cmpg-323-overview---35803150's People
cmpg-323-overview---35803150's Issues
CMPG323 Class(contact) - 06/09
CMPG323 Class(contact) - 31/10
Create the Label provided and other relevant labels
CMPG323 Class(contact) - 11/10
Create a table view within the project named ‘Tabular View’
- Add Milestone, Label, Linked Pull Request and Repository as fields to the view
- Hide the Assignees field
CMPG323 Class(online) - 10/11
CMPG323 Class(online) - 25/08
CMPG323 Class(contact) - 30/08
- Requirements
CMPG323 Class(contact) - 30/07
Create a GitHub Kanban project
In the ReadME.md, address which repositories will be created and used for each project
CMPG323 Class(contact) - 13/09
Create a board view within the project, named ‘Sprint View’
Group by Sprint
Create a repository named CMPG 323 Overview - 35803150
Create a repository named CMPG 323 Project 2 - 35803150
CMPG323 Class(online) - 27/10
CMPG323 Class(online) - 04/08
CMPG323 Class(online) - 28/07
CMPG323 Class(online) - 01/09
Video about Publish posted on dropbox
CMPG323 Class(contact) - 24/10
CMPG323 Class(online) - 15/09
In the ReadME.md, explain the branching strategy to be used within each project
CMPG323 Class(contact) - 08/11
Add charts: Number of Items by Label, Status and Sprint and Burndown Chart
Ensure that the project is named appropriately
CMPG323 Class(contact) - 01/11
CMPG323 Class(contact) - 23/07
CMPG323 Class(online) - 11/08
Ensure that the project has a description adequately describing the project
In the ReadME.md, provide a diagram explaining project and repository context and how they are integrated
CMPG323 Class(online) - 13/10
In the ReadME.md, explain the use of a .gitignore file within each project
In the ReadME.md, explain the storage of credentials and sensitive information
Create the Milestones
CMPG323 Class(online) - 20/10
CMPG323 Class(contact) - 17/10
Add columns: Linked Assessment, Due Date, Sprint, Effort(in Hours)
Add the following columns:
- Linked Assessment (field type = text)
- Due Date (field type = date)
- Sprint (field type = single select; add all 8 of the sprints as options with sprint start and end date)
- Effort (in Hours) (field type = number)
CMPG323 Class(online) - 04/08
CMPG323 Class(contact) - 02/08
Populate the ‘Tabular View board’ with all CMPG323 classes, training time, estimated tasks, project submissions, PoE
- All CMPG 323 classes
- All CMPG 323 training time required to upskill and complete projects
- All estimated tasks required to complete all CMPG 323 projects
- All CMPG 323 project submissions (with deadlines attached to milestones)
- All tasks associated to completing the CMPG 323 Portfolio of Evidence (POE)
Create a board view within the project, named ‘Status View’
Group by Status
CMPG323 Class(contact) - 26/07
CMPG323 Class(online) - 06/10
CMPG323 Class(online) - 08/09
CMPG323 Class(contact) - 02/07
CMPG323 Class(contact) - 04/10
CMPG323 Class(online) - 03/11
CMPG323 Class(online) - 29/09
Link the GitHub repository to the project
CMPG323 Class(contact) - 23/08
API Development - Security
Project 2 - secure your API
5. REST security fundamental
HTTP( Basic Web Security )
1. Basic Authentication
- Internet standard
- Supported by all major browsers
2. Digest Authentication
-The password is not sent clear to the server.
- application of **MD5 cryptographic hashing with usage of nonce values to prevent replay attacks. **
- Nonce -
3. Configured on the IIS web server (platform dependent)
- Can be both used by REST and SOAP
- Provides point-to-point security between the two endpoints.
HTTPS( Transport Security )
REST security cheat sheet [1]
-
Mutually authenticated client-side certificates
-
https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
-
Non-public REST services must perform access control at each API endpoint
-
User authentication should be centralized in a Identity Provider(IdP)
-
JSON Web Tokens (JWT)
as the format for security tokens
- JWT are JSON data structures containing a set of claims that can be used for access control decisions.
-
API Keys
- Public REST services without access control run the risk of being farmed leading to excessive bills for bandwidth or compute cycles
- API keys can reduce the impact of denial-of-service attacks.
-
Restrict HTTP methods
- Apply an allow list of permitted HTTP Methods e.g. GET, POST, PUT
- Reject all requests not matching the allow list with HTTP response code 405 Method not allowed.
- Make sure the caller is authorized to use the incoming HTTP method on the resource collection, action, and record
Session Management and Authentication
- OAuth2
- First, OAuth 2.0 is NOT an authentication protocol.
- It is an delegated authorization framework, which many modern authentication protocols are built on.
- OpenID (federated authentication) - one entity trusts another entity with user management.
- An ID token's password
Resources list
[1] - https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
[2]
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.