Logic. The folder has the following contents. This file defines the database schema. This directory contains database migration history. This file contains a script for seeding your development database with dummy data. This file defines the image of the database. This file contains the database connection string for the database. NOTE For more information about these components please read Chapter 1 of this tutorial series. Implementing Authentication in This section you will implement most of the authentication logic. By the end of this section the following endpoints will be protected by authentication. There are two main types of authentication used: session-based authentication and token-based authentication. In this tutorial you implement token-based authentication using tokens. basics of both types of authentication. Endpoint The endpoint gives the authentication in response to the authentication workflow in the protected endpoint.
Currently this field is stor photo editing servies ed in plain text. This is a security risk because if the database is compromised all passwords are also compromised. To solve this problem you can hash the password before storing it in the database. You can hash passwords using a cryptographic library. Install it Copy First you will update the and method in to hash the password before storing it in the database Copy This function accepts two parameters the input string to the hash function and the number of hashing rounds also known as the cost factor. Increasing the number of hashing rounds increases the time required to calculate the hash. There is a trade-off between security and performance here. The more hashing rounds the longer it takes to calculate the hash.
Value which helps prevent brute force attacks. However, more rounds of hashing also means more time is needed to calculate the hash when a user logs in. This Stack Overflow answer has a good discussion of this topic. Another technique called salting is also automatically used to make it more difficult to brute force the hash. Salting is a technique that adds a random string of characters to an input string before hashing it. This way an attacker cannot use a precomputed hash table to crack passwords because each password has a different salt value. You will also need to update the database seed script to hash the password before inserting it into the database. Copy Run the seed script and you should .
發表於 2023-12-26 18:34:36
