Secure Services in Three Steps
Security in distributed services can be broken down into three steps:
- Encrypt data in-flight to protect against man-in-the-middle attacks;
- Authenticate to identify clients; and
- Authorize to determine the permissions of the identified clients.
Let’s talk about these phases in more detail, explore the security benefits they provide, and write the code to build them into our service.
Encrypt In-Flight Data
Encryption of data in-flight prevents man-in-the-middle attacks (MITM). An example of a MITM attack is active eavesdropping, where the attacker makes independent connections with the victims to make them think they’re talking directly with each other when in fact the conversation is controlled by the attacker. ...