July 2017
Beginner to intermediate
358 pages
10h 54m
English
Authentication is the process or action of checking something to be true, such as: does this username pair with this password? Authorization is the function of specifying access rights or policy regarding a user.
Authentication is a well-understood concept; however, there are a few concepts we need to understand to ensure that this action cannot be compromised, such as never storing passwords in plain text in a data store and preventing the hijack of a login session by transferring an active token to a third party. Authorization, however, is equally important; we discussed earlier in the Confused deputy section: even when a user is authenticated, we must still control the actions that they can perform on a ...
Read now
Unlock full access