In the right circumstances, your web analytics or real user measurement data can offer visibility into the world of imposter domains, used by web scrapers to re-publish your site content on their servers. Content scraping is a fact of life on the Internet. When you think of web scraping, you probably do not think about the scrapers turning around and immediately serving your entire, whole page content on another website. But what if your site content is being re-published? It might be already happening.
Read more…
After almost five years in development, the new HTTP/3 protocol is nearing its final form. In this part 3, Robin Marx will look at how to practically use and deploy QUIC and HTTP/3, by looking at most best practices and lessons learned from HTTP/2. You’ll discuss that it might take a while before off-the-shelf web server packages provide full HTTP/3 support, and how most major browsers have HTTP/3 support, even enabled by default. Let’s take a close look at the challenges involved in deploying and testing HTTP/3, and how and if you should change your websites and resources as well.
Read more…
As a community, we can each work to improve our own little corners of the Web. But, collectively, we can do better. We can improve the Web and make it a better platform for privacy. The Web is still wrestling with issues we take for granted offline, privacy chief among them. These are steps The New York Times took to protect users’ data, and how you can too.
Read more…
After almost five years in development, the new HTTP/3 protocol is nearing its final form. In this second part, Robin Marx will zoom in on the performance improvements that QUIC and HTTP/3 bring to the table for web-page loading. We will, however, also be somewhat skeptical of the impact we can expect from these new features in practice.
Read more…
After almost five years in development, the new HTTP/3 protocol is nearing its final form. Earlier iterations were already available as an experimental feature, but you can expect the availability and use of HTTP/3 proper to ramp up over in 2021. So what exactly is HTTP/3? Why was it needed so soon after HTTP/2? How can or should you use it? And especially, how does it improve web performance? Let’s find out.
Read more…
At the moment of adding authentication and authorization to our web applications, there are some things that we should evaluate, e.g. whether we need to create our own security platform or whether we can rely on an existing third-party service. Let’s see how we can implement authentication and authorization in Next.js apps, with Auth0.
Read more…
Reset password functionality is table stakes for any user-friendly application. It can also be a security nightmare. Using NodeJS and MySQL. Today, Darshan Somashekar demonstrates how to successfully create a secure reset password flow so you can avoid these pitfalls. Darshan will be using NodeJS and MySQL as the base components. If you’re writing using a different language, framework, or database, you can still benefit from following the general “Security Tips” outlined in each section.
Read more…
The blockchain technology is receiving a lot of attention because of its ability to enhance security in trustless environments, enforce decentralization, and make processes efficient. In this tutorial, Alfrick Opidi demonstrates how to create a simple cryptocurrency, called smashingCoin, using the concepts of JavaScript classes and Node.js. Give it a try — it’s simpler than you think!
Read more…
Now that we have a year of GDPR under our belts, and the ePR is coming soon, there’s no better time than now to review your websites. Do you know what kinds of cookies collect information from your site? And have you provided visitors with information about an option to accept those cookies? If your site is currently not in compliance, or you’re not sure if it is, read this post and start using CookiePro’s cookie consent tool to get your sites moving in the right direction.
Read more…
Exploiting a security flaw is often about getting multiple small pieces to line up. Every bit of JavaScript you add to a site is a potential way in for a hacker. This is doubly true if that JavaScript is hosted by someone else, such as on a public CDN. Subresource Integrity is a browser feature you can use to make sure that the code being used is exactly what you intended. In this article, Drew McLellan will take a look at what SRI is, how it can help protect you, and how you can start using it in your own projects, not just for files hosted on CDNs.
Read more…