Securing a development server

In this post I talk about setting up and securely operating development tools like Jenkins and Gitlab on a server connected to the internet. All applications run behind a firewall and a reverse HTTP proxy which allows only HTTP requests from selected users through who authenticate themselves with client certificates. Putting web-facing software on the … Continue reading Securing a development server →

Stateless user sessions with encrypted session IDs

When trying to design for stateless services one finds it easy to reduce the information stored in an http session but for one piece: whether the client has authenticated against the server or not. Usually you would implement a proccess for authenticating like this: Client submits credentials (login / password) to the server Server checks … Continue reading Stateless user sessions with encrypted session IDs →