README
¶
secure-code-go
Demo repository for the talk "The shimmy to the left: why security is coming for engineers". You can find the slides here.
Environment variables
Certificates & keys can be easily generated for local testing with mkcert.
export SERVER_CERT_FILE="localhost.pem"
export SERVER_KEY_FILE="localhost-key.pem"
export SERVER_PORT="1323"
export SIGNING_KEY="SUPER-DUPER-SECRET"
export POSTGRES_USER="SECRET-USER"
export POSTGRES_PWD="MY-SUPER-DUPER-SECRET-DB-PWD"
export POSTGRES_DB="postgresDBDemo4"
Execute demos
Run the demo servers one by one. Each demo builds upon the previous one.
Demo 1: Server with HTTPS
go run demo1/server.go
Demo 2: Server with JWT
go run demo2/server.go
Demo 3: Server with access control checks
go run demo3/server.go
Demo 4: Server with SQL database
This last demo requires Postgres to run locally. The easiest way to do this is through Docker:
docker run \
--name demo4DB \
-p 5432:5432 \
-e POSTGRES_USER=$POSTGRES_USER \
-e POSTGRES_PASSWORD=$POSTGRES_PWD \
-e POSTGRES_DB=$POSTGRES_DB \
-d \
postgres \
-c ssl=on \
-c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem \
-c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Then, run the demo as previously:
go run demo4/server.go
Directories
Click to show internal directories.
Click to hide internal directories.