Community Picks·2yPlease stop using middleware to protect your routes
The post discusses the use of middleware for route protection and argues against its usage. It highlights the drawbacks of using middleware for authorization and suggests alternative approaches for implementing route protection based on user roles.
Cerbos·2yHow to add authorization in a Node.js application
Learn how to add authorization to a Node.js application using Cerbos. Create roles and permissions for different users and ensure secure access control. Integration with Cerbos provides greater security, scalability, easy compliance, and flexibility for your Node.js app.
Cerbos·2yGuide to Web3 authorization & authentication
The shift to Web3 involves decentralization and user-centric controls powered by the blockchain. Web3 authentication leverages blockchain technology for secure and user-centric access to DApps. Web3 authorization determines user access through smart contracts and eliminates the need for centralized control. Challenges include scalability, user experience, and private key management.
Cloudflare·2yProtecting APIs with JWT Validation
Cloudflare customers can now protect their APIs from broken authentication attacks by validating incoming JSON Web Tokens (JWTs) with API Gateway's JWT Validation. The release addresses feature requests for supporting the Bearer token format, creating multiple JWKS configs, validating JWTs sent in cookies, and excluding managed endpoints in a JWT validation rule. Broken authentication is a major threat in API security, and JWT validation helps enforce a positive security model for authenticated API users. JWTs provide short-lived sessions and enhanced security compared to other authentication methods. API attacks like missing or broken authentication, expired token reuse, and Broken Function Level Authorization attacks can be prevented with proper authentication and authorization. API Gateway's JWT Validation checks JWT signatures, expiration times, and the presence of authentication tokens to protect against these attacks. Cloudflare Access and custom Cloudflare Workers are other options for JWT validation, but API Gateway provides an easier and more manageable experience. Future releases will expand the capabilities of API Gateway, including generating and enforcing authorization policies and enhancing API management with Cloudflare.
Cerbos·2yFrom the ground up podcast: Reshaping the landscape of DevOps through innovative authorization solutions
Cerbos is a company that empowers developers to implement and manage fine-grained access control in software applications. They provide a solution that simplifies the implementation of roles and permissions, allowing developers to focus on their core products. Cerbos aims to solve the problem of having to build complex authorization layers from scratch, saving developers time and effort.
freeCodeCamp·2yHow to Implement Relationship Based Access Control (ReBAC)
ReBAC is a fresh take on authorization that focuses on the relationships between entities. It uses policies represented as graphs to visualize access control. ReBAC differs from other control models by deriving permissions from existing relationships. It offers advantages such as granular and contextual control, efficient management of hierarchies, and scalability and adaptability.