Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Auth Best Practices - Lessons Learned Writing t...

Auth Best Practices - Lessons Learned Writing the Most Amazing Auth Library Ever

This talk covers some quick best practices for authentication in general (with code samples given in Node). It covers password hashing, session management, cookies, CSRF, SSL, Basic Auth, and API authentication.

Randall Degges

January 15, 2015
Tweet

More Decks by Randall Degges

Other Decks in Programming

Transcript

  1. • User account storage / encryption. • Authentication. • Authorization.

    • REST API management. • Social login. End User Your Webserver Stormpath API Stormpath
  2. What happens if? You leak a copy of your DB.

    Accidental console.log(). Your co-worker steals some passwords.
  3. How do you set cookies? body { "Content-Type": "text/html", "Set-Cookie":

    "session=12345" } body { "User-Agent": "cURL/1.2.3", "Accept": "*/*", "Host": "localhost:3000", "Cookie": "session=12345" }
  4. *ssholes Hey Randall, Check out this picture of my dog!

    It’s sooo cute! PS: Don’t forget to log into your bank account first! <333