Florian Gaultier

2 posts published

📍 Bordeaux

Rotate JWT signing key for the better

ℹ️Tuesday morning (07/06/2022), around 7am UTC+2, every Slite users experienced a logout. This was the final step of authentication security improvements we've planned after we (re)discovered some bad practices we were sitting on since too much time.👷Disclaimer: as you surely know if you work

Security

Anti-SSRF solution

SSRF (Server Side Request Forgery) is a vulnerability used by attackers to do network internal requests when an URL is passed as an argument of your functions. ImpactThe impact of this vulnerability is completely related to what's accessible inside your internal network and what's the purpose of your function working