Collaborate Disseminate
I am creating an app. Users need to both login and sign-up. I want to simplify the form for this process as much as possible. This got me thinking. Instead of doing the traditional email, confirm email, password, and confirm password setup… Continue reading Is it bad practice to exclusively use phone numbers for both the sign-up and login process?
I have an issue where I am using SAML (Sustainsys.Saml2 library) and Username + Password through Auth0. Both these authentication methods are currently not working right because after the user is sent to the SAML/Auth0 authorization pages,… Continue reading User being redirected to Private IP Address instead of staying on the domain/subdomain [closed]
My Dev team creates high-load applications and wants to use Keycloak with OpenID authz. But they are complaining about delays for retrieving permissions from Authz server (Keycloak). So, they decided to define all permissions for each grou… Continue reading Authorization and permissions in backend
I am writing an application to manage volunteers for political campaigns. This is a lot more complicated than any past multi-tenant app I’ve written and so am asking for guidance here on how to approach this.
Note: I’m not asking for opini… Continue reading Using claims to handle programmatic logic determining what is displayed
Let’s say I’m building a system, similar to a very simple ecommerce.
Users can sign up as consumer and start buying products.
Purchases are then stored in the database together with the order status, shipping info, etc.
Now, in order to ma… Continue reading In a system architecture, to what extent an admin user should have access to consumer resources?
In AWS Cognito we could define a role/permissions as a custom attribute in the user pool, but we could have a User table and a caching database and fetch roles each time the user does a request.
Of course, the first approach avoids an unne… Continue reading Is there a problem to store user permissions in the database instead of in a external auth service?
An organisations has multiple service tiers. One of the services in a core tier exposes APIs to the tier above. The core tier services do RBAC, consequently an end customer token is required in order to access their APIs.
There are 2 cat… Continue reading RBAC for system to system access
Authorization layer solution provider Cerbos has raised $7.5 million in an extended seed round led by Omers Ventures.
The post Cerbos Raises $7.5 Million for Authorization Platform appeared first on SecurityWeek.
Continue reading Cerbos Raises $7.5 Million for Authorization Platform
I have hosted a MySQL database server on a VPS to connect to a flask web app on the same VPS. It only has users with host as local ip address. Can it be accessed by anyone else remotely, except me? If so, how can I make it more secure.
I d… Continue reading Can my local MySQL server be accessed without permission
We are developing a system that comprises of
Component A: Client Application
Component B: Gateway API
Component C: Backend Web API providing functionality (will be a set of
microservices C1, C2 etc)
All components are registered applicat… Continue reading Authorizing Access using AD with an API Gateway