Articles and insights tagged with security.
Storing JWTs in localStorage feels convenient—until an attacker steals them with a single line of JavaScript. Learn why browser-accessible tokens are a security trap, how XSS and CSRF attacks actually work, and how to build authentication that's both secure and seamless.
Explore how multi-tenant architecture enables platforms to serve multiple organizations from a single codebase. From isolation strategies to security considerations, learn the patterns that power SaaS platforms, cloud providers, and enterprise software.
Docker containers inherit Unix permissions, but most Dockerfiles ignore them entirely. Running as root, copying files with wrong ownership, and mounting volumes without permission checks—these aren't edge cases. They're the default. Here's how to fix it before your container becomes an attack vector.
Unix permissions are not granular—they are intentionally simple. This 50-year-old security model still underpins containers, cloud systems, and Kubernetes. Learn why limiting expressiveness is the real security feature.
Discover how OAuth 2.0 enables trusted delegation of access through an engaging story about three entities working together, then dive deep into the technical details with sequence diagrams, historical context, and a practical GitHub integration example.
A friendly introduction to Role-Based Access Control (RBAC), exploring how this powerful standard shapes authorization in AWS IAM, GCP, GitHub, and countless other platforms we use every day.
My journey from struggling with password managers and MFA to researching OTP standards and compliance requirements, leading to a focus on building authentication and authorization solutions.