Secure Services in Three Steps

Security in distributed services can be broken down into three steps:

  1. Encrypt data in-flight to protect against man-in-the-middle attacks;
  2. Authenticate to identify clients; and
  3. Authorize to determine the permissions of the identified clients.

Let’s talk about these phases in more detail, explore the security benefits they provide, and write the code to build them into our service.

Encrypt In-Flight Data

Encryption of data in-flight prevents man-in-the-middle attacks (MITM).[21] An example of a MITM attack is active eavesdropping, where the attacker makes independent connections with the victims to make them think they’re talking directly with each other when in fact the conversation is controlled by the attacker. ...

Get Distributed Services with Go now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.