Issue
I'm currently thinking of adding a login system for a website, but I'm a bit hesitant on doing it because of a few security flaws I'm not sure how to solve:
- How would you prevent someone from making a script that spams registries for new accounts?
- Would spam logging in / out stress the DB(mysql) if someone wanted to try to slow down the website?
- Is it recommended to even make my own login system?
My main concern is basically how to prevent malicious bad actors from trying to slow down the website, although I know there are other things I should be looking to prevent. Any insights/best practices are welcome ,as a scavenge of the web didn't lead me to any super useful resources on these topics.
Solution
"Is it recommended to even make my own login system?"
No.
You'll want to use software with community support, and more importantly, a large installed base so that if/when there's a security problem you're unlikely to be the first victim. Ideally it's a popular enough system that a CVE is issued, and all you need to do is follow the recommendations for patching/updating.
There's a lot more to a login system than verifying passwords. You've touched on a few concerns here, but there are a lot more. Security is complex and multi-faceted.
The good news is in Node there's a lot of options that meet that criteria. Personally I've used Passport which has a large library of add-ons making it quite capable, but there are many others.
Answered By - tadman Answer Checked By - Dawn Plyler (PHPFixing Volunteer)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.