Posts

OAuth 2.0 Using Social Login :Facebook

Image
OAuth 2.0 Framework: Social Login With Facebook Simple definition for OAuth 2.0 framework is that any Standard Web Applications can be Authenticated and Authorized enabling it to  obtain limited access to an HTTP service. Where this happens either of on behalf of the owner who have the resources (Resource Owner) or getting approval of resource owner to get the HTTP Service or making the the third-party app to get the resources. HOW TO USE OAUTH 2.0 FRAMEWORK Initially, the developer should have a base idea of how to create a Facebook application accessing https://developers.facebook.com/ and its related tutorials like Retrieving User Resources from Facebook over the OAuth 2.0 Authorization Code Grant Type For to gain more idea and demonstration purposes, I have implemented two applications, in order gain idea by the developer. To get started with, the resources or files can be downloaded from this following GIT HUB links : https://github.com/suga95/OAuthFBSocia...
Post a Comment
Read more

Double Submit Cookies Pattern

Image
CSRF PROTECTION: DOUBLE SUBMIT COOKIES PATTERN Cross-Site Request Forgery (CSRF) is an attack that enables or forces an user access unwanted websites of web application by accessing unwanted actions, which there users may be authenticated. CSRF attack takes place specially on t arget state-changing requests, such as  transferring funds, changing their email address etc.  Here the attacker may force or trick the user into executing actions of the attacker's choosing of web application. PREVENTION OF CSRF To prevent these kind of attacks, there are most notably two specification of famous techniques, such as Synchronizer Token Pattern Double Submit Cookies Pattern But in this post we are only going to look about Double Submit Cookies Pattern and the way of prevention.  DOUBLE SUBMIT COOKIES PATTERN As regards with synchronizer token pattern, it stores the generated CSRF token value in the server-side and uses that to validate and check if the CSRF token...
Post a Comment
Read more

CSRF PROTECTION: SYNCHRONIZER TOKEN PATTERN

Image
CSRF PROTECTION: SYNCHRONIZER TOKEN PATTERN Cross-Site Request Forgery (CSRF) is an attack that enables or forces an user access unwanted websites of web application by accessing unwanted actions, which there users may be authenticated. CSRF attack takes place specially on t arget state-changing requests, such as  transferring funds, changing their email address etc.  Here the attacker may force or trick the user into executing actions of the attacker's choosing of web application. PREVENTION OF CSRF To prevent these kind of attacks, there are most notably two specification of famous techniques, such as Synchronizer Token Pattern Double Submit Cookies Pattern But in this post we are only going to look about Synchronizer Token Pattern and the way of prevention. In the next chapter, we'll look about Double Submit Cookies Pattern. SYNCHRONIZER TOKEN PATTERN It is a prevention technique, that disables CSRF attacks. More meaningfully, works by embedding ad...
Post a Comment
Read more