When writing a user system for a client-side encrypted application, you first have to start with the universe. Well, that might be too much, so let's start a bit further ahead.Read more
One of the most important features of an API, besides usability, is resilience. A big aspect of a more resilient API is a restricted amount of information communicated. This is important to keep in mind, since every bit of information you give away, aids in an attack against your API.Read more
Last time, in Tokens, cookies and sessions: an auth story (Part 1), we talked about the decision-making process behind our authentication mechanism.Read more
When deciding which way to go with communicating and storing authentication information, one can easily drift into a bad trip and start wondering how anything ever works.Read more
Custom types in Ecto are a really nice way of abstracting away some functionality you need in a lot of places concerning your schemas. That sounds really nice, but let's break that down to something more digestible.Read more
Last time we went over creating a secured infrastructure and network for our SaaS operation.Read more
Before we can properly develop our application, it helps to have a clearly formulated idea about what you want to do, and why. When it comes to an application whose goal is to provide a secure environment for its users, it is important to have a concrete threat model. This way we know what to protect against - and also why.Read more
Sealas was our our first attempt to create a SaaS.
It started out as a simple idealistic idea: frustrated with the available options, we wanted to create an easy to use accounting application, that encrypts all user data before storing.
But we failed horribly.Read more