JSFoo Pune 2019

JSFoo Pune 2019

JSFoo is a JavaScript conference hosted by HasGeek.

JSFoo is the annual JavaScript conference hosted by HasGeek. The Pune edition is the second edition (JSFoo in Pune in 2012, and ReactFoo in January 2018).

HasGeek launched JSFoo in 2011 as India’s first JavaScript conference. The JS community in India has grown phenomenally since then. JavaScript now prevades every aspect of web development - browsers, apps, front-end, back-end, mobile and IoT, and there’s always scope to understand new ideas and solutions. The conference explores new ideas, implementing innovative solutions, and learning from experiences, especially negative ones.

Want to see the talks from last year’s conference? Watch the JSFoo 2018 videos or the related ReactFoo 2018 videos.

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more

Shreyansh Pandey

@weirdpanda

How Not to Do Authentication in Node.js

Submitted Sep 30, 2018

Google the term “authentication in node.js” and you will be greated with thousands of tutorials on how to create a database table with the fields and verify the hash; that’s it. The problem is that security and authentication is not that simple; it can be easy, but you need to work a little for that. In this talk, we will go over some bad methods of authentication and then we’ll look at the good ones followed by a live coding session to show how easy it is to implement this in real life. The talk assumes that the audience does not hold a bachelor’s in applied mathematics just; if you do, it’ll be even better.

Outline

Introduction

  • What? Why? How?
  • Bad ways

Effects of the bad ways

  • Common misconceptions about authentication and, in general, cryptography

Introduction to Modern Ways of Credential Storage

  • bcrypt, SHA-*
  • Problems with these methods

(Probable) Solutions:

  • NIST standards
  • PBKDF, etc.

Actual Solution

  • Dream crusher
  • Common mistakes
  • Easy, yet reliable methods

Hands-On

  • Bad solution (with JWT)
  • Average solution
  • Good solution

Questions

Requirements

A laptop with the Node.js environment, a text editor and some zeal!

Speaker bio

A 19-year old programmer, amateur mathematician and a student from India. In the past 9 years I have honed my skills in Node.js, ReactJS, AWS and NoSQL databases with competitive experience in PHP and .NET (Windows Forms). My primary areas of interest are secure data channels, asymmetric cryptography, group theory and number theory with a pinch of applied geometry. Currently working as a backend developer at Isomr Studios Private Limited in India.

Slides

https://speakerdeck.com/labsvisual/how-not-to-do-authentication-in-node-dot-js

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more