book

Programming JavaScript Applications

by Eric Elliott

June 2014

Intermediate to advanced

254 pages

6h 2m

English

O'Reilly Media, Inc.

Read now

Unlock full access

IntroductionWho This Book Is ForWho This Book Is Not ForUnit TestingConventions Used in This BookSafari® Books OnlineHow to Contact UsThanks
Advantages of JavaScriptPerformanceObjectsSyntaxFirst-Class FunctionsEventsReusabilityThe Net ResultAnatomy of a Typical Modern JavaScript AppInfrastructureJSON: Data Storage and CommunicationNoSQL Data StoresRESTful JSON Web Services
Minimize Side EffectsFunction DefinitionNamed Function ExpressionsLambdasImmediately Invoked Function ExpressionsMethod ContextFunction.prototype.bind()Function ScopeHoistingClosuresMethod DesignNamed ParametersFunction PolymorphismMethod dispatchGenerics and Collection PolymorphismMethod Chaining and Fluent APIsFunctional ProgrammingStateless Functions (aka Pure Functions)Partial Application and CurryingAsynchronous OperationsCallbacksPromises and DeferredsConclusion
Classical Inheritance Is ObsoleteFluent-Style JavaScriptPrototypesDelegate PrototypesPrototype CloningThe Flyweight PatternObject CreationFactoriesPrototypal Inheritance with StampsConclusion
Principles of ModularityInterfacesThe Module PatternAsynchronous Module DefinitionPlug-InsNode-Style ModulesnpmES6 ModulesBuilding Client-Side Code with CommonJS, npm, Grunt, and BrowserifyDefining the AppFeature ImplementationBundling and DeploymentConclusion
Client-Side ConcernsModule ManagementGetting startedRegistration, loading, and renderingEventsEvent emittersEvent aggregatorsQueues and stacksChoosing the right event modelEvents by exampleModel View Controller/MV*Presentation and DOM ManipulationView eventsEvent delegationTemplatesWeb ComponentsServer-Side ConcernsGetting Started with Node and ExpressInstalling Node and ExpressOrganizing files in NodeNode librariesConfigurationExpressCreate your appRoutingMiddlewareLet it crashTemplatesNext stepsConclusion
AuthenticationPasswordsRainbow tablesPassword saltsBrute forceVariable time equalityStolen passwordsCredentialMultifactor AuthenticationKnowledge factorPossession factorInherence factorFederated and Delegated AuthenticationMozilla PersonaWebIDDelegated authenticationAuthorizationAuthorizing ApplicationsOAuth 2.0Conclusion
DebuggingServer OperationsSecurityAuditingBusiness AnalyticsViral FactorLogging ChecklistLogging RequestsLogging ErrorsSample Log OutputLogging Service AlertsLogging GoalsProfiling and InstrumentationLogging Client-Side EventsDeciphering DataConclusion
UsableFocusConsistencyUse common conventionsResourceful routingSelf-Describing: HypermediaAffordancesHATEOASHTML as an API Media TypeJadeJironResponsive APIsOptimizing for SpeedConclusion

Organizing FeaturesScale of a FeatureFeature GroupsLifespan of a FeatureDevelopmentStagingProduction TestingFeature RolloutDefault ActivationFull IntegrationImplementationConclusion
Conclusion
Example TestsQUnit PrimerCode QualityBest Practices Quick ReferenceIndentation: Be ConsistentUse SemicolonsBracket Placement: Right SideAvoid Name CollisionsAlways Use varUse One var Statement per FunctionAvoid Constant AbuseUse Functional Iterators When PossibleBe Careful with if StatementsAvoid Side EffectsDon’t Use switchDon’t Use eval()

Content preview from Programming JavaScript Applications

Chapter 6. Access Control

Access control models are responsible for granting or restricting access to resources. They depend on two things: user identification (verified by one or more authentication schemes) and feature authorization.

Before you grant access to a resource, you need to know that the user is who she claims to be (authentication) and whether or not the user should have access to a given resource (authorization).

Authentication

Authentication is the mechanism that confirms the identity of users trying to access a system. In order for users to be granted access to a resource, they must first prove that they are who they claim to be. Generally this is handled by passing a key with each request (often called an access token). The server verifies that the access token is genuine, and that the user does indeed have the required privileges to access the requested resource. Only then is the request granted.

There are many ways to grant a user an access token. The most common is a password challenge.

Passwords

Passwords should be stored with a one-way encryption hash, so that even if a malicious intruder obtains access to the user database, he still won’t have access to user passwords. The hash should be long enough to prevent an attack from a single machine and to prevent an attack from a large cluster of machines. I recommend 512 bits (64 bytes).

Worms targeting vulnerable versions of popular website platforms such as WordPress and Drupal have become common. Once such worm takes ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

JavaScript : Object-Oriented Programming

Publisher Resources

ISBN: 9781491950289Errata Page Supplemental Content

Programming JavaScript Applications

by Eric Elliott

Chapter 6. Access Control

Authentication

Passwords

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

JavaScript : Object-Oriented Programming

Learning JavaScript Design Patterns

Testing JavaScript Applications

JavaScript: Functional Programming for JavaScript Developers

Publisher Resources

Chapter 6. Access Control

Authentication

Passwords

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

JavaScript : Object-Oriented Programming

Learning JavaScript Design Patterns

Testing JavaScript Applications

JavaScript: Functional Programming for JavaScript Developers

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.