Chapter 9. Authentication and security

This chapter covers

  • Authentication in depth
  • Third-party authentication with Bell
  • Cross-Site Request Forgery (CSRF)
  • Cross-Origin Resource Sharing (CORS)
  • Security headers

Web application security can be a daunting topic. Most literature on it is drowning in acronyms like XSS, CSRF, and TLS. It seems like every few months a new game-changing security exploit appears too, with names intended to scare the bejeebies out of you: Heartbleed, BEAST, CRIME, POODLE, and FREAK. Okay, so maybe not POODLE.

Where do we even begin to deal with all this? Well, first breathe . . . and relax. A lot of security starts with plain common sense. You should use strong random passwords/encryption keys. You shouldn’t check ...

Get hapi.js in Action now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.