a smartphone, using an authenticator app) There are various approaches, but they all boil down to three categories: We need to find a way to verify the identity of API callers - we must authenticate them.īy asking for something they are uniquely positioned to provide. Only a handful of people, the ones in charge of the content, should be able to send emails out to the entire mailing list. We need a way to verify who is calling POST /newsletters. Machine to machine, on behalf of a person Make sure to read until the end if you don't want to pick up bad security habits! Chapter 10 - Part 0 This chapter, like others in the book, chooses to "do it wrong" first for teaching purposes. We will implement Basic auth from scratch, examining several classes of attacks against our API - and how to counter them. Password authentication is often seen as the simplest auth method, but there are plenty of pitfalls along the way. It is time to level up our API security toolbox. We have an issue though - anybody can hit the API and broadcast whatever they want to our entire mailing list. It takes a newsletter issue as input and sends emails out to all our subscribers. In Chapter 9 we added a new endpoint to our API - POST /newsletters. Subscribe to the newsletter to be notified when a new episode is published. This article is a sample from Zero To Production In Rust, a book on backend development in Rust. Luca Palmieri Password auth in Rust, from scratch - Attacks and best practices
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |