Posts by Randall Degges

The Ultimate Guide to Deploying Static Sites on AWS

Static sites are the best. They’re fast, they’re simple, and they’re practically free to host. Since late January 2016, Amazon Web Services (AWS) has become one of the best static web hosting providers of all time due to their release of AWS Certificate Manager (ACM). Using AWS, you can now: Deploy your static site into …

How to Gracefully Store User Files

When you build a web application, one thing you may need to think about is how you plan to store user files. If you’re building an application that requires users to upload or download files (images, documents, receipts, etc.) — file storage can be an important part of your application architecture. Deciding where you’ll store …

Securely Storing Files with Node, S3, and Stormpath

There are a lot of redundant problems you need to solve as a web developer. Dealing with users is a common problem: storing them, authenticating them, and properly securing their data. This particular problem is what we here at Stormpath try to solve in a reusable way so that you don’t have to. Another common …

The Ultimate Guide to Running a Company Hackathon

Last week, we officially kicked off the second ever Stormpath company hackathon: StormHack 0x01. Our first StormHack event took place a little over two years ago (wow, the time really flies!) and was a huge success: our team built quite a few high-value projects, everyone had fun, and it was a huge morale booster for …

The Most Important Security Practice Everyone Forgot

UPDATE: This was an April Fools’ Day post. Everything I wrote about here is completely false. Security by obscurity is not security at all! Good security is transparent, well reviewed, and mathematically backed. Simply ‘hoping’ an attacker can’t find your weaknesses doesn’t make your code any more secure than it already is: if anything, it …

Secure Password Hashing in Node with Argon2

Storing passwords securely is an ever-changing game. For the past few years (2013 -> 2015), Jean-Philippe Aumasson has been running a world-renowned Password Hashing Competition in which security researchers submit, validate, and vet the best password hashing algorithms. Just recently, the competition wrapped up, naming Argon2 king of the hashing algorithms. This is good news …

Using OAuth2 API Service Authentication with Node.js

So, you’re working with a shiny new API service in your latest project, and while reading API documentation stumble across something worrying: “OAuth2 Client Credentials Authentication Required”. Fear not, OAuth2 and the Client Credentials grant type are actually quite simple once you know what you’re working with. Today I’m going to show you how to …

Building Secure APIs with Express.js

Today, I’m going to walk you through everything you need to know in order to build a secure API service with Express.js and Stormpath. Specifically, I’ll walk you through building a simple Express.js API, and then locking it down via HTTP Basic Authentication, and OAuth2 Client Credentials authentication. These two authentication protocols allow you to …

Two Factor Authentication with Node.js and Yubikey

If you work in web development, chances are you’ve heard about a nifty little device called “Yubikey” that is becoming widely adopted as a simple and secure form of two-factor authentication. Yubikeys (pictured above) are small hardware devices that can be inserted into your computer’s USB port, or touched to the back of a NFC …

Building Simple Command Line Interfaces in Python

Building command line programs has been a long time passion of mine. There’s something magical about making a simple, intuitive, and composable CLI. There’s also nothing more beautiful than chaining together a series of CLI programs to solve a complex problem quickly. Here at Stormpath, we’ve built our entire product CLI in Python to create …