reading-notes

These are my reading notes for Code Fellows


Project maintained by taegorov Hosted on GitHub Pages — Theme by mattgraham

Home

Access Control (ACL)

Basic authorization is a model that checks a client’s username and password, and is compared for equality with others on the server. Bearer authorization allows clients to access protected parts of a page/server by creating a token rather than the client’s direct credentials.

source 1 source 2

…a compact and self-contained way for securely transmitting information between parties as a JSON object. (source)

Useful when authorizing and exchanging information.

When storing a SECRET, we need to make sure that we hide sensitive files in a .gitignore and/or utilize a .env file so we don’t upload to GitHub or the like. Otherwise we go through all the effort of creating complex tokens, but those tokens can be easily discovered somewhere in our code.

Document the following Vocabulary Terms:

Encryption is the conversion of data (plain text) into a form that is unreadable (ciphertext). Encryption allows us to protect data during transmission and make it useless if hacked from a server. The process of encryption involves secret encryption/decryption keys and an encryption algorithm. (source)

A token is a piece of data that has no meaning or use on its own, but combined with the correct tokenization system, becomes a vital player in securing your application. Token based authentication works by ensuring that each request to a server is accompanied by a signed token which the server verifies for authenticity and only then responds to the request. (source)

Bearer authorization allows clients to access protected parts of a page/server by creating a token rather than the client’s direct credentials.

JWT is created with a secret key and that secret key is private to you which means you will never reveal that to the public or inject inside the JWT token. When you receive a JWT from the client, you can verify that JWT with this that secret key stored on the server. (source)

…an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. (source)