O'Reilly logo

hapi.js in Action by Matt Harrison

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Authentication and security

This chapter covers

  • Authentication in depth
  • Third-party authentication with Bell
  • Cross-Site Request Forgery (CSRF)
  • Cross-Origin Resource Sharing (CORS)
  • Security headers

Web application security can be a daunting topic. Most literature on it is drowning in acronyms like XSS, CSRF, and TLS. It seems like every few months a new game-changing security exploit appears too, with names intended to scare the bejeebies out of you: Heartbleed, BEAST, CRIME, POODLE, and FREAK. Okay, so maybe not POODLE.

Where do we even begin to deal with all this? Well, first breathe . . . and relax. A lot of security starts with plain common sense. You should use strong random passwords/encryption keys. You shouldn’t check ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required