Web security in 2021 is challenging!
What do I mean by such statement?
First of all ask yourself how do you implement or control the authentication
and authorization in your project/s?
How you audit and or make sure that identity security providers , really secure
theirs stuff?
Think about those questions for 5 minutes……
Done ? Good!
There would be some restrictions areas of SPA to which you as user shouldn’t be allowed.
Sounds really great! Secure and pretty complicated in the implementation!
Consider what the external security identity providers can really do for you: Okta and Auth0 are not OpenSource and if you use them commercially or for free you need somehow able to audit those security protocol before going into production with full implementation, because once decided , then later it would be very, very, difficult to change.
In java script community some folks prefer to use Facebook , Google and even Apple for authentication and authorization purposes and opensource http://www.passportjs.org/ help to do exactly that.
For me as independent consultant and a company, we strongly believe that client’s
needs must be met with high quality and certainly having a solution with only
one secure entity provider is not satisfactory and not long term applicable (entity
security provider companies not always able to keep up one and the same quality
for very long time, it just a nature of things!)
For my
project I decided to use an opensource entity provider Gluu Server https://gluu.org , which can be used as commercial
and as free solution and hosted almost everywhere!
For my project Job manager 2020 https://github.com/orlovskyjavaprofi/jobmanager2020AngularVersion
, this is very suitable solution, because then I
can run it all with very small cost, but with high quality and high security.
When I think about web security, there is no silver bullet, we as users should
know how good our data is protected and what kind of security measures
companies use.
In general as user you don’t think about, but in enterprises were lots of sensitive
data, which must be protected this concern and my company always looking for
suitable solutions and iterate on the best known industry practices.
Stay tuned, because next week I would write about my Gluu Server integration
experience, how really it compatible with latest Angular App and what to think
about!
Recommended websites for more information about web security with Oauth2 and Angular:
https://bit.ly/3pUXWJz
https://bit.ly/2ZVHRbX
https://bit.ly/3kpAtPA
https://bit.ly/3bF4qqZ
https://bit.ly/3aWuazM
https://bit.ly/3bLD2aG
https://bit.ly/2ZQ9bsa
https://bit.ly/3q65jhD
https://bit.ly/3qSF2V3
Keine Kommentare:
Kommentar veröffentlichen
All comments are pre moderated be polite and respectful!