Articles

Security

SSH keys

8/28/2022
Maxime Moreillon
SSH keys thumbnail
Using a key file can greatly increase security when connecting to a host via SSH. This article presents how to create such keys and configure hosts to use them.
TutorialsSSHSecurity

A template for Vue.js applications

9/27/2021
Maxime Moreillon
A template for Vue.js applications thumbnail
Over the years, I have built multiple Vue.js applications. Although their business logic differs, those applications often share similar components such as a navigation panel, a header with my logo and an authentication mechanism. Writing those from scratch for each application would be time consuming so I designed an application template that can be installed using NPM to bootstrap my projects.
WebVue.jsSecurityProjectsNPM

User management microservice based on Neo4J

9/25/2021
Maxime Moreillon
User management microservice based on Neo4J thumbnail
Web applications commonly require a user database and the management logic for it. Having to build such software infrastructure for each individual app would be time consuming so I designed a general-purpose user management microservice that can be easily integrated in a project.
SecurityProjectsWebNode.jsNeo4J

Multi-user MQTT platform

9/20/2021
Maxime Moreillon
Multi-user MQTT platform thumbnail
Mosquitto is usually the first candidate to come to mind when looking for an MQTT broker. However, by default, Mosquitto manages users using a password file. This makes it difficult to easily add or remove users, especially when the broker is deployed in Kubernetes.
ProjectsKubernetesMQTTWIPSecurity +1

User management and authentication service using MongoDB

9/20/2021
Maxime Moreillon
User management and authentication service using MongoDB thumbnail
More often than not, web applications require restrictions regarding who can access the content that they serve. This involves an user management and authentication system, which, if designed inappropriately, can lead to security concerns. However, the development of such system can be time consuming, especially if done repeatedly for multiple applications.
FeaturedNode.jsMongooseMongoDBDocker +2

Encrypting Mosquitto using Certbot

11/28/2020
Maxime Moreillon
This article presents how to encrypt a Mosquitto MQTT broker using SSL certificates obtained with Let's Encrypt
SecurityMQTTTutorials

Securing an ingress with basic auth

4/20/2020
Maxime Moreillon
This article describes how to use basic auth to protect an ingress in Kuberentes. It it <a href="https://kubernetes.github.io/ingress-nginx/examples/auth/basic/" rel="noopener noreferrer nofollow">based on this page</a>.
TutorialsSecurityKubernetes

Express authorization middleware

3/16/2020
Maxime Moreillon
Many applications require some form of authorization mechanism to prevent users from accessing restricted content. Authenticated users are commonly in possession of a cookie containing identification data. With the authentication microservice that I designed, this cookie contains a JWT that contains the user's username. This JWT is sent in the authorization header of HTTP requests. Thus, authorization can be performed easily within each application by simply decoding the JWT. To do so, I designed this simple middleware for ExpressJS.
ProjectsSecurityNPMExpressNode.js

Cookies

2/13/2020
Maxime Moreillon
Cookies are key-value pairs stored on a web browser. They can be set (i.e. created) using client-side JavaScript. Conversely, a server can get a client's browser to set cookies via instructions in an HTTP response. As such, cookies can be set by both the client and the server.
TutorialsSecurityCookies

Cookie-session

2/12/2020
Maxime Moreillon
User authenticates using username and password, server sets a signed cookie containing serialized user info
SecurityTutorialsCookies

New article