O'Reilly logo

Full Stack Web Development with Backbone.js by Patrick Mulder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Authentication

Many applications require spaces for public and private information. This often means two things: While interfaces should look different depending on who users are, server-side data must be protected for outsiders.

For example, users of the Munich Cinema application could store which movies they liked and maintain a history of favorite movies. Also, choices of other visitors might be commented or maintain a personal calendar for movies to watch.

For all these actions, the application needs to know who we are (authentication), and what we are allowed to do (authorization). Authentication and authorization over HTTP are closely related.

In this chapter, our goal is to understand aspects of security in browsers and the backend requirements.

We will discuss:

  • An overview on security of Backbone applications
  • Principles of client-server authentication
  • Managing sessions
  • Modal Dialogs for signup and login

Security in Browsers

Bringing security to web browsers is a difficult subject. Ideally, we want to authenticate every HTTP request. But practically, entering passwords multiple times often results in frustrations of users. Unfortunately, browsers do not provide native support for secure sessions right now, and most authentication strategies are vulnerable to attacks.

To solve the authentication dilemma over HTTP, there are basically two approaches:

  • Cookie based: This is the most popular, but also one of the less secure approaches to securing web applications in browsers. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required