Security

Understanding Web's content Origin and Site

Introduction This post summarizes what I have learned when I encountered issues related to CORS and HTTP cookies. Understanding Domains(hostname), Origins, and Sites It’s crucial to comprehend these concepts when dealing with CORS-related problems. Origin An example of a web content’s origin is http://example.com:80. An origin is comprised of the domain (hostname), port, and scheme. In the case above, http is the scheme, example.com is the domain, and 80 is the port.

Implementing TOTP in Go

Introduction In this article, I would like to try implementing a code that generates a one-time password, which is often used in many two-factor authentication functions, called Time-based One-time Password (TOTP), using Go. What is Two-Factor Authentication? Before writing the TOTP generation code, let’s briefly review what two-factor authentication is. There are mainly three types of factors for authentication: knowledge, possession, and biometrics. Knowledge: Something only the user knows or remembers, such as a login password.

Web脆弱性

CSRF(Cross Site Request Forgery) 外部サイトを経由したサーバーへの悪意のあるリクエストによって利用者の意図しない処理を実行する攻撃。 user がログインした状態で悪意あるリン

OAuth2

はじめに OAuth2.0 とはサードパーティアプリケーションによる HTTP サービスへの限定的アクセスを可能にする認可フレームワークである。 The OAuth 2.0 authorization framework enables a third-party application to obtain limited