I am facing problem with Rabbitmq.
i just want to know that how we can enforce encryption at REST over RabbitMQ??
please provide me any proper solution so that i could move forward.
Regards
Vikas
Related
Could someone explain the process to enable authorization in Uber Cadence? I would like a detailed explanation because I'm very confused with this topic and how to solve it.
Thank you in advance
After https://github.com/uber/cadence/issues/2833 , Cadence has a AuthN interface and already plumbed through the system. However, it requires users to implement the interface and then re-compile the binary to use(internally this is how Uber uses it). This is not convenient because users have to make code change.
It's been becoming more frequent asks recently. I open this issue to track the feature. We probably can prioritize it in next quarters.
I'm building a web application in Golang, and at the moment I'm struggling with the authentication/authorization mechanisms.
I want to deploy this app to different platforms (browsers, androids, etc). To achieve this I chosed to use oauth 2.0, namely this lib: https://github.com/golang/oauth2 .
The problem I'm facing is how to achieve this with my own database and users. The lib has a jwt package (https://github.com/golang/oauth2/tree/master/jwt) and also has a package clientcredentials (https://github.com/golang/oauth2/blob/master/clientcredentials/clientcredentials.go) that can be used for 2-legged Oauth 2.0, but I have no idea how to achieve this, and can't find any example showing it. Which package should I use? The token should be set when user sends a POST with its credentials at http://example.domain/login.
Can someone provide me some hints / show me a simple example?
Have you explored solutions such as ory/hydra, which will handle everything OAuth2/OpenID related and let you handle user authentication?
Implementing your own OAuth2 provider is dangerous territory. It only takes one misread RFC and BOOM! Security vulnerability. It's typically better to entrust that responsibility to established security experts or lasting projects as opposed to home-grown remedies.
Of course, this isn't to say that everybody needs to jump onto the hype train and use this cool new software. In fact, I would urge the opposite: if you are a competent security analyst and feel comfortable writing an OAuth2/OpenID Connect implementation, go right ahead! But us normal people who don't want our hair to gray before we are thirty will use existing technologies to our advantage.
I have created an API and I would like to allow other developers to get the information from it. So the idea is to generate and assign API keys to everyone that wants to query our information. With API keys I can limit the daily requests and secure my data.
The thing is, I am concerned about the security aspect of it. Since the API key is going to be sent to our server (via GET/POST etc)?
I am looking for the best solution to handle this problem.
The solution in my mind is to use Asymmetric Cryptography to handle this.
Is it the right way to handle this? If not what is the best way.
Any help will be highly appreciated.
This may seem to be an ingenuous question but I searched for examples without finding anything about it. So, is it a good practice to store authentication data such as usernames and passwords in a neo4j database? I use to embed but I ask for the general case.
Ps. I don't want this to become an opinion-based discussion, I was just wondering whether there are some technical aspects that make this operation not safe or anyway not so good.
You should be fine, as long as you hash and salt your passwords correctly.
And make sure to communicate over an https connection with authentication with the db
or in a trusted network.
You can store authentication data in Neo4j nodes with no issues at all, as long as you properly encrypt the passwords and follow other guidelines. A structure of Nodes and Relationships is a great way to handle complex authentication and authorisation data. This should help -> Neo4j Access Management
I have a WCF REST service. Now the question is how can I secure my REST service so no one can use/call it? and what would be the best way to call it (e.g. using jquery, or from code behind)? the client application is on MVC 3.
please help and advise
Many Thanks
Not sure if you're still looking for a solution. But I used WCFRESTContrib as a basis for my project for the security features, among other things. It's very easy to setup Basic Authentication on the entire service, or on an individual basis for each service method. They have a full description on it here. If you don't decide to use the project, it should at least give you a good understanding on how it works with WCF REST api's.