Skip to content

Instantly share code, notes, and snippets.

View newx's full-sized avatar

Newton Ramos Garcia newx

36 followers · 39 following
  • Newx
  • Goiânia, Brazil
View GitHub Profile
@newx
newx / how-to-secure-jwt.markdown
Last active October 5, 2018 03:51
How to secure JWT (Json web token)

How to Secure JWT

  • Always verify the signature before you trust any information in the JWT
  • If possible, implement IP Whitelisting using the Access Control policy for additional security when using query params.
  • pass Cache-Control:No-Store in the HTTP Headers
  • Do not send tokens over non-HTTPS connections as those requests can be intercepted and tokens compromised. SSL will protect the query parameters in transit;
  • Give tokens an expiration. Technically, once a token is signed – it is valid forever – unless the signing key is changed or expiration explicitly set. This could pose potential issues so have a strategy for expiring and/or revoking tokens.
  • Do not add sensitive data to the payload. Tokens are signed to protect against manipulation and are easily decoded. Add the bare minimum number of claims to the payload for best performance and security.
  • Secure the secret signing key used for calculating and verifying the signature. The secret signing key should only be accessible by the issuer an
@newx
newx / nginx-access-control-allow-origin.txt
Created December 16, 2016 13:28
# allows font-awesome fonts from a different domain or subdomain
location /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
@newx
newx / rails-engine-boilerplate.md
Last active August 6, 2016 17:03
Rails engine

Create a mountable engine

rails plugin new ENGINE_NAME --dummy-path=spec/dummy --skip-test-unit --mountable

Add these lines to the gemspec file:

s.add_development_dependency 'rspec-rails'
@newx
newx / rails-boilerplate.md
Last active December 30, 2017 16:52

Setup a new project and database.

Create a new rails app named app_name without Test::Unit and with mysql database:

rails new app_name -T -d mysql

or an app without Test::Unit and with postgresql database:

rails new app_name -T -d postgresql

or without Test::Unit and with the default sqlite:

@newx
newx / chef_json.json
Created April 15, 2015 20:12
Chef json from Emeril
{
"wordpress": {
"domain": "example.com",
"sys_user": "exampleuser",
"sys_password": "xxxxxxxxxxx",
"wp_email": "email@example.com",
"wp_user": "exampleuser",
"wp_password" "12345",
"disk_quota": "1000",
"themes": [ "theme-1", "theme-2", "theme-3", "theme-4" ],
@newx
newx / mail_css_inliner.rb
Created September 30, 2010 14:18
require 'rubygems'
require 'tamtam'
class CssInliner
def self.delivering_email(message)
message.subject = "#{message.subject}"
#message.to = "ryan@railscasts.com"
@newx
newx / Newsletter.php
Created July 22, 2008 12:03
<?php
require_once 'NEWX.php';
class Newsletter extends NEWX {
var $_table = 'newsletter';
var $_pk = 'newsletter_id';
var $tpl_dir = '';
var $newsletter_tpl = 'newsletter.tpl';