Articles are paginated with only three posts here for example. You can set the number of entries to show on this page with the “pagination” setting in the config file.

April 7, 2025

Self-Hosting CAPTCHA, Haproxy(Login 2)

Protecting Your Website Without Third-Party Services

In the digital battlefield of website security, distinguishing between legitimate users and automated threats is crucial. Before a user even reaches your login page, you need a frontline defense that separates humans from bots and AI systems. This is where CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) comes into play.

The Problem with Third-Party CAPTCHAs

While Google’s reCAPTCHA, Cloudflare’s Turnstile, and Amazon’s AWS WAF CAPTCHA are powerful solutions, they come with a significant drawback: they require modifying your Content Security Policy (CSP) to allow external connections. This creates potential security vulnerabilities and privacy concerns.

April 7, 2025

Evolving Web Authentication(login 1)

From Simple Cookies to Secure Sessions

In the early days of web applications, servers used a straightforward approach to identify returning users. When you logged in, the server would issue your browser a cookie - a small piece of data that identified you as an authenticated user.

During subsequent visits, your browser automatically submits this cookie with each request. The server would perform a simple check: “Does this request include a cookie named ‘your_name_session’?” If yes, access granted. This basic system worked well initially.

April 4, 2025

Static Database for Login Auth

Here’s a more natural, concise version of your blog post:

I needed a database for login authentication. Redis seemed like a good fit, but it comes with dependencies that make deployment tricky.

To solve this, I compiled Redis into a static binary that has zero dependencies. Now it’s much easier to deploy.

You can find it on GitHub:
https://github.com/PrivLocking/redis-static