Yves – WindowsTechs.com

What is a proper way to prevent parameter tampering and to make parameter secure

Posted on April 12, 2023 by Yves

I’m developing a HTTP web server. I’ve used HTTPS as the protocol between client and server but I know that HTTPS can’t prevent parameter tampering.
As we know, we can set parameters in URL, in HTTP header or in HTTP body. So clients could… Continue reading What is a proper way to prevent parameter tampering and to make parameter secure→

How does RS256 work in a website

Posted on April 7, 2023 by Yves

I’m developing a website and trying to use the algorithm RS256 to generate and verify the signatures of clients (JWT).
Here is how I generate a signature at the client side (I use the Python script to simulate a client):
header = {
&qu… Continue reading How does RS256 work in a website→

Does jwt with asymmetric algorithm have a bad performance?

Posted on February 21, 2023 by Yves

I’m using Envoy as the gateway of my micro-service backend.
Envoy provides me the JWT mechanism, which means that with the help of a public key, Envoy can validate tokens generated with a private key.
It works as expected. However, my coll… Continue reading Does jwt with asymmetric algorithm have a bad performance?→

How does the Certificate Authority work [duplicate]

Posted on February 1, 2018 by Yves

This question already has an answer here:

SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?

2 answers
… Continue reading How does the Certificate Authority work [duplicate]→

eCryptfs: what if I remove ~/.ecryptfs

Posted on February 1, 2018 by Yves

I’m learning how to use eCryptfs: https://wiki.archlinux.org/index.php/ECryptfs

I get things as below from the link:

This is used to derive the actual file encryption master key. Thus,
you should not enter a custom one… Continue reading eCryptfs: what if I remove ~/.ecryptfs→

Why doesn’t Tornado have session

Posted on September 5, 2017 by Yves

I’ve heard that cookies is less secure than the session.
For example, if a web uses a cookie to detect if an user has logged in or not, people can forge a cookie to simulate a false user because he can read the cookie and for… Continue reading Why doesn’t Tornado have session→

GnuPG/KGpg Sign PGP Key – Sign User ID : What is the difference?

Posted on August 14, 2013 by Yves

What is the difference between signing a user ID and a whole Key?
Which behavior is the best as to signing user IDs and Keys? How and when to use "Local signatures" (non-exportable)?
(I was told not to sign any keys except for pe… Continue reading GnuPG/KGpg Sign PGP Key – Sign User ID : What is the difference?→