#typescript#actions#authentication#gcp#github_actions#google_cloud#google_cloud_platform#iam#identity#security
You can securely connect GitHub Actions to Google Cloud using the Google GitHub Action called `auth`. It supports two main ways: the recommended Workload Identity Federation (WIF), which uses short-lived tokens and avoids long-lived service account keys, and the older Service Account Key JSON method. WIF improves security by creating a trust link between your GitHub workflow and Google Cloud without exposing permanent credentials. To use it, you set up a Workload Identity Pool and Provider in Google Cloud, then configure your GitHub workflow to authenticate with these. This lets your workflows access Google Cloud resources safely and easily, reducing risks and simplifying credential management.
https://github.com/google-github-actions/auth
http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
#security
This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit retrieving information that you should not have access to which is why I just pushed out a security release for it.
However I think the general issue is quite severe and needs to be a discussed because most people are most likely not aware of how easy it is to exploit.
https://michaelwashburnjr.com/django-user-authentication/
User #Authentication with #Django_REST_Framework
User Authentication is a simple concept, but when it comes to properly implementing it in Django, things can get complicated. Django offers an abundance of different authentication mechanisms: BasicAuthentication, TokenAuthentication, SessionAuthentication, and various ways to implement custom authentication mechanisms.
#security
page 1 - 2 - 3 - 4
Click here to return to the ⚒ Resource Index ⚒
Security Culture - Basics for Protests
https://t.me/RevToolboxRedux/2165
https://t.me/RevToolboxRedux/2166 - PDF version
Security and Counter-Surveillance - Information Against the Police State
https://t.me/RevToolboxRedux/2559
What To Do When You're Arrested
https://t.me/RevToolboxRedux/2585
Surveillance Self Defense in Public Spaces
https://t.me/RevToolboxRedux/2755
Movement Defense Means All of Us - A guide to building resilient movements and countering repression.
https://t.me/RevToolboxRedux/2070
No Badjacketing - The State Wants To Kill Us, Let's Not Cooperate (important article)
https://t.me/RevToolboxRedux/2915
Why Misogynists Make Great Informants
https://t.me/RevToolboxRedux/2916
Digital Communication Protocols Beyond Telegram
https://t.me/RevToolboxRedux/3338
Police Infiltrators - the ultimate betrayal
https://t.me/RevToolboxRedux/2502
Privacy/Security Resource list
https://t.me/RevToolboxRedux/12
Some tips on staying secure online
https://t.me/RevToolboxRedux/157
Elicitation - subtly soliciting information
https://t.me/RevToolboxRedux/167
Telegram tips for group/channel admins (old)
https://t.me/RevToolboxRedux/198
Breaking News Consumer's Handbook
https://t.me/RevToolboxRedux/209
Antifascism is Self Defense
https://t.me/RevToolboxRedux/264
Digital security resources for activists
https://t.me/RevToolboxRedux/267
Know Your Rights - A Crashcourse 4 Protesters (Don't Shoot PDX)
https://t.me/RevToolboxRedux/273
Best Practices for Signal Threads
https://t.me/RevToolboxRedux/280
The Riot is One Night But Metadata is Forever
https://t.me/RevToolboxRedux/293
Never Talk to the Cops
https://t.me/RevToolboxRedux/294
Before Posting Ask Yourself - does this pose a risk?
https://t.me/RevToolboxRedux/295
Surveillance Self Defense (EFF)
https://t.me/RevToolboxRedux/309
How To Make It Harder for Cops to Do Their Jobs
https://t.me/RevToolboxRedux/310
Beating FBI Surveillance
https://t.me/RevToolboxRedux/319
How To Find Hidden Cameras
https://t.me/RevToolboxRedux/334
DIY Faraday Bag (untested)
https://t.me/RevToolboxRedux/327
Guide to IMSI Catchers (Fake Cell Towers)
https://t.me/RevToolboxRedux/337
Covering Cameras w/ Umbrellas
https://t.me/RevToolboxRedux/369
Getting Started - Telegram Anonymity
https://t.me/RevToolboxRedux/370
Tails OS Leaflet
https://t.me/RevToolboxRedux/378
Car Brigade Techniques
https://t.me/RevToolboxRedux/407
Beware Swoopers
https://t.me/RevToolboxRedux/431
Spread Good Info! S.A.L.U.T.E.
https://t.me/RevToolboxRedux/436
Anarchist Direct Actions - A Challenge for Law Enforcement
https://t.me/RevToolboxRedux/462
What To Do If You Are Stopped by the Police
https://t.me/RevToolboxRedux/465
Criptica. Resistencia Digital (espanol)
https://t.me/RevToolboxRedux/467
Which Apps Are Secure and End-to-End Encrypted?
https://t.me/RevToolboxRedux/495
When the Police Knock on Your Door
https://t.me/RevToolboxRedux/517
Dress for Success - Disguise without Bloc
https://t.me/RevToolboxRedux/518
Look Out for Fascist Entryism
https://t.me/RevToolboxRedux/520
What to Do If You Receive an Unsolicited Message
https://t.me/RevToolboxRedux/528
PDX Decentralized Comms Ruleset
https://t.me/RevToolboxRedux/536
Only Networks Can Defeat Networks - decentralized digital struggle
https://t.me/RevToolboxRedux/607
The Basics of Firearm Safety
https://t.me/RevToolboxRedux/643
Assertive Intervention and Deescalation Tools and Tips
https://t.me/RevToolboxRedux/646
Faraday Bag from CLDC
https://t.me/RevToolboxRedux/652
How to Lock Your SIM Card
https://t.me/RevToolboxRedux/683
How to Spot NYPD Unmarked Cars
https://t.me/RevToolboxRedux/685
Digital Safety at Protests
https://t.me/RevToolboxRedux/687
Crossing the U.S. Border - crimethinc
https://t.me/RevToolboxRedux/742
Gentleman's Guide to Forum Spies and Spooks
https://t.me/RevToolboxRedux/750
Atlas of Surveillance - Documenting Police Tech
https://t.me/RevToolboxRedux/784
2 Twitter Alternatives
https://t.me/RevToolboxRedux/786
http://www.aparat.com/v/6qnbm
The Hacker Spectrum_Pycon 2016_Parisa Tabriz_“#Security"
Parisa Tabriz has worked on information security for over a decade and as a (self-appointed) “Security Princess” of #Google for the last 8+ years. She started as a “hired hacker” software engineer for Google’s security team. As an engineer, she found and closed security holes in many of Google’s products, and taught other engineers how to do the same. https://telegram.me/djangoproject
Using the Django authentication system
This document explains the usage of Django’s #authentication system in its default configuration. This configuration has evolved to serve the most common project needs, handling a reasonably wide range of tasks, and has a careful implementation of #passwords and #permissions. For projects where authentication needs differ from the default, #Django supports extensive extension and customization of authentication.
https://docs.djangoproject.com/es/1.11/topics/auth/default/
https://www.cybrary.it/course/python/
Python for #Security Professionals.
This course will take you from basic concepts to advanced scripts in just over 10 hours of material, with a focus on #networking and security.
http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication
#Authentication is the mechanism of associating an incoming request with a set of identifying credentials, such as the user the request came from, or the token that it was signed with. The permission and throttling policies can then use those credentials to determine if the request should be permitted.
#REST framework provides a number of authentication schemes out of the box, and also allows you to implement custom schemes.
#Django_REST_Framework#Django#DRF