What do you think?
Rate this book
Authentication and Authorization on the Web
Web applications manipulate resources in response to requests from users. It is often necessary to determine whether a requested operation should be allowed for the user who sent the request. This process of authorization – that is, deciding whether an application should be allowed to carry.out the operation which a request from a particular user or program calls for – depends on, but is separate from, the process of authentication. Authentication means determining the identity of the user or program sending the request. This is usually done by maintaining user accounts, protected by passwords, and by requiring users to log in.
Written for professional and student Web developers, this book provides a clear and practical description of authentication and authorization for Web sites. Secure methods of storing users' account details are described, with special emphasis on the secure storage of passwords. Drawing on a thorough understanding of computing principles and many years of practical experience in Web application development, the authors explain different methods of authentication, and techniques for applying authorization to requests from authenticated users. A simple application, written in JavaScript and built on the Express framework, is developed throughout the book to demonstrate the principles. The source code is provided via the companion site websecuritytopics.info.
Clear key points summarize each section, notes on relevant topics in cryptography are included, and technical terms are defined in a 16-page glossary.
Topics covered
• Hashing and salting passwords
• CAPTCHAs
• Resetting passwords
• Session-based authentication
• HTTP authentication
• OpenId
• Role-based authorization
• OAuth
Written for professional and student Web developers, this book provides a clear and practical description of authentication and authorization for Web sites. Secure methods of storing users' account details are described, with special emphasis on the secure storage of passwords. Drawing on a thorough understanding of computing principles and many years of practical experience in Web application development, the authors explain different methods of authentication, and techniques for applying authorization to requests from authenticated users. A simple application, written in JavaScript and built on the Express framework, is developed throughout the book to demonstrate the principles. The source code is provided via the companion site websecuritytopics.info.
Clear key points summarize each section, notes on relevant topics in cryptography are included, and technical terms are defined in a 16-page glossary.
Topics covered
• Hashing and salting passwords
• CAPTCHAs
• Resetting passwords
• Session-based authentication
• HTTP authentication
• OpenId
• Role-based authorization
• OAuth
285 pages, Kindle Edition
First published October 8, 2012
4 people are currently reading
13 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.