January 2018
Intermediate to advanced
336 pages
7h 56m
English
Authentication is the process of identifying who the user is, whereas authorization is the process of verifying what the authenticated user has access to. The most common way of achieving authentication is by asking users to specify their username and password that can then be validated against the backend database of user credentials.
The passwords should never be stored in plaintext in the backend database. It is recommended to compute a one-way hash of the password and store that instead. To reset the password, the system can just generate a random password, store its hash, and share the random password in plaintext with the user. Alternatively, a unique URL can be sent to the user to reset the ...
Read now
Unlock full access