Authentication
- The process of verifying who a particular user is.
- We typically authenticate with a username/password combo, but we can also use security questions, facial recognition, etc.
Authorization
- Verifying what a specific user has access to.
- Generally, we authorize after a user has been authenticated.
How to (Not) Store Passwords: NEVER Store Passwords As They Are
- Rather than storing a password in the database, we run the password through a hashing function first and then store the result in the database.
- Hashing Function: Functions that map input data of some arbitrary size to fixed-size output values.
- Hashing: Taking some arbitrary size input and spitting out some fixed size outputs.
Cryptographic Hash Functions
1. One-way function which is infeasible to invert
2. Small change in input yields large change in the output
3. Deterministic: same input yields same output
4. Unlikely to find 2 outputs with same value
5. Password Hash Functions are deliberately SLOW
Password Salts
- A salt is a random value added to the password before we hash it.
- It helps ensure unique hashes and mitigate common attacks.
* This post is a summary of Udemy Course "The Web Developer Bootcamp" by Colt Steele.
'TIL: Today I Learned' 카테고리의 다른 글
| [TIL] 20210412 자바스크립트란? (0) | 2021.04.12 |
|---|---|
| [TIL] 20201226 Express Session & Flash (0) | 2020.12.26 |
| [TIL] 20201222 Express Router & Cookies (0) | 2020.12.22 |
| [TIL] 20201221 Data Relationships With Mongo (0) | 2020.12.21 |
| [TIL] 20201219 Handling Errors in Express Apps (0) | 2020.12.19 |