What is nonce?
A nonce is a value used only once and can take any form, The key is to verify "each operation must be unique"
A nonce is a value used only once and can take any form, The key is to verify "each operation must be unique"
Services often sit behind proxies. How can we reliably get the client IP for auth, auditing, and other source-IP needs? Notes on Gin's trusted proxy practices.
More keys to manage means more to defend; how to prevent users choosing weak keys? Key Derivation Functions (KDFs) address these issues.
AES is the most widely used symmetric cipher—used in HTTPS/TLS, Wi‑Fi, full-disk encryption, and messaging. Understanding AES clarifies modern encryption.
Managing many site passwords is risky. FIDO (Fast IDentity Online) enables passwordless login using fingerprint or face scan.
I found a simple explanatory video: You're Storing Passwords Wrong. Here's The Fix - LearnThatStack, so I will record knowledge related to password storage.
Symmetric encryption uses the same key for encryption and decryption by both parties, posing risks such as key sharing and interception
JWT stands for JSON Web Token, a standard based on RFC 751 that is used to transmit JSON objects between two entities.
Authentication and Authorization are two concepts in access control, representing the questions: Who are you? What are you allowed to do?
CORS (Cross-Origin Resource Sharing) is a mechanism that determines whether a web page can access resources from other origins.
Regardless, one should never easily trust user requests to prevent CSRF. I've recently found my knowledge in this area lacking, so I'm catching up.
The summary is to never easily trust user input to prevent XSS to the greatest extent. Recently, I found my knowledge in this area lacking.