JWT is neat, in every meaning of the word. Sure, the base64-encoded data is basically plaintext. But a secure signature makes it All All Right. 🙂 Simple and elegant.
I used my OAuth code from twitter to do the encoding and encrypting. As per the usual, it’s in my Reusable project on github.
I used the most-readily-available encryption algorithm. Looking forward to setting up better faster harder ones soon.
These are really good libraries that got my dates and times flowing client-server full circle, with all the UI and math tools I needed.
KISS!
// Date sanitation: limit ancient and future days and ensure start isn't beyond end
date today = second_clock::local_time().date();
date s = startdate;
date e = enddate;
if (e > today)
e = today;
if (e - s > date_duration(cn_max_days_to_look_back))
s = e - date_duration(cn_max_days_to_look_back);
if (s > e)
s = e;
Even the name teaches. Instead of HyperCharts or whatever everyone else is calling themselves, even the name of d3 teaches: let your data drive everything.
One deep dive with haproxy and I have handed it complete control of all my certificates.
* One bind statement with every single cert file I own, and haproxy is instantly handling every host’s SSL handshaking using SNI
* It is handling dynamic conversion of http requests to https
* It has removed the need for https on any webserver on the secured LAN
* It allows incredibly flexible load balancing via host, port, url, etc etc
* It is easy to set up to use ssl best practices, so every one of your websites instantly gets A+ ratings on ssl labs
Unbelievable, I’m stunned.
Here’s all I needed to get ssl labs A+ ratings:
global
# MDM NO SSLv3! Good ciphers!
ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
ssl-default-bind-ciphers AES128+EECDH:AES128+EDH
frontend ....
# MDM We need to provide an HSTS header to get A+ at ssllabs!
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
reqadd X-Forwarded-Proto:\ https
Also needed this in wordpress wp-config.php:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
