Not too long ago I had written a tutorial titled, U2F Authentication with a YubiKey Using Node.js and jQuery, which demonstrated how to use hardware keys as a means of universal two-factor (U2F) authentication. However, I had left some things to be desired in that previous post. For example, the previous tutorial did not use proper session management with Express.js and it used jQuery, which is neat, but by no means is as popular as some of the other web frameworks that currently exist.Read More
A long time ago when I had been exploring session management in Node.js, I had written a tutorial titled, Session Management in Your Express.js Web Application. This was a basic tutorial that is still very functional today, however little things have changed since then when it comes to how the web works. For example, in 2015 HTTPS was never a requirement and we weren’t exposed to all the frontend web frameworks that exist today.
When you start introducing things into your web applications such as HTTPS or micro-services that operate on different origins or ports, or frontend frameworks, session management can get a little more complicated. We’re going to see how to maintain a session for a user using Node.js with Express.js on our backend and Vue.js on our frontend, in this tutorial.Read More
I recently picked up a Yubico U2F hardware key and thought I’d try to create a web application that was protected with two-factor hardware-based authentication. Things were going smooth until I realized that it is mandatory to be using HTTPS within your application, even when testing locally. HTTPS is common, but I’d never actually set it up with Node.js because I had always been using services like Cloudflare that configure it for you. The problem is that these services are for live domain names, not necessarily localhost.
While we’re not going to explore U2F hardware keys in this tutorial, we’re going to take a look at creating and installing a self-signed certificate for use in Node.js within macOS.Read More
Because of popular request, I decided to make my entire WordPress blog secured behind an HTTPS connection. In addition to requests, I also read that search engines such as Google reward site owners that have complete sites behind HTTPS.
In a previous post I made, I explained how to generate and install an SSL certificate to an Apache web server, but things are a little different in terms of WordPress.Read More
When you have a website that transmits information from a user to your server it is very important to encrypt it. The last thing you want is someones password being sniffed by a malicious user when they register or sign in. By using Secure Socket Layer (SSL), data is encrypted between client and server preventing any malicious users from sniffing your password in plain text.
The following will help you install an SSL certificate to one of your Apache web server virtual hosts.Read More