|
|
December 12 · Issue #14 · View online
Email digest of dylanninin
|
|
OAuth is an open standard for authorization, commonly used as a way for Internet users to authorize websites or applications to access their information on other websites but without giving them the passwords. – Wikipedia
|
|
|
Authentication - Wikipedia
Authentication is the act of confirming the truth of an attribute of a single piece of data (a datum) claimed true by an entity. In contrast with identification which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing’s identity, authentication is the process of actually confirming that identity. The three factors for a positive authentication are:
- the knowledge factors: Something the user knows. e.g., a password, Partial Password, pass phrase, or personal identification number (PIN), challenge response, Security question
- the ownership factors: Something the user has. e.g., wrist band, ID card, security token, cell phone with built-in hardware token, software token, or cell phone holding a software token
- the inherence factors: Something the user is or does. e.g., fingerprint, retinal pattern, DNA sequence, signature, face, voice, unique bio-electric signals, or other biometric identifier
|
OAuth.com - OAuth 2.0 Servers
Before OAuth, a common pattern for granting access to your account to a third-party application was to simply give it your password and allow it to act as you. This pattern obviously has a number of problems.OAuth 2.0 is the modern standard for securing access to APIs. This is a guide to building OAuth 2.0 APIs, with concrete recommendations based on the majority of the live implementations. A comprehensive guide to build your own OAuth 2.0 API. Following is the content table:
- Background
- Definitions
- OAuth 2.0 Clients: Server-Side/Browser-Based/Mobile & Native Apps
- Client Registration
- Authorization
- Scope
- Redirect URLs
- Access Tokens
- List Authorizations
- Token Introspection Endpoint
- The Resource Server
- Creating Documentation
- Differences Between OAuth 1 and 2
|
OAuth 2.0 筆記 (6) Bearer Token 的使用方法 - Yu-Cheng Chuang’s Blog
實際上,即使有定義這個 Bearer Token ,各大網站的 API 也並非都使用這種 Token ,我看到有明確說明使用 Bearer Token 的像是 Twitter API,其他的要不是非使用 “Bearer” 關鍵字,就是沒有明確指出何種 Token (其實也不需要,因為在那些網站 Token 只有一種用途)。
不過即使如此,對於我打算實作的 API ,我也是準備使用 Bearer Token 的,因為夠 naïve 。如果你跟我一樣沒有自己刻 Token 的能力,就用 Bearer Token 就好了。
注意安全方面的问题和对策,比如提到的:全程使用 TLS(https)、验证 TLS 的信任链、不要把 Bearer Token 存放在 Cookie、颁发短时效性/有使用范围的 Bearer Token 等。 该文作者写了 OAuth 2.0 系列博文(本文中有目录、链接),可以视作上述『OAuth 2.0 Server』的繁体中文版;其中 各大网站 OAuth 2.0 实现差异包含Facebook/Google/Github/豆瓣/微博等,可以一窥现实中的实现案例。
|
|
htop explained | peteris.rocks
For the longest time I did not know what everything meant in htop.I thought that load average 1.0 on my two core machine means that the CPU usage is at 50%. That’s not quite right. And also, why does it say 1.0?I decided to look everything up and document it here.They also say that the best way to learn something is to try to teach it. This long post is trying to cover explanation of everything you can see in htop/top on Linux. It requires a little bit more knowledge of OS, but never give up if you do not have yet. It’s also a very good example to do research by yourself, resolving any doubt, uncertainty or mystery.
|
linux - Why fork() works the way it does - Stack Overflow
So, I have used fork() and I know what it does. As a beginner I was quite afraid of it (and I still don’t understand it fully). The general description of fork() that you can find online is, that it copies the current process and assigns different PID, parent PID and the process will have different address space. All is good, however, given this functionality description a beginner would wonder “Why is this function so important… why would I want to copy my process?”. So I did wonder and eventually I found out that’s how you can call other processes from within your current process by means of the execve() family.
|
|
Tech Deviancy - Demystifying Unix Domain Sockets
Unix domain sockets are sometimes called “local” sockets. This can be misleading as it implies that it has something to do with a loopback adapter. The closest thing to a Unix domain socket would be a pipe. Unix pipes are an integral cornerstone of the OS at large. Analogous to a water pipe with water flowing in one direction, a stream of bytes flows from the write side of a pipe to the read side. A separate open file descriptor maintains a reference to the read and write side of a pipe. The different sides of the pipe can be in different processes or threads as long as they reside on the same local computer.
Even if you never need to directly program UD sockets, they are an important facet of understanding both the Unix security model and the inter-workings of the operating system. For those that do use them, they open up a world of possibilities.
|
|
PostgreSQL User Administration - David Pashley.com
PostgreSQL has a powerful user authentication and access control system, but for a newcomer, it can seem confusing and overwhelming. In this article I hope to explain how to manage user and permissions with ease. A simple guide about the basic concepts and management of PG’s built-in Role-Based Access Control model:
- User
- Group: now is an alias to Role
- Authentication: various access and authentication methods
- Privileges
|
|
Binary Search – topcoder
Binary search is one of the fundamental algorithms in computer science. In order to explore it, we’ll first build up a theoretical backbone, then use that to implement the algorithm properly and avoid those nasty off-by-one errors everyone’s been talking about. 最初在微博上看到的,讲得不错,所以专门推荐: 面了10来个人,算法,可以大概说清楚二分查找原理的人过半,清楚知道复杂度的再减半,只有一个人对所有的算法题都对答如流。我觉得二分查找是必须懂得,因为这包含了最朴素的大问题分解的思路。而且我之前文章也写过,其实你查字典,排错,都可以用二分,它不仅是一个算法,也是一个很重要的思想。 – @tinyfoo
|
Easy way to understand quick sort - Techie Me
This article touches in detail all the aspects of a quicksort algorithm. I tried to write it as simple as possible to make it an easy way to understand quicksort. This is really an interesting algorithm to learn and I have found that most of the students or professionals feel it hard to understand or reproduce in code.
二分查找的前提是已经排好序,在各类排序算法中,快排(即 quicksort) 非常典型,效率也高。
|
|
Speaking JavaScript: An In-Depth Guide for Programmers
A lot of people think JavaScript is simple and in many cases it is. But in its elegant simplicity lies a deeper functionality that if leveraged properly, can produce amazing results. Axel’s ability to distill this into an approachable reference will certainly help both aspiring and experienced developers achieve a better understanding of the language. I’ve read this book in last two weeks, and learned a lot of fundamentals and quirks. Although there are many pitfalls, it seems that there are always some best practices you can follow. As the author writes: In other languages, you learn language features. In JavaScript, you often learn patterns instead.
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|