View on GitHub

reading-notes

https://samahabujwaied.github.io/reading-notes/

When is Basic Authorization used vs. Bearer Authorization?

The Basic and Digest authentication schemes are dedicated to the authentication using a username and a secret (see RFC7616 and RFC7617). The Bearer authentication scheme is dedicated to the authentication using a token and is described by the RFC6750

What does the JSON Web Token package do?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed

What considerations should we make when creating and storing a SECRET?

  1. Create a key pair at your server, store public and private keys.
  2. Include the public key in your application;
  3. The application uses a secure random generator to create an AES key
  4. The data is encrypted using CBC and PKCS#7 padding, also include a HMAC (possibly with yet another random AES key)
Term Definition
encryption Encryption is defined as the conversion of something to code or symbols so that its contents cannot be understood if intercepted. When a confidential email needs to be sent and you use a program that obscures its content
token In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver’s esteem for the recipient. In computers, there are a number of types of tokens.
bearer a person whose job is to carry something, or a person who brings a message: He was a coffin bearer at his father’s funeral. I’m sorry to be the bearer of bad news. finance & economics specialized. the person who owns an official document or banknote
secret secrets. js is an implementation of Shamir’s threshold secret sharing scheme in javascript, for node. js and browsers.
JSON Web Token JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.