2 Standards for implementing authentication
This chapter covers
All applications, whether they’re million-line monoliths or thousand-line microservices, must solve various security problems. Here are four:
- Securing communication channels
- Authenticating and authorizing users
- Handling sensitive credentials such as API keys required to access external services
- Running the application securely in a cloud environment or on-premises
In chapter 10, we’ll explore how Transport Layer Security (TLS) secures communication channels, locking the door to your data so no one can sneak in. But what good is a locked door if you’re handing out keys to anyone? That’s where authentication comes in.
Clearly, if you’re securing an application, you need to first make sure that the person knocking at your app’s front door isn’t an attacker in disguise (or, worse, your ex trying to get into your Netflix account). Let’s dive into the tools and methods for implementing authentication.
Think of authentication as a club bouncer. You wouldn’t want the bouncer to let everyone in without checking IDs, would you? By understanding the authentication landscape, you’ll learn how to be a bouncer who knows who belongs, who doesn’t, and what to do with those using a fake ID.