web-security

Tommi Martin 2024-12-27T10:27:44.039739Z

Hello everyone regarding web-security and clojure would anyone be able to provide me with links and references to up to date documentation and learning materials you would recommend for modern clojure web-app. Specifically around user management (public account creation - login and api for logged in users) Currently I'm making a personal project which has a login system and I'm trying to learn and compare different methods of logins and finding it difficult to evaluate different Clojure / java systems realistically and I think I need a nudge to the right direction. Would you be able to provide me with learning materials about the topic or tool recommendations? For those curious the personal project is a sort of a event scheduler web-app. You can find the (non-functional) repo here: https://github.com/tommi-martin/when

Eugen 2025-01-04T19:57:54.701919Z

I'm kind of in the same boat. Currently looking at buddy / friend for handling auth

Eugen 2025-01-04T19:58:25.674899Z

I plan to deploy Keycloak or kanidm as IdP - focus on OpenId Connect

Eugen 2025-01-04T19:59:09.448509Z

https://funcool.github.io/buddy-auth/latest/

Tommi Martin 2025-01-13T11:31:24.656979Z

I'll probably deploy buddy aswell to my personal project, just to get it rolling again. But i was worried by this disclaimer in the repo for buddy auth : https://github.com/funcool/buddy-auth > NOTE: this project is in maintencance mode, and looking for a new maintainer. This coupled with the last commits being 4 years ago kinda made me wonder if I want to build anything ontop of that.

Eugen 2025-01-13T11:49:43.481319Z

should work ok

Eugen 2025-01-13T11:51:42.897409Z

if you opt for openid connect / oauth, you can also check out https://lambdaisland.com/episodes/passwordless-authentication-ring-oauth2

Eugen 2025-01-13T11:51:57.939299Z

I believe they work together

fabrao 2025-02-07T16:28:03.584229Z

one thing that you can consider in websecurity is CSP (Content Security Policy), that helps to keep all resources secure, mainly script injections that all the users have without knowing. Yes, they have lots of 🙂