This talk explores the challenges of the existing Web identity solutions and introduce the choices that were made during the development of Persona (formerly BrowserID), a new Open Source federated identity solution from Mozilla, designed and built to respect user privacy.
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...Francois Marier
This talk explores the challenges of the existing Web identity solutions and introduce the choices that were made during the development of Persona (formerly BrowserID), a new Open Source federated identity solution from Mozilla, designed and built to respect user privacy.
The Web beyond "usernames & passwords" (OSDC12)Francois Marier
Identity systems on the Web are a bit of a mess. Surely in 2012, we would have something else than usernames and passwords for logging into websites. A solution that doesn't require trusting a central authority with a privacy policy that can change at a whim.
It turns out that solving the general identity problem is very hard. Some of these solutions require complicated redirections, an overwhelming amount of jargon and lots of verbose XML. The technology has been around for a long time, but implementing it properly (and safely) is often incredibly difficult. It's a lot to ask of the millions of part-time developers out there that are building sites out of some quick HTML, a MySQL database and some PHP Code samples.
This talk will explore the challenges of the existing Web identity solutions and introduce the choices that we made during the development of Persona, a new Open Source federated identity solution from Mozilla, designed and built to respect user privacy.
Persona is a new cross-browser login and identity system for the web that is pragmatic, federated, and serves the user.
Unlike other popular solutions, it puts a strong emphasis on privacy protection and makes your browser the trusted intermediary. Developed by Mozilla, it is based on the simple idea of users demonstrating ownership of their email address (with a generous serving of crypto magic under the hood).
Video: https://www.youtube.com/watch?v=T6Iu7KgiC0A or https://www.youtube.com/watch?v=iZBTc7iEkQY
Hacking Your Way To Better Security - Dutch PHP Conference 2016Colin O'Dell
The goal of this talk is to educate developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, session hijacking, and insecure direct object references. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. Once we've established an understanding of how these attacks work, we'll look at concrete steps you can take to secure web applications against such vulnerabilities. The knowledge gained from this talk can also be used for participating in "Capture the Flag" security competitions.
PhoneGap: Local Storage
This presentation has been developed in the context of the Mobile Applications Development course, DISIM, University of L'Aquila (Italy), Spring 2013.
http://www.ivanomalavolta.com
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
This document contains code snippets related to implementing WSSE authentication in Symfony. It includes code for a WSSE token, listener, authentication manager/provider, and factory class. The token holds user details extracted from the HTTP header. The listener extracts credentials from the header and passes them to the manager. The manager authenticates by validating the credentials against the user provider. The factory registers these classes with the security component. The document also mentions voters and ACL as other Symfony security topics.
This document discusses the principle of separation of concerns in software engineering. It provides an overview of separation of concerns and how it relates to breaking programs into distinct and separate areas of responsibility. The document then provides several examples of how to apply separation of concerns through different techniques like horizontal separation by layer (presentation, business, data), vertical separation by module, aspect-oriented programming for cross-cutting concerns, and dependency inversion. The benefits highlighted include increased reusability, maintainability, code quality, and understandability of the application.
The document contains Python code to create and manage a chatbot on the LINE Works messaging platform. It includes functions to register a bot, add it to a chat room, send messages, and remove the bot. The code obtains an API token, registers a bot with a title and description, creates a chat room with the bot and some user accounts, sends a test message to the room, and then removes the bot.
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...Francois Marier
This talk explores the challenges of the existing Web identity solutions and introduce the choices that were made during the development of Persona (formerly BrowserID), a new Open Source federated identity solution from Mozilla, designed and built to respect user privacy.
The Web beyond "usernames & passwords" (OSDC12)Francois Marier
Identity systems on the Web are a bit of a mess. Surely in 2012, we would have something else than usernames and passwords for logging into websites. A solution that doesn't require trusting a central authority with a privacy policy that can change at a whim.
It turns out that solving the general identity problem is very hard. Some of these solutions require complicated redirections, an overwhelming amount of jargon and lots of verbose XML. The technology has been around for a long time, but implementing it properly (and safely) is often incredibly difficult. It's a lot to ask of the millions of part-time developers out there that are building sites out of some quick HTML, a MySQL database and some PHP Code samples.
This talk will explore the challenges of the existing Web identity solutions and introduce the choices that we made during the development of Persona, a new Open Source federated identity solution from Mozilla, designed and built to respect user privacy.
Persona is a new cross-browser login and identity system for the web that is pragmatic, federated, and serves the user.
Unlike other popular solutions, it puts a strong emphasis on privacy protection and makes your browser the trusted intermediary. Developed by Mozilla, it is based on the simple idea of users demonstrating ownership of their email address (with a generous serving of crypto magic under the hood).
Video: https://www.youtube.com/watch?v=T6Iu7KgiC0A or https://www.youtube.com/watch?v=iZBTc7iEkQY
Hacking Your Way To Better Security - Dutch PHP Conference 2016Colin O'Dell
The goal of this talk is to educate developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, session hijacking, and insecure direct object references. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. Once we've established an understanding of how these attacks work, we'll look at concrete steps you can take to secure web applications against such vulnerabilities. The knowledge gained from this talk can also be used for participating in "Capture the Flag" security competitions.
PhoneGap: Local Storage
This presentation has been developed in the context of the Mobile Applications Development course, DISIM, University of L'Aquila (Italy), Spring 2013.
http://www.ivanomalavolta.com
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
This document contains code snippets related to implementing WSSE authentication in Symfony. It includes code for a WSSE token, listener, authentication manager/provider, and factory class. The token holds user details extracted from the HTTP header. The listener extracts credentials from the header and passes them to the manager. The manager authenticates by validating the credentials against the user provider. The factory registers these classes with the security component. The document also mentions voters and ACL as other Symfony security topics.
This document discusses the principle of separation of concerns in software engineering. It provides an overview of separation of concerns and how it relates to breaking programs into distinct and separate areas of responsibility. The document then provides several examples of how to apply separation of concerns through different techniques like horizontal separation by layer (presentation, business, data), vertical separation by module, aspect-oriented programming for cross-cutting concerns, and dependency inversion. The benefits highlighted include increased reusability, maintainability, code quality, and understandability of the application.
The document contains Python code to create and manage a chatbot on the LINE Works messaging platform. It includes functions to register a bot, add it to a chat room, send messages, and remove the bot. The code obtains an API token, registers a bot with a title and description, creates a chat room with the bot and some user accounts, sends a test message to the room, and then removes the bot.
The document discusses jQuery, a JavaScript library that makes DOM scripting and Ajax requests easier. It provides functions to select elements, handle events, animate elements and load JSON data. Some key features include CSS selector syntax, DOM manipulation methods, event handling and Ajax functions. The document also covers plugins, effects, and utilities included in jQuery.
The document provides an overview of the Symfony Form component, including basic usage, validation, custom form types, events, data transformers, form type extensions, and rendering. It demonstrates how to create and handle forms, add validation, dynamically modify forms using events, transform data between representations, extend existing form types, and customize form rendering.
By the sum of PHPUnit assertion power and Symfony2 functional testing tools the developer can obtain a deep control on the developed application.
Here you can find some suggestions on how to leverage that power.
We, as developers, often think that we don’t have to or don’t need to know what are what they call design patterns. We think that we already know how to build a software and don’t need all this theory. Years after years, by having to deal with the low maintainability of my own codebases, I explored a lot of ways of decoupling applications, in order to have enterprise-grade software that last for years. With concrete examples, I want to share with you some design patterns and how they can help you to grow well structured and decoupled applications.
This document provides instructions for setting up a Django development environment, including creating a Django project and application. It discusses installing virtualenv and Django, creating a project structure with manage.py, settings.py and urls.py files, setting up a SQLite database, creating models, forms and views for a TODO application, adding templates, and enabling the admin interface. The steps allow a user to build a basic TODO list application with Django to learn its core functionality and development process.
Design Patterns avec PHP 5.3, Symfony et PimpleHugo Hamon
Cette conférence présente deux grands motifs de conception : l'observateur et l'injection de dépendance. Ce sujet allie à la fois théorie et pratique. Le composant autonome EventDispatcher de Symfony ainsi que le conteneur d'injection de dépendance Pimple sont mis à l'honneur avec des exemples pratiques d'usage. Ces cas pratiques combinent du code de l'ORM Propel ainsi que le composant autonome Zend\Search\Lucene du Zend Framework 2
This document provides examples of using various sqlsrv PHP functions including sqlsrv_begin_transaction(), sqlsrv_cancel(), sqlsrv_client_info(), sqlsrv_close(), and sqlsrv_commit(). The examples show connecting to a SQL Server database, executing queries within transactions, retrieving client information, closing connections, and committing or rolling back transactions based on query results.
This document summarizes the history of PHP persistence from 1995 to present day. It begins with early file handling in PHP/FI in 1995 and the introduction of database support. It then discusses the evolution of code reusability through functions and classes. Professional abstraction layers like PEAR and later ORM frameworks provided more robust and standardized APIs. NoSQL databases and drivers were later incorporated, moving beyond relational databases. Current frameworks provide object document mapping for non-SQL databases like MongoDB.
This document provides a cheat sheet for Emmet syntax and abbreviations for generating HTML and CSS code. It includes abbreviations for common HTML elements and attributes as well as CSS properties. Some examples of Emmet syntax include nav>ul>li to generate a nav element containing an unordered list with a list item, and + to create sibling elements. CSS abbreviations use fuzzy search to find property names, like ov:h to generate overflow:hidden. Prefixing with - adds vendor prefixes, so -border-radius becomes -webkit-border-radius.
This session introduces most well known design patterns to build PHP classes and objects that need to store and fetch data from a relational databases. The session will describe the difference between of the Active Record, the Table and Row Data Gateway and the Data Mapper pattern. We will also examine some technical advantages and drawbacks of these implementations. This talk will expose some of the best PHP tools, which ease database interactions and are built on top of these patterns.
The document discusses jQuery features including:
- The end() command which can be used to traverse back through filtered elements.
- Computed values which allow setting CSS properties with a callback function.
- The map() utility which can be used to project arrays and array-like objects.
- Custom events which allow decoupling code by triggering named events.
- Deferred objects which provide a cleaner way to handle asynchronous callbacks and queues.
Talk I gave at Maceió DEV Meetup #6. Not only about Command Bus/Command Interface or whatever you name it, but a compilation of cool articles I found only that may help with understanding this architecture.
The magic of jQuery's CSS-based selection makes it easy to think about our code in terms of the DOM, and sometimes that approach is exactly right. Other times, though, what we're trying to accomplish is only tangentially related to our nodes, and opting for an approach where we think in terms of functionality -- not how that functionality is manifested on our page -- can pay big dividends in terms of flexibility. In this talk, we'll look at a small sample application where the DOM takes a back seat to functionality-focused modules, and see how the approach can change the way we write and organize our code.
This document provides instructions for creating a desktop-like web application interface using Ext JS and CodeIgniter. It includes steps to set up the database and models, configure views and controllers, and write JavaScript code to display and interact with phonebook data using grids, forms, and other Ext JS widgets. The application allows getting, inserting, updating and deleting phonebook records by making AJAX calls to CodeIgniter controllers from the Ext JS application.
The document discusses Yahoo's Application Platform and Open Mail services. It provides examples of using the Yahoo Application Platform (YAP), OpenID, OAuth, SDKs and REST APIs to develop applications. It also provides examples of using OpenSocial to fetch and insert user data and activities. Finally, it discusses Open Mail and enhancing the email experience through contextual plugins.
Presentation made at GTA meetup in 2012-02-07.
Object Calisthenics is a set of exercise rules to reach better code, maintainable, testable and readable.
Silex is a brand new PHP 5.3 micro framework built on top of the Symfony2 de decoupled components. In this session, we will discover how to build and deploy powerful REST web services with such a micro framework and its embedded tools.
The first part of this talk will introduce the basics of the REST architecture. We fill focus on the main concepts of REST like HTTP methods, URIs and open formats like XML and JSON.
Then, we will discover how to deploy REST services using most of interesting Silex tools like database abstraction layer, template engine and input validation. We will also look at unit and functional testing frameworks with PHPUnit and HTTP caching with Edge Side Includes and Varnish support to improve performances.
This document shows how to use the Eden PHP SDK to connect a PHP application to Facebook and perform various actions including authenticating a user, retrieving profile data, creating posts, events, and links. It demonstrates initializing objects for authentication, the graph API, posts, events, links, FQL and more. Sessions and GET parameters are used to handle the authentication flow.
This document discusses migrating from Symfony 1 to Symfony 2. It covers key differences like Symfony 2's use of the Dependency Injection Container and lack of sfContext. It provides examples of implementing models, controllers and views in Symfony 2. Recommended bundles for common Symfony 1 features are also mentioned, along with caching and the HTTP layer.
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
Passwords are a big problem online and a lot of websites have turned to centralized services to handle logins for them. It's a disturbing trend from a privacy/surveillance point of view, but from a software freedom point of view, it's also turning these proprietary services into core dependencies.
That's why Mozilla is building Persona, a new federated and cross-browser system which makes identity a standard part of the browser. It's simple, privacy-sensitive and entirely free software.
Persona: in your browsers, killing your passwordsFrancois Marier
Introduction to Persona, a new cross-browser login system for the web that's built entirely in Javascript. Powered by node.js on the backend, it pushes most of the crypto to the browser in order to create a secure and privacy-sensitive experience.
The document discusses jQuery, a JavaScript library that makes DOM scripting and Ajax requests easier. It provides functions to select elements, handle events, animate elements and load JSON data. Some key features include CSS selector syntax, DOM manipulation methods, event handling and Ajax functions. The document also covers plugins, effects, and utilities included in jQuery.
The document provides an overview of the Symfony Form component, including basic usage, validation, custom form types, events, data transformers, form type extensions, and rendering. It demonstrates how to create and handle forms, add validation, dynamically modify forms using events, transform data between representations, extend existing form types, and customize form rendering.
By the sum of PHPUnit assertion power and Symfony2 functional testing tools the developer can obtain a deep control on the developed application.
Here you can find some suggestions on how to leverage that power.
We, as developers, often think that we don’t have to or don’t need to know what are what they call design patterns. We think that we already know how to build a software and don’t need all this theory. Years after years, by having to deal with the low maintainability of my own codebases, I explored a lot of ways of decoupling applications, in order to have enterprise-grade software that last for years. With concrete examples, I want to share with you some design patterns and how they can help you to grow well structured and decoupled applications.
This document provides instructions for setting up a Django development environment, including creating a Django project and application. It discusses installing virtualenv and Django, creating a project structure with manage.py, settings.py and urls.py files, setting up a SQLite database, creating models, forms and views for a TODO application, adding templates, and enabling the admin interface. The steps allow a user to build a basic TODO list application with Django to learn its core functionality and development process.
Design Patterns avec PHP 5.3, Symfony et PimpleHugo Hamon
Cette conférence présente deux grands motifs de conception : l'observateur et l'injection de dépendance. Ce sujet allie à la fois théorie et pratique. Le composant autonome EventDispatcher de Symfony ainsi que le conteneur d'injection de dépendance Pimple sont mis à l'honneur avec des exemples pratiques d'usage. Ces cas pratiques combinent du code de l'ORM Propel ainsi que le composant autonome Zend\Search\Lucene du Zend Framework 2
This document provides examples of using various sqlsrv PHP functions including sqlsrv_begin_transaction(), sqlsrv_cancel(), sqlsrv_client_info(), sqlsrv_close(), and sqlsrv_commit(). The examples show connecting to a SQL Server database, executing queries within transactions, retrieving client information, closing connections, and committing or rolling back transactions based on query results.
This document summarizes the history of PHP persistence from 1995 to present day. It begins with early file handling in PHP/FI in 1995 and the introduction of database support. It then discusses the evolution of code reusability through functions and classes. Professional abstraction layers like PEAR and later ORM frameworks provided more robust and standardized APIs. NoSQL databases and drivers were later incorporated, moving beyond relational databases. Current frameworks provide object document mapping for non-SQL databases like MongoDB.
This document provides a cheat sheet for Emmet syntax and abbreviations for generating HTML and CSS code. It includes abbreviations for common HTML elements and attributes as well as CSS properties. Some examples of Emmet syntax include nav>ul>li to generate a nav element containing an unordered list with a list item, and + to create sibling elements. CSS abbreviations use fuzzy search to find property names, like ov:h to generate overflow:hidden. Prefixing with - adds vendor prefixes, so -border-radius becomes -webkit-border-radius.
This session introduces most well known design patterns to build PHP classes and objects that need to store and fetch data from a relational databases. The session will describe the difference between of the Active Record, the Table and Row Data Gateway and the Data Mapper pattern. We will also examine some technical advantages and drawbacks of these implementations. This talk will expose some of the best PHP tools, which ease database interactions and are built on top of these patterns.
The document discusses jQuery features including:
- The end() command which can be used to traverse back through filtered elements.
- Computed values which allow setting CSS properties with a callback function.
- The map() utility which can be used to project arrays and array-like objects.
- Custom events which allow decoupling code by triggering named events.
- Deferred objects which provide a cleaner way to handle asynchronous callbacks and queues.
Talk I gave at Maceió DEV Meetup #6. Not only about Command Bus/Command Interface or whatever you name it, but a compilation of cool articles I found only that may help with understanding this architecture.
The magic of jQuery's CSS-based selection makes it easy to think about our code in terms of the DOM, and sometimes that approach is exactly right. Other times, though, what we're trying to accomplish is only tangentially related to our nodes, and opting for an approach where we think in terms of functionality -- not how that functionality is manifested on our page -- can pay big dividends in terms of flexibility. In this talk, we'll look at a small sample application where the DOM takes a back seat to functionality-focused modules, and see how the approach can change the way we write and organize our code.
This document provides instructions for creating a desktop-like web application interface using Ext JS and CodeIgniter. It includes steps to set up the database and models, configure views and controllers, and write JavaScript code to display and interact with phonebook data using grids, forms, and other Ext JS widgets. The application allows getting, inserting, updating and deleting phonebook records by making AJAX calls to CodeIgniter controllers from the Ext JS application.
The document discusses Yahoo's Application Platform and Open Mail services. It provides examples of using the Yahoo Application Platform (YAP), OpenID, OAuth, SDKs and REST APIs to develop applications. It also provides examples of using OpenSocial to fetch and insert user data and activities. Finally, it discusses Open Mail and enhancing the email experience through contextual plugins.
Presentation made at GTA meetup in 2012-02-07.
Object Calisthenics is a set of exercise rules to reach better code, maintainable, testable and readable.
Silex is a brand new PHP 5.3 micro framework built on top of the Symfony2 de decoupled components. In this session, we will discover how to build and deploy powerful REST web services with such a micro framework and its embedded tools.
The first part of this talk will introduce the basics of the REST architecture. We fill focus on the main concepts of REST like HTTP methods, URIs and open formats like XML and JSON.
Then, we will discover how to deploy REST services using most of interesting Silex tools like database abstraction layer, template engine and input validation. We will also look at unit and functional testing frameworks with PHPUnit and HTTP caching with Edge Side Includes and Varnish support to improve performances.
This document shows how to use the Eden PHP SDK to connect a PHP application to Facebook and perform various actions including authenticating a user, retrieving profile data, creating posts, events, and links. It demonstrates initializing objects for authentication, the graph API, posts, events, links, FQL and more. Sessions and GET parameters are used to handle the authentication flow.
This document discusses migrating from Symfony 1 to Symfony 2. It covers key differences like Symfony 2's use of the Dependency Injection Container and lack of sfContext. It provides examples of implementing models, controllers and views in Symfony 2. Recommended bundles for common Symfony 1 features are also mentioned, along with caching and the HTTP layer.
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
Passwords are a big problem online and a lot of websites have turned to centralized services to handle logins for them. It's a disturbing trend from a privacy/surveillance point of view, but from a software freedom point of view, it's also turning these proprietary services into core dependencies.
That's why Mozilla is building Persona, a new federated and cross-browser system which makes identity a standard part of the browser. It's simple, privacy-sensitive and entirely free software.
Persona: in your browsers, killing your passwordsFrancois Marier
Introduction to Persona, a new cross-browser login system for the web that's built entirely in Javascript. Powered by node.js on the backend, it pushes most of the crypto to the browser in order to create a secure and privacy-sensitive experience.
This document discusses mashing up JavaScript applications. It covers topics like CORS and OAuth2 for API access, using local storage to store access tokens, templates with Mustache.js, and implementing real-time updates using WebSockets, ActivityStreams, and PubSubHubbub. Code examples are provided for building a JavaScript client that retrieves data from an API using OAuth2 authorization, renders content with templates, and allows posting new entries.
Mashing up JavaScript – Advanced Techniques for modern Web AppsBastian Hofmann
This document discusses advanced JavaScript techniques for building modern web applications. It covers topics like JavaScript apps, CORS and OAuth2 for API access, local storage, templates with Mustache.js, and real-time updates using WebSockets, PubSubHubbub and ActivityStreams. The document provides code examples for implementing OAuth2 login flows, making API requests, storing access tokens, and rendering data with templates. It also demonstrates a sample app that retrieves a feed and allows posting new entries.
The document discusses the beauty of JavaScript and its many features. It covers how JavaScript offers classless object-oriented programming and functional programming. It also discusses how JavaScript can run on both the client-side and server-side. The document provides examples of JavaScript syntax like variables, functions, objects, prototypes and more to demonstrate JavaScript's capabilities. It emphasizes that libraries help create abstractions and beautiful patterns in JavaScript code.
Come to this talk prepared to learn about the Doctrine PHP open source project. The Doctrine project has been around for over a decade and has evolved from database abstraction software that dates back to the PEAR days. The packages provided by the Doctrine project have been downloaded almost 500 million times from packagist. In this talk we will take you through how to get started with Doctrine and how to take advantage of some of the more advanced features.
The document discusses the beauty of JavaScript and its many features. It covers how JavaScript offers classless object-oriented programming and functional programming. It also discusses how JavaScript can run on both the client-side and server-side. The document provides examples of JavaScript syntax like variables, functions, objects, inheritance through prototypes, and AJAX requests. It emphasizes how libraries help create abstractions and beautiful patterns in JavaScript code.
Versão com GIFs:
https://docs.google.com/presentation/d/17M-jHlkAP5KPfQ4_Alck_wIsN2gK3dZNGfJR9Bi1L50/present
Códigos para instalação das dependências:
https://github.com/fdaciuk/talks/tree/master/2015/wordcamp-sao-paulo
The document discusses various topics related to implementing authentication and authorization in LoopBack applications. It covers setting up SSL, configuring OAuth2, adding third-party login support using Passport strategies, defining roles and ACLs, and deploying LoopBack apps for microservices and hyper-scale.
The document describes a login system using CodeIgniter sessions. It defines a LoginController with methods for login, logout, and welcome views. The login method loads a login view with a form submitting to the check method. The check method validates the username and password and sets a session on success, loading the welcome view. The logout method unsets the session and redirects to login. The welcome method loads if a session exists, otherwise redirects to logout.
What should you test with your unit tests? Some people will say that unit behaviour is best tested through it's outcomes. But what if communication between units itself is more important than the results of it? This session will introduce you to two different ways of unit-testing and show you a way to assert your object behaviours through their communications.
There are so many interesting ways to authenticate a user: via an API token, social login, a traditional HTML form or anything else you can dream up. But until now, creating a custom authentication system in Symfony has meant a lot of files and a lot of complexity. Introducing Guard: a simple, but expandable authentication system built on top of the security component and introduced in Symfony 2.8. Want to authenticate via an API token? Great - that's just one class. Social login? Easy! Have some crazy legacy central authentication system? In this talk, we'll show you how you'd implement any of these in your application today. Don't get me wrong - you'll still need to do some work. But finally, the path will be clear and joyful.
This document contains code for a class called "access" that handles user authentication. The class constructor loads necessary helpers and models. The login method takes a username and password, verifies it against the database, and sets a session if correct. The is_login method checks if a user is logged in by checking the session. The logout method removes the session to log the user out.
This presentation emphasis on How to connect a Play Application with Mysql as database in Scala.Play includes a simple data access layer called Anorm that uses plain SQL to interact with the database and provides an API to parse and transform the resulting datasets.
This document summarizes jQuery secrets presented by Bastian Feder. It discusses utilities like jQuery.data() and jQuery.removeData() for saving and removing state on DOM elements. It also covers AJAX settings, events, extending jQuery, and jQuery plugins. The presentation provides code examples for working with data, events, namespaces, AJAX, and extending jQuery functionality.
This document discusses various jQuery secrets including:
1. Utilities for saving and removing state from DOM elements using jQuery.data() and jQuery.removeData().
2. Hidden events like getData, setData, and changeData that are emitted when data is read, set, or changed on an element.
3. Extending jQuery with custom functions, properties, and AJAX shortcuts.
4. Binding custom events and namespaces, self-defined animation speeds, and extending jQuery plugins.
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreRyan Weaver
There are so many interesting ways to authenticate a user: via an API token, social login, a traditional HTML form or anything else you can dream up.
But until now, creating a custom authentication system in Symfony has meant a lot of files and a lot of complexity.
Introducing Guard: a simple, but expandable authentication system built on top of Symfony's security component. Want to authenticate via an API token? Great - that's just one class. Social login? Easy! Have some crazy legacy central authentication system? In this talk, we'll show you how you'd implement any of these in your application today.
Don't get me wrong - you'll still need to do some work. But finally, the path will be clear and joyful.
"KISS: Keep It Simple Security" talks about the security issues when dealing with Symfony development and how to make sure your project is safe.
Presented by Oleg Zinchenko at Symfony Cafe Kyiv meeting.
"KISS: Keep It Simple Security" talks about the security issues when dealing with Symfony development and how to make sure your project is safe.
Presented by Oleg Zinchenko at Symfony Cafe Kyiv meeting.
Similar to Building Persona: federated and privacy-sensitive identity for the Web (Open Source Days 2013) (20)
Security and Privacy settings for Firefox Power UsersFrancois Marier
Web browsers have a difficult job to do: they need to perform remote code execution from untrusted locations in the presence of user data. In other words, they need to display websites that people use to share their information.
There is a constant struggle between making the web more secure and breaking existing websites that rely on the historically lax defaults. We are working hard to raise the bar, but are also making powerful new features available to the Firefox power users.
This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite "user agent".
https://www.linuxfestnorthwest.org/2017/sessions/security-and-privacy-settings-firefox-power-users
Getting Browsers to Improve the Security of Your WebappFrancois Marier
The document discusses various browser security mechanisms that can help improve the security of web applications. It describes mechanisms like subresource integrity, which prevents tampering of external assets; referrer policy and noopener, which help prevent information leaks; and Content Security Policy, which helps prevent cross-site scripting attacks. It also discusses using HTTPS, HTTP-only and secure cookies, sandboxed iframes, and HTTP Strict Transport Security to further enhance security. The document provides explanations and examples of how to implement many of these browser-enforced security mechanisms.
The Web can be a hostile place, full of deceptive and malicious sites trying to install software on your computer or steal your personal information. However, you have a friend on your side: your user agent (also called your web browser).
This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. While we at Mozilla strive to bring these features to all of our users, the reality is that it's sometimes challenging to balance the need for maximum web compatibility and standards compliance with the desire to phase out harmful practices. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite user agent.
https://osem.seagl.org/conference/seagl2016/program/proposal/188
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity).
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking.
This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser.
https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016
Surveillance is a growing concern in Europe, and Mozilla believes that privacy and security should be treated as fundamental and not optional in the browsing experience. That's why Firefox has introduced new features for tracking protection and private browsing. Do not track is not only a way to navigate the web, it might also become part of a new privacy law in the EU. We will discuss how this has been implemented in the newest version of Firefox, next steps, and why it's important to have transparency and control in our online experiences.
https://fosdem.org/2016/schedule/event/mozilla_privacy_tracking_protection_firefox/
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages.
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications.
https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en
Integrity protection for third-party JavaScriptFrancois Marier
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere.
This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.
The document describes the steps involved in resolving a URL to an IP address and retrieving a webpage. It involves:
1. The browser sends a DNS query to resolve the domain name to an IP address, going through a hierarchy of DNS servers starting from the root servers down to the authoritative name servers.
2. Once the IP address is obtained, the browser uses TCP to establish a connection and sends an HTTP request to the web server at that IP address.
3. The web server responds with the HTML content which the browser then parses and renders to display the webpage. Traceroute commands are shown to trace the path packets take from the local network to the destination server.
Integrity protection for third-party JavaScriptFrancois Marier
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere.
This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature.
Supporting Debian machines for friends and familyFrancois Marier
This document summarizes François Marier's notes and tricks for supporting Debian machines for friends and family. It discusses hardware issues, keeping packages updated, system monitoring, safety practices, security measures, enabling remote access, backups, and ways to "give back" to the Debian community. The goal is providing an enjoyable computing experience while using free software and without using up too much spare time.
Outsourcing your webapp maintenance to DebianFrancois Marier
Today's web applications often have a lot of external dependencies. Start off with a basic framework, sprinkle a couple of handy modules and finish with a generous serving of JavaScript front-end libraries.
What you end up is a gigantic mess of code from different sources which follow very different release schedules and policies. Language-specific package managers can automate much of the dependency resolution and package installation, but you're on your own in terms of integration and quality assurance. Also, the minute you start distributing someone else's code with your project, you become responsible for the security of that third-party code.
We moved away from statically-linked C/C++ programs a long time ago and now (mostly) live in a nicely-packaged shared library world. Can we leverage the power of Debian (i.e. the great work of the package maintainers and security team) to similarly reduce the burden of those who end up having to maintain our webapps?
This talk will examine the decision that the Libravatar project made to outsource much of its maintenance burden to Debian by using system packages for almost everything.
https://summit.debconf.org/debconf14/meeting/16/outsourcing-your-webapp-maintenance-to-debian/
Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites.
This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy.
We may not be able to get rid of all passwords, after all, you probably don’t want to be subjected to a fingerprint check before leaving a comment on someone’s blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that’s under the control of users, not a for-profit gatekeeper.
It’s just four easy steps to add it to your Ruby site/app from scratch and there are already plugins for Devise, Omniauth, Rails, Sinatra, and Warden.
This document summarizes François Marier's presentation on easy logins for JavaScript web applications using Persona. It discusses some of the problems with traditional password-based logins, such as passwords being hard to secure and remember. It then introduces Persona as a solution that allows users to log in to websites using their email address, without needing to manage individual passwords. The document provides an overview of how Persona works and how developers can implement it with just a few steps. It highlights the benefits of Persona being decentralized, simple for users, and easy for developers to add to websites and applications.
A few people like to say that passwords are dead, but the reality is far from it. First of all, we can't get rid of passwords entirely, because the alternatives all suck: physical tokens are easy to lose and retina scans are pretty creepy. What we should focus on is eliminating site-specific passwords.
Mozilla Persona was introduced at OSDC last year, but a number of new things have been added to it since. But more importantly, it's still the best shot we have at a decentralized web-wide identity system that works for average users and doesn't violate their privacy.
So I'm back to show you what's new and to talk about what organizations can gain from adding native support on their domain. It's time to solve the password problem on the web.
François Marier discusses killing passwords with JavaScript and Persona identity system. Passwords are hard to secure and remember, so Persona aims to create a decentralized, simple, and cross-browser identity system as a standard part of web browsers. It works by using email addresses as identifiers and JavaScript APIs. Persona already has over 700 million users and works on any domain through identity bridging and a fallback. It is a simple solution for developers to add login functionality with just a few steps.
Securing the Web without site-specific passwordsFrancois Marier
Has anyone else noticed that the OWASP Top 10 is not changing very much? Especially in the realm of authentication-related problems. I don't claim to have the one true solution for this, but one thing is certain: if we change how things are done on the web and relieve developers from having to store passwords, we can make things better.
We need to let web developers outsource their authentication needs to people who can do it well. Does that mean we should force all of our users to join Facebook? Well not really. That might work for some sites, but outsourcing all of our logins to a single for-profit company isn't a solution that works for the whole web.
The open web needs a better solution. One that enable users to choose their identity provider and shop for the most secure one if that's what they're into. This is the promise behind Persona and the BrowserID protocol. Choose your email provider carefully and let's get rid of all of these site-specific passwords that are just sitting there waiting to be leaked and cracked.
Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites.
This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy.
We may not be able to get rid of all passwords, after all, you probably don't want to be subjected to a fingerprint check before leaving a comment on someone's blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that's under the control of users, not a for-profit gatekeeper.
It's just four easy steps to add it to your site from scratch and there are already plugins for Drupal, CakePHP, Joomla, SPIP, Symfony2, Wordpress and PHPMyBB.
Persona: a federated and privacy-protecting login system for the whole WebFrancois Marier
1. Mozilla Persona is a proposed decentralized and privacy-protecting login system that uses email addresses as identifiers and aims to replace passwords on the entire web.
2. Passwords are difficult for users to secure and remember, making them problematic as primary login credentials. Persona aims to solve these problems by leveraging existing email identities in a simple and cross-browser compatible way.
3. Developers can easily add support for Persona login to their sites in just a few steps by including a JavaScript library and setting up login/logout callbacks without needing an API key.
The document discusses problems with traditional password-based authentication systems and proposes a decentralized identity system called Persona as a better solution. It outlines the key issues with passwords being hard to secure and remember. It then describes how Persona works by allowing users to log in to websites using their email address, explains how simple it is for developers to integrate, and provides resources for learning more.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
What is an RPA CoE? Session 2 – CoE RolesDianaGray10
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
• What roles are essential?
• What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
132. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again
133. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again
134. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again
135. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again