Guido Flohr - #Security

Authenticating Access to Private Content Hosted with AWS CloudFront

Wed, 06 Mar 2024 22:00:00 +0000

Setting up a static website, uploading it into an S3 bucket that serves as the origin of a CloudFront distribution is a simple and cheap solution. But what if you want to control access to the content? HTTP basic authentication no longer seems to work and is clumsy and ugly anyways. But signed cookies give you a better solution at hand and it is easy to implement with serverless computing.

How to Use Saved Passwords Everywhere

Mon, 11 Feb 2019 22:00:00 +0000

Some web sites and applications prevent users from using previously saved credentials. There a very few legitimate reasons to do so. In the vast majority of cases, such measures just patronize users, often those people that actually keep up the service with their financial support. But it is actually quite simple to bypass such paranoid settings.

How To Use Google Maps API Keys For Free

Mon, 14 Oct 2019 21:00:00 +0000

The use of a Google API Key can be restricted to a configurable set of host or domain names. But does this protect (ab)use of the key by others? Not really.