Articles

Ne Pas Utiliser de Credentiels dans une CI/CD Pipeline

Les pipelines CI/CD sont des outils puissants, mais il est important de ne pas utiliser de credentiels sensibles pour éviter les risques de sécurité.

Comment Donner un Accès Sécurisé à des Services Tiers Sans Utiliser de Clés Secrètes

OpenID Connect (OIDC) is a protocol that allows users to authenticate themselves with an external identity provider, such as Auth0 or Okta. It works by exchanging an access token between the identity provider and the application. This token is cryptographically signed and contains a set of claims about the user, such as their name, email, and other attributes. The application can then use this token to authenticate the user and grant them access to resources.

En tant qu’utilisateur qui construit et maintient des infrastructures cloud, j’ai toujours été méfiant du point de vue de la sécurité lorsque je donne un accès à des services tiers, tels que les plateformes CI/CD. Tous les fournisseurs de services prétendent prendre des précautions strictes et mettre en œuvre des processus infaillibles, mais les vulnérabilités sont toujours exploitées et les erreurs arrivent. Par conséquent, ma préférence est d’utiliser des outils qui peuvent être hébergés en interne. Cependant, je ne peux pas toujours avoir le choix si l’organisation est déjà engagée auprès d’un partenaire externe, tel que Bitbucket Pipelines ou GitHub Actions. Dans ce cas, pour appliquer un IaC Terraform ou déployer un groupe d’échelle automatique, il n’y a pas d’autre choix que de fournir à l’outil externe une clé secrète API, n’est-ce pas ? Faux ! Avec la prolifération de OpenID Connect, il est possible de donner aux plates-formes tierces un accès basé sur des jetons qui n’exige pas de clés secrètes.

Le problème avec une clé secrète est qu’il y a toujours une chance qu’elle soit divulguée. Le risque augmente plus elle est partagée, ce qui se produit lorsque des employés quittent et que de nouveaux arrivent. L’un d’entre eux peut le divulguer intentionnellement ou ils peuvent être victimes d’une hameçonnage ou d’une violation. Lorsqu’une clé secrète est stockée dans un système externe, cela introduit un tout nouvel ensemble de vecteurs de fuite potentiels. Atténuer le risque implique de changer périodiquement les informations d’identification, ce qui est une tâche qui n’ajoute pas de valeur perceptible.

OpenID Connect (OIDC) est un protocole qui permet aux utilisateurs de s’authentifier auprès d’un fournisseur d’identité externe, tel qu’Auth0 ou Okta. Il fonctionne en échangeant un jeton d’accès entre le fournisseur d’identité et l’application. Ce jeton est signé de manière cryptographique et contient un ensemble de revendications sur l’utilisateur, telles que son nom, son adresse électronique et d’autres attributs. L’application peut ensuite utiliser ce jeton pour authentifier l’utilisateur et lui donner accès aux ressources.

Les jetons OIDC sont une alternative intéressante aux clés secrètes pour donner aux plates-formes tierces un accès limité aux ressources cloud. Les jetons sont générés par le fournisseur d’identité et peuvent être limités à une durée de vie spécifique et à un ensemble de revendications spécifiques. De plus, ils peuvent être révoqués à tout moment par le fournisseur d’identité si nécessaire. Les jetons OIDC sont donc une solution plus sûre et plus flexible pour donner aux plates-formes tierces un accè

Source de l’article sur DZONE

Since school is back in session, this month’s roundup has a learning focus. In addition to tools, many of the resources include guides, tutorials, and cheat sheets to help make design work easier.

Here’s what’s new for designers this month.

ScrollingMockup.io

ScrollingMockup.io generates high-definition, animated scrolling mockups in minutes. All you have to do is paste your website URL, select from the expanding template gallery, add some music and post. You can create three mockups for free, and then this tool comes with a subscription model. The paid model allows for custom branding for mockups and more.

FilterSS

FilterSS is a curated collection of CSS image filters for use in projects. Upload an image, sort through the list, and then copy the code for the filter you want to use. It’s that easy!

Buttons Generator

Buttons Generator is a fun tool with so many button options in one place. Choose from three-dimensional, gradient, shadow borders, neumorphic, retro, animated, ghost, with arrows, and more all in one place. Click the one you like, and the code is copied right to your clipboard and ready to use in projects.

UI Cheat Sheet: Spacing Friendships

UI Cheat Sheet: Spacing Friendships is a fun – and memorable approach to figuring out spacing. This guide shows how close or far away elements should be based on “friend” circles with a couple of relatable instances. It’s one of the most relatable examples of this concept out there while emphasizing the importance of spacing in design.

PrettyMaps

PrettyMaps is a minimal Python library that allows you to draw customized maps from OpenStreetMap data. This tool can help you take online map design to the next level with cool, unique map visuals. It’s based on osmnx, matplotlib, shapely, and vsketch libraries.

Card.UX/UI

Card.UX/UI is a card-style generator with more than 20 templates and elements to create custom cards. Use the on-screen tools to design it the way you want and then copy the code for easy use.

Couleur.io

Couleur.io is a simple color palette builder tool that lets you pick a starting color and build a scheme around it. One of the best elements of the tool might be the quick preview, which shows your choices using the palette in context and in dark mode. Get it looking the way you want, and then snag the CSS to use in your projects.

CSS Accent-Color

CSS Accent-Color can help you tint elements with one line of CSS. It’s a time-saving trick that allows for greater customization for your brand in website design projects. Plus, it works equally well in dark or light color schemes. It supports checkboxes, radio, range, and progress bars.

Vytal

Vytal shows what traces your browser leaves behind while surfing the web. This scan lets you understand how easy it is to identify and track your browser even while using private mode. In addition, it scans for digital fingerprints, connections, and system info.

Imba

Imba is a programming language for the web that’s made to be fast. It’s packed with time-saving syntax tags and a memorized DOM. Everything compiles to JavaScript, works with Node and npm, and has amazing performance. While the language is still in active development, the community around it is pretty active and growing.

SVG Shape Dividers Creator

SVG Shape Dividers Creator is a tool that allows you to create interesting shapes with SVG so that your colors and backgrounds aren’t always rectangles. You can adjust and side, change the color, axis, and flip or animate it. Then snag the CSS, and you are ready to go.

Image Cropper

Image Cropper is a tool that allows you to crop and rotate images using the flutter plugin. It works for Android and IOS.

Noteli

Noteli is a CLI-based notes application that uses TypeScript, MongoDB, and Auth0. The tool is just out of beta.

Yofte

Yofte is a set of components for Tailwind CSS that help you create great e-commerce stores. The UI Kit is packed with components with clean and colorful designs that are customizable. The code is easy to export and clean. This premium kit comes with a lifetime license or a monthly plan.

UI Deck

UI Deck is a collection of free and premium landing page templates, themes, and UI kits for various projects. This is a premium resource with paid access to all of the tools. It includes access to more than 80 templates.

Star Rating: An SVG Solution

Star Rating: An SVG Solution is a tutorial that solves a common design dilemma: How to create great star rating icons for pages. This code takes you through creating an imageless element that’s resizable, accessible, includes partial stars, and is easy to maintain with CSS. It’s a great solution to a common design need.

Designing Accessible WCAG-Compliant Focus Indicators

Designing Accessible WCAG-Compliant Focus Indicators is another convenient guide/tutorial for an everyday application. Here’s why it is important: “By designing and implementing accessible focus indicators, we can make our products accessible to keyboard users, as well as users of assistive technology that works through a keyboard or emulates keyboard functionality, such as voice control, switch controls, mouth sticks, and head wands, to mention a few.”

Blockchain Grants

Blockchain Grants is a tool for anyone developing blockchain applications and in need of funding. It’s a database of grants from a variety of organizations for different applications. Start looking through this free resource to help secure additional funding for your projects.

Basement Grotesque

Basement Grotesque is a beautiful slab with a great heavy weight and plenty of character. There are 413 characters in the set with plenty of accents, numbers, and variable capitals.

Gadimon

Gadimon is a fun, almost comic book-style layered script. The font package includes a regular and extrude style.

Lagom

Lagom is a sleek and functional serif typeface with 16 styles in the robust family from ultralight to extra bold italic. It’s readable and has a lot of personality.

Striped Campus

Striped Campus fits our back-to-school theme with a fun, scholastic look and feel. The block letters have a thick outline stroke and some fun inline texture.

Source

The post Exciting New Tools for Designers, September 2021 first appeared on Webdesigner Depot.


Source de l’article sur Webdesignerdepot

This week, we check out how Microsoft Teams could be breached with a single GIF image sent in a chat, and Auth0 by changing the case of a single character.

In other news, a report on security issues in smart home hubs has been published, and a new online training on OAuth2.0 and OpenID Connect is available.

Source de l’article sur DZONE