Chapter 9. Authentication and security
This chapter covers
- Authentication in depth
- Third-party authentication with Bell
- Cross-Site Request Forgery (CSRF)
- Cross-Origin Resource Sharing (CORS)
- Security headers
Web application security can be a daunting topic. Most literature on it is drowning in acronyms like XSS, CSRF, and TLS. It seems like every few months a new game-changing security exploit appears too, with names intended to scare the bejeebies out of you: Heartbleed, BEAST, CRIME, POODLE, and FREAK. Okay, so maybe not POODLE.
Where do we even begin to deal with all this? Well, first breathe . . . and relax. A lot of security starts with plain common sense. You should use strong random passwords/encryption keys. You shouldn’t check ...