Identity and Data Security for Web Development

Errata for Identity and Data Security for Web Development

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
PDF
Page 74
Code sample, lines 6 and 7 (counting empty lines)

Lines 6 and 7 are: clientId: { type: String, default: uuid.v4(), unique: true }, clientSecret: { type: String, default: uuid.v4(), unique: true }, The issue is the default value: It's assigned the result of calling the uuid.v4() method, which means all new clients will get the same clientId and clientSecret values, which will result in an error when attempting to save to the database (not to mention the related security issue of all clients having the same ID and secret...!). The lines should be: clientId: { type: String, default: uuid.v4, unique: true }, clientSecret: { type: String, default: uuid.v4, unique: true },

Note from the Author or Editor:
Was able to reproduce - this should be changed to: clientId: { type: String, default: uuid.v4, unique: true }, clientSecret: { type: String, default: uuid.v4, unique: true }, as suggested

Stefan Cameron  Jan 31, 2017 
PDF
Page 75
TokenModel code sample, line 8 (counting empty lines)

Line 8 is: accessToken: { type: String, default: uuid.v4() }, The issue is the default value: It's assigned the result of calling the uuid.v4() method, which means all new generated tokens will have the same access token value, which is a security issue in the design. The line should be: accessToken: { type: String, default: uuid.v4 },

Note from the Author or Editor:
This, too, is correct (same as previous 2) - should be: accessToken: { type: String, default: uuid.v4 },

Stefan Cameron  Jan 31, 2017 
PDF
Page 75
AuthCodeModel code sample, line 6 (counting empty lines)

Lines 6 and 7 are: code: { type: String, default: uuid.v4() }, The issue is the default value: It's assigned the result of calling the uuid.v4() method, which means all new generated authentication codes will have the same code value, which is a security issue in the design. The line should be: code: { type: String, default: uuid.v4 },

Note from the Author or Editor:
This is correct - please change to: code: { type: String, default: uuid.v4 },

Stefan Cameron  Jan 31, 2017