system.</p> <p>If you feel there are other ways, Feel free to comment. I would love to discuss on that. </p> javascript jwt security webdev Ankur Goyal Sat, 23 Dec 2023 11:49:57 +0000 https://forem.com/mrmonk/what-can-you-do-only-in-java-2m6h https://forem.com/mrmonk/what-can-you-do-only-in-java-2m6h <p>Hey guys... can you tell me. What can you do only in java, which in not possible in any other language such as python, PHP, JavaScript. </p> java python webdev javascript