Skip to content

Instantly share code, notes, and snippets.

View kamleshchandnani's full-sized avatar

Kamlesh Chandnani kamleshchandnani

440 followers · 23 following
View GitHub Profile
@kamleshchandnani
kamleshchandnani / CSRF-attack.md
Created September 27, 2019 08:01
CSRF Attack

CSRF

So let's discuss about CSRF

The What?

CSRF stands for Cross Site Request Forgery. It's a kind of attack that mostly happens by compromising users cookies and perform an action which a user didn't intend to.

The How?

  • Imagine there's an attacker by the name Kamlesh and the Victim by the name Shankar.
  • Now Kamlesh wants to to do a malicious bank transaction from Shankar's account to his own account. Let's take HDFC bank for an example here.
  • To begin with Kamlesh logs on to his own HDFC bank account and then navigates to transactions page and clicks on view page source and copies the amount transform html form. Assume this is what a typical form looks like
<html lang="en">
@kamleshchandnani
kamleshchandnani / securing-passwords.md
Created September 27, 2019 08:46
Securing passwords

Securing passwords

Securing passwords is the most crucial thing when it comes to web security since if your passwords are compromised your information will be at risk.

The What?

So man in the middle attack is quite often when it comes to web security and especially while dealing with passwords between a client and the server. This attack is basically before a request reaches the server someone can spoof in between and steal the information and later uses it to replay the action and thus getting access to the victim's sensitive information.

The How?

Let's talk about how passwords are compromised.

  • Assume if you are storing the passwords in plain texts in your database and if the attacker gets the password from the request before it reaches the server he can replay the actions since the passwords were plain texts.
  • If you encrypt it on client side the attacker can read the hashing algorithm on the client since everything in JavaScript can be exposed.
@kamleshchandnani
kamleshchandnani / gatsby-node.js
Last active October 4, 2019 11:37
// gatsby-node.js in my project root
/**
* So this shows up the index field in the graphiql explorer but when queried returns null
* even though this is present in my mdx field. Seems like I need to define the resolver somewhere
* but couldn't connect the dots
*/
exports.createSchemaCustomization = ({ actions, schema }) => {
const { createTypes } = actions;
createTypes(`type BlogPost implements Node @nodeInterface {
date: Date @dateformat
@kamleshchandnani
kamleshchandnani / Is it too early to build a Design System.md
Last active August 2, 2023 16:41

Is it too early to build a Design System?

The Start

This is an interesting question and a very common question that all of us have. That's also because we are part of the industry or better way to put it is culture where things move at fast pace and everyone is just hustling and build products at a rocket speed. It's fine there's nothing against it. But there are certain principles that remains constant regardless of the speed we are building products. One such thing is Design System

Let's go one step backward from where we started and break them in sequence of events

  • We start with the idea of building an amazing and beautiful product
  • We start putting down our thoughts about our product by defining the flows a.k.a defining the User experience of our product.
  • Until now things were just black and white so to add some charm to our product what we do next is we start by defining some colors for our product which also help us think about brand colors so people can relate to our product instantly.