Work in Progress

About


Site Info

This is really for the people who are more technically focused.

This site is built on Asp.NET core 2 with a MongoDB backend. It's what I'm starting to call a classic webapp, i.e. you deploy the server and it includes/generates the JavaScript, CSS and HTML that is served the client. This is not a bad thing, it's just that there are alternatives now.

Some things considered

Http Headers
Browers are so much more powerful, feature rich and feature complient than just a few years ago. Some of the improvements have been around security. Considering that the browser is most people's main portal to accessing everything on the web that is a good thing. One area that has seen a lot of attention is http headers. Initially, it may be seem that adding an http header would not provide much impact. A user could use a older browser or a hacker could make their own browser or bot that would ignore the header. It's important to recall that the headers are only one part of the system. There is a lot to say on this topic, but that will have to wait. Thanks to https://securityheaders.io/ for easing my header checking effort. For now, know that the site uses
  1. HTTP Strict Transport Security (HSTS) so that http resquest and assets will always connect to the https end point
  2. Content Security Policy (CSP) to ensure that resources are pulled from trusted sources.
  3. Referrer-Policy to ensure that keep your browsing history just a little more private.
  4. X-Frame-Option to make sure that no one can sneak an Iframe into the page.