Wrapping Up

In this chapter we looked into hardening one of the backbones of web application security—authenticating the user. We looked at ways to store passwords securely, how to force users to use stronger passwords, how to protect against brute-force attacks, and how to add a second layer of protection.

Having covered the bases for authenticating a user, we now look at how the application remembers the user for a set period of time. We’ll cover sessions in the next chapter so that your users won’t have to keep typing in their password everytime they want to do something.

Footnotes

[43]

https://www.pcisecuritystandards.org/security_standards/

[44]

http://bcrypt.sourceforge.net

[45]

https://www.scrypt.com

[46]

https://www.schneier/com/blowfish.com ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial