recentpopularlog in

kme : protocol   21

syntax - In a URL, what is // for? - Super User | https://superuser.com/
Protocol-less URLs are now seen as an "anti-pattern" (https://www.paulirish.com/2010/the-protocol-relative-url/), but anyway, this was interesting.

More recently, it could be argued that the double slash does have a role. Google recommend (to avoid accidentally calling insecure content from a secure page, for example) omitting the protocol from embedded resources (stylesheets, js etc), like this

<script src="//www.google.com/js/gweb/analytics/autotrack.js"></script>

So it is now apparent that such a protocol-less URL is a fully qualified URL and not a relative URL (which would begin with a single slash).
interesting  http  url  protocol  theweb 
november 2017 by kme
Insane Coding: OAuth - A great way to cripple your API [http://insanecoding.blogspot.com/]
If you're looking to implement authorization for your API, I recommend to sticking with well understood secure designs, such as HTTP Basic Authentication over SSL/TLS (or HTTP Digest Authentication).

In order to achieve a situation where users can securely authorize third party software, without giving over their personal credentials (passwords), I recommend that these services have a page where they can generate new credentials (keys) which the user can copy and paste. They can then name these keys themselves (avoiding application registration hassle), and set permissions upon them themselves. Since the user is the one initiating the key creation, and copying and pasting it themselves, they cannot fall prey to a man-in-the-middle attack where the third party software initiates the authorization process.
oauth  security  theweb  authentication  webdevel  protocol  advice 
august 2014 by kme

Copy this bookmark:





to read