Skip to content

Instantly share code, notes, and snippets.

View albogdano's full-sized avatar
:octocat:
Working on Scoold.com - the open-source Q&A / knowledge base for your team!

Alex Bogdanovski albogdano

:octocat:
Working on Scoold.com - the open-source Q&A / knowledge base for your team!
74 followers · 310 following
View GitHub Profile
@albogdano
albogdano / gist:9462392
Last active August 29, 2015 13:57 — forked from tankchintan/gist:1335220
# First verify the version of Java being used is not SunJSK.
java -version
# Get the latest Sun Java SDK from Oracle http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
wget http://download.oracle.com/otn-pub/java/jdk/7u51-b13/jdk-7u51-linux-x64.rpm
# Install Java
sudo rpm -i jdk-7u51-linux-x64.rpm
# Check if the default java version is set to sun jdk
@albogdano
albogdano / GenericOAuth2Filter.java
Last active December 2, 2016 12:06
Authentication filter for Para, for handling authentication requests to a generic OAuth 2.0 identity provider
/*
* Copyright 2013-2016 Erudika. https://erudika.com
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
@albogdano
albogdano / Security Checklist.md
Last active August 30, 2017 12:25

Database

  • Use encryption for data identifying users and sensitive data like access tokens, email addresses or billing details if possible (this will restrict queries to exact match lookups).
  • If your database supports low cost encryption at rest (like AWS Aurora), then enable that to secure data on disk. Make sure all backups are stored encrypted as well.
  • Use minimal privilege for the database access user account. Don’t use the database root account and check for unused accounts and accounts with bad passwords.
  • Store and distribute secrets using a key store designed for the purpose. Don’t hard code in your applications.
  • Fully prevent SQL injection by only using SQL prepared statements. For example: if using NPM, don’t use npm-mysql, use npm-mysql2 which supports prepared statements.

Development

  • Ensure that all components of your software are scanned for vulnerabilities for every version pushed to production. This means O/S, libraries and packages. This should be automated
@albogdano
albogdano / albogdano.zsh-theme
Last active September 22, 2017 09:34
My zsh themes
#!/usr/bin/env zsh
#local return_code="%(?..%{$fg[red]%}%? ↵%{$reset_color%})"
#
# Oh My Zsh! theme
#
setopt promptsubst
autoload -U add-zsh-hook
@albogdano
albogdano / keybase.md
Created April 12, 2022 18:36

Keybase proof

I hereby claim:

  • I am albogdano on github.
  • I am albogdano (https://keybase.io/albogdano) on keybase.
  • I have a public key whose fingerprint is DFE3 1314 C10B 8C67 E891 DD0A A95C EA0C 995D AA0F

To claim this, I am signing this object: