Posts by Randall Degges

Static sites are the best. They’re fast, they’re simple, and they’re practically free to host. Since late January 2016, Amazon Web Services (AWS) has become one of the best static web hosting providers of all time due to their release of AWS Certificate Manager (ACM). Using AWS, you can now: Deploy your static site into …

When you build a web application, one thing you may need to think about is how you plan to store user files. If you’re building an application that requires users to upload or download files (images, documents, receipts, etc.) — file storage can be an important part of your application architecture. Deciding where you’ll store …

There are a lot of redundant problems you need to solve as a web developer. Dealing with users is a common problem: storing them, authenticating them, and properly securing their data. This particular problem is what we here at Stormpath try to solve in a reusable way so that you don’t have to. Another common …

Last week, we officially kicked off the second ever Stormpath company hackathon: StormHack 0x01. Our first StormHack event took place a little over two years ago (wow, the time really flies!) and was a huge success: our team built quite a few high-value projects, everyone had fun, and it was a huge morale booster for …

UPDATE: This was an April Fools’ Day post. Everything I wrote about here is completely false. Security by obscurity is not security at all! Good security is transparent, well reviewed, and mathematically backed. Simply ‘hoping’ an attacker can’t find your weaknesses doesn’t make your code any more secure than it already is: if anything, it …

Storing passwords securely is an ever-changing game. For the past few years (2013 -> 2015), Jean-Philippe Aumasson has been running a world-renowned Password Hashing Competition in which security researchers submit, validate, and vet the best password hashing algorithms. Just recently, the competition wrapped up, naming Argon2 king of the hashing algorithms. This is good news …

Heads up… this article is old! For an updated version of this article, see Secure a Node API with OAuth 2.0 Client Credentials on the Okta developer blog. So, you’re working with a shiny new API service in your latest project, and while reading API documentation stumble across something worrying: “OAuth2 Client Credentials Authentication Required”. …

Today, I’m going to walk you through everything you need to know in order to build a secure API service with Express.js and Stormpath. Specifically, I’ll walk you through building a simple Express.js API, and then locking it down via HTTP Basic Authentication, and OAuth2 Client Credentials authentication. These two authentication protocols allow you to …

If you work in web development, chances are you’ve heard about a nifty little device called “Yubikey” that is becoming widely adopted as a simple and secure form of two-factor authentication. Yubikeys (pictured above) are small hardware devices that can be inserted into your computer’s USB port, or touched to the back of a NFC …

Building command line programs has been a long time passion of mine. There’s something magical about making a simple, intuitive, and composable CLI. There’s also nothing more beautiful than chaining together a series of CLI programs to solve a complex problem quickly. Here at Stormpath, we’ve built our entire product CLI in Python to create …