The arena of proper authentication and data security standards is often some of the most misunderstood, confusing, and tricky aspects of building any Node site, app, or service, and the fear of data breaches with unencrypted or poorly encrypted data doesn’t make it any better. We’re going to tackle this field, exploring the proper methodologies for building secure authentication and data security standards. We’ll run through: * Building on top of OAuth 2 and OpenID Connect * Node middleware services for authentication * Working with proper hashing and salting algorithms, and avoiding others, for private user data * Common auth and security pitfalls and solutions In the end, we’re going to see that by understanding proper data security and authentication standards, pitfalls, and reasons for choosing one solution over another, we can make intelligent decisions on creating a solid infrastructure to protect our users and data.
Take control of your SAP testing with UiPath Test Suite
Node.js Authentication & Data Security
1. Tim Messerschmidt
Head of Developer Relations, International
Braintree
@Braintree_Dev / @SeraAndroid
Web European Conference
Node.js Authentication & Data Security
#NodeSecurity
38. @Braintree_Dev / @SeraAndroid#NodeSecurity
var helmet = require(‘helmet’);
app.use(helmet.noCache());
app.use(helmet.frameguard());
app.use(helmet.xssFilter());
…
// .. or use the default initialization
app.use(helmet());
Using Helmet with default options
39. @Braintree_Dev / @SeraAndroid#NodeSecurity
var helmet = require(‘helmet’);
app.use(helmet.noCache());
app.use(helmet.frameguard());
app.use(helmet.xssFilter());
…
// .. or use the default initialization
app.use(helmet());
Using Helmet with default options
44. @Braintree_Dev / @SeraAndroid#NodeSecurity
var authenticate = function(req, res, next) {
// check the request and modify response
};
app.get('/form', authenticate, function(req, res) {
// assume that the user is authenticated
}
// … or use the middleware for certain routes
app.use('/admin', authenticate);
Writing Custom Middleware
53. @Braintree_Dev / @SeraAndroid#NodeSecurity
Favor security too much over the
experience and you’ll make the
website a pain to use.
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form