4. Authentication and Authorisation on the Web

Syllabus Points Covered

Secure software architecture

Developing secure code

• Apply security features incorporated into software including data protection, security, privacy and regulatory compliance

  • hashed passwords

  • access controls

  • multi-factor authentication

  • role-based authorisation

• Design, develop and implement a safe application programming interface (API) to minimise software vulnerabilities

  • authentication and authorisation

  • least privilege

• Design, develop and implement code considering efficient execution for the user

  • session management

• Design, develop and implement secure code to minimise vulnerabilities in user action controls

  • broken authentication and session management

Programming for the web

Data transmission using the web

• Explain the processes for securing the web

  • authentication and authorisation

Chapter Contents

• 4.1. Introduction
  • 4.1.1. Authentication
  • 4.1.2. Multi-Factor Authentication
  • 4.1.3. Authorisation
  • 4.1.4. Glossary
• 4.2. Password Authentication
  • 4.2.1. Storing User Records
  • 4.2.2. Glossary
• 4.3. Passwords
  • 4.3.1. Hashing Passwords
• 4.4. Salting Passwords
  • 4.4.1. Glossary
  • 4.4.2. Recommended Video
• 4.5. Cookies
  • 4.5.1. Recommended Video
  • 4.5.2. Introduction
  • 4.5.3. Cookie Syntax
  • 4.5.4. Cookie Attributes
  • 4.5.5. Setting Multiple Cookies
  • 4.5.6. Session vs Persistent Cookies
  • 4.5.7. Glossary
• 4.6. Cookies in Flask
  • 4.6.1. Setting a Cookie
  • 4.6.2. Setting Cookie Attributes
  • 4.6.3. Reading a Cookie
  • 4.6.4. Deleting a Cookie in Flask
• 4.7. Server-Side Sessions
  • 4.7.1. Establishing a Server-Side Session
  • 4.7.2. Maintaining a Server-Side Session
  • 4.7.3. Glossary
• 4.8. Client-Side Sessions
  • 4.8.1. Establishing a Client-Side Session
  • 4.8.2. Maintaining a Client-Side Session
  • 4.8.3. Glossary
• 4.9. Sessions in Flask
  • 4.9.1. Setting Session Data
  • 4.9.2. Getting Session Data
  • 4.9.3. Removing Session Data
  • 4.9.4. Expiration
  • 4.9.5. Security Considerations
  • 4.9.6. Glossary
  • 4.9.7. Recommended Video
• 4.10. User and role access controls
  • 4.10.1. User-Based Access Control (UBAC)
  • 4.10.2. Role-Based Access Control (RBAC)
  • 4.10.3. Implementing Access Control
  • 4.10.4. Glossary
• 4.11. Flask-Security Tutorial
  • 4.11.1. Key Features of Flask-Security
  • 4.11.2. Documentation