Explore
51-59 of 59
Session Configuration: Invalidate the HttpSession after logout
Delete all sessions after logout
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Should use requiresSecure
Use of HTTP instead of HTTPS is insecure
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10
Spring Security: race condition: SecurityContextHolder.getContext.setAuthentication
It is important to create a new SecurityContext instance to avoid race conditions across multiple threads.
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean - BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
Use .delux() for a 'stronger' password-based encryption
Encryptors.delux() uses a 'stronger' password-based encryption
- warning
- java
- Spring
- security
- framework specific
- Spring Security
Use .stronger() for a more secure alternative
Encryptors.stronger() is more secure than Encryptors.standard()
- warning
- java
- Spring
- security
- framework specific
- Spring Security