https://blog.abhipraya.dev/tags/encryption/Recent content in Encryption on Daffa AbhiprayaHugoen-us© Daffa AbhiprayaFri, 13 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s1w3-security/Fri, 13 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s1w3-security/<h2 id="what-i-worked-on"> <a class="anchor" href="#what-i-worked-on" data-anchor="what-i-worked-on" aria-hidden="true">#</a> What I Worked On </h2> <p>This week addressed four security areas: JWT algorithm validation hardening (reviewed MR !63), encryption key management in CI (MR !68), client PII encryption in the database seeder (reviewed MR !80), and ongoing SAST scanning via the CI pipeline.</p> <h2 id="jwt-algorithm-validation-preventing-algnone-attacks"> <a class="anchor" href="#jwt-algorithm-validation-preventing-algnone-attacks" data-anchor="jwt-algorithm-validation-preventing-algnone-attacks" aria-hidden="true">#</a> JWT Algorithm Validation: Preventing alg:none Attacks </h2> <p>MR !63 (by adipppp, which I reviewed) hardened the JWT decoding logic against the <strong>alg:none attack</strong>, one of the most well-known JWT vulnerabilities (OWASP A07:2021, Identification and Authentication Failures).</p>https://blog.abhipraya.dev/ppl/part-a/data-seeding/Thu, 12 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/data-seeding/<h2 id="why-database-migrations-need-safety-nets"> <a class="anchor" href="#why-database-migrations-need-safety-nets" data-anchor="why-database-migrations-need-safety-nets" aria-hidden="true">#</a> Why Database Migrations Need Safety Nets </h2> <p>Imagine this scenario: a developer adds a new column to the invoices table, pushes to <code>main</code>, and the CI/CD pipeline deploys it to production. Everything looks fine until the next morning, when the team discovers that the migration also dropped a constraint that was silently relied on by another service. Rolling back means manually writing SQL against the production database at 2 AM.</p>