by via Awwwards - Sites of the day
Friday, January 11, 2019
BEAUREGARD
by via Awwwards - Sites of the day
Thursday, January 10, 2019
Does Your App Include Open Source Components? 5 Security Tips
A modern web application is bundled with tons of open-source dependencies. Developers are usually unaware of the number of open-source packages that's running under their package's hood. If you've ever wondered why your node_modules were so large, well that's why!
Contrary to popular belief, open-source components and dependencies are not more secure than their proprietary counterpart. Sure, there's a fleet of developers who volunteer to maintain certain repositories and that's great! However, the mere fact that lots of people use something doesn't make it more secure.
Add to this the issues around obsolete and abandoned packages. They're still popular amongst developers, but no longer maintained by anyone. In certain other cases, the developers are at fault by not prioritizing security updates. It becomes clear that protecting an organization's applications on a daily basis has now become a crucial necessity for survival in the market.
As you might already know, layered security is imperative and crucial. No one layer or program can withstand the numerous attacks from the unknowns of the dark web. Therefore, once organizations follow some of these best practices, they should be empowered to implement a robust strategy for a secure environment around their business-critical applications.
Package Your Components in a Container
The first stage in securing your applications is to ensure that they are sheltered within a Docker-like container. The inbuilt security of a container, along with its default configurations render a much stronger security posture. Applications that reside within settings such as this automatically inherit the same security guidelines. Furthermore, you can limit the damage your open source dependencies and APIs can do by running your app inside a container.
To make matters simpler, containers can be understood to be a protective shield of sorts. They isolate an application from the host computer as well as other containers. This helps to inhibit any vulnerabilities as well as any malicious use of the software.
The post Does Your App Include Open Source Components? 5 Security Tips appeared first on SitePoint.
by Gilad Maayan via SitePoint
We’re Hiring: Director of Marketing
Social Media Examiner is hiring a Director of Marketing! We are looking for experienced candidates who are willing to work from our home offices in Poway, California. To apply, you must have at least 7 years of experience directing a team of online marketers. Extensive knowledge of email marketing, Facebook advertising, affiliate marketing, social media […]
The post We’re Hiring: Director of Marketing appeared first on Social Media Marketing | Social Media Examiner.
by Michael Stelzner via Social Media Marketing | Social Media Examiner
Build an App with Everything New & Noteworthy in Angular 7
Angular 7 was released earlier this quarter and I’m pumped about a few of its features. If you’ve been following Angular since Angular 2, you know that upgrading can sometimes be a pain. There was no Angular 3, but upgrading to Angular 4 wasn’t too bad, aside from a bunch of changes in Angular’s testing infrastructure. Angular 4 to Angular 5 was painless, and 5 to 6 only required changes to classes that used RxJS.
Before I dive into showing you how to build an Angular app with authn/authz, let’s take a look at what’s new and noteworthy in this release.
Upgrade to Angular 7
If you created your app with Angular CLI, chances are you can easily upgrade to the latest release using ng update.
ng update @angular/cli @angular/core
You can also use the Angular Update Guide for complete step-by-step instructions.
What’s New in Angular 7
There are a few notable features in Angular 7, summarized below:
- CLI prompts: this feature has been added to Schematics so you can prompt the user to make choices when running
ngcommands. - Performance enhancements: the Angular team found many people were using
reflect-metadataas a dependency (rather than a dev-only dependency). If you update using the aforementioned methods, this dependency will automatically be moved. Angular 7 also adds bundle budgets so you’ll get warnings when your bundles exceed a particular size. - Angular Material: Material Design had significant updates in 2018 and Angular Material v7 reflects those updates.
- Virtual Scrolling: this feature allows you to load/unload parts of a list based on visibility.
- Drag and Drop: this feature has been added to the CDK of Angular Material.
Bundle budgets is the feature that excites me the most. I see a lot of Angular apps with large bundle sizes. You want your baseline cost to be minimal, so this feature should help. The following defaults are specified in angular.json when you create a new project with Angular CLI.
"budgets": [{
"type": "initial",
"maximumWarning": "2mb",
"maximumError": "5mb"
}]
You can use Chrome’s data saver extension for maximum awareness of the data your app uses.
For more details on what’s new in Angular 7, see the Angular blog, coverage on InfoQ, or the Angular project’s changelog.
Now that you know how awesome Angular 7 is, let’s take a look at how to create secure applications with it!
Create a Secure Angular 7 Application
An easy way to create Angular 7 apps is using the Angular CLI. To install it, run the following command:
npm i -g @angular/cli
The example below uses Angular CLI 7.1.0. To verify you’re using the same version, you can run ng --version.
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 7.1.0
Node: 11.1.0
OS: darwin x64
Angular:
...
Package Version
------------------------------------------------------
@angular-devkit/architect 0.11.0
@angular-devkit/core 7.1.0
@angular-devkit/schematics 7.1.0
@schematics/angular 7.1.0
@schematics/update 0.11.0
rxjs 6.3.3
typescript 3.1.6
To create a new app, run ng new ng-secure. When prompted for routing, type "Y". The stylesheet format is not relevant to this example, so choose whatever you like. I used CSS.
After Angular CLI finishes creating your app, cd into its directory, run ng new, and navigate to [http://localhost:4200](http://localhost:4200) to see what it looks like.
Add Identity and Authentication to Your Angular 7 App with OIDC
If you’re developing apps for a large enterprise, you probably want to code them to use the same set of users. If you’re creating new user stores for each of your apps, stop it! There’s an easier way. You can use OpenID Connect (OIDC) to add authentication to your apps and allow them all to use the same user store.
OIDC requires an identity provider (or IdP). There are many well-known IdPs like Google, Twitter, and Facebook, but those services don’t allow you to manage your users like you would in Active Directory. Okta allows this, and you can use Okta’s API for OIDC.
Register for a forever-free developer account, and when you’re done, come on back so you can learn more about how to secure your Angular app!
Now that you have a developer account, I’ll show you several techniques for adding OIDC authentication to you Angular 7 app. But first, you’ll need to create a new OIDC app in Okta.
Create an OIDC App in Okta
Log in to your Okta Developer account and navigate to Applications > Add Application. Click Web and click Next. Give the app a name you’ll remember, and specify [http://localhost:4200](http://localhost:4200) as a Login redirect URI. Click Done. Edit your app after creating it and specify [http://localhost:4200](http://localhost:4200) as a Logout redirect URI too. The result should look something like the screenshot below.
Use angular-oauth2-oidc
The angular-oauth2-oidc library provides support for OAuth 2.0 and OIDC. It was originally created by Manfred Steyer and includes many community contributions.
Install angular-oauth2-oidc using the following command:
npm i angular-oauth2-oidc@5.0.2
Open src/app/app.module.ts and import OAuthModule as well as HttpClientModule.
import { HttpClientModule } from '@angular/common/http';
import { OAuthModule } from 'angular-oauth2-oidc';
@NgModule({
declarations: [
AppComponent
],
imports: [
BrowserModule,
AppRoutingModule,
HttpClientModule,
OAuthModule.forRoot()
],
providers: [],
bootstrap: [AppComponent]
})
export class AppModule { }
Modify src/app/app.component.ts to import OAuthService and configure it to use your Okta application settings. Add login() and logout() methods, as well as a getter for the user’s name.
import { Component } from '@angular/core';
import { OAuthService, JwksValidationHandler, AuthConfig } from 'angular-oauth2-oidc';
export const authConfig: AuthConfig = {
issuer: 'https://{yourOktaDomain}/oauth2/default',
redirectUri: window.location.origin,
clientId: '{yourClientId}'
};
@Component({
selector: 'app-root',
templateUrl: './app.component.html',
styleUrls: ['./app.component.css']
})
export class AppComponent {
title = 'ng-secure';
constructor(private oauthService: OAuthService) {
this.oauthService.configure(authConfig);
this.oauthService.tokenValidationHandler = new JwksValidationHandler();
this.oauthService.loadDiscoveryDocumentAndTryLogin();
}
login() {
this.oauthService.initImplicitFlow();
}
logout() {
this.oauthService.logOut();
}
get givenName() {
const claims = this.oauthService.getIdentityClaims();
if (!claims) {
return null;
}
return claims['name'];
}
}
Modify src/app/app.component.html to add Login and Logout buttons.
<h1>Welcome to !</h1>
<div *ngIf="givenName">
<h2>Hi, !</h2>
<button (click)="logout()">Logout</button>
</div>
<div *ngIf="!givenName">
<button (click)="login()">Login</button>
</div>
<router-outlet></router-outlet>
Restart your app and you should see a login button.
Click the login button, sign in to your Okta account, and you should see your name with a logout button.
Pretty slick, eh?
Okta’s Angular SDK
You can also use Okta’s Angular SDK to implement the same functionality. You can start by installing it.
The post Build an App with Everything New & Noteworthy in Angular 7 appeared first on SitePoint.
by Matt Raible via SitePoint
Animated Mesh Lines with Three.js
A set of five demos with animated WebGL lines created with the THREE.MeshLine library. Find out how to animate and build these lines to create your own animations.
These lines shaped as ribbons have a really interesting graphic style. They also have less vertices than a TubeGeometry usually used to create thick lines.
The post Animated Mesh Lines with Three.js appeared first on Best jQuery.
by Admin via Best jQuery
Subscribe to:
Comments (Atom)